pkcs11

package
v0.0.0-...-b544036 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 16, 2022 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Overview

Copyright hechain. 2022 All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func FindPKCS11Lib 

func FindPKCS11Lib() (lib, pin, label string)

FindPKCS11Lib IS ONLY USED FOR TESTING This is a convenience function. Useful to self-configure, for tests where usual configuration is not available.

Types

type KeyIDMapping 

type KeyIDMapping struct {
	SKI string `json:"ski,omitempty"`
	ID  string `json:"id,omitempty"`
}

A KeyIDMapping associates the CKA_ID attribute of a cryptoki object with a subject key identifer.

type Option 

type Option func(p *Provider) error

An Option is used to configure the Provider.

func WithKeyMapper 

func WithKeyMapper(mapper func([]byte) []byte) Option

WithKeyMapper returns an option that configures the Provider to use the provided function to map a subject key identifier to a cryptoki CKA_ID identifer.

type PKCS11Opts 

type PKCS11Opts struct {
	// Default algorithms when not specified (Deprecated?)
	Security int    `json:"security"`
	Hash     string `json:"hash"`

	// PKCS11 options
	Library        string         `json:"library"`
	Label          string         `json:"label"`
	Pin            string         `json:"pin"`
	SoftwareVerify bool           `json:"softwareverify,omitempty"`
	Immutable      bool           `json:"immutable,omitempty"`
	AltID          string         `json:"altid,omitempty"`
	KeyIDs         []KeyIDMapping `json:"keyids,omitempty" mapstructure:"keyids"`
	// contains filtered or unexported fields
}

PKCS11Opts contains options for the P11Factory

type Provider 

type Provider struct {
	bccsp.BCCSP
	// contains filtered or unexported fields
}

func New 

func New(opts PKCS11Opts, keyStore bccsp.KeyStore, options ...Option) (*Provider, error)

New returns a new instance of a BCCSP that uses PKCS#11 standard interfaces to generate and use elliptic curve key pairs for signing and verification using curves that satisfy the requested security level from opts.

All other cryptographic functions are delegated to a software based BCCSP implementation that is configured to use the security level and hashing familly from opts and the key store that is provided.

func (*Provider) GetKey 

func (csp *Provider) GetKey(ski []byte) (bccsp.Key, error)

GetKey returns the key this CSP associates to the Subject Key Identifier ski.

func (*Provider) KeyGen 

func (csp *Provider) KeyGen(opts bccsp.KeyGenOpts) (k bccsp.Key, err error)

KeyGen generates a key using opts.

func (*Provider) Sign 

func (csp *Provider) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) ([]byte, error)

Sign signs digest using key k. The opts argument should be appropriate for the primitive used.

Note that when a signature of a hash of a larger message is needed, the caller is responsible for hashing the larger message and passing the hash (as digest).

func (*Provider) Verify 

func (csp *Provider) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (bool, error)

Verify verifies signature against key k and digest

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.