no function Generate ECDH key using opponent's public key and local private key in GO language pkcs11

Open akidongzi opened this issue 1 year ago • 1 comments

Dec 16 '24 07:12 akidongzi

func deriveECDHSharedSecret(c *pkcs11.Ctx, session pkcs11.SessionHandle, privateKey pkcs11.ObjectHandle, peerPublicKey []byte) ([]byte, error) { //formattedPubKey, err := formatECDHPublicKey(peerPublicKey) //if err != nil { // return nil, fmt.Errorf("failed to format peer public key: %v", err) //}

deriveTemplate := []*pkcs11.Attribute{
	pkcs11.NewAttribute(pkcs11.CKA_TOKEN, false),
	pkcs11.NewAttribute(pkcs11.CKA_SENSITIVE, false),
	pkcs11.NewAttribute(pkcs11.CKA_PRIVATE, false),
	pkcs11.NewAttribute(pkcs11.CKA_ENCRYPT, true),
	pkcs11.NewAttribute(pkcs11.CKA_DECRYPT, true),
	pkcs11.NewAttribute(pkcs11.CKA_SIGN, true),
	pkcs11.NewAttribute(pkcs11.CKA_VERIFY, true),
	pkcs11.NewAttribute(pkcs11.CKA_WRAP, true),
	pkcs11.NewAttribute(pkcs11.CKA_UNWRAP, true),
	//pkcs11.NewAttribute(pkcs11.CKA_CLASS, pkcs11.CKO_SECRET_KEY),
	pkcs11.NewAttribute(pkcs11.CKA_KEY_TYPE, pkcs11.CKK_DES3),
	pkcs11.NewAttribute(pkcs11.CKA_VALUE_LEN, 16),
	pkcs11.NewAttribute(pkcs11.CKA_DERIVE, true),
}

params := pkcs11.NewECDH1DeriveParams(pkcs11.CKD_NULL, nil, peerPublicKey)
sharedSecret, err := c.DeriveKey(session, []*pkcs11.Mechanism{pkcs11.NewMechanism(pkcs11.CKM_ECDH1_DERIVE, params)}, privateKey, deriveTemplate)
if err != nil {
	return nil, fmt.Errorf("failed to derive key: %v", err)
}

template := []*pkcs11.Attribute{pkcs11.NewAttribute(pkcs11.CKA_VALUE, nil)}
attributes, err := c.GetAttributeValue(session, sharedSecret, template)
if err != nil {
	return nil, fmt.Errorf("failed to get shared secret value: %v", err)
}

if len(attributes) == 0 || attributes[0].Value == nil {
	return nil, fmt.Errorf("no value returned for shared secret")
}

return attributes[0].Value, nil

} always show error :pkcs11: 0x71: CKR_MECHANISM_PARAM_INVALID， how to do it

Dec 20 '24 03:12 akidongzi