▽

Package pkcs11helpers

Constants

const (
    RSAKey keyType = iota
    ECDSAKey
)

Variables

var ErrNoObject = errors.New("no objects found matching provided template")

func NewSessionWithMock ¶

func NewSessionWithMock() (*Session, *MockCtx)

type MockCtx ¶

type MockCtx struct {
    GenerateKeyPairFunc   func(pkcs11.SessionHandle, []*pkcs11.Mechanism, []*pkcs11.Attribute, []*pkcs11.Attribute) (pkcs11.ObjectHandle, pkcs11.ObjectHandle, error)
    GetAttributeValueFunc func(pkcs11.SessionHandle, pkcs11.ObjectHandle, []*pkcs11.Attribute) ([]*pkcs11.Attribute, error)
    SignInitFunc          func(pkcs11.SessionHandle, []*pkcs11.Mechanism, pkcs11.ObjectHandle) error
    SignFunc              func(pkcs11.SessionHandle, []byte) ([]byte, error)
    GenerateRandomFunc    func(pkcs11.SessionHandle, int) ([]byte, error)
    FindObjectsInitFunc   func(sh pkcs11.SessionHandle, temp []*pkcs11.Attribute) error
    FindObjectsFunc       func(sh pkcs11.SessionHandle, max int) ([]pkcs11.ObjectHandle, bool, error)
    FindObjectsFinalFunc  func(sh pkcs11.SessionHandle) error
}

func NewMock ¶

func NewMock() *MockCtx

func (MockCtx) FindObjects ¶

func (mc MockCtx) FindObjects(sh pkcs11.SessionHandle, max int) ([]pkcs11.ObjectHandle, bool, error)

func (MockCtx) FindObjectsFinal ¶

func (mc MockCtx) FindObjectsFinal(sh pkcs11.SessionHandle) error

func (MockCtx) FindObjectsInit ¶

func (mc MockCtx) FindObjectsInit(sh pkcs11.SessionHandle, temp []*pkcs11.Attribute) error

func (MockCtx) GenerateKeyPair ¶

func (mc MockCtx) GenerateKeyPair(s pkcs11.SessionHandle, m []*pkcs11.Mechanism, a1 []*pkcs11.Attribute, a2 []*pkcs11.Attribute) (pkcs11.ObjectHandle, pkcs11.ObjectHandle, error)

func (MockCtx) GenerateRandom ¶

func (mc MockCtx) GenerateRandom(s pkcs11.SessionHandle, c int) ([]byte, error)

func (MockCtx) GetAttributeValue ¶

func (mc MockCtx) GetAttributeValue(s pkcs11.SessionHandle, o pkcs11.ObjectHandle, a []*pkcs11.Attribute) ([]*pkcs11.Attribute, error)

func (MockCtx) Sign ¶

func (mc MockCtx) Sign(s pkcs11.SessionHandle, m []byte) ([]byte, error)

func (MockCtx) SignInit ¶

func (mc MockCtx) SignInit(s pkcs11.SessionHandle, m []*pkcs11.Mechanism, o pkcs11.ObjectHandle) error

type PKCtx ¶

type PKCtx interface {
    GenerateKeyPair(pkcs11.SessionHandle, []*pkcs11.Mechanism, []*pkcs11.Attribute, []*pkcs11.Attribute) (pkcs11.ObjectHandle, pkcs11.ObjectHandle, error)
    GetAttributeValue(pkcs11.SessionHandle, pkcs11.ObjectHandle, []*pkcs11.Attribute) ([]*pkcs11.Attribute, error)
    SignInit(pkcs11.SessionHandle, []*pkcs11.Mechanism, pkcs11.ObjectHandle) error
    Sign(pkcs11.SessionHandle, []byte) ([]byte, error)
    GenerateRandom(pkcs11.SessionHandle, int) ([]byte, error)
    FindObjectsInit(sh pkcs11.SessionHandle, temp []*pkcs11.Attribute) error
    FindObjects(sh pkcs11.SessionHandle, max int) ([]pkcs11.ObjectHandle, bool, error)
    FindObjectsFinal(sh pkcs11.SessionHandle) error
}

type Session ¶

Session represents a session with a given PKCS#11 module. It is not safe for concurrent access.

type Session struct {
    Module  PKCtx
    Session pkcs11.SessionHandle
}

func Initialize ¶

func Initialize(module string, slot uint, pin string) (*Session, error)

func (*Session) FindObject ¶

func (s *Session) FindObject(tmpl []*pkcs11.Attribute) (pkcs11.ObjectHandle, error)

FindObject looks up a PKCS#11 object handle based on the provided template. In the case where zero or more than one objects are found to match the template an error is returned.

func (*Session) GenerateKeyPair ¶

func (s *Session) GenerateKeyPair(m []*pkcs11.Mechanism, pubAttrs []*pkcs11.Attribute, privAttrs []*pkcs11.Attribute) (pkcs11.ObjectHandle, pkcs11.ObjectHandle, error)

func (*Session) GetAttributeValue ¶

func (s *Session) GetAttributeValue(object pkcs11.ObjectHandle, attributes []*pkcs11.Attribute) ([]*pkcs11.Attribute, error)

func (*Session) GetECDSAPublicKey ¶

func (s *Session) GetECDSAPublicKey(object pkcs11.ObjectHandle) (*ecdsa.PublicKey, error)

func (*Session) GetRSAPublicKey ¶

func (s *Session) GetRSAPublicKey(object pkcs11.ObjectHandle) (*rsa.PublicKey, error)

func (*Session) NewSigner ¶

func (s *Session) NewSigner(label string, publicKey crypto.PublicKey) (crypto.Signer, error)

NewSigner constructs an x509Signer for the private key object associated with the given label and public key.

func (*Session) Sign ¶

func (s *Session) Sign(object pkcs11.ObjectHandle, keyType keyType, digest []byte, hash crypto.Hash) ([]byte, error)