mirror of https://github.com/docker/cli.git
Merge pull request #1691 from justincormack/nolibtool
Update PKCS11 library
This commit is contained in:
commit
69311b5ad9
|
@ -52,7 +52,7 @@ github.com/mattn/go-shellwords v1.0.3
|
|||
github.com/matttproud/golang_protobuf_extensions v1.0.1
|
||||
github.com/Microsoft/hcsshim v0.8.1
|
||||
github.com/Microsoft/go-winio v0.4.11
|
||||
github.com/miekg/pkcs11 287d9350987cc9334667882061e202e96cdfb4d0
|
||||
github.com/miekg/pkcs11 6120d95c0e9576ccf4a78ba40855809dca31a9ed
|
||||
github.com/mitchellh/mapstructure f15292f7a699fcc1a38a80977f80a046874ba8ac
|
||||
github.com/moby/buildkit 520201006c9dc676da9cf9655337ac711f7f127d
|
||||
github.com/modern-go/concurrent bacd9c7ef1dd9b15be4a9909b8ac7a4e313eec94 # 1.0.3
|
||||
|
|
|
@ -12,13 +12,13 @@ were it makes sense. It has been tested with SoftHSM.
|
|||
softhsm --init-token --slot 0 --label test --pin 1234
|
||||
|
||||
* Then use `libsofthsm.so` as the pkcs11 module:
|
||||
|
||||
```go
|
||||
p := pkcs11.New("/usr/lib/softhsm/libsofthsm.so")
|
||||
|
||||
```
|
||||
## Examples
|
||||
|
||||
A skeleton program would look somewhat like this (yes, pkcs#11 is verbose):
|
||||
|
||||
```go
|
||||
p := pkcs11.New("/usr/lib/softhsm/libsofthsm.so")
|
||||
err := p.Initialize()
|
||||
if err != nil {
|
||||
|
@ -55,7 +55,7 @@ A skeleton program would look somewhat like this (yes, pkcs#11 is verbose):
|
|||
fmt.Printf("%x", d)
|
||||
}
|
||||
fmt.Println()
|
||||
|
||||
```
|
||||
Further examples are included in the tests.
|
||||
|
||||
To expose PKCS#11 keys using the
|
||||
|
|
|
@ -24,15 +24,19 @@ const (
|
|||
)
|
||||
|
||||
const (
|
||||
CKG_MGF1_SHA1 uint = 0x00000001
|
||||
CKG_MGF1_SHA224 uint = 0x00000005
|
||||
CKG_MGF1_SHA256 uint = 0x00000002
|
||||
CKG_MGF1_SHA384 uint = 0x00000003
|
||||
CKG_MGF1_SHA512 uint = 0x00000004
|
||||
CKG_MGF1_SHA1 uint = 0x00000001
|
||||
CKG_MGF1_SHA224 uint = 0x00000005
|
||||
CKG_MGF1_SHA256 uint = 0x00000002
|
||||
CKG_MGF1_SHA384 uint = 0x00000003
|
||||
CKG_MGF1_SHA512 uint = 0x00000004
|
||||
CKG_MGF1_SHA3_224 uint = 0x00000006
|
||||
CKG_MGF1_SHA3_256 uint = 0x00000007
|
||||
CKG_MGF1_SHA3_384 uint = 0x00000008
|
||||
CKG_MGF1_SHA3_512 uint = 0x00000009
|
||||
)
|
||||
|
||||
const (
|
||||
CKZ_DATA_SPECIFIED uint = 0x00000001
|
||||
CKZ_DATA_SPECIFIED uint = 0x00000001
|
||||
)
|
||||
|
||||
// Generated with: awk '/#define CK[AFKMRC]/{ print $2 " = " $3 }' pkcs11t.h | sed -e 's/UL$//g' -e 's/UL)$/)/g'
|
||||
|
@ -98,15 +102,19 @@ const (
|
|||
CKK_SHA512_224_HMAC = 0x00000027
|
||||
CKK_SHA512_256_HMAC = 0x00000028
|
||||
CKK_SHA512_T_HMAC = 0x00000029
|
||||
CKK_SHA_1_HMAC = 0x00000028
|
||||
CKK_SHA224_HMAC = 0x0000002E
|
||||
CKK_SHA256_HMAC = 0x0000002B
|
||||
CKK_SHA384_HMAC = 0x0000002C
|
||||
CKK_SHA512_HMAC = 0x0000002D
|
||||
CKK_SEED = 0x00000050
|
||||
CKK_GOSTR3410 = 0x00000060
|
||||
CKK_GOSTR3411 = 0x00000061
|
||||
CKK_GOST28147 = 0x00000062
|
||||
CKK_SHA_1_HMAC = 0x00000028
|
||||
CKK_SHA224_HMAC = 0x0000002E
|
||||
CKK_SHA256_HMAC = 0x0000002B
|
||||
CKK_SHA384_HMAC = 0x0000002C
|
||||
CKK_SHA512_HMAC = 0x0000002D
|
||||
CKK_SEED = 0x0000002F
|
||||
CKK_GOSTR3410 = 0x00000030
|
||||
CKK_GOSTR3411 = 0x00000031
|
||||
CKK_GOST28147 = 0x00000032
|
||||
CKK_SHA3_224_HMAC = 0x00000033
|
||||
CKK_SHA3_256_HMAC = 0x00000034
|
||||
CKK_SHA3_384_HMAC = 0x00000035
|
||||
CKK_SHA3_512_HMAC = 0x00000036
|
||||
CKK_VENDOR_DEFINED = 0x80000000
|
||||
CKC_X_509 = 0x00000000
|
||||
CKC_X_509_ATTR_CERT = 0x00000001
|
||||
|
@ -182,8 +190,8 @@ const (
|
|||
CKA_AUTH_PIN_FLAGS = 0x00000201
|
||||
CKA_ALWAYS_AUTHENTICATE = 0x00000202
|
||||
CKA_WRAP_WITH_TRUSTED = 0x00000210
|
||||
CKA_WRAP_TEMPLATE = (CKF_ARRAY_ATTRIBUTE | 0x00000211)
|
||||
CKA_UNWRAP_TEMPLATE = (CKF_ARRAY_ATTRIBUTE | 0x00000212)
|
||||
CKA_WRAP_TEMPLATE = CKF_ARRAY_ATTRIBUTE | 0x00000211
|
||||
CKA_UNWRAP_TEMPLATE = CKF_ARRAY_ATTRIBUTE | 0x00000212
|
||||
CKA_OTP_FORMAT = 0x00000220
|
||||
CKA_OTP_LENGTH = 0x00000221
|
||||
CKA_OTP_TIME_INTERVAL = 0x00000222
|
||||
|
@ -218,7 +226,7 @@ const (
|
|||
CKA_REQUIRED_CMS_ATTRIBUTES = 0x00000501
|
||||
CKA_DEFAULT_CMS_ATTRIBUTES = 0x00000502
|
||||
CKA_SUPPORTED_CMS_ATTRIBUTES = 0x00000503
|
||||
CKA_ALLOWED_MECHANISMS = (CKF_ARRAY_ATTRIBUTE | 0x00000600)
|
||||
CKA_ALLOWED_MECHANISMS = CKF_ARRAY_ATTRIBUTE | 0x00000600
|
||||
CKA_VENDOR_DEFINED = 0x80000000
|
||||
CKM_RSA_PKCS_KEY_PAIR_GEN = 0x00000000
|
||||
CKM_RSA_PKCS = 0x00000001
|
||||
|
@ -243,6 +251,10 @@ const (
|
|||
CKM_DSA_SHA256 = 0x00000015
|
||||
CKM_DSA_SHA384 = 0x00000016
|
||||
CKM_DSA_SHA512 = 0x00000017
|
||||
CKM_DSA_SHA3_224 = 0x00000018
|
||||
CKM_DSA_SHA3_256 = 0x00000019
|
||||
CKM_DSA_SHA3_384 = 0x0000001A
|
||||
CKM_DSA_SHA3_512 = 0x0000001B
|
||||
CKM_DH_PKCS_KEY_PAIR_GEN = 0x00000020
|
||||
CKM_DH_PKCS_DERIVE = 0x00000021
|
||||
CKM_X9_42_DH_KEY_PAIR_GEN = 0x00000030
|
||||
|
@ -269,6 +281,14 @@ const (
|
|||
CKM_SHA512_T_HMAC = 0x00000051
|
||||
CKM_SHA512_T_HMAC_GENERAL = 0x00000052
|
||||
CKM_SHA512_T_KEY_DERIVATION = 0x00000053
|
||||
CKM_SHA3_256_RSA_PKCS = 0x00000060
|
||||
CKM_SHA3_384_RSA_PKCS = 0x00000061
|
||||
CKM_SHA3_512_RSA_PKCS = 0x00000062
|
||||
CKM_SHA3_256_RSA_PKCS_PSS = 0x00000063
|
||||
CKM_SHA3_384_RSA_PKCS_PSS = 0x00000064
|
||||
CKM_SHA3_512_RSA_PKCS_PSS = 0x00000065
|
||||
CKM_SHA3_224_RSA_PKCS = 0x00000066
|
||||
CKM_SHA3_224_RSA_PKCS_PSS = 0x00000067
|
||||
CKM_RC2_KEY_GEN = 0x00000100
|
||||
CKM_RC2_ECB = 0x00000101
|
||||
CKM_RC2_CBC = 0x00000102
|
||||
|
@ -335,6 +355,22 @@ const (
|
|||
CKM_HOTP = 0x00000291
|
||||
CKM_ACTI = 0x000002A0
|
||||
CKM_ACTI_KEY_GEN = 0x000002A1
|
||||
CKM_SHA3_256 = 0x000002B0
|
||||
CKM_SHA3_256_HMAC = 0x000002B1
|
||||
CKM_SHA3_256_HMAC_GENERAL = 0x000002B2
|
||||
CKM_SHA3_256_KEY_GEN = 0x000002B3
|
||||
CKM_SHA3_224 = 0x000002B5
|
||||
CKM_SHA3_224_HMAC = 0x000002B6
|
||||
CKM_SHA3_224_HMAC_GENERAL = 0x000002B7
|
||||
CKM_SHA3_224_KEY_GEN = 0x000002B8
|
||||
CKM_SHA3_384 = 0x000002C0
|
||||
CKM_SHA3_384_HMAC = 0x000002C1
|
||||
CKM_SHA3_384_HMAC_GENERAL = 0x000002C2
|
||||
CKM_SHA3_384_KEY_GEN = 0x000002C3
|
||||
CKM_SHA3_512 = 0x000002D0
|
||||
CKM_SHA3_512_HMAC = 0x000002D1
|
||||
CKM_SHA3_512_HMAC_GENERAL = 0x000002D2
|
||||
CKM_SHA3_512_KEY_GEN = 0x000002D3
|
||||
CKM_CAST_KEY_GEN = 0x00000300
|
||||
CKM_CAST_ECB = 0x00000301
|
||||
CKM_CAST_CBC = 0x00000302
|
||||
|
@ -395,6 +431,12 @@ const (
|
|||
CKM_SHA384_KEY_DERIVATION = 0x00000394
|
||||
CKM_SHA512_KEY_DERIVATION = 0x00000395
|
||||
CKM_SHA224_KEY_DERIVATION = 0x00000396
|
||||
CKM_SHA3_256_KEY_DERIVE = 0x00000397
|
||||
CKM_SHA3_224_KEY_DERIVE = 0x00000398
|
||||
CKM_SHA3_384_KEY_DERIVE = 0x00000399
|
||||
CKM_SHA3_512_KEY_DERIVE = 0x0000039A
|
||||
CKM_SHAKE_128_KEY_DERIVE = 0x0000039B
|
||||
CKM_SHAKE_256_KEY_DERIVE = 0x0000039C
|
||||
CKM_PBE_MD2_DES_CBC = 0x000003A0
|
||||
CKM_PBE_MD5_DES_CBC = 0x000003A1
|
||||
CKM_PBE_MD5_CAST_CBC = 0x000003A2
|
||||
|
@ -678,4 +720,6 @@ const (
|
|||
CKF_EXCLUDE_CHALLENGE = 0x00000008
|
||||
CKF_EXCLUDE_PIN = 0x00000010
|
||||
CKF_USER_FRIENDLY_OTP = 0x00000020
|
||||
CKD_NULL = 0x00000001
|
||||
CKD_SHA1_KDF = 0x00000002
|
||||
)
|
||||
|
|
|
@ -8,6 +8,24 @@ package pkcs11
|
|||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include "pkcs11go.h"
|
||||
|
||||
static inline void putOAEPParams(CK_RSA_PKCS_OAEP_PARAMS_PTR params, CK_VOID_PTR pSourceData, CK_ULONG ulSourceDataLen)
|
||||
{
|
||||
params->pSourceData = pSourceData;
|
||||
params->ulSourceDataLen = ulSourceDataLen;
|
||||
}
|
||||
|
||||
static inline void putECDH1SharedParams(CK_ECDH1_DERIVE_PARAMS_PTR params, CK_VOID_PTR pSharedData, CK_ULONG ulSharedDataLen)
|
||||
{
|
||||
params->pSharedData = pSharedData;
|
||||
params->ulSharedDataLen = ulSharedDataLen;
|
||||
}
|
||||
|
||||
static inline void putECDH1PublicParams(CK_ECDH1_DERIVE_PARAMS_PTR params, CK_VOID_PTR pPublicData, CK_ULONG ulPublicDataLen)
|
||||
{
|
||||
params->pPublicData = pPublicData;
|
||||
params->ulPublicDataLen = ulPublicDataLen;
|
||||
}
|
||||
*/
|
||||
import "C"
|
||||
import "unsafe"
|
||||
|
@ -21,9 +39,8 @@ type GCMParams struct {
|
|||
tagSize int
|
||||
}
|
||||
|
||||
// NewGCMParams returns a pointer to AES-GCM parameters.
