github.com/true-sqn/fabric@v2.1.1+incompatible/bccsp/pkcs11/conf.go

github.com/true-sqn/fabric@v2.1.1+incompatible/bccsp/pkcs11/conf.go (about)

     1  /*
     2  Copyright IBM Corp. All Rights Reserved.
     3  
     4  SPDX-License-Identifier: Apache-2.0
     5  */
     6  
     7  package pkcs11
     8  
     9  import (
    10  	"crypto/sha256"
    11  	"crypto/sha512"
    12  	"encoding/asn1"
    13  	"fmt"
    14  	"hash"
    15  
    16  	"golang.org/x/crypto/sha3"
    17  )
    18  
    19  type config struct {
    20  	ellipticCurve asn1.ObjectIdentifier
    21  	hashFunction  func() hash.Hash
    22  	aesBitLength  int
    23  }
    24  
    25  func (conf *config) setSecurityLevel(securityLevel int, hashFamily string) (err error) {
    26  	switch hashFamily {
    27  	case "SHA2":
    28  		err = conf.setSecurityLevelSHA2(securityLevel)
    29  	case "SHA3":
    30  		err = conf.setSecurityLevelSHA3(securityLevel)
    31  	default:
    32  		err = fmt.Errorf("Hash Family not supported [%s]", hashFamily)
    33  	}
    34  	return
    35  }
    36  
    37  func (conf *config) setSecurityLevelSHA2(level int) (err error) {
    38  	switch level {
    39  	case 256:
    40  		conf.ellipticCurve = oidNamedCurveP256
    41  		conf.hashFunction = sha256.New
    42  		conf.aesBitLength = 32
    43  	case 384:
    44  		conf.ellipticCurve = oidNamedCurveP384
    45  		conf.hashFunction = sha512.New384
    46  		conf.aesBitLength = 32
    47  	default:
    48  		err = fmt.Errorf("Security level not supported [%d]", level)
    49  	}
    50  	return
    51  }
    52  
    53  func (conf *config) setSecurityLevelSHA3(level int) (err error) {
    54  	switch level {
    55  	case 256:
    56  		conf.ellipticCurve = oidNamedCurveP256
    57  		conf.hashFunction = sha3.New256
    58  		conf.aesBitLength = 32
    59  	case 384:
    60  		conf.ellipticCurve = oidNamedCurveP384
    61  		conf.hashFunction = sha3.New384
    62  		conf.aesBitLength = 32
    63  	default:
    64  		err = fmt.Errorf("Security level not supported [%d]", level)
    65  	}
    66  	return
    67  }
    68  
    69  // PKCS11Opts contains options for the P11Factory
    70  type PKCS11Opts struct {
    71  	// Default algorithms when not specified (Deprecated?)
    72  	SecLevel   int    `mapstructure:"security" json:"security"`
    73  	HashFamily string `mapstructure:"hash" json:"hash"`
    74  
    75  	// Keystore options
    76  	Ephemeral bool `mapstructure:"tempkeys,omitempty" json:"tempkeys,omitempty"`
    77  
    78  	// PKCS11 options
    79  	Library    string `mapstructure:"library" json:"library"`
    80  	Label      string `mapstructure:"label" json:"label"`
    81  	Pin        string `mapstructure:"pin" json:"pin"`
    82  	SoftVerify bool   `mapstructure:"softwareverify,omitempty" json:"softwareverify,omitempty"`
    83  	Immutable  bool   `mapstructure:"immutable,omitempty" json:"immutable,omitempty"`
    84  }