github.com/leonlxy/hyperledger@v1.0.0-alpha.0.20170427033203-34922035d248/bccsp/pkcs11/conf.go (about) 1 /* 2 Copyright IBM Corp. 2016 All Rights Reserved. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 package pkcs11 17 18 import ( 19 "crypto/sha256" 20 "crypto/sha512" 21 "encoding/asn1" 22 "fmt" 23 "hash" 24 25 "golang.org/x/crypto/sha3" 26 ) 27 28 type config struct { 29 keyStorePath string 30 securityLevel int 31 hashFamily string 32 33 ellipticCurve asn1.ObjectIdentifier 34 hashFunction func() hash.Hash 35 aesBitLength int 36 rsaBitLength int 37 } 38 39 func (conf *config) setSecurityLevel(securityLevel int, hashFamily string) (err error) { 40 switch hashFamily { 41 case "SHA2": 42 err = conf.setSecurityLevelSHA2(securityLevel) 43 case "SHA3": 44 err = conf.setSecurityLevelSHA3(securityLevel) 45 default: 46 err = fmt.Errorf("Hash Family not supported [%s]", hashFamily) 47 } 48 return 49 } 50 51 func (conf *config) setSecurityLevelSHA2(level int) (err error) { 52 switch level { 53 case 256: 54 conf.ellipticCurve = oidNamedCurveP256 55 conf.hashFunction = sha256.New 56 conf.rsaBitLength = 2048 57 conf.aesBitLength = 32 58 case 384: 59 conf.ellipticCurve = oidNamedCurveP384 60 conf.hashFunction = sha512.New384 61 conf.rsaBitLength = 3072 62 conf.aesBitLength = 32 63 default: 64 err = fmt.Errorf("Security level not supported [%d]", level) 65 } 66 return 67 } 68 69 func (conf *config) setSecurityLevelSHA3(level int) (err error) { 70 switch level { 71 case 256: 72 conf.ellipticCurve = oidNamedCurveP256 73 conf.hashFunction = sha3.New256 74 conf.rsaBitLength = 2048 75 conf.aesBitLength = 32 76 case 384: 77 conf.ellipticCurve = oidNamedCurveP384 78 conf.hashFunction = sha3.New384 79 conf.rsaBitLength = 3072 80 conf.aesBitLength = 32 81 default: 82 err = fmt.Errorf("Security level not supported [%d]", level) 83 } 84 return 85 } 86 87 // PKCS11Opts contains options for the P11Factory 88 type PKCS11Opts struct { 89 // Default algorithms when not specified (Deprecated?) 90 SecLevel int `mapstructure:"security" json:"security"` 91 HashFamily string `mapstructure:"hash" json:"hash"` 92 93 // Keystore options 94 Ephemeral bool `mapstructure:"tempkeys,omitempty" json:"tempkeys,omitempty"` 95 FileKeystore *FileKeystoreOpts `mapstructure:"filekeystore,omitempty" json:"filekeystore,omitempty"` 96 DummyKeystore *DummyKeystoreOpts `mapstructure:"dummykeystore,omitempty" json:"dummykeystore,omitempty"` 97 98 // PKCS11 options 99 Library string `mapstructure:"library" json:"library"` 100 Label string `mapstructure:"label" json:"label"` 101 Pin string `mapstructure:"pin" json:"pin"` 102 Sensitive bool `mapstructure:"sensitivekeys,omitempty" json:"sensitivekeys,omitempty"` 103 SoftVerify bool `mapstructure:"softwareverify,omitempty" json:"softwareverify,omitempty"` 104 } 105 106 // Since currently only ECDSA operations go to PKCS11, need a keystore still 107 // Pluggable Keystores, could add JKS, P12, etc.. 108 type FileKeystoreOpts struct { 109 KeyStorePath string `mapstructure:"keystore" json:"keystore" yaml:"KeyStore"` 110 } 111 112 type DummyKeystoreOpts struct{}