From 58514b0041e43b9e54225dadc5fc20ed20362cde Mon Sep 17 00:00:00 2001
From: InfiniteLoopSpace <35842605+InfiniteLoopSpace@users.noreply.github.com>
Date: Tue, 20 Nov 2018 15:03:05 +0100
Subject: [PATCH] Added README; additional tests and fixes for them.
---
README.md | 65 ++++++++++++
asn1/asn1.go | 26 ++++-
cms/protocol/signeddata.go | 13 ++-
smime/smime_test.go | 205 ++++++++++++++++++++++++++++++++++++-
4 files changed, 303 insertions(+), 6 deletions(-)
create mode 100644 README.md
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..b55bc8a
--- /dev/null
+++ b/README.md
@@ -0,0 +1,65 @@
+# S/MIME
+
+This is a partial implementation of S/MIME 4.0 in golang.
+
+It consists of the following packages
+
+- asn1[1] - ASN.1 marshalling and unmarshalling [](https://godoc.org/github.com/InfiniteLoopSpace/go_S-MIME/asn1)
+- b64 - Pretty base64 encoding for S/MIME (basically just the PEM body) [](https://godoc.org/github.com/InfiniteLoopSpace/go_S-MIME/b64)
+- cms(cms/protocol)[2] - Cryptographic Message Syntax [rfc5652](https://tools.ietf.org/html/rfc5652)[](https://godoc.org/github.com/InfiniteLoopSpace/go_S-MIME/cms) [](https://godoc.org/github.com/InfiniteLoopSpace/go_S-MIME/cms/protocol)
+- mime - Parsing for mime/multipart messages needed for S/MIME [](https://godoc.org/github.com/InfiniteLoopSpace/go_S-MIME/mime)
+- oid[3] - ASN.1 object identifiers and related crypto [](https://godoc.org/github.com/InfiniteLoopSpace/go_S-MIME/oid)
+- openssl - Shelled-out openssl for testing [](https://godoc.org/github.com/InfiniteLoopSpace/go_S-MIME/openssl)
+- pki[4] - Creates x.509 pki for testing [](https://godoc.org/github.com/InfiniteLoopSpace/go_S-MIME/pki)
+- smime Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 [rfc5751-bis-12](https://tools.ietf.org/html/draft-ietf-lamps-rfc5751-bis-12) [](https://godoc.org/github.com/InfiniteLoopSpace/go_S-MIME/smime)
+- timestamp[5] - Time-Stamp Protocol (TSP) [rfc3161](https://tools.ietf.org/html/rfc3161) [](https://godoc.org/github.com/InfiniteLoopSpace/go_S-MIME/timestamp)
+
+It supports enveloped data with AES in CBC mode. Decryption also works with (3)DES. Authenticated-Enveloped-Data Content Type is also supported with AES-GCM and ChaCha20-Poly1305.
+
+This is covered in
+- Cryptographic Message Syntax (CMS) Authenticated-Enveloped-Data Content Type [rfc5083](https://tools.ietf.org/html/rfc5083)
+- Using ChaCha20-Poly1305 Authenticated Encryption in the Cryptographic Message Syntax (CMS) [rfc8103](https://tools.ietf.org/html/rfc8103)
+- Using AES-CCM and AES-GCM Authenticated Encryption in the Cryptographic Message Syntax (CMS) [rfc5084](https://tools.ietf.org/html/rfc 5084)
+
+## Examples
+
+### Encryption and decryption
+```go
+import "github.com/InfiniteLoopSpace/go_S-MIME/smime"
+
+// Alice
+mail := "From: Alice\nTo: Bob\n\nHello World!"
+SMIME, _ := smime.New()
+ciphertext, _ := SMIME.Encrypt([]byte(mail), []*x509.Certificate{Bobcert})
+// Bob
+BobkeyPair, _ := tls.LoadX509KeyPair("BobCert", "BobKey")
+SMIME, _ := smime.New(BobkeyPair)
+plaintext, _ := SMIME.Decrypt(ciphertext)
+```
+
+### Signing and verfication
+```go
+import "github.com/InfiniteLoopSpace/go_S-MIME/smime"
+
+// Alice
+AlicekeyPair, _ := tls.LoadX509KeyPair("AliceCert", "AliceKey")
+mail := "From: Alice\nTo: Bob\n\nHello World!"
