gitee.com/lh-her-team/common@v1.5.1/crypto/sdf/crypto.go

gitee.com/lh-her-team/common@v1.5.1/crypto/sdf/crypto.go (about)

     1  package sdf
     2  
     3  import (
     4  	"encoding/asn1"
     5  	"fmt"
     6  	"math/big"
     7  
     8  	"github.com/pkg/errors"
     9  
    10  	"gitee.com/lh-her-team/common/crypto/hsm"
    11  
    12  	"gitee.com/lh-her-team/common/crypto/sdf/base"
    13  	"github.com/tjfoc/gmsm/sm2"
    14  )
    15  
    16  type SDFKey struct {
    17  	KeyId   uint
    18  	KeyPwd  []byte
    19  	KeyType SDFKeyType
    20  }
    21  
    22  func (h *SDFHandle) GenerateRandom(length int) ([]byte, error) {
    23  	session, err := h.getSession()
    24  	if err != nil {
    25  		return nil, fmt.Errorf("[SDF] error: fail to get session [%s]", err)
    26  	}
    27  	defer h.returnSession(err, session)
    28  	return h.ctx.SDFGenerateRandom(session, uint(length))
    29  }
    30  
    31  // Sign signs the input with a given mechanism.
    32  func (h *SDFHandle) ECCInternalSign(key SDFKey, msg []byte) ([]byte, error) {
    33  	session, err := h.getSession()
    34  	if err != nil {
    35  		return nil, fmt.Errorf("[SDF] error: fail to get session [%s]", err)
    36  	}
    37  	defer h.returnSession(err, session)
    38  	{
    39  		/*
    40  			check pwd
    41  			this depends on HSM vendors :-(
    42  		*/
    43  		accessKeyId, need := hsm.GetHSMAdapter("").SDF_GetSM2KeyAccessRight(int(key.KeyId))
    44  		if need {
    45  			err = h.ctx.SDFGetPrivateKeyAccessRight(session, uint(accessKeyId), key.KeyPwd, uint(len(key.KeyPwd)))
    46  			if err != nil {
    47  				return nil, errors.WithMessage(err, "failed to SDFGetPrivateKeyAccessRight before sign")
    48  			}
    49  		}
    50  	}
    51  	sign, err := h.ctx.SDFInternalSign_ECC(session, key.KeyId, msg, uint(len(msg)))
    52  	if err != nil {
    53  		return nil, errors.WithMessage(err, "failed to SDFInternalSign_ECC")
    54  	}
    55  	r := big.NewInt(0).SetBytes([]byte(sign.R))
    56  	s := big.NewInt(0).SetBytes([]byte(sign.S))
    57  	return asn1.Marshal(ECCSignature{r, s})
    58  }
    59  
    60  // Verify verifies a signature over a message with a given mechanism.
    61  func (h *SDFHandle) Verify(key SDFKey, msg []byte, sig base.ECCSignature) error {
    62  	session, err := h.getSession()
    63  	if err != nil {
    64  		return fmt.Errorf("[SDF] error: fail to get session [%s]", err)
    65  	}
    66  	defer h.returnSession(err, session)
    67  	err = h.ctx.SDFInternalVerify_ECC(session, key.KeyId, msg, uint(len(msg)), sig)
    68  	if err != nil {
    69  		return err
    70  	}
    71  	return nil
    72  }
    73  
    74  // Encrypt encrypts a plaintext with a given mechanism.
    75  func (h *SDFHandle) Encrypt(key SDFKey, plain []byte) ([]byte, error) {
    76  	session, err := h.getSession()
    77  	if err != nil {
    78  		return nil, fmt.Errorf("[SDF] error: fail to get session [%s]", err)
    79  	}
    80  	defer h.returnSession(err, session)
    81  	{
    82  		/*
    83  			check pwd
    84  			this depends on HSM vendors :-(
    85  		*/
    86  		accessKeyId, need := hsm.GetHSMAdapter("").SDF_GetSM2KeyAccessRight(int(key.KeyId))
    87  		if need {
    88  			err = h.ctx.SDFGetPrivateKeyAccessRight(session, uint(accessKeyId), key.KeyPwd, uint(len(key.KeyPwd)))
    89  			if err != nil {
    90  				return nil, err
    91  			}
    92  		}
    93  	}
    94  	out, err := h.ctx.SDFInternalEncrypt_ECC(session, key.KeyId, base.SGD_SM2_3, plain, uint(len(plain)))
    95  	if err != nil {
    96  		return nil, errors.WithMessagef(err, "failed to execute sm2 encrypt")
    97  	}
    98  	return asn1.Marshal(out)
    99  }
   100  
   101  // Encrypt encrypts a plaintext with a given mechanism.
