mirror of https://github.com/docker/cli.git
Merge pull request #914 from justincormack/notaryup
Update Notary vendor to 0.6.0 release
This commit is contained in:
commit
f351f00f9e
|
@ -44,7 +44,7 @@ github.com/json-iterator/go 6240e1e7983a85228f7fd9c3e1b6932d46ec58e2
|
||||||
github.com/mailru/easyjson d5b7844b561a7bc640052f1b935f7b800330d7e0
|
github.com/mailru/easyjson d5b7844b561a7bc640052f1b935f7b800330d7e0
|
||||||
github.com/mattn/go-shellwords v1.0.3
|
github.com/mattn/go-shellwords v1.0.3
|
||||||
github.com/Microsoft/go-winio v0.4.6
|
github.com/Microsoft/go-winio v0.4.6
|
||||||
github.com/miekg/pkcs11 df8ae6ca730422dba20c768ff38ef7d79077a59f
|
github.com/miekg/pkcs11 5f6e0d0dad6f472df908c8e968a98ef00c9224bb
|
||||||
github.com/mitchellh/mapstructure f3009df150dadf309fdee4a54ed65c124afad715
|
github.com/mitchellh/mapstructure f3009df150dadf309fdee4a54ed65c124afad715
|
||||||
github.com/moby/buildkit aaff9d591ef128560018433fe61beb802e149de8
|
github.com/moby/buildkit aaff9d591ef128560018433fe61beb802e149de8
|
||||||
github.com/Nvveen/Gotty a8b993ba6abdb0e0c12b0125c603323a71c7790c https://github.com/ijc25/Gotty
|
github.com/Nvveen/Gotty a8b993ba6abdb0e0c12b0125c603323a71c7790c https://github.com/ijc25/Gotty
|
||||||
|
@ -62,7 +62,7 @@ github.com/sirupsen/logrus v1.0.3
|
||||||
github.com/spf13/cobra 34ceca591bcf34a17a8b7bad5b3ce5f9c165bee5
|
github.com/spf13/cobra 34ceca591bcf34a17a8b7bad5b3ce5f9c165bee5
|
||||||
github.com/spf13/pflag 97afa5e7ca8a08a383cb259e06636b5e2cc7897f
|
github.com/spf13/pflag 97afa5e7ca8a08a383cb259e06636b5e2cc7897f
|
||||||
github.com/stretchr/testify 4d4bfba8f1d1027c4fdbe371823030df51419987
|
github.com/stretchr/testify 4d4bfba8f1d1027c4fdbe371823030df51419987
|
||||||
github.com/theupdateframework/notary 05985dc5d1c71ee6c387e9cd276a00b9d424af53
|
github.com/theupdateframework/notary v0.6.0
|
||||||
github.com/tonistiigi/fsutil dea3a0da73aee887fc02142d995be764106ac5e2
|
github.com/tonistiigi/fsutil dea3a0da73aee887fc02142d995be764106ac5e2
|
||||||
github.com/xeipuuv/gojsonpointer e0fe6f68307607d540ed8eac07a342c33fa1b54a
|
github.com/xeipuuv/gojsonpointer e0fe6f68307607d540ed8eac07a342c33fa1b54a
|
||||||
github.com/xeipuuv/gojsonreference e02fc20de94c78484cd5ffb007f8af96be030a45
|
github.com/xeipuuv/gojsonreference e02fc20de94c78484cd5ffb007f8af96be030a45
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# PKCS#11 [![Build Status](https://travis-ci.org/miekg/pkcs11.png?branch=master)](https://travis-ci.org/miekg/pkcs11)
|
# PKCS#11 [![Build Status](https://travis-ci.org/miekg/pkcs11.png?branch=master)](https://travis-ci.org/miekg/pkcs11) [![GoDoc](https://img.shields.io/badge/godoc-reference-blue.svg)](http://godoc.org/github.com/miekg/pkcs11)
|
||||||
|
|
||||||
This is a Go implementation of the PKCS#11 API. It wraps the library closely, but uses Go idiom
|
This is a Go implementation of the PKCS#11 API. It wraps the library closely, but uses Go idiom
|
||||||
were it makes sense. It has been tested with SoftHSM.
|
were it makes sense. It has been tested with SoftHSM.
|
||||||
|
@ -58,6 +58,10 @@ A skeleton program would look somewhat like this (yes, pkcs#11 is verbose):
|
||||||
|
|
||||||
Further examples are included in the tests.
|
Further examples are included in the tests.
|
||||||
|
|
||||||
|
To expose PKCS#11 keys using the
|
||||||
|
[crypto.Signer interface](https://golang.org/pkg/crypto/#Signer),
|
||||||
|
please see [github.com/thalesignite/crypto11](https://github.com/thalesignite/crypto11).
|
||||||
|
|
||||||
# TODO
|
# TODO
|
||||||
|
|
||||||
* Fix/double check endian stuff, see types.go NewAttribute()
|
* Fix/double check endian stuff, see types.go NewAttribute()
|
||||||
|
|
|
@ -23,7 +23,19 @@ const (
|
||||||
CKO_VENDOR_DEFINED uint = 0x80000000
|
CKO_VENDOR_DEFINED uint = 0x80000000
|
||||||
)
|
)
|
||||||
|
|
||||||
// Generated with: awk '/#define CK[AFKMRC]/{ print $2 "=" $3 }' pkcs11t.h
|
const (
|
||||||
|
CKG_MGF1_SHA1 uint = 0x00000001
|
||||||
|
CKG_MGF1_SHA224 uint = 0x00000005
|
||||||
|
CKG_MGF1_SHA256 uint = 0x00000002
|
||||||
|
CKG_MGF1_SHA384 uint = 0x00000003
|
||||||
|
CKG_MGF1_SHA512 uint = 0x00000004
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
CKZ_DATA_SPECIFIED uint = 0x00000001
|
||||||
|
)
|
||||||
|
|
||||||
|
// Generated with: awk '/#define CK[AFKMRC]/{ print $2 " = " $3 }' pkcs11t.h | sed -e 's/UL$//g' -e 's/UL)$/)/g'
|
||||||
|
|
||||||
// All the flag (CKF_), attribute (CKA_), error code (CKR_), key type (CKK_), certificate type (CKC_) and
|
// All the flag (CKF_), attribute (CKA_), error code (CKR_), key type (CKK_), certificate type (CKC_) and
|
||||||
// mechanism (CKM_) constants as defined in PKCS#11.
|
// mechanism (CKM_) constants as defined in PKCS#11.
|
||||||
|
@ -49,6 +61,7 @@ const (
|
||||||
CKF_SO_PIN_FINAL_TRY = 0x00200000
|
CKF_SO_PIN_FINAL_TRY = 0x00200000
|
||||||
CKF_SO_PIN_LOCKED = 0x00400000
|
CKF_SO_PIN_LOCKED = 0x00400000
|
||||||
CKF_SO_PIN_TO_BE_CHANGED = 0x00800000
|
CKF_SO_PIN_TO_BE_CHANGED = 0x00800000
|
||||||
|
CKF_ERROR_STATE = 0x01000000
|
||||||
CKF_RW_SESSION = 0x00000002
|
CKF_RW_SESSION = 0x00000002
|
||||||
CKF_SERIAL_SESSION = 0x00000004
|
CKF_SERIAL_SESSION = 0x00000004
|
||||||
CKK_RSA = 0x00000000
|
CKK_RSA = 0x00000000
|
||||||
|
@ -82,6 +95,18 @@ const (
|
||||||
CKK_ACTI = 0x00000024
|
CKK_ACTI = 0x00000024
|
||||||
CKK_CAMELLIA = 0x00000025
|
CKK_CAMELLIA = 0x00000025
|
||||||
CKK_ARIA = 0x00000026
|
CKK_ARIA = 0x00000026
|
||||||
|
CKK_SHA512_224_HMAC = 0x00000027
|
||||||
|
CKK_SHA512_256_HMAC = 0x00000028
|
||||||
|
CKK_SHA512_T_HMAC = 0x00000029
|
||||||
|
CKK_SHA_1_HMAC = 0x00000028
|
||||||
|
CKK_SHA224_HMAC = 0x0000002E
|
||||||
|
CKK_SHA256_HMAC = 0x0000002B
|
||||||
|
CKK_SHA384_HMAC = 0x0000002C
|
||||||
|
CKK_SHA512_HMAC = 0x0000002D
|
||||||
|
CKK_SEED = 0x00000050
|
||||||
|
CKK_GOSTR3410 = 0x00000060
|
||||||
|
CKK_GOSTR3411 = 0x00000061
|
||||||
|
CKK_GOST28147 = 0x00000062
|
||||||
CKK_VENDOR_DEFINED = 0x80000000
|
CKK_VENDOR_DEFINED = 0x80000000
|
||||||
CKC_X_509 = 0x00000000
|
CKC_X_509 = 0x00000000
|
||||||
CKC_X_509_ATTR_CERT = 0x00000001
|
CKC_X_509_ATTR_CERT = 0x00000001
|
||||||
|
@ -107,6 +132,7 @@ const (
|
||||||
CKA_URL = 0x00000089
|
CKA_URL = 0x00000089
|
||||||
CKA_HASH_OF_SUBJECT_PUBLIC_KEY = 0x0000008A
|
CKA_HASH_OF_SUBJECT_PUBLIC_KEY = 0x0000008A
|
||||||
CKA_HASH_OF_ISSUER_PUBLIC_KEY = 0x0000008B
|
CKA_HASH_OF_ISSUER_PUBLIC_KEY = 0x0000008B
|
||||||
|
CKA_NAME_HASH_ALGORITHM = 0x0000008C
|
||||||
CKA_CHECK_VALUE = 0x00000090
|
CKA_CHECK_VALUE = 0x00000090
|
||||||
CKA_KEY_TYPE = 0x00000100
|
CKA_KEY_TYPE = 0x00000100
|
||||||
CKA_SUBJECT = 0x00000101
|
CKA_SUBJECT = 0x00000101
|
||||||
|
@ -132,6 +158,7 @@ const (
|
||||||
CKA_EXPONENT_1 = 0x00000126
|
CKA_EXPONENT_1 = 0x00000126
|
||||||
CKA_EXPONENT_2 = 0x00000127
|
CKA_EXPONENT_2 = 0x00000127
|
||||||
CKA_COEFFICIENT = 0x00000128
|
CKA_COEFFICIENT = 0x00000128
|
||||||
|
CKA_PUBLIC_KEY_INFO = 0x00000129
|
||||||
CKA_PRIME = 0x00000130
|
CKA_PRIME = 0x00000130
|
||||||
CKA_SUBPRIME = 0x00000131
|
CKA_SUBPRIME = 0x00000131
|
||||||
CKA_BASE = 0x00000132
|
CKA_BASE = 0x00000132
|
||||||
|
@ -146,6 +173,8 @@ const (
|
||||||
CKA_ALWAYS_SENSITIVE = 0x00000165
|
CKA_ALWAYS_SENSITIVE = 0x00000165
|
||||||
CKA_KEY_GEN_MECHANISM = 0x00000166
|
CKA_KEY_GEN_MECHANISM = 0x00000166
|
||||||
CKA_MODIFIABLE = 0x00000170
|
CKA_MODIFIABLE = 0x00000170
|
||||||
|
CKA_COPYABLE = 0x00000171
|
||||||
|
CKA_DESTROYABLE = 0x00000172
|
||||||
CKA_ECDSA_PARAMS = 0x00000180
|
CKA_ECDSA_PARAMS = 0x00000180
|
||||||
CKA_EC_PARAMS = 0x00000180
|
CKA_EC_PARAMS = 0x00000180
|
||||||
CKA_EC_POINT = 0x00000181
|
CKA_EC_POINT = 0x00000181
|
||||||
|
@ -169,6 +198,9 @@ const (
|
||||||
CKA_OTP_SERVICE_IDENTIFIER = 0x0000022B
|
CKA_OTP_SERVICE_IDENTIFIER = 0x0000022B
|
||||||
CKA_OTP_SERVICE_LOGO = 0x0000022C
|
CKA_OTP_SERVICE_LOGO = 0x0000022C
|
||||||
CKA_OTP_SERVICE_LOGO_TYPE = 0x0000022D
|
CKA_OTP_SERVICE_LOGO_TYPE = 0x0000022D
|
||||||
|
CKA_GOSTR3410_PARAMS = 0x00000250
|
||||||
|
CKA_GOSTR3411_PARAMS = 0x00000251
|
||||||
|
CKA_GOST28147_PARAMS = 0x00000252
|
||||||
CKA_HW_FEATURE_TYPE = 0x00000300
|
CKA_HW_FEATURE_TYPE = 0x00000300
|
||||||
CKA_RESET_ON_INIT = 0x00000301
|
CKA_RESET_ON_INIT = 0x00000301
|
||||||
CKA_HAS_RESET = 0x00000302
|
CKA_HAS_RESET = 0x00000302
|
||||||
|
@ -206,6 +238,11 @@ const (
|
||||||
CKM_DSA_KEY_PAIR_GEN = 0x00000010
|
CKM_DSA_KEY_PAIR_GEN = 0x00000010
|
||||||
CKM_DSA = 0x00000011
|
CKM_DSA = 0x00000011
|
||||||
CKM_DSA_SHA1 = 0x00000012
|
CKM_DSA_SHA1 = 0x00000012
|
||||||
|
CKM_DSA_FIPS_G_GEN = 0x00000013
|
||||||
|
CKM_DSA_SHA224 = 0x00000014
|
||||||
|
CKM_DSA_SHA256 = 0x00000015
|
||||||
|
CKM_DSA_SHA384 = 0x00000016
|
||||||
|
CKM_DSA_SHA512 = 0x00000017
|
||||||
CKM_DH_PKCS_KEY_PAIR_GEN = 0x00000020
|
CKM_DH_PKCS_KEY_PAIR_GEN = 0x00000020
|
||||||
CKM_DH_PKCS_DERIVE = 0x00000021
|
CKM_DH_PKCS_DERIVE = 0x00000021
|
||||||
CKM_X9_42_DH_KEY_PAIR_GEN = 0x00000030
|
CKM_X9_42_DH_KEY_PAIR_GEN = 0x00000030
|
||||||
|
@ -220,6 +257,18 @@ const (
|
||||||
CKM_SHA512_RSA_PKCS_PSS = 0x00000045
|
CKM_SHA512_RSA_PKCS_PSS = 0x00000045
|
||||||
CKM_SHA224_RSA_PKCS = 0x00000046
|
CKM_SHA224_RSA_PKCS = 0x00000046
|
||||||
CKM_SHA224_RSA_PKCS_PSS = 0x00000047
|
CKM_SHA224_RSA_PKCS_PSS = 0x00000047
|
||||||
|
CKM_SHA512_224 = 0x00000048
|
||||||
|
CKM_SHA512_224_HMAC = 0x00000049
|
||||||
|
CKM_SHA512_224_HMAC_GENERAL = 0x0000004A
|
||||||
|
CKM_SHA512_224_KEY_DERIVATION = 0x0000004B
|
||||||
|
CKM_SHA512_256 = 0x0000004C
|
||||||
|
CKM_SHA512_256_HMAC = 0x0000004D
|
||||||
|
CKM_SHA512_256_HMAC_GENERAL = 0x0000004E
|
||||||
|
CKM_SHA512_256_KEY_DERIVATION = 0x0000004F
|
||||||
|
CKM_SHA512_T = 0x00000050
|
||||||
|
CKM_SHA512_T_HMAC = 0x00000051
|
||||||
|
CKM_SHA512_T_HMAC_GENERAL = 0x00000052
|
||||||
|
CKM_SHA512_T_KEY_DERIVATION = 0x00000053
|
||||||
CKM_RC2_KEY_GEN = 0x00000100
|
CKM_RC2_KEY_GEN = 0x00000100
|
||||||
CKM_RC2_ECB = 0x00000101
|
CKM_RC2_ECB = 0x00000101
|
||||||
CKM_RC2_CBC = 0x00000102
|
CKM_RC2_CBC = 0x00000102
|
||||||
|
@ -241,6 +290,8 @@ const (
|
||||||
CKM_DES3_MAC = 0x00000134
|
CKM_DES3_MAC = 0x00000134
|
||||||
CKM_DES3_MAC_GENERAL = 0x00000135
|
CKM_DES3_MAC_GENERAL = 0x00000135
|
||||||
CKM_DES3_CBC_PAD = 0x00000136
|
CKM_DES3_CBC_PAD = 0x00000136
|
||||||
|
CKM_DES3_CMAC_GENERAL = 0x00000137
|
||||||
|
CKM_DES3_CMAC = 0x00000138
|
||||||
CKM_CDMF_KEY_GEN = 0x00000140
|
CKM_CDMF_KEY_GEN = 0x00000140
|
||||||
CKM_CDMF_ECB = 0x00000141
|
CKM_CDMF_ECB = 0x00000141
|
||||||
CKM_CDMF_CBC = 0x00000142
|
CKM_CDMF_CBC = 0x00000142
|
||||||
|
@ -366,6 +417,16 @@ const (
|
||||||
CKM_WTLS_PRF = 0x000003D3
|
CKM_WTLS_PRF = 0x000003D3
|
||||||
CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE = 0x000003D4
|
CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE = 0x000003D4
|
||||||
CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE = 0x000003D5
|
CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE = 0x000003D5
|
||||||
|
CKM_TLS10_MAC_SERVER = 0x000003D6
|
||||||
|
CKM_TLS10_MAC_CLIENT = 0x000003D7
|
||||||
|
CKM_TLS12_MAC = 0x000003D8
|
||||||
|
CKM_TLS12_KDF = 0x000003D9
|
||||||
|
CKM_TLS12_MASTER_KEY_DERIVE = 0x000003E0
|
||||||
|
CKM_TLS12_KEY_AND_MAC_DERIVE = 0x000003E1
|
||||||
|
CKM_TLS12_MASTER_KEY_DERIVE_DH = 0x000003E2
|
||||||
|
CKM_TLS12_KEY_SAFE_DERIVE = 0x000003E3
|
||||||
|
CKM_TLS_MAC = 0x000003E4
|
||||||
|
CKM_TLS_KDF = 0x000003E5
|
||||||
CKM_KEY_WRAP_LYNKS = 0x00000400
|
CKM_KEY_WRAP_LYNKS = 0x00000400
|
||||||
CKM_KEY_WRAP_SET_OAEP = 0x00000401
|
CKM_KEY_WRAP_SET_OAEP = 0x00000401
|
||||||
CKM_CMS_SIG = 0x00000500
|
CKM_CMS_SIG = 0x00000500
|
||||||
|
@ -389,6 +450,14 @@ const (
|
||||||
CKM_ARIA_CBC_PAD = 0x00000565
|
CKM_ARIA_CBC_PAD = 0x00000565
|
||||||
CKM_ARIA_ECB_ENCRYPT_DATA = 0x00000566
|
CKM_ARIA_ECB_ENCRYPT_DATA = 0x00000566
|
||||||
CKM_ARIA_CBC_ENCRYPT_DATA = 0x00000567
|
CKM_ARIA_CBC_ENCRYPT_DATA = 0x00000567
|
||||||
|
CKM_SEED_KEY_GEN = 0x00000650
|
||||||
|
CKM_SEED_ECB = 0x00000651
|
||||||
|
CKM_SEED_CBC = 0x00000652
|
||||||
|
CKM_SEED_MAC = 0x00000653
|
||||||
|
CKM_SEED_MAC_GENERAL = 0x00000654
|
||||||
|
CKM_SEED_CBC_PAD = 0x00000655
|
||||||
|
CKM_SEED_ECB_ENCRYPT_DATA = 0x00000656
|
||||||
|
CKM_SEED_CBC_ENCRYPT_DATA = 0x00000657
|
||||||
CKM_SKIPJACK_KEY_GEN = 0x00001000
|
CKM_SKIPJACK_KEY_GEN = 0x00001000
|
||||||
CKM_SKIPJACK_ECB64 = 0x00001001
|
CKM_SKIPJACK_ECB64 = 0x00001001
|
||||||
CKM_SKIPJACK_CBC64 = 0x00001002
|
CKM_SKIPJACK_CBC64 = 0x00001002
|
||||||
|
@ -402,6 +471,7 @@ const (
|
||||||
CKM_SKIPJACK_RELAYX = 0x0000100a
|
CKM_SKIPJACK_RELAYX = 0x0000100a
|
||||||
CKM_KEA_KEY_PAIR_GEN = 0x00001010
|
CKM_KEA_KEY_PAIR_GEN = 0x00001010
|
||||||
CKM_KEA_KEY_DERIVE = 0x00001011
|
CKM_KEA_KEY_DERIVE = 0x00001011
|
||||||
|
CKM_KEA_DERIVE = 0x00001012
|
||||||
CKM_FORTEZZA_TIMESTAMP = 0x00001020
|
CKM_FORTEZZA_TIMESTAMP = 0x00001020
|
||||||
CKM_BATON_KEY_GEN = 0x00001030
|
CKM_BATON_KEY_GEN = 0x00001030
|
||||||
CKM_BATON_ECB128 = 0x00001031
|
CKM_BATON_ECB128 = 0x00001031
|
||||||
|
@ -414,9 +484,15 @@ const (
|
||||||
CKM_EC_KEY_PAIR_GEN = 0x00001040
|
CKM_EC_KEY_PAIR_GEN = 0x00001040
|
||||||
CKM_ECDSA = 0x00001041
|
CKM_ECDSA = 0x00001041
|
||||||
CKM_ECDSA_SHA1 = 0x00001042
|
CKM_ECDSA_SHA1 = 0x00001042
|
||||||
|
CKM_ECDSA_SHA224 = 0x00001043
|
||||||
|
CKM_ECDSA_SHA256 = 0x00001044
|
||||||
|
CKM_ECDSA_SHA384 = 0x00001045
|
||||||
|
CKM_ECDSA_SHA512 = 0x00001046
|
||||||
CKM_ECDH1_DERIVE = 0x00001050
|
CKM_ECDH1_DERIVE = 0x00001050
|
||||||
CKM_ECDH1_COFACTOR_DERIVE = 0x00001051
|
CKM_ECDH1_COFACTOR_DERIVE = 0x00001051
|
||||||
CKM_ECMQV_DERIVE = 0x00001052
|
CKM_ECMQV_DERIVE = 0x00001052
|
||||||
|
CKM_ECDH_AES_KEY_WRAP = 0x00001053
|
||||||
|
CKM_RSA_AES_KEY_WRAP = 0x00001054
|
||||||
CKM_JUNIPER_KEY_GEN = 0x00001060
|
CKM_JUNIPER_KEY_GEN = 0x00001060
|
||||||
CKM_JUNIPER_ECB128 = 0x00001061
|
CKM_JUNIPER_ECB128 = 0x00001061
|
||||||
CKM_JUNIPER_CBC128 = 0x00001062
|
CKM_JUNIPER_CBC128 = 0x00001062
|
||||||
|
@ -431,19 +507,52 @@ const (
|
||||||
CKM_AES_MAC_GENERAL = 0x00001084
|
CKM_AES_MAC_GENERAL = 0x00001084
|
||||||
CKM_AES_CBC_PAD = 0x00001085
|
CKM_AES_CBC_PAD = 0x00001085
|
||||||
CKM_AES_CTR = 0x00001086
|
CKM_AES_CTR = 0x00001086
|
||||||
|
CKM_AES_GCM = 0x00001087
|
||||||
|
CKM_AES_CCM = 0x00001088
|
||||||
|
CKM_AES_CMAC_GENERAL = 0x00001089
|
||||||
|
CKM_AES_CMAC = 0x0000108A
|
||||||
|
CKM_AES_CTS = 0x0000108B
|
||||||
|
CKM_AES_XCBC_MAC = 0x0000108C
|
||||||
|
CKM_AES_XCBC_MAC_96 = 0x0000108D
|
||||||
|
CKM_AES_GMAC = 0x0000108E
|
||||||
CKM_BLOWFISH_KEY_GEN = 0x00001090
|
CKM_BLOWFISH_KEY_GEN = 0x00001090
|
||||||
CKM_BLOWFISH_CBC = 0x00001091
|
CKM_BLOWFISH_CBC = 0x00001091
|
||||||
CKM_TWOFISH_KEY_GEN = 0x00001092
|
CKM_TWOFISH_KEY_GEN = 0x00001092
|
||||||
CKM_TWOFISH_CBC = 0x00001093
|
CKM_TWOFISH_CBC = 0x00001093
|
||||||
|
CKM_BLOWFISH_CBC_PAD = 0x00001094
|
||||||
|
CKM_TWOFISH_CBC_PAD = 0x00001095
|
||||||
CKM_DES_ECB_ENCRYPT_DATA = 0x00001100
|
CKM_DES_ECB_ENCRYPT_DATA = 0x00001100
|
||||||
CKM_DES_CBC_ENCRYPT_DATA = 0x00001101
|
CKM_DES_CBC_ENCRYPT_DATA = 0x00001101
|
||||||
CKM_DES3_ECB_ENCRYPT_DATA = 0x00001102
|
CKM_DES3_ECB_ENCRYPT_DATA = 0x00001102
|
||||||
CKM_DES3_CBC_ENCRYPT_DATA = 0x00001103
|
CKM_DES3_CBC_ENCRYPT_DATA = 0x00001103
|
||||||
CKM_AES_ECB_ENCRYPT_DATA = 0x00001104
|
CKM_AES_ECB_ENCRYPT_DATA = 0x00001104
|
||||||
CKM_AES_CBC_ENCRYPT_DATA = 0x00001105
|
CKM_AES_CBC_ENCRYPT_DATA = 0x00001105
|
||||||
|
CKM_GOSTR3410_KEY_PAIR_GEN = 0x00001200
|
||||||
|
CKM_GOSTR3410 = 0x00001201
|
||||||
|
CKM_GOSTR3410_WITH_GOSTR3411 = 0x00001202
|
||||||
|
CKM_GOSTR3410_KEY_WRAP = 0x00001203
|
||||||
|
CKM_GOSTR3410_DERIVE = 0x00001204
|
||||||
|
CKM_GOSTR3411 = 0x00001210
|
||||||
|
CKM_GOSTR3411_HMAC = 0x00001211
|
||||||
|
CKM_GOST28147_KEY_GEN = 0x00001220
|
||||||
|
CKM_GOST28147_ECB = 0x00001221
|
||||||
|
CKM_GOST28147 = 0x00001222
|
||||||
|
CKM_GOST28147_MAC = 0x00001223
|
||||||
|
CKM_GOST28147_KEY_WRAP = 0x00001224
|
||||||
CKM_DSA_PARAMETER_GEN = 0x00002000
|
CKM_DSA_PARAMETER_GEN = 0x00002000
|
||||||
CKM_DH_PKCS_PARAMETER_GEN = 0x00002001
|
CKM_DH_PKCS_PARAMETER_GEN = 0x00002001
|
||||||
CKM_X9_42_DH_PARAMETER_GEN = 0x00002002
|
CKM_X9_42_DH_PARAMETER_GEN = 0x00002002
|
||||||
|
CKM_DSA_PROBABLISTIC_PARAMETER_GEN = 0x00002003
|
||||||
|
CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN = 0x00002004
|
||||||
|
CKM_AES_OFB = 0x00002104
|
||||||
|
CKM_AES_CFB64 = 0x00002105
|
||||||
|
CKM_AES_CFB8 = 0x00002106
|
||||||
|
CKM_AES_CFB128 = 0x00002107
|
||||||
|
CKM_AES_CFB1 = 0x00002108
|
||||||
|
CKM_AES_KEY_WRAP = 0x00002109
|
||||||
|
CKM_AES_KEY_WRAP_PAD = 0x0000210A
|
||||||
|
CKM_RSA_PKCS_TPM_1_1 = 0x00004001
|
||||||
|
CKM_RSA_PKCS_OAEP_TPM_1_1 = 0x00004002
|
||||||
CKM_VENDOR_DEFINED = 0x80000000
|
CKM_VENDOR_DEFINED = 0x80000000
|
||||||
CKF_HW = 0x00000001
|
CKF_HW = 0x00000001
|
||||||
CKF_ENCRYPT = 0x00000100
|
CKF_ENCRYPT = 0x00000100
|
||||||
|
@ -479,6 +588,7 @@ const (
|
||||||
CKR_ATTRIBUTE_SENSITIVE = 0x00000011
|
CKR_ATTRIBUTE_SENSITIVE = 0x00000011
|
||||||
CKR_ATTRIBUTE_TYPE_INVALID = 0x00000012
|
CKR_ATTRIBUTE_TYPE_INVALID = 0x00000012
|
||||||
CKR_ATTRIBUTE_VALUE_INVALID = 0x00000013
|
CKR_ATTRIBUTE_VALUE_INVALID = 0x00000013
|
||||||
|
CKR_ACTION_PROHIBITED = 0x0000001B
|
||||||
CKR_DATA_INVALID = 0x00000020
|
CKR_DATA_INVALID = 0x00000020
|
||||||
CKR_DATA_LEN_RANGE = 0x00000021
|
CKR_DATA_LEN_RANGE = 0x00000021
|
||||||
CKR_DEVICE_ERROR = 0x00000030
|
CKR_DEVICE_ERROR = 0x00000030
|
||||||
|
@ -541,6 +651,7 @@ const (
|
||||||
CKR_RANDOM_SEED_NOT_SUPPORTED = 0x00000120
|
CKR_RANDOM_SEED_NOT_SUPPORTED = 0x00000120
|
||||||
CKR_RANDOM_NO_RNG = 0x00000121
|
CKR_RANDOM_NO_RNG = 0x00000121
|
||||||
CKR_DOMAIN_PARAMS_INVALID = 0x00000130
|
CKR_DOMAIN_PARAMS_INVALID = 0x00000130
|
||||||
|
CKR_CURVE_NOT_SUPPORTED = 0x00000140
|
||||||
CKR_BUFFER_TOO_SMALL = 0x00000150
|
CKR_BUFFER_TOO_SMALL = 0x00000150
|
||||||
CKR_SAVED_STATE_INVALID = 0x00000160
|
CKR_SAVED_STATE_INVALID = 0x00000160
|
||||||
CKR_INFORMATION_SENSITIVE = 0x00000170
|
CKR_INFORMATION_SENSITIVE = 0x00000170
|
||||||
|
@ -551,6 +662,11 @@ const (
|
||||||
CKR_MUTEX_NOT_LOCKED = 0x000001A1
|
CKR_MUTEX_NOT_LOCKED = 0x000001A1
|
||||||
CKR_NEW_PIN_MODE = 0x000001B0
|
CKR_NEW_PIN_MODE = 0x000001B0
|
||||||
CKR_NEXT_OTP = 0x000001B1
|
CKR_NEXT_OTP = 0x000001B1
|
||||||
|
CKR_EXCEEDED_MAX_ITERATIONS = 0x000001C0
|
||||||
|
CKR_FIPS_SELF_TEST_FAILED = 0x000001C1
|
||||||
|
CKR_LIBRARY_LOAD_FAILED = 0x000001C2
|
||||||
|
CKR_PIN_TOO_WEAK = 0x000001C3
|
||||||
|
CKR_PUBLIC_KEY_INVALID = 0x000001C4
|
||||||
CKR_FUNCTION_REJECTED = 0x00000200
|
CKR_FUNCTION_REJECTED = 0x00000200
|
||||||
CKR_VENDOR_DEFINED = 0x80000000
|
CKR_VENDOR_DEFINED = 0x80000000
|
||||||
CKF_LIBRARY_CANT_CREATE_OS_THREADS = 0x00000001
|
CKF_LIBRARY_CANT_CREATE_OS_THREADS = 0x00000001
|
||||||
|
|
|
@ -11,21 +11,21 @@ package pkcs11
|
||||||
// * CK_ULONG never overflows an Go int
|
// * CK_ULONG never overflows an Go int
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
#cgo windows CFLAGS: -DREPACK_STRUCTURES
|
||||||
|
#cgo windows LDFLAGS: -lltdl
|
||||||
|
#cgo linux LDFLAGS: -lltdl -ldl
|
||||||
|
#cgo darwin CFLAGS: -I/usr/local/share/libtool
|
||||||
|
#cgo darwin LDFLAGS: -lltdl -L/usr/local/lib/
|
||||||
|
#cgo openbsd CFLAGS: -I/usr/local/include/
|
||||||
|
#cgo openbsd LDFLAGS: -lltdl -L/usr/local/lib/
|
||||||
#cgo LDFLAGS: -lltdl
|
#cgo LDFLAGS: -lltdl
|
||||||
#define CK_PTR *
|
|
||||||
#ifndef NULL_PTR
|
|
||||||
#define NULL_PTR 0
|
|
||||||
#endif
|
|
||||||
#define CK_DEFINE_FUNCTION(returnType, name) returnType name
|
|
||||||
#define CK_DECLARE_FUNCTION(returnType, name) returnType name
|
|
||||||
#define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType (* name)
|
|
||||||
#define CK_CALLBACK_FUNCTION(returnType, name) returnType (* name)
|
|
||||||
|
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
|
#include <string.h>
|
||||||
#include <ltdl.h>
|
#include <ltdl.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
#include "pkcs11.h"
|
#include "pkcs11go.h"
|
||||||
|
|
||||||
struct ctx {
|
struct ctx {
|
||||||
lt_dlhandle handle;
|
lt_dlhandle handle;
|
||||||
|
@ -70,9 +70,12 @@ void Destroy(struct ctx *c)
|
||||||
free(c);
|
free(c);
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_RV Initialize(struct ctx * c, CK_VOID_PTR initArgs)
|
CK_RV Initialize(struct ctx * c)
|
||||||
{
|
{
|
||||||
return c->sym->C_Initialize(initArgs);
|
CK_C_INITIALIZE_ARGS args;
|
||||||
|
memset(&args, 0, sizeof(args));
|
||||||
|
args.flags = CKF_OS_LOCKING_OK;
|
||||||
|
return c->sym->C_Initialize(&args);
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_RV Finalize(struct ctx * c)
|
CK_RV Finalize(struct ctx * c)
|
||||||
|
@ -80,9 +83,19 @@ CK_RV Finalize(struct ctx * c)
|
||||||
return c->sym->C_Finalize(NULL);
|
return c->sym->C_Finalize(NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_RV GetInfo(struct ctx * c, CK_INFO_PTR info)
|
CK_RV GetInfo(struct ctx * c, ckInfoPtr info)
|
||||||
{
|
{
|
||||||
return c->sym->C_GetInfo(info);
|
CK_INFO p;
|
||||||
|
CK_RV e = c->sym->C_GetInfo(&p);
|
||||||
|
if (e != CKR_OK) {
|
||||||
|
return e;
|
||||||
|
}
|
||||||
|
info->cryptokiVersion = p.cryptokiVersion;
|
||||||
|
memcpy(info->manufacturerID, p.manufacturerID, sizeof(p.manufacturerID));
|
||||||
|
info->flags = p.flags;
|
||||||
|
memcpy(info->libraryDescription, p.libraryDescription, sizeof(p.libraryDescription));
|
||||||
|
info->libraryVersion = p.libraryVersion;
|
||||||
|
return e;
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_RV GetSlotList(struct ctx * c, CK_BBOOL tokenPresent,
|
CK_RV GetSlotList(struct ctx * c, CK_BBOOL tokenPresent,
|
||||||
|
@ -114,7 +127,8 @@ CK_RV GetMechanismList(struct ctx * c, CK_ULONG slotID,
|
||||||
{
|
{
|
||||||
CK_RV e =
|
CK_RV e =
|
||||||
c->sym->C_GetMechanismList((CK_SLOT_ID) slotID, NULL, mechlen);
|
c->sym->C_GetMechanismList((CK_SLOT_ID) slotID, NULL, mechlen);
|
||||||
if (e != CKR_OK) {
|
// Gemaltos PKCS11 implementation returns CKR_BUFFER_TOO_SMALL on a NULL ptr instad of CKR_OK as the spec states.
