mirror/gmsm
1
0
Fork 0
mirror of https://github.com/emmansun/gmsm.git synced 2025-05-14 13:06:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

pkcs7: enable sign without attributes

Browse Source
This commit is contained in:
Sun Yimin 2023-03-28 08:41:01 +08:00 committed by GitHub
parent d814868a47
commit af86ca7b7b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 122 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkcs/cipher.go
View File

@ -36,7 +36,7 @@ func RegisterCipher(oid asn1.ObjectIdentifier, cipher func() Cipher) {
func GetCipher(alg pkix.AlgorithmIdentifier) (Cipher, error) { func GetCipher(alg pkix.AlgorithmIdentifier) (Cipher, error) {
oid := alg.Algorithm.String() oid := alg.Algorithm.String()
if oid == oidSM4.String() { if oid == oidSM4.String() {
if len(alg.Parameters.Bytes) != 0 { if len(alg.Parameters.Bytes) != 0 || len(alg.Parameters.FullBytes) != 0 {
return SM4CBC, nil return SM4CBC, nil
} else { } else {
return SM4ECB, nil return SM4ECB, nil

59
pkcs/cipher_test.go Normal file
View File

@ -0,0 +1,59 @@
package pkcs
import (
"crypto/x509/pkix"
"encoding/asn1"
"testing"
)
func TestGetCipher(t *testing.T) {
marshalledIV, err := asn1.Marshal([]byte("0123456789ABCDEF"))
if err != nil {
t.Fatal(err)
}
sm4Scheme := pkix.AlgorithmIdentifier{
Algorithm: oidSM4,
Parameters: asn1.RawValue{FullBytes: marshalledIV},
}
cipher, err := GetCipher(sm4Scheme)
if err != nil {
t.Fatal(err)
}
if !cipher.OID().Equal(oidSM4CBC) {
t.Errorf("not expected CBC")
}
_, err = GetCipher(pkix.AlgorithmIdentifier{Algorithm: asn1.ObjectIdentifier{1, 2, 156, 10197, 1, 401, 2}})
if err == nil || err.Error() != "pkcs: unsupported cipher (OID: 1.2.156.10197.1.401.2)" {
t.Fatal(err)
}
}
func TestInvalidKeyLen(t *testing.T) {
plaintext := []byte("Hello World")
invalidKey := []byte("123456")
_, _, err := SM4ECB.Encrypt(invalidKey, plaintext)
if err == nil {
t.Errorf("should be error")
}
_, err = SM4ECB.Decrypt(invalidKey, nil, nil)
if err == nil {
t.Errorf("should be error")
}
_, _, err = SM4CBC.Encrypt(invalidKey, plaintext)
if err == nil {
t.Errorf("should be error")
}
_, err = SM4CBC.Decrypt(invalidKey, nil, nil)
if err == nil {
t.Errorf("should be error")
}
_, _, err = SM4GCM.Encrypt(invalidKey, plaintext)
if err == nil {
t.Errorf("should be error")
}
_, err = SM4GCM.Decrypt(invalidKey, nil, nil)
if err == nil {
t.Errorf("should be error")
}
}

15
pkcs7/sign.go
View File

@ -222,7 +222,6 @@ func newHash(hasher crypto.Hash, hashOid asn1.ObjectIdentifier) hash.Hash {
return h return h
} }
/*
// SignWithoutAttr issues a signature on the content of the pkcs7 SignedData. // SignWithoutAttr issues a signature on the content of the pkcs7 SignedData.
// Unlike AddSigner/AddSignerChain, it calculates the digest on the data alone // Unlike AddSigner/AddSignerChain, it calculates the digest on the data alone
// and does not include any signed attributes like timestamp and so on. // and does not include any signed attributes like timestamp and so on.
@ -237,14 +236,19 @@ func (sd *SignedData) SignWithoutAttr(ee *smx509.Certificate, pkey crypto.Privat
if err != nil { if err != nil {
return err return err
} }
h := newHash(hasher, sd.digestOid)
h.Write(sd.data)
sd.messageDigest = h.Sum(nil)
key, ok := pkey.(crypto.Signer) key, ok := pkey.(crypto.Signer)
if !ok { if !ok {
return errors.New("pkcs7: private key does not implement crypto.Signer") return errors.New("pkcs7: private key does not implement crypto.Signer")
} }
signature, err = key.Sign(rand.Reader, sd.messageDigest, nil) _, isSM2 := pkey.(sm2.Signer)
if isSM2 {
signature, err = key.Sign(rand.Reader, sd.data, sm2.DefaultSM2SignerOpts)
} else {
h := newHash(hasher, sd.digestOid)
h.Write(sd.data)
sd.messageDigest = h.Sum(nil)
signature, err = key.Sign(rand.Reader, sd.messageDigest, hasher)
}
if err != nil { if err != nil {
return err return err
} }
@ -272,7 +276,6 @@ func (sd *SignedData) SignWithoutAttr(ee *smx509.Certificate, pkey crypto.Privat
sd.sd.SignerInfos = append(sd.sd.SignerInfos, signer) sd.sd.SignerInfos = append(sd.sd.SignerInfos, signer)
return nil return nil
} }
*/
func (si *signerInfo) SetUnauthenticatedAttributes(extraUnsignedAttrs []Attribute) error { func (si *signerInfo) SetUnauthenticatedAttributes(extraUnsignedAttrs []Attribute) error {
unsignedAttrs := &attributes{} unsignedAttrs := &attributes{}

53
pkcs7/sign_test.go
View File

@ -257,3 +257,56 @@ func testOpenSSLParse(t *testing.T, certBytes []byte) {
t.Fatal(err) t.Fatal(err)
} }
} }
func TestSignWithoutAttr(t *testing.T) {
content := []byte("Hello World")
sigalgs := []struct {
isSM bool
sigAlg x509.SignatureAlgorithm
}{
{
false,
x509.SHA256WithRSA,
},
{
true,
smx509.SM2WithSM3,
},
}
for _, sigalg := range sigalgs {
cert, err := createTestCertificate(sigalg.sigAlg)
if err != nil {
t.Fatal(err)
}
var toBeSigned *SignedData
if sigalg.isSM {
toBeSigned, err = NewSMSignedData(content)
} else {
toBeSigned, err = NewSignedData(content)
signerDigest, _ := getDigestOIDForSignatureAlgorithm(sigalg.sigAlg)
toBeSigned.SetDigestAlgorithm(signerDigest)
}
if err != nil {
t.Fatalf("Cannot initialize signed data: %s", err)
}
if err := toBeSigned.SignWithoutAttr(cert.Certificate, *cert.PrivateKey, SignerInfoConfig{}); err != nil {
t.Fatalf("Cannot add signer: %s", err)
}
signed, err := toBeSigned.Finish()
if err != nil {
t.Fatalf("Cannot finish signing data: %s", err)
}
p7, err := Parse(signed)
if err != nil {
t.Fatalf("Cannot parse signed data: %v", err)
}
if len(p7.Certificates) == 0 {
t.Errorf("No certificates")
}
err = p7.Verify()
if err != nil {
t.Fatal(err)
}
}
}