cfca: fix typo

cfca/pkcs12_sm2.go

@@ -13,22 +13,23 @@ import (
 	"github.com/emmansun/gmsm/smx509"
 )
 
-// CFCA私有格式，在SADK中把它定义为PKCS12_SM2
-
+// cfcaKeyPairData represents a key pair data structure used
+// in CFCA (China Financial Certification Authority)
+// for both parsing and marshaling SM2 keys and certificates.
 type cfcaKeyPairData struct {
 	Version      int `asn1:"default:1"`
 	EncryptedKey keyData
 	Certificate  certData
 }
 
-// 被加密的私钥数据
+// Encrypted private key data
 type keyData struct {
 	ContentType      asn1.ObjectIdentifier
 	Algorithm        asn1.ObjectIdentifier
 	EncryptedContent asn1.RawValue
 }
 
-// 对应的证书
+// Corresponding certificate
 type certData struct {
 	ContentType asn1.ObjectIdentifier
 	Content     asn1.RawContent
@@ -41,7 +42,7 @@ var (
 )
 
 // ParseSM2 parses the der data, returns private key and related certificate, it's CFCA private structure.
-// This methed is coresponding to CFCA SADK's cfca.sadk.asn1.pkcs.load.
+// This method is corresponding to CFCA SADK's cfca.sadk.asn1.pkcs.load.
 func ParseSM2(password, data []byte) (*sm2.PrivateKey, *smx509.Certificate, error) {
 	var keys cfcaKeyPairData
 	if _, err := asn1.Unmarshal(data, &keys); err != nil {
@@ -58,7 +59,7 @@ func ParseSM2(password, data []byte) (*sm2.PrivateKey, *smx509.Certificate, erro
 	}
 	pk, err := DecryptBySM4CBC(keys.EncryptedKey.EncryptedContent.Bytes, password)
 	if err != nil {
-		return nil, nil, fmt.Errorf("cfca: failed to decrypt by SM4-CBC, please ensure the password is correct")
+		return nil, nil, fmt.Errorf("cfca: failed to decrypt by SM4-CBC, please ensure the password is correct: %v", err)
 	}
 	prvKey, err := sm2.NewPrivateKeyFromInt(new(big.Int).SetBytes(pk))
 	if err != nil {
@@ -76,7 +77,7 @@ func ParseSM2(password, data []byte) (*sm2.PrivateKey, *smx509.Certificate, erro
 }
 
 // MarshalSM2 encodes sm2 private key and related certificate to cfca defined format.
-// This methed is coresponding to CFCA SADK's cfca.sadk.asn1.pkcs.CombineSM2Data.
+// This method is corresponding to CFCA SADK's cfca.sadk.asn1.pkcs.CombineSM2Data.
 func MarshalSM2(password []byte, key *sm2.PrivateKey, cert *smx509.Certificate) ([]byte, error) {
 	var err error
 	var ciphertext []byte

cfca/pkcs12_sm2_test.go

@@ -163,8 +163,8 @@ func TestParseSM2WithInvalidPwd(t *testing.T) {
 	password := []byte("wrongpwd")
 	der, _ := hex.DecodeString("308203490201013047060a2a811ccf55060104020106072a811ccf5501680430016ca58c339f32f5bbe2b0491d5087c9b5de0f5aef4b4d0726941a0c21d9795f51e802f2a1596cc909d1638067ca28cc308202f9060a2a811ccf550601040201048202e9308202e530820289a00302010202051040990809300c06082a811ccf550183750500305c310b300906035504061302434e3130302e060355040a0c274368696e612046696e616e6369616c2043657274696669636174696f6e20417574686f72697479311b301906035504030c1243464341205445535420534d32204f434131301e170d3230313131393038333131385a170d3235313131393038333131385a308189310b300906035504061302434e31173015060355040a0c0e434643412054455354204f434131310d300b060355040b0c045053424331193017060355040b0c104f7267616e697a6174696f6e616c2d323137303506035504030c2e30353140e982aee582a8e7babfe4b88ae694b6e58d95e59586e688b7404e353130313133303030313838373840313059301306072a8648ce3d020106082a811ccf5501822d0342000495510badce29f70be07df6e2b0ce75be124a56c08e82435e72b4aa6c17679f455a6892aadde2a6b7a58ca7b0e10ca78d3811ff27e9f728cd80d53c1b9a6461dba382010630820102301f0603551d230418301680146bfe18da8f423aa6b86db32e88833a34a2c130e1300c0603551d130101ff0402300030480603551d200441303f303d060860811c86ef2a01013031302f06082b060105050702011623687474703a2f2f7777772e636663612e636f6d2e636e2f75732f75732d31342e68746d30390603551d1f04323030302ea02ca02a8628687474703a2f2f7563726c2e636663612e636f6d2e636e2f534d322f63726c31343335362e63726c300e0603551d0f0101ff0404030206c0301d0603551d0e04160414f8863d94f4a13b915ef9321a83a0be23445a7735301d0603551d250416301406082b0601050507030206082b06010505070304300c06082a811ccf5501837505000348003045022100890d2b153df86bfa09c3012323e52cadfa1c6c6a61f280f79c8c22db71d1504202204970b89aeb05e459e3fc2a4d4eabe4f7ee7a16e20d9004c64bcc5187b9332811")
 	_, _, err := ParseSM2(password, der)
-	if err == nil || err.Error() != "cfca: failed to decrypt by SM4-CBC, please ensure the password is correct" {
-		t.Fatal("cfca: failed to decrypt by SM4-CBC, please ensure the password is correct")
+	if err == nil || err.Error() != "cfca: failed to decrypt by SM4-CBC, please ensure the password is correct: padding: invalid padding byte/length" {
+		t.Fatal("cfca: failed to decrypt by SM4-CBC, please ensure the password is correct: padding: invalid padding byte/length")
 	}
 }
 

docs/cfca.md

@@ -76,7 +76,7 @@ SADK 3.2之后的版本，支持下列SM2密文格式(encryptedType)：
 1. 数据对称加密密钥的密文格式为**ASN.1编码格式**，这个符合《GB/T 35275-2017 信息安全技术 SM2密码算法加密签名消息语法规范》。
 2. SM4-CBC的OID，使用了["SM4" block cipher](https://oid-rep.orange-labs.fr/get/1.2.156.10197.1.104)，而不是["SMS4-CBC"](https://oid-rep.orange-labs.fr/get/1.2.156.10197.1.104.2)。
 
-本软件库的```pkcs7.EncryptSM```方法```Decrypt```方法提供了SADK 3.2+版本的信封加解密兼容性，记得cipher参数选择```pkcs.SM4```。```pkcs7.EncryptSM```方法符合GB/T 35275-2017 信息安全技术 SM2密码算法加密签名消息语法规范》，CFCA的SADK能解密。
+本软件库的```pkcs7.EncryptSM```方法```Decrypt```方法提供了SADK 3.2+版本的信封加解密兼容性。使用时，请确保`cipher`参数选择```pkcs.SM4```。```pkcs7.EncryptSM```方法符合《GB/T 35275-2017 信息安全技术 SM2密码算法加密签名消息语法规范》，CFCA的SADK可实现相应数据的解密。
 
 本软件库的```pkcs7.EnvelopeMessageCFCA```方法提供了CFCA SADK更兼容的实现，也就是recipientPolicyType=0。