mirror of
https://github.com/emmansun/gmsm.git
synced 2025-04-27 04:36:19 +08:00
pkcs7: de-support dsa
This commit is contained in:
Sun Yimin
GitHub
parent
b70f6bb374
commit
1b956e2db0
@ -3,7 +3,6 @@ package pkcs7
|
||||
import (
|
||||
"bytes"
|
||||
"crypto"
|
||||
"crypto/dsa"
|
||||
"crypto/rand"
|
||||
"crypto/x509/pkix"
|
||||
"encoding/asn1"
|
||||
@ -245,19 +244,6 @@ func (sd *SignedData) SignWithoutAttr(ee *smx509.Certificate, pkey crypto.Privat
|
||||
h := newHash(hasher, sd.digestOid)
|
||||
h.Write(sd.data)
|
||||
sd.messageDigest = h.Sum(nil)
|
||||
switch pkey := pkey.(type) {
|
||||
case *dsa.PrivateKey:
|
||||
// dsa doesn't implement crypto.Signer so we make a special case
|
||||
// https://github.com/golang/go/issues/27889
|
||||
r, s, err := dsa.Sign(rand.Reader, pkey, sd.messageDigest)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
signature, err = asn1.Marshal(dsaSignature{r, s})
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
default:
|
||||
key, ok := pkey.(crypto.Signer)
|
||||
if !ok {
|
||||
return errors.New("pkcs7: private key does not implement crypto.Signer")
|
||||
@ -266,7 +252,6 @@ func (sd *SignedData) SignWithoutAttr(ee *smx509.Certificate, pkey crypto.Privat
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
var ias issuerAndSerial
|
||||
ias.SerialNumber = ee.SerialNumber
|
||||
// no parent, the issue is the end-entity cert itself
|
||||
@ -404,17 +389,6 @@ func signAttributes(attrs []attribute, pkey crypto.PrivateKey, hasher crypto.Has
|
||||
h.Write(attrBytes)
|
||||
hash := h.Sum(nil)
|
||||
|
||||
// dsa doesn't implement crypto.Signer so we make a special case
|
||||
// https://github.com/golang/go/issues/27889
|
||||
switch pkey := pkey.(type) {
|
||||
case *dsa.PrivateKey:
|
||||
r, s, err := dsa.Sign(rand.Reader, pkey, hash)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return asn1.Marshal(dsaSignature{r, s})
|
||||
}
|
||||
|
||||
key, ok := pkey.(crypto.Signer)
|
||||
if !ok {
|
||||
return nil, errors.New("pkcs7: private key does not implement crypto.Signer")
|
||||
@ -422,10 +396,6 @@ func signAttributes(attrs []attribute, pkey crypto.PrivateKey, hasher crypto.Has
|
||||
return key.Sign(rand.Reader, hash, hasher)
|
||||
}
|
||||
|
||||
type dsaSignature struct {
|
||||
R, S *big.Int
|
||||
}
|
||||
|
||||
// concats and wraps the certificates in the RawValue structure
|
||||
func marshalCertificates(certs []*smx509.Certificate) rawCertificates {
|
||||
var buf bytes.Buffer
|
||||
|
||||
@ -2,7 +2,6 @@ package pkcs7
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto/dsa"
|
||||
"crypto/x509"
|
||||
"encoding/asn1"
|
||||
"encoding/pem"
|
||||
@ -109,72 +108,6 @@ func TestSignSM(t *testing.T) {
|
||||
testSign(t, true, content, sigalgs)
|
||||
}
|
||||
|
||||
func TestDSASignAndVerifyWithOpenSSL(t *testing.T) {
|
||||
content := []byte("Hello World")
|
||||
// write the content to a temp file
|
||||
tmpContentFile, err := ioutil.TempFile("", "TestDSASignAndVerifyWithOpenSSL_content")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
