pkcs11

package
v2.3.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 30, 2024 License: Apache-2.0 Imports: 30 Imported by: 7

Documentation

Index

Constants

View Source
const (
	CKK_VENDOR_DEFINED = pkcs11.CKK_VENDOR_DEFINED
	CKM_VENDOR_DEFINED = pkcs11.CKM_VENDOR_DEFINED
)
View Source
const (
	CKK_SM2 = (CKK_VENDOR_DEFINED + 4)
	CKK_SM3 = (CKK_VENDOR_DEFINED + 5)

	CKM_SM2                = (CKM_VENDOR_DEFINED + 0x8000)
	CKM_SM2_KEY_PAIR_GEN   = (CKM_SM2 + 0x00000001)
	CKM_SM3_SM2            = (CKM_SM2 + 0x00000100)
	CKM_SM3_SM2_DER        = (CKM_SM2 + 0x00000101)
	CKM_SM3_SM2_APPID1     = (CKM_SM2 + 0x00000102)
	CKM_SM3_SM2_APPID1_DER = (CKM_SM2 + 0x00000103)
	CKM_SM3_SM2_Z          = CKM_SM3_SM2_APPID1
	CKM_SM3_SM2_Z_DER      = CKM_SM3_SM2_APPID1_DER
	CKM_SM2_SIGN           = (CKM_SM2 + 0x00000104)
	CKM_SM2_SIGN_NO_DER    = (CKM_SM2 + 0x00000105)

	CKM_SM2_RAW         = (CKM_SM2 + 0x00000200)
	CKM_SM2_CIPHER_DER  = (CKM_SM2 + 0x00000201)
	CKM_SM2_RAW_DER     = CKM_SM2_CIPHER_DER
	CKM_SHA_160_SM2     = (CKM_SM2 + 0x00000300)
	CKM_SM2_SHA_160     = CKM_SHA_160_SM2
	CKM_SHA_160_SM2_DER = (CKM_SM2 + 0x00000301)
	CKM_SM2_SHA1        = CKM_SHA_160_SM2
	CKM_SM2_SHA1_DER    = CKM_SHA_160_SM2_DER
	CKM_SHA_256_SM2     = (CKM_SM2 + 0x00000400)
	CKM_SM2_SHA_256     = CKM_SHA_256_SM2
	CKM_SHA_256_SM2_DER = (CKM_SM2 + 0x00000401)

	CKM_SM3          = (CKM_VENDOR_DEFINED + 0x9000)
	CKM_SM3_HASH     = (CKM_SM3 + 0x00000001)
	CKM_SM3_HASH_JIT = (CKK_VENDOR_DEFINED + 5)

	CKM_SM4_KEY_GEN = (CKM_VENDOR_DEFINED + 0x00000107)
	CKM_SM4_ECB     = (CKM_VENDOR_DEFINED + 0x00000108)
	CKM_SM4_CBC     = (CKM_VENDOR_DEFINED + 0x00000109)
	CKM_SM4_CTR     = (CKM_VENDOR_DEFINED + 0x0000010A)
	CKM_SM4_XTS     = (CKM_VENDOR_DEFINED + 0x0000010B)
	CKM_AES_XTS     = (CKM_VENDOR_DEFINED + 0x0000010C)
	CKM_SM4         = (CKM_VENDOR_DEFINED + 0xA000)
	CKM_SM4_ECB_PAD = (CKM_SM4 + 0x0101)
	CKM_SM4_CBC_PAD = (CKM_SM4 + 0x0201)
)

Variables

This section is empty.

Functions

func GenKeyPair added in v2.1.0

func GenKeyPair(p11 *P11Handle, keyId string, keyType bccrypto.KeyType, opts *GenOpts) (bccrypto.PrivateKey, error)

func GenSecretKey added in v2.1.0

func GenSecretKey(p11 *P11Handle, keyId string, keyType bccrypto.KeyType, keySize int) (bccrypto.SymmetricKey, error)

