attributes.go

Documentation: github.com/ThalesIgnite/crypto11

     1  package crypto11
     2  
     3  import (
     4  	"errors"
     5  	"fmt"
     6  	"strings"
     7  
     8  	"github.com/miekg/pkcs11"
     9  )
    10  
    11  // AttributeType represents a PKCS#11 CK_ATTRIBUTE value.
    12  type AttributeType = uint
    13  
    14  // Attribute represents a PKCS#11 CK_ATTRIBUTE type.
    15  type Attribute = pkcs11.Attribute
    16  
    17  //noinspection GoUnusedConst,GoDeprecation
    18  const (
    19  	CkaClass                  = AttributeType(0x00000000)
    20  	CkaToken                  = AttributeType(0x00000001)
    21  	CkaPrivate                = AttributeType(0x00000002)
    22  	CkaLabel                  = AttributeType(0x00000003)
    23  	CkaApplication            = AttributeType(0x00000010)
    24  	CkaValue                  = AttributeType(0x00000011)
    25  	CkaObjectId               = AttributeType(0x00000012)
    26  	CkaCertificateType        = AttributeType(0x00000080)
    27  	CkaIssuer                 = AttributeType(0x00000081)
    28  	CkaSerialNumber           = AttributeType(0x00000082)
    29  	CkaAcIssuer               = AttributeType(0x00000083)
    30  	CkaOwner                  = AttributeType(0x00000084)
    31  	CkaAttrTypes              = AttributeType(0x00000085)
    32  	CkaTrusted                = AttributeType(0x00000086)
    33  	CkaCertificateCategory    = AttributeType(0x00000087)
    34  	CkaJavaMIDPSecurityDomain = AttributeType(0x00000088)
    35  	CkaUrl                    = AttributeType(0x00000089)
    36  	CkaHashOfSubjectPublicKey = AttributeType(0x0000008A)
    37  	CkaHashOfIssuerPublicKey  = AttributeType(0x0000008B)
    38  	CkaNameHashAlgorithm      = AttributeType(0x0000008C)
    39  	CkaCheckValue             = AttributeType(0x00000090)
    40  
    41  	CkaKeyType         = AttributeType(0x00000100)
    42  	CkaSubject         = AttributeType(0x00000101)
    43  	CkaId              = AttributeType(0x00000102)
    44  	CkaSensitive       = AttributeType(0x00000103)
    45  	CkaEncrypt         = AttributeType(0x00000104)
    46  	CkaDecrypt         = AttributeType(0x00000105)
    47  	CkaWrap            = AttributeType(0x00000106)
    48  	CkaUnwrap          = AttributeType(0x00000107)
    49  	CkaSign            = AttributeType(0x00000108)
    50  	CkaSignRecover     = AttributeType(0x00000109)
    51  	CkaVerify          = AttributeType(0x0000010A)
    52  	CkaVerifyRecover   = AttributeType(0x0000010B)
    53  	CkaDerive          = AttributeType(0x0000010C)
    54  	CkaStartDate       = AttributeType(0x00000110)
    55  	CkaEndDate         = AttributeType(0x00000111)
    56  	CkaModulus         = AttributeType(0x00000120)
    57  	CkaModulusBits     = AttributeType(0x00000121)
    58  	CkaPublicExponent  = AttributeType(0x00000122)
    59  	CkaPrivateExponent = AttributeType(0x00000123)
    60  	CkaPrime1          = AttributeType(0x00000124)
    61  	CkaPrime2          = AttributeType(0x00000125)
    62  	CkaExponent1       = AttributeType(0x00000126)
    63  	CkaExponent2       = AttributeType(0x00000127)
    64  	CkaCoefficient     = AttributeType(0x00000128)
    65  	CkaPublicKeyInfo   = AttributeType(0x00000129)
    66  	CkaPrime           = AttributeType(0x00000130)
    67  	CkaSubprime        = AttributeType(0x00000131)
    68  	CkaBase            = AttributeType(0x00000132)
