README
¶
go-pkcs11uri
Welcome to the go-pkcs11uri library. The implementation follows RFC 7512 and this errata.
Exampe usage:
The following example builds on this library here and are using softhsm2 on Fedora.
Example
This example program extending the one found here:
package main
import (
"fmt"
"os"
"strconv"
"github.com/miekg/pkcs11"
pkcs11uri "github.com/stefanberger/go-pkcs11uri"
)
func main() {
if len(os.Args) < 2 {
panic("Missing pkcs11 URI argument")
}
uristr := os.Args[1]
uri, err := pkcs11uri.New()
if err != nil {
panic(err)
}
err = uri.Parse(uristr)
if err != nil {
panic(err)
}
module, err := uri.GetModule()
if err != nil {
panic(err)
}
slot, ok := uri.GetPathAttribute("slot-id", false)
if !ok {
panic("No slot-id in pkcs11 URI")
}
slotid, err := strconv.Atoi(slot)
if err != nil {
panic(err)
}
pin, err := uri.GetPIN()
if err != nil {
panic(err)
}
p := pkcs11.New(module)
err = p.Initialize()
if err != nil {
panic(err)
}
defer p.Destroy()
defer p.Finalize()
session, err := p.OpenSession(uint(slotid), pkcs11.CKF_SERIAL_SESSION|pkcs11.CKF_RW_SESSION)
if err != nil {
panic(err)
}
defer p.CloseSession(session)
err = p.Login(session, pkcs11.CKU_USER, pin)
if err != nil {
panic(err)
}
defer p.Logout(session)
p.DigestInit(session, []*pkcs11.Mechanism{pkcs11.NewMechanism(pkcs11.CKM_SHA_1, nil)})
hash, err := p.Digest(session, []byte("this is a string"))
if err != nil {
panic(err)
}
for _, d := range hash {
fmt.Printf("%x", d)
}
fmt.Println()
}
Exampe Usage
$ sudo softhsm2-util --init-token --slot 1 --label test --pin 1234 --so-pin 1234
The token has been initialized and is reassigned to slot 2053753261
$ go build ./...
$ sudo ./pkcs11-example 'pkcs11:slot-id=2053753261?module-path=/usr/lib64/pkcs11/libsofthsm2.so&pin-value=1234'
517592df8fec3ad146a79a9af153db2a4d784ec5
Documentation
¶
Index ¶
- type Pkcs11URI
- func (uri *Pkcs11URI) AddEnv(name, value string)
- func (uri *Pkcs11URI) AddPathAttribute(name, value string) error
- func (uri *Pkcs11URI) AddPathAttributeUnencoded(name string, value []byte) error
- func (uri *Pkcs11URI) AddQueryAttribute(name, value string) error
- func (uri *Pkcs11URI) AddQueryAttributeUnencoded(name string, value []byte) error
- func (uri *Pkcs11URI) Format() (string, error)
- func (uri *Pkcs11URI) GetEnvMap() map[string]string
- func (uri *Pkcs11URI) GetModule() (string, error)
- func (uri *Pkcs11URI) GetModuleDirectories() []string
- func (uri *Pkcs11URI) GetPIN() (string, error)
- func (uri *Pkcs11URI) GetPathAttribute(name string, pctencode bool) (string, bool)
- func (uri *Pkcs11URI) GetQueryAttribute(name string, pctencode bool) (string, bool)
- func (uri *Pkcs11URI) HasPIN() bool
- func (uri *Pkcs11URI) Parse(uristring string) error
- func (uri *Pkcs11URI) RemovePathAttribute(name string)
- func (uri *Pkcs11URI) RemoveQueryAttribute(name string)
- func (uri *Pkcs11URI) SetAllowAnyModule(allowAnyModule bool)
- func (uri *Pkcs11URI) SetAllowedModulePaths(allowedModulePaths []string)
- func (uri *Pkcs11URI) SetEnvMap(env map[string]string)
- func (uri *Pkcs11URI) SetModuleDirectories(moduleDirectories []string)
- func (uri *Pkcs11URI) SetPathAttribute(name, value string) error
- func (uri *Pkcs11URI) SetPathAttributeUnencoded(name string, value []byte)
- func (uri *Pkcs11URI) SetQueryAttribute(name, value string) error
- func (uri *Pkcs11URI) SetQueryAttributeUnencoded(name string, value []byte)
- func (uri *Pkcs11URI) Validate() error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Pkcs11URI ¶
type Pkcs11URI struct {
// contains filtered or unexported fields
}
