mirror of https://github.com/docker/cli.git
vendor: bump miekg/pkcs11 v1.0.3
full diff: https://github.com/miekg/pkcs11/compare/v1.0.2...v1.0.3 - miekg/pkcs11#100 Add typed convenience `Find...` methods to `Session` - miekg/pkcs11#115 Add CK_EFFECTIVELY_INFINITE and CK_UNAVAILABLE_INFORMATION Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
parent
c6d10b6da0
commit
b53ffd6c1f
|
@ -43,7 +43,7 @@ github.com/mattn/go-shellwords 36a9b3c57cb5caa559ff63fb7e9b
|
||||||
github.com/matttproud/golang_protobuf_extensions c12348ce28de40eed0136aa2b644d0ee0650e56c # v1.0.1
|
github.com/matttproud/golang_protobuf_extensions c12348ce28de40eed0136aa2b644d0ee0650e56c # v1.0.1
|
||||||
github.com/Microsoft/go-winio 6c72808b55902eae4c5943626030429ff20f3b63 # v0.4.14
|
github.com/Microsoft/go-winio 6c72808b55902eae4c5943626030429ff20f3b63 # v0.4.14
|
||||||
github.com/Microsoft/hcsshim b3f49c06ffaeef24d09c6c08ec8ec8425a0303e2
|
github.com/Microsoft/hcsshim b3f49c06ffaeef24d09c6c08ec8ec8425a0303e2
|
||||||
github.com/miekg/pkcs11 cb39313ec884f2cd77f4762875fe96aecf68f8e3 # v1.0.2
|
github.com/miekg/pkcs11 210dc1e16747c5ba98a03bcbcf728c38086ea357 # v1.0.3
|
||||||
github.com/mitchellh/mapstructure f15292f7a699fcc1a38a80977f80a046874ba8ac
|
github.com/mitchellh/mapstructure f15292f7a699fcc1a38a80977f80a046874ba8ac
|
||||||
github.com/moby/buildkit 4f4e03067523b2fc5ca2f17514a5e75ad63e02fb
|
github.com/moby/buildkit 4f4e03067523b2fc5ca2f17514a5e75ad63e02fb
|
||||||
github.com/modern-go/concurrent bacd9c7ef1dd9b15be4a9909b8ac7a4e313eec94 # 1.0.3
|
github.com/modern-go/concurrent bacd9c7ef1dd9b15be4a9909b8ac7a4e313eec94 # 1.0.3
|
||||||
|
|
|
@ -1,68 +1,68 @@
|
||||||
# PKCS#11 [![Build Status](https://travis-ci.org/miekg/pkcs11.png?branch=master)](https://travis-ci.org/miekg/pkcs11) [![GoDoc](https://img.shields.io/badge/godoc-reference-blue.svg)](http://godoc.org/github.com/miekg/pkcs11)
|
# PKCS#11 [![Build Status](https://travis-ci.org/miekg/pkcs11.png?branch=master)](https://travis-ci.org/miekg/pkcs11) [![GoDoc](https://img.shields.io/badge/godoc-reference-blue.svg)](http://godoc.org/github.com/miekg/pkcs11)
|
||||||
|
|
||||||
This is a Go implementation of the PKCS#11 API. It wraps the library closely, but uses Go idiom
|
This is a Go implementation of the PKCS#11 API. It wraps the library closely, but uses Go idiom were
|
||||||
were it makes sense. It has been tested with SoftHSM.
|
it makes sense. It has been tested with SoftHSM.
