in certstore/certstore_windows.go [371:441]
func (wpk *winPrivateKey) cngSignHash(hash crypto.Hash, digest []byte) ([]byte, error) {
if len(digest) != hash.Size() {
return nil, errors.New("bad digest for hash")
}
var (
// input
padPtr = unsafe.Pointer(nil)
digestPtr = (*C.BYTE)(&digest[0])
digestLen = C.DWORD(len(digest))
flags = C.DWORD(0)
// output
sigLen = C.DWORD(0)
)
// setup pkcs1v1.5 padding for RSA
if _, isRSA := wpk.publicKey.(*rsa.PublicKey); isRSA {
flags |= C.BCRYPT_PAD_PKCS1
padInfo := C.BCRYPT_PKCS1_PADDING_INFO{}
padPtr = unsafe.Pointer(&padInfo)
switch hash {
case crypto.SHA1:
padInfo.pszAlgId = BCRYPT_SHA1_ALGORITHM
case crypto.SHA256:
padInfo.pszAlgId = BCRYPT_SHA256_ALGORITHM
case crypto.SHA384:
padInfo.pszAlgId = BCRYPT_SHA384_ALGORITHM
case crypto.SHA512:
padInfo.pszAlgId = BCRYPT_SHA512_ALGORITHM
default:
return nil, ErrUnsupportedHash
}
}
// get signature length
if err := checkStatus(C.NCryptSignHash(wpk.cngHandle, padPtr, digestPtr, digestLen, nil, 0, &sigLen, flags)); err != nil {
return nil, errors.Wrap(err, "failed to get signature length")
}
// get signature
sig := make([]byte, sigLen)
sigPtr := (*C.BYTE)(&sig[0])
if err := checkStatus(C.NCryptSignHash(wpk.cngHandle, padPtr, digestPtr, digestLen, sigPtr, sigLen, &sigLen, flags)); err != nil {
return nil, errors.Wrap(err, "failed to sign digest")
}
// CNG returns a raw ECDSA signature, but we wan't ASN.1 DER encoding.
if _, isEC := wpk.publicKey.(*ecdsa.PublicKey); isEC {
if len(sig)%2 != 0 {
return nil, errors.New("bad ecdsa signature from CNG")
}
type ecdsaSignature struct {
R, S *big.Int
}
r := new(big.Int).SetBytes(sig[:len(sig)/2])
s := new(big.Int).SetBytes(sig[len(sig)/2:])
encoded, err := asn1.Marshal(ecdsaSignature{r, s})
if err != nil {
return nil, errors.Wrap(err, "failed to ASN.1 encode EC signature")
}
return encoded, nil
}
return sig, nil
}