|
||||
// This is a convenience function for passing GCM parameters to
|
||||
// available mechanisms.
|
||||
// NewGCMParams returns a pointer to AES-GCM parameters that can be used with the CKM_AES_GCM mechanism.
|
||||
// The Free() method must be called after the operation is complete.
|
||||
//
|
||||
// *NOTE*
|
||||
// Some HSMs, like CloudHSM, will ignore the IV you pass in and write their
|
||||
|
@ -55,17 +72,23 @@ func cGCMParams(p *GCMParams) []byte {
|
|||
iv, ivLen := arena.Allocate(p.iv)
|
||||
params.pIv = C.CK_BYTE_PTR(iv)
|
||||
params.ulIvLen = ivLen
|
||||
params.ulIvBits = ivLen * 8
|
||||
}
|
||||
if len(p.aad) > 0 {
|
||||
aad, aadLen := arena.Allocate(p.aad)
|
||||
params.pAAD = C.CK_BYTE_PTR(aad)
|
||||
params.ulAADLen = aadLen
|
||||
}
|
||||
p.Free()
|
||||
p.arena = arena
|
||||
p.params = ¶ms
|
||||
return C.GoBytes(unsafe.Pointer(¶ms), C.int(unsafe.Sizeof(params)))
|
||||
}
|
||||
|
||||
// IV returns a copy of the actual IV used for the operation.
|
||||
//
|
||||
// Some HSMs may ignore the user-specified IV and write their own at the end of
|
||||
// the encryption operation; this method allows you to retrieve it.
|
||||
func (p *GCMParams) IV() []byte {
|
||||
if p == nil || p.params == nil {
|
||||
return nil
|
||||
|
@ -76,6 +99,10 @@ func (p *GCMParams) IV() []byte {
|
|||
return iv
|
||||
}
|
||||
|
||||
// Free deallocates the memory reserved for the HSM to write back the actual IV.
|
||||
//
|
||||
// This must be called after the entire operation is complete, i.e. after
|
||||
// Encrypt or EncryptFinal. It is safe to call Free multiple times.
|
||||
func (p *GCMParams) Free() {
|
||||
if p == nil || p.arena == nil {
|
||||
return
|
||||
|
@ -84,3 +111,78 @@ func (p *GCMParams) Free() {
|
|||
p.params = nil
|
||||
p.arena = nil
|
||||
}
|
||||
|
||||
// NewPSSParams creates a CK_RSA_PKCS_PSS_PARAMS structure and returns it as a byte array for use with the CKM_RSA_PKCS_PSS mechanism
|
||||
func NewPSSParams(hashAlg, mgf, saltLength uint) []byte {
|
||||
p := C.CK_RSA_PKCS_PSS_PARAMS{
|
||||
hashAlg: C.CK_MECHANISM_TYPE(hashAlg),
|
||||
mgf: C.CK_RSA_PKCS_MGF_TYPE(mgf),
|
||||
sLen: C.CK_ULONG(saltLength),
|
||||
}
|
||||
return C.GoBytes(unsafe.Pointer(&p), C.int(unsafe.Sizeof(p)))
|
||||
}
|
||||
|
||||
// OAEPParams can be passed to NewMechanism to implement CKM_RSA_PKCS_OAEP
|
||||
type OAEPParams struct {
|
||||
HashAlg uint
|
||||
MGF uint
|
||||
SourceType uint
|
||||
SourceData []byte
|
||||
}
|
||||
|
||||
// NewOAEPParams creates a CK_RSA_PKCS_OAEP_PARAMS structure suitable for use with the CKM_RSA_PKCS_OAEP mechanism
|
||||
func NewOAEPParams(hashAlg, mgf, sourceType uint, sourceData []byte) *OAEPParams {
|
||||
return &OAEPParams{
|
||||
HashAlg: hashAlg,
|
||||
MGF: mgf,
|
||||
SourceType: sourceType,
|
||||
SourceData: sourceData,
|
||||
}
|
||||
}
|
||||
|
||||
func cOAEPParams(p *OAEPParams, arena arena) ([]byte, arena) {
|
||||
params := C.CK_RSA_PKCS_OAEP_PARAMS{
|
||||
hashAlg: C.CK_MECHANISM_TYPE(p.HashAlg),
|
||||
mgf: C.CK_RSA_PKCS_MGF_TYPE(p.MGF),
|
||||
source: C.CK_RSA_PKCS_OAEP_SOURCE_TYPE(p.SourceType),
|
||||
}
|
||||
if len(p.SourceData) != 0 {
|
||||
buf, len := arena.Allocate(p.SourceData)
|
||||
// field is unaligned on windows so this has to call into C
|
||||
C.putOAEPParams(¶ms, buf, len)
|
||||
}
|
||||
return C.GoBytes(unsafe.Pointer(¶ms), C.int(unsafe.Sizeof(params))), arena
|
||||
}
|
||||
|
||||
// ECDH1DeriveParams can be passed to NewMechanism to implement CK_ECDH1_DERIVE_PARAMS
|
||||
type ECDH1DeriveParams struct {
|
||||
KDF uint
|
||||
SharedData []byte
|
||||
PublicKeyData []byte
|
||||
}
|
||||
|
||||
// NewECDH1DeriveParams creates a CK_ECDH1_DERIVE_PARAMS structure suitable for use with the CKM_ECDH1_DERIVE mechanism
|
||||
func NewECDH1DeriveParams(kdf uint, sharedData []byte, publicKeyData []byte) *ECDH1DeriveParams {
|
||||
return &ECDH1DeriveParams{
|
||||
KDF: kdf,
|
||||
SharedData: sharedData,
|
||||
PublicKeyData: publicKeyData,
|
||||
}
|
||||
}
|
||||
|
||||
func cECDH1DeriveParams(p *ECDH1DeriveParams, arena arena) ([]byte, arena) {
|
||||
params := C.CK_ECDH1_DERIVE_PARAMS{
|
||||
kdf: C.CK_EC_KDF_TYPE(p.KDF),
|
||||
}
|
||||
|
||||
// SharedData MUST be null if key derivation function (KDF) is CKD_NULL
|
||||
if len(p.SharedData) != 0 {
|
||||
sharedData, sharedDataLen := arena.Allocate(p.SharedData)
|
||||
C.putECDH1SharedParams(¶ms, sharedData, sharedDataLen)
|
||||
}
|
||||
|
||||
publicKeyData, publicKeyDataLen := arena.Allocate(p.PublicKeyData)
|
||||
C.putECDH1PublicParams(¶ms, publicKeyData, publicKeyDataLen)
|
||||
|
||||
return C.GoBytes(unsafe.Pointer(¶ms), C.int(unsafe.Sizeof(params))), arena
|
||||
}
|
||||
|
|
|
@ -11,43 +11,73 @@ package pkcs11
|
|||
// * CK_ULONG never overflows an Go int
|
||||
|
||||
/*
|
||||
#cgo windows CFLAGS: -DREPACK_STRUCTURES
|
||||
#cgo windows LDFLAGS: -lltdl
|
||||
#cgo linux LDFLAGS: -lltdl -ldl
|
||||
#cgo darwin CFLAGS: -I/usr/local/share/libtool
|
||||
#cgo darwin LDFLAGS: -lltdl -L/usr/local/lib/
|
||||
#cgo openbsd CFLAGS: -I/usr/local/include/
|
||||
#cgo openbsd LDFLAGS: -lltdl -L/usr/local/lib/
|
||||
#cgo freebsd CFLAGS: -I/usr/local/include/
|
||||
#cgo freebsd LDFLAGS: -lltdl -L/usr/local/lib/
|
||||
#cgo LDFLAGS: -lltdl
|
||||
#cgo windows CFLAGS: -DPACKED_STRUCTURES
|
||||
#cgo linux LDFLAGS: -ldl
|
||||
#cgo darwin LDFLAGS: -ldl
|
||||
#cgo openbsd LDFLAGS: -ldl
|
||||
#cgo freebsd LDFLAGS: -ldl
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <ltdl.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include "pkcs11go.h"
|
||||
|
||||
#ifdef _WIN32
|
||||
#include <windows.h>
|
||||
|
||||
struct ctx {
|
||||
lt_dlhandle handle;
|
||||
HMODULE handle;
|
||||
CK_FUNCTION_LIST_PTR sym;
|
||||
};
|
||||
|
||||
// New initializes a ctx and fills the symbol table.
|
||||
struct ctx *New(const char *module)
|
||||
{
|
||||
if (lt_dlinit() != 0) {
|
||||
return NULL;
|
||||
}
|
||||
CK_C_GetFunctionList list;
|
||||
struct ctx *c = calloc(1, sizeof(struct ctx));
|
||||
c->handle = lt_dlopen(module);
|
||||
c->handle = LoadLibrary(module);
|
||||
if (c->handle == NULL) {
|
||||
free(c);
|
||||
return NULL;
|
||||
}
|
||||
list = (CK_C_GetFunctionList) lt_dlsym(c->handle, "C_GetFunctionList");
|
||||
list = (CK_C_GetFunctionList) GetProcAddress(c->handle, "C_GetFunctionList");
|
||||
if (list == NULL) {
|
||||
free(c);
|
||||
return NULL;
|
||||
}
|
||||
list(&c->sym);
|
||||
return c;
|
||||
}
|
||||
|
||||
// Destroy cleans up a ctx.
|
||||
void Destroy(struct ctx *c)
|
||||
{
|
||||
if (!c) {
|
||||
return;
|
||||
}
|
||||
free(c);
|
||||
}
|
||||
#else
|
||||
#include <dlfcn.h>
|
||||
|
||||
struct ctx {
|
||||
void *handle;
|
||||
CK_FUNCTION_LIST_PTR sym;
|
||||
};
|
||||
|
||||
// New initializes a ctx and fills the symbol table.