|
||||||
|
if (e != CKR_OK && e != CKR_BUFFER_TOO_SMALL) {
|
||||||
return e;
|
return e;
|
||||||
}
|
}
|
||||||
*mech = calloc(*mechlen, sizeof(CK_MECHANISM_TYPE));
|
*mech = calloc(*mechlen, sizeof(CK_MECHANISM_TYPE));
|
||||||
|
@ -222,18 +236,22 @@ CK_RV Logout(struct ctx * c, CK_SESSION_HANDLE session)
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_RV CreateObject(struct ctx * c, CK_SESSION_HANDLE session,
|
CK_RV CreateObject(struct ctx * c, CK_SESSION_HANDLE session,
|
||||||
CK_ATTRIBUTE_PTR temp, CK_ULONG tempCount,
|
ckAttrPtr temp, CK_ULONG tempCount,
|
||||||
CK_OBJECT_HANDLE_PTR obj)
|
CK_OBJECT_HANDLE_PTR obj)
|
||||||
{
|
{
|
||||||
CK_RV e = c->sym->C_CreateObject(session, temp, tempCount, obj);
|
ATTR_TO_C(tempc, temp, tempCount, NULL);
|
||||||
|
CK_RV e = c->sym->C_CreateObject(session, tempc, tempCount, obj);
|
||||||
|
ATTR_FREE(tempc);
|
||||||
return e;
|
return e;
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_RV CopyObject(struct ctx * c, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE o,
|
CK_RV CopyObject(struct ctx * c, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE o,
|
||||||
CK_ATTRIBUTE_PTR temp, CK_ULONG tempCount,
|
ckAttrPtr temp, CK_ULONG tempCount,
|
||||||
CK_OBJECT_HANDLE_PTR obj)
|
CK_OBJECT_HANDLE_PTR obj)
|
||||||
{
|
{
|
||||||
CK_RV e = c->sym->C_CopyObject(session, o, temp, tempCount, obj);
|
ATTR_TO_C(tempc, temp, tempCount, NULL);
|
||||||
|
CK_RV e = c->sym->C_CopyObject(session, o, tempc, tempCount, obj);
|
||||||
|
ATTR_FREE(tempc);
|
||||||
return e;
|
return e;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -252,39 +270,47 @@ CK_RV GetObjectSize(struct ctx * c, CK_SESSION_HANDLE session,
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_RV GetAttributeValue(struct ctx * c, CK_SESSION_HANDLE session,
|
CK_RV GetAttributeValue(struct ctx * c, CK_SESSION_HANDLE session,
|
||||||
CK_OBJECT_HANDLE object, CK_ATTRIBUTE_PTR temp,
|
CK_OBJECT_HANDLE object, ckAttrPtr temp,
|
||||||
CK_ULONG templen)
|
CK_ULONG templen)
|
||||||
{
|
{
|
||||||
|
ATTR_TO_C(tempc, temp, templen, NULL);
|
||||||
// Call for the first time, check the returned ulValue in the attributes, then
|
// Call for the first time, check the returned ulValue in the attributes, then
|
||||||
// allocate enough space and try again.
|
// allocate enough space and try again.
|
||||||
CK_RV e = c->sym->C_GetAttributeValue(session, object, temp, templen);
|
CK_RV e = c->sym->C_GetAttributeValue(session, object, tempc, templen);
|
||||||
if (e != CKR_OK) {
|
if (e != CKR_OK) {
|
||||||
|
ATTR_FREE(tempc);
|
||||||
return e;
|
return e;
|
||||||
}
|
}
|
||||||
CK_ULONG i;
|
CK_ULONG i;
|
||||||
for (i = 0; i < templen; i++) {
|
for (i = 0; i < templen; i++) {
|
||||||
if ((CK_LONG) temp[i].ulValueLen == -1) {
|
if ((CK_LONG) tempc[i].ulValueLen == -1) {
|
||||||
// either access denied or no such object
|
// either access denied or no such object
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
temp[i].pValue = calloc(temp[i].ulValueLen, sizeof(CK_BYTE));
|
tempc[i].pValue = calloc(tempc[i].ulValueLen, sizeof(CK_BYTE));
|
||||||
}
|
}
|
||||||
e = c->sym->C_GetAttributeValue(session, object, temp, templen);
|
e = c->sym->C_GetAttributeValue(session, object, tempc, templen);
|
||||||
|
ATTR_FROM_C(temp, tempc, templen);
|
||||||
|
ATTR_FREE(tempc);
|
||||||
return e;
|
return e;
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_RV SetAttributeValue(struct ctx * c, CK_SESSION_HANDLE session,
|
CK_RV SetAttributeValue(struct ctx * c, CK_SESSION_HANDLE session,
|
||||||
CK_OBJECT_HANDLE object, CK_ATTRIBUTE_PTR temp,
|
CK_OBJECT_HANDLE object, ckAttrPtr temp,
|
||||||
CK_ULONG templen)
|
CK_ULONG templen)
|
||||||
{
|
{
|
||||||
CK_RV e = c->sym->C_SetAttributeValue(session, object, temp, templen);
|
ATTR_TO_C(tempc, temp, templen, NULL);
|
||||||
|
CK_RV e = c->sym->C_SetAttributeValue(session, object, tempc, templen);
|
||||||
|
ATTR_FREE(tempc);
|
||||||
return e;
|
return e;
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_RV FindObjectsInit(struct ctx * c, CK_SESSION_HANDLE session,
|
CK_RV FindObjectsInit(struct ctx * c, CK_SESSION_HANDLE session,
|
||||||
CK_ATTRIBUTE_PTR temp, CK_ULONG tempCount)
|
ckAttrPtr temp, CK_ULONG tempCount)
|
||||||
{
|
{
|
||||||
CK_RV e = c->sym->C_FindObjectsInit(session, temp, tempCount);
|
ATTR_TO_C(tempc, temp, tempCount, NULL);
|
||||||
|
CK_RV e = c->sym->C_FindObjectsInit(session, tempc, tempCount);
|
||||||
|
ATTR_FREE(tempc);
|
||||||
return e;
|
return e;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -304,9 +330,10 @@ CK_RV FindObjectsFinal(struct ctx * c, CK_SESSION_HANDLE session)
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_RV EncryptInit(struct ctx * c, CK_SESSION_HANDLE session,
|
CK_RV EncryptInit(struct ctx * c, CK_SESSION_HANDLE session,
|
||||||
CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE key)
|
ckMechPtr mechanism, CK_OBJECT_HANDLE key)
|
||||||
{
|
{
|
||||||
CK_RV e = c->sym->C_EncryptInit(session, mechanism, key);
|
MECH_TO_C(m, mechanism);
|
||||||
|
CK_RV e = c->sym->C_EncryptInit(session, m, key);
|
||||||
return e;
|
return e;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -359,9 +386,10 @@ CK_RV EncryptFinal(struct ctx * c, CK_SESSION_HANDLE session,
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_RV DecryptInit(struct ctx * c, CK_SESSION_HANDLE session,
|
CK_RV DecryptInit(struct ctx * c, CK_SESSION_HANDLE session,
|
||||||
CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE key)
|
ckMechPtr mechanism, CK_OBJECT_HANDLE key)
|
||||||
{
|
{
|
||||||
CK_RV e = c->sym->C_DecryptInit(session, mechanism, key);
|
MECH_TO_C(m, mechanism);
|
||||||
|
CK_RV e = c->sym->C_DecryptInit(session, m, key);
|
||||||
return e;
|
return e;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -414,9 +442,10 @@ CK_RV DecryptFinal(struct ctx * c, CK_SESSION_HANDLE session,
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_RV DigestInit(struct ctx * c, CK_SESSION_HANDLE session,
|
CK_RV DigestInit(struct ctx * c, CK_SESSION_HANDLE session,
|
||||||
CK_MECHANISM_PTR mechanism)
|
ckMechPtr mechanism)
|
||||||
{
|
{
|
||||||
CK_RV e = c->sym->C_DigestInit(session, mechanism);
|
MECH_TO_C(m, mechanism);
|
||||||
|
CK_RV e = c->sym->C_DigestInit(session, m);
|
||||||
return e;
|
return e;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -464,9 +493,10 @@ CK_RV DigestFinal(struct ctx * c, CK_SESSION_HANDLE session, CK_BYTE_PTR * hash,
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_RV SignInit(struct ctx * c, CK_SESSION_HANDLE session,
|
CK_RV SignInit(struct ctx * c, CK_SESSION_HANDLE session,
|
||||||
CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE key)
|
ckMechPtr mechanism, CK_OBJECT_HANDLE key)
|
||||||
{
|
{
|
||||||
CK_RV e = c->sym->C_SignInit(session, mechanism, key);
|
MECH_TO_C(m, mechanism);
|
||||||
|
CK_RV e = c->sym->C_SignInit(session, m, key);
|
||||||
return e;
|
return e;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -508,9 +538,10 @@ CK_RV SignFinal(struct ctx * c, CK_SESSION_HANDLE session, CK_BYTE_PTR * sig,
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_RV SignRecoverInit(struct ctx * c, CK_SESSION_HANDLE session,
|
CK_RV SignRecoverInit(struct ctx * c, CK_SESSION_HANDLE session,
|
||||||
CK_MECHANISM_PTR mech, CK_OBJECT_HANDLE key)
|
ckMechPtr mech, CK_OBJECT_HANDLE key)
|
||||||
{
|
{
|
||||||
CK_RV rv = c->sym->C_SignRecoverInit(session, mech, key);
|
MECH_TO_C(m, mech);
|
||||||
|
CK_RV rv = c->sym->C_SignRecoverInit(session, m, key);
|
||||||
return rv;
|
return rv;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -530,9 +561,10 @@ CK_RV SignRecover(struct ctx * c, CK_SESSION_HANDLE session, CK_BYTE_PTR data,
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_RV VerifyInit(struct ctx * c, CK_SESSION_HANDLE session,
|
CK_RV VerifyInit(struct ctx * c, CK_SESSION_HANDLE session,
|
||||||
CK_MECHANISM_PTR mech, CK_OBJECT_HANDLE key)
|
ckMechPtr mech, CK_OBJECT_HANDLE key)
|
||||||
{
|
{
|
||||||
CK_RV rv = c->sym->C_VerifyInit(session, mech, key);
|
MECH_TO_C(m, mech);
|
||||||
|
CK_RV rv = c->sym->C_VerifyInit(session, m, key);
|
||||||
return rv;
|
return rv;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -558,9 +590,10 @@ CK_RV VerifyFinal(struct ctx * c, CK_SESSION_HANDLE session, CK_BYTE_PTR sig,
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_RV VerifyRecoverInit(struct ctx * c, CK_SESSION_HANDLE session,
|
CK_RV VerifyRecoverInit(struct ctx * c, CK_SESSION_HANDLE session,
|
||||||
CK_MECHANISM_PTR mech, CK_OBJECT_HANDLE key)
|
ckMechPtr mech, CK_OBJECT_HANDLE key)
|
||||||
{
|
{
|
||||||
CK_RV rv = c->sym->C_VerifyRecoverInit(session, mech, key);
|
MECH_TO_C(m, mech);
|
||||||
|
CK_RV rv = c->sym->C_VerifyRecoverInit(session, m, key);
|
||||||
return rv;
|
return rv;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -653,33 +686,39 @@ CK_RV DecryptVerifyUpdate(struct ctx * c, CK_SESSION_HANDLE session,
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_RV GenerateKey(struct ctx * c, CK_SESSION_HANDLE session,
|
CK_RV GenerateKey(struct ctx * c, CK_SESSION_HANDLE session,
|
||||||
CK_MECHANISM_PTR mechanism, CK_ATTRIBUTE_PTR temp,
|
ckMechPtr mechanism, ckAttrPtr temp,
|
||||||
CK_ULONG tempCount, CK_OBJECT_HANDLE_PTR key)
|
CK_ULONG tempCount, CK_OBJECT_HANDLE_PTR key)
|
||||||
{
|
{
|
||||||
CK_RV e =
|
MECH_TO_C(m, mechanism);
|
||||||
c->sym->C_GenerateKey(session, mechanism, temp, tempCount, key);
|
ATTR_TO_C(tempc, temp, tempCount, NULL);
|
||||||
|
CK_RV e = c->sym->C_GenerateKey(session, m, tempc, tempCount, key);
|
||||||
|
ATTR_FREE(tempc);
|
||||||
return e;
|
return e;
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_RV GenerateKeyPair(struct ctx * c, CK_SESSION_HANDLE session,
|
CK_RV GenerateKeyPair(struct ctx * c, CK_SESSION_HANDLE session,
|
||||||
CK_MECHANISM_PTR mechanism, CK_ATTRIBUTE_PTR pub,
|
ckMechPtr mechanism, ckAttrPtr pub,
|
||||||
CK_ULONG pubCount, CK_ATTRIBUTE_PTR priv,
|
CK_ULONG pubCount, ckAttrPtr priv,
|
||||||
CK_ULONG privCount, CK_OBJECT_HANDLE_PTR pubkey,
|
CK_ULONG privCount, CK_OBJECT_HANDLE_PTR pubkey,
|
||||||
CK_OBJECT_HANDLE_PTR privkey)
|
CK_OBJECT_HANDLE_PTR privkey)
|
||||||
{
|
{
|
||||||
CK_RV e =
|
MECH_TO_C(m, mechanism);
|
||||||
c->sym->C_GenerateKeyPair(session, mechanism, pub, pubCount, priv,
|
ATTR_TO_C(pubc, pub, pubCount, NULL);
|
||||||
privCount,
|
ATTR_TO_C(privc, priv, privCount, pubc);
|
||||||
pubkey, privkey);
|
CK_RV e = c->sym->C_GenerateKeyPair(session, m, pubc, pubCount,
|
||||||
|
privc, privCount, pubkey, privkey);
|
||||||
|
ATTR_FREE(pubc);
|
||||||
|
ATTR_FREE(privc);
|
||||||
return e;
|
return e;
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_RV WrapKey(struct ctx * c, CK_SESSION_HANDLE session,
|
CK_RV WrapKey(struct ctx * c, CK_SESSION_HANDLE session,
|
||||||
CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE wrappingkey,
|
ckMechPtr mechanism, CK_OBJECT_HANDLE wrappingkey,
|
||||||
CK_OBJECT_HANDLE key, CK_BYTE_PTR * wrapped,
|
CK_OBJECT_HANDLE key, CK_BYTE_PTR * wrapped,
|
||||||
CK_ULONG_PTR wrappedlen)
|
CK_ULONG_PTR wrappedlen)
|
||||||
{
|
{
|
||||||
CK_RV rv = c->sym->C_WrapKey(session, mechanism, wrappingkey, key, NULL,
|
MECH_TO_C(m, mechanism);
|
||||||
|
CK_RV rv = c->sym->C_WrapKey(session, m, wrappingkey, key, NULL,
|
||||||
wrappedlen);
|
wrappedlen);
|
||||||
if (rv != CKR_OK) {
|
if (rv != CKR_OK) {
|
||||||
return rv;
|
return rv;
|
||||||
|
@ -688,26 +727,32 @@ CK_RV WrapKey(struct ctx * c, CK_SESSION_HANDLE session,
|
||||||
if (*wrapped == NULL) {
|
if (*wrapped == NULL) {
|
||||||
return CKR_HOST_MEMORY;
|
return CKR_HOST_MEMORY;
|
||||||
}
|
}
|
||||||
rv = c->sym->C_WrapKey(session, mechanism, wrappingkey, key, *wrapped,
|
rv = c->sym->C_WrapKey(session, m, wrappingkey, key, *wrapped,
|
||||||
wrappedlen);
|
wrappedlen);
|
||||||
return rv;
|
return rv;
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_RV DeriveKey(struct ctx * c, CK_SESSION_HANDLE session,
|
CK_RV DeriveKey(struct ctx * c, CK_SESSION_HANDLE session,
|
||||||
CK_MECHANISM_PTR mech, CK_OBJECT_HANDLE basekey,
|
ckMechPtr mech, CK_OBJECT_HANDLE basekey,
|
||||||
CK_ATTRIBUTE_PTR a, CK_ULONG alen, CK_OBJECT_HANDLE_PTR key)
|
ckAttrPtr a, CK_ULONG alen, CK_OBJECT_HANDLE_PTR key)
|
||||||
{
|
{
|
||||||
CK_RV e = c->sym->C_DeriveKey(session, mech, basekey, a, alen, key);
|
MECH_TO_C(m, mech);
|
||||||
|
ATTR_TO_C(tempc, a, alen, NULL);
|
||||||
|
CK_RV e = c->sym->C_DeriveKey(session, m, basekey, tempc, alen, key);
|
||||||
|
ATTR_FREE(tempc);
|
||||||
return e;
|
return e;
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_RV UnwrapKey(struct ctx * c, CK_SESSION_HANDLE session,
|
CK_RV UnwrapKey(struct ctx * c, CK_SESSION_HANDLE session,
|
||||||
CK_MECHANISM_PTR mech, CK_OBJECT_HANDLE unwrappingkey,
|
ckMechPtr mech, CK_OBJECT_HANDLE unwrappingkey,
|
||||||
CK_BYTE_PTR wrappedkey, CK_ULONG wrappedkeylen,
|
CK_BYTE_PTR wrappedkey, CK_ULONG wrappedkeylen,
|
||||||
CK_ATTRIBUTE_PTR a, CK_ULONG alen, CK_OBJECT_HANDLE_PTR key)
|
ckAttrPtr a, CK_ULONG alen, CK_OBJECT_HANDLE_PTR key)
|
||||||
{
|
{
|
||||||
CK_RV e = c->sym->C_UnwrapKey(session, mech, unwrappingkey, wrappedkey,
|
MECH_TO_C(m, mech);
|
||||||
wrappedkeylen, a, alen, key);
|
ATTR_TO_C(tempc, a, alen, NULL);
|
||||||
|
CK_RV e = c->sym->C_UnwrapKey(session, m, unwrappingkey, wrappedkey,
|
||||||
|
wrappedkeylen, tempc, alen, key);
|
||||||
|
ATTR_FREE(tempc);
|
||||||
return e;
|
return e;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -735,6 +780,38 @@ CK_RV WaitForSlotEvent(struct ctx * c, CK_FLAGS flags, CK_ULONG_PTR slot)
|
||||||
c->sym->C_WaitForSlotEvent(flags, (CK_SLOT_ID_PTR) slot, NULL);
|
c->sym->C_WaitForSlotEvent(flags, (CK_SLOT_ID_PTR) slot, NULL);
|
||||||
return e;
|
return e;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef REPACK_STRUCTURES
|
||||||
|
|
||||||
|
CK_RV attrsToC(CK_ATTRIBUTE_PTR *attrOut, ckAttrPtr attrIn, CK_ULONG count) {
|
||||||
|
CK_ATTRIBUTE_PTR attr = calloc(count, sizeof(CK_ATTRIBUTE));
|
||||||
|
if (attr == NULL) {
|
||||||
|
return CKR_HOST_MEMORY;
|
||||||
|
}
|
||||||
|
for (int i = 0; i < count; i++) {
|
||||||
|
attr[i].type = attrIn[i].type;
|
||||||
|
attr[i].pValue = attrIn[i].pValue;
|
||||||
|
attr[i].ulValueLen = attrIn[i].ulValueLen;
|
||||||
|
}
|
||||||
|
*attrOut = attr;
|
||||||
|
return CKR_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
void attrsFromC(ckAttrPtr attrOut, CK_ATTRIBUTE_PTR attrIn, CK_ULONG count) {
|
||||||
|
for (int i = 0; i < count; i++) {
|
||||||
|
attrOut[i].type = attrIn[i].type;
|
||||||
|
attrOut[i].pValue = attrIn[i].pValue;
|
||||||
|
attrOut[i].ulValueLen = attrIn[i].ulValueLen;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void mechToC(CK_MECHANISM_PTR mechOut, ckMechPtr mechIn) {
|
||||||
|
mechOut->mechanism = mechIn->mechanism;
|
||||||
|
mechOut->pParameter = mechIn->pParameter;
|
||||||
|
mechOut->ulParameterLen = mechIn->ulParameterLen;
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif
|
||||||
*/
|
*/
|
||||||
import "C"
|
import "C"
|
||||||
import "strings"
|
import "strings"
|
||||||
|
@ -748,6 +825,11 @@ type Ctx struct {
|
||||||
|
|
||||||
// New creates a new context and initializes the module/library for use.
|
// New creates a new context and initializes the module/library for use.
|
||||||
func New(module string) *Ctx {
|
func New(module string) *Ctx {
|
||||||
|
// libtool-ltdl will return an assertion error if passed an empty string, so
|
||||||
|
// we check for it explicitly.
|
||||||
|
if module == "" {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
c := new(Ctx)
|
c := new(Ctx)
|
||||||
mod := C.CString(module)
|
mod := C.CString(module)
|
||||||
defer C.free(unsafe.Pointer(mod))
|
defer C.free(unsafe.Pointer(mod))
|
||||||
|
@ -769,8 +851,7 @@ func (c *Ctx) Destroy() {
|
||||||
|
|
||||||
/* Initialize initializes the Cryptoki library. */
|
/* Initialize initializes the Cryptoki library. */
|
||||||
func (c *Ctx) Initialize() error {
|
func (c *Ctx) Initialize() error {
|
||||||
args := &C.CK_C_INITIALIZE_ARGS{nil, nil, nil, nil, C.CKF_OS_LOCKING_OK, nil}
|
e := C.Initialize(c.ctx)
|
||||||
e := C.Initialize(c.ctx, C.CK_VOID_PTR(args))
|
|
||||||
return toError(e)
|
return toError(e)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -785,8 +866,8 @@ func (c *Ctx) Finalize() error {
|
||||||
|
|
||||||
/* GetInfo returns general information about Cryptoki. */
|
/* GetInfo returns general information about Cryptoki. */
|
||||||
func (c *Ctx) GetInfo() (Info, error) {
|
func (c *Ctx) GetInfo() (Info, error) {
|
||||||
var p C.CK_INFO
|
var p C.ckInfo
|
||||||
e := C.GetInfo(c.ctx, C.CK_INFO_PTR(&p))
|
e := C.GetInfo(c.ctx, &p)
|
||||||
i := Info{
|
i := Info{
|
||||||
CryptokiVersion: toVersion(p.cryptokiVersion),
|
CryptokiVersion: toVersion(p.cryptokiVersion),
|
||||||
ManufacturerID: strings.TrimRight(string(C.GoBytes(unsafe.Pointer(&p.manufacturerID[0]), 32)), " "),
|
ManufacturerID: strings.TrimRight(string(C.GoBytes(unsafe.Pointer(&p.manufacturerID[0]), 32)), " "),
|
||||||
|
@ -1041,11 +1122,11 @@ func (c *Ctx) GetObjectSize(sh SessionHandle, oh ObjectHandle) (uint, error) {
|
||||||
func (c *Ctx) GetAttributeValue(sh SessionHandle, o ObjectHandle, a []*Attribute) ([]*Attribute, error) {
|
func (c *Ctx) GetAttributeValue(sh SessionHandle, o ObjectHandle, a []*Attribute) ([]*Attribute, error) {
|
||||||
// copy the attribute list and make all the values nil, so that
|
// copy the attribute list and make all the values nil, so that
|
||||||
// the C function can (allocate) fill them in
|
// the C function can (allocate) fill them in
|
||||||
pa := make([]C.CK_ATTRIBUTE, len(a))
|
pa := make([]C.ckAttr, len(a))
|
||||||
for i := 0; i < len(a); i++ {
|
for i := 0; i < len(a); i++ {
|
||||||
pa[i]._type = C.CK_ATTRIBUTE_TYPE(a[i].Type)
|
pa[i]._type = C.CK_ATTRIBUTE_TYPE(a[i].Type)
|
||||||
}
|
}
|
||||||
e := C.GetAttributeValue(c.ctx, C.CK_SESSION_HANDLE(sh), C.CK_OBJECT_HANDLE(o), C.CK_ATTRIBUTE_PTR(&pa[0]), C.CK_ULONG(len(a)))
|
e := C.GetAttributeValue(c.ctx, C.CK_SESSION_HANDLE(sh), C.CK_OBJECT_HANDLE(o), C.ckAttrPtr(&pa[0]), C.CK_ULONG(len(a)))
|
||||||
if toError(e) != nil {
|
if toError(e) != nil {
|
||||||
return nil, toError(e)
|
return nil, toError(e)
|
||||||
}
|
}
|
||||||
|
@ -1529,7 +1610,7 @@ func (c *Ctx) UnwrapKey(sh SessionHandle, m []*Mechanism, unwrappingkey ObjectHa
|
||||||
return ObjectHandle(key), toError(e)
|
return ObjectHandle(key), toError(e)
|
||||||
}
|
}
|
||||||
|
|
||||||
// DeriveKey derives a key from a base key, creating a new key object. */
|
// DeriveKey derives a key from a base key, creating a new key object.
|
||||||
func (c *Ctx) DeriveKey(sh SessionHandle, m []*Mechanism, basekey ObjectHandle, a []*Attribute) (ObjectHandle, error) {
|
func (c *Ctx) DeriveKey(sh SessionHandle, m []*Mechanism, basekey ObjectHandle, a []*Attribute) (ObjectHandle, error) {
|
||||||
var key C.CK_OBJECT_HANDLE
|
var key C.CK_OBJECT_HANDLE
|
||||||
attrarena, ac, aclen := cAttributeList(a)
|
attrarena, ac, aclen := cAttributeList(a)
|
||||||
|
|
|
@ -1,19 +1,12 @@
|
||||||
/* pkcs11.h include file for PKCS #11. */
|
/* Copyright (c) OASIS Open 2016. All Rights Reserved./
|
||||||
/* $Revision: 1.2 $ */
|
* /Distributed under the terms of the OASIS IPR Policy,
|
||||||
|
* [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY
|
||||||
/* License to copy and use this software is granted provided that it is
|
* IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS FOR A
|
||||||
* identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
|
* PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others.
|
||||||
* (Cryptoki)" in all material mentioning or referencing this software.
|
*/
|
||||||
|
|
||||||
* License is also granted to make and use derivative works provided that
|
/* Latest version of the specification:
|
||||||
* such works are identified as "derived from the RSA Security Inc. PKCS #11
|
* http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html
|
||||||
* Cryptographic Token Interface (Cryptoki)" in all material mentioning or
|
|
||||||
* referencing the derived work.
|
|
||||||
|
|
||||||
* RSA Security Inc. makes no representations concerning either the
|
|
||||||
* merchantability of this software or the suitability of this software for
|
|
||||||
* any particular purpose. It is provided "as is" without express or implied
|
|
||||||
* warranty of any kind.
|
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#ifndef _PKCS11_H_
|
#ifndef _PKCS11_H_
|
||||||
|
@ -24,14 +17,14 @@ extern "C" {
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* Before including this file (pkcs11.h) (or pkcs11t.h by
|
/* Before including this file (pkcs11.h) (or pkcs11t.h by
|
||||||
* itself), 6 platform-specific macros must be defined. These
|
* itself), 5 platform-specific macros must be defined. These
|
||||||
* macros are described below, and typical definitions for them
|
* macros are described below, and typical definitions for them
|
||||||
* are also given. Be advised that these definitions can depend
|
* are also given. Be advised that these definitions can depend
|
||||||
* on both the platform and the compiler used (and possibly also
|
* on both the platform and the compiler used (and possibly also
|
||||||
* on whether a Cryptoki library is linked statically or
|
* on whether a Cryptoki library is linked statically or
|
||||||
* dynamically).
|
* dynamically).
|
||||||
*
|
*
|
||||||
* In addition to defining these 6 macros, the packing convention
|
* In addition to defining these 5 macros, the packing convention
|
||||||
* for Cryptoki structures should be set. The Cryptoki
|
* for Cryptoki structures should be set. The Cryptoki
|
||||||
* convention on packing is that structures should be 1-byte
|
* convention on packing is that structures should be 1-byte
|
||||||
* aligned.
|
* aligned.
|
||||||
|
@ -81,39 +74,7 @@ extern "C" {
|
||||||
* #define CK_PTR *
|
* #define CK_PTR *
|
||||||
*
|
*
|
||||||
*
|
*
|
||||||
* 2. CK_DEFINE_FUNCTION(returnType, name): A macro which makes
|
* 2. CK_DECLARE_FUNCTION(returnType, name): A macro which makes
|
||||||
* an exportable Cryptoki library function definition out of a
|
|
||||||
* return type and a function name. It should be used in the
|
|
||||||
* following fashion to define the exposed Cryptoki functions in
|
|
||||||
* a Cryptoki library:
|
|
||||||
*
|
|
||||||
* CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(
|
|
||||||
* CK_VOID_PTR pReserved
|
|
||||||
* )
|
|
||||||
* {
|
|
||||||
* ...
|
|
||||||
* }
|
|
||||||
*
|
|
||||||
* If you're using Microsoft Developer Studio 5.0 to define a
|
|
||||||
* function in a Win32 Cryptoki .dll, it might be defined by:
|
|
||||||
*
|
|
||||||
* #define CK_DEFINE_FUNCTION(returnType, name) \
|
|
||||||
* returnType __declspec(dllexport) name
|
|
||||||
*
|
|
||||||
* If you're using an earlier version of Microsoft Developer
|
|
||||||
* Studio to define a function in a Win16 Cryptoki .dll, it
|
|
||||||
* might be defined by:
|
|
||||||
*
|
|
||||||
* #define CK_DEFINE_FUNCTION(returnType, name) \
|
|
||||||
* returnType __export _far _pascal name
|
|
||||||
*
|
|
||||||
* In a UNIX environment, it might be defined by:
|
|
||||||
*
|
|
||||||
* #define CK_DEFINE_FUNCTION(returnType, name) \
|
|
||||||
* returnType name
|
|
||||||
*
|
|
||||||
*
|
|
||||||
* 3. CK_DECLARE_FUNCTION(returnType, name): A macro which makes
|
|
||||||
* an importable Cryptoki library function declaration out of a
|
* an importable Cryptoki library function declaration out of a
|
||||||
* return type and a function name. It should be used in the
|
* return type and a function name. It should be used in the
|
||||||
* following fashion:
|
* following fashion:
|
||||||
|
@ -141,7 +102,7 @@ extern "C" {
|
||||||
* returnType name
|
* returnType name
|
||||||
*
|
*
|
||||||
*
|
*
|
||||||
* 4. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro
|
* 3. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro
|
||||||
* which makes a Cryptoki API function pointer declaration or
|
* which makes a Cryptoki API function pointer declaration or
|
||||||
* function pointer type declaration out of a return type and a
|
* function pointer type declaration out of a return type and a
|
||||||
* function name. It should be used in the following fashion:
|
* function name. It should be used in the following fashion:
|
||||||
|
@ -178,7 +139,7 @@ extern "C" {
|
||||||
* returnType (* name)
|
* returnType (* name)
|
||||||
*
|
*
|
||||||
*
|
*
|
||||||
* 5. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes
|
* 4. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes
|
||||||
* a function pointer type for an application callback out of
|
* a function pointer type for an application callback out of
|
||||||
* a return type for the callback and a name for the callback.
|
* a return type for the callback and a name for the callback.
|
||||||
* It should be used in the following fashion:
|
* It should be used in the following fashion:
|
||||||
|
@ -210,7 +171,7 @@ extern "C" {
|
||||||
* returnType (* name)
|
* returnType (* name)
|
||||||
*
|
*
|
||||||
*
|
*
|
||||||
* 6. NULL_PTR: This macro is the value of a NULL pointer.
|
* 5. NULL_PTR: This macro is the value of a NULL pointer.
|
||||||
*
|
*
|
||||||
* In any ANSI/ISO C environment (and in many others as well),
|
* In any ANSI/ISO C environment (and in many others as well),
|
||||||
* this should best be defined by
|
* this should best be defined by
|
||||||
|
@ -222,7 +183,8 @@ extern "C" {
|
||||||
|
|
||||||
|
|
||||||
/* All the various Cryptoki types and #define'd values are in the
|
/* All the various Cryptoki types and #define'd values are in the
|
||||||
* file pkcs11t.h. */
|
* file pkcs11t.h.
|
||||||
|
*/
|
||||||
#include "pkcs11t.h"
|
#include "pkcs11t.h"
|
||||||
|
|
||||||
#define __PASTE(x,y) x##y
|
#define __PASTE(x,y) x##y
|
||||||
|
@ -238,7 +200,8 @@ extern "C" {
|
||||||
extern CK_DECLARE_FUNCTION(CK_RV, name)
|
extern CK_DECLARE_FUNCTION(CK_RV, name)
|
||||||
|
|
||||||
/* pkcs11f.h has all the information about the Cryptoki
|
/* pkcs11f.h has all the information about the Cryptoki
|
||||||
* function prototypes. */
|
* function prototypes.
|
||||||
|
*/
|
||||||
#include "pkcs11f.h"
|
#include "pkcs11f.h"
|
||||||
|
|
||||||
#undef CK_NEED_ARG_LIST
|
#undef CK_NEED_ARG_LIST
|
||||||
|
@ -257,7 +220,8 @@ extern "C" {
|
||||||
typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, __PASTE(CK_,name))
|
typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, __PASTE(CK_,name))
|
||||||
|
|
||||||
/* pkcs11f.h has all the information about the Cryptoki
|
/* pkcs11f.h has all the information about the Cryptoki
|
||||||
* function prototypes. */
|
* function prototypes.
|
||||||
|
*/
|
||||||
#include "pkcs11f.h"
|
#include "pkcs11f.h"
|
||||||
|
|
||||||
#undef CK_NEED_ARG_LIST
|
#undef CK_NEED_ARG_LIST
|
||||||
|
@ -275,14 +239,15 @@ extern "C" {
|
||||||
|
|
||||||
#define CK_PKCS11_FUNCTION_INFO(name) \
|
#define CK_PKCS11_FUNCTION_INFO(name) \
|
||||||
__PASTE(CK_,name) name;
|
__PASTE(CK_,name) name;
|
||||||
|
|
||||||
struct CK_FUNCTION_LIST {
|
struct CK_FUNCTION_LIST {
|
||||||
|
|
||||||
CK_VERSION version; /* Cryptoki version */
|
CK_VERSION version; /* Cryptoki version */
|
||||||
|
|
||||||
/* Pile all the function pointers into the CK_FUNCTION_LIST. */
|
/* Pile all the function pointers into the CK_FUNCTION_LIST. */
|
||||||
/* pkcs11f.h has all the information about the Cryptoki
|
/* pkcs11f.h has all the information about the Cryptoki
|
||||||
* function prototypes. */
|
* function prototypes.
|
||||||
|
*/
|
||||||
#include "pkcs11f.h"
|
#include "pkcs11f.h"
|
||||||
|
|
||||||
};
|
};
|
||||||
|
@ -296,4 +261,5 @@ struct CK_FUNCTION_LIST {
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#endif
|
#endif /* _PKCS11_H_ */
|
||||||
|
|
||||||
|
|
|
@ -1,26 +1,20 @@
|
||||||
/* pkcs11f.h include file for PKCS #11. */
|
/* Copyright (c) OASIS Open 2016. All Rights Reserved./
|
||||||
/* $Revision: 1.2 $ */
|
* /Distributed under the terms of the OASIS IPR Policy,
|
||||||
|
* [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY
|
||||||
/* License to copy and use this software is granted provided that it is
|
* IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS FOR A
|
||||||
* identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
|
* PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others.
|
||||||
* (Cryptoki)" in all material mentioning or referencing this software.
|
*/
|
||||||
|
|
||||||
* License is also granted to make and use derivative works provided that
|
/* Latest version of the specification:
|
||||||
* such works are identified as "derived from the RSA Security Inc. PKCS #11
|
* http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html
|
||||||
* Cryptographic Token Interface (Cryptoki)" in all material mentioning or
|
|
||||||
* referencing the derived work.
|
|
||||||
|
|
||||||
* RSA Security Inc. makes no representations concerning either the
|
|
||||||
* merchantability of this software or the suitability of this software for
|
|
||||||
* any particular purpose. It is provided "as is" without express or implied
|
|
||||||
* warranty of any kind.
|
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* This header file contains pretty much everything about all the */
|
/* This header file contains pretty much everything about all the
|
||||||
/* Cryptoki function prototypes. Because this information is */
|
* Cryptoki function prototypes. Because this information is
|
||||||
/* used for more than just declaring function prototypes, the */
|
* used for more than just declaring function prototypes, the
|
||||||
/* order of the functions appearing herein is important, and */
|
* order of the functions appearing herein is important, and
|
||||||
/* should not be altered. */
|
* should not be altered.
|
||||||
|
*/
|
||||||
|
|
||||||
/* General-purpose */
|
/* General-purpose */
|
||||||
|
|
||||||
|
@ -30,13 +24,15 @@ CK_PKCS11_FUNCTION_INFO(C_Initialize)
|
||||||
(
|
(
|
||||||
CK_VOID_PTR pInitArgs /* if this is not NULL_PTR, it gets
|
CK_VOID_PTR pInitArgs /* if this is not NULL_PTR, it gets
|
||||||
* cast to CK_C_INITIALIZE_ARGS_PTR
|
* cast to CK_C_INITIALIZE_ARGS_PTR
|
||||||
* and dereferenced */
|
* and dereferenced
|
||||||
|
*/
|
||||||
);
|
);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
/* C_Finalize indicates that an application is done with the
|
/* C_Finalize indicates that an application is done with the
|
||||||
* Cryptoki library. */
|
* Cryptoki library.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_Finalize)
|
CK_PKCS11_FUNCTION_INFO(C_Finalize)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -59,7 +55,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetFunctionList)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
CK_FUNCTION_LIST_PTR_PTR ppFunctionList /* receives pointer to
|
CK_FUNCTION_LIST_PTR_PTR ppFunctionList /* receives pointer to
|
||||||
* function list */
|
* function list
|
||||||
|
*/
|
||||||
);
|
);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -71,7 +68,7 @@ CK_PKCS11_FUNCTION_INFO(C_GetFunctionList)
|
||||||
CK_PKCS11_FUNCTION_INFO(C_GetSlotList)
|
CK_PKCS11_FUNCTION_INFO(C_GetSlotList)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
CK_BBOOL tokenPresent, /* only slots with tokens? */
|
CK_BBOOL tokenPresent, /* only slots with tokens */
|
||||||
CK_SLOT_ID_PTR pSlotList, /* receives array of slot IDs */
|
CK_SLOT_ID_PTR pSlotList, /* receives array of slot IDs */
|
||||||
CK_ULONG_PTR pulCount /* receives number of slots */
|
CK_ULONG_PTR pulCount /* receives number of slots */
|
||||||
);
|
);
|
||||||
|
@ -79,7 +76,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetSlotList)
|
||||||
|
|
||||||
|
|
||||||
/* C_GetSlotInfo obtains information about a particular slot in
|
/* C_GetSlotInfo obtains information about a particular slot in
|
||||||
* the system. */
|
* the system.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo)
|
CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -90,7 +88,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo)
|
||||||
|
|
||||||
|
|
||||||
/* C_GetTokenInfo obtains information about a particular token
|
/* C_GetTokenInfo obtains information about a particular token
|
||||||
* in the system. */
|
* in the system.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo)
|
CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -101,7 +100,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo)
|
||||||
|
|
||||||
|
|
||||||
/* C_GetMechanismList obtains a list of mechanism types
|
/* C_GetMechanismList obtains a list of mechanism types
|
||||||
* supported by a token. */
|
* supported by a token.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_GetMechanismList)
|
CK_PKCS11_FUNCTION_INFO(C_GetMechanismList)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -113,7 +113,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetMechanismList)
|
||||||
|
|
||||||
|
|
||||||
/* C_GetMechanismInfo obtains information about a particular
|
/* C_GetMechanismInfo obtains information about a particular
|
||||||
* mechanism possibly supported by a token. */
|
* mechanism possibly supported by a token.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo)
|
CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -127,7 +128,6 @@ CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo)
|
||||||
/* C_InitToken initializes a token. */
|
/* C_InitToken initializes a token. */
|
||||||
CK_PKCS11_FUNCTION_INFO(C_InitToken)
|
CK_PKCS11_FUNCTION_INFO(C_InitToken)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
/* pLabel changed from CK_CHAR_PTR to CK_UTF8CHAR_PTR for v2.10 */
|
|
||||||
(
|
(
|
||||||
CK_SLOT_ID slotID, /* ID of the token's slot */
|
CK_SLOT_ID slotID, /* ID of the token's slot */
|
||||||
CK_UTF8CHAR_PTR pPin, /* the SO's initial PIN */
|
CK_UTF8CHAR_PTR pPin, /* the SO's initial PIN */
|
||||||
|
@ -165,7 +165,8 @@ CK_PKCS11_FUNCTION_INFO(C_SetPIN)
|
||||||
/* Session management */
|
/* Session management */
|
||||||
|
|
||||||
/* C_OpenSession opens a session between an application and a
|
/* C_OpenSession opens a session between an application and a
|
||||||
* token. */
|
* token.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_OpenSession)
|
CK_PKCS11_FUNCTION_INFO(C_OpenSession)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -179,7 +180,8 @@ CK_PKCS11_FUNCTION_INFO(C_OpenSession)
|
||||||
|
|
||||||
|
|
||||||
/* C_CloseSession closes a session between an application and a
|
/* C_CloseSession closes a session between an application and a
|
||||||
* token. */
|
* token.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_CloseSession)
|
CK_PKCS11_FUNCTION_INFO(C_CloseSession)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -187,6 +189,7 @@ CK_PKCS11_FUNCTION_INFO(C_CloseSession)
|
||||||
);
|
);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
/* C_CloseAllSessions closes all sessions with a token. */
|
/* C_CloseAllSessions closes all sessions with a token. */
|
||||||
CK_PKCS11_FUNCTION_INFO(C_CloseAllSessions)
|
CK_PKCS11_FUNCTION_INFO(C_CloseAllSessions)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
|
@ -207,7 +210,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetSessionInfo)
|
||||||
|
|
||||||
|
|
||||||
/* C_GetOperationState obtains the state of the cryptographic operation
|
/* C_GetOperationState obtains the state of the cryptographic operation
|
||||||
* in a session. */
|
* in a session.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_GetOperationState)
|
CK_PKCS11_FUNCTION_INFO(C_GetOperationState)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -219,7 +223,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetOperationState)
|
||||||
|
|
||||||
|
|
||||||
/* C_SetOperationState restores the state of the cryptographic
|
/* C_SetOperationState restores the state of the cryptographic
|
||||||
* operation in a session. */
|
* operation in a session.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_SetOperationState)
|
CK_PKCS11_FUNCTION_INFO(C_SetOperationState)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -267,8 +272,10 @@ CK_PKCS11_FUNCTION_INFO(C_CreateObject)
|
||||||
);
|
);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
/* C_CopyObject copies an object, creating a new object for the
|
/* C_CopyObject copies an object, creating a new object for the
|
||||||
* copy. */
|
* copy.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_CopyObject)
|
CK_PKCS11_FUNCTION_INFO(C_CopyObject)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -303,7 +310,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetObjectSize)
|
||||||
|
|
||||||
|
|
||||||
/* C_GetAttributeValue obtains the value of one or more object
|
/* C_GetAttributeValue obtains the value of one or more object
|
||||||
* attributes. */
|
* attributes.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue)
|
CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -316,7 +324,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue)
|
||||||
|
|
||||||
|
|
||||||
/* C_SetAttributeValue modifies the value of one or more object
|
/* C_SetAttributeValue modifies the value of one or more object
|
||||||
* attributes */
|
* attributes.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue)
|
CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -329,7 +338,8 @@ CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue)
|
||||||
|
|
||||||
|
|
||||||
/* C_FindObjectsInit initializes a search for token and session
|
/* C_FindObjectsInit initializes a search for token and session
|
||||||
* objects that match a template. */
|
* objects that match a template.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit)
|
CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -342,7 +352,8 @@ CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit)
|
||||||
|
|
||||||
/* C_FindObjects continues a search for token and session
|
/* C_FindObjects continues a search for token and session
|
||||||
* objects that match a template, obtaining additional object
|
* objects that match a template, obtaining additional object
|
||||||
* handles. */
|
* handles.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_FindObjects)
|
CK_PKCS11_FUNCTION_INFO(C_FindObjects)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -355,7 +366,8 @@ CK_PKCS11_FUNCTION_INFO(C_FindObjects)
|
||||||
|
|
||||||
|
|
||||||
/* C_FindObjectsFinal finishes a search for token and session
|
/* C_FindObjectsFinal finishes a search for token and session
|
||||||
* objects. */
|
* objects.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_FindObjectsFinal)
|
CK_PKCS11_FUNCTION_INFO(C_FindObjectsFinal)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -392,7 +404,8 @@ CK_PKCS11_FUNCTION_INFO(C_Encrypt)
|
||||||
|
|
||||||
|
|
||||||
/* C_EncryptUpdate continues a multiple-part encryption
|
/* C_EncryptUpdate continues a multiple-part encryption
|
||||||
* operation. */
|
* operation.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate)
|
CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -406,7 +419,8 @@ CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate)
|
||||||
|
|
||||||
|
|
||||||
/* C_EncryptFinal finishes a multiple-part encryption
|
/* C_EncryptFinal finishes a multiple-part encryption
|
||||||
* operation. */
|
* operation.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_EncryptFinal)
|
CK_PKCS11_FUNCTION_INFO(C_EncryptFinal)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -442,7 +456,8 @@ CK_PKCS11_FUNCTION_INFO(C_Decrypt)
|
||||||
|
|
||||||
|
|
||||||
/* C_DecryptUpdate continues a multiple-part decryption
|
/* C_DecryptUpdate continues a multiple-part decryption
|
||||||
* operation. */
|
* operation.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate)
|
CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -456,7 +471,8 @@ CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate)
|
||||||
|
|
||||||
|
|
||||||
/* C_DecryptFinal finishes a multiple-part decryption
|
/* C_DecryptFinal finishes a multiple-part decryption
|
||||||
* operation. */
|
* operation.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_DecryptFinal)
|
CK_PKCS11_FUNCTION_INFO(C_DecryptFinal)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -494,7 +510,8 @@ CK_PKCS11_FUNCTION_INFO(C_Digest)
|
||||||
|
|
||||||
|
|
||||||
/* C_DigestUpdate continues a multiple-part message-digesting
|
/* C_DigestUpdate continues a multiple-part message-digesting
|
||||||
* operation. */
|
* operation.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_DigestUpdate)
|
CK_PKCS11_FUNCTION_INFO(C_DigestUpdate)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -507,7 +524,8 @@ CK_PKCS11_FUNCTION_INFO(C_DigestUpdate)
|
||||||
|
|
||||||
/* C_DigestKey continues a multi-part message-digesting
|
/* C_DigestKey continues a multi-part message-digesting
|
||||||
* operation, by digesting the value of a secret key as part of
|
* operation, by digesting the value of a secret key as part of
|
||||||
* the data already digested. */
|
* the data already digested.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_DigestKey)
|
CK_PKCS11_FUNCTION_INFO(C_DigestKey)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -518,7 +536,8 @@ CK_PKCS11_FUNCTION_INFO(C_DigestKey)
|
||||||
|
|
||||||
|
|
||||||
/* C_DigestFinal finishes a multiple-part message-digesting
|
/* C_DigestFinal finishes a multiple-part message-digesting
|
||||||
* operation. */
|
* operation.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_DigestFinal)
|
CK_PKCS11_FUNCTION_INFO(C_DigestFinal)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -535,7 +554,8 @@ CK_PKCS11_FUNCTION_INFO(C_DigestFinal)
|
||||||
/* C_SignInit initializes a signature (private key encryption)
|
/* C_SignInit initializes a signature (private key encryption)
|
||||||
* operation, where the signature is (will be) an appendix to
|
* operation, where the signature is (will be) an appendix to
|
||||||
* the data, and plaintext cannot be recovered from the
|
* the data, and plaintext cannot be recovered from the
|
||||||
*signature. */
|
* signature.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_SignInit)
|
CK_PKCS11_FUNCTION_INFO(C_SignInit)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -548,7 +568,8 @@ CK_PKCS11_FUNCTION_INFO(C_SignInit)
|
||||||
|
|
||||||
/* C_Sign signs (encrypts with private key) data in a single
|
/* C_Sign signs (encrypts with private key) data in a single
|
||||||
* part, where the signature is (will be) an appendix to the
|
* part, where the signature is (will be) an appendix to the
|
||||||
* data, and plaintext cannot be recovered from the signature. */
|
* data, and plaintext cannot be recovered from the signature.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_Sign)
|
CK_PKCS11_FUNCTION_INFO(C_Sign)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -562,8 +583,9 @@ CK_PKCS11_FUNCTION_INFO(C_Sign)
|
||||||
|
|
||||||
|
|
||||||
/* C_SignUpdate continues a multiple-part signature operation,
|
/* C_SignUpdate continues a multiple-part signature operation,
|
||||||
* where the signature is (will be) an appendix to the data,
|
* where the signature is (will be) an appendix to the data,
|
||||||
* and plaintext cannot be recovered from the signature. */
|
* and plaintext cannot be recovered from the signature.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_SignUpdate)
|
CK_PKCS11_FUNCTION_INFO(C_SignUpdate)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -574,8 +596,9 @@ CK_PKCS11_FUNCTION_INFO(C_SignUpdate)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
/* C_SignFinal finishes a multiple-part signature operation,
|
/* C_SignFinal finishes a multiple-part signature operation,
|
||||||
* returning the signature. */
|
* returning the signature.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_SignFinal)
|
CK_PKCS11_FUNCTION_INFO(C_SignFinal)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -587,7 +610,8 @@ CK_PKCS11_FUNCTION_INFO(C_SignFinal)
|
||||||
|
|
||||||
|
|
||||||
/* C_SignRecoverInit initializes a signature operation, where
|
/* C_SignRecoverInit initializes a signature operation, where
|
||||||
* the data can be recovered from the signature. */
|
* the data can be recovered from the signature.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit)
|
CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -599,7 +623,8 @@ CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit)
|
||||||
|
|
||||||
|
|
||||||
/* C_SignRecover signs data in a single operation, where the
|
/* C_SignRecover signs data in a single operation, where the
|
||||||
* data can be recovered from the signature. */
|
* data can be recovered from the signature.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_SignRecover)
|
CK_PKCS11_FUNCTION_INFO(C_SignRecover)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -617,20 +642,22 @@ CK_PKCS11_FUNCTION_INFO(C_SignRecover)
|
||||||
|
|
||||||
/* C_VerifyInit initializes a verification operation, where the
|
/* C_VerifyInit initializes a verification operation, where the
|
||||||
* signature is an appendix to the data, and plaintext cannot
|
* signature is an appendix to the data, and plaintext cannot
|
||||||
* cannot be recovered from the signature (e.g. DSA). */
|
* cannot be recovered from the signature (e.g. DSA).
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_VerifyInit)
|
CK_PKCS11_FUNCTION_INFO(C_VerifyInit)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
CK_SESSION_HANDLE hSession, /* the session's handle */
|
CK_SESSION_HANDLE hSession, /* the session's handle */
|
||||||
CK_MECHANISM_PTR pMechanism, /* the verification mechanism */
|
CK_MECHANISM_PTR pMechanism, /* the verification mechanism */
|
||||||
CK_OBJECT_HANDLE hKey /* verification key */
|
CK_OBJECT_HANDLE hKey /* verification key */
|
||||||
);
|
);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
/* C_Verify verifies a signature in a single-part operation,
|
/* C_Verify verifies a signature in a single-part operation,
|
||||||
* where the signature is an appendix to the data, and plaintext
|
* where the signature is an appendix to the data, and plaintext
|
||||||
* cannot be recovered from the signature. */
|
* cannot be recovered from the signature.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_Verify)
|
CK_PKCS11_FUNCTION_INFO(C_Verify)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -644,8 +671,9 @@ CK_PKCS11_FUNCTION_INFO(C_Verify)
|
||||||
|
|
||||||
|
|
||||||
/* C_VerifyUpdate continues a multiple-part verification
|
/* C_VerifyUpdate continues a multiple-part verification
|
||||||
* operation, where the signature is an appendix to the data,
|
* operation, where the signature is an appendix to the data,
|
||||||
* and plaintext cannot be recovered from the signature. */
|
* and plaintext cannot be recovered from the signature.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate)
|
CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -657,7 +685,8 @@ CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate)
|
||||||
|
|
||||||
|
|
||||||
/* C_VerifyFinal finishes a multiple-part verification
|
/* C_VerifyFinal finishes a multiple-part verification
|
||||||
* operation, checking the signature. */
|
* operation, checking the signature.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_VerifyFinal)
|
CK_PKCS11_FUNCTION_INFO(C_VerifyFinal)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -669,7 +698,8 @@ CK_PKCS11_FUNCTION_INFO(C_VerifyFinal)
|
||||||
|
|
||||||
|
|
||||||
/* C_VerifyRecoverInit initializes a signature verification
|
/* C_VerifyRecoverInit initializes a signature verification
|
||||||
* operation, where the data is recovered from the signature. */
|
* operation, where the data is recovered from the signature.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit)
|
CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -681,7 +711,8 @@ CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit)
|
||||||
|
|
||||||
|
|
||||||
/* C_VerifyRecover verifies a signature in a single-part
|
/* C_VerifyRecover verifies a signature in a single-part
|
||||||
* operation, where the data is recovered from the signature. */
|
* operation, where the data is recovered from the signature.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_VerifyRecover)
|
CK_PKCS11_FUNCTION_INFO(C_VerifyRecover)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -698,7 +729,8 @@ CK_PKCS11_FUNCTION_INFO(C_VerifyRecover)
|
||||||
/* Dual-function cryptographic operations */
|
/* Dual-function cryptographic operations */
|
||||||
|
|
||||||
/* C_DigestEncryptUpdate continues a multiple-part digesting
|
/* C_DigestEncryptUpdate continues a multiple-part digesting
|
||||||
* and encryption operation. */
|
* and encryption operation.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate)
|
CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -712,7 +744,8 @@ CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate)
|
||||||
|
|
||||||
|
|
||||||
/* C_DecryptDigestUpdate continues a multiple-part decryption and
|
/* C_DecryptDigestUpdate continues a multiple-part decryption and
|
||||||
* digesting operation. */
|
* digesting operation.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate)
|
CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -726,7 +759,8 @@ CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate)
|
||||||
|
|
||||||
|
|
||||||
/* C_SignEncryptUpdate continues a multiple-part signing and
|
/* C_SignEncryptUpdate continues a multiple-part signing and
|
||||||
* encryption operation. */
|
* encryption operation.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate)
|
CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -740,7 +774,8 @@ CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate)
|
||||||
|
|
||||||
|
|
||||||
/* C_DecryptVerifyUpdate continues a multiple-part decryption and
|
/* C_DecryptVerifyUpdate continues a multiple-part decryption and
|
||||||
* verify operation. */
|
* verify operation.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate)
|
CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -757,7 +792,8 @@ CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate)
|
||||||
/* Key management */
|
/* Key management */
|
||||||
|
|
||||||
/* C_GenerateKey generates a secret key, creating a new key
|
/* C_GenerateKey generates a secret key, creating a new key
|
||||||
* object. */
|
* object.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_GenerateKey)
|
CK_PKCS11_FUNCTION_INFO(C_GenerateKey)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -770,31 +806,20 @@ CK_PKCS11_FUNCTION_INFO(C_GenerateKey)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
/* C_GenerateKeyPair generates a public-key/private-key pair,
|
/* C_GenerateKeyPair generates a public-key/private-key pair,
|
||||||
* creating new key objects. */
|
* creating new key objects.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair)
|
CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
CK_SESSION_HANDLE hSession, /* session
|
CK_SESSION_HANDLE hSession, /* session handle */
|
||||||
* handle */
|
CK_MECHANISM_PTR pMechanism, /* key-gen mech. */
|
||||||
CK_MECHANISM_PTR pMechanism, /* key-gen
|
CK_ATTRIBUTE_PTR pPublicKeyTemplate, /* template for pub. key */
|
||||||
* mech. */
|
CK_ULONG ulPublicKeyAttributeCount, /* # pub. attrs. */
|
||||||
CK_ATTRIBUTE_PTR pPublicKeyTemplate, /* template
|
CK_ATTRIBUTE_PTR pPrivateKeyTemplate, /* template for priv. key */
|
||||||
* for pub.
|
CK_ULONG ulPrivateKeyAttributeCount, /* # priv. attrs. */
|
||||||
* key */
|
CK_OBJECT_HANDLE_PTR phPublicKey, /* gets pub. key handle */
|
||||||
CK_ULONG ulPublicKeyAttributeCount, /* # pub.
|
CK_OBJECT_HANDLE_PTR phPrivateKey /* gets priv. key handle */
|
||||||
* attrs. */
|
|
||||||
CK_ATTRIBUTE_PTR pPrivateKeyTemplate, /* template
|
|
||||||
* for priv.
|
|
||||||
* key */
|
|
||||||
CK_ULONG ulPrivateKeyAttributeCount, /* # priv.
|
|
||||||
* attrs. */
|
|
||||||
CK_OBJECT_HANDLE_PTR phPublicKey, /* gets pub.
|
|
||||||
* key
|
|
||||||
* handle */
|
|
||||||
CK_OBJECT_HANDLE_PTR phPrivateKey /* gets
|
|
||||||
* priv. key
|
|
||||||
* handle */
|
|
||||||
);
|
);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -814,7 +839,8 @@ CK_PKCS11_FUNCTION_INFO(C_WrapKey)
|
||||||
|
|
||||||
|
|
||||||
/* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new
|
/* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new
|
||||||
* key object. */
|
* key object.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_UnwrapKey)
|
CK_PKCS11_FUNCTION_INFO(C_UnwrapKey)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -831,7 +857,8 @@ CK_PKCS11_FUNCTION_INFO(C_UnwrapKey)
|
||||||
|
|
||||||
|
|
||||||
/* C_DeriveKey derives a key from a base key, creating a new key
|
/* C_DeriveKey derives a key from a base key, creating a new key
|
||||||
* object. */
|
* object.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_DeriveKey)
|
CK_PKCS11_FUNCTION_INFO(C_DeriveKey)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -849,7 +876,8 @@ CK_PKCS11_FUNCTION_INFO(C_DeriveKey)
|
||||||
/* Random number generation */
|
/* Random number generation */
|
||||||
|
|
||||||
/* C_SeedRandom mixes additional seed material into the token's
|
/* C_SeedRandom mixes additional seed material into the token's
|
||||||
* random number generator. */
|
* random number generator.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_SeedRandom)
|
CK_PKCS11_FUNCTION_INFO(C_SeedRandom)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -876,7 +904,8 @@ CK_PKCS11_FUNCTION_INFO(C_GenerateRandom)
|
||||||
|
|
||||||
/* C_GetFunctionStatus is a legacy function; it obtains an
|
/* C_GetFunctionStatus is a legacy function; it obtains an
|
||||||
* updated status of a function running in parallel with an
|
* updated status of a function running in parallel with an
|
||||||
* application. */
|
* application.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus)
|
CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -886,7 +915,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus)
|
||||||
|
|
||||||
|
|
||||||
/* C_CancelFunction is a legacy function; it cancels a function
|
/* C_CancelFunction is a legacy function; it cancels a function
|
||||||
* running in parallel. */
|
* running in parallel.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_CancelFunction)
|
CK_PKCS11_FUNCTION_INFO(C_CancelFunction)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -895,11 +925,9 @@ CK_PKCS11_FUNCTION_INFO(C_CancelFunction)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/* Functions added in for Cryptoki Version 2.01 or later */
|
|
||||||
|
|
||||||
/* C_WaitForSlotEvent waits for a slot event (token insertion,
|
/* C_WaitForSlotEvent waits for a slot event (token insertion,
|
||||||
* removal, etc.) to occur. */
|
* removal, etc.) to occur.
|
||||||
|
*/
|
||||||
CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent)
|
CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent)
|
||||||
#ifdef CK_NEED_ARG_LIST
|
#ifdef CK_NEED_ARG_LIST
|
||||||
(
|
(
|
||||||
|
@ -908,3 +936,4 @@ CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent)
|
||||||
CK_VOID_PTR pRserved /* reserved. Should be NULL_PTR */
|
CK_VOID_PTR pRserved /* reserved. Should be NULL_PTR */
|
||||||
);
|
);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,83 @@
|
||||||
|
//
|
||||||
|
// Use of this source code is governed by a BSD-style
|
||||||
|
// license that can be found in the LICENSE file.