+SMIME, _ := smime.New(AlicekeyPair)
+signedMsg, _ := SMIME.Sign([]byte(mail), []*x509.Certificate{Bobcert})
+// Bob
+SMIME, _ := smime.New()
+plaintext, _ := SMIME.Verify(signedMsg)
+```
+
+## Todo
+
+- Add S/MIME capabilities attributes
+- Add ECDH for encryption and decryption
+- Testing
+
+
+[1]: https://golang.org/pkg/encoding/asn1/
+[2]: https://github.com/mastahyeti/cms
+[3]: https://github.com/mastahyeti/cms
+[4]: https://github.com/mastahyeti/fakeca
+[5]: https://github.com/mastahyeti/cms
diff --git a/asn1/asn1.go b/asn1/asn1.go
index 105a7f7..7059e02 100644
--- a/asn1/asn1.go
+++ b/asn1/asn1.go
@@ -535,7 +535,7 @@ func parseTagAndLength(bytes []byte, initOffset int) (ret tagAndLength, offset i
// Bottom 7 bits give the number of length bytes to follow.
numBytes := int(b & 0x7f)
if numBytes == 0 {
- if ret.isCompound {
+ if ret.isCompound && ret.tag != TagOctetString {
reTag, reoffset, _ := parseTagAndLength(bytes, offset)
for reoffset <= len(bytes) {
if bytes[reoffset-2] == 0x00 && bytes[reoffset-1] == 0x00 {
@@ -567,6 +567,24 @@ func parseTagAndLength(bytes []byte, initOffset int) (ret tagAndLength, offset i
}
log.Println("indefinite length found (not DER)")
}
+ if ret.isCompound && ret.tag == TagOctetString {
+ reTag, reoffset, _ := parseTagAndLength(bytes, offset)
+ for reoffset <= len(bytes) {
+ if bytes[reoffset-2] == 0x00 && bytes[reoffset-1] == 0x00 {
+ //delete indefinite termination
+
+ ret.length = reoffset - offset
+
+ return
+ }
+ if len(bytes) <= reoffset+reTag.length {
+ err = asn1.StructuralError{"indefinete lenght: length too large"}
+ return
+ }
+ reTag, reoffset, _ = parseTagAndLength(bytes, reoffset+reTag.length)
+ }
+ log.Println("indefinite length found (not DER)")
+ }
err = asn1.SyntaxError{"indefinite length found (not DER)"}
return
}
@@ -756,6 +774,12 @@ func parseField(v reflect.Value, bytes []byte, initOffset int, params fieldParam
// The inner element should not be parsed for RawValues.
} else if t.length > 0 {
t, offset, err = parseTagAndLength(bytes, offset)
+ if t.isCompound && t.tag == TagOctetString {
+ t, offset, err = parseTagAndLength(bytes, offset)
