mirror/gmsm
1
0
Fork 0
mirror of https://github.com/emmansun/gmsm.git synced 2025-04-27 12:46:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

Alias x509 types

Browse Source
This commit is contained in:
徐胖 2022-01-20 18:07:21 +08:00
parent fc37929456
commit f3a1eab5fe
4 changed files with 39 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
smx509/parser.go
View File

@ -228,7 +228,7 @@ func parseExtension(der cryptobyte.String) (pkix.Extension, error) {
return ext, nil return ext, nil
} }
func parsePublicKey(algo x509.PublicKeyAlgorithm, keyData *publicKeyInfo) (interface{}, error) { func parsePublicKey(algo PublicKeyAlgorithm, keyData *publicKeyInfo) (interface{}, error) {
der := cryptobyte.String(keyData.PublicKey.RightAlign()) der := cryptobyte.String(keyData.PublicKey.RightAlign())
switch algo { switch algo {
case RSA: case RSA:
@ -321,7 +321,7 @@ func parsePublicKey(algo x509.PublicKeyAlgorithm, keyData *publicKeyInfo) (inter
} }
} }
func parseKeyUsageExtension(der cryptobyte.String) (x509.KeyUsage, error) { func parseKeyUsageExtension(der cryptobyte.String) (KeyUsage, error) {
var usageBits asn1.BitString var usageBits asn1.BitString
if !der.ReadASN1BitString(&usageBits) { if !der.ReadASN1BitString(&usageBits) {
return 0, errors.New("x509: invalid key usage") return 0, errors.New("x509: invalid key usage")
@ -333,7 +333,7 @@ func parseKeyUsageExtension(der cryptobyte.String) (x509.KeyUsage, error) {
usage |= 1 << uint(i) usage |= 1 << uint(i)
} }
} }
return x509.KeyUsage(usage), nil return KeyUsage(usage), nil
} }
func parseBasicConstraintsExtension(der cryptobyte.String) (bool, int, error) { func parseBasicConstraintsExtension(der cryptobyte.String) (bool, int, error) {

2
smx509/verify_test.go
View File

@ -1721,7 +1721,7 @@ func generateCert(cn string, isCA bool, issuer *x509.Certificate, issuerKey cryp
NotBefore: time.Now().Add(-1 * time.Hour), NotBefore: time.Now().Add(-1 * time.Hour),
NotAfter: time.Now().Add(24 * time.Hour), NotAfter: time.Now().Add(24 * time.Hour),
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, KeyUsage: KeyUsageKeyEncipherment | KeyUsageDigitalSignature | KeyUsageCertSign,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
BasicConstraintsValid: true, BasicConstraintsValid: true,
IsCA: isCA, IsCA: isCA,

