diff --git a/vendor.conf b/vendor.conf index 2939b2d4df..aaf3dd8e60 100755 --- a/vendor.conf +++ b/vendor.conf @@ -43,7 +43,7 @@ github.com/mattn/go-shellwords 36a9b3c57cb5caa559ff63fb7e9b github.com/matttproud/golang_protobuf_extensions c12348ce28de40eed0136aa2b644d0ee0650e56c # v1.0.1 github.com/Microsoft/go-winio 6c72808b55902eae4c5943626030429ff20f3b63 # v0.4.14 github.com/Microsoft/hcsshim b3f49c06ffaeef24d09c6c08ec8ec8425a0303e2 -github.com/miekg/pkcs11 cb39313ec884f2cd77f4762875fe96aecf68f8e3 # v1.0.2 +github.com/miekg/pkcs11 210dc1e16747c5ba98a03bcbcf728c38086ea357 # v1.0.3 github.com/mitchellh/mapstructure f15292f7a699fcc1a38a80977f80a046874ba8ac github.com/moby/buildkit 4f4e03067523b2fc5ca2f17514a5e75ad63e02fb github.com/modern-go/concurrent bacd9c7ef1dd9b15be4a9909b8ac7a4e313eec94 # 1.0.3 diff --git a/vendor/github.com/miekg/pkcs11/README.md b/vendor/github.com/miekg/pkcs11/README.md index d1abcb4e91..0a5c1b7b6e 100644 --- a/vendor/github.com/miekg/pkcs11/README.md +++ b/vendor/github.com/miekg/pkcs11/README.md @@ -1,68 +1,68 @@ # PKCS#11 [![Build Status](https://travis-ci.org/miekg/pkcs11.png?branch=master)](https://travis-ci.org/miekg/pkcs11) [![GoDoc](https://img.shields.io/badge/godoc-reference-blue.svg)](http://godoc.org/github.com/miekg/pkcs11) -This is a Go implementation of the PKCS#11 API. It wraps the library closely, but uses Go idiom -were it makes sense. It has been tested with SoftHSM. +This is a Go implementation of the PKCS#11 API. It wraps the library closely, but uses Go idiom were +it makes sense. It has been tested with SoftHSM. ## SoftHSM -* Make it use a custom configuration file `export SOFTHSM_CONF=$PWD/softhsm.conf` + * Make it use a custom configuration file `export SOFTHSM_CONF=$PWD/softhsm.conf` -* Then use `softhsm` to init it + * Then use `softhsm` to init it - softhsm --init-token --slot 0 --label test --pin 1234 + ~~~ + softhsm --init-token --slot 0 --label test --pin 1234 + ~~~ + + * Then use `libsofthsm.so` as the pkcs11 module: + + ~~~ go + p := pkcs11.New("/usr/lib/softhsm/libsofthsm.so") + ~~~ -* Then use `libsofthsm.so` as the pkcs11 module: -```go - p := pkcs11.New("/usr/lib/softhsm/libsofthsm.so") -``` ## Examples A skeleton program would look somewhat like this (yes, pkcs#11 is verbose): -```go - p := pkcs11.New("/usr/lib/softhsm/libsofthsm.so") - err := p.Initialize() - if err != nil { - panic(err) - } - defer p.Destroy() - defer p.Finalize() +~~~ go +p := pkcs11.New("/usr/lib/softhsm/libsofthsm.so") +err := p.Initialize() +if err != nil { + panic(err) +} - slots, err := p.GetSlotList(true) - if err != nil { - panic(err) - } +defer p.Destroy() +defer p.Finalize() - session, err := p.OpenSession(slots[0], pkcs11.CKF_SERIAL_SESSION|pkcs11.CKF_RW_SESSION) - if err != nil { - panic(err) - } - defer p.CloseSession(session) +slots, err := p.GetSlotList(true) +if err != nil { + panic(err) +} - err = p.Login(session, pkcs11.CKU_USER, "1234") - if err != nil { - panic(err) - } - defer p.Logout(session) +session, err := p.OpenSession(slots[0], pkcs11.CKF_SERIAL_SESSION|pkcs11.CKF_RW_SESSION) +if err != nil { + panic(err) +} +defer p.CloseSession(session) - p.DigestInit(session, []*pkcs11.Mechanism{pkcs11.NewMechanism(pkcs11.CKM_SHA_1, nil)}) - hash, err := p.Digest(session, []byte("this is a string")) - if err != nil { - panic(err) - } +err = p.Login(session, pkcs11.CKU_USER, "1234") +if err != nil { + panic(err) +} +defer p.Logout(session) + +p.DigestInit(session, []*pkcs11.Mechanism{pkcs11.NewMechanism(pkcs11.CKM_SHA_1, nil)}) +hash, err := p.Digest(session, []byte("this is a string")) +if err != nil { + panic(err) +} + +for _, d := range hash { + fmt.Printf("%x", d) +} +fmt.Println() +~~~ - for _, d := range hash { - fmt.Printf("%x", d) - } - fmt.Println() -``` Further examples are included in the tests. -To expose PKCS#11 keys using the -[crypto.Signer interface](https://golang.org/pkg/crypto/#Signer), +To expose PKCS#11 keys using the [crypto.Signer interface](https://golang.org/pkg/crypto/#Signer), please see [github.com/thalesignite/crypto11](https://github.com/thalesignite/crypto11). - -# TODO - -* Fix/double check endian stuff, see types.go NewAttribute() -* Look at the memory copying in fast functions (sign, hash etc) diff --git a/vendor/github.com/miekg/pkcs11/const.go b/vendor/github.com/miekg/pkcs11/const.go index ab386120a6..4088561461 100644 --- a/vendor/github.com/miekg/pkcs11/const.go +++ b/vendor/github.com/miekg/pkcs11/const.go @@ -723,3 +723,14 @@ const ( CKD_NULL = 0x00000001 CKD_SHA1_KDF = 0x00000002 ) + +// Special return values defined in PKCS#11 v2.40 section 3.2. +const ( + // CK_EFFECTIVELY_INFINITE may be returned in the CK_TOKEN_INFO fields ulMaxSessionCount and ulMaxRwSessionCount. + // It indicates there is no practical limit on the number of sessions. + CK_EFFECTIVELY_INFINITE = 0 + + // CK_UNAVAILABLE_INFORMATION may be returned for several fields within CK_TOKEN_INFO. It indicates + // the token is unable or unwilling to provide the requested information. + CK_UNAVAILABLE_INFORMATION = ^uint(0) +) diff --git a/vendor/github.com/miekg/pkcs11/release.go b/vendor/github.com/miekg/pkcs11/release.go index f110043b41..4380f374d2 100644 --- a/vendor/github.com/miekg/pkcs11/release.go +++ b/vendor/github.com/miekg/pkcs11/release.go @@ -5,7 +5,7 @@ package pkcs11 import "fmt" // Release is current version of the pkcs11 library. -var Release = R{1, 0, 2} +var Release = R{1, 0, 3} // R holds the version of this library. type R struct {