gitee.com/lh-her-team/common@v1.5.1/crypto/pkcs11/ecdsakey.go (about) 1 package pkcs11 2 3 import ( 4 "crypto" 5 "crypto/ecdsa" 6 "io" 7 "strconv" 8 9 "gitee.com/lh-her-team/common/crypto/hsm" 10 11 bccrypto "gitee.com/lh-her-team/common/crypto" 12 bcecdsa "gitee.com/lh-her-team/common/crypto/asym/ecdsa" 13 bcsm2 "gitee.com/lh-her-team/common/crypto/asym/sm2" 14 "gitee.com/lh-her-team/common/crypto/hash" 15 "github.com/miekg/pkcs11" 16 "github.com/pkg/errors" 17 "github.com/tjfoc/gmsm/sm2" 18 ) 19 20 type ecdsaPrivateKey struct { 21 priv *p11EcdsaPrivateKey 22 } 23 24 func (e ecdsaPrivateKey) Public() crypto.PublicKey { 25 return e.priv.pubKey.ToStandardKey() 26 } 27 28 func (e ecdsaPrivateKey) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error) { 29 return e.priv.SignWithOpts(digest, &bccrypto.SignOpts{Hash: bccrypto.HASH_TYPE_SM3}) 30 } 31 32 // p11EcdsaPrivateKey represents pkcs11 ecdsa/sm2 private key 33 type p11EcdsaPrivateKey struct { 34 p11Ctx *P11Handle 35 pubKey bccrypto.PublicKey 36 keyId []byte 37 keyType P11KeyType 38 keyObject pkcs11.ObjectHandle 39 signer crypto.Signer 40 } 41 42 func NewP11ECDSAPrivateKey(p11 *P11Handle, keyId []byte, keyType P11KeyType) (bccrypto.PrivateKey, error) { 43 if p11 == nil || keyId == nil { 44 return nil, errors.New("Invalid parameter, p11 or keyId is nil") 45 } 46 //find private key 47 id, err := strconv.Atoi(string(keyId)) 48 if err != nil { 49 return nil, err 50 } 51 keyIdStr, err := hsm.GetHSMAdapter("").PKCS11_GetSM2KeyId(id, true) 52 if err != nil { 53 return nil, err 54 } 55 obj, err := p11.findPrivateKey([]byte(keyIdStr)) 56 if err != nil { 57 return nil, errors.WithMessagef(err, "failed to find private key, keyId = %s", keyIdStr) 58 } 59 //export public key 60 keyIdStr, err = hsm.GetHSMAdapter("").PKCS11_GetSM2KeyId(id, false) 61 if err != nil { 62 return nil, err 63 } 64 pubKey, err := p11.ExportECDSAPublicKey([]byte(keyIdStr), keyType) 65 if err != nil { 66 return nil, errors.WithMessagef(err, "failed to export public key, keyId = %s", keyIdStr) 67 } 68 var bcPubKey bccrypto.PublicKey 69 switch keyType { 70 case SM2: 71 bcPubKey = &bcsm2.PublicKey{K: pubKey.(*sm2.PublicKey)} 72 case ECDSA: 73 bcPubKey = &bcecdsa.PublicKey{K: pubKey.(*ecdsa.PublicKey)} 74 default: 75 return nil, errors.New("unknown key type") 76 } 77 p11PrivateKey := &p11EcdsaPrivateKey{ 78 p11Ctx: p11, 79 pubKey: bcPubKey, 80 keyId: keyId, 81 keyType: keyType, 82 keyObject: *obj, 83 } 84 p11PrivateKey.signer = &ecdsaPrivateKey{p11PrivateKey} 85 return p11PrivateKey, nil 86 } 87 88 func (sk *p11EcdsaPrivateKey) Type() bccrypto.KeyType { 89 return sk.PublicKey().Type() 90 } 91 92 func (sk *p11EcdsaPrivateKey) Bytes() ([]byte, error) { 93 return sk.keyId, nil 94 } 95 96 func (sk *p11EcdsaPrivateKey) String() (string, error) { 97 return string(sk.keyId), nil 98 } 99 100 func (sk *p11EcdsaPrivateKey) PublicKey() bccrypto.PublicKey { 101 return sk.pubKey 102 } 103 104 func (sk *p11EcdsaPrivateKey) Sign(data []byte) ([]byte, error) { 105 var mech uint 106 switch sk.Type() { 107 case bccrypto.SM2: 108 // test needed to verify correctness 109 //mech = CKM_SM3_SM2_APPID1_DER 110 //mech = CKM_SM3_SM2 111 mech = hsm.GetHSMAdapter("").PKCS11_GetSM3SM2CKM() 112 if mech == 0 { 113 mech = CKM_SM3_SM2 114 } 115 case bccrypto.ECC_Secp256k1, bccrypto.ECC_NISTP256, bccrypto.ECC_NISTP384, bccrypto.ECC_NISTP521: 116 mech = pkcs11.CKM_ECDSA 117 } 118 return sk.p11Ctx.Sign(sk.keyObject, pkcs11.NewMechanism(mech, nil), data) 119 } 120 121 func (sk *p11EcdsaPrivateKey) SignWithOpts(msg []byte, opts *bccrypto.SignOpts) ([]byte, error) { 122 if opts == nil { 123 return sk.Sign(msg) 124 } 125 if opts.Hash == bccrypto.HASH_TYPE_SM3 && sk.Type() == bccrypto.SM2 { 126 //pkSM2, ok := sk.PublicKey().ToStandardKey().(*sm2.PublicKey) 127 //if !ok { 128 // return nil, fmt.Errorf("SM2 private key does not match the type it claims") 129 //} 130 //uid := opts.UID 131 //if len(uid) == 0 { 132 // uid = bccrypto.CRYPTO_DEFAULT_UID 133 //} 134 // 135 //za, err := sm2.ZA(pkSM2, []byte(uid)) 136 //if err != nil { 137 // return nil, fmt.Errorf("PKCS11 error: fail to create SM3 digest for msg [%v]", err) 138 //} 139 //e := sm3.New() 140 //e.Write(za) 141 //e.Write(msg) 142 //dgst := e.Sum(nil)[:32] 143 144 return sk.Sign(msg) 145 } 146 dgst, err := hash.Get(opts.Hash, msg) 147 if err != nil { 148 return nil, err 149 } 150 return sk.Sign(dgst) 151 } 152 153 func (sk *p11EcdsaPrivateKey) ToStandardKey() crypto.PrivateKey { 154 return sk.signer 155 }