|
||||||
|
//
|
||||||
|
|
||||||
|
#define CK_PTR *
|
||||||
|
#ifndef NULL_PTR
|
||||||
|
#define NULL_PTR 0
|
||||||
|
#endif
|
||||||
|
#define CK_DEFINE_FUNCTION(returnType, name) returnType name
|
||||||
|
#define CK_DECLARE_FUNCTION(returnType, name) returnType name
|
||||||
|
#define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType (* name)
|
||||||
|
#define CK_CALLBACK_FUNCTION(returnType, name) returnType (* name)
|
||||||
|
|
||||||
|
#include <unistd.h>
|
||||||
|
#ifdef REPACK_STRUCTURES
|
||||||
|
# pragma pack(push, 1)
|
||||||
|
# include "pkcs11.h"
|
||||||
|
# pragma pack(pop)
|
||||||
|
#else
|
||||||
|
# include "pkcs11.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef REPACK_STRUCTURES
|
||||||
|
|
||||||
|
// Go doesn't support structures with non-default packing, but PKCS#11 requires
|
||||||
|
// pack(1) on Windows. Use structures with the same members as the CK_ ones but
|
||||||
|
// default packing, and copy data between the two.
|
||||||
|
|
||||||
|
typedef struct ckInfo {
|
||||||
|
CK_VERSION cryptokiVersion;
|
||||||
|
CK_UTF8CHAR manufacturerID[32];
|
||||||
|
CK_FLAGS flags;
|
||||||
|
CK_UTF8CHAR libraryDescription[32];
|
||||||
|
CK_VERSION libraryVersion;
|
||||||
|
} ckInfo, *ckInfoPtr;
|
||||||
|
|
||||||
|
typedef struct ckAttr {
|
||||||
|
CK_ATTRIBUTE_TYPE type;
|
||||||
|
CK_VOID_PTR pValue;
|
||||||
|
CK_ULONG ulValueLen;
|
||||||
|
} ckAttr, *ckAttrPtr;
|
||||||
|
|
||||||
|
typedef struct ckMech {
|
||||||
|
CK_MECHANISM_TYPE mechanism;
|
||||||
|
CK_VOID_PTR pParameter;
|
||||||
|
CK_ULONG ulParameterLen;
|
||||||
|
} ckMech, *ckMechPtr;
|
||||||
|
|
||||||
|
CK_RV attrsToC(CK_ATTRIBUTE_PTR *attrOut, ckAttrPtr attrIn, CK_ULONG count);
|
||||||
|
void attrsFromC(ckAttrPtr attrOut, CK_ATTRIBUTE_PTR attrIn, CK_ULONG count);
|
||||||
|
void mechToC(CK_MECHANISM_PTR mechOut, ckMechPtr mechIn);
|
||||||
|
|
||||||
|
#define ATTR_TO_C(aout, ain, count, other) \
|
||||||
|
CK_ATTRIBUTE_PTR aout; \
|
||||||
|
{ \
|
||||||
|
CK_RV e = attrsToC(&aout, ain, count); \
|
||||||
|
if (e != CKR_OK ) { \
|
||||||
|
if (other != NULL) free(other); \
|
||||||
|
return e; \
|
||||||
|
} \
|
||||||
|
}
|
||||||
|
#define ATTR_FREE(aout) free(aout)
|
||||||
|
#define ATTR_FROM_C(aout, ain, count) attrsFromC(aout, ain, count)
|
||||||
|
#define MECH_TO_C(mout, min) \
|
||||||
|
CK_MECHANISM mval, *mout = &mval; \
|
||||||
|
if (min != NULL) { mechToC(mout, min); \
|
||||||
|
} else { mout = NULL; }
|
||||||
|
|
||||||
|
#else // REPACK_STRUCTURES
|
||||||
|
|
||||||
|
// Dummy types and macros to avoid any unnecessary copying on UNIX
|
||||||
|
|
||||||
|
typedef CK_INFO ckInfo, *ckInfoPtr;
|
||||||
|
typedef CK_ATTRIBUTE ckAttr, *ckAttrPtr;
|
||||||
|
typedef CK_MECHANISM ckMech, *ckMechPtr;
|
||||||
|
|
||||||
|
#define ATTR_TO_C(aout, ain, count, other) CK_ATTRIBUTE_PTR aout = ain
|
||||||
|
#define ATTR_FREE(aout)
|
||||||
|
#define ATTR_FROM_C(aout, ain, count)
|
||||||
|
#define MECH_TO_C(mout, min) CK_MECHANISM_PTR mout = min
|
||||||
|
|
||||||
|
#endif // REPACK_STRUCTURES
|
File diff suppressed because it is too large
Load Diff
|
@ -5,18 +5,9 @@
|
||||||
package pkcs11
|
package pkcs11
|
||||||
|
|
||||||
/*
|
/*
|
||||||
#define CK_PTR *
|
|
||||||
#ifndef NULL_PTR
|
|
||||||
#define NULL_PTR 0
|
|
||||||
#endif
|
|
||||||
#define CK_DEFINE_FUNCTION(returnType, name) returnType name
|
|
||||||
#define CK_DECLARE_FUNCTION(returnType, name) returnType name
|
|
||||||
#define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType (* name)
|
|
||||||
#define CK_CALLBACK_FUNCTION(returnType, name) returnType (* name)
|
|
||||||
|
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include "pkcs11.h"
|
#include "pkcs11go.h"
|
||||||
|
|
||||||
CK_ULONG Index(CK_ULONG_PTR array, CK_ULONG i)
|
CK_ULONG Index(CK_ULONG_PTR array, CK_ULONG i)
|
||||||
{
|
{
|
||||||
|
@ -196,20 +187,22 @@ func NewAttribute(typ uint, x interface{}) *Attribute {
|
||||||
}
|
}
|
||||||
|
|
||||||
// cAttribute returns the start address and the length of an attribute list.
|
// cAttribute returns the start address and the length of an attribute list.
|
||||||
func cAttributeList(a []*Attribute) (arena, C.CK_ATTRIBUTE_PTR, C.CK_ULONG) {
|
func cAttributeList(a []*Attribute) (arena, C.ckAttrPtr, C.CK_ULONG) {
|
||||||
var arena arena
|
var arena arena
|
||||||
if len(a) == 0 {
|
if len(a) == 0 {
|
||||||
return nil, nil, 0
|
return nil, nil, 0
|
||||||
}
|
}
|
||||||
pa := make([]C.CK_ATTRIBUTE, len(a))
|
pa := make([]C.ckAttr, len(a))
|
||||||
for i := 0; i < len(a); i++ {
|
for i := 0; i < len(a); i++ {
|
||||||
pa[i]._type = C.CK_ATTRIBUTE_TYPE(a[i].Type)
|
pa[i]._type = C.CK_ATTRIBUTE_TYPE(a[i].Type)
|
||||||
if a[i].Value == nil {
|
//skip attribute if length is 0 to prevent panic in arena.Allocate
|
||||||
|
if a[i].Value == nil || len(a[i].Value) == 0 {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
pa[i].pValue, pa[i].ulValueLen = arena.Allocate(a[i].Value)
|
pa[i].pValue, pa[i].ulValueLen = arena.Allocate(a[i].Value)
|
||||||
}
|
}
|
||||||
return arena, C.CK_ATTRIBUTE_PTR(&pa[0]), C.CK_ULONG(len(a))
|
return arena, C.ckAttrPtr(&pa[0]), C.CK_ULONG(len(a))
|
||||||
}
|
}
|
||||||
|
|
||||||
func cDate(t time.Time) []byte {
|
func cDate(t time.Time) []byte {
|
||||||
|
@ -243,20 +236,22 @@ func NewMechanism(mech uint, x interface{}) *Mechanism {
|
||||||
return m
|
return m
|
||||||
}
|
}
|
||||||
|
|
||||||
func cMechanismList(m []*Mechanism) (arena, C.CK_MECHANISM_PTR, C.CK_ULONG) {
|
func cMechanismList(m []*Mechanism) (arena, C.ckMechPtr, C.CK_ULONG) {
|
||||||
var arena arena
|
var arena arena
|
||||||
if len(m) == 0 {
|
if len(m) == 0 {
|
||||||
return nil, nil, 0
|
return nil, nil, 0
|
||||||
}
|
}
|
||||||
pm := make([]C.CK_MECHANISM, len(m))
|
pm := make([]C.ckMech, len(m))
|
||||||
for i := 0; i < len(m); i++ {
|
for i := 0; i < len(m); i++ {
|
||||||
pm[i].mechanism = C.CK_MECHANISM_TYPE(m[i].Mechanism)
|
pm[i].mechanism = C.CK_MECHANISM_TYPE(m[i].Mechanism)
|
||||||
if m[i].Parameter == nil {
|
//skip parameter if length is 0 to prevent panic in arena.Allocate
|
||||||
|
if m[i].Parameter == nil || len(m[i].Parameter) == 0 {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
pm[i].pParameter, pm[i].ulParameterLen = arena.Allocate(m[i].Parameter)
|
pm[i].pParameter, pm[i].ulParameterLen = arena.Allocate(m[i].Parameter)
|
||||||
}
|
}
|
||||||
return arena, C.CK_MECHANISM_PTR(&pm[0]), C.CK_ULONG(len(m))
|
return arena, C.ckMechPtr(&pm[0]), C.CK_ULONG(len(m))
|
||||||
}
|
}
|
||||||
|
|
||||||
// MechanismInfo provides information about a particular mechanism.
|
// MechanismInfo provides information about a particular mechanism.
|
||||||
|
|
|
@ -1,6 +1,8 @@
|
||||||
<img src="docs/images/notary-blk.svg" alt="Notary" width="400px"/>
|
<img src="docs/images/notary-blk.svg" alt="Notary" width="400px"/>
|
||||||
|
|
||||||
|
[![GoDoc](https://godoc.org/github.com/theupdateframework/notary?status.svg)](https://godoc.org/github.com/theupdateframework/notary)
|
||||||
[![Circle CI](https://circleci.com/gh/theupdateframework/notary/tree/master.svg?style=shield)](https://circleci.com/gh/theupdateframework/notary/tree/master) [![CodeCov](https://codecov.io/github/theupdateframework/notary/coverage.svg?branch=master)](https://codecov.io/github/theupdateframework/notary) [![GoReportCard](https://goreportcard.com/badge/theupdateframework/notary)](https://goreportcard.com/report/github.com/theupdateframework/notary)
|
[![Circle CI](https://circleci.com/gh/theupdateframework/notary/tree/master.svg?style=shield)](https://circleci.com/gh/theupdateframework/notary/tree/master) [![CodeCov](https://codecov.io/github/theupdateframework/notary/coverage.svg?branch=master)](https://codecov.io/github/theupdateframework/notary) [![GoReportCard](https://goreportcard.com/badge/theupdateframework/notary)](https://goreportcard.com/report/github.com/theupdateframework/notary)
|
||||||
|
[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Ftheupdateframework%2Fnotary.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Ftheupdateframework%2Fnotary?ref=badge_shield)
|
||||||
|
|
||||||
# Notice
|
# Notice
|
||||||
|
|
||||||
|
@ -14,7 +16,7 @@ location via GitHub's redirect.
|
||||||
# Overview
|
# Overview
|
||||||
|
|
||||||
The Notary project comprises a [server](cmd/notary-server) and a [client](cmd/notary) for running and interacting
|
The Notary project comprises a [server](cmd/notary-server) and a [client](cmd/notary) for running and interacting
|
||||||
with trusted collections. Please see the [service architecture](docs/service_architecture.md) documentation
|
with trusted collections. See the [service architecture](docs/service_architecture.md) documentation
|
||||||
for more information.
|
for more information.
|
||||||
|
|
||||||
Notary aims to make the internet more secure by making it easy for people to
|
Notary aims to make the internet more secure by making it easy for people to
|
||||||
|
@ -44,26 +46,26 @@ Notary is based on [The Update Framework](https://www.theupdateframework.com/),
|
||||||
|
|
||||||
## Security
|
## Security
|
||||||
|
|
||||||
Please see our [service architecture docs](docs/service_architecture.md#threat-model) for more information about our threat model, which details the varying survivability and severities for key compromise as well as mitigations.
|
See Notary's [service architecture docs](docs/service_architecture.md#threat-model) for more information about our threat model, which details the varying survivability and severities for key compromise as well as mitigations.
|
||||||
|
|
||||||
Our last security audit was on July 31, 2015 by NCC ([results](docs/resources/ncc_docker_notary_audit_2015_07_31.pdf)).
|
Notary's last security audit was on July 31, 2015 by NCC ([results](docs/resources/ncc_docker_notary_audit_2015_07_31.pdf)).
|
||||||
|
|
||||||
Any security vulnerabilities can be reported to security@docker.com.
|
Any security vulnerabilities can be reported to security@docker.com.
|
||||||
|
|
||||||
# Getting started with the Notary CLI
|
# Getting started with the Notary CLI
|
||||||
|
|
||||||
Please get the Notary Client CLI binary from [the official releases page](https://github.com/theupdateframework/notary/releases) or you can [build one yourself](#building-notary).
|
Get the Notary Client CLI binary from [the official releases page](https://github.com/theupdateframework/notary/releases) or you can [build one yourself](#building-notary).
|
||||||
The version of Notary server and signer should be greater than or equal to Notary CLI's version to ensure feature compatibility (ex: CLI version 0.2, server/signer version >= 0.2), and all official releases are associated with GitHub tags.
|
The version of Notary server and signer should be greater than or equal to Notary CLI's version to ensure feature compatibility (ex: CLI version 0.2, server/signer version >= 0.2), and all official releases are associated with GitHub tags.
|
||||||
|
|
||||||
To use the Notary CLI with Docker hub images, please have a look at our
|
To use the Notary CLI with Docker hub images, have a look at Notary's
|
||||||
[getting started docs](docs/getting_started.md).
|
[getting started docs](docs/getting_started.md).
|
||||||
|
|
||||||
For more advanced usage, please see the
|
For more advanced usage, see the
|
||||||
[advanced usage docs](docs/advanced_usage.md).
|
[advanced usage docs](docs/advanced_usage.md).
|
||||||
|
|
||||||
To use the CLI against a local Notary server rather than against Docker Hub:
|
To use the CLI against a local Notary server rather than against Docker Hub:
|
||||||
|
|
||||||
1. Please ensure that you have [docker and docker-compose](http://docs.docker.com/compose/install/) installed.
|
1. Ensure that you have [docker and docker-compose](http://docs.docker.com/compose/install/) installed.
|
||||||
1. `git clone https://github.com/theupdateframework/notary.git` and from the cloned repository path,
|
1. `git clone https://github.com/theupdateframework/notary.git` and from the cloned repository path,
|
||||||
start up a local Notary server and signer and copy the config file and testing certs to your
|
start up a local Notary server and signer and copy the config file and testing certs to your
|
||||||
local notary config directory:
|
local notary config directory:
|
||||||
|
@ -89,28 +91,31 @@ to use `notary` with Docker images.
|
||||||
|
|
||||||
## Building Notary
|
## Building Notary
|
||||||
|
|
||||||
Note that our [latest stable release](https://github.com/theupdateframework/notary/releases) is at the head of the
|
Note that Notary's [latest stable release](https://github.com/theupdateframework/notary/releases) is at the head of the
|
||||||
[releases branch](https://github.com/theupdateframework/notary/tree/releases). The master branch is the development
|
[releases branch](https://github.com/theupdateframework/notary/tree/releases). The master branch is the development
|
||||||
branch and contains features for the next release.
|
branch and contains features for the next release.
