// Copyright 2024 Sun Yimin. All rights reserved. // Use of this source code is governed by a MIT-style // license that can be found in the LICENSE file. package cfca import ( "crypto" "github.com/emmansun/gmsm/pkcs7" "github.com/emmansun/gmsm/smx509" ) func signMessage(data []byte, cert *smx509.Certificate, key crypto.PrivateKey, detached bool) ([]byte, error) { signData, _ := pkcs7.NewSMSignedData(data) if err := signData.SignWithoutAttr(cert, key, pkcs7.SignerInfoConfig{}); err != nil { return nil, err } if detached { signData.Detach() } return signData.Finish() } // SignMessageAttach signs the data with the certificate and private key, returns the signed data in PKCS7 (DER) format. // This method corresponds to CFCA SADK's cfca.sadk.util.p7SignMessageAttach. func SignMessageAttach(data []byte, cert *smx509.Certificate, key crypto.PrivateKey) ([]byte, error) { return signMessage(data, cert, key, false) } // VerifyMessageAttach verifies the signed data in PKCS7 (DER) format. // This method corresponds to CFCA SADK's cfca.sadk.util.p7VerifyMessageAttach. // If verification fails, an error is returned. otherwise, nil is returned. func VerifyMessageAttach(p7Der []byte) error { p7, err := pkcs7.Parse(p7Der) if err != nil { return err } return p7.Verify() } // SignMessageDetach signs the data with the certificate and private key, returns the signed data in PKCS7 (DER) format. // This method corresponds to CFCA SADK's cfca.sadk.util.p7SignMessageDetach. func SignMessageDetach(data []byte, cert *smx509.Certificate, key crypto.PrivateKey) ([]byte, error) { return signMessage(data, cert, key, true) } // VerifyMessageDetach verifies the signed data in PKCS7 (DER) format with the given source data. // This method corresponds to CFCA SADK's cfca.sadk.util.p7VerifyMessageDetach. // If verification fails, an error is returned. otherwise, nil is returned. func VerifyMessageDetach(p7Der, sourceData []byte) error { p7, err := pkcs7.Parse(p7Der) if err != nil { return err } p7.Content = sourceData return p7.Verify() }