32
smx509/x509.go
View File

@ -246,7 +246,7 @@ var signatureAlgorithmDetails = []struct {
algo SignatureAlgorithm algo SignatureAlgorithm
name string name string
oid asn1.ObjectIdentifier oid asn1.ObjectIdentifier
pubKeyAlgo x509.PublicKeyAlgorithm pubKeyAlgo PublicKeyAlgorithm
hash crypto.Hash hash crypto.Hash
}{ }{
{MD2WithRSA, "MD2-RSA", oidSignatureMD2WithRSA, RSA, crypto.Hash(0) /* no value for MD2 */}, {MD2WithRSA, "MD2-RSA", oidSignatureMD2WithRSA, RSA, crypto.Hash(0) /* no value for MD2 */},
@ -371,7 +371,7 @@ var (
oidPublicKeyEd25519 = asn1.ObjectIdentifier{1, 3, 101, 112} oidPublicKeyEd25519 = asn1.ObjectIdentifier{1, 3, 101, 112}
) )
func getPublicKeyAlgorithmFromOID(oid asn1.ObjectIdentifier) x509.PublicKeyAlgorithm { func getPublicKeyAlgorithmFromOID(oid asn1.ObjectIdentifier) PublicKeyAlgorithm {
switch { switch {
case oid.Equal(oidPublicKeyRSA): case oid.Equal(oidPublicKeyRSA):
return RSA return RSA
@ -456,6 +456,22 @@ func namedCurveFromOID(oid asn1.ObjectIdentifier) elliptic.Curve {
return nil return nil
} }
// KeyUsage represents the set of actions that are valid for a given key. It's
// a bitmap of the KeyUsage* constants.
type KeyUsage = x509.KeyUsage
const (
KeyUsageDigitalSignature = x509.KeyUsageDigitalSignature
KeyUsageContentCommitment = x509.KeyUsageContentCommitment
KeyUsageKeyEncipherment = x509.KeyUsageKeyEncipherment
KeyUsageDataEncipherment = x509.KeyUsageDataEncipherment
KeyUsageKeyAgreement = x509.KeyUsageKeyAgreement
KeyUsageCertSign = x509.KeyUsageCertSign
KeyUsageCRLSign = x509.KeyUsageCRLSign
KeyUsageEncipherOnly = x509.KeyUsageEncipherOnly
KeyUsageDecipherOnly = x509.KeyUsageDecipherOnly
)
// RFC 5280, 4.2.1.12 Extended Key Usage // RFC 5280, 4.2.1.12 Extended Key Usage
// //
// anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } // anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 }
@ -553,7 +569,7 @@ func (c *Certificate) CheckSignatureFrom(parent *Certificate) error {
return x509.ConstraintViolationError{} return x509.ConstraintViolationError{}
} }
if parent.KeyUsage != 0 && parent.KeyUsage&x509.KeyUsageCertSign == 0 { if parent.KeyUsage != 0 && parent.KeyUsage&KeyUsageCertSign == 0 {
return x509.ConstraintViolationError{} return x509.ConstraintViolationError{}
} }
@ -585,7 +601,7 @@ func (c *Certificate) getSANExtension() []byte {
return nil return nil
} }
func signaturePublicKeyAlgoMismatchError(expectedPubKeyAlgo x509.PublicKeyAlgorithm, pubKey interface{}) error { func signaturePublicKeyAlgoMismatchError(expectedPubKeyAlgo PublicKeyAlgorithm, pubKey interface{}) error {