ioutil.WriteFile(tmpContentFile.Name(), content, 0755)
|
||||
|
||||
block, _ := pem.Decode([]byte(dsaPublicCert))
|
||||
if block == nil {
|
||||
t.Fatal("failed to parse certificate PEM")
|
||||
}
|
||||
signerCert, err := smx509.ParseCertificate(block.Bytes)
|
||||
if err != nil {
|
||||
t.Fatal("failed to parse certificate: " + err.Error())
|
||||
}
|
||||
|
||||
// write the signer cert to a temp file
|
||||
tmpSignerCertFile, err := ioutil.TempFile("", "TestDSASignAndVerifyWithOpenSSL_signer")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
ioutil.WriteFile(tmpSignerCertFile.Name(), dsaPublicCert, 0755)
|
||||
|
||||
priv := dsa.PrivateKey{
|
||||
PublicKey: dsa.PublicKey{Parameters: dsa.Parameters{P: fromHex("fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b6512669455d402251fb593d8d58fabfc5f5ba30f6cb9b556cd7813b801d346ff26660b76b9950a5a49f9fe8047b1022c24fbba9d7feb7c61bf83b57e7c6a8a6150f04fb83f6d3c51ec3023554135a169132f675f3ae2b61d72aeff22203199dd14801c7"),
|
||||
Q: fromHex("9760508F15230BCCB292B982A2EB840BF0581CF5"),
|
||||
G: fromHex("F7E1A085D69B3DDECBBCAB5C36B857B97994AFBBFA3AEA82F9574C0B3D0782675159578EBAD4594FE67107108180B449167123E84C281613B7CF09328CC8A6E13C167A8B547C8D28E0A3AE1E2BB3A675916EA37F0BFA213562F1FB627A01243BCCA4F1BEA8519089A883DFE15AE59F06928B665E807B552564014C3BFECF492A"),
|
||||
},
|
||||
},
|
||||
X: fromHex("7D6E1A3DD4019FD809669D8AB8DA73807CEF7EC1"),
|
||||
}
|
||||
toBeSigned, err := NewSignedData(content)
|
||||
if err != nil {
|
||||
t.Fatalf("test case: cannot initialize signed data: %s", err)
|
||||
}
|
||||
if err := toBeSigned.SignWithoutAttr(signerCert, &priv, SignerInfoConfig{}); err != nil {
|
||||
t.Fatalf("Cannot add signer: %s", err)
|
||||
}
|
||||
toBeSigned.Detach()
|
||||
signed, err := toBeSigned.Finish()
|
||||
if err != nil {
|
||||
t.Fatalf("test case: cannot finish signing data: %s", err)
|
||||
}
|
||||
|
||||
// write the signature to a temp file
|
||||
tmpSignatureFile, err := ioutil.TempFile("", "TestDSASignAndVerifyWithOpenSSL_signature")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
ioutil.WriteFile(tmpSignatureFile.Name(), pem.EncodeToMemory(&pem.Block{Type: "PKCS7", Bytes: signed}), 0755)
|
||||
|
||||
// call openssl to verify the signature on the content using the root
|
||||
opensslCMD := exec.Command("openssl", "smime", "-verify", "-noverify",
|
||||
"-in", tmpSignatureFile.Name(), "-inform", "PEM",
|
||||
"-content", tmpContentFile.Name())
|
||||
out, err := opensslCMD.CombinedOutput()
|
||||
if err != nil {
|
||||
t.Fatalf("test case: openssl command failed with %s: %s", err, out)
|
||||
}
|
||||
os.Remove(tmpSignatureFile.Name()) // clean up
|
||||
os.Remove(tmpContentFile.Name()) // clean up
|
||||
os.Remove(tmpSignerCertFile.Name()) // clean up
|
||||
}
|
||||
|
||||
func ExampleSignedData() {
|
||||
// generate a signing cert or load a key pair
|
||||
cert, err := createTestCertificate(x509.SHA256WithRSA)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user