|
||||
struct ctx *New(const char *module)
|
||||
{
|
||||
CK_C_GetFunctionList list;
|
||||
struct ctx *c = calloc(1, sizeof(struct ctx));
|
||||
c->handle = dlopen(module, RTLD_LAZY);
|
||||
if (c->handle == NULL) {
|
||||
free(c);
|
||||
return NULL;
|
||||
}
|
||||
list = (CK_C_GetFunctionList) dlsym(c->handle, "C_GetFunctionList");
|
||||
if (list == NULL) {
|
||||
free(c);
|
||||
return NULL;
|
||||
|
@ -65,12 +95,12 @@ void Destroy(struct ctx *c)
|
|||
if (c->handle == NULL) {
|
||||
return;
|
||||
}
|
||||
if (lt_dlclose(c->handle) < 0) {
|
||||
if (dlclose(c->handle) < 0) {
|
||||
return;
|
||||
}
|
||||
lt_dlexit();
|
||||
free(c);
|
||||
}
|
||||
#endif
|
||||
|
||||
CK_RV Initialize(struct ctx * c)
|
||||
{
|
||||
|
@ -238,23 +268,17 @@ CK_RV Logout(struct ctx * c, CK_SESSION_HANDLE session)
|
|||
}
|
||||
|
||||
CK_RV CreateObject(struct ctx * c, CK_SESSION_HANDLE session,
|
||||
ckAttrPtr temp, CK_ULONG tempCount,
|
||||
CK_ATTRIBUTE_PTR temp, CK_ULONG tempCount,
|
||||
CK_OBJECT_HANDLE_PTR obj)
|
||||
{
|
||||
ATTR_TO_C(tempc, temp, tempCount, NULL);
|
||||
CK_RV e = c->sym->C_CreateObject(session, tempc, tempCount, obj);
|
||||
ATTR_FREE(tempc);
|
||||
return e;
|
||||
return c->sym->C_CreateObject(session, temp, tempCount, obj);
|
||||
}
|
||||
|
||||
CK_RV CopyObject(struct ctx * c, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE o,
|
||||
ckAttrPtr temp, CK_ULONG tempCount,
|
||||
CK_ATTRIBUTE_PTR temp, CK_ULONG tempCount,
|
||||
CK_OBJECT_HANDLE_PTR obj)
|
||||
{
|
||||
ATTR_TO_C(tempc, temp, tempCount, NULL);
|
||||
CK_RV e = c->sym->C_CopyObject(session, o, tempc, tempCount, obj);
|
||||
ATTR_FREE(tempc);
|
||||
return e;
|
||||
return c->sym->C_CopyObject(session, o, temp, tempCount, obj);
|
||||
}
|
||||
|
||||
CK_RV DestroyObject(struct ctx * c, CK_SESSION_HANDLE session,
|
||||
|
@ -272,48 +296,37 @@ CK_RV GetObjectSize(struct ctx * c, CK_SESSION_HANDLE session,
|
|||
}
|
||||
|
||||
CK_RV GetAttributeValue(struct ctx * c, CK_SESSION_HANDLE session,
|
||||
CK_OBJECT_HANDLE object, ckAttrPtr temp,
|
||||
CK_OBJECT_HANDLE object, CK_ATTRIBUTE_PTR temp,
|
||||
CK_ULONG templen)
|
||||
{
|
||||
ATTR_TO_C(tempc, temp, templen, NULL);
|
||||
// Call for the first time, check the returned ulValue in the attributes, then
|
||||
// allocate enough space and try again.
|
||||
CK_RV e = c->sym->C_GetAttributeValue(session, object, tempc, templen);
|
||||
CK_RV e = c->sym->C_GetAttributeValue(session, object, temp, templen);
|
||||
if (e != CKR_OK) {
|
||||
ATTR_FREE(tempc);
|
||||
return e;
|
||||
}
|
||||
CK_ULONG i;
|
||||
for (i = 0; i < templen; i++) {
|
||||
if ((CK_LONG) tempc[i].ulValueLen == -1) {
|
||||
if ((CK_LONG) temp[i].ulValueLen == -1) {
|
||||
// either access denied or no such object
|
||||
continue;
|
||||
}
|
||||
tempc[i].pValue = calloc(tempc[i].ulValueLen, sizeof(CK_BYTE));
|
||||
temp[i].pValue = calloc(temp[i].ulValueLen, sizeof(CK_BYTE));
|
||||
}
|
||||
e = c->sym->C_GetAttributeValue(session, object, tempc, templen);
|
||||
ATTR_FROM_C(temp, tempc, templen);
|
||||
ATTR_FREE(tempc);
|
||||
return e;
|
||||
return c->sym->C_GetAttributeValue(session, object, temp, templen);
|
||||
}
|
||||
|
||||
CK_RV SetAttributeValue(struct ctx * c, CK_SESSION_HANDLE session,
|
||||
CK_OBJECT_HANDLE object, ckAttrPtr temp,
|
||||
CK_OBJECT_HANDLE object, CK_ATTRIBUTE_PTR temp,
|
||||
CK_ULONG templen)
|
||||
{
|
||||
ATTR_TO_C(tempc, temp, templen, NULL);
|
||||
CK_RV e = c->sym->C_SetAttributeValue(session, object, tempc, templen);
|
||||
ATTR_FREE(tempc);
|
||||
return e;
|
||||
return c->sym->C_SetAttributeValue(session, object, temp, templen);
|
||||
}
|
||||
|
||||
CK_RV FindObjectsInit(struct ctx * c, CK_SESSION_HANDLE session,
|
||||
ckAttrPtr temp, CK_ULONG tempCount)
|
||||
CK_ATTRIBUTE_PTR temp, CK_ULONG tempCount)
|
||||
{
|
||||
ATTR_TO_C(tempc, temp, tempCount, NULL);
|
||||
CK_RV e = c->sym->C_FindObjectsInit(session, tempc, tempCount);
|
||||
ATTR_FREE(tempc);
|
||||
return e;
|
||||
return c->sym->C_FindObjectsInit(session, temp, tempCount);
|
||||
}
|
||||
|
||||
CK_RV FindObjects(struct ctx * c, CK_SESSION_HANDLE session,
|
||||
|
@ -332,11 +345,9 @@ CK_RV FindObjectsFinal(struct ctx * c, CK_SESSION_HANDLE session)
|
|||
}
|
||||
|
||||
CK_RV EncryptInit(struct ctx * c, CK_SESSION_HANDLE session,
|
||||
ckMechPtr mechanism, CK_OBJECT_HANDLE key)
|
||||
CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE key)
|
||||
{
|
||||
MECH_TO_C(m, mechanism);
|
||||
CK_RV e = c->sym->C_EncryptInit(session, m, key);
|
||||
return e;
|
||||
return c->sym->C_EncryptInit(session, mechanism, key);
|
||||
}
|
||||
|
||||
CK_RV Encrypt(struct ctx * c, CK_SESSION_HANDLE session, CK_BYTE_PTR message,
|
||||
|
@ -388,17 +399,15 @@ CK_RV EncryptFinal(struct ctx * c, CK_SESSION_HANDLE session,
|
|||
}
|
||||
|
||||
CK_RV DecryptInit(struct ctx * c, CK_SESSION_HANDLE session,
|
||||
ckMechPtr mechanism, CK_OBJECT_HANDLE key)
|
||||
CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE key)
|
||||
{
|
||||
MECH_TO_C(m, mechanism);
|
||||
CK_RV e = c->sym->C_DecryptInit(session, m, key);
|
||||
return e;
|
||||
return c->sym->C_DecryptInit(session, mechanism, key);
|
||||
}
|
||||
|
||||
CK_RV Decrypt(struct ctx * c, CK_SESSION_HANDLE session, CK_BYTE_PTR cypher,
|
||||
CK_RV Decrypt(struct ctx * c, CK_SESSION_HANDLE session, CK_BYTE_PTR cipher,
|
||||
CK_ULONG clen, CK_BYTE_PTR * plain, CK_ULONG_PTR plainlen)
|
||||
{
|
||||
CK_RV e = c->sym->C_Decrypt(session, cypher, clen, NULL, plainlen);
|
||||
CK_RV e = c->sym->C_Decrypt(session, cipher, clen, NULL, plainlen);
|
||||
if (e != CKR_OK) {
|
||||
return e;
|
||||
}
|
||||
|
@ -406,7 +415,7 @@ CK_RV Decrypt(struct ctx * c, CK_SESSION_HANDLE session, CK_BYTE_PTR cypher,
|
|||
if (*plain == NULL) {
|
||||
return CKR_HOST_MEMORY;
|
||||
}
|
||||
e = c->sym->C_Decrypt(session, cypher, clen, *plain, plainlen);
|
||||
e = c->sym->C_Decrypt(session, cipher, clen, *plain, plainlen);
|
||||
return e;
|
||||
}
|
||||
|
||||
|
@ -444,11 +453,9 @@ CK_RV DecryptFinal(struct ctx * c, CK_SESSION_HANDLE session,
|
|||
}
|
||||
|
||||
CK_RV DigestInit(struct ctx * c, CK_SESSION_HANDLE session,
|
||||
ckMechPtr mechanism)
|
||||
CK_MECHANISM_PTR mechanism)
|
||||
{
|
||||
MECH_TO_C(m, mechanism);
|
||||
CK_RV e = c->sym->C_DigestInit(session, m);
|
||||
return e;
|
||||
return c->sym->C_DigestInit(session, mechanism);
|
||||
}
|
||||
|
||||
CK_RV Digest(struct ctx * c, CK_SESSION_HANDLE session, CK_BYTE_PTR message,
|
||||
|
@ -495,11 +502,9 @@ CK_RV DigestFinal(struct ctx * c, CK_SESSION_HANDLE session, CK_BYTE_PTR * hash,
|
|||
}
|
||||
|
||||
CK_RV SignInit(struct ctx * c, CK_SESSION_HANDLE session,
|
||||
ckMechPtr mechanism, CK_OBJECT_HANDLE key)
|
||||
CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE key)
|
||||
{
|
||||
MECH_TO_C(m, mechanism);
|
||||
CK_RV e = c->sym->C_SignInit(session, m, key);
|
||||
return e;
|
||||
return c->sym->C_SignInit(session, mechanism, key);
|
||||
}
|
||||
|
||||
CK_RV Sign(struct ctx * c, CK_SESSION_HANDLE session, CK_BYTE_PTR message,
|
||||
|
@ -540,11 +545,9 @@ CK_RV SignFinal(struct ctx * c, CK_SESSION_HANDLE session, CK_BYTE_PTR * sig,
|
|||
}
|
||||
|
||||
CK_RV SignRecoverInit(struct ctx * c, CK_SESSION_HANDLE session,
|
||||
ckMechPtr mech, CK_OBJECT_HANDLE key)
|
||||
CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE key)
|
||||
{
|
||||
MECH_TO_C(m, mech);
|
||||
CK_RV rv = c->sym->C_SignRecoverInit(session, m, key);
|
||||
return rv;
|
||||
return c->sym->C_SignRecoverInit(session, mechanism, key);
|
||||
}
|
||||
|
||||
CK_RV SignRecover(struct ctx * c, CK_SESSION_HANDLE session, CK_BYTE_PTR data,
|
||||
|
@ -563,11 +566,9 @@ CK_RV SignRecover(struct ctx * c, CK_SESSION_HANDLE session, CK_BYTE_PTR data,
|
|||
}
|
||||
|
||||
CK_RV VerifyInit(struct ctx * c, CK_SESSION_HANDLE session,
|
||||
ckMechPtr mech, CK_OBJECT_HANDLE key)
|
||||
CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE key)
|
||||
{
|
||||
MECH_TO_C(m, mech);
|
||||
CK_RV rv = c->sym->C_VerifyInit(session, m, key);
|
||||
return rv;
|
||||
return c->sym->C_VerifyInit(session, mechanism, key);
|
||||
}
|
||||
|
||||
CK_RV Verify(struct ctx * c, CK_SESSION_HANDLE session, CK_BYTE_PTR message,
|
||||
|
@ -592,11 +593,9 @@ CK_RV VerifyFinal(struct ctx * c, CK_SESSION_HANDLE session, CK_BYTE_PTR sig,
|
|||
}
|
||||
|
||||
CK_RV VerifyRecoverInit(struct ctx * c, CK_SESSION_HANDLE session,
|
||||
ckMechPtr mech, CK_OBJECT_HANDLE key)
|
||||
CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE key)
|
||||
{
|
||||
MECH_TO_C(m, mech);
|
||||
CK_RV rv = c->sym->C_VerifyRecoverInit(session, m, key);
|
||||
return rv;
|
||||
return c->sym->C_VerifyRecoverInit(session, mechanism, key);
|
||||
}
|
||||
|
||||
CK_RV VerifyRecover(struct ctx * c, CK_SESSION_HANDLE session, CK_BYTE_PTR sig,
|
||||
|
@ -688,39 +687,28 @@ CK_RV DecryptVerifyUpdate(struct ctx * c, CK_SESSION_HANDLE session,
|
|||
}
|
||||
|
||||
CK_RV GenerateKey(struct ctx * c, CK_SESSION_HANDLE session,
|
||||
ckMechPtr mechanism, ckAttrPtr temp,
|
||||
CK_MECHANISM_PTR mechanism, CK_ATTRIBUTE_PTR temp,
|
||||
CK_ULONG tempCount, CK_OBJECT_HANDLE_PTR key)
|
||||
{
|
||||
MECH_TO_C(m, mechanism);
|
||||
ATTR_TO_C(tempc, temp, tempCount, NULL);
|
||||
CK_RV e = c->sym->C_GenerateKey(session, m, tempc, tempCount, key);
|
||||
ATTR_FREE(tempc);
|
||||
return e;
|
||||
return c->sym->C_GenerateKey(session, mechanism, temp, tempCount, key);
|
||||
}
|
||||
|
||||
CK_RV GenerateKeyPair(struct ctx * c, CK_SESSION_HANDLE session,
|
||||
ckMechPtr mechanism, ckAttrPtr pub,
|
||||
CK_ULONG pubCount, ckAttrPtr priv,
|
||||
CK_MECHANISM_PTR mechanism, CK_ATTRIBUTE_PTR pub,
|
||||
CK_ULONG pubCount, CK_ATTRIBUTE_PTR priv,
|
||||
CK_ULONG privCount, CK_OBJECT_HANDLE_PTR pubkey,
|
||||
CK_OBJECT_HANDLE_PTR privkey)
|
||||
{
|
||||
MECH_TO_C(m, mechanism);
|
||||
ATTR_TO_C(pubc, pub, pubCount, NULL);
|
||||
ATTR_TO_C(privc, priv, privCount, pubc);
|
||||
CK_RV e = c->sym->C_GenerateKeyPair(session, m, pubc, pubCount,
|
||||
privc, privCount, pubkey, privkey);
|
||||
ATTR_FREE(pubc);
|
||||
ATTR_FREE(privc);
|
||||
return e;
|
||||
return c->sym->C_GenerateKeyPair(session, mechanism, pub, pubCount,
|
||||
priv, privCount, pubkey, privkey);
|
||||
}
|
||||
|
||||
CK_RV WrapKey(struct ctx * c, CK_SESSION_HANDLE session,
|
||||
ckMechPtr mechanism, CK_OBJECT_HANDLE wrappingkey,
|
||||
CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE wrappingkey,
|
||||
CK_OBJECT_HANDLE key, CK_BYTE_PTR * wrapped,
|
||||
CK_ULONG_PTR wrappedlen)
|
||||
{
|
||||
MECH_TO_C(m, mechanism);
|
||||
CK_RV rv = c->sym->C_WrapKey(session, m, wrappingkey, key, NULL,
|
||||
CK_RV rv = c->sym->C_WrapKey(session, mechanism, wrappingkey, key, NULL,
|
||||
wrappedlen);
|
||||
if (rv != CKR_OK) {
|
||||
return rv;
|
||||
|
@ -729,33 +717,25 @@ CK_RV WrapKey(struct ctx * c, CK_SESSION_HANDLE session,
|
|||
if (*wrapped == NULL) {
|
||||
return CKR_HOST_MEMORY;
|
||||
}
|
||||
rv = c->sym->C_WrapKey(session, m, wrappingkey, key, *wrapped,
|
||||
rv = c->sym->C_WrapKey(session, mechanism, wrappingkey, key, *wrapped,
|
||||
wrappedlen);
|
||||
return rv;
|
||||
}
|
||||
|
||||
CK_RV DeriveKey(struct ctx * c, CK_SESSION_HANDLE session,
|
||||
ckMechPtr mech, CK_OBJECT_HANDLE basekey,
|
||||
ckAttrPtr a, CK_ULONG alen, CK_OBJECT_HANDLE_PTR key)
|
||||
CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE basekey,
|
||||
CK_ATTRIBUTE_PTR a, CK_ULONG alen, CK_OBJECT_HANDLE_PTR key)
|
||||
{
|
||||
MECH_TO_C(m, mech);
|
||||
ATTR_TO_C(tempc, a, alen, NULL);
|
||||
CK_RV e = c->sym->C_DeriveKey(session, m, basekey, tempc, alen, key);
|
||||
ATTR_FREE(tempc);
|
||||
return e;
|
||||
return c->sym->C_DeriveKey(session, mechanism, basekey, a, alen, key);
|
||||
}
|
||||
|
||||
CK_RV UnwrapKey(struct ctx * c, CK_SESSION_HANDLE session,
|
||||
ckMechPtr mech, CK_OBJECT_HANDLE unwrappingkey,
|
||||
CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE unwrappingkey,
|
||||
CK_BYTE_PTR wrappedkey, CK_ULONG wrappedkeylen,
|
||||
ckAttrPtr a, CK_ULONG alen, CK_OBJECT_HANDLE_PTR key)
|
||||
CK_ATTRIBUTE_PTR a, CK_ULONG alen, CK_OBJECT_HANDLE_PTR key)
|
||||
{
|
||||
MECH_TO_C(m, mech);
|
||||
ATTR_TO_C(tempc, a, alen, NULL);
|
||||
CK_RV e = c->sym->C_UnwrapKey(session, m, unwrappingkey, wrappedkey,
|
||||
wrappedkeylen, tempc, alen, key);
|
||||
ATTR_FREE(tempc);
|
||||
return e;
|
||||
return c->sym->C_UnwrapKey(session, mechanism, unwrappingkey, wrappedkey,
|
||||
wrappedkeylen, a, alen, key);
|
||||
}
|
||||
|
||||
CK_RV SeedRandom(struct ctx * c, CK_SESSION_HANDLE session, CK_BYTE_PTR seed,
|
||||
|
@ -783,37 +763,11 @@ CK_RV WaitForSlotEvent(struct ctx * c, CK_FLAGS flags, CK_ULONG_PTR slot)
|
|||
return e;
|
||||
}
|
||||
|
||||
#ifdef REPACK_STRUCTURES
|
||||
|
||||
CK_RV attrsToC(CK_ATTRIBUTE_PTR *attrOut, ckAttrPtr attrIn, CK_ULONG count) {
|
||||
CK_ATTRIBUTE_PTR attr = calloc(count, sizeof(CK_ATTRIBUTE));
|
||||
if (attr == NULL) {
|
||||
return CKR_HOST_MEMORY;
|
||||
}
|
||||
for (int i = 0; i < count; i++) {
|
||||
attr[i].type = attrIn[i].type;
|
||||
attr[i].pValue = attrIn[i].pValue;
|
||||
attr[i].ulValueLen = attrIn[i].ulValueLen;
|
||||
}
|
||||
*attrOut = attr;
|
||||
return CKR_OK;
|
||||
static inline CK_VOID_PTR getAttributePval(CK_ATTRIBUTE_PTR a)
|
||||
{
|
||||
return a->pValue;
|
||||
}
|
||||
|
||||
void attrsFromC(ckAttrPtr attrOut, CK_ATTRIBUTE_PTR attrIn, CK_ULONG count) {
|
||||
for (int i = 0; i < count; i++) {
|
||||
attrOut[i].type = attrIn[i].type;
|
||||
attrOut[i].pValue = attrIn[i].pValue;
|
||||
attrOut[i].ulValueLen = attrIn[i].ulValueLen;
|
||||
}
|
||||
}
|
||||
|
||||
void mechToC(CK_MECHANISM_PTR mechOut, ckMechPtr mechIn) {
|
||||
mechOut->mechanism = mechIn->mechanism;
|
||||
mechOut->pParameter = mechIn->pParameter;
|
||||
mechOut->ulParameterLen = mechIn->ulParameterLen;
|
||||
}
|
||||
|
||||
#endif
|
||||
*/
|
||||
import "C"
|
||||
import "strings"
|
||||
|
@ -827,11 +781,6 @@ type Ctx struct {
|
|||
|
||||
// New creates a new context and initializes the module/library for use.
|
||||
func New(module string) *Ctx {
|
||||
// libtool-ltdl will return an assertion error if passed an empty string, so
|
||||
// we check for it explicitly.
|
||||
if module == "" {
|
||||
return nil
|
||||
}
|
||||
c := new(Ctx)
|
||||
mod := C.CString(module)
|
||||
defer C.free(unsafe.Pointer(mod))
|
||||
|
@ -1124,21 +1073,22 @@ func (c *Ctx) GetObjectSize(sh SessionHandle, oh ObjectHandle) (uint, error) {
|
|||
func (c *Ctx) GetAttributeValue(sh SessionHandle, o ObjectHandle, a []*Attribute) ([]*Attribute, error) {
|
||||
// copy the attribute list and make all the values nil, so that
|
||||
// the C function can (allocate) fill them in
|
||||
pa := make([]C.ckAttr, len(a))
|
||||
pa := make([]C.CK_ATTRIBUTE, len(a))
|
||||
for i := 0; i < len(a); i++ {
|
||||
pa[i]._type = C.CK_ATTRIBUTE_TYPE(a[i].Type)
|
||||
}
|
||||
e := C.GetAttributeValue(c.ctx, C.CK_SESSION_HANDLE(sh), C.CK_OBJECT_HANDLE(o), C.ckAttrPtr(&pa[0]), C.CK_ULONG(len(a)))
|
||||
if toError(e) != nil {
|
||||
return nil, toError(e)
|
||||
e := C.GetAttributeValue(c.ctx, C.CK_SESSION_HANDLE(sh), C.CK_OBJECT_HANDLE(o), &pa[0], C.CK_ULONG(len(a)))
|
||||
if err := toError(e); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
a1 := make([]*Attribute, len(a))
|
||||
for i, c := range pa {
|
||||
x := new(Attribute)
|
||||
x.Type = uint(c._type)
|
||||
if int(c.ulValueLen) != -1 {
|
||||
x.Value = C.GoBytes(unsafe.Pointer(c.pValue), C.int(c.ulValueLen))
|
||||
C.free(unsafe.Pointer(c.pValue))
|
||||
buf := unsafe.Pointer(C.getAttributePval(&c))
|
||||
x.Value = C.GoBytes(buf, C.int(c.ulValueLen))
|
||||
C.free(buf)
|
||||
}
|
||||
a1[i] = x
|
||||
}
|
||||
|
@ -1164,8 +1114,10 @@ func (c *Ctx) FindObjectsInit(sh SessionHandle, temp []*Attribute) error {
|
|||
|
||||
// FindObjects continues a search for token and session
|
||||
// objects that match a template, obtaining additional object
|
||||
// handles. The returned boolean indicates if the list would
|
||||
// have been larger than max.
|
||||
// handles. Calling the function repeatedly may yield additional results until
|
||||
// an empty slice is returned.
|
||||
//
|
||||
// The returned boolean value is deprecated and should be ignored.
|
||||
func (c *Ctx) FindObjects(sh SessionHandle, max int) ([]ObjectHandle, bool, error) {
|
||||
var (
|
||||
objectList C.CK_OBJECT_HANDLE_PTR
|
||||
|
@ -1193,7 +1145,7 @@ func (c *Ctx) FindObjectsFinal(sh SessionHandle) error {
|
|||
|
||||
// EncryptInit initializes an encryption operation.
