pkcs11

package
v2.3.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 21, 2021 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Overview

Copyright IBM Corp. 2016 All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func FindPKCS11Lib

func FindPKCS11Lib() (lib, pin, label string)

FindPKCS11Lib IS ONLY USED FOR TESTING This is a convenience function. Useful to self-configure, for tests where usual configuration is not available.

Types

type KeyIDMapping

type KeyIDMapping struct {
	SKI string `json:"ski,omitempty"`
	ID  string `json:"id,omitempty"`
}

A KeyIDMapping associates the CKA_ID attribute of a cryptoki object with a subject key identifer.

type Option

type Option func(p *Provider) error

An Option is used to configure the Provider.

func WithKeyMapper

func WithKeyMapper(mapper func([]byte) []byte) Option

WithKeyMapper returns an option that configures the Provider to use the provided function to map a subject key identifier to a cryptoki CKA_ID identifer.

type PKCS11Opts

type PKCS11Opts struct {
	// Default algorithms when not specified (Deprecated?)
	Security int    `json:"security"`
	Hash     string `json:"hash"`

	// PKCS11 options
	Library        string         `json:"library"`
	Label          string         `json:"label"`
	Pin            string         `json:"pin"`
	SoftwareVerify bool           `json:"softwareverify,omitempty"`
	Immutable      bool           `json:"immutable,omitempty"`
	AltID          string         `json:"altid,omitempty"`
	KeyIDs         []KeyIDMapping `json:"keyids,omitempty" mapstructure:"keyids"`
	// contains filtered or unexported fields
}

PKCS11Opts contains options for the P11Factory

type Provider

type Provider struct {
	bccsp.BCCSP
	// contains filtered or unexported fields
}

func New

func New(opts PKCS11Opts, keyStore bccsp.KeyStore, options ...Option) (*Provider, error)

New returns a new instance of a BCCSP that uses PKCS#11 standard interfaces to generate and use elliptic curve key pairs for signing and verification using curves that satisfy the requested security level from opts.

All other cryptographic functions are delegated to a software based BCCSP implementation that is configured to use the security level and hashing familly from opts and the key store that is provided.

func (*Provider) GetKey

func (csp *Provider) GetKey(ski []byte) (bccsp.Key, error)

GetKey returns the key this CSP associates to the Subject Key Identifier ski.

func (*Provider) KeyGen

func (csp *Provider) KeyGen(opts bccsp.KeyGenOpts) (k bccsp.Key, err error)

KeyGen generates a key using opts.

func (*Provider) Sign

func (csp *Provider) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) ([]byte, error)

Sign signs digest using key k. The opts argument should be appropriate for the primitive used.

Note that when a signature of a hash of a larger message is needed, the caller is responsible for hashing the larger message and passing the hash (as digest).

func (*Provider) Verify

func (csp *Provider) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (bool, error)

Verify verifies signature against key k and digest

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL