pkcs11

package
v1.10.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 30, 2021 License: Apache-2.0 Imports: 23 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewCertSign

func NewCertSign(ctx context.Context, pkcs11ModulePath string, keys []config.KeyConfig, requireX509CACert map[string]bool, hostname string, ips []net.IP) (crypki.CertSign, error)

NewCertSign initializes a CertSign object that interacts with PKCS11 compliant device.

Types

type Config

type Config struct {
	// Keys are a map of key identifier and info
	Keys map[crypki.SignType]KeyInfo
	// ModulePath is the path of pkcs11 module
	ModulePath string
}

Config is the config struct used in pkcs11

type KeyInfo

type KeyInfo struct {
	// SlotNumber indicates slot number on the HSM
	SlotNumber uint
	// TokenLabel indicates token label on the HSM
	TokenLabel string
	// UserPinPath indicates the filepath which contains the pin to login
	// to the specified slot.
	UserPinPath string
	// KeyLabel indicates the label of the key on the slot
	KeyLabel string
	// SignersPerPool is the number of signers we assign on a specific key
	SignersPerPool int
	// KeyType specifies the type of key, such as RSA or ECDSA.
	KeyType crypki.PublicKeyAlgorithm
}

KeyInfo contains the info of specific key

type PKCS11Ctx

type PKCS11Ctx interface {
	GetAttributeValue(p11.SessionHandle, p11.ObjectHandle, []*p11.Attribute) ([]*p11.Attribute, error)
	SignInit(p11.SessionHandle, []*p11.Mechanism, p11.ObjectHandle) error
	Sign(p11.SessionHandle, []byte) ([]byte, error)
	Login(p11.SessionHandle, uint, string) error
	GenerateRandom(p11.SessionHandle, int) ([]byte, error)
	FindObjectsInit(sh p11.SessionHandle, temp []*p11.Attribute) error
	FindObjects(sh p11.SessionHandle, max int) ([]p11.ObjectHandle, bool, error)
	FindObjectsFinal(sh p11.SessionHandle) error
	CloseSession(sh p11.SessionHandle) error
	OpenSession(slotID uint, flags uint) (p11.SessionHandle, error)
	GetSlotList(tokenPresent bool) ([]uint, error)
	GetSlotInfo(slotID uint) (p11.SlotInfo, error)
	GetTokenInfo(slotID uint) (p11.TokenInfo, error)
}

PKCS11Ctx interface is added to mock pkcs11.Ctx run the following command to generate mock

type SignerPool

type SignerPool struct {
	// contains filtered or unexported fields
}

SignerPool is a pool of PKCS11 signers each key is corresponding with a SignerPool

Directories

Path Synopsis
Package mock_pkcs11 is a generated GoMock package.
Package mock_pkcs11 is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL