github.com/hellobchain/third_party@v0.0.0-20230331131523-deb0478a2e52/hyperledger/fabric/bccsp/pkcs11/conf.go

github.com/hellobchain/third_party@v0.0.0-20230331131523-deb0478a2e52/hyperledger/fabric/bccsp/pkcs11/conf.go (about)

     1  /*
     2  Copyright IBM Corp. All Rights Reserved.
     3  
     4  SPDX-License-Identifier: Apache-2.0
     5  */
     6  
     7  package pkcs11
     8  
     9  import (
    10  	"crypto/sha256"
    11  	"crypto/sha512"
    12  	"encoding/asn1"
    13  	"fmt"
    14  	"hash"
    15  
    16  	"golang.org/x/crypto/sha3"
    17  )
    18  
    19  type config struct {
    20  	ellipticCurve asn1.ObjectIdentifier
    21  	hashFunction  func() hash.Hash
    22  	aesBitLength  int
    23  	rsaBitLength  int
    24  }
    25  
    26  func (conf *config) setSecurityLevel(securityLevel int, hashFamily string) (err error) {
    27  	switch hashFamily {
    28  	case "SHA2":
    29  		err = conf.setSecurityLevelSHA2(securityLevel)
    30  	case "SHA3":
    31  		err = conf.setSecurityLevelSHA3(securityLevel)
    32  	default:
    33  		err = fmt.Errorf("Hash Family not supported [%s]", hashFamily)
    34  	}
    35  	return
    36  }
    37  
    38  func (conf *config) setSecurityLevelSHA2(level int) (err error) {
    39  	switch level {
    40  	case 256:
    41  		conf.ellipticCurve = oidNamedCurveP256
    42  		conf.hashFunction = sha256.New
    43  		conf.rsaBitLength = 2048
    44  		conf.aesBitLength = 32
    45  	case 384:
    46  		conf.ellipticCurve = oidNamedCurveP384
    47  		conf.hashFunction = sha512.New384
    48  		conf.rsaBitLength = 3072
    49  		conf.aesBitLength = 32
    50  	default:
    51  		err = fmt.Errorf("Security level not supported [%d]", level)
    52  	}
    53  	return
    54  }
    55  
    56  func (conf *config) setSecurityLevelSHA3(level int) (err error) {
    57  	switch level {
    58  	case 256:
    59  		conf.ellipticCurve = oidNamedCurveP256
    60  		conf.hashFunction = sha3.New256
    61  		conf.rsaBitLength = 2048
    62  		conf.aesBitLength = 32
    63  	case 384:
    64  		conf.ellipticCurve = oidNamedCurveP384
    65  		conf.hashFunction = sha3.New384
    66  		conf.rsaBitLength = 3072
    67  		conf.aesBitLength = 32
    68  	default:
    69  		err = fmt.Errorf("Security level not supported [%d]", level)
    70  	}
    71  	return
    72  }
    73  
    74  // PKCS11Opts contains options for the P11Factory
    75  type PKCS11Opts struct {
    76  	// Default algorithms when not specified (Deprecated?)
    77  	SecLevel   int    `mapstructure:"security" json:"security"`
    78  	HashFamily string `mapstructure:"hash" json:"hash"`
    79  
    80  	// Keystore options
    81  	Ephemeral     bool               `mapstructure:"tempkeys,omitempty" json:"tempkeys,omitempty"`
    82  	FileKeystore  *FileKeystoreOpts  `mapstructure:"filekeystore,omitempty" json:"filekeystore,omitempty"`
    83  	DummyKeystore *DummyKeystoreOpts `mapstructure:"dummykeystore,omitempty" json:"dummykeystore,omitempty"`
    84  
    85  	// PKCS11 options
    86  	Library    string `mapstructure:"library" json:"library"`
    87  	Label      string `mapstructure:"label" json:"label"`
    88  	Pin        string `mapstructure:"pin" json:"pin"`
    89  	SoftVerify bool   `mapstructure:"softwareverify,omitempty" json:"softwareverify,omitempty"`
    90  	Immutable  bool   `mapstructure:"immutable,omitempty" json:"immutable,omitempty"`
    91  	AltId      string `mapstructure:"altid" json:"altid"`
    92  }
    93  
    94  // FileKeystoreOpts currently only ECDSA operations go to PKCS11, need a keystore still
    95  // Pluggable Keystores, could add JKS, P12, etc..
    96  type FileKeystoreOpts struct {
    97  	KeyStorePath string `mapstructure:"keystore" json:"keystore" yaml:"KeyStore"`
    98  }
    99  
   100  // DummyKeystoreOpts is placeholder for testing purposes
   101  type DummyKeystoreOpts struct{}