Pkcs11URI holds a pkcs11 URI object
func (*Pkcs11URI) AddPathAttribute ¶
AddPathAttribute adds a path attribute; it returns an error if an attribute with the same name already existed or if the given value cannot be pct-unescaped
func (*Pkcs11URI) AddPathAttributeUnencoded ¶
AddPathAttributeUnencoded adds a path attribute given as byte[] which must not already be pct-encoded; it returns an error if an attribute with the same name already existed
func (*Pkcs11URI) AddQueryAttribute ¶
AddQueryAttribute adds a query attribute; it returns an error if an attribute with the same name already existed or if the given value cannot be pct-unescaped
func (*Pkcs11URI) AddQueryAttributeUnencoded ¶
AddQueryAttributeUnencoded adds a query attribute given as byte[] which must not already be pct-encoded; it returns an error if an attribute with the same name already existed
func (*Pkcs11URI) GetModule ¶
GetModule returns the module to use or an error in case no module could be found. First the module-path is checked for whether it holds an absolute that can be read by the current user. If this is the case the module is returned. Otherwise either the module-path is used or the user-provided module path is used to match a module containing what is set in the attribute module-name.
func (*Pkcs11URI) GetModuleDirectories ¶
GetModuleDirectories gets the search directories for pkcs11 modules
func (*Pkcs11URI) GetPIN ¶
GetPIN gets the PIN from either the pin-value or pin-source attribute; a user may want to call HasPIN() before calling this function to determine whether a PIN has been provided at all so that an error code returned by this function indicates that the PIN value could not be retrieved.
func (*Pkcs11URI) GetPathAttribute ¶
GetPathAttribute returns the value of a path attribute in unescaped form or pct-encoded form
func (*Pkcs11URI) GetQueryAttribute ¶
GetQueryAttribute returns the value of a query attribute in unescaped or pct-encoded form
func (*Pkcs11URI) HasPIN ¶
HasPIN allows the user to check whether a PIN has been provided either by the pin-value or the pin-source attributes. It should be called before GetPIN(), which may still fail getting the PIN from a file for example.
func (*Pkcs11URI) RemovePathAttribute ¶
RemovePathAttribute removes a path attribute
func (*Pkcs11URI) RemoveQueryAttribute ¶
RemoveQueryAttribute removes a path attribute
func (*Pkcs11URI) SetAllowAnyModule ¶
SetAllowAnyModule allows any module to be loaded; by default this is not allowed
func (*Pkcs11URI) SetAllowedModulePaths ¶
SetAllowedModulePaths sets allowed module paths to restrict access to modules. Directory entries must end with a '/', all other ones are assumed to be file entries. Allowed modules are filtered by string matching.
func (*Pkcs11URI) SetModuleDirectories ¶
SetModuleDirectories sets the search directories for pkcs11 modules
func (*Pkcs11URI) SetPathAttribute ¶
SetPathAttribute sets the value for a path attribute; this function may return an error if the given value cannot be pct-unescaped
func (*Pkcs11URI) SetPathAttributeUnencoded ¶
SetPathAttributeUnencoded sets the value for a path attribute given as byte[]. The value must not have been pct-encoded already.
func (*Pkcs11URI) SetQueryAttribute ¶
SetQueryAttribute sets the value for a query attribute; this function may return an error if the given value cannot pct-unescaped
func (*Pkcs11URI) SetQueryAttributeUnencoded ¶
SetQueryAttributeUnencoded sets the value for a quiery attribute given as byte[]. The value must not have been pct-encoded already.
Source Files