|
||||||
|
|
||||||
## SoftHSM
|
## SoftHSM
|
||||||
|
|
||||||
* Make it use a custom configuration file `export SOFTHSM_CONF=$PWD/softhsm.conf`
|
* Make it use a custom configuration file `export SOFTHSM_CONF=$PWD/softhsm.conf`
|
||||||
|
|
||||||
* Then use `softhsm` to init it
|
* Then use `softhsm` to init it
|
||||||
|
|
||||||
softhsm --init-token --slot 0 --label test --pin 1234
|
~~~
|
||||||
|
softhsm --init-token --slot 0 --label test --pin 1234
|
||||||
|
~~~
|
||||||
|
|
||||||
|
* Then use `libsofthsm.so` as the pkcs11 module:
|
||||||
|
|
||||||
|
~~~ go
|
||||||
|
p := pkcs11.New("/usr/lib/softhsm/libsofthsm.so")
|
||||||
|
~~~
|
||||||
|
|
||||||
* Then use `libsofthsm.so` as the pkcs11 module:
|
|
||||||
```go
|
|
||||||
p := pkcs11.New("/usr/lib/softhsm/libsofthsm.so")
|
|
||||||
```
|
|
||||||
## Examples
|
## Examples
|
||||||
|
|
||||||
A skeleton program would look somewhat like this (yes, pkcs#11 is verbose):
|
A skeleton program would look somewhat like this (yes, pkcs#11 is verbose):
|
||||||
```go
|
|
||||||
p := pkcs11.New("/usr/lib/softhsm/libsofthsm.so")
|
|
||||||
err := p.Initialize()
|
|
||||||
if err != nil {
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
|
|
||||||
defer p.Destroy()
|
~~~ go
|
||||||
defer p.Finalize()
|
p := pkcs11.New("/usr/lib/softhsm/libsofthsm.so")
|
||||||
|
err := p.Initialize()
|
||||||
|
if err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
|
||||||
slots, err := p.GetSlotList(true)
|
defer p.Destroy()
|
||||||
if err != nil {
|
defer p.Finalize()
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
|
|
||||||
session, err := p.OpenSession(slots[0], pkcs11.CKF_SERIAL_SESSION|pkcs11.CKF_RW_SESSION)
|
slots, err := p.GetSlotList(true)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
defer p.CloseSession(session)
|
|
||||||
|
|
||||||
err = p.Login(session, pkcs11.CKU_USER, "1234")
|
session, err := p.OpenSession(slots[0], pkcs11.CKF_SERIAL_SESSION|pkcs11.CKF_RW_SESSION)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
defer p.Logout(session)
|
defer p.CloseSession(session)
|
||||||
|
|
||||||
p.DigestInit(session, []*pkcs11.Mechanism{pkcs11.NewMechanism(pkcs11.CKM_SHA_1, nil)})
|
err = p.Login(session, pkcs11.CKU_USER, "1234")
|
||||||
hash, err := p.Digest(session, []byte("this is a string"))
|
if err != nil {
|
||||||
if err != nil {
|
panic(err)
|
||||||
panic(err)
|
}
|
||||||
}
|
defer p.Logout(session)
|
||||||
|
|
||||||
|
p.DigestInit(session, []*pkcs11.Mechanism{pkcs11.NewMechanism(pkcs11.CKM_SHA_1, nil)})
|
||||||
|
hash, err := p.Digest(session, []byte("this is a string"))
|
||||||
|
if err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, d := range hash {
|
||||||
|
fmt.Printf("%x", d)
|
||||||
|
}
|
||||||
|
fmt.Println()
|
||||||
|
~~~
|
||||||
|
|
||||||
for _, d := range hash {
|
|
||||||
fmt.Printf("%x", d)
|
|
||||||
}
|
|
||||||
fmt.Println()
|
|
||||||
```
|
|
||||||
Further examples are included in the tests.
|
Further examples are included in the tests.
|
||||||
|
|
||||||
To expose PKCS#11 keys using the
|
To expose PKCS#11 keys using the [crypto.Signer interface](https://golang.org/pkg/crypto/#Signer),
|
||||||
[crypto.Signer interface](https://golang.org/pkg/crypto/#Signer),
|
|
||||||
please see [github.com/thalesignite/crypto11](https://github.com/thalesignite/crypto11).
|
please see [github.com/thalesignite/crypto11](https://github.com/thalesignite/crypto11).
|
||||||
|
|
||||||
# TODO
|
|
||||||
|
|
||||||
* Fix/double check endian stuff, see types.go NewAttribute()
|
|
||||||
* Look at the memory copying in fast functions (sign, hash etc)
|
|
||||||
|
|
|
@ -723,3 +723,14 @@ const (
|
||||||
CKD_NULL = 0x00000001
|
CKD_NULL = 0x00000001
|
||||||
CKD_SHA1_KDF = 0x00000002
|
CKD_SHA1_KDF = 0x00000002
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// Special return values defined in PKCS#11 v2.40 section 3.2.
|
||||||
|
const (
|
||||||
|
// CK_EFFECTIVELY_INFINITE may be returned in the CK_TOKEN_INFO fields ulMaxSessionCount and ulMaxRwSessionCount.
|
||||||
|
// It indicates there is no practical limit on the number of sessions.
|
||||||
|
CK_EFFECTIVELY_INFINITE = 0
|
||||||
|
|
||||||
|
// CK_UNAVAILABLE_INFORMATION may be returned for several fields within CK_TOKEN_INFO. It indicates
|
||||||
|
// the token is unable or unwilling to provide the requested information.
|
||||||
|
CK_UNAVAILABLE_INFORMATION = ^uint(0)
|
||||||
|
)
|
||||||
|
|
|
@ -5,7 +5,7 @@ package pkcs11
|
||||||
import "fmt"
|
import "fmt"
|
||||||
|
|
||||||
// Release is current version of the pkcs11 library.
|
// Release is current version of the pkcs11 library.
|
||||||
var Release = R{1, 0, 2}
|
var Release = R{1, 0, 3}
|
||||||
|
|
||||||
// R holds the version of this library.
|
// R holds the version of this library.
|
||||||
type R struct {
|
type R struct {
|
||||||
|
|
Loading…
Reference in New Issue