use pki_types::{AlgorithmIdentifier, SignatureVerificationAlgorithm};
use rustls::crypto::{SignatureScheme, WebPkiSupportedAlgorithms};
use crate::sm2::{der::sig_from_der, verify_message, DEFAULT_ID};
pub static SUPPORTED_SM2_ALGS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms {
all: &[&SM2_SM3_ALG],
mapping: &[(SignatureScheme::SM2_SM3, &[&SM2_SM3_ALG])],
};
static SM2_SM3_ALG: Sm2Sm3Algorithm = Sm2Sm3Algorithm;
#[derive(Debug)]
struct Sm2Sm3Algorithm;
const SM2SM3_OID: &[u8] = &[
0x30, 0x0a, 0x06, 0x08, 0x2a, 0x81, 0x1c, 0xcf, 0x55, 0x01, 0x83, 0x75, ];
impl SignatureVerificationAlgorithm for Sm2Sm3Algorithm {
fn public_key_alg_id(&self) -> AlgorithmIdentifier {
AlgorithmIdentifier::from_slice(&[
0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x81, 0x1c, 0xcf, 0x55, 0x01, 0x82, 0x2d,
])
}
fn signature_alg_id(&self) -> AlgorithmIdentifier {
AlgorithmIdentifier::from_slice(SM2SM3_OID)
}
fn verify_signature(
&self,
public_key: &[u8],
message: &[u8],
signature: &[u8],
) -> Result<(), pki_types::InvalidSignature> {
let pub_key_arr: &[u8; 65] = public_key
.try_into()
.map_err(|_| pki_types::InvalidSignature)?;
let sig_raw = sig_from_der(signature).map_err(|_| pki_types::InvalidSignature)?;
verify_message(message, DEFAULT_ID, pub_key_arr, &sig_raw)
.map_err(|_| pki_types::InvalidSignature)
}
}