|
||||
func (c *Ctx) EncryptInit(sh SessionHandle, m []*Mechanism, o ObjectHandle) error {
|
||||
arena, mech, _ := cMechanismList(m)
|
||||
arena, mech := cMechanism(m)
|
||||
defer arena.Free()
|
||||
e := C.EncryptInit(c.ctx, C.CK_SESSION_HANDLE(sh), mech, C.CK_OBJECT_HANDLE(o))
|
||||
return toError(e)
|
||||
|
@ -1205,7 +1157,7 @@ func (c *Ctx) Encrypt(sh SessionHandle, message []byte) ([]byte, error) {
|
|||
enc C.CK_BYTE_PTR
|
||||
enclen C.CK_ULONG
|
||||
)
|
||||
e := C.Encrypt(c.ctx, C.CK_SESSION_HANDLE(sh), C.CK_BYTE_PTR(unsafe.Pointer(&message[0])), C.CK_ULONG(len(message)), &enc, &enclen)
|
||||
e := C.Encrypt(c.ctx, C.CK_SESSION_HANDLE(sh), cMessage(message), C.CK_ULONG(len(message)), &enc, &enclen)
|
||||
if toError(e) != nil {
|
||||
return nil, toError(e)
|
||||
}
|
||||
|
@ -1220,7 +1172,7 @@ func (c *Ctx) EncryptUpdate(sh SessionHandle, plain []byte) ([]byte, error) {
|
|||
part C.CK_BYTE_PTR
|
||||
partlen C.CK_ULONG
|
||||
)
|
||||
e := C.EncryptUpdate(c.ctx, C.CK_SESSION_HANDLE(sh), C.CK_BYTE_PTR(unsafe.Pointer(&plain[0])), C.CK_ULONG(len(plain)), &part, &partlen)
|
||||
e := C.EncryptUpdate(c.ctx, C.CK_SESSION_HANDLE(sh), cMessage(plain), C.CK_ULONG(len(plain)), &part, &partlen)
|
||||
if toError(e) != nil {
|
||||
return nil, toError(e)
|
||||
}
|
||||
|
@ -1246,19 +1198,19 @@ func (c *Ctx) EncryptFinal(sh SessionHandle) ([]byte, error) {
|
|||
|
||||
// DecryptInit initializes a decryption operation.
|
||||
func (c *Ctx) DecryptInit(sh SessionHandle, m []*Mechanism, o ObjectHandle) error {
|
||||
arena, mech, _ := cMechanismList(m)
|
||||
arena, mech := cMechanism(m)
|
||||
defer arena.Free()
|
||||
e := C.DecryptInit(c.ctx, C.CK_SESSION_HANDLE(sh), mech, C.CK_OBJECT_HANDLE(o))
|
||||
return toError(e)
|
||||
}
|
||||
|
||||
// Decrypt decrypts encrypted data in a single part.
|
||||
func (c *Ctx) Decrypt(sh SessionHandle, cypher []byte) ([]byte, error) {
|
||||
func (c *Ctx) Decrypt(sh SessionHandle, cipher []byte) ([]byte, error) {
|
||||
var (
|
||||
plain C.CK_BYTE_PTR
|
||||
plainlen C.CK_ULONG
|
||||
)
|
||||
e := C.Decrypt(c.ctx, C.CK_SESSION_HANDLE(sh), C.CK_BYTE_PTR(unsafe.Pointer(&cypher[0])), C.CK_ULONG(len(cypher)), &plain, &plainlen)
|
||||
e := C.Decrypt(c.ctx, C.CK_SESSION_HANDLE(sh), cMessage(cipher), C.CK_ULONG(len(cipher)), &plain, &plainlen)
|
||||
if toError(e) != nil {
|
||||
return nil, toError(e)
|
||||
}
|
||||
|
@ -1273,7 +1225,7 @@ func (c *Ctx) DecryptUpdate(sh SessionHandle, cipher []byte) ([]byte, error) {
|
|||
part C.CK_BYTE_PTR
|
||||
partlen C.CK_ULONG
|
||||
)
|
||||
e := C.DecryptUpdate(c.ctx, C.CK_SESSION_HANDLE(sh), C.CK_BYTE_PTR(unsafe.Pointer(&cipher[0])), C.CK_ULONG(len(cipher)), &part, &partlen)
|
||||
e := C.DecryptUpdate(c.ctx, C.CK_SESSION_HANDLE(sh), cMessage(cipher), C.CK_ULONG(len(cipher)), &part, &partlen)
|
||||
if toError(e) != nil {
|
||||
return nil, toError(e)
|
||||
}
|
||||
|
@ -1299,7 +1251,7 @@ func (c *Ctx) DecryptFinal(sh SessionHandle) ([]byte, error) {
|
|||
|
||||
// DigestInit initializes a message-digesting operation.
|
||||
func (c *Ctx) DigestInit(sh SessionHandle, m []*Mechanism) error {
|
||||
arena, mech, _ := cMechanismList(m)
|
||||
arena, mech := cMechanism(m)
|
||||
defer arena.Free()
|
||||
e := C.DigestInit(c.ctx, C.CK_SESSION_HANDLE(sh), mech)
|
||||
return toError(e)
|
||||
|
@ -1311,7 +1263,7 @@ func (c *Ctx) Digest(sh SessionHandle, message []byte) ([]byte, error) {
|
|||
hash C.CK_BYTE_PTR
|
||||
hashlen C.CK_ULONG
|
||||
)
|
||||
e := C.Digest(c.ctx, C.CK_SESSION_HANDLE(sh), C.CK_BYTE_PTR(unsafe.Pointer(&message[0])), C.CK_ULONG(len(message)), &hash, &hashlen)
|
||||
e := C.Digest(c.ctx, C.CK_SESSION_HANDLE(sh), cMessage(message), C.CK_ULONG(len(message)), &hash, &hashlen)
|
||||
if toError(e) != nil {
|
||||
return nil, toError(e)
|
||||
}
|
||||
|
@ -1322,7 +1274,7 @@ func (c *Ctx) Digest(sh SessionHandle, message []byte) ([]byte, error) {
|
|||
|
||||
// DigestUpdate continues a multiple-part message-digesting operation.
|
||||
func (c *Ctx) DigestUpdate(sh SessionHandle, message []byte) error {
|
||||
e := C.DigestUpdate(c.ctx, C.CK_SESSION_HANDLE(sh), C.CK_BYTE_PTR(unsafe.Pointer(&message[0])), C.CK_ULONG(len(message)))
|
||||
e := C.DigestUpdate(c.ctx, C.CK_SESSION_HANDLE(sh), cMessage(message), C.CK_ULONG(len(message)))
|
||||
if toError(e) != nil {
|
||||
return toError(e)
|
||||
}
|
||||
|
@ -1359,7 +1311,7 @@ func (c *Ctx) DigestFinal(sh SessionHandle) ([]byte, error) {
|
|||
// operation, where the signature is (will be) an appendix to
|
||||
// the data, and plaintext cannot be recovered from the signature.
|
||||
func (c *Ctx) SignInit(sh SessionHandle, m []*Mechanism, o ObjectHandle) error {
|
||||
arena, mech, _ := cMechanismList(m) // Only the first is used, but still use a list.
|
||||
arena, mech := cMechanism(m)
|
||||
defer arena.Free()
|
||||
e := C.SignInit(c.ctx, C.CK_SESSION_HANDLE(sh), mech, C.CK_OBJECT_HANDLE(o))
|
||||
return toError(e)
|
||||
|
@ -1372,7 +1324,7 @@ func (c *Ctx) Sign(sh SessionHandle, message []byte) ([]byte, error) {
|
|||
sig C.CK_BYTE_PTR
|
||||
siglen C.CK_ULONG
|
||||
)
|
||||
e := C.Sign(c.ctx, C.CK_SESSION_HANDLE(sh), C.CK_BYTE_PTR(unsafe.Pointer(&message[0])), C.CK_ULONG(len(message)), &sig, &siglen)
|
||||
e := C.Sign(c.ctx, C.CK_SESSION_HANDLE(sh), cMessage(message), C.CK_ULONG(len(message)), &sig, &siglen)
|
||||
if toError(e) != nil {
|
||||
return nil, toError(e)
|
||||
}
|
||||
|
@ -1385,7 +1337,7 @@ func (c *Ctx) Sign(sh SessionHandle, message []byte) ([]byte, error) {
|
|||
// where the signature is (will be) an appendix to the data,
|
||||
// and plaintext cannot be recovered from the signature.
|
||||
func (c *Ctx) SignUpdate(sh SessionHandle, message []byte) error {
|
||||
e := C.SignUpdate(c.ctx, C.CK_SESSION_HANDLE(sh), C.CK_BYTE_PTR(unsafe.Pointer(&message[0])), C.CK_ULONG(len(message)))
|
||||
e := C.SignUpdate(c.ctx, C.CK_SESSION_HANDLE(sh), cMessage(message), C.CK_ULONG(len(message)))
|
||||
return toError(e)
|
||||
}
|
||||
|
||||
|
@ -1406,7 +1358,7 @@ func (c *Ctx) SignFinal(sh SessionHandle) ([]byte, error) {
|
|||
|
||||
// SignRecoverInit initializes a signature operation, where the data can be recovered from the signature.
|
||||
func (c *Ctx) SignRecoverInit(sh SessionHandle, m []*Mechanism, key ObjectHandle) error {
|
||||
arena, mech, _ := cMechanismList(m)
|
||||
arena, mech := cMechanism(m)
|
||||
defer arena.Free()
|
||||
e := C.SignRecoverInit(c.ctx, C.CK_SESSION_HANDLE(sh), mech, C.CK_OBJECT_HANDLE(key))
|
||||
return toError(e)
|
||||
|
@ -1418,7 +1370,7 @@ func (c *Ctx) SignRecover(sh SessionHandle, data []byte) ([]byte, error) {
|
|||
sig C.CK_BYTE_PTR
|
||||
siglen C.CK_ULONG
|
||||
)
|
||||
e := C.SignRecover(c.ctx, C.CK_SESSION_HANDLE(sh), C.CK_BYTE_PTR(unsafe.Pointer(&data[0])), C.CK_ULONG(len(data)), &sig, &siglen)
|
||||
e := C.SignRecover(c.ctx, C.CK_SESSION_HANDLE(sh), cMessage(data), C.CK_ULONG(len(data)), &sig, &siglen)
|
||||
if toError(e) != nil {
|
||||
return nil, toError(e)
|
||||
}
|
||||
|
@ -1431,7 +1383,7 @@ func (c *Ctx) SignRecover(sh SessionHandle, data []byte) ([]byte, error) {
|
|||
// signature is an appendix to the data, and plaintext cannot
|
||||
// be recovered from the signature (e.g. DSA).
|
||||
func (c *Ctx) VerifyInit(sh SessionHandle, m []*Mechanism, key ObjectHandle) error {
|
||||
arena, mech, _ := cMechanismList(m) // only use one here
|
||||
arena, mech := cMechanism(m)
|
||||
defer arena.Free()
|
||||
e := C.VerifyInit(c.ctx, C.CK_SESSION_HANDLE(sh), mech, C.CK_OBJECT_HANDLE(key))
|
||||
return toError(e)
|
||||
|
@ -1441,7 +1393,7 @@ func (c *Ctx) VerifyInit(sh SessionHandle, m []*Mechanism, key ObjectHandle) err
|
|||
// where the signature is an appendix to the data, and plaintext
|
||||
// cannot be recovered from the signature.
|
||||
func (c *Ctx) Verify(sh SessionHandle, data []byte, signature []byte) error {
|
||||
e := C.Verify(c.ctx, C.CK_SESSION_HANDLE(sh), C.CK_BYTE_PTR(unsafe.Pointer(&data[0])), C.CK_ULONG(len(data)), C.CK_BYTE_PTR(unsafe.Pointer(&signature[0])), C.CK_ULONG(len(signature)))
|
||||
e := C.Verify(c.ctx, C.CK_SESSION_HANDLE(sh), cMessage(data), C.CK_ULONG(len(data)), cMessage(signature), C.CK_ULONG(len(signature)))
|
||||
return toError(e)
|
||||
}
|
||||
|
||||
|
@ -1449,21 +1401,21 @@ func (c *Ctx) Verify(sh SessionHandle, data []byte, signature []byte) error {
|
|||
// operation, where the signature is an appendix to the data,
|
||||
// and plaintext cannot be recovered from the signature.
|
||||
func (c *Ctx) VerifyUpdate(sh SessionHandle, part []byte) error {
|
||||
e := C.VerifyUpdate(c.ctx, C.CK_SESSION_HANDLE(sh), C.CK_BYTE_PTR(unsafe.Pointer(&part[0])), C.CK_ULONG(len(part)))
|
||||
e := C.VerifyUpdate(c.ctx, C.CK_SESSION_HANDLE(sh), cMessage(part), C.CK_ULONG(len(part)))
|
||||
return toError(e)
|
||||
}
|
||||
|
||||
// VerifyFinal finishes a multiple-part verification
|
||||
// operation, checking the signature.
