Skip to content

Commit

Permalink
feat: save derive label
Browse files Browse the repository at this point in the history
  • Loading branch information
@k-matsuzawa
k-matsuzawa committed Jan 12, 2024
1 parent 5ab5818 commit a71d4bb
Show file tree
Hide file tree
Showing 5 changed files with 44 additions and 28 deletions.
4 changes: 4 additions & 0 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,10 @@ generate:
$(eval BIN:=$(abspath .bin))
GOBIN="$(BIN)" go generate ./...

generate-local:
$(eval BIN:=$(abspath .bin))
PATH="${PATH}:${BIN}" GOBIN="$(BIN)" go generate ./...

.PHONY: format
format:
./.bin/goimports -w .
Expand Down
56 changes: 30 additions & 26 deletions apis/pkcs11/mock/pkcs11.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 5 additions & 2 deletions apis/pkcs11/pkcs11.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,7 @@ type Pkcs11 interface {
session pkcs11.SessionHandle,
masterXprivHandle pkcs11.ObjectHandle,
path []uint32,
skLabel string,
) (pubkeyHandle pkcs11.ObjectHandle, privkeyHandle pkcs11.ObjectHandle, err error)
DeriveEcKey(
ctx context.Context,
Expand Down Expand Up @@ -537,6 +538,7 @@ func (p *pkcs11Api) DeriveKeyPairWithBIP32(
session pkcs11.SessionHandle,
masterXprivHandle pkcs11.ObjectHandle,
path []uint32,
skLabel string,
) (pubkeyHandle pkcs11.ObjectHandle, privkeyHandle pkcs11.ObjectHandle, err error) {
pubKeyAttr := []*pkcs11.Attribute{
pkcs11.NewAttribute(pkcs11.CKA_TOKEN, false),
Expand All @@ -546,7 +548,8 @@ func (p *pkcs11Api) DeriveKeyPairWithBIP32(
pkcs11.NewAttribute(pkcs11.CKA_MODIFIABLE, false),
}
privKeyAttr := []*pkcs11.Attribute{
pkcs11.NewAttribute(pkcs11.CKA_TOKEN, false),
pkcs11.NewAttribute(pkcs11.CKA_TOKEN, (skLabel != "")),
pkcs11.NewAttribute(pkcs11.CKA_LABEL, skLabel),
pkcs11.NewAttribute(pkcs11.CKA_PRIVATE, true),
pkcs11.NewAttribute(pkcs11.CKA_DECRYPT, true),
pkcs11.NewAttribute(pkcs11.CKA_SIGN, true),
Expand All @@ -572,7 +575,7 @@ func (p *pkcs11Api) DeriveEcKey(
valueLen int,
) (privkey []byte, err error) {
// sharedData := make([]byte, 32)
mechData := pkcs11.NewECDH1DeriveParams(pkcs11.CKD_NULL, nil, data)
mechData := pkcs11.NewECDH1DeriveParams(pkcs11.CKD_SHA256_KDF, nil, data)
mech := []*pkcs11.Mechanism{pkcs11.NewMechanism(pkcs11.CKM_ECDH1_DERIVE, mechData)}
logInfo(ctx, "call DeriveKey")

Expand Down
2 changes: 2 additions & 0 deletions const.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -720,4 +720,6 @@ const (
CKF_EXCLUDE_CHALLENGE = 0x00000008
CKF_EXCLUDE_PIN = 0x00000010
CKF_USER_FRIENDLY_OTP = 0x00000020

CKR_ECC_POINT_INVALID = 0x8000002F
)
3 changes: 3 additions & 0 deletions error.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,4 +95,7 @@ var strerror = map[uint]string{
0x000001B1: "CKR_NEXT_OTP",
0x00000200: "CKR_FUNCTION_REJECTED",
0x80000000: "CKR_VENDOR_DEFINED",

// for thales HSM
0x8000002F: "CKR_ECC_POINT_INVALID",
}

0 comments on commit a71d4bb

Please sign in to comment.