gitee.com/lh-her-team/common@v1.5.1/crypto/asym/rsa/sk.go (about) 1 package rsa 2 3 import ( 4 "bytes" 5 crypto2 "crypto" 6 "crypto/rand" 7 "crypto/rsa" 8 "crypto/sha256" 9 "crypto/x509" 10 "encoding/pem" 11 "fmt" 12 13 "gitee.com/lh-her-team/common/crypto" 14 "gitee.com/lh-her-team/common/crypto/hash" 15 ) 16 17 var defaultRSAOpts = &crypto.EncOpts{ 18 EncodingType: RSA_OAEP, 19 BlockMode: "", 20 EnableMAC: false, 21 Hash: crypto.HASH_TYPE_SHA256, 22 Label: nil, 23 } 24 25 type PrivateKey struct { 26 keyType crypto.KeyType 27 K *rsa.PrivateKey 28 } 29 30 func New(keyType crypto.KeyType) (crypto.PrivateKey, error) { 31 var bits crypto.BitsSize 32 switch keyType { 33 case crypto.RSA512: 34 bits = crypto.BITS_SIZE_512 35 case crypto.RSA1024: 36 bits = crypto.BITS_SIZE_1024 37 case crypto.RSA2048: 38 bits = crypto.BITS_SIZE_2048 39 case crypto.RSA3072: 40 bits = crypto.BITS_SIZE_3072 41 default: 42 return nil, fmt.Errorf("unsupport RSA type") 43 } 44 priv, err := rsa.GenerateKey(rand.Reader, int(bits)) 45 if err != nil { 46 return nil, err 47 } 48 return &PrivateKey{K: priv, keyType: keyType}, nil 49 } 50 51 func NewDecryptionKey(keyType crypto.KeyType) (crypto.DecryptKey, error) { 52 priv, err := New(keyType) 53 if err != nil { 54 return nil, err 55 } 56 return priv.(crypto.DecryptKey), nil 57 } 58 59 func (sk *PrivateKey) Bytes() ([]byte, error) { 60 if sk.K == nil { 61 return nil, fmt.Errorf("private key is nil") 62 } 63 64 return x509.MarshalPKCS1PrivateKey(sk.K), nil 65 } 66 67 func (sk *PrivateKey) PublicKey() crypto.PublicKey { 68 return &PublicKey{K: &sk.K.PublicKey} 69 } 70 71 func (sk *PrivateKey) Sign(data []byte) ([]byte, error) { 72 hashed := sha256.Sum256(data) 73 return rsa.SignPKCS1v15(rand.Reader, sk.K, crypto2.SHA256, hashed[:]) 74 } 75 76 func (sk *PrivateKey) SignWithOpts(data []byte, opts *crypto.SignOpts) ([]byte, error) { 77 if opts == nil || opts.Hash == crypto.HASH_TYPE_SM3 { 78 return sk.Sign(data) 79 } 80 hashed, err := hash.Get(opts.Hash, data) 81 if err != nil { 82 return nil, err 83 } 84 switch opts.EncodingType { 85 case RSA_PSS: 86 return rsa.SignPSS(rand.Reader, sk.K, crypto2.SHA256, hashed, nil) 87 default: 88 return rsa.SignPKCS1v15(rand.Reader, sk.K, crypto2.Hash(opts.Hash), hashed[:]) 89 } 90 } 91 92 func (sk *PrivateKey) Type() crypto.KeyType { 93 return sk.keyType 94 } 95 96 func (sk *PrivateKey) String() (string, error) { 97 skDER, err := sk.Bytes() 98 if err != nil { 99 return "", err 100 } 101 block := &pem.Block{ 102 Type: "RSA PRIVATE KEY", 103 Bytes: skDER, 104 } 105 buf := new(bytes.Buffer) 106 if err = pem.Encode(buf, block); err != nil { 107 return "", err 108 } 109 return buf.String(), nil 110 } 111 112 func (sk *PrivateKey) ToStandardKey() crypto2.PrivateKey { 113 return sk.K 114 } 115 116 func (sk *PrivateKey) Decrypt(ciphertext []byte) ([]byte, error) { 117 return sk.DecryptWithOpts(ciphertext, defaultRSAOpts) 118 } 119 120 func (sk *PrivateKey) DecryptWithOpts(ciphertext []byte, opts *crypto.EncOpts) ([]byte, error) { 121 // TODO switch encoding type 122 switch opts.EncodingType { 123 case RSA_OAEP: 124 hashAlgo, err := hash.GetHashAlgorithm(opts.Hash) 125 if err != nil { 126 return nil, fmt.Errorf("RSA decryption fails: %v", err) 127 } 128 return rsa.DecryptOAEP(hashAlgo, rand.Reader, sk.ToStandardKey().(*rsa.PrivateKey), ciphertext, opts.Label) 129 default: 130 return nil, fmt.Errorf("RSA decryption fails: unknown encoding type [%s]", opts.EncodingType) 131 } 132 } 133 134 func (sk *PrivateKey) EncryptKey() crypto.EncryptKey { 135 return &PublicKey{K: &sk.K.PublicKey} 136 }