pkcs11

package
v1.0.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 1, 2021 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ContextHandle

type ContextHandle struct {
	// contains filtered or unexported fields
}

ContextHandle encapsulate basic mPkcs11.Ctx operations and manages sessions

func LoadContextAndLogin

func LoadContextAndLogin(lib, pin, label string) (*ContextHandle, error)

LoadContextAndLogin loads Context handle and performs login

func LoadPKCS11ContextHandle

func LoadPKCS11ContextHandle(lib, label, pin string, opts ...Options) (*ContextHandle, error)

LoadPKCS11ContextHandle loads PKCS11 context handler instance from underlying cache

func ReloadPKCS11ContextHandle

func ReloadPKCS11ContextHandle(lib, label, pin string, opts ...Options) (*ContextHandle, error)

ReloadPKCS11ContextHandle deletes PKCS11 instance from underlying cache and loads new PKCS11 context handler in cache

func (*ContextHandle) CloseSession

func (handle *ContextHandle) CloseSession(session mPkcs11.SessionHandle) error

CloseSession closes session handle and clears cache entry

func (*ContextHandle) CopyObject

CopyObject creates a copy of an object.

func (*ContextHandle) CreateObject

func (handle *ContextHandle) CreateObject(session mPkcs11.SessionHandle, temp []*mPkcs11.Attribute) (mPkcs11.ObjectHandle, error)

CreateObject creates a new object.

func (*ContextHandle) Decrypt

func (handle *ContextHandle) Decrypt(session mPkcs11.SessionHandle, cypher []byte) ([]byte, error)

Decrypt decrypts encrypted data in a single part.

func (*ContextHandle) DecryptInit

func (handle *ContextHandle) DecryptInit(session mPkcs11.SessionHandle, m []*mPkcs11.Mechanism, o mPkcs11.ObjectHandle) error

DecryptInit initializes a decryption operation.

func (*ContextHandle) DestroyObject

func (handle *ContextHandle) DestroyObject(sh mPkcs11.SessionHandle, oh mPkcs11.ObjectHandle) error

DestroyObject destroys an object.

func (*ContextHandle) Encrypt

func (handle *ContextHandle) Encrypt(session mPkcs11.SessionHandle, message []byte) ([]byte, error)

Encrypt encrypts single-part data.

func (*ContextHandle) EncryptInit

func (handle *ContextHandle) EncryptInit(session mPkcs11.SessionHandle, m []*mPkcs11.Mechanism, o mPkcs11.ObjectHandle) error

EncryptInit initializes an encryption operation.

func (*ContextHandle) FindKeyPairFromSKI

func (handle *ContextHandle) FindKeyPairFromSKI(session mPkcs11.SessionHandle, ski []byte, keyType bool) (*mPkcs11.ObjectHandle, error)

FindKeyPairFromSKI finds key pair by SKI

func (*ContextHandle) FindObjects

func (handle *ContextHandle) FindObjects(session mPkcs11.SessionHandle, max int) ([]mPkcs11.ObjectHandle, bool, error)

FindObjects continues a search for token and session objects that match a template, obtaining additional object handles. The returned boolean indicates if the list would have been larger than max.

func (*ContextHandle) FindObjectsFinal

func (handle *ContextHandle) FindObjectsFinal(session mPkcs11.SessionHandle) error

FindObjectsFinal finishes a search for token and session objects.

func (*ContextHandle) FindObjectsInit

func (handle *ContextHandle) FindObjectsInit(session mPkcs11.SessionHandle, temp []*mPkcs11.Attribute) error

FindObjectsInit initializes a search for token and session objects that match a template.

func (*ContextHandle) GenerateKey

func (handle *ContextHandle) GenerateKey(session mPkcs11.SessionHandle, m []*mPkcs11.Mechanism, temp []*mPkcs11.Attribute) (mPkcs11.ObjectHandle, error)

GenerateKey generates a secret key, creating a new key object.

func (*ContextHandle) GenerateKeyPair

func (handle *ContextHandle) GenerateKeyPair(session mPkcs11.SessionHandle, m []*mPkcs11.Mechanism, public, private []*mPkcs11.Attribute) (mPkcs11.ObjectHandle, mPkcs11.ObjectHandle, error)

GenerateKeyPair generates a public-key/private-key pair creating new key objects.

func (*ContextHandle) GetAttributeValue

func (handle *ContextHandle) GetAttributeValue(session mPkcs11.SessionHandle, objectHandle mPkcs11.ObjectHandle, attrs []*mPkcs11.Attribute) ([]*mPkcs11.Attribute, error)

GetAttributeValue obtains the value of one or more object attributes.

func (*ContextHandle) GetSession

func (handle *ContextHandle) GetSession() (session mPkcs11.SessionHandle)

GetSession returns session from session pool if pool is empty or completely in use, creates new session if new session is invalid recreates one after reloading ctx and re-login

func (*ContextHandle) Login

func (handle *ContextHandle) Login(session mPkcs11.SessionHandle) error

Login logs a user into a token

func (*ContextHandle) NotifyCtxReload

func (handle *ContextHandle) NotifyCtxReload(ch chan struct{})

NotifyCtxReload registers a channel to get notification when underlying mPkcs11.Ctx is recreated

func (*ContextHandle) OpenSession

func (handle *ContextHandle) OpenSession() (mPkcs11.SessionHandle, error)

OpenSession opens a session between an application and a token.

func (*ContextHandle) ReturnSession

func (handle *ContextHandle) ReturnSession(session mPkcs11.SessionHandle)

ReturnSession returns session back into the session pool if pool is pull or session is invalid then discards session

func (*ContextHandle) SetAttributeValue

func (handle *ContextHandle) SetAttributeValue(session mPkcs11.SessionHandle, objectHandle mPkcs11.ObjectHandle, attrs []*mPkcs11.Attribute) error

SetAttributeValue modifies the value of one or more object attributes

func (*ContextHandle) Sign

func (handle *ContextHandle) Sign(session mPkcs11.SessionHandle, message []byte) ([]byte, error)

Sign signs (encrypts with private key) data in a single part, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.

func (*ContextHandle) SignInit

func (handle *ContextHandle) SignInit(session mPkcs11.SessionHandle, m []*mPkcs11.Mechanism, o mPkcs11.ObjectHandle) error

SignInit initializes a signature (private key encryption) operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.

func (*ContextHandle) Verify

func (handle *ContextHandle) Verify(session mPkcs11.SessionHandle, data []byte, signature []byte) error

Verify verifies a signature in a single-part operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.

func (*ContextHandle) VerifyInit

func (handle *ContextHandle) VerifyInit(session mPkcs11.SessionHandle, m []*mPkcs11.Mechanism, key mPkcs11.ObjectHandle) error

VerifyInit initializes a verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature (e.g. DSA).

type Options

type Options func(opts *ctxOpts)

Options for PKCS11 ContextHandle

func WithConnectionName

func WithConnectionName(name string) Options

WithConnectionName name of connection to avoild collision with other connection instances in cache under same label and lib

func WithOpenSessionRetry

func WithOpenSessionRetry(count int) Options

WithOpenSessionRetry number of retry for open session logic

func WithSessionCacheSize

func WithSessionCacheSize(size int) Options

WithSessionCacheSize size of session cache pool

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL