Sign implements crypto.Signer Sign(). Signs the digest the with the private key and returns a byte signature.
(rand io.Reader, digest []byte, opts crypto.SignerOpts)
| 33 | |
| 34 | // Sign implements crypto.Signer Sign(). Signs the digest the with the private key and returns a byte signature. |
| 35 | func (k *P11ECDSAKey) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error) { |
| 36 | if len(digest) != opts.HashFunc().Size() { |
| 37 | return nil, fmt.Errorf("digest length does not equal hash function length") |
| 38 | } |
| 39 | |
| 40 | mech := []*pkcs11.Mechanism{ |
| 41 | pkcs11.NewMechanism(pkcs11.CKM_ECDSA, nil), |
| 42 | } |
| 43 | |
| 44 | err = k.ctx.SignInit(k.session, mech, k.privateKeyHandle) |
| 45 | if err != nil { |
| 46 | return nil, fmt.Errorf("sign init failed: %s", err) |
| 47 | } |
| 48 | |
| 49 | signature, err = k.ctx.Sign(k.session, digest) |
| 50 | if err != nil { |
| 51 | return nil, fmt.Errorf("sign failed: %s", err) |
| 52 | } |
| 53 | |
| 54 | type ECDSASignature struct{ R, S *big.Int } |
| 55 | |
| 56 | R := new(big.Int) |
| 57 | S := new(big.Int) |
| 58 | R.SetBytes(signature[0 : len(signature)/2]) |
| 59 | S.SetBytes(signature[len(signature)/2:]) |
| 60 | |
| 61 | return asn1.Marshal(ECDSASignature{R: R, S: S}) |
| 62 | } |