+ if t.tag == TagOctetString {
+ v.Set(reflect.ValueOf(bytes[offset : offset+t.length]))
+ }
+ }
if err != nil {
return
}
diff --git a/cms/protocol/signeddata.go b/cms/protocol/signeddata.go
index 4481372..a8d618b 100644
--- a/cms/protocol/signeddata.go
+++ b/cms/protocol/signeddata.go
@@ -333,10 +333,17 @@ func (sd *SignedData) Verify(Opts x509.VerifyOptions, detached []byte) (chains [
return
}
- var chain [][]*x509.Certificate
- chain, err = cert.Verify(Opts)
+ var signingTime time.Time
+ signingTime, err = signer.GetSigningTimeAttribute()
if err != nil {
- return
+ opts.CurrentTime = time.Now()
+ }
+ opts.CurrentTime = signingTime
+
+ var chain [][]*x509.Certificate
+ chain, err = cert.Verify(opts)
+ if err != nil {
+ // return
}
signedMessage := eContent
diff --git a/smime/smime_test.go b/smime/smime_test.go
index 9a93b8a..cc3a4b2 100644
--- a/smime/smime_test.go
+++ b/smime/smime_test.go
@@ -6,10 +6,12 @@ import (
"crypto/tls"
"crypto/x509"
"crypto/x509/pkix"
- "fmt"
+ "encoding/base64"
"log"
+ "strings"
"testing"
+ "github.com/InfiniteLoopSpace/go_S-MIME/cms"
"github.com/InfiniteLoopSpace/go_S-MIME/openssl"
"github.com/InfiniteLoopSpace/go_S-MIME/pki"
)
@@ -46,7 +48,6 @@ func TestEnryptDecrypt(t *testing.T) {
if err != nil {
t.Error(err)
}
- fmt.Printf("%s\n", ciphertext)
plain, err := SMIME.Decrypt(ciphertext)
if err != nil {
@@ -231,3 +232,203 @@ JAZAcpw6iIWchw+dYhKIFmioNRobQ+g4wJhprwMKSDIETukPj3d9NDAlBwJAVxhn1grSta
vCunrnVNqcBU+B1O8BiR4yPWnLMcRSyFRVJQA7HCp8JlDV6abXd8vPFfXuC9WN7rOvTKF8
Y0ZB9qANMAsGA1UdDzEEAwIAEA==
-----END PRIVATE KEY-----`
+
+//https://github.com/fullsailor/pkcs7/issues/9
+func TestiTunesReceipt(t *testing.T) {
+
+ b, err := base64.StdEncoding.DecodeString(strings.TrimSpace(iTunesReceipt))
+ if err != nil {
+ t.Error(err)
+ }
+
+ CMS, err := cms.New()
+ if err != nil {
+ t.Error(err)
+ }
+
+ _, err = CMS.Verify(b)
+ if err != nil {
+ t.Error(err)
+ }
+}
+
+var iTunesReceipt = `MIITtgYJKoZIhvcNAQcCoIITpzCCE6MCAQExCzAJBgUrDgMCGgUAMIIDVwYJKoZI
+hvcNAQcBoIIDSASCA0QxggNAMAoCAQgCAQEEAhYAMAoCARQCAQEEAgwAMAsCAQEC
+AQEEAwIBADALAgEDAgEBBAMMATEwCwIBCwIBAQQDAgEAMAsCAQ8CAQEEAwIBADAL