    69  
    70  	CkaPrimeBits    = AttributeType(0x00000133)
    71  	CkaSubprimeBits = AttributeType(0x00000134)
    72  	/* (To retain backwards-compatibility) */
    73  	CkaSubPrimeBits = CkaSubprimeBits
    74  
    75  	CkaValueBits        = AttributeType(0x00000160)
    76  	CkaValueLen         = AttributeType(0x00000161)
    77  	CkaExtractable      = AttributeType(0x00000162)
    78  	CkaLocal            = AttributeType(0x00000163)
    79  	CkaNeverExtractable = AttributeType(0x00000164)
    80  	CkaAlwaysSensitive  = AttributeType(0x00000165)
    81  	CkaKeyGenMechanism  = AttributeType(0x00000166)
    82  
    83  	CkaModifiable = AttributeType(0x00000170)
    84  	CkaCopyable   = AttributeType(0x00000171)
    85  
    86  	/* new for v2.40 */
    87  	CkaDestroyable = AttributeType(0x00000172)
    88  
    89  	/* CKA_ECDSA_PARAMS is deprecated in v2.11,
    90  	 * CKA_EC_PARAMS is preferred. */
    91  	CkaEcdsaParams = AttributeType(0x00000180)
    92  	CkaEcParams    = AttributeType(0x00000180)
    93  
    94  	CkaEcPoint = AttributeType(0x00000181)
    95  
    96  	/* CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS,
    97  	 * are new for v2.10. Deprecated in v2.11 and onwards. */
    98  	CkaSecondaryAuth = AttributeType(0x00000200) /* Deprecated */
    99  	CkaAuthPinFlags  = AttributeType(0x00000201) /* Deprecated */
   100  
   101  	CkaAlwaysAuthenticate = AttributeType(0x00000202)
   102  
   103  	CkaWrapWithTrusted = AttributeType(0x00000210)
   104  
   105  	ckfArrayAttribute = AttributeType(0x40000000)
   106  
   107  	CkaWrapTemplate   = ckfArrayAttribute | AttributeType(0x00000211)
   108  	CkaUnwrapTemplate = ckfArrayAttribute | AttributeType(0x00000212)
   109  
   110  	CkaOtpFormat               = AttributeType(0x00000220)
   111  	CkaOtpLength               = AttributeType(0x00000221)
   112  	CkaOtpTimeInterval         = AttributeType(0x00000222)
   113  	CkaOtpUserFriendlyMode     = AttributeType(0x00000223)
   114  	CkaOtpChallengeRequirement = AttributeType(0x00000224)
   115  	CkaOtpTimeRequirement      = AttributeType(0x00000225)
   116  	CkaOtpCounterRequirement   = AttributeType(0x00000226)
   117  	CkaOtpPinRequirement       = AttributeType(0x00000227)
   118  	CkaOtpCounter              = AttributeType(0x0000022E)
   119  	CkaOtpTime                 = AttributeType(0x0000022F)
   120  	CkaOtpUserIdentifier       = AttributeType(0x0000022A)
   121  	CkaOtpServiceIdentifier    = AttributeType(0x0000022B)
   122  	CkaOtpServiceLogo          = AttributeType(0x0000022C)
   123  	CkaOtpServiceLogoType      = AttributeType(0x0000022D)
   124  
   125  	CkaGOSTR3410Params = AttributeType(0x00000250)
   126  	CkaGOSTR3411Params = AttributeType(0x00000251)
   127  	CkaGOST28147Params = AttributeType(0x00000252)
   128  
   129  	CkaHwFeatureType = AttributeType(0x00000300)
   130  	CkaResetOnInit   = AttributeType(0x00000301)
   131  	CkaHasReset      = AttributeType(0x00000302)
   132  
   133  	CkaPixelX                 = AttributeType(0x00000400)
   134  	CkaPixelY                 = AttributeType(0x00000401)
   135  	CkaResolution             = AttributeType(0x00000402)
   136  	CkaCharRows               = AttributeType(0x00000403)
   137  	CkaCharColumns            = AttributeType(0x00000404)
   138  	CkaColor                  = AttributeType(0x00000405)
   139  	CkaBitsPerPixel           = AttributeType(0x00000406)
