mirror/gmsm
1
0
Fork 0
mirror of https://github.com/emmansun/gmsm.git synced 2025-04-26 04:06:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

pkcs7: SignWithoutAttr supports skip certificates #254

Browse Source
This commit is contained in:
Sun Yimin 2024-10-07 15:02:49 +08:00 committed by GitHub
parent c8a803369a
commit 19bd29a207
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 40 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkcs7/sign.go
View File

@ -272,7 +272,9 @@ func (sd *SignedData) SignWithoutAttr(ee *smx509.Certificate, pkey crypto.Privat
Version: 1, Version: 1,
} }
// create signature of signed attributes // create signature of signed attributes
sd.certs = append(sd.certs, ee) if !config.SkipCertificates {
sd.certs = append(sd.certs, ee)
}
sd.sd.SignerInfos = append(sd.sd.SignerInfos, signer) sd.sd.SignerInfos = append(sd.sd.SignerInfos, signer)
return nil return nil
} }

47
pkcs7/sign_test.go
View File

@ -272,16 +272,29 @@ func testOpenSSLParse(t *testing.T, certBytes []byte) {
func TestSignWithoutAttr(t *testing.T) { func TestSignWithoutAttr(t *testing.T) {
content := []byte("Hello World") content := []byte("Hello World")
sigalgs := []struct { sigalgs := []struct {
isSM bool isSM bool
sigAlg x509.SignatureAlgorithm sigAlg x509.SignatureAlgorithm
skipCert bool
}{ }{
{ {
false, false,
x509.SHA256WithRSA, x509.SHA256WithRSA,
false,
}, },
{ {
true, true,
smx509.SM2WithSM3, smx509.SM2WithSM3,
false,
},
{
false,
x509.SHA256WithRSA,
true,
},
{
true,
smx509.SM2WithSM3,
true,
}, },
} }
for _, sigalg := range sigalgs { for _, sigalg := range sigalgs {
@ -300,7 +313,7 @@ func TestSignWithoutAttr(t *testing.T) {
if err != nil { if err != nil {
t.Fatalf("Cannot initialize signed data: %s", err) t.Fatalf("Cannot initialize signed data: %s", err)
} }
if err := toBeSigned.SignWithoutAttr(cert.Certificate, *cert.PrivateKey, SignerInfoConfig{}); err != nil { if err := toBeSigned.SignWithoutAttr(cert.Certificate, *cert.PrivateKey, SignerInfoConfig{SkipCertificates: sigalg.skipCert}); err != nil {
t.Fatalf("Cannot add signer: %s", err) t.Fatalf("Cannot add signer: %s", err)
} }
signed, err := toBeSigned.Finish() signed, err := toBeSigned.Finish()
@ -311,13 +324,27 @@ func TestSignWithoutAttr(t *testing.T) {
if err != nil { if err != nil {
t.Fatalf("Cannot parse signed data: %v", err) t.Fatalf("Cannot parse signed data: %v", err)
} }
if len(p7.Certificates) == 0 { if !sigalg.skipCert {
t.Errorf("No certificates") if len(p7.Certificates) == 0 {
} t.Errorf("No certificates")
}
err = p7.Verify() err = p7.Verify()
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
}
} else {
if len(p7.Certificates) > 0 {
t.Errorf("No certificates expected")
}
err = p7.Verify()
if sigalg.skipCert && err.Error() != "pkcs7: No certificate for signer" {
t.Fatalf("Expected pkcs7: No certificate for signer")
}
p7.Certificates = append(p7.Certificates, cert.Certificate)
err = p7.Verify()
if err != nil {
t.Fatal(err)
}
} }
} }
} }