mirror of https://github.com/docker/cli.git
Merge pull request #914 from justincormack/notaryup
Update Notary vendor to 0.6.0 release
This commit is contained in:
commit
f351f00f9e
|
@ -44,7 +44,7 @@ github.com/json-iterator/go 6240e1e7983a85228f7fd9c3e1b6932d46ec58e2
|
|||
github.com/mailru/easyjson d5b7844b561a7bc640052f1b935f7b800330d7e0
|
||||
github.com/mattn/go-shellwords v1.0.3
|
||||
github.com/Microsoft/go-winio v0.4.6
|
||||
github.com/miekg/pkcs11 df8ae6ca730422dba20c768ff38ef7d79077a59f
|
||||
github.com/miekg/pkcs11 5f6e0d0dad6f472df908c8e968a98ef00c9224bb
|
||||
github.com/mitchellh/mapstructure f3009df150dadf309fdee4a54ed65c124afad715
|
||||
github.com/moby/buildkit aaff9d591ef128560018433fe61beb802e149de8
|
||||
github.com/Nvveen/Gotty a8b993ba6abdb0e0c12b0125c603323a71c7790c https://github.com/ijc25/Gotty
|
||||
|
@ -62,7 +62,7 @@ github.com/sirupsen/logrus v1.0.3
|
|||
github.com/spf13/cobra 34ceca591bcf34a17a8b7bad5b3ce5f9c165bee5
|
||||
github.com/spf13/pflag 97afa5e7ca8a08a383cb259e06636b5e2cc7897f
|
||||
github.com/stretchr/testify 4d4bfba8f1d1027c4fdbe371823030df51419987
|
||||
github.com/theupdateframework/notary 05985dc5d1c71ee6c387e9cd276a00b9d424af53
|
||||
github.com/theupdateframework/notary v0.6.0
|
||||
github.com/tonistiigi/fsutil dea3a0da73aee887fc02142d995be764106ac5e2
|
||||
github.com/xeipuuv/gojsonpointer e0fe6f68307607d540ed8eac07a342c33fa1b54a
|
||||
github.com/xeipuuv/gojsonreference e02fc20de94c78484cd5ffb007f8af96be030a45
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# PKCS#11 [![Build Status](https://travis-ci.org/miekg/pkcs11.png?branch=master)](https://travis-ci.org/miekg/pkcs11)
|
||||
# PKCS#11 [![Build Status](https://travis-ci.org/miekg/pkcs11.png?branch=master)](https://travis-ci.org/miekg/pkcs11) [![GoDoc](https://img.shields.io/badge/godoc-reference-blue.svg)](http://godoc.org/github.com/miekg/pkcs11)
|
||||
|
||||
This is a Go implementation of the PKCS#11 API. It wraps the library closely, but uses Go idiom
|
||||
were it makes sense. It has been tested with SoftHSM.
|
||||
|
@ -58,6 +58,10 @@ A skeleton program would look somewhat like this (yes, pkcs#11 is verbose):
|
|||
|
||||
Further examples are included in the tests.
|
||||
|
||||
To expose PKCS#11 keys using the
|
||||
[crypto.Signer interface](https://golang.org/pkg/crypto/#Signer),
|
||||
please see [github.com/thalesignite/crypto11](https://github.com/thalesignite/crypto11).
|
||||
|
||||
# TODO
|
||||
|
||||
* Fix/double check endian stuff, see types.go NewAttribute()
|
||||
|
|
|
@ -23,7 +23,19 @@ const (
|
|||
CKO_VENDOR_DEFINED uint = 0x80000000
|
||||
)
|
||||
|
||||
// Generated with: awk '/#define CK[AFKMRC]/{ print $2 "=" $3 }' pkcs11t.h
|
||||
const (
|
||||
CKG_MGF1_SHA1 uint = 0x00000001
|
||||
CKG_MGF1_SHA224 uint = 0x00000005
|
||||
CKG_MGF1_SHA256 uint = 0x00000002
|
||||
CKG_MGF1_SHA384 uint = 0x00000003
|
||||
CKG_MGF1_SHA512 uint = 0x00000004
|
||||
)
|
||||
|
||||
const (
|
||||
CKZ_DATA_SPECIFIED uint = 0x00000001
|
||||
)
|
||||
|
||||
// Generated with: awk '/#define CK[AFKMRC]/{ print $2 " = " $3 }' pkcs11t.h | sed -e 's/UL$//g' -e 's/UL)$/)/g'
|
||||
|
||||
// All the flag (CKF_), attribute (CKA_), error code (CKR_), key type (CKK_), certificate type (CKC_) and
|
||||
// mechanism (CKM_) constants as defined in PKCS#11.
