mirror/gmsm
1
0
Fork 0
mirror of https://github.com/emmansun/gmsm.git synced 2025-04-26 12:16:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

pkcs7: improve test coverage

Browse Source
This commit is contained in:
Sun Yimin 2023-03-16 10:18:19 +08:00 committed by GitHub
parent c1289f7224
commit adec7ac7e2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 88 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
pkcs7/verify.go
View File

@ -156,13 +156,9 @@ func parseSignedData(data []byte) (*PKCS7, error) {
} }
} }
// Compound octet string // Compound octet string
if compound.IsCompound { if compound.IsCompound && compound.Tag == 4 {
if compound.Tag == 4 { if _, err = asn1.Unmarshal(compound.Bytes, &content); err != nil {
if _, err = asn1.Unmarshal(compound.Bytes, &content); err != nil { return nil, err
return nil, err
}
} else {
content = compound.Bytes
} }
} else { } else {
// assuming this is tag 04 // assuming this is tag 04

89
pkcs7/verify_test.go
View File

@ -5,6 +5,8 @@ import (
"crypto/ecdsa" "crypto/ecdsa"
"crypto/rsa" "crypto/rsa"
"crypto/x509" "crypto/x509"
"crypto/x509/pkix"
"encoding/asn1"
"encoding/base64" "encoding/base64"
"encoding/pem" "encoding/pem"
"io/ioutil" "io/ioutil"
@ -254,16 +256,12 @@ func TestVerifyFirefoxAddon(t *testing.T) {
t.Errorf("Verify failed with error: %v", err) t.Errorf("Verify failed with error: %v", err)
} }
// fake content
p7.Content = []byte("bad content") p7.Content = []byte("bad content")
if err = p7.VerifyWithChain(certPool); err == nil { if err = p7.VerifyWithChain(certPool); err == nil {
t.Errorf("Verify with incorrect content did not error") t.Errorf("Verify with incorrect content did not error")
} }
p7.Content = FirefoxAddonContent p7.Content = FirefoxAddonContent
if p7.GetOnlySigner() == nil {
t.Errorf("no only signer")
}
// The chain has validity: // The chain has validity:
// //
// EE: 2016-08-17 20:04:58 +0000 UTC 2021-08-16 20:04:58 +0000 UTC // EE: 2016-08-17 20:04:58 +0000 UTC 2021-08-16 20:04:58 +0000 UTC
@ -607,3 +605,86 @@ but that's not what ships are built for.
} }
os.Remove(tmpContentFile.Name()) // clean up os.Remove(tmpContentFile.Name()) // clean up
} }
func TestGetSignatureAlgorithm(t *testing.T) {
validtests := []struct {
digestEncryption, digest asn1.ObjectIdentifier
expected x509.SignatureAlgorithm
}{
{
OIDDigestAlgorithmDSA,
OIDDigestAlgorithmSHA1,
x509.DSAWithSHA1,
},
{
OIDDigestAlgorithmDSA,
OIDDigestAlgorithmSHA256,
x509.DSAWithSHA256,
},
{
OIDEncryptionAlgorithmECDSAP256,
OIDDigestAlgorithmSHA1,
x509.ECDSAWithSHA1,
},
{
OIDEncryptionAlgorithmECDSAP256,
OIDDigestAlgorithmSHA256,
x509.ECDSAWithSHA256,
},
{
OIDEncryptionAlgorithmECDSAP256,
OIDDigestAlgorithmSHA384,
x509.ECDSAWithSHA384,
},
{
OIDEncryptionAlgorithmECDSAP256,
OIDDigestAlgorithmSHA512,
x509.ECDSAWithSHA512,
},
{
OIDEncryptionAlgorithmRSA,
OIDDigestAlgorithmSHA384,
x509.SHA384WithRSA,
},
{
OIDEncryptionAlgorithmRSA,
OIDDigestAlgorithmSHA512,
x509.SHA512WithRSA,
},
}
for _, test := range validtests {
s, err := getSignatureAlgorithm(pkix.AlgorithmIdentifier{Algorithm: test.digestEncryption}, pkix.AlgorithmIdentifier{Algorithm: test.digest})
if err != nil {
t.Errorf("should return valid signature algorithm")
}
if s != test.expected {
t.Errorf("expected %v, got %v", test.expected, s)
}
}
invalidtests := []struct {
digestEncryption, digest asn1.ObjectIdentifier
}{
{
OIDEncryptionAlgorithmRSASHA256,
OIDDigestAlgorithmSM3,
},
{
OIDDigestAlgorithmDSA,
OIDDigestAlgorithmSHA384,
},
{
OIDEncryptionAlgorithmECDSAP256,
OIDDigestAlgorithmSM3,
},
{
OIDDigestAlgorithmSM9SM3,
OIDDigestAlgorithmSHA384,
},
}
for _, test := range invalidtests {
_, err := getSignatureAlgorithm(pkix.AlgorithmIdentifier{Algorithm: test.digestEncryption}, pkix.AlgorithmIdentifier{Algorithm: test.digest})
if err == nil {
t.Errorf("should return error")
}
}
}