   140  	CkaCharSets               = AttributeType(0x00000480)
   141  	CkaEncodingMethods        = AttributeType(0x00000481)
   142  	CkaMimeTypes              = AttributeType(0x00000482)
   143  	CkaMechanismType          = AttributeType(0x00000500)
   144  	CkaRequiredCmsAttributes  = AttributeType(0x00000501)
   145  	CkaDefaultCmsAttributes   = AttributeType(0x00000502)
   146  	CkaSupportedCmsAttributes = AttributeType(0x00000503)
   147  	CkaAllowedMechanisms      = ckfArrayAttribute | AttributeType(0x00000600)
   148  )
   149  
   150  // NewAttribute is a helper function that populates a new Attribute for common data types. This function will
   151  // return an error if value is not of type bool, int, uint, string, []byte or time.Time (or is nil).
   152  func NewAttribute(attributeType AttributeType, value interface{}) (a *Attribute, err error) {
   153  	// catch any panics from the pkcs11.NewAttribute() call to handle the error cleanly
   154  	defer func() {
   155  		if r := recover(); r != nil {
   156  			err = errors.New(fmt.Sprintf("failed creating Attribute: %v", r))
   157  		}
   158  	}()
   159  
   160  	pAttr := pkcs11.NewAttribute(attributeType, value)
   161  	return pAttr, nil
   162  }
   163  
   164  // CopyAttribute returns a deep copy of the given Attribute.
   165  func CopyAttribute(a *Attribute) *Attribute {
   166  	var value []byte
   167  	if a.Value != nil && len(a.Value) > 0 {
   168  		value = append([]byte(nil), a.Value...)
   169  	}
   170  	return &pkcs11.Attribute{
   171  		Type:  a.Type,
   172  		Value: value,
   173  	}
   174  }
   175  
   176  // An AttributeSet groups together operations that are common for a collection of Attributes.
   177  type AttributeSet map[AttributeType]*Attribute
   178  
   179  // NewAttributeSet creates an empty AttributeSet.
   180  func NewAttributeSet() AttributeSet {
   181  	return make(AttributeSet)
   182  }
   183  
   184  // Set stores a new attribute in the AttributeSet. Any existing value will be overwritten. This function will return an
   185  // error if value is not of type bool, int, uint, string, []byte or time.Time (or is nil).
   186  func (a AttributeSet) Set(attributeType AttributeType, value interface{}) error {
   187  	attr, err := NewAttribute(attributeType, value)
   188  	if err != nil {
   189  		return err
   190  	}
   191  	a[attributeType] = attr
   192  	return nil
   193  }
   194  
   195  // cloneFrom make this AttributeSet a clone of the supplied set. Values are deep copied.
   196  func (a AttributeSet) cloneFrom(set AttributeSet) {
   197  	for key := range a {
   198  		delete(a, key)
   199  	}
   200  
   201  	// Use Copy to do the deep cloning for us
   202  	c := set.Copy()
   203  	for k, v := range c {
   204  		a[k] = v
   205  	}
   206  }
   207  
   208  // AddIfNotPresent adds the attributes if the Attribute Type is not already present in the AttributeSet.
   209  func (a AttributeSet) AddIfNotPresent(additional []*Attribute) {
   210  	for _, additionalAttr := range additional {
   211  		// Only add the attribute if it is not already present in the Attribute map
   212  		if _, ok := a[additionalAttr.Type]; !ok {
   213  			a[additionalAttr.Type] = additionalAttr
   214  		}
   215  	}
   216  }
   217  
   218  // ToSlice returns a deep copy of Attributes contained in the AttributeSet.
   219  func (a AttributeSet) ToSlice() []*Attribute {
   220  	var attributes []*Attribute
   221  	for _, v := range a {
   222  		duplicateAttr := CopyAttribute(v)
   223  		attributes = append(attributes, duplicateAttr)
   224  	}
   225  	return attributes
   226  }
   227  
   228  // Copy returns a deep copy of the AttributeSet. This function will return an error if value is not of type
   229  // bool, int, uint, string, []byte or time.Time (or is nil).
   230  func (a AttributeSet) Copy() AttributeSet {
   231  	b := NewAttributeSet()
   232  	for _, v := range a {
   233  		b[v.Type] = CopyAttribute(v)
   234  	}
   235  	return b
   236  }
   237  
   238  // Unset removes an attribute from the attributes set. If the set does not contain the attribute, this
   239  // is a no-op.
   240  func (a AttributeSet) Unset(attributeType AttributeType) {
   241  	delete(a, attributeType)
   242  }
   243  
   244  func (a AttributeSet) String() string {
   245  	result := new(strings.Builder)
   246  	for attr, value := range a {
   247  		_, _ = fmt.Fprintf(result, "%s: %x\n", attributeTypeString(attr), value.Value)
   248  	}
   249  	return result.String()
   250  }
   251  
   252  // NewAttributeSetWithID is a helper function that populates a new slice of Attributes with the provided ID.
   253  // This function returns an error if the ID is an empty slice.
   254  func NewAttributeSetWithID(id []byte) (AttributeSet, error) {
   255  	if err := notNilBytes(id, "id"); err != nil {
   256  		return nil, err
   257  	}
   258  	a := NewAttributeSet()
   259  	_ = a.Set(CkaId, id) // error not possible for []byte
   260  	return a, nil
   261  }
   262  
   263  // NewAttributeSetWithIDAndLabel is a helper function that populates a new slice of Attributes with the
   264  // provided ID and Label. This function returns an error if either the ID or the Label is an empty slice.
   265  func NewAttributeSetWithIDAndLabel(id, label []byte) (a AttributeSet, err error) {
   266  	if a, err = NewAttributeSetWithID(id); err != nil {
   267  		return nil, err
   268  	}
   269  
   270  	if err := notNilBytes(label, "label"); err != nil {
   271  		return nil, err
   272  	}
   273  
   274  	_ = a.Set(CkaLabel, label) // error not possible with []byte
   275  	return a, nil
   276  }
   277  
   278  func attributeTypeString(a AttributeType) string {
   279  	//noinspection GoDeprecation
   280  	switch a {
   281  	case CkaClass:
   282  		return "CkaClass"
   283  	case CkaToken:
   284  		return "CkaToken"
   285  	case CkaPrivate:
   286  		return "CkaPrivate"
   287  	case CkaLabel:
   288  		return "CkaLabel"
   289  	case CkaApplication:
   290  		return "CkaApplication"
   291  	case CkaValue:
   292  		return "CkaValue"
   293  	case CkaObjectId:
   294  		return "CkaObjectId"
   295  	case CkaCertificateType:
   296  		return "CkaCertificateType"
   297  	case CkaIssuer:
   298  		return "CkaIssuer"
   299  	case CkaSerialNumber:
   300  		return "CkaSerialNumber"
   301  	case CkaAcIssuer:
   302  		return "CkaAcIssuer"
   303  	case CkaOwner:
   304  		return "CkaOwner"
   305  	case CkaAttrTypes:
   306  		return "CkaAttrTypes"
   307  	case CkaTrusted:
   308  		return "CkaTrusted"
   309  	case CkaCertificateCategory:
   310  		return "CkaCertificateCategory"
   311  	case CkaJavaMIDPSecurityDomain:
   312  		return "CkaJavaMIDPSecurityDomain"
   313  	case CkaUrl:
   314  		return "CkaUrl"
   315  	case CkaHashOfSubjectPublicKey:
   316  		return "CkaHashOfSubjectPublicKey"
   317  	case CkaHashOfIssuerPublicKey:
   318  		return "CkaHashOfIssuerPublicKey"
   319  	case CkaNameHashAlgorithm:
   320  		return "CkaNameHashAlgorithm"
   321  	case CkaCheckValue:
   322  		return "CkaCheckValue"
   323  
   324  	case CkaKeyType:
   325  		return "CkaKeyType"
   326  	case CkaSubject:
   327  		return "CkaSubject"
   328  	case CkaId:
   329  		return "CkaId"
   330  	case CkaSensitive:
   331  		return "CkaSensitive"
   332  	case CkaEncrypt:
   333  		return "CkaEncrypt"
   334  	case CkaDecrypt:
   335  		return "CkaDecrypt"
   336  	case CkaWrap:
   337  		return "CkaWrap"
   338  	case CkaUnwrap:
   339  		return "CkaUnwrap"
   340  	case CkaSign:
   341  		return "CkaSign"
   342  	case CkaSignRecover:
   343  		return "CkaSignRecover"
   344  	case CkaVerify:
   345  		return "CkaVerify"
   346  	case CkaVerifyRecover:
   347  		return "CkaVerifyRecover"
   348  	case CkaDerive:
   349  		return "CkaDerive"
   350  	case CkaStartDate:
   351  		return "CkaStartDate"
   352  	case CkaEndDate:
   353  		return "CkaEndDate"
   354  	case CkaModulus:
   355  		return "CkaModulus"
   356  	case CkaModulusBits:
   357  		return "CkaModulusBits"
   358  	case CkaPublicExponent:
   359  		return "CkaPublicExponent"
   360  	case CkaPrivateExponent:
   361  		return "CkaPrivateExponent"
   362  	case CkaPrime1:
   363  		return "CkaPrime1"
   364  	case CkaPrime2:
   365  		return "CkaPrime2"
   366  	case CkaExponent1:
   367  		return "CkaExponent1"
   368  	case CkaExponent2:
   369  		return "CkaExponent2"
   370  	case CkaCoefficient:
   371  		return "CkaCoefficient"
   372  	case CkaPublicKeyInfo:
   373  		return "CkaPublicKeyInfo"
   374  	case CkaPrime:
   375  		return "CkaPrime"
   376  	case CkaSubprime:
   377  		return "CkaSubprime"
   378  	case CkaBase:
   379  		return "CkaBase"
   380  
   381  	case CkaPrimeBits:
   382  		return "CkaPrimeBits"
   383  	case CkaSubprimeBits:
   384  		return "CkaSubprimeBits"
   385  
   386  	case CkaValueBits:
   387  		return "CkaValueBits"
   388  	case CkaValueLen:
   389  		return "CkaValueLen"
   390  	case CkaExtractable:
   391  		return "CkaExtractable"
   392  	case CkaLocal:
   393  		return "CkaLocal"
   394  	case CkaNeverExtractable:
   395  		return "CkaNeverExtractable"
   396  	case CkaAlwaysSensitive:
   397  		return "CkaAlwaysSensitive"
   398  	case CkaKeyGenMechanism:
   399  		return "CkaKeyGenMechanism"
   400  
   401  	case CkaModifiable:
   402  		return "CkaModifiable"
   403  	case CkaCopyable:
   404  		return "CkaCopyable"
   405  
   406  	case CkaDestroyable:
   407  		return "CkaDestroyable"
   408  
   409  	case CkaEcParams:
   410  		return "CkaEcParams"
   411  
   412  	case CkaEcPoint:
   413  		return "CkaEcPoint"
   414  
   415  	case CkaSecondaryAuth:
   416  		return "CkaSecondaryAuth"
   417  	case CkaAuthPinFlags:
   418  		return "CkaAuthPinFlags"
   419  
   420  	case CkaAlwaysAuthenticate:
   421  		return "CkaAlwaysAuthenticate"
   422  
   423  	case CkaWrapWithTrusted:
   424  		return "CkaWrapWithTrusted"
   425  
   426  	case ckfArrayAttribute:
   427  		return "ckfArrayAttribute"
   428  
   429  	case CkaWrapTemplate:
   430  		return "CkaWrapTemplate"
   431  	case CkaUnwrapTemplate:
   432  		return "CkaUnwrapTemplate"
   433  
   434  	case CkaOtpFormat:
   435  		return "CkaOtpFormat"
   436  	case CkaOtpLength:
   437  		return "CkaOtpLength"
   438  	case CkaOtpTimeInterval:
   439  		return "CkaOtpTimeInterval"
   440  	case CkaOtpUserFriendlyMode:
   441  		return "CkaOtpUserFriendlyMode"
   442  	case CkaOtpChallengeRequirement:
   443  		return "CkaOtpChallengeRequirement"
   444  	case CkaOtpTimeRequirement:
   445  		return "CkaOtpTimeRequirement"
   446  	case CkaOtpCounterRequirement:
   447  		return "CkaOtpCounterRequirement"
   448  	case CkaOtpPinRequirement:
   449  		return "CkaOtpPinRequirement"
   450  	case CkaOtpCounter:
   451  		return "CkaOtpCounter"
   452  	case CkaOtpTime:
   453  		return "CkaOtpTime"
   454  	case CkaOtpUserIdentifier:
   455  		return "CkaOtpUserIdentifier"
   456  	case CkaOtpServiceIdentifier:
   457  		return "CkaOtpServiceIdentifier"
   458  	case CkaOtpServiceLogo:
   459  		return "CkaOtpServiceLogo"
   460  	case CkaOtpServiceLogoType:
   461  		return "CkaOtpServiceLogoType"
   462  
   463  	case CkaGOSTR3410Params:
   464  		return "CkaGOSTR3410Params"
   465  	case CkaGOSTR3411Params:
   466  		return "CkaGOSTR3411Params"
   467  	case CkaGOST28147Params:
   468  		return "CkaGOST28147Params"
   469  
   470  	case CkaHwFeatureType:
   471  		return "CkaHwFeatureType"
   472  	case CkaResetOnInit:
   473  		return "CkaResetOnInit"
   474  	case CkaHasReset:
   475  		return "CkaHasReset"
   476  
   477  	case CkaPixelX:
   478  		return "CkaPixelX"
   479  	case CkaPixelY:
   480  		return "CkaPixelY"
   481  	case CkaResolution:
   482  		return "CkaResolution"
   483  	case CkaCharRows:
   484  		return "CkaCharRows"
   485  	case CkaCharColumns:
   486  		return "CkaCharColumns"
   487  	case CkaColor:
   488  		return "CkaColor"
   489  	case CkaBitsPerPixel:
   490  		return "CkaBitsPerPixel"
   491  	case CkaCharSets:
   492  		return "CkaCharSets"
   493  	case CkaEncodingMethods:
   494  		return "CkaEncodingMethods"
   495  	case CkaMimeTypes:
   496  		return "CkaMimeTypes"
   497  	case CkaMechanismType:
   498  		return "CkaMechanismType"
   499  	case CkaRequiredCmsAttributes:
   500  		return "CkaRequiredCmsAttributes"
   501  	case CkaDefaultCmsAttributes:
   502  		return "CkaDefaultCmsAttributes"
   503  	case CkaSupportedCmsAttributes:
   504  		return "CkaSupportedCmsAttributes"
   505  	case CkaAllowedMechanisms:
   506  		return "CkaAllowedMechanisms"
   507  	default:
   508  		return "Unknown"
   509  	}
   510  }
   511
View as plain text