Sha256 support

[groob]

Hi @fullsailor,

I use the pkcs7 package in my SCEP implementation. Although SCEP supports SHA1 and 3DES the recommended defaults are AES with SHA256.

I began working on implementing support for SHA256 and possibly SHA512 as well in this branch. Most of the code in this pull request is actually coming from a new package, github.com/fullsailor/pkcs7/internal/x509util which is just some exported helpers from crypto/x509. I use the helpers to determine the hash function/signature algorithm when needed.

I would love your input on the direction on this pull request, and what requirements you would have for getting a change like this into the pkcs7 package.

Thanks!

[groob]

Travis fails with 1.6/1.7 but passes with 1.8+

internal/x509util/x509util.go:115: undefined: x509.SHA256WithRSAPSS
internal/x509util/x509util.go:115: undefined: x509.SHA384WithRSAPSS
internal/x509util/x509util.go:115: undefined: x509.SHA512WithRSAPSS
internal/x509util/x509util.go:183: undefined: x509.SHA256WithRSAPSS
internal/x509util/x509util.go:184: undefined: x509.SHA384WithRSAPSS
internal/x509util/x509util.go:185: undefined: x509.SHA512WithRSAPSS

I can put those behind a build flag

[Beanow]

Any hopes of this seeing a merge?

[Beanow]

@groob signer.DigestAlgorithm.Algorithm might also be a hash only, not including encryption. For example, my test matched oidSHA256.

This breaks the func verifySignature(p7 *PKCS7, signer signerInfo) error function with: could not find SignatureAlgorithm details for oid: 2.16.840.1.101.3.4.2.1

[Beanow]

The algorithm could be composed, because:

signer.DigestAlgorithm.Algorithm == 2.16.840.1.101.3.4.2.1 (SHA256)
signer.DigestEncryptionAlgorithm.Algorithm == 1.2.840.113549.1.1.1 (RSA)