github.com/bigzoro/my_simplechain@v0.0.0-20240315012955-8ad0a2a29bb9/core/access_contoller/crypto/pkcs11/helper.go

github.com/bigzoro/my_simplechain@v0.0.0-20240315012955-8ad0a2a29bb9/core/access_contoller/crypto/pkcs11/helper.go (about)

     1  /*
     2  Copyright (C) BABEC. All rights reserved.
     3  Copyright (C) THL A29 Limited, a Tencent company. All rights reserved.
     4  
     5  SPDX-License-Identifier: Apache-2.0
     6  */
     7  
     8  package pkcs11
     9  
    10  import (
    11  	"fmt"
    12  
    13  	"github.com/miekg/pkcs11"
    14  	"github.com/pkg/errors"
    15  )
    16  
    17  func (p11 *P11Handle) findObjects(template []*pkcs11.Attribute, max int) ([]pkcs11.ObjectHandle, error) {
    18  	session, err := p11.getSession()
    19  	if err != nil {
    20  		return nil, fmt.Errorf("PKCS11 error: fail to get session [%s]", err)
    21  	}
    22  	defer p11.returnSession(err, session)
    23  
    24  	if err = p11.ctx.FindObjectsInit(session, template); err != nil {
    25  		return nil, err
    26  	}
    27  
    28  	if max <= 0 {
    29  		max = 100
    30  	}
    31  
    32  	objectHandles, _, err := p11.ctx.FindObjects(session, max)
    33  	if err != nil {
    34  		return nil, err
    35  	}
    36  
    37  	if err := p11.ctx.FindObjectsFinal(session); err != nil {
    38  		return nil, err
    39  	}
    40  
    41  	if len(objectHandles) == 0 {
    42  		return nil, errors.New("no objects found")
    43  	}
    44  
    45  	return objectHandles, nil
    46  }
    47  
    48  func (p11 *P11Handle) findObject(template []*pkcs11.Attribute) (*pkcs11.ObjectHandle, error) {
    49  	objects, err := p11.findObjects(template, 1)
    50  	if err != nil {
    51  		return nil, err
    52  	}
    53  	if len(objects) > 1 {
    54  		return nil, errors.New("too many objects matching template")
    55  	}
    56  	return &objects[0], nil
    57  }
    58  
    59  func (p11 *P11Handle) findPrivateKey(id []byte) (*pkcs11.ObjectHandle, error) {
    60  	if obj, err := p11.findPrivateKeyByLabel(id); err == nil {
    61  		return obj, nil
    62  	}
    63  	return p11.findPrivateKeyBySKI(id)
    64  }
    65  
    66  func (p11 *P11Handle) findPublicKey(id []byte) (*pkcs11.ObjectHandle, error) {
    67  	if obj, err := p11.findPublicKeyByLabel(id); err == nil {
    68  		return obj, nil
    69  	}
    70  	return p11.findPublicKeyBySKI(id)
    71  }
    72  
    73  func (p11 *P11Handle) findPrivateKeyByLabel(label []byte) (*pkcs11.ObjectHandle, error) {
    74  	template := []*pkcs11.Attribute{
    75  		pkcs11.NewAttribute(pkcs11.CKA_CLASS, pkcs11.CKO_PRIVATE_KEY),
    76  		pkcs11.NewAttribute(pkcs11.CKA_LABEL, label),
    77  	}
    78  	return p11.findObject(template)
    79  }
    80  
    81  func (p11 *P11Handle) findPublicKeyByLabel(label []byte) (*pkcs11.ObjectHandle, error) {
    82  	template := []*pkcs11.Attribute{
    83  		pkcs11.NewAttribute(pkcs11.CKA_CLASS, pkcs11.CKO_PUBLIC_KEY),
    84  		pkcs11.NewAttribute(pkcs11.CKA_LABEL, label),
    85  	}
    86  	return p11.findObject(template)
    87  }
    88  
    89  func (p11 *P11Handle) findPrivateKeyBySKI(ski []byte) (*pkcs11.ObjectHandle, error) {
    90  	template := []*pkcs11.Attribute{
    91  		pkcs11.NewAttribute(pkcs11.CKA_CLASS, pkcs11.CKO_PRIVATE_KEY),
    92  		pkcs11.NewAttribute(pkcs11.CKA_ID, ski),
    93  	}
    94  	return p11.findObject(template)
    95  }
    96  
    97  func (p11 *P11Handle) findPublicKeyBySKI(ski []byte) (*pkcs11.ObjectHandle, error) {
    98  	template := []*pkcs11.Attribute{
    99  		pkcs11.NewAttribute(pkcs11.CKA_CLASS, pkcs11.CKO_PUBLIC_KEY),
   100  		pkcs11.NewAttribute(pkcs11.CKA_ID, ski),
   101  	}
   102  	return p11.findObject(template)
   103  }
   104  
   105  func (p11 *P11Handle) findSecretKey(id []byte) (*pkcs11.ObjectHandle, error) {
   106  	template := []*pkcs11.Attribute{
   107  		pkcs11.NewAttribute(pkcs11.CKA_CLASS, pkcs11.CKO_SECRET_KEY),
   108  		pkcs11.NewAttribute(pkcs11.CKA_LABEL, id),
   109  	}
   110  	handle, err := p11.findObject(template)
   111  	if err == nil {
   112  		return handle, nil
   113  	}
   114  
   115  	template = []*pkcs11.Attribute{
   116  		pkcs11.NewAttribute(pkcs11.CKA_CLASS, pkcs11.CKO_SECRET_KEY),
   117  		pkcs11.NewAttribute(pkcs11.CKA_ID, id),
   118  	}
   119  	handle, err = p11.findObject(template)
   120  	if err == nil {
   121  		return handle, nil
   122  	}
   123  
   124  	return nil, err
   125  }
   126  
   127  // getAttributes returns key's attribute which corresponds to id
   128  func (p11 *P11Handle) getAttributes(id []byte, template []*pkcs11.Attribute) ([]*pkcs11.Attribute, error) {
   129  	session, err := p11.getSession()
   130  	if err != nil {
   131  		return nil, fmt.Errorf("PKCS11 error: fail to get session [%s]", err)
   132  	}
   133  	defer p11.returnSession(err, session)
   134  
   135  	obj, err := p11.findPublicKey(id)
   136  	if err != nil {
   137  		return nil, err
   138  	}
   139  
   140  	return p11.ctx.GetAttributeValue(session, *obj, template)
   141  }
   142  
   143  //func (p11 *P11Handle) getAttributesByPubKey(id []byte, template []*pkcs11.Attribute) ([]*pkcs11.Attribute, error) {
   144  //	session, err := p11.getSession()
   145  //	if err != nil {
   146  //		return nil, fmt.Errorf("PKCS11 error: fail to get session [%s]", err)
   147  //	}
   148  //	defer p11.returnSession(err, session)
   149  //
   150  //	obj, err := p11.findPublicKey(id)
   151  //	if err != nil {
   152  //		return nil, err
   153  //	}
   154  //
   155  //	return p11.ctx.GetAttributeValue(session, *obj, template)
   156  //}