   102  func (h *SDFHandle) Decrypt(key SDFKey, cipher []byte) ([]byte, error) {
   103  	session, err := h.getSession()
   104  	if err != nil {
   105  		return nil, fmt.Errorf("[SDF] error: fail to get session [%s]", err)
   106  	}
   107  	defer h.returnSession(err, session)
   108  	{
   109  		/*
   110  			check pwd
   111  			this depends on HSM vendors :-(
   112  		*/
   113  		accessKeyId, need := hsm.GetHSMAdapter("").SDF_GetSM2KeyAccessRight(int(key.KeyId))
   114  		if need {
   115  			err = h.ctx.SDFGetPrivateKeyAccessRight(session, uint(accessKeyId), key.KeyPwd, uint(len(key.KeyPwd)))
   116  			if err != nil {
   117  				return nil, err
   118  			}
   119  		}
   120  	}
   121  	return nil, nil
   122  }
   123  
   124  // GenKeyPair returns asym keypair
   125  func (h *SDFHandle) GenKeyPair() (pri *base.ECCrefPrivateKey, pub *base.ECCrefPublicKey, err error) {
   126  	session, err := h.getSession()
   127  	if err != nil {
   128  		return nil, nil, fmt.Errorf("[SDF] error: fail to get session [%s]", err)
   129  	}
   130  	defer h.returnSession(err, session)
   131  	pubHandle, privHandle, err := h.ctx.SDFGenerateKeyPair_ECC(session, base.SGD_SM2, 256)
   132  	if err != nil {
   133  		return nil, nil, err
   134  	}
   135  	return &privHandle, &pubHandle, nil
   136  }
   137  
   138  // GenerateKey returns sym key
   139  func (h *SDFHandle) GenerateKey(length int) ([]byte, error) {
   140  	session, err := h.getSession()
   141  	if err != nil {
   142  		return nil, fmt.Errorf("[SDF] error: fail to get session [%s]", err)
   143  	}
   144  	defer h.returnSession(err, session)
   145  	randomBytes, err := h.ctx.SDFGenerateRandom(session, uint(length))
   146  	if err != nil {
   147  		return nil, err
   148  	}
   149  	return randomBytes, nil
   150  }
   151  
   152  // ExportECDSAPublicKey export a ecdsa/sm2 public key of pkcs11 ecdsa/sm2 private key
   153  func (h *SDFHandle) ExportECDSAPublicKey(key SDFKey) (interface{}, error) {
   154  	session, err := h.getSession()
   155  	if err != nil {
   156  		return nil, fmt.Errorf("[SDF] error: fail to get session [%s]", err)
   157  	}
   158  	defer h.returnSession(err, session)
   159  	pub, err := h.ctx.SDFExportSignPublicKey_ECC(session, key.KeyId)
   160  	if err != nil {
   161  		return nil, err
   162  	}
   163  	x, y := big.NewInt(0), big.NewInt(0)
   164  	x.SetBytes([]byte(pub.X))
   165  	y.SetBytes([]byte(pub.Y))
   166  	sm2PubKey := &sm2.PublicKey{
   167  		Curve: sm2.P256Sm2(),
   168  		X:     x,
   169  		Y:     y,
   170  	}
   171  	return sm2PubKey, err
   172  }
   173  
   174  // Encrypt encrypts a plaintext with a given mechanism.
   175  func (h *SDFHandle) SymEncrypt(keyHandle base.SessionHandle, mode uint, iv []byte, plain []byte) ([]byte, error) {
   176  	session, err := h.getSession()
   177  	if err != nil {
   178  		return nil, fmt.Errorf("[SDF] error: fail to get session [%s]", err)
   179  	}
   180  	defer h.returnSession(err, session)
   181  	iv2 := make([]byte, len(iv))
   182  	copy(iv2, iv)
   183  	encData, encDataLength, err := h.ctx.SDFEncrypt(session, keyHandle, mode, iv2, plain, uint(len(plain)))
   184  	if err != nil {
   185  		return nil, errors.WithMessage(err, "failed to encrypt")
   186  	}
   187  	return encData[:encDataLength], nil
   188  }
   189  
   190  // Encrypt encrypts a plaintext with a given mechanism.
   191  func (h *SDFHandle) SymDecrypt(keyHandle base.SessionHandle, mode uint, iv []byte, cipher []byte) ([]byte, error) {
   192  	session, err := h.getSession()
   193  	if err != nil {
   194  		return nil, fmt.Errorf("[SDF] error: fail to get session [%s]", err)
   195  	}
   196  	defer h.returnSession(err, session)
   197  	iv2 := make([]byte, len(iv))
   198  	copy(iv2, iv)
   199  	decdata, decdataLength, err := h.ctx.SDFDecrypt(session, keyHandle, mode, iv2, cipher, uint(len(cipher)))
   200  	if err != nil {
   201  		return nil, errors.WithMessage(err, "failed to decrypt")
   202  	}
   203  	return decdata[:decdataLength], nil
   204  }