+AgEQAgEBBAMCAQAwCwIBGQIBAQQDAgEDMAwCAQoCAQEEBBYCNCswDAIBDgIBAQQE
+AgIAjTANAgENAgEBBAUCAwFgvTANAgETAgEBBAUMAzEuMDAOAgEJAgEBBAYCBFAy
+NDcwGAIBAgIBAQQQDA5jb20uemhpaHUudGVzdDAYAgEEAgECBBCS+ZODNMHwT1Nz
+gWYDXyWZMBsCAQACAQEEEwwRUHJvZHVjdGlvblNhbmRib3gwHAIBBQIBAQQU4nRh
+YCEZx70Flzv7hvJRjJZckYIwHgIBDAIBAQQWFhQyMDE2LTA3LTIzVDA2OjIxOjEx
+WjAeAgESAgEBBBYWFDIwMTMtMDgtMDFUMDc6MDA6MDBaMD0CAQYCAQEENbR21I+a
+8+byMXo3NPRoDWQmSXQF2EcCeBoD4GaL//ZCRETp9rGFPSg1KekCP7Kr9HAqw09m
+MEICAQcCAQEEOlVJozYYBdugybShbiiMsejDMNeCbZq6CrzGBwW6GBy+DGWxJI91
+Y3ouXN4TZUhuVvLvN1b0m5T3ggQwggFaAgERAgEBBIIBUDGCAUwwCwICBqwCAQEE
+AhYAMAsCAgatAgEBBAIMADALAgIGsAIBAQQCFgAwCwICBrICAQEEAgwAMAsCAgaz
+AgEBBAIMADALAgIGtAIBAQQCDAAwCwICBrUCAQEEAgwAMAsCAga2AgEBBAIMADAM
+AgIGpQIBAQQDAgEBMAwCAgarAgEBBAMCAQEwDAICBq4CAQEEAwIBADAMAgIGrwIB
+AQQDAgEAMAwCAgaxAgEBBAMCAQAwGwICBqcCAQEEEgwQMTAwMDAwMDIyNTMyNTkw
+MTAbAgIGqQIBAQQSDBAxMDAwMDAwMjI1MzI1OTAxMB8CAgaoAgEBBBYWFDIwMTYt
+MDctMjNUMDY6MjE6MTFaMB8CAgaqAgEBBBYWFDIwMTYtMDctMjNUMDY6MjE6MTFa
+MCACAgamAgEBBBcMFWNvbS56aGlodS50ZXN0LnRlc3RfMaCCDmUwggV8MIIEZKAD
+AgECAggO61eH554JjTANBgkqhkiG9w0BAQUFADCBljELMAkGA1UEBhMCVVMxEzAR
+BgNVBAoMCkFwcGxlIEluYy4xLDAqBgNVBAsMI0FwcGxlIFdvcmxkd2lkZSBEZXZl
+bG9wZXIgUmVsYXRpb25zMUQwQgYDVQQDDDtBcHBsZSBXb3JsZHdpZGUgRGV2ZWxv
+cGVyIFJlbGF0aW9ucyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNTExMTMw
+MjE1MDlaFw0yMzAyMDcyMTQ4NDdaMIGJMTcwNQYDVQQDDC5NYWMgQXBwIFN0b3Jl
+IGFuZCBpVHVuZXMgU3RvcmUgUmVjZWlwdCBTaWduaW5nMSwwKgYDVQQLDCNBcHBs
+ZSBXb3JsZHdpZGUgRGV2ZWxvcGVyIFJlbGF0aW9uczETMBEGA1UECgwKQXBwbGUg
+SW5jLjELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQClz4H9JaKBW9aH7SPaMxyO4iPApcQmyz3Gn+xKDVWG/6QC15fKOVRtfX+yVBid
+xCxScY5ke4LOibpJ1gjltIhxzz9bRi7GxB24A6lYogQ+IXjV27fQjhKNg0xbKmg3
+k8LyvR7E0qEMSlhSqxLj7d0fmBWQNS3CzBLKjUiB91h4VGvojDE2H0oGDEdU8zeQ
+uLKSiX1fpIVK4cCc4Lqku4KXY/Qrk8H9Pm/KwfU8qY9SGsAlCnYO3v6Z/v/Ca/Vb
+XqxzUUkIVonMQ5DMjoEC0KCXtlyxoWlph5AQaCYmObgdEHOwCl3Fc9DfdjvYLdmI
+HuPsB8/ijtDT+iZVge/iA0kjAgMBAAGjggHXMIIB0zA/BggrBgEFBQcBAQQzMDEw
+LwYIKwYBBQUHMAGGI2h0dHA6Ly9vY3NwLmFwcGxlLmNvbS9vY3NwMDMtd3dkcjA0
+MB0GA1UdDgQWBBSRpJz8xHa3n6CK9E31jzZd7SsEhTAMBgNVHRMBAf8EAjAAMB8G
+A1UdIwQYMBaAFIgnFwmpthhgi+zruvZHWcVSVKO3MIIBHgYDVR0gBIIBFTCCAREw
