mirror of
https://github.com/emmansun/gmsm.git
synced 2025-04-22 02:06:18 +08:00
84 lines
2.9 KiB
Go
84 lines
2.9 KiB
Go
// Copyright 2024 Sun Yimin. All rights reserved.
|
|
// Use of this source code is governed by a MIT-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package cfca
|
|
|
|
import (
|
|
"crypto"
|
|
|
|
"github.com/emmansun/gmsm/pkcs7"
|
|
"github.com/emmansun/gmsm/smx509"
|
|
)
|
|
|
|
func signMessage(data []byte, cert *smx509.Certificate, key crypto.PrivateKey, detached bool) ([]byte, error) {
|
|
signData, _ := pkcs7.NewSMSignedData(data)
|
|
if err := signData.SignWithoutAttr(cert, key, pkcs7.SignerInfoConfig{}); err != nil {
|
|
return nil, err
|
|
}
|
|
if detached {
|
|
signData.Detach()
|
|
}
|
|
return signData.Finish()
|
|
}
|
|
|
|
// SignMessageAttach signs the data with the certificate and private key, returns the signed data in PKCS7 (DER) format.
|
|
// This method corresponds to CFCA SADK's cfca.sadk.util.p7SignMessageAttach.
|
|
func SignMessageAttach(data []byte, cert *smx509.Certificate, key crypto.PrivateKey) ([]byte, error) {
|
|
return signMessage(data, cert, key, false)
|
|
}
|
|
|
|
// VerifyMessageAttach verifies the signed data in PKCS7 (DER) format.
|
|
// This method corresponds to CFCA SADK's cfca.sadk.util.p7VerifyMessageAttach.
|
|
// If verification fails, an error is returned. otherwise, nil is returned.
|
|
func VerifyMessageAttach(p7Der []byte) error {
|
|
p7, err := pkcs7.Parse(p7Der)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return p7.Verify()
|
|
}
|
|
|
|
// SignMessageDetach signs the data with the certificate and private key, returns the signed data in PKCS7 (DER) format.
|
|
// This method corresponds to CFCA SADK's cfca.sadk.util.p7SignMessageDetach.
|
|
func SignMessageDetach(data []byte, cert *smx509.Certificate, key crypto.PrivateKey) ([]byte, error) {
|
|
return signMessage(data, cert, key, true)
|
|
}
|
|
|
|
// VerifyMessageDetach verifies the signed data in PKCS7 (DER) format with the given source data.
|
|
// This method corresponds to CFCA SADK's cfca.sadk.util.p7VerifyMessageDetach.
|
|
// If verification fails, an error is returned. otherwise, nil is returned.
|
|
func VerifyMessageDetach(p7Der, sourceData []byte) error {
|
|
p7, err := pkcs7.Parse(p7Der)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
p7.Content = sourceData
|
|
return p7.Verify()
|
|
}
|
|
|
|
// SignDigestDetach signs a given digest using the provided certificate and private key,
|
|
// and returns the detached PKCS7 signature.
|
|
//
|
|
// This method corresponds to CFCA SADK's cfca.sadk.util.p7SignByHash.
|
|
func SignDigestDetach(digest []byte, cert *smx509.Certificate, key crypto.PrivateKey) ([]byte, error) {
|
|
signData, _ := pkcs7.NewSMSignedDataWithDigest(digest)
|
|
if err := signData.SignWithoutAttr(cert, key, pkcs7.SignerInfoConfig{}); err != nil {
|
|
return nil, err
|
|
}
|
|
return signData.Finish()
|
|
}
|
|
|
|
// VerifyDigestDetach verifies a detached PKCS7 signature against a given digest.
|
|
// It parses the p7Der, assigns the provided digest to the parsed PKCS7 content, and then verifies it.
|
|
//
|
|
// This method corresponds to CFCA SADK's cfca.sadk.util.p7VerifyByHash.
|
|
func VerifyDigestDetach(p7Der, digest []byte) error {
|
|
p7, err := pkcs7.Parse(p7Der)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
p7.Content = digest
|
|
return p7.VerifyAsDigest()
|
|
}
|