return fmt.Errorf("x509: signature algorithm specifies an %s public key, but have public key of type %T", expectedPubKeyAlgo.String(), pubKey) return fmt.Errorf("x509: signature algorithm specifies an %s public key, but have public key of type %T", expectedPubKeyAlgo.String(), pubKey)
} }
@ -609,7 +625,7 @@ func verifyECDSAASN1(pub *ecdsa.PublicKey, hash, sig []byte) bool {
// a crypto.PublicKey. // a crypto.PublicKey.
func checkSignature(algo SignatureAlgorithm, signed, signature []byte, publicKey crypto.PublicKey) (err error) { func checkSignature(algo SignatureAlgorithm, signed, signature []byte, publicKey crypto.PublicKey) (err error) {
var hashType crypto.Hash var hashType crypto.Hash
var pubKeyAlgo x509.PublicKeyAlgorithm var pubKeyAlgo PublicKeyAlgorithm
isSM2 := (algo == SM2WithSM3) isSM2 := (algo == SM2WithSM3)
for _, details := range signatureAlgorithmDetails { for _, details := range signatureAlgorithmDetails {
@ -1034,7 +1050,7 @@ func buildCertExtensions(template *x509.Certificate, subjectIsEmpty bool, author
return append(ret[:n], template.ExtraExtensions...), nil return append(ret[:n], template.ExtraExtensions...), nil
} }
func marshalKeyUsage(ku x509.KeyUsage) (pkix.Extension, error) { func marshalKeyUsage(ku KeyUsage) (pkix.Extension, error) {
ext := pkix.Extension{Id: oidExtensionKeyUsage, Critical: true} ext := pkix.Extension{Id: oidExtensionKeyUsage, Critical: true}
var a [2]byte var a [2]byte
@ -1138,7 +1154,7 @@ func subjectBytes(cert *x509.Certificate) ([]byte, error) {
// priv. If requestedSigAlgo is not zero then it overrides the default // priv. If requestedSigAlgo is not zero then it overrides the default
// signature algorithm. // signature algorithm.
func signingParamsForPublicKey(pub interface{}, requestedSigAlgo SignatureAlgorithm) (hashFunc crypto.Hash, sigAlgo pkix.AlgorithmIdentifier, err error) { func signingParamsForPublicKey(pub interface{}, requestedSigAlgo SignatureAlgorithm) (hashFunc crypto.Hash, sigAlgo pkix.AlgorithmIdentifier, err error) {
var pubType x509.PublicKeyAlgorithm var pubType PublicKeyAlgorithm
switch pub := pub.(type) { switch pub := pub.(type) {
case *rsa.PublicKey: case *rsa.PublicKey:
@ -1843,7 +1859,7 @@ func CreateRevocationList(rand io.Reader, template *x509.RevocationList, issuer
if issuer == nil { if issuer == nil {
return nil, errors.New("x509: issuer can not be nil") return nil, errors.New("x509: issuer can not be nil")
} }
if (issuer.KeyUsage & x509.KeyUsageCRLSign) == 0 { if (issuer.KeyUsage & KeyUsageCRLSign) == 0 {
return nil, errors.New("x509: issuer must have the crlSign key usage bit set") return nil, errors.New("x509: issuer must have the crlSign key usage bit set")
} }
if len(issuer.SubjectKeyId) == 0 { if len(issuer.SubjectKeyId) == 0 {