|
||||
func (c *Ctx) VerifyFinal(sh SessionHandle, signature []byte) error {
|
||||
e := C.VerifyFinal(c.ctx, C.CK_SESSION_HANDLE(sh), C.CK_BYTE_PTR(unsafe.Pointer(&signature[0])), C.CK_ULONG(len(signature)))
|
||||
e := C.VerifyFinal(c.ctx, C.CK_SESSION_HANDLE(sh), cMessage(signature), C.CK_ULONG(len(signature)))
|
||||
return toError(e)
|
||||
}
|
||||
|
||||
// VerifyRecoverInit initializes a signature verification
|
||||
// operation, where the data is recovered from the signature.
|
||||
func (c *Ctx) VerifyRecoverInit(sh SessionHandle, m []*Mechanism, key ObjectHandle) error {
|
||||
arena, mech, _ := cMechanismList(m)
|
||||
arena, mech := cMechanism(m)
|
||||
defer arena.Free()
|
||||
e := C.VerifyRecoverInit(c.ctx, C.CK_SESSION_HANDLE(sh), mech, C.CK_OBJECT_HANDLE(key))
|
||||
return toError(e)
|
||||
|
@ -1476,7 +1428,7 @@ func (c *Ctx) VerifyRecover(sh SessionHandle, signature []byte) ([]byte, error)
|
|||
data C.CK_BYTE_PTR
|
||||
datalen C.CK_ULONG
|
||||
)
|
||||
e := C.DecryptVerifyUpdate(c.ctx, C.CK_SESSION_HANDLE(sh), C.CK_BYTE_PTR(unsafe.Pointer(&signature[0])), C.CK_ULONG(len(signature)), &data, &datalen)
|
||||
e := C.DecryptVerifyUpdate(c.ctx, C.CK_SESSION_HANDLE(sh), cMessage(signature), C.CK_ULONG(len(signature)), &data, &datalen)
|
||||
if toError(e) != nil {
|
||||
return nil, toError(e)
|
||||
}
|
||||
|
@ -1491,7 +1443,7 @@ func (c *Ctx) DigestEncryptUpdate(sh SessionHandle, part []byte) ([]byte, error)
|
|||
enc C.CK_BYTE_PTR
|
||||
enclen C.CK_ULONG
|
||||
)
|
||||
e := C.DigestEncryptUpdate(c.ctx, C.CK_SESSION_HANDLE(sh), C.CK_BYTE_PTR(unsafe.Pointer(&part[0])), C.CK_ULONG(len(part)), &enc, &enclen)
|
||||
e := C.DigestEncryptUpdate(c.ctx, C.CK_SESSION_HANDLE(sh), cMessage(part), C.CK_ULONG(len(part)), &enc, &enclen)
|
||||
if toError(e) != nil {
|
||||
return nil, toError(e)
|
||||
}
|
||||
|
@ -1506,7 +1458,7 @@ func (c *Ctx) DecryptDigestUpdate(sh SessionHandle, cipher []byte) ([]byte, erro
|
|||
part C.CK_BYTE_PTR
|
||||
partlen C.CK_ULONG
|
||||
)
|
||||
e := C.DecryptDigestUpdate(c.ctx, C.CK_SESSION_HANDLE(sh), C.CK_BYTE_PTR(unsafe.Pointer(&cipher[0])), C.CK_ULONG(len(cipher)), &part, &partlen)
|
||||
e := C.DecryptDigestUpdate(c.ctx, C.CK_SESSION_HANDLE(sh), cMessage(cipher), C.CK_ULONG(len(cipher)), &part, &partlen)
|
||||
if toError(e) != nil {
|
||||
return nil, toError(e)
|
||||
}
|
||||
|
@ -1521,7 +1473,7 @@ func (c *Ctx) SignEncryptUpdate(sh SessionHandle, part []byte) ([]byte, error) {
|
|||
enc C.CK_BYTE_PTR
|
||||
enclen C.CK_ULONG
|
||||
)
|
||||
e := C.SignEncryptUpdate(c.ctx, C.CK_SESSION_HANDLE(sh), C.CK_BYTE_PTR(unsafe.Pointer(&part[0])), C.CK_ULONG(len(part)), &enc, &enclen)
|
||||
e := C.SignEncryptUpdate(c.ctx, C.CK_SESSION_HANDLE(sh), cMessage(part), C.CK_ULONG(len(part)), &enc, &enclen)
|
||||
if toError(e) != nil {
|
||||
return nil, toError(e)
|
||||
}
|
||||
|
@ -1536,7 +1488,7 @@ func (c *Ctx) DecryptVerifyUpdate(sh SessionHandle, cipher []byte) ([]byte, erro
|
|||
part C.CK_BYTE_PTR
|
||||
partlen C.CK_ULONG
|
||||
)
|
||||
e := C.DecryptVerifyUpdate(c.ctx, C.CK_SESSION_HANDLE(sh), C.CK_BYTE_PTR(unsafe.Pointer(&cipher[0])), C.CK_ULONG(len(cipher)), &part, &partlen)
|
||||
e := C.DecryptVerifyUpdate(c.ctx, C.CK_SESSION_HANDLE(sh), cMessage(cipher), C.CK_ULONG(len(cipher)), &part, &partlen)
|
||||
if toError(e) != nil {
|
||||
return nil, toError(e)
|
||||
}
|
||||
|
@ -1550,7 +1502,7 @@ func (c *Ctx) GenerateKey(sh SessionHandle, m []*Mechanism, temp []*Attribute) (
|
|||
var key C.CK_OBJECT_HANDLE
|
||||
attrarena, t, tcount := cAttributeList(temp)
|
||||
defer attrarena.Free()
|
||||
mecharena, mech, _ := cMechanismList(m)
|
||||
mecharena, mech := cMechanism(m)
|
||||
defer mecharena.Free()
|
||||
e := C.GenerateKey(c.ctx, C.CK_SESSION_HANDLE(sh), mech, t, tcount, C.CK_OBJECT_HANDLE_PTR(&key))
|
||||
e1 := toError(e)
|
||||
|
@ -1570,7 +1522,7 @@ func (c *Ctx) GenerateKeyPair(sh SessionHandle, m []*Mechanism, public, private
|
|||
defer pubarena.Free()
|
||||
privarena, priv, privcount := cAttributeList(private)
|
||||
defer privarena.Free()
|
||||
mecharena, mech, _ := cMechanismList(m)
|
||||
mecharena, mech := cMechanism(m)
|
||||
defer mecharena.Free()
|
||||
e := C.GenerateKeyPair(c.ctx, C.CK_SESSION_HANDLE(sh), mech, pub, pubcount, priv, privcount, C.CK_OBJECT_HANDLE_PTR(&pubkey), C.CK_OBJECT_HANDLE_PTR(&privkey))
|
||||
e1 := toError(e)
|
||||
|
@ -1586,7 +1538,7 @@ func (c *Ctx) WrapKey(sh SessionHandle, m []*Mechanism, wrappingkey, key ObjectH
|
|||
wrappedkey C.CK_BYTE_PTR
|
||||
wrappedkeylen C.CK_ULONG
|
||||
)
|
||||
arena, mech, _ := cMechanismList(m)
|
||||
arena, mech := cMechanism(m)
|
||||
defer arena.Free()
|
||||
e := C.WrapKey(c.ctx, C.CK_SESSION_HANDLE(sh), mech, C.CK_OBJECT_HANDLE(wrappingkey), C.CK_OBJECT_HANDLE(key), &wrappedkey, &wrappedkeylen)
|
||||
if toError(e) != nil {
|
||||
|
@ -1602,7 +1554,7 @@ func (c *Ctx) UnwrapKey(sh SessionHandle, m []*Mechanism, unwrappingkey ObjectHa
|
|||
var key C.CK_OBJECT_HANDLE
|
||||
attrarena, ac, aclen := cAttributeList(a)
|
||||
defer attrarena.Free()
|
||||
mecharena, mech, _ := cMechanismList(m)
|
||||
mecharena, mech := cMechanism(m)
|
||||
defer mecharena.Free()
|
||||
e := C.UnwrapKey(c.ctx, C.CK_SESSION_HANDLE(sh), mech, C.CK_OBJECT_HANDLE(unwrappingkey), C.CK_BYTE_PTR(unsafe.Pointer(&wrappedkey[0])), C.CK_ULONG(len(wrappedkey)), ac, aclen, &key)
|
||||
return ObjectHandle(key), toError(e)
|
||||
|
@ -1613,7 +1565,7 @@ func (c *Ctx) DeriveKey(sh SessionHandle, m []*Mechanism, basekey ObjectHandle,
|
|||
var key C.CK_OBJECT_HANDLE
|
||||
attrarena, ac, aclen := cAttributeList(a)
|
||||
defer attrarena.Free()
|
||||
mecharena, mech, _ := cMechanismList(m)
|
||||
mecharena, mech := cMechanism(m)
|
||||
defer mecharena.Free()
|
||||
e := C.DeriveKey(c.ctx, C.CK_SESSION_HANDLE(sh), mech, C.CK_OBJECT_HANDLE(basekey), ac, aclen, &key)
|
||||
return ObjectHandle(key), toError(e)
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
#define CK_CALLBACK_FUNCTION(returnType, name) returnType (* name)
|
||||
|
||||
#include <unistd.h>
|
||||
#ifdef REPACK_STRUCTURES
|
||||
#ifdef PACKED_STRUCTURES
|
||||
# pragma pack(push, 1)
|
||||
# include "pkcs11.h"
|
||||
# pragma pack(pop)
|
||||
|
@ -21,12 +21,9 @@
|
|||
# include "pkcs11.h"
|
||||
#endif
|
||||
|
||||
#ifdef REPACK_STRUCTURES
|
||||
|
||||
// Go doesn't support structures with non-default packing, but PKCS#11 requires
|
||||
// pack(1) on Windows. Use structures with the same members as the CK_ ones but
|
||||
// default packing, and copy data between the two.
|
||||
|
||||
// Copy of CK_INFO but with default alignment (not packed). Go hides unaligned
|
||||
// struct fields so copying to an aligned struct is necessary to read CK_INFO
|
||||
// from Go on Windows where packing is required.
