slot.go

Documentation: github.com/miekg/pkcs11/p11

     1  package p11
     2  
     3  import "github.com/miekg/pkcs11"
     4  
     5  // Slot represents a slot that may hold a token.
     6  type Slot struct {
     7  	ctx *pkcs11.Ctx
     8  	id  uint
     9  }
    10  
    11  // Info returns information about the Slot.
    12  func (s Slot) Info() (pkcs11.SlotInfo, error) {
    13  	return s.ctx.GetSlotInfo(s.id)
    14  }
    15  
    16  // TokenInfo returns information about the token in a Slot, if applicable.
    17  func (s Slot) TokenInfo() (pkcs11.TokenInfo, error) {
    18  	return s.ctx.GetTokenInfo(s.id)
    19  }
    20  
    21  // OpenSession opens a read-only session with the token in this slot.
    22  func (s Slot) OpenSession() (Session, error) {
    23  	return s.OpenSessionWithFlags(0)
    24  }
    25  
    26  // OpenWriteSession opens a read-write session with the token in this slot.
    27  func (s Slot) OpenWriteSession() (Session, error) {
    28  	return s.OpenSessionWithFlags(pkcs11.CKF_RW_SESSION)
    29  }
    30  
    31  // OpenSessionWithFlags opens a serial session using the given flags with the
    32  // token in this slot.
    33  // CKF_SERIAL_SESSION is always mandatory (per PKCS#11) for legacy reasons and
    34  // is internally added before opening a session.
    35  func (s Slot) OpenSessionWithFlags(flags uint) (Session, error) {
    36  	handle, err := s.ctx.OpenSession(s.id, flags|pkcs11.CKF_SERIAL_SESSION)
    37  	if err != nil {
    38  		return nil, err
    39  	}
    40  	return &sessionImpl{
    41  		ctx:    s.ctx,
    42  		handle: handle,
    43  	}, nil
    44  }
    45  
    46  // CloseAllSessions closes all sessions on this slot.
    47  func (s Slot) CloseAllSessions() error {
    48  	return s.ctx.CloseAllSessions(s.id)
    49  }
    50  
    51  // Mechanisms returns a list of Mechanisms available on the token in this
    52  // slot.
    53  func (s Slot) Mechanisms() ([]Mechanism, error) {
    54  	list, err := s.ctx.GetMechanismList(s.id)
    55  	if err != nil {
    56  		return nil, err
    57  	}
    58  	result := make([]Mechanism, len(list))
    59  	for i, mech := range list {
    60  		result[i] = Mechanism{
    61  			mechanism: mech,
    62  			slot:      s,
    63  		}
    64  	}
    65  	return result, nil
    66  }
    67  
    68  // InitToken initializes the token in this slot, setting its label to
    69  // tokenLabel. If the token was not previously initialized, its security officer
    70  // PIN is set to the provided string. If the token is already initialized, the
    71  // provided PIN will be checked against the existing security officer PIN, and
    72  // the token will only be reinitialized if there is a match.
    73  //
    74  // According to PKCS#11: "When a token is initialized, all objects that can be
    75  // destroyed are destroyed (i.e., all except for 'indestructible' objects such
    76  // as keys built into the token). Also, access by the normal user is disabled
    77  // until the SO sets the normal user’s PIN."
    78  func (s Slot) InitToken(securityOfficerPIN string, tokenLabel string) error {
    79  	return s.ctx.InitToken(s.id, securityOfficerPIN, tokenLabel)
    80  }
    81  
    82  // ID returns the slot's ID.
    83  func (s Slot) ID() uint {
    84  	return s.id
    85  }
    86  
    87  // Mechanism represents a cipher, signature algorithm, hash function, or other
    88  // function that a token can perform.
    89  type Mechanism struct {
    90  	mechanism *pkcs11.Mechanism
    91  	slot      Slot
    92  }
    93  
    94  // Info returns information about this mechanism.
    95  func (m *Mechanism) Info() (pkcs11.MechanismInfo, error) {
    96  	return m.slot.ctx.GetMechanismInfo(m.slot.id, []*pkcs11.Mechanism{m.mechanism})
    97  }
    98
View as plain text