Documentation
¶
Overview ¶
Package pkcs11 provides an ECDH implementation backed by an PKCS11 compatible token or HSM.
Index ¶
Constants ¶
const ( Curve25519OidRaw = "06032B656E" NoisePrivateKeySize = 32 NoisePublicKeySize = 32 )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type PKClient ¶
type PKClient struct {
HSMSession struct {
// contains filtered or unexported fields
}
}
func New ¶
Try to open a session with the HSM, select the slot and login to it A public and private key must already exist on the hsm The private and match public key must also be found during setup The private key must be the Curve25519 Algorithm, OID 1.3.101.110
func NewAskPin ¶
Alternate constructor that will not save the hsm pin and prompt the user for the pin number
func (*PKClient) DeriveNoise ¶
func (c *PKClient) DeriveNoise(peerPubKey [NoisePublicKeySize]byte) (secret [NoisePrivateKeySize]byte, err error)
Derive a shared secret using the input public key against the private key that was found during setup. Returns a fixed 32 byte array.
func (*PKClient) PublicKeyNoise ¶
func (c *PKClient) PublicKeyNoise() (key [NoisePublicKeySize]byte, err error)
Returns a 32 byte length key from the hsm. attempts to convert to a usable WG key
func (*PKClient) PublicKeyRaw ¶
Return the public key for the deriving key that was previously found. This will return whole raw value, it's up the caller to check the length. This will likely be the full EC_POINT. See PublicKeyNoise().
Source Files