|
||||
typedef struct ckInfo {
|
||||
CK_VERSION cryptokiVersion;
|
||||
CK_UTF8CHAR manufacturerID[32];
|
||||
|
@ -34,50 +31,3 @@ typedef struct ckInfo {
|
|||
CK_UTF8CHAR libraryDescription[32];
|
||||
CK_VERSION libraryVersion;
|
||||
} ckInfo, *ckInfoPtr;
|
||||
|
||||
typedef struct ckAttr {
|
||||
CK_ATTRIBUTE_TYPE type;
|
||||
CK_VOID_PTR pValue;
|
||||
CK_ULONG ulValueLen;
|
||||
} ckAttr, *ckAttrPtr;
|
||||
|
||||
typedef struct ckMech {
|
||||
CK_MECHANISM_TYPE mechanism;
|
||||
CK_VOID_PTR pParameter;
|
||||
CK_ULONG ulParameterLen;
|
||||
} ckMech, *ckMechPtr;
|
||||
|
||||
CK_RV attrsToC(CK_ATTRIBUTE_PTR *attrOut, ckAttrPtr attrIn, CK_ULONG count);
|
||||
void attrsFromC(ckAttrPtr attrOut, CK_ATTRIBUTE_PTR attrIn, CK_ULONG count);
|
||||
void mechToC(CK_MECHANISM_PTR mechOut, ckMechPtr mechIn);
|
||||
|
||||
#define ATTR_TO_C(aout, ain, count, other) \
|
||||
CK_ATTRIBUTE_PTR aout; \
|
||||
{ \
|
||||
CK_RV e = attrsToC(&aout, ain, count); \
|
||||
if (e != CKR_OK ) { \
|
||||
if (other != NULL) free(other); \
|
||||
return e; \
|
||||
} \
|
||||
}
|
||||
#define ATTR_FREE(aout) free(aout)
|
||||
#define ATTR_FROM_C(aout, ain, count) attrsFromC(aout, ain, count)
|
||||
#define MECH_TO_C(mout, min) \
|
||||
CK_MECHANISM mval, *mout = &mval; \
|
||||
if (min != NULL) { mechToC(mout, min); \
|
||||
} else { mout = NULL; }
|
||||
|
||||
#else // REPACK_STRUCTURES
|
||||
|
||||
// Dummy types and macros to avoid any unnecessary copying on UNIX
|
||||
|
||||
typedef CK_INFO ckInfo, *ckInfoPtr;
|
||||
typedef CK_ATTRIBUTE ckAttr, *ckAttrPtr;
|
||||
typedef CK_MECHANISM ckMech, *ckMechPtr;
|
||||
|
||||
#define ATTR_TO_C(aout, ain, count, other) CK_ATTRIBUTE_PTR aout = ain
|
||||
#define ATTR_FREE(aout)
|
||||
#define ATTR_FROM_C(aout, ain, count)
|
||||
#define MECH_TO_C(mout, min) CK_MECHANISM_PTR mout = min
|
||||
|
||||
#endif // REPACK_STRUCTURES
|
||||
|
|
|
@ -383,6 +383,11 @@ typedef CK_ULONG CK_KEY_TYPE;
|
|||
#define CKK_GOSTR3411 0x00000031UL
|
||||
#define CKK_GOST28147 0x00000032UL
|
||||
|
||||
#define CKK_SHA3_224_HMAC 0x00000033UL
|
||||
#define CKK_SHA3_256_HMAC 0x00000034UL
|
||||
#define CKK_SHA3_384_HMAC 0x00000035UL
|
||||
#define CKK_SHA3_512_HMAC 0x00000036UL
|
||||
|
||||
|
||||
|
||||
#define CKK_VENDOR_DEFINED 0x80000000UL
|
||||
|
@ -610,6 +615,10 @@ typedef CK_ULONG CK_MECHANISM_TYPE;
|
|||
#define CKM_DSA_SHA256 0x00000014UL
|
||||
#define CKM_DSA_SHA384 0x00000015UL
|
||||
#define CKM_DSA_SHA512 0x00000016UL
|
||||
#define CKM_DSA_SHA3_224 0x00000018UL
|
||||
#define CKM_DSA_SHA3_256 0x00000019UL
|
||||
#define CKM_DSA_SHA3_384 0x0000001AUL
|
||||
#define CKM_DSA_SHA3_512 0x0000001BUL
|
||||
|
||||
#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020UL
|
||||
#define CKM_DH_PKCS_DERIVE 0x00000021UL
|
||||
|
@ -643,6 +652,15 @@ typedef CK_ULONG CK_MECHANISM_TYPE;
|
|||
#define CKM_SHA512_T_HMAC_GENERAL 0x00000052UL
|
||||
#define CKM_SHA512_T_KEY_DERIVATION 0x00000053UL
|
||||
|
||||
#define CKM_SHA3_256_RSA_PKCS 0x00000060UL
|
||||
#define CKM_SHA3_384_RSA_PKCS 0x00000061UL
|
||||
#define CKM_SHA3_512_RSA_PKCS 0x00000062UL
|
||||
#define CKM_SHA3_256_RSA_PKCS_PSS 0x00000063UL
|
||||
#define CKM_SHA3_384_RSA_PKCS_PSS 0x00000064UL
|
||||
#define CKM_SHA3_512_RSA_PKCS_PSS 0x00000065UL
|
||||
#define CKM_SHA3_224_RSA_PKCS 0x00000066UL
|
||||
#define CKM_SHA3_224_RSA_PKCS_PSS 0x00000067UL
|
||||
|
||||
#define CKM_RC2_KEY_GEN 0x00000100UL
|
||||
#define CKM_RC2_ECB 0x00000101UL
|
||||
#define CKM_RC2_CBC 0x00000102UL
|
||||
|
@ -724,6 +742,23 @@ typedef CK_ULONG CK_MECHANISM_TYPE;
|
|||
#define CKM_ACTI 0x000002A0UL
|
||||
#define CKM_ACTI_KEY_GEN 0x000002A1UL
|
||||
|
||||
#define CKM_SHA3_256 0x000002B0UL
|
||||
#define CKM_SHA3_256_HMAC 0x000002B1UL
|
||||
#define CKM_SHA3_256_HMAC_GENERAL 0x000002B2UL
|
||||
#define CKM_SHA3_256_KEY_GEN 0x000002B3UL
|
||||
#define CKM_SHA3_224 0x000002B5UL
|
||||
#define CKM_SHA3_224_HMAC 0x000002B6UL
|
||||
#define CKM_SHA3_224_HMAC_GENERAL 0x000002B7UL
|
||||
#define CKM_SHA3_224_KEY_GEN 0x000002B8UL
|
||||
#define CKM_SHA3_384 0x000002C0UL
|
||||
#define CKM_SHA3_384_HMAC 0x000002C1UL
|
||||
#define CKM_SHA3_384_HMAC_GENERAL 0x000002C2UL
|
||||
#define CKM_SHA3_384_KEY_GEN 0x000002C3UL
|
||||
#define CKM_SHA3_512 0x000002D0UL
|
||||
#define CKM_SHA3_512_HMAC 0x000002D1UL
|
||||
#define CKM_SHA3_512_HMAC_GENERAL 0x000002D2UL
|
||||
#define CKM_SHA3_512_KEY_GEN 0x000002D3UL
|
||||
|
||||
#define CKM_CAST_KEY_GEN 0x00000300UL
|
||||
#define CKM_CAST_ECB 0x00000301UL
|
||||
#define CKM_CAST_CBC 0x00000302UL
|
||||
|
@ -789,6 +824,12 @@ typedef CK_ULONG CK_MECHANISM_TYPE;
|
|||
#define CKM_SHA384_KEY_DERIVATION 0x00000394UL
|
||||
#define CKM_SHA512_KEY_DERIVATION 0x00000395UL
|
||||
#define CKM_SHA224_KEY_DERIVATION 0x00000396UL
|
||||
#define CKM_SHA3_256_KEY_DERIVE 0x00000397UL
|
||||
#define CKM_SHA3_224_KEY_DERIVE 0x00000398UL
|
||||
#define CKM_SHA3_384_KEY_DERIVE 0x00000399UL
|
||||
#define CKM_SHA3_512_KEY_DERIVE 0x0000039AUL
|
||||
#define CKM_SHAKE_128_KEY_DERIVE 0x0000039BUL
|
||||
#define CKM_SHAKE_256_KEY_DERIVE 0x0000039CUL
|
||||
|
||||
#define CKM_PBE_MD2_DES_CBC 0x000003A0UL
|
||||
#define CKM_PBE_MD5_DES_CBC 0x000003A1UL
|
||||
|
@ -1299,7 +1340,10 @@ typedef CK_ULONG CK_EC_KDF_TYPE;
|
|||
#define CKD_SHA384_KDF 0x00000007UL
|
||||
#define CKD_SHA512_KDF 0x00000008UL
|
||||
#define CKD_CPDIVERSIFY_KDF 0x00000009UL
|
||||
|
||||
#define CKD_SHA3_224_KDF 0x0000000AUL
|
||||
#define CKD_SHA3_256_KDF 0x0000000BUL
|
||||
#define CKD_SHA3_384_KDF 0x0000000CUL
|
||||
#define CKD_SHA3_512_KDF 0x0000000DUL
|
||||
|
||||
/* CK_ECDH1_DERIVE_PARAMS provides the parameters to the
|
||||
* CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms,
|
||||
|
|
|
@ -13,6 +13,16 @@ CK_ULONG Index(CK_ULONG_PTR array, CK_ULONG i)
|
|||
{
|
||||
return array[i];
|
||||
}
|
||||
|
||||
static inline void putAttributePval(CK_ATTRIBUTE_PTR a, CK_VOID_PTR pValue)
|
||||
{
|
||||
a->pValue = pValue;
|
||||
}
|
||||
|
||||
static inline void putMechanismParam(CK_MECHANISM_PTR m, CK_VOID_PTR pParameter)
|
||||
{
|
||||
m->pParameter = pParameter;
|
||||
}
|
||||
*/
|
||||
import "C"
|
||||
|
||||
|
@ -187,22 +197,22 @@ func NewAttribute(typ uint, x interface{}) *Attribute {
|
|||
}
|
||||
|
||||
// cAttribute returns the start address and the length of an attribute list.
|
||||
func cAttributeList(a []*Attribute) (arena, C.ckAttrPtr, C.CK_ULONG) {
|
||||
func cAttributeList(a []*Attribute) (arena, C.CK_ATTRIBUTE_PTR, C.CK_ULONG) {
|
||||
var arena arena
|
||||
if len(a) == 0 {
|
||||
return nil, nil, 0
|
||||
}
|
||||
pa := make([]C.ckAttr, len(a))
|
||||
for i := 0; i < len(a); i++ {
|
||||
pa[i]._type = C.CK_ATTRIBUTE_TYPE(a[i].Type)
|
||||
//skip attribute if length is 0 to prevent panic in arena.Allocate
|
||||
if a[i].Value == nil || len(a[i].Value) == 0 {
|
||||
continue
|
||||
pa := make([]C.CK_ATTRIBUTE, len(a))
|
||||
for i, attr := range a {
|
||||
pa[i]._type = C.CK_ATTRIBUTE_TYPE(attr.Type)
|
||||
if len(attr.Value) != 0 {
|
||||
buf, len := arena.Allocate(attr.Value)
|
||||
// field is unaligned on windows so this has to call into C
|
||||
C.putAttributePval(&pa[i], buf)
|
||||
pa[i].ulValueLen = len
|
||||
}
|
||||
|
||||
pa[i].pValue, pa[i].ulValueLen = arena.Allocate(a[i].Value)
|
||||
}
|
||||
return arena, C.ckAttrPtr(&pa[0]), C.CK_ULONG(len(a))
|
||||
return arena, &pa[0], C.CK_ULONG(len(a))
|
||||
}
|
||||
|
||||
func cDate(t time.Time) []byte {
|
||||
|
@ -221,6 +231,7 @@ func cDate(t time.Time) []byte {
|
|||
type Mechanism struct {
|
||||
Mechanism uint
|
||||
Parameter []byte
|
||||
generator interface{}
|
||||
}
|
||||
|
||||
// NewMechanism returns a pointer to an initialized Mechanism.
|
||||
|
@ -231,32 +242,44 @@ func NewMechanism(mech uint, x interface{}) *Mechanism {
|
|||
return m
|
||||
}
|
||||
|
||||
switch x.(type) {
|
||||
case *GCMParams:
|
||||
m.Parameter = cGCMParams(x.(*GCMParams))
|
||||
switch p := x.(type) {
|
||||
case *GCMParams, *OAEPParams, *ECDH1DeriveParams:
|
||||
// contains pointers; defer serialization until cMechanism
|
||||
m.generator = p
|
||||
case []byte:
|
||||
m.Parameter = p
|
||||
default:
|
||||
m.Parameter = x.([]byte)
|
||||
panic("parameter must be one of type: []byte, *GCMParams, *OAEPParams, *ECDH1DeriveParams")
|
||||
}
|
||||
|
||||
return m
|
||||
}
|
||||
|
||||
func cMechanismList(m []*Mechanism) (arena, C.ckMechPtr, C.CK_ULONG) {
|
||||
func cMechanism(mechList []*Mechanism) (arena, *C.CK_MECHANISM) {
|
||||
if len(mechList) != 1 {
|
||||
panic("expected exactly one mechanism")
|
||||
}
|
||||
mech := mechList[0]
|
||||
cmech := &C.CK_MECHANISM{mechanism: C.CK_MECHANISM_TYPE(mech.Mechanism)}
|
||||
// params that contain pointers are allocated here
|
||||
param := mech.Parameter
|
||||
var arena arena
|
||||
if len(m) == 0 {
|
||||
return nil, nil, 0
|
||||
switch p := mech.generator.(type) {
|
||||
case *GCMParams:
|
||||
// uses its own arena because it has to outlive this function call (yuck)
|
||||
param = cGCMParams(p)
|
||||
case *OAEPParams:
|
||||
param, arena = cOAEPParams(p, arena)
|
||||
case *ECDH1DeriveParams:
|
||||
param, arena = cECDH1DeriveParams(p, arena)
|
||||
}
|
||||
pm := make([]C.ckMech, len(m))
|
||||
for i := 0; i < len(m); i++ {
|
||||
pm[i].mechanism = C.CK_MECHANISM_TYPE(m[i].Mechanism)
|
||||
//skip parameter if length is 0 to prevent panic in arena.Allocate
|
||||
if m[i].Parameter == nil || len(m[i].Parameter) == 0 {
|
||||
continue
|
||||
}
|
||||
|
||||
pm[i].pParameter, pm[i].ulParameterLen = arena.Allocate(m[i].Parameter)
|
||||
if len(param) != 0 {
|
||||
buf, len := arena.Allocate(param)
|
||||
// field is unaligned on windows so this has to call into C
|
||||
C.putMechanismParam(cmech, buf)
|
||||
cmech.ulParameterLen = len
|
||||
}
|
||||
return arena, C.ckMechPtr(&pm[0]), C.CK_ULONG(len(m))
|
||||
return arena, cmech
|
||||
}
|
||||
|
||||
// MechanismInfo provides information about a particular mechanism.
