mirror/gmsm
1
0
Fork 0
mirror of https://github.com/emmansun/gmsm.git synced 2025-04-26 12:16:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

MAGIC - fix

Browse Source
This commit is contained in:
Emman 2021-06-28 15:34:53 +08:00
parent 9a011f124a
commit 0469562903
2 changed files with 25 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
smx509/x509.go
View File

@ -590,6 +590,22 @@ func signaturePublicKeyAlgoMismatchError(expectedPubKeyAlgo x509.PublicKeyAlgori
return fmt.Errorf("x509: signature algorithm specifies an %s public key, but have public key of type %T", expectedPubKeyAlgo.String(), pubKey)
}
func verifyECDSAASN1(pub *ecdsa.PublicKey, hash, sig []byte) bool {
var (
r, s = &big.Int{}, &big.Int{}
inner cryptobyte.String
)
input := cryptobyte.String(sig)
if !input.ReadASN1(&inner, cryptobyte_asn1.SEQUENCE) ||
!input.Empty() ||
!inner.ReadASN1Integer(r) ||
!inner.ReadASN1Integer(s) ||
!inner.Empty() {
return false
}
return ecdsa.Verify(pub, hash, r, s)
}
// checkSignature verifies that signature is a valid signature over signed from
// a crypto.PublicKey.
func checkSignature(algo x509.SignatureAlgorithm, signed, signature []byte, publicKey crypto.PublicKey) (err error) {
@ -634,9 +650,14 @@ func checkSignature(algo x509.SignatureAlgorithm, signed, signature []byte, publ
if pubKeyAlgo != x509.ECDSA {
return signaturePublicKeyAlgoMismatchError(pubKeyAlgo, pub)
}
if (!isSM2 && !ecdsa.VerifyASN1(pub, signed, signature)) || !sm2.VerifyASN1WithSM2(pub, nil, signed, signature) {
if isSM2 {
if !sm2.VerifyASN1WithSM2(pub, nil, signed, signature) {
return errors.New("x509: ECDSA verification failure")
}
} else if !verifyECDSAASN1(pub, signed, signature) {
return errors.New("x509: ECDSA verification failure")
}
return
case ed25519.PublicKey:
if pubKeyAlgo != x509.Ed25519 {
return signaturePublicKeyAlgoMismatchError(pubKeyAlgo, pub)
@ -2336,7 +2357,8 @@ func parseCertificateRequest(in *certificateRequest) (*CertificateRequest, error
RawSubjectPublicKeyInfo: in.TBSCSR.PublicKey.Raw,
RawSubject: in.TBSCSR.Subject.FullBytes,
Signature: in.SignatureValue.RightAlign(),
Signature: in.SignatureValue.RightAlign(),
SignatureAlgorithm: getSignatureAlgorithmFromAI(in.SignatureAlgorithm),
PublicKeyAlgorithm: getPublicKeyAlgorithmFromOID(in.TBSCSR.PublicKey.Algorithm.Algorithm),

3
smx509/x509_test.go
View File

@ -185,7 +185,6 @@ func parseAndCheckCsr(csrPem []byte) error {
if err != nil {
return err
}
fmt.Printf("%v\n", csr)
return csr.CheckSignature()
}
@ -217,7 +216,7 @@ func TestCreateCertificateRequest(t *testing.T) {
block := &pem.Block{Bytes: csrblock, Type: "CERTIFICATE REQUEST"}
pemContent := string(pem.EncodeToMemory(block))
fmt.Printf("%s\n", pemContent)
err = parseAndCheckCsr(csrblock)
err = parseAndCheckCsr([]byte(pemContent))
if err != nil {
t.Fatal(err)
}