|
||||
|
@ -49,6 +61,7 @@ const (
|
|||
CKF_SO_PIN_FINAL_TRY = 0x00200000
|
||||
CKF_SO_PIN_LOCKED = 0x00400000
|
||||
CKF_SO_PIN_TO_BE_CHANGED = 0x00800000
|
||||
CKF_ERROR_STATE = 0x01000000
|
||||
CKF_RW_SESSION = 0x00000002
|
||||
CKF_SERIAL_SESSION = 0x00000004
|
||||
CKK_RSA = 0x00000000
|
||||
|
@ -82,6 +95,18 @@ const (
|
|||
CKK_ACTI = 0x00000024
|
||||
CKK_CAMELLIA = 0x00000025
|
||||
CKK_ARIA = 0x00000026
|
||||
CKK_SHA512_224_HMAC = 0x00000027
|
||||
CKK_SHA512_256_HMAC = 0x00000028
|
||||
CKK_SHA512_T_HMAC = 0x00000029
|
||||
CKK_SHA_1_HMAC = 0x00000028
|
||||
CKK_SHA224_HMAC = 0x0000002E
|
||||
CKK_SHA256_HMAC = 0x0000002B
|
||||
CKK_SHA384_HMAC = 0x0000002C
|
||||
CKK_SHA512_HMAC = 0x0000002D
|
||||
CKK_SEED = 0x00000050
|
||||
CKK_GOSTR3410 = 0x00000060
|
||||
CKK_GOSTR3411 = 0x00000061
|
||||
CKK_GOST28147 = 0x00000062
|
||||
CKK_VENDOR_DEFINED = 0x80000000
|
||||
CKC_X_509 = 0x00000000
|
||||
CKC_X_509_ATTR_CERT = 0x00000001
|
||||
|
@ -107,6 +132,7 @@ const (
|
|||
CKA_URL = 0x00000089
|
||||
CKA_HASH_OF_SUBJECT_PUBLIC_KEY = 0x0000008A
|
||||
CKA_HASH_OF_ISSUER_PUBLIC_KEY = 0x0000008B
|
||||
CKA_NAME_HASH_ALGORITHM = 0x0000008C
|
||||
CKA_CHECK_VALUE = 0x00000090
|
||||
CKA_KEY_TYPE = 0x00000100
|
||||
CKA_SUBJECT = 0x00000101
|
||||
|
@ -132,6 +158,7 @@ const (
|
|||
CKA_EXPONENT_1 = 0x00000126
|
||||
CKA_EXPONENT_2 = 0x00000127
|
||||
CKA_COEFFICIENT = 0x00000128
|
||||
CKA_PUBLIC_KEY_INFO = 0x00000129
|
||||
CKA_PRIME = 0x00000130
|
||||
CKA_SUBPRIME = 0x00000131
|
||||
CKA_BASE = 0x00000132
|
||||
|
@ -146,6 +173,8 @@ const (
|
|||
CKA_ALWAYS_SENSITIVE = 0x00000165
|
||||
CKA_KEY_GEN_MECHANISM = 0x00000166
|
||||
CKA_MODIFIABLE = 0x00000170
|
||||
CKA_COPYABLE = 0x00000171
|
||||
CKA_DESTROYABLE = 0x00000172
|
||||
CKA_ECDSA_PARAMS = 0x00000180
|
||||
CKA_EC_PARAMS = 0x00000180
|
||||
CKA_