22
smx509/x509_test.go
View File

@ -497,7 +497,7 @@ func TestCreateSelfSignedCertificate(t *testing.T) {
SignatureAlgorithm: test.sigAlgo, SignatureAlgorithm: test.sigAlgo,
SubjectKeyId: []byte{1, 2, 3, 4}, SubjectKeyId: []byte{1, 2, 3, 4},
KeyUsage: x509.KeyUsageCertSign, KeyUsage: KeyUsageCertSign,
ExtKeyUsage: testExtKeyUsage, ExtKeyUsage: testExtKeyUsage,
UnknownExtKeyUsage: testUnknownExtKeyUsage, UnknownExtKeyUsage: testUnknownExtKeyUsage,
@ -1181,7 +1181,7 @@ func TestCreateRevocationList(t *testing.T) {
name: "issuer doesn't have crlSign key usage bit set", name: "issuer doesn't have crlSign key usage bit set",
key: sm2Priv, key: sm2Priv,
issuer: &x509.Certificate{ issuer: &x509.Certificate{
KeyUsage: x509.KeyUsageCertSign, KeyUsage: KeyUsageCertSign,
}, },
template: &x509.RevocationList{}, template: &x509.RevocationList{},
expectedError: "x509: issuer must have the crlSign key usage bit set", expectedError: "x509: issuer must have the crlSign key usage bit set",
@ -1190,7 +1190,7 @@ func TestCreateRevocationList(t *testing.T) {
name: "issuer missing SubjectKeyId", name: "issuer missing SubjectKeyId",
key: sm2Priv, key: sm2Priv,
issuer: &x509.Certificate{ issuer: &x509.Certificate{
KeyUsage: x509.KeyUsageCRLSign, KeyUsage: KeyUsageCRLSign,
}, },
template: &x509.RevocationList{}, template: &x509.RevocationList{},
expectedError: "x509: issuer certificate doesn't contain a subject key identifier", expectedError: "x509: issuer certificate doesn't contain a subject key identifier",
@ -1199,7 +1199,7 @@ func TestCreateRevocationList(t *testing.T) {
name: "nextUpdate before thisUpdate", name: "nextUpdate before thisUpdate",
key: sm2Priv, key: sm2Priv,
issuer: &x509.Certificate{ issuer: &x509.Certificate{
KeyUsage: x509.KeyUsageCRLSign, KeyUsage: KeyUsageCRLSign,
Subject: pkix.Name{ Subject: pkix.Name{
CommonName: "testing", CommonName: "testing",
}, },
@ -1215,7 +1215,7 @@ func TestCreateRevocationList(t *testing.T) {
name: "nil Number", name: "nil Number",
key: sm2Priv, key: sm2Priv,
issuer: &x509.Certificate{ issuer: &x509.Certificate{
KeyUsage: x509.KeyUsageCRLSign, KeyUsage: KeyUsageCRLSign,
Subject: pkix.Name{ Subject: pkix.Name{
CommonName: "testing", CommonName: "testing",
}, },
@ -1231,7 +1231,7 @@ func TestCreateRevocationList(t *testing.T) {
name: "invalid signature algorithm", name: "invalid signature algorithm",
key: sm2Priv, key: sm2Priv,
issuer: &x509.Certificate{ issuer: &x509.Certificate{
KeyUsage: x509.KeyUsageCRLSign, KeyUsage: KeyUsageCRLSign,
Subject: pkix.Name{ Subject: pkix.Name{
CommonName: "testing", CommonName: "testing",
}, },
@ -1255,7 +1255,7 @@ func TestCreateRevocationList(t *testing.T) {
name: "valid", name: "valid",
key: sm2Priv, key: sm2Priv,
issuer: &x509.Certificate{ issuer: &x509.Certificate{
KeyUsage: x509.KeyUsageCRLSign, KeyUsage: KeyUsageCRLSign,
Subject: pkix.Name{ Subject: pkix.Name{
CommonName: "testing", CommonName: "testing",
}, },
@ -1277,7 +1277,7 @@ func TestCreateRevocationList(t *testing.T) {
name: "valid, Ed25519 key", name: "valid, Ed25519 key",
key: ed25519Priv, key: ed25519Priv,
issuer: &x509.Certificate{ issuer: &x509.Certificate{
KeyUsage: x509.KeyUsageCRLSign, KeyUsage: KeyUsageCRLSign,
Subject: pkix.Name{ Subject: pkix.Name{
CommonName: "testing", CommonName: "testing",
}, },
@ -1299,7 +1299,7 @@ func TestCreateRevocationList(t *testing.T) {
name: "valid, non-default signature algorithm", name: "valid, non-default signature algorithm",
key: sm2Priv, key: sm2Priv,
issuer: &x509.Certificate{ issuer: &x509.Certificate{
KeyUsage: x509.KeyUsageCRLSign, KeyUsage: KeyUsageCRLSign,
Subject: pkix.Name{ Subject: pkix.Name{
CommonName: "testing", CommonName: "testing",
}, },
@ -1322,7 +1322,7 @@ func TestCreateRevocationList(t *testing.T) {
name: "valid, extra extension", name: "valid, extra extension",
key: sm2Priv, key: sm2Priv,
issuer: &x509.Certificate{ issuer: &x509.Certificate{
KeyUsage: x509.KeyUsageCRLSign, KeyUsage: KeyUsageCRLSign,
Subject: pkix.Name{ Subject: pkix.Name{
CommonName: "testing", CommonName: "testing",
}, },
@ -1350,7 +1350,7 @@ func TestCreateRevocationList(t *testing.T) {
name: "valid, empty list", name: "valid, empty list",
key: sm2Priv, key: sm2Priv,
issuer: &x509.Certificate{ issuer: &x509.Certificate{
KeyUsage: x509.KeyUsageCRLSign, KeyUsage: KeyUsageCRLSign,
Subject: pkix.Name{ Subject: pkix.Name{
CommonName: "testing", CommonName: "testing",
}, },