|
||||||
|
|
||||||
Prerequisites:
|
Prerequisites:
|
||||||
|
|
||||||
- Go >= 1.7.1
|
- Go >= 1.7.1
|
||||||
- [godep](https://github.com/tools/godep) installed
|
- Fedora: `dnf install golang`
|
||||||
- libtool development headers installed
|
- libtool development headers installed
|
||||||
- Ubuntu: `apt-get install libltdl-dev`
|
- Ubuntu: `apt-get install libltdl-dev`
|
||||||
- CentOS/RedHat: `yum install libtool-ltdl-devel`
|
- CentOS/RedHat: `yum install libtool-ltdl-devel`
|
||||||
|
- Fedora: `dnf install libtool-ltdl-devel`
|
||||||
- Mac OS ([Homebrew](http://brew.sh/)): `brew install libtool`
|
- Mac OS ([Homebrew](http://brew.sh/)): `brew install libtool`
|
||||||
|
|
||||||
Run `make client`, which creates the Notary Client CLI binary at `bin/notary`.
|
Set [```GOPATH```](https://golang.org/doc/code.html#GOPATH). Then, run:
|
||||||
Note that `make client` assumes a standard Go directory structure, in which
|
|
||||||
Notary is checked out to the `src` directory in your `GOPATH`. For example:
|
```bash
|
||||||
```
|
$ go get github.com/theupdateframework/notary
|
||||||
$GOPATH/
|
# build with pcks11 support by default to support yubikey
|
||||||
src/
|
$ go install -tags pkcs11 github.com/theupdateframework/notary/cmd/notary
|
||||||
github.com/
|
$ notary
|
||||||
docker/
|
|
||||||
notary/
|
|
||||||
```
|
```
|
||||||
|
|
||||||
To build the server and signer, please run `docker-compose build`.
|
To build the server and signer, run `docker-compose build`.
|
||||||
|
|
||||||
|
|
||||||
|
## License
|
||||||
|
[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Ftheupdateframework%2Fnotary.svg?type=large)](https://app.fossa.io/projects/git%2Bgithub.com%2Ftheupdateframework%2Fnotary?ref=badge_large)
|
||||||
|
|
|
@ -1,88 +1,4 @@
|
||||||
/*
|
//Package client implements everything required for interacting with a Notary repository.
|
||||||
Package client implements everything required for interacting with a Notary repository.
|
|
||||||
|
|
||||||
Usage
|
|
||||||
|
|
||||||
Use this package by creating a new repository object and calling methods on it.
|
|
||||||
|
|
||||||
package main
|
|
||||||
|
|
||||||
import (
|
|
||||||
"encoding/hex"
|
|
||||||
"fmt"
|
|
||||||
"net/http"
|
|
||||||
"os"
|
|
||||||
"time"
|
|
||||||
|
|
||||||
"github.com/docker/distribution/registry/client/auth"
|
|
||||||
"github.com/docker/distribution/registry/client/auth/challenge"
|
|
||||||
"github.com/docker/distribution/registry/client/transport"
|
|
||||||
notary "github.com/theupdateframework/notary/client"
|
|
||||||
"github.com/theupdateframework/notary/trustpinning"
|
|
||||||
"github.com/theupdateframework/notary/tuf/data"
|
|
||||||
)
|
|
||||||
|
|
||||||
func main() {
|
|
||||||
rootDir := ".trust"
|
|
||||||
if err := os.MkdirAll(rootDir, 0700); err != nil {
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
|
|
||||||
server := "https://notary.docker.io"
|
|
||||||
image := "docker.io/library/alpine"
|
|
||||||
repo, err := notary.NewFileCachedNotaryRepository(
|
|
||||||
rootDir,
|
|
||||||
data.GUN(image),
|
|
||||||
server,
|
|
||||||
makeHubTransport(server, image),
|
|
||||||
nil,
|
|
||||||
trustpinning.TrustPinConfig{},
|
|
||||||
)
|
|
||||||
|
|
||||||
targets, err := repo.ListTargets()
|
|
||||||
if err != nil {
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, tgt := range targets {
|
|
||||||
fmt.Printf("%s\t%s\n", tgt.Name, hex.EncodeToString(tgt.Hashes["sha256"]))
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func makeHubTransport(server, image string) http.RoundTripper {
|
|
||||||
base := http.DefaultTransport
|
|
||||||
modifiers := []transport.RequestModifier{
|
|
||||||
transport.NewHeaderRequestModifier(http.Header{
|
|
||||||
"User-Agent": []string{"my-client"},
|
|
||||||
}),
|
|
||||||
}
|
|
||||||
|
|
||||||
authTransport := transport.NewTransport(base, modifiers...)
|
|
||||||
pingClient := &http.Client{
|
|
||||||
Transport: authTransport,
|
|
||||||
Timeout: 5 * time.Second,
|
|
||||||
}
|
|
||||||
req, err := http.NewRequest("GET", server+"/v2/", nil)
|
|
||||||
if err != nil {
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
|
|
||||||
challengeManager := challenge.NewSimpleManager()
|
|
||||||
resp, err := pingClient.Do(req)
|
|
||||||
if err != nil {
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
defer resp.Body.Close()
|
|
||||||
if err := challengeManager.AddResponse(resp); err != nil {
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
tokenHandler := auth.NewTokenHandler(base, nil, image, "pull")
|
|
||||||
modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, tokenHandler, auth.NewBasicHandler(nil)))
|
|
||||||
|
|
||||||
return transport.NewTransport(base, modifiers...)
|
|
||||||
}
|
|
||||||
|
|
||||||
*/
|
|
||||||
package client
|
package client
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
|
|
@ -3,6 +3,7 @@ package trustmanager
|
||||||
import (
|
import (
|
||||||
"encoding/pem"
|
"encoding/pem"
|
||||||
"errors"
|
"errors"
|
||||||
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
|
@ -100,8 +101,9 @@ func ImportKeys(from io.Reader, to []Importer, fallbackRole string, fallbackGUN
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
var (
|
var (
|
||||||
writeTo string
|
writeTo string
|
||||||
toWrite []byte
|
toWrite []byte
|
||||||
|
errBlocks []string
|
||||||
)
|
)
|
||||||
for block, rest := pem.Decode(data); block != nil; block, rest = pem.Decode(rest) {
|
for block, rest := pem.Decode(data); block != nil; block, rest = pem.Decode(rest) {
|
||||||
handleLegacyPath(block)
|
handleLegacyPath(block)
|
||||||
|
@ -110,6 +112,7 @@ func ImportKeys(from io.Reader, to []Importer, fallbackRole string, fallbackGUN
|
||||||
loc, err := checkValidity(block)
|
loc, err := checkValidity(block)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// already logged in checkValidity
|
// already logged in checkValidity
|
||||||
|
errBlocks = append(errBlocks, err.Error())
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -157,6 +160,9 @@ func ImportKeys(from io.Reader, to []Importer, fallbackRole string, fallbackGUN
|
||||||
if toWrite != nil { // close out final iteration if there's data left
|
if toWrite != nil { // close out final iteration if there's data left
|
||||||
return importToStores(to, writeTo, toWrite)
|
return importToStores(to, writeTo, toWrite)
|
||||||
}
|
}
|
||||||
|
if len(errBlocks) > 0 {
|
||||||
|
return fmt.Errorf("failed to import all keys: %s", strings.Join(errBlocks, ", "))
|
||||||
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
2
vendor/github.com/theupdateframework/notary/trustmanager/yubikey/pkcs11_linux.go
generated
vendored
2
vendor/github.com/theupdateframework/notary/trustmanager/yubikey/pkcs11_linux.go
generated
vendored
|
@ -4,7 +4,9 @@ package yubikey
|
||||||
|
|
||||||
var possiblePkcs11Libs = []string{
|
var possiblePkcs11Libs = []string{
|
||||||
"/usr/lib/libykcs11.so",
|
"/usr/lib/libykcs11.so",
|
||||||
|
"/usr/lib/libykcs11.so.1", // yubico-piv-tool on Fedora installs here
|
||||||
"/usr/lib64/libykcs11.so",
|
"/usr/lib64/libykcs11.so",
|
||||||
|
"/usr/lib64/libykcs11.so.1", // yubico-piv-tool on Fedora installs here
|
||||||
"/usr/lib/x86_64-linux-gnu/libykcs11.so",
|
"/usr/lib/x86_64-linux-gnu/libykcs11.so",
|
||||||
"/usr/local/lib/libykcs11.so",
|
"/usr/local/lib/libykcs11.so",
|
||||||
}
|
}
|
||||||
|
|
|
@ -248,17 +248,14 @@ func (tr *Repo) GetDelegationRole(name data.RoleName) (data.DelegationRole, erro
|
||||||
}
|
}
|
||||||
// Check all public key certificates in the role for expiry
|
// Check all public key certificates in the role for expiry
|
||||||
// Currently we do not reject expired delegation keys but warn if they might expire soon or have already
|
// Currently we do not reject expired delegation keys but warn if they might expire soon or have already
|
||||||
for keyID, pubKey := range delgRole.Keys {
|
for _, pubKey := range delgRole.Keys {
|
||||||
certFromKey, err := utils.LoadCertFromPEM(pubKey.Public())
|
certFromKey, err := utils.LoadCertFromPEM(pubKey.Public())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
if err := utils.ValidateCertificate(certFromKey, true); err != nil {
|
//Don't check the delegation certificate expiry once added, use the TUF role expiry instead
|
||||||
if _, ok := err.(data.ErrCertExpired); !ok {
|
if err := utils.ValidateCertificate(certFromKey, false); err != nil {
|
||||||
// do not allow other invalid cert errors
|
return err
|
||||||
return err
|
|
||||||
}
|
|
||||||
logrus.Warnf("error with delegation %s key ID %d: %s", delgRole.Name, keyID, err)
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
foundRole = &delgRole
|
foundRole = &delgRole
|
||||||
|
|
|
@ -5,8 +5,8 @@ github.com/bugsnag/bugsnag-go 13fd6b8acda029830ef9904df6b63be0a83369d0
|
||||||
github.com/bugsnag/panicwrap e2c28503fcd0675329da73bf48b33404db873782
|
github.com/bugsnag/panicwrap e2c28503fcd0675329da73bf48b33404db873782
|
||||||
github.com/bugsnag/osext 0dd3f918b21bec95ace9dc86c7e70266cfc5c702
|
github.com/bugsnag/osext 0dd3f918b21bec95ace9dc86c7e70266cfc5c702
|
||||||
github.com/docker/distribution edc3ab29cdff8694dd6feb85cfeb4b5f1b38ed9c
|
github.com/docker/distribution edc3ab29cdff8694dd6feb85cfeb4b5f1b38ed9c
|
||||||
github.com/opencontainers/go-digest a6d0ee40d4207ea02364bd3b9e8e77b9159ba1eb
|
github.com/opencontainers/go-digest a6d0ee40d4207ea02364bd3b9e8e77b9159ba1eb
|
||||||
github.com/docker/go-connections 3ede32e2033de7505e6500d6c868c2b9ed9f169d
|
github.com/docker/go-connections 7395e3f8aa162843a74ed6d48e79627d9792ac55
|
||||||
github.com/docker/go d30aec9fd63c35133f8f79c3412ad91a3b08be06
|
github.com/docker/go d30aec9fd63c35133f8f79c3412ad91a3b08be06
|
||||||
github.com/dvsekhvalnov/jose2go 6387d3c1f5abd8443b223577d5a7e0f4e0e5731f # v1.2
|
github.com/dvsekhvalnov/jose2go 6387d3c1f5abd8443b223577d5a7e0f4e0e5731f # v1.2
|
||||||
github.com/go-sql-driver/mysql a0583e0143b1624142adab07e0e97fe106d99561 # v1.3
|
github.com/go-sql-driver/mysql a0583e0143b1624142adab07e0e97fe106d99561 # v1.3
|
||||||
|
@ -15,22 +15,22 @@ github.com/jinzhu/gorm 5409931a1bb87e484d68d649af9367c207713ea2
|
||||||
github.com/jinzhu/inflection 1c35d901db3da928c72a72d8458480cc9ade058f
|
github.com/jinzhu/inflection 1c35d901db3da928c72a72d8458480cc9ade058f
|
||||||
github.com/lib/pq 0dad96c0b94f8dee039aa40467f767467392a0af
|
github.com/lib/pq 0dad96c0b94f8dee039aa40467f767467392a0af
|
||||||
github.com/mattn/go-sqlite3 b4142c444a8941d0d92b0b7103a24df9cd815e42 # v1.0.0
|
github.com/mattn/go-sqlite3 b4142c444a8941d0d92b0b7103a24df9cd815e42 # v1.0.0
|
||||||
github.com/miekg/pkcs11 ba39b9c6300b7e0be41b115330145ef8afdff7d6
|
github.com/miekg/pkcs11 5f6e0d0dad6f472df908c8e968a98ef00c9224bb
|
||||||
github.com/mitchellh/go-homedir df55a15e5ce646808815381b3db47a8c66ea62f4
|
github.com/mitchellh/go-homedir df55a15e5ce646808815381b3db47a8c66ea62f4
|
||||||
github.com/prometheus/client_golang 449ccefff16c8e2b7229f6be1921ba22f62461fe
|
github.com/prometheus/client_golang 449ccefff16c8e2b7229f6be1921ba22f62461fe
|
||||||
github.com/prometheus/client_model fa8ad6fec33561be4280a8f0514318c79d7f6cb6 # model-0.0.2-12-gfa8ad6f
|
github.com/prometheus/client_model fa8ad6fec33561be4280a8f0514318c79d7f6cb6 # model-0.0.2-12-gfa8ad6f
|
||||||
github.com/prometheus/procfs b1afdc266f54247f5dc725544f5d351a8661f502
|
github.com/prometheus/procfs b1afdc266f54247f5dc725544f5d351a8661f502
|
||||||
github.com/prometheus/common 4fdc91a58c9d3696b982e8a680f4997403132d44
|
github.com/prometheus/common 4fdc91a58c9d3696b982e8a680f4997403132d44
|
||||||
github.com/golang/protobuf c3cefd437628a0b7d31b34fe44b3a7a540e98527
|
github.com/golang/protobuf c3cefd437628a0b7d31b34fe44b3a7a540e98527
|
||||||
github.com/spf13/cobra f368244301305f414206f889b1735a54cfc8bde8
|
github.com/spf13/cobra 7b2c5ac9fc04fc5efafb60700713d4fa609b777b # v0.0.1
|
||||||
github.com/spf13/viper be5ff3e4840cf692388bde7a057595a474ef379e
|
github.com/spf13/viper be5ff3e4840cf692388bde7a057595a474ef379e
|
||||||
golang.org/x/crypto 76eec36fa14229c4b25bb894c2d0e591527af429
|
golang.org/x/crypto 76eec36fa14229c4b25bb894c2d0e591527af429
|
||||||
golang.org/x/net 6a513affb38dc9788b449d59ffed099b8de18fa0
|
golang.org/x/net 6a513affb38dc9788b449d59ffed099b8de18fa0
|
||||||
golang.org/x/sys 739734461d1c916b6c72a63d7efda2b27edb369f
|
golang.org/x/sys 314a259e304ff91bd6985da2a7149bbf91237993
|
||||||
google.golang.org/grpc 708a7f9f3283aa2d4f6132d287d78683babe55c8 # v1.0.5
|
google.golang.org/grpc 708a7f9f3283aa2d4f6132d287d78683babe55c8 # v1.0.5
|
||||||
github.com/pkg/errors 839d9e913e063e28dfd0e6c7b7512793e0a48be9
|
github.com/pkg/errors 839d9e913e063e28dfd0e6c7b7512793e0a48be9
|
||||||
|
|
||||||
github.com/spf13/pflag cb88ea77998c3f024757528e3305022ab50b43be
|
github.com/spf13/pflag e57e3eeb33f795204c1ca35f56c44f83227c6e66 # v1.0.0
|
||||||
github.com/spf13/cast 4d07383ffe94b5e5a6fa3af9211374a4507a0184
|
github.com/spf13/cast 4d07383ffe94b5e5a6fa3af9211374a4507a0184
|
||||||
gopkg.in/yaml.v2 bef53efd0c76e49e6de55ead051f886bea7e9420
|
gopkg.in/yaml.v2 bef53efd0c76e49e6de55ead051f886bea7e9420
|
||||||
gopkg.in/fatih/pool.v2 cba550ebf9bce999a02e963296d4bc7a486cb715
|
gopkg.in/fatih/pool.v2 cba550ebf9bce999a02e963296d4bc7a486cb715
|
||||||
|
|
Loading…
Reference in New Issue