pkcs11

package
v0.0.0-...-8f6a4c1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 4, 2019 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ContextHandle 

type ContextHandle struct {
	// contains filtered or unexported fields
}

ContextHandle encapsulate basic pkcs11.Ctx operations and manages sessions

func LoadContextAndLogin 

func LoadContextAndLogin(lib, pin, label string) (*ContextHandle, error)

LoadContextAndLogin loads Context handle and performs login

func LoadPKCS11ContextHandle 

func LoadPKCS11ContextHandle(lib, label, pin string, opts ...Options) (*ContextHandle, error)

LoadPKCS11ContextHandle loads PKCS11 context handler instance from underlying cache

func ReloadPKCS11ContextHandle 

func ReloadPKCS11ContextHandle(lib, label, pin string, opts ...Options) (*ContextHandle, error)

ReloadPKCS11ContextHandle deletes PKCS11 instance from underlying cache and loads new PKCS11 context handler in cache

func (*ContextHandle) CopyObject 

func (handle *ContextHandle) CopyObject(sh pkcs11.SessionHandle, o pkcs11.ObjectHandle, temp []*pkcs11.Attribute) (pkcs11.ObjectHandle, error)

CopyObject creates a copy of an object.

func (*ContextHandle) CreateObject 

func (handle *ContextHandle) CreateObject(session pkcs11.SessionHandle, temp []*pkcs11.Attribute) (pkcs11.ObjectHandle, error)

CreateObject creates a new object.

func (*ContextHandle) Decrypt 

func (handle *ContextHandle) Decrypt(session pkcs11.SessionHandle, cypher []byte) ([]byte, error)

Decrypt decrypts encrypted data in a single part.

func (*ContextHandle) DecryptInit 

func (handle *ContextHandle) DecryptInit(session pkcs11.SessionHandle, m []*pkcs11.Mechanism, o pkcs11.ObjectHandle) error

DecryptInit initializes a decryption operation.

func (*ContextHandle) DestroyObject 

func (handle *ContextHandle) DestroyObject(sh pkcs11.SessionHandle, oh pkcs11.ObjectHandle) error

DestroyObject destroys an object.

func (*ContextHandle) Encrypt 

func (handle *ContextHandle) Encrypt(session pkcs11.SessionHandle, message []byte) ([]byte, error)

Encrypt encrypts single-part data.

func (*ContextHandle) EncryptInit 

func (handle *ContextHandle) EncryptInit(session pkcs11.SessionHandle, m []*pkcs11.Mechanism, o pkcs11.ObjectHandle) error

EncryptInit initializes an encryption operation.

func (*ContextHandle) FindKeyPairFromSKI 

func (handle *ContextHandle) FindKeyPairFromSKI(session pkcs11.SessionHandle, ski []byte, keyType bool) (*pkcs11.ObjectHandle, error)

FindKeyPairFromSKI finds key pair by SKI

func (*ContextHandle) FindObjects 

func (handle *ContextHandle) FindObjects(session pkcs11.SessionHandle, max int) ([]pkcs11.ObjectHandle, bool, error)

FindObjects continues a search for token and session objects that match a template, obtaining additional object handles. The returned boolean indicates if the list would have been larger than max.

func (*ContextHandle) FindObjectsFinal 

func (handle *ContextHandle) FindObjectsFinal(session pkcs11.SessionHandle) error

FindObjectsFinal finishes a search for token and session objects.

func (*ContextHandle) FindObjectsInit 

func (handle *ContextHandle) FindObjectsInit(session pkcs11.SessionHandle, temp []*pkcs11.Attribute) error

FindObjectsInit initializes a search for token and session objects that match a template.

func (*ContextHandle) GenerateKey 

func (handle *ContextHandle) GenerateKey(session pkcs11.SessionHandle, m []*pkcs11.Mechanism, temp []*pkcs11.Attribute) (pkcs11.ObjectHandle, error)

GenerateKey generates a secret key, creating a new key object.

func (*ContextHandle) GenerateKeyPair 

func (handle *ContextHandle) GenerateKeyPair(session pkcs11.SessionHandle, m []*pkcs11.Mechanism, public, private []*pkcs11.Attribute) (pkcs11.ObjectHandle, pkcs11.ObjectHandle, error)

GenerateKeyPair generates a public-key/private-key pair creating new key objects.

func (*ContextHandle) GetAttributeValue 

func (handle *ContextHandle) GetAttributeValue(session pkcs11.SessionHandle, objectHandle pkcs11.ObjectHandle, attrs []*pkcs11.Attribute) ([]*pkcs11.Attribute, error)

GetAttributeValue obtains the value of one or more object attributes.

func (*ContextHandle) GetSession 

func (handle *ContextHandle) GetSession() (session pkcs11.SessionHandle)

GetSession returns session from session pool if pool is empty or completely in use, creates new session if new session is invalid recreates one after reloading ctx and re-login

func (*ContextHandle) Login 

func (handle *ContextHandle) Login(session pkcs11.SessionHandle) error

Login logs a user into a token

func (*ContextHandle) NotifyCtxReload 

func (handle *ContextHandle) NotifyCtxReload(ch chan struct{})

NotifyCtxReload registers a channel to get notification when underlying pkcs11.Ctx is recreated

func (*ContextHandle) OpenSession 

func (handle *ContextHandle) OpenSession() (pkcs11.SessionHandle, error)

OpenSession opens a session between an application and a token.

func (*ContextHandle) ReturnSession 

func (handle *ContextHandle) ReturnSession(session pkcs11.SessionHandle)

ReturnSession returns session back into the session pool if pool is pull or session is invalid then discards session

func (*ContextHandle) SetAttributeValue 

func (handle *ContextHandle) SetAttributeValue(session pkcs11.SessionHandle, objectHandle pkcs11.ObjectHandle, attrs []*pkcs11.Attribute) error

SetAttributeValue modifies the value of one or more object attributes

func (*ContextHandle) Sign 

func (handle *ContextHandle) Sign(session pkcs11.SessionHandle, message []byte) ([]byte, error)

Sign signs (encrypts with private key) data in a single part, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.

func (*ContextHandle) SignInit 

func (handle *ContextHandle) SignInit(session pkcs11.SessionHandle, m []*pkcs11.Mechanism, o pkcs11.ObjectHandle) error

SignInit initializes a signature (private key encryption) operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.

func (*ContextHandle) Verify 

func (handle *ContextHandle) Verify(session pkcs11.SessionHandle, data []byte, signature []byte) error

Verify verifies a signature in a single-part operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.

func (*ContextHandle) VerifyInit 

func (handle *ContextHandle) VerifyInit(session pkcs11.SessionHandle, m []*pkcs11.Mechanism, key pkcs11.ObjectHandle) error

VerifyInit initializes a verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature (e.g. DSA).

type Options 

type Options func(opts *ctxOpts)

Options for PKCS11 ContextHandle

func WithOpenSessionRetry 

func WithOpenSessionRetry(count int) Options

WithOpenSessionRetry number of retry for open session logic

func WithSessionCacheSize 

func WithSessionCacheSize(size int) Options

WithSessionCacheSize size of session cache pool

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.