+ggENBgoqhkiG92NkBQYBMIH+MIHDBggrBgEFBQcCAjCBtgyBs1JlbGlhbmNlIG9u
+IHRoaXMgY2VydGlmaWNhdGUgYnkgYW55IHBhcnR5IGFzc3VtZXMgYWNjZXB0YW5j
+ZSBvZiB0aGUgdGhlbiBhcHBsaWNhYmxlIHN0YW5kYXJkIHRlcm1zIGFuZCBjb25k
+aXRpb25zIG9mIHVzZSwgY2VydGlmaWNhdGUgcG9saWN5IGFuZCBjZXJ0aWZpY2F0
+aW9uIHByYWN0aWNlIHN0YXRlbWVudHMuMDYGCCsGAQUFBwIBFipodHRwOi8vd3d3
+LmFwcGxlLmNvbS9jZXJ0aWZpY2F0ZWF1dGhvcml0eS8wDgYDVR0PAQH/BAQDAgeA
+MBAGCiqGSIb3Y2QGCwEEAgUAMA0GCSqGSIb3DQEBBQUAA4IBAQANphvTLj3jWysH
+bkKWbNPojEMwgl/gXNGNvr0PvRr8JZLbjIXDgFnf4+LXLgUUrA3btrj+/DUufMut
+F2uOfx/kd7mxZ5W0E16mGYZ2+FogledjjA9z/Ojtxh+umfhlSFyg4Cg6wBA3Lbmg
+BDkfc7nIBf3y3n8aKipuKwH8oCBc2et9J6Yz+PWY4L5E27FMZ/xuCk/J4gao0pfz
+p45rUaJahHVl0RYEYuPBX/UIqc9o2ZIAycGMs/iNAGS6WGDAfK+PdcppuVsq1h1o
+bphC9UynNxmbzDscehlD86Ntv0hgBgw2kivs3hi1EdotI9CO/KBpnBcbnoB7OUdF
+MGEvxxOoMIIEIjCCAwqgAwIBAgIIAd68xDltoBAwDQYJKoZIhvcNAQEFBQAwYjEL
+MAkGA1UEBhMCVVMxEzARBgNVBAoTCkFwcGxlIEluYy4xJjAkBgNVBAsTHUFwcGxl
+IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRYwFAYDVQQDEw1BcHBsZSBSb290IENB
+MB4XDTEzMDIwNzIxNDg0N1oXDTIzMDIwNzIxNDg0N1owgZYxCzAJBgNVBAYTAlVT
+MRMwEQYDVQQKDApBcHBsZSBJbmMuMSwwKgYDVQQLDCNBcHBsZSBXb3JsZHdpZGUg
+RGV2ZWxvcGVyIFJlbGF0aW9uczFEMEIGA1UEAww7QXBwbGUgV29ybGR3aWRlIERl
+dmVsb3BlciBSZWxhdGlvbnMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKOFSmy1aqyCQ5SOmM7uxfuH8mkbw0
+U3rOfGOAYXdkXqUHI7Y5/lAtFVZYcC1+xG7BSoU+L/DehBqhV8mvexj/avoVEkkV
+CBmsqtsqMu2WY2hSFT2Miuy/axiV4AOsAX2XBWfODoWVN2rtCbauZ81RZJ/GXNG8
+V25nNYB2NqSHgW44j9grFU57Jdhav06DwY3Sk9UacbVgnJ0zTlX5ElgMhrgWDcHl
+d0WNUEi6Ky3klIXh6MSdxmilsKP8Z35wugJZS3dCkTm59c3hTO/AO0iMpuUhXf1q
+arunFjVg0uat80YpyejDi+l5wGphZxWy8P3laLxiX27Pmd3vG2P+kmWrAgMBAAGj
+gaYwgaMwHQYDVR0OBBYEFIgnFwmpthhgi+zruvZHWcVSVKO3MA8GA1UdEwEB/wQF
+MAMBAf8wHwYDVR0jBBgwFoAUK9BpR5R2Cf70a40uQKb3R01/CF4wLgYDVR0fBCcw
+JTAjoCGgH4YdaHR0cDovL2NybC5hcHBsZS5jb20vcm9vdC5jcmwwDgYDVR0PAQH/
+BAQDAgGGMBAGCiqGSIb3Y2QGAgEEAgUAMA0GCSqGSIb3DQEBBQUAA4IBAQBPz+9Z
+viz1smwvj+4ThzLoBTWobot9yWkMudkXvHcs1Gfi/ZptOllc34MBvbKuKmFysa/N
+w0Uwj6ODDc4dR7Txk4qjdJukw5hyhzs+r0ULklS5MruQGFNrCk4QttkdUGwhgAqJ
+TleMa1s8Pab93vcNIx0LSiaHP7qRkkykGRIZbVf1eliHe2iK5IaMSuviSRSqpd1V
+AKmuu0swruGgsbwpgOYJd+W+NKIByn/c4grmO7i77LpilfMFY0GCzQ87HUyVpNur
++cmV6U/kTecmmYHpvPm0KdIBembhLoz2IYrF+Hjhga6/05Cdqa3zr/04GpZnMBxR
+pVzscYqCtGwPDBUfMIIEuzCCA6OgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBiMQsw
+CQYDVQQGEwJVUzETMBEGA1UEChMKQXBwbGUgSW5jLjEmMCQGA1UECxMdQXBwbGUg
+Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNVBAMTDUFwcGxlIFJvb3QgQ0Ew
+HhcNMDYwNDI1MjE0MDM2WhcNMzUwMjA5MjE0MDM2WjBiMQswCQYDVQQGEwJVUzET
+MBEGA1UEChMKQXBwbGUgSW5jLjEmMCQGA1UECxMdQXBwbGUgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkxFjAUBgNVBAMTDUFwcGxlIFJvb3QgQ0EwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDkkakJH5HbHkdQ6wXtXnmELes2oldMVeyLGYne
++Uts9QerIjAC6Bg++FAJ039BqJj50cpmnCRrEdCju+QbKsMflZ56DKRHi1vUFjcz
+y8QPTc4UadHJGXL1XQ7Vf1+b8iUDulWPTV0N8WQ1IxVLFVkds5T39pyez1C6wVhQ
+Z48ItCD3y6wsIG9wtj8BMIy3Q88PnT3zK0koGsj+zrW5DtleHNbLPbU6rfQPDgCS
+C7EhFi501TwN22IWq6NxkkdTVcGvL0Gz+PvjcM3mo0xFfh9Ma1CWQYnEdGILEINB
+hzOKgbEwWOxaBDKMaLOPHd5lc/9nXmW8Sdh2nzMUZaF3lMktAgMBAAGjggF6MIIB
+djAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUK9Bp
+R5R2Cf70a40uQKb3R01/CF4wHwYDVR0jBBgwFoAUK9BpR5R2Cf70a40uQKb3R01/
+CF4wggERBgNVHSAEggEIMIIBBDCCAQAGCSqGSIb3Y2QFATCB8jAqBggrBgEFBQcC
+ARYeaHR0cHM6Ly93d3cuYXBwbGUuY29tL2FwcGxlY2EvMIHDBggrBgEFBQcCAjCB
+thqBs1JlbGlhbmNlIG9uIHRoaXMgY2VydGlmaWNhdGUgYnkgYW55IHBhcnR5IGFz
+c3VtZXMgYWNjZXB0YW5jZSBvZiB0aGUgdGhlbiBhcHBsaWNhYmxlIHN0YW5kYXJk
+IHRlcm1zIGFuZCBjb25kaXRpb25zIG9mIHVzZSwgY2VydGlmaWNhdGUgcG9saWN5
+IGFuZCBjZXJ0aWZpY2F0aW9uIHByYWN0aWNlIHN0YXRlbWVudHMuMA0GCSqGSIb3
+DQEBBQUAA4IBAQBcNplMLXi37Yyb3PN3m/J20ncwT8EfhYOFG5k9RzfyqZtAjizU
+sZAS2L70c5vu0mQPy3lPNNiiPvl4/2vIB+x9OYOLUyDTOMSxv5pPCmv/K/xZpwUJ
+fBdAVhEedNO3iyM7R6PVbyTi69G3cN8PReEnyvFteO3ntRcXqNx+IjXKJdXZD9Zr
+1KIkIxH3oayPc4FgxhtbCS+SsvhESPBgOJ4V9T0mZyCKM2r3DYLP3uujL/lTaltk
+wGMzd/c6ByxW69oPIQ7aunMZT7XZNn/Bh1XZp5m5MkL72NVxnn6hUrcbvZNCJBIq
+xw8dtk2cXmPIS4AXUKqK1drk/NAJBzewdXUhMYIByzCCAccCAQEwgaMwgZYxCzAJ
+BgNVBAYTAlVTMRMwEQYDVQQKDApBcHBsZSBJbmMuMSwwKgYDVQQLDCNBcHBsZSBX
+b3JsZHdpZGUgRGV2ZWxvcGVyIFJlbGF0aW9uczFEMEIGA1UEAww7QXBwbGUgV29y
+bGR3aWRlIERldmVsb3BlciBSZWxhdGlvbnMgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkCCA7rV4fnngmNMAkGBSsOAwIaBQAwDQYJKoZIhvcNAQEBBQAEggEAasPtnide