GenSecretKey generate a new pkcs11 secret key

func GenerateBytesOTP added in v2.1.0

func GenerateBytesOTP(p11 *P11Handle, length int) ([]byte, error)

func GenerateOTP added in v2.1.0

func GenerateOTP(p11 *P11Handle, length int) (string, error)

func NewAESKey added in v2.1.0

func NewAESKey(ctx *P11Handle, keyId []byte) (bccrypto.SymmetricKey, error)

func NewP11ECDSAPrivateKey added in v2.1.0

func NewP11ECDSAPrivateKey(p11 *P11Handle, keyId []byte, keyType P11KeyType) (bccrypto.PrivateKey, error)

func NewP11RSAPrivateKey added in v2.1.0

func NewP11RSAPrivateKey(p11 *P11Handle, keyId []byte, keyType P11KeyType) (bccrypto.PrivateKey, error)

func NewPrivateKey

func NewPrivateKey(p11 *P11Handle, keyId string, keyType bccrypto.KeyType) (bccrypto.PrivateKey, error)

NewPrivateKey returns a crypto PrivateKey which wraps a pkcs11 private key

func NewSM4Key added in v2.1.0

func NewSM4Key(ctx *P11Handle, keyId []byte) (bccrypto.SymmetricKey, error)

func NewSecretKey added in v2.1.0

func NewSecretKey(p11 *P11Handle, keyId string, keyType bccrypto.KeyType) (bccrypto.SymmetricKey, error)

NewSecretKey returns a crypto SymmetricKey which wraps a pkcs11 secret key

Types

type GenOpts added in v2.1.0

type GenOpts struct {
	KeyBits     int
	CurveParams string
}

type P11Handle

type P11Handle struct {
	// contains filtered or unexported fields
}

func New

func New(lib string, label string, password string, sessionCacheSize int, hash string) (*P11Handle, error)

func (*P11Handle) Decrypt added in v2.1.0

func (p11 *P11Handle) Decrypt(obj pkcs11.ObjectHandle, mech *pkcs11.Mechanism, cipher []byte) ([]byte, error)

Decrypt decrypts the input with a given mechanism.

func (*P11Handle) Encrypt added in v2.1.0

func (p11 *P11Handle) Encrypt(obj pkcs11.ObjectHandle, mech *pkcs11.Mechanism, plain []byte) ([]byte, error)

Encrypt encrypts a plaintext with a given mechanism.

func (*P11Handle) ExportECDSAPublicKey added in v2.1.0

func (p11 *P11Handle) ExportECDSAPublicKey(id []byte, keyType P11KeyType) (interface{}, error)

ExportECDSAPublicKey export a ecdsa/sm2 public key of pkcs11 ecdsa/sm2 private key

func (*P11Handle) ExportRSAPublicKey added in v2.1.0

func (p11 *P11Handle) ExportRSAPublicKey(id []byte) (*rsa.PublicKey, error)

ExportRSAPublicKey export a rsa public key of pkcs11 rsa private key

func (*P11Handle) GenKeyPair added in v2.1.0

func (p11 *P11Handle) GenKeyPair(mech *pkcs11.Mechanism, privAttrs,
	pubAttrs []*pkcs11.Attribute) (pri, pub *pkcs11.ObjectHandle, err error)

GenKeyPair returns asym keypair

func (*P11Handle) GenerateKey added in v2.1.0

func (p11 *P11Handle) GenerateKey(mech *pkcs11.Mechanism, attrs []*pkcs11.Attribute) (*pkcs11.ObjectHandle, error)

GenerateKey returns sym key

func (*P11Handle) GenerateRandom added in v2.1.0

func (p11 *P11Handle) GenerateRandom(length int) ([]byte, error)

func (*P11Handle) GetPublicKeySKI

func (p11 *P11Handle) GetPublicKeySKI(pk bccrypto.PublicKey) ([]byte, error)

func (*P11Handle) Sign added in v2.1.0

func (p11 *P11Handle) Sign(obj pkcs11.ObjectHandle, mech *pkcs11.Mechanism, msg []byte) ([]byte, error)

Sign signs the input with a given mechanism.

func (*P11Handle) Verify added in v2.1.0

func (p11 *P11Handle) Verify(obj pkcs11.ObjectHandle, mech *pkcs11.Mechanism, msg, sig []byte) error

Verify verifies a signature over a message with a given mechanism.

type P11KeyType added in v2.1.0

type P11KeyType string
const (
	RSA   P11KeyType = "RSA"
	ECDSA P11KeyType = "ECDSA"
	SM2   P11KeyType = "SM2"

	AES P11KeyType = "AES"
	SM4 P11KeyType = "SM4"

	UNKNOWN P11KeyType = "UNKNOWN"
)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL