gitee.com/lh-her-team/common@v1.5.1/crypto/pkcs11/helper.go (about) 1 package pkcs11 2 3 import ( 4 "fmt" 5 6 "github.com/miekg/pkcs11" 7 "github.com/pkg/errors" 8 ) 9 10 func (p11 *P11Handle) findObjects(template []*pkcs11.Attribute, max int) ([]pkcs11.ObjectHandle, error) { 11 session, err := p11.getSession() 12 if err != nil { 13 return nil, fmt.Errorf("PKCS11 error: fail to get session [%s]", err) 14 } 15 defer p11.returnSession(err, session) 16 if err = p11.ctx.FindObjectsInit(session, template); err != nil { 17 return nil, err 18 } 19 if max <= 0 { 20 max = 100 21 } 22 objectHandles, _, err := p11.ctx.FindObjects(session, max) 23 if err != nil { 24 return nil, err 25 } 26 if err := p11.ctx.FindObjectsFinal(session); err != nil { 27 return nil, err 28 } 29 if len(objectHandles) == 0 { 30 return nil, errors.New("no objects found") 31 } 32 return objectHandles, nil 33 } 34 35 func (p11 *P11Handle) findObject(template []*pkcs11.Attribute) (*pkcs11.ObjectHandle, error) { 36 objects, err := p11.findObjects(template, 1) 37 if err != nil { 38 return nil, err 39 } 40 if len(objects) > 1 { 41 return nil, errors.New("too many objects matching template") 42 } 43 return &objects[0], nil 44 } 45 46 func (p11 *P11Handle) findPrivateKey(id []byte) (*pkcs11.ObjectHandle, error) { 47 if obj, err := p11.findPrivateKeyByLabel(id); err == nil { 48 return obj, nil 49 } 50 return p11.findPrivateKeyBySKI(id) 51 } 52 53 func (p11 *P11Handle) findPublicKey(id []byte) (*pkcs11.ObjectHandle, error) { 54 if obj, err := p11.findPublicKeyByLabel(id); err == nil { 55 return obj, nil 56 } 57 return p11.findPublicKeyBySKI(id) 58 } 59 60 func (p11 *P11Handle) findPrivateKeyByLabel(label []byte) (*pkcs11.ObjectHandle, error) { 61 template := []*pkcs11.Attribute{ 62 pkcs11.NewAttribute(pkcs11.CKA_CLASS, pkcs11.CKO_PRIVATE_KEY), 63 pkcs11.NewAttribute(pkcs11.CKA_LABEL, label), 64 } 65 return p11.findObject(template) 66 } 67 68 func (p11 *P11Handle) findPublicKeyByLabel(label []byte) (*pkcs11.ObjectHandle, error) { 69 template := []*pkcs11.Attribute{ 70 pkcs11.NewAttribute(pkcs11.CKA_CLASS, pkcs11.CKO_PUBLIC_KEY), 71 pkcs11.NewAttribute(pkcs11.CKA_LABEL, label), 72 } 73 return p11.findObject(template) 74 } 75 76 func (p11 *P11Handle) findPrivateKeyBySKI(ski []byte) (*pkcs11.ObjectHandle, error) { 77 template := []*pkcs11.Attribute{ 78 pkcs11.NewAttribute(pkcs11.CKA_CLASS, pkcs11.CKO_PRIVATE_KEY), 79 pkcs11.NewAttribute(pkcs11.CKA_ID, ski), 80 } 81 return p11.findObject(template) 82 } 83 84 func (p11 *P11Handle) findPublicKeyBySKI(ski []byte) (*pkcs11.ObjectHandle, error) { 85 template := []*pkcs11.Attribute{ 86 pkcs11.NewAttribute(pkcs11.CKA_CLASS, pkcs11.CKO_PUBLIC_KEY), 87 pkcs11.NewAttribute(pkcs11.CKA_ID, ski), 88 } 89 return p11.findObject(template) 90 } 91 92 func (p11 *P11Handle) findSecretKey(id []byte) (*pkcs11.ObjectHandle, error) { 93 template := []*pkcs11.Attribute{ 94 pkcs11.NewAttribute(pkcs11.CKA_CLASS, pkcs11.CKO_SECRET_KEY), 95 pkcs11.NewAttribute(pkcs11.CKA_LABEL, id), 96 } 97 handle, err := p11.findObject(template) 98 if err == nil { 99 return handle, nil 100 } 101 template = []*pkcs11.Attribute{ 102 pkcs11.NewAttribute(pkcs11.CKA_CLASS, pkcs11.CKO_SECRET_KEY), 103 pkcs11.NewAttribute(pkcs11.CKA_ID, id), 104 } 105 handle, err = p11.findObject(template) 106 if err == nil { 107 return handle, nil 108 } 109 return nil, err 110 } 111 112 // getAttributes returns key's attribute which corresponds to id 113 func (p11 *P11Handle) getAttributes(id []byte, template []*pkcs11.Attribute) ([]*pkcs11.Attribute, error) { 114 session, err := p11.getSession() 115 if err != nil { 116 return nil, fmt.Errorf("PKCS11 error: fail to get session [%s]", err) 117 } 118 defer p11.returnSession(err, session) 119 obj, err := p11.findPublicKey(id) 120 if err != nil { 121 return nil, err 122 } 123 return p11.ctx.GetAttributeValue(session, *obj, template) 124 }