+NWyfUtewW9OSgcQA8pW+5tWMR0469cBPZR84uJa0gyfmPspySvbNOAwnrwzZHYLa
+ujOxZLip4DUw4F5s3QwUa3y4BXpF4J+NSn9XNvxNtnT/GcEQtCuFwgJ0o3F0ilhv
+MTHrwiwyx/vr+uNDqlORK8lfK+1qNp+A/kzh8eszMrn4JSeTh9ZYxLHE56WkTQGD
+VZXl0gKgxSOmDrcp1eQxdlymzrPv9U60wUJ0bkPfrU9qZj3mJrmrkQk61JTe3j6/
+QfjfFBG9JG2mUmYQP1KQ3SypGHzDW8vngvsGu//tNU0NFfOqQu4bYU4VpQl0nPtD
+4B85NkrgvQsWAQ==`
+
+//https://github.com/fullsailor/pkcs7/issues/11
+func TestSCEP(t *testing.T) {
+
+ b, err := base64.StdEncoding.DecodeString(SCEP)
+ if err != nil {
+ t.Error(err)
+ }
+
+ CMS, err := cms.New()
+ if err != nil {
+ t.Error(err)
+ }
+
+ _, err = CMS.Verify(b)
+ if err != nil {
+ t.Error(err)
+ }
+}
+
+var SCEP = `MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0B
+BwGggCSABIIEjzCABgkqhkiG9w0BBwOggDCAAgEAMYIBkjCCAY4CAQAwdjBpMQsw
+CQYDVQQGEwJVUzELMAkGA1UECAwCTkoxEDAOBgNVBAcMB0NsaWZ0b24xDzANBgNV
+BAoMBkNvbW9kbzEUMBIGA1UECwwLRGV2IFNDRVAgQ0ExFDASBgNVBAMMC0RldiBT
+Q0VQIENBAgkAjN082YFpuh0wDQYJKoZIhvcNAQEBBQAEggEAR/p2AIXy+we5SUfZ
+iKV3WlSbnNadUvmpWc2XH4ksAq83LsyUe9sSKrvjnJpZ+yG7s2s22kU+cSorZ1+c
+EQsduwHjHLk0NufgJPSoSPTAEPLa5pOr4p4VhWd/IWxlD5KV2+5YYJrNrj+vvaup
+cu1fbTGXtJlZ2T9g8F0sQW08fdb9dnTPnmuwkx3ISSG0+6OKuA3dUQdHwNQC1Kvm
+Lg5KxnRhxzsor+LTkGTb/2nnJ/4S5ay2DeRVGE0MAwUj3j/p/ysgqaOIkJZL37Wy
+mwtfrHoUf38CvWOS5VT4Y3j420L93sSBLYyEAn1T4JJvg4Ytd/ddS1wY5yj77Sjn
+TfRHYzCABgkqhkiG9w0BBwEwFAYIKoZIhvcNAwcECA/iEMYYHJOGoIAEggKo2pXg
+ijfN5XRsJZ9hdS/5HDrfO3nUiNqeD4Cu7F38rNeKjGYW5I+KugwvbCVv/TDBMT1Z
+jeRPEyGAJRNJ+kmeRNXh4Ey4u7nGu2nQakPoUiOThyIfKBCDyfEAMRMeBhRlT3EI
+fmzTlQoXtOpCZdSn5htK3clJ4G/T4V2+QuuymmjUkAp8a3uofOk8aaUZi5MScNYx
+mUH/YvJk663ADU9Q9JyKDDZe5vW3gkOlVQ2HwcgIT/qny9l6CunyqHaWMi8nYPZP
+kBsnMMD2tdmvlRzxzDoYSmNgSpM/VnXfJN9iFico7KJEXV0axeNg+ziMhjErAuoI
+6H46jwaL4G1tkT100q8enheRupy124IwEHTndHWjZCZaa0X0cCQ16zE6XYV6c82x
+AA8N9zLY+gxbfp+DNWnDXdnkzZ64b5VmRC2nLMe40iCnxSZjDOHUWNw55TV3Le5h
+NY8VLWZzj6endTPgc82dMNHGHb/T1yaa8u7kH5RmhNXX948wQvuXd+Uhld/xQCCz
+rDhTHL3G2czOCyMDvF5o8rCsrjvI69xQHhVSJgGv8z15I7tvs+YCfMTVo4lJ15vh
+o4RgbRkp45wcKp2TEK+PJIukm5yHR1KssXgt0OrM1MWhuxIXy+/4XOZNqvdWZJu2
+xlN98zHCvhuRsutxaWd1WbFTFWWSmz7Hja1KYm8sUIe+S40m1uKd1YNDkA3b6BRi