|
||||
|
@ -265,3 +288,16 @@ type MechanismInfo struct {
|
|||
MaxKeySize uint
|
||||
Flags uint
|
||||
}
|
||||
|
||||
// stubData is a persistent nonempty byte array used by cMessage.
|
||||
var stubData = []byte{0}
|
||||
|
||||
// cMessage returns the pointer/length pair corresponding to data.
|
||||
func cMessage(data []byte) (dataPtr C.CK_BYTE_PTR) {
|
||||
l := len(data)
|
||||
if l == 0 {
|
||||
// &data[0] is forbidden in this case, so use a nontrivial array instead.
|
||||
data = stubData
|
||||
}
|
||||
return C.CK_BYTE_PTR(unsafe.Pointer(&data[0]))
|
||||
}
|
||||
|
|
|
@ -0,0 +1,127 @@
|
|||
package pkcs11
|
||||
|
||||
// Vendor specific range for Ncipher network HSM.
|
||||
const (
|
||||
NFCK_VENDOR_NCIPHER = 0xde436972
|
||||
CKA_NCIPHER = NFCK_VENDOR_NCIPHER
|
||||
CKM_NCIPHER = NFCK_VENDOR_NCIPHER
|
||||
CKK_NCIPHER = NFCK_VENDOR_NCIPHER
|
||||
)
|
||||
|
||||
// Vendor specific mechanisms for HMAC on Ncipher HSMs where Ncipher does not allow use of generic_secret keys.
|
||||
const (
|
||||
CKM_NC_SHA_1_HMAC_KEY_GEN = CKM_NCIPHER + 0x3 /* no params */
|
||||
CKM_NC_MD5_HMAC_KEY_GEN = CKM_NCIPHER + 0x6 /* no params */
|
||||
CKM_NC_SHA224_HMAC_KEY_GEN = CKM_NCIPHER + 0x24 /* no params */
|
||||
CKM_NC_SHA256_HMAC_KEY_GEN = CKM_NCIPHER + 0x25 /* no params */
|
||||
CKM_NC_SHA384_HMAC_KEY_GEN = CKM_NCIPHER + 0x26 /* no params */
|
||||
CKM_NC_SHA512_HMAC_KEY_GEN = CKM_NCIPHER + 0x27 /* no params */
|
||||
)
|
||||
|
||||
// Vendor specific range for Mozilla NSS.
|
||||
const (
|
||||
NSSCK_VENDOR_NSS = 0x4E534350
|
||||
CKO_NSS = CKO_VENDOR_DEFINED | NSSCK_VENDOR_NSS
|
||||
CKK_NSS = CKK_VENDOR_DEFINED | NSSCK_VENDOR_NSS
|
||||
CKC_NSS = CKC_VENDOR_DEFINED | NSSCK_VENDOR_NSS
|
||||
CKA_NSS = CKA_VENDOR_DEFINED | NSSCK_VENDOR_NSS
|
||||
CKA_TRUST = CKA_NSS + 0x2000
|
||||
CKM_NSS = CKM_VENDOR_DEFINED | NSSCK_VENDOR_NSS
|
||||
CKR_NSS = CKM_VENDOR_DEFINED | NSSCK_VENDOR_NSS
|
||||
CKT_VENDOR_DEFINED = 0x80000000
|
||||
CKT_NSS = CKT_VENDOR_DEFINED | NSSCK_VENDOR_NSS
|
||||
)
|
||||
|
||||
// Vendor specific values for Mozilla NSS.
|
||||
const (
|
||||
CKO_NSS_CRL = CKO_NSS + 1
|
||||
CKO_NSS_SMIME = CKO_NSS + 2
|
||||
CKO_NSS_TRUST = CKO_NSS + 3
|
||||
CKO_NSS_BUILTIN_ROOT_LIST = CKO_NSS + 4
|
||||
CKO_NSS_NEWSLOT = CKO_NSS + 5
|
||||
CKO_NSS_DELSLOT = CKO_NSS + 6
|
||||
CKK_NSS_PKCS8 = CKK_NSS + 1
|
||||
CKK_NSS_JPAKE_ROUND1 = CKK_NSS + 2
|
||||
CKK_NSS_JPAKE_ROUND2 = CKK_NSS + 3
|
||||
CKK_NSS_CHACHA20 = CKK_NSS + 4
|
||||
CKA_NSS_URL = CKA_NSS + 1
|
||||
CKA_NSS_EMAIL = CKA_NSS + 2
|
||||
CKA_NSS_SMIME_INFO = CKA_NSS + 3
|
||||
CKA_NSS_SMIME_TIMESTAMP = CKA_NSS + 4
|
||||
CKA_NSS_PKCS8_SALT = CKA_NSS + 5
|
||||
CKA_NSS_PASSWORD_CHECK = CKA_NSS + 6
|
||||
CKA_NSS_EXPIRES = CKA_NSS + 7
|
||||
CKA_NSS_KRL = CKA_NSS + 8
|
||||
CKA_NSS_PQG_COUNTER = CKA_NSS + 20
|
||||
CKA_NSS_PQG_SEED = CKA_NSS + 21
|
||||
CKA_NSS_PQG_H = CKA_NSS + 22
|
||||
CKA_NSS_PQG_SEED_BITS = CKA_NSS + 23
|
||||
CKA_NSS_MODULE_SPEC = CKA_NSS + 24
|
||||
CKA_NSS_OVERRIDE_EXTENSIONS = CKA_NSS + 25
|
||||
CKA_NSS_JPAKE_SIGNERID = CKA_NSS + 26
|
||||
CKA_NSS_JPAKE_PEERID = CKA_NSS + 27
|
||||
CKA_NSS_JPAKE_GX1 = CKA_NSS + 28
|
||||
CKA_NSS_JPAKE_GX2 = CKA_NSS + 29
|
||||
CKA_NSS_JPAKE_GX3 = CKA_NSS + 30
|
||||
CKA_NSS_JPAKE_GX4 = CKA_NSS + 31
|
||||
CKA_NSS_JPAKE_X2 = CKA_NSS + 32
|
||||
CKA_NSS_JPAKE_X2S = CKA_NSS + 33
|
||||
CKA_NSS_MOZILLA_CA_POLICY = CKA_NSS + 34
|
||||
CKA_TRUST_DIGITAL_SIGNATURE = CKA_TRUST + 1
|
||||
CKA_TRUST_NON_REPUDIATION = CKA_TRUST + 2
|
||||
CKA_TRUST_KEY_ENCIPHERMENT = CKA_TRUST + 3
|
||||
CKA_TRUST_DATA_ENCIPHERMENT = CKA_TRUST + 4
|
||||
CKA_TRUST_KEY_AGREEMENT = CKA_TRUST + 5
|
||||
CKA_TRUST_KEY_CERT_SIGN = CKA_TRUST + 6
|
||||
CKA_TRUST_CRL_SIGN = CKA_TRUST + 7
|
||||
CKA_TRUST_SERVER_AUTH = CKA_TRUST + 8
|
||||
CKA_TRUST_CLIENT_AUTH = CKA_TRUST + 9
|
||||
CKA_TRUST_CODE_SIGNING = CKA_TRUST + 10
|
||||
CKA_TRUST_EMAIL_PROTECTION = CKA_TRUST + 11
|
||||
CKA_TRUST_IPSEC_END_SYSTEM = CKA_TRUST + 12
|
||||
CKA_TRUST_IPSEC_TUNNEL = CKA_TRUST + 13
|
||||
CKA_TRUST_IPSEC_USER = CKA_TRUST + 14
|
||||
CKA_TRUST_TIME_STAMPING = CKA_TRUST + 15
|
||||
CKA_TRUST_STEP_UP_APPROVED = CKA_TRUST + 16
|
||||
CKA_CERT_SHA1_HASH = CKA_TRUST + 100
|
||||
CKA_CERT_MD5_HASH = CKA_TRUST + 101
|
||||
CKM_NSS_AES_KEY_WRAP = CKM_NSS + 1
|
||||
CKM_NSS_AES_KEY_WRAP_PAD = CKM_NSS + 2
|
||||
CKM_NSS_HKDF_SHA1 = CKM_NSS + 3
|
||||
CKM_NSS_HKDF_SHA256 = CKM_NSS + 4
|
||||
CKM_NSS_HKDF_SHA384 = CKM_NSS + 5
|
||||
CKM_NSS_HKDF_SHA512 = CKM_NSS + 6
|
||||
CKM_NSS_JPAKE_ROUND1_SHA1 = CKM_NSS + 7
|
||||
CKM_NSS_JPAKE_ROUND1_SHA256 = CKM_NSS + 8
|
||||
CKM_NSS_JPAKE_ROUND1_SHA384 = CKM_NSS + 9
|
||||
CKM_NSS_JPAKE_ROUND1_SHA512 = CKM_NSS + 10
|
||||
CKM_NSS_JPAKE_ROUND2_SHA1 = CKM_NSS + 11
|
||||
CKM_NSS_JPAKE_ROUND2_SHA256 = CKM_NSS + 12
|
||||
CKM_NSS_JPAKE_ROUND2_SHA384 = CKM_NSS + 13
|
||||
CKM_NSS_JPAKE_ROUND2_SHA512 = CKM_NSS + 14
|
||||
CKM_NSS_JPAKE_FINAL_SHA1 = CKM_NSS + 15
|
||||
CKM_NSS_JPAKE_FINAL_SHA256 = CKM_NSS + 16
|
||||
CKM_NSS_JPAKE_FINAL_SHA384 = CKM_NSS + 17
|
||||
CKM_NSS_JPAKE_FINAL_SHA512 = CKM_NSS + 18
|
||||
CKM_NSS_HMAC_CONSTANT_TIME = CKM_NSS + 19
|
||||
CKM_NSS_SSL3_MAC_CONSTANT_TIME = CKM_NSS + 20
|
||||
CKM_NSS_TLS_PRF_GENERAL_SHA256 = CKM_NSS + 21
|
||||
CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256 = CKM_NSS + 22
|
||||
CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256 = CKM_NSS + 23
|
||||
CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 = CKM_NSS + 24
|
||||
CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE = CKM_NSS + 25
|
||||
CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH = CKM_NSS + 26
|
||||
CKM_NSS_CHACHA20_KEY_GEN = CKM_NSS + 27
|
||||
CKM_NSS_CHACHA20_POLY1305 = CKM_NSS + 28
|
||||
CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN = CKM_NSS + 29
|
||||
CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN = CKM_NSS + 30
|
||||
CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN = CKM_NSS + 31
|
||||
CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN = CKM_NSS + 32
|
||||
CKR_NSS_CERTDB_FAILED = CKR_NSS + 1
|
||||
CKR_NSS_KEYDB_FAILED = CKR_NSS + 2
|
||||
CKT_NSS_TRUSTED = CKT_NSS + 1
|
||||
CKT_NSS_TRUSTED_DELEGATOR = CKT_NSS + 2
|
||||
CKT_NSS_MUST_VERIFY_TRUST = CKT_NSS + 3
|
||||
CKT_NSS_NOT_TRUSTED = CKT_NSS + 10
|
||||
CKT_NSS_TRUST_UNKNOWN = CKT_NSS + 5
|
||||
)
|
Loading…
Reference in New Issue