crypto.go

Documentation: github.com/miekg/pkcs11/p11

     1  package p11
     2  
     3  import "github.com/miekg/pkcs11"
     4  
     5  // PublicKey is an Object representing a public key. Since any object can be cast to a
     6  // PublicKey, it is the user's responsibility to ensure that the object is
     7  // actually a public key. For instance, if you use a FindObjects template that
     8  // includes CKA_CLASS: CKO_PUBLIC_KEY, you can be confident the resulting object
     9  // is a public key.
    10  type PublicKey Object
    11  
    12  // PrivateKey is an Object representing a private key. Since any object can be cast to a
    13  // PrivateKey, it is the user's responsibility to ensure that the object is
    14  // actually a private key.
    15  type PrivateKey Object
    16  
    17  // Decrypt decrypts the input with a given mechanism.
    18  func (priv PrivateKey) Decrypt(mechanism pkcs11.Mechanism, ciphertext []byte) ([]byte, error) {
    19  	s := priv.session
    20  	s.Lock()
    21  	defer s.Unlock()
    22  	err := s.ctx.DecryptInit(s.handle, []*pkcs11.Mechanism{&mechanism}, priv.objectHandle)
    23  	if err != nil {
    24  		return nil, err
    25  	}
    26  	out, err := s.ctx.Decrypt(s.handle, ciphertext)
    27  	if err != nil {
    28  		return nil, err
    29  	}
    30  	return out, nil
    31  }
    32  
    33  // Sign signs the input with a given mechanism.
    34  func (priv PrivateKey) Sign(mechanism pkcs11.Mechanism, message []byte) ([]byte, error) {
    35  	s := priv.session
    36  	s.Lock()
    37  	defer s.Unlock()
    38  	err := s.ctx.SignInit(s.handle, []*pkcs11.Mechanism{&mechanism}, priv.objectHandle)
    39  	if err != nil {
    40  		return nil, err
    41  	}
    42  	out, err := s.ctx.Sign(s.handle, message)
    43  	if err != nil {
    44  		return nil, err
    45  	}
    46  	return out, nil
    47  }
    48  
    49  // Verify verifies a signature over a message with a given mechanism.
    50  func (pub PublicKey) Verify(mechanism pkcs11.Mechanism, message, signature []byte) error {
    51  	s := pub.session
    52  	s.Lock()
    53  	defer s.Unlock()
    54  	err := s.ctx.VerifyInit(s.handle, []*pkcs11.Mechanism{&mechanism}, pub.objectHandle)
    55  	if err != nil {
    56  		return err
    57  	}
    58  	err = s.ctx.Verify(s.handle, message, signature)
    59  	if err != nil {
    60  		return err
    61  	}
    62  	return nil
    63  }
    64  
    65  // Encrypt encrypts a plaintext with a given mechanism.
    66  func (pub PublicKey) Encrypt(mechanism pkcs11.Mechanism, plaintext []byte) ([]byte, error) {
    67  	s := pub.session
    68  	s.Lock()
    69  	defer s.Unlock()
    70  	err := s.ctx.EncryptInit(s.handle, []*pkcs11.Mechanism{&mechanism}, pub.objectHandle)
    71  	if err != nil {
    72  		return nil, err
    73  	}
    74  	out, err := s.ctx.Encrypt(s.handle, plaintext)
    75  	if err != nil {
    76  		return nil, err
    77  	}
    78  	return out, nil
    79  }
    80
View as plain text