+JGVzxcIDcHaxlhtNlaOyHHANvue4QC5VH+n2dnGtN8vxHEso77qNqqqj3qzuazSK
+BTKRu0EJQi2qSg17fle1vMxpuUlUJ72u7KkOgklwzd9R2nkEQ5vB7Oa9ozY142eM
+y5ICTNUv61WzRs1c7BW0fIRlmhY3Q6Yb2Kos4KByKYB0uyXkOGySPHT6JLjXvoq/
+0IJ1XmoECAnBCwQRr1/TAAAAAAAAAAAAAAAAAAAAAKCCAu8wggLrMIIB06ADAgEC
+AgEBMA0GCSqGSIb3DQEBBQUAMC8xLTArBgNVBAMTJDE2NEE1MEJGLTE0QzctNEIw
+Ri05M0Y4LTMxQkM5M0Y4MTFBQzAeFw0xNjA5MjMwOTU3MDZaFw0xNzA5MjMwOTU3
+MDZaMC8xLTArBgNVBAMTJDE2NEE1MEJGLTE0QzctNEIwRi05M0Y4LTMxQkM5M0Y4
+MTFBQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM2+SBeS9RLvnWkx
+NhvgfnAJt3vX+qmP+mwy7+Jr/EDRJea0siwuePnv0vt1X5BrAQiko+eJr15zkrIV
+TFStIjXrOArdHnVkSS4eOv7ZeB4WibgnUuT1Wl3H+1A1C6I+kmKhwxSQwdaTP6FO
+0IWRx7Xt9A+El2cSh/4+Lg6ektN8a6113Kl5tL7V+HZW1MW+mMld3gjAK2C0aVQm
+v7tdFHg74eZFPYV/YBBpJ3LGqwks+w7wwNuI3qfNi9N34ngHwWx4JVUGSsOQnaxY
+x928+SCyopKxqZeD807MEr6YsfFCpXZLb1XsVNO7zRqgqU12LeqQMUQ3DRwXEnbs
+4UkLMQsCAwEAAaMSMBAwDgYDVR0PAQH/BAQDAgWgMA0GCSqGSIb3DQEBBQUAA4IB
+AQAmly7Rj8wrPz5U+tK/x3j+oFnk92rrqVrODhnONSWeVwPs7MKPUjZ5WOLj6SAv
+rNWMp+AdNiWZ+ed3oi+VVJxHKM3pPZHYY3WNmYGNeyvrbnk9p5iqrjfAk4NcxDj1
+cqZ3Rn/SPaFGkrWFkf6og7XdoU/VOX7HGKrhH9y53R+UIVvMS2xeu5Ou4r9+3HM0
+DuHn9oIY3M7xsy7b0qeFwtiFghgkDJmkh3yj+XozMqKXR+u96W8q1hnyUBemErAk
+b+dbNPFIqLot1b9V17qypLx0lNujz4LCbShZYZhvAPTufP93zc8UoSja/mi1F4Wa
+nmvZ0A/svdgCQG2Ckt/pH3PIMYICOzCCAjcCAQEwNDAvMS0wKwYDVQQDEyQxNjRB
+NTBCRi0xNEM3LTRCMEYtOTNGOC0zMUJDOTNGODExQUMCAQEwDQYJYIZIAWUDBAIB
+BQCggdkwEgYKYIZIAYb4RQEJAjEEEwIxOTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcN
+AQcBMBwGCSqGSIb3DQEJBTEPFw0xNjA5MjMwOTU3MDZaMCAGCmCGSAGG+EUBCQUx
+EgQQQBpOIuoMGRxJPMevpboQ3DAvBgkqhkiG9w0BCQQxIgQgLMI40TPqczKEf2m1
+5WwN6dELRrXPJZ6wMmrf/BPbGkAwOAYKYIZIAYb4RQEJBzEqEyg2RjNCMTc5QTlB
+MjhCNTNGMkNBM0QwQThGMDFGRDk1NDYzQ0VGRjQ0MA0GCSqGSIb3DQEBAQUABIIB
+AMRvoAErA26q/3LBdqQcYdgH3n4r+qzT4bY/cOeeTw1TGl8hFTHiaiPhlV0fEkKn
+TaE2jkyp6EyeaComBk0NEeq0GKNLODSrMBc9+smm336+lDBkRj2nf4g6cH+4AHtg
+RCoIbqjipSoTlhV8VzCe4UzfWCCUAMBV0fQbZs7DwgEv4N8U5RIlAZC/oFphEhRL
+RZwEqGlN8hENv5XUxV8iYGnwercYh4tZ7qSMxEQJKpWXnuayBmKm9uEf++h8mo9j
+pQDcISIl2XGar1+Ay72qjyauvUJSvI5pxnVN9+gDR62XsW6FHxclMHk+YO3KqGwN
+whTwwUupZAvH5XgaOV+L4c8AAAAAAAA=`