mirror/gmsm
1
0
Fork 0
mirror of https://github.com/emmansun/gmsm.git synced 2025-04-26 04:06:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

pkcs7: signed and enveloped data, test rsa

Browse Source
This commit is contained in:
Sun Yimin 2023-03-09 16:49:21 +08:00 committed by GitHub
parent 1b956e2db0
commit e7f1b45acf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 71 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkcs7/encrypt.go
View File

@ -224,5 +224,5 @@ func encryptKey(key []byte, recipient *smx509.Certificate) ([]byte, error) {
if pub, ok := recipient.PublicKey.(*ecdsa.PublicKey); ok && pub.Curve == sm2.P256() { if pub, ok := recipient.PublicKey.(*ecdsa.PublicKey); ok && pub.Curve == sm2.P256() {
return sm2.EncryptASN1(rand.Reader, pub, key) return sm2.EncryptASN1(rand.Reader, pub, key)
} }
return nil, ErrUnsupportedAlgorithm return nil, errors.New("pkcs7: only supports RSA/SM2 key")
} }

3
pkcs7/sign_enveloped.go
View File

@ -31,9 +31,6 @@ func (data signedEnvelopedData) GetRecipient(cert *smx509.Certificate) *recipien
return &recp return &recp
} }
} }
if len(data.RecipientInfos) == 1 {
return &data.RecipientInfos[0]
}
return nil return nil
} }

71
pkcs7/sign_enveloped_test.go
View File

@ -2,6 +2,7 @@ package pkcs7
import ( import (
"bytes" "bytes"
"crypto/ecdsa"
"encoding/pem" "encoding/pem"
"math/big" "math/big"
"testing" "testing"
@ -148,7 +149,7 @@ func TestParseSignedEvnvelopedData(t *testing.T) {
} }
} }
func TestCreateSignedEvnvelopedData(t *testing.T) { func TestCreateSignedEvnvelopedDataSM(t *testing.T) {
rootCert, err := createTestCertificateByIssuer("PKCS7 Test Root CA", nil, smx509.SM2WithSM3, true) rootCert, err := createTestCertificateByIssuer("PKCS7 Test Root CA", nil, smx509.SM2WithSM3, true)
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
@ -205,3 +206,71 @@ func TestCreateSignedEvnvelopedData(t *testing.T) {
} }
} }
} }
func TestCreateSignedEvnvelopedData(t *testing.T) {
rootCert, err := createTestCertificateByIssuer("PKCS7 Test Root CA", nil, smx509.ECDSAWithSHA256, true)
if err != nil {
t.Fatal(err)
}
recipient, err := createTestCertificateByIssuer("PKCS7 Test Recipient", rootCert, smx509.SHA256WithRSA, false)
if err != nil {
t.Fatal(err)
}
unsupportRecipient, err := createTestCertificateByIssuer("PKCS7 Test Unsupport Recipient", rootCert, smx509.ECDSAWithSHA256, false)
if err != nil {
t.Fatal(err)
}
encryptKey, err := createTestCertificateByIssuer("PKCS7 Test Encrypt Key", rootCert, smx509.ECDSAWithSHA256, false)
if err != nil {
t.Fatal(err)
}
privKey := make([]byte, 32)
ecdsaKey, ok := (*encryptKey.PrivateKey).(*ecdsa.PrivateKey)
if !ok {
t.Fatal("should be ecdsa private key")
}
ecdsaKey.D.FillBytes(privKey)
testCipers := []pkcs.Cipher{pkcs.AES256CBC, pkcs.AES256GCM}
for _, cipher := range testCipers {
saed, err := NewSignedAndEnvelopedData(privKey, cipher)
if err != nil {
t.Fatal(err)
}
saed.SetDigestAlgorithm(OIDDigestAlgorithmSHA256)
err = saed.AddSigner(rootCert.Certificate, *rootCert.PrivateKey)
if err != nil {
t.Fatal(err)
}
err = saed.AddRecipient(recipient.Certificate)
if err != nil {
t.Fatal(err)
}
if err = saed.AddRecipient(unsupportRecipient.Certificate); err.Error() != "pkcs7: only supports RSA/SM2 key" {
t.Fatal("not expected error message")
}
result, err := saed.Finish()
if err != nil {
t.Fatal(err)
}
// fmt.Printf("%x\n", result)
// parse, decrypt, verify
p7Data, err := Parse(result)
if err != nil {
t.Fatal(err)
}
encKeyBytes, err := p7Data.DecryptAndVerify(recipient.Certificate, *recipient.PrivateKey, func() error {
return p7Data.Verify()
})
if err != nil {
t.Fatal(err)
}
if !bytes.Equal(encKeyBytes, privKey) {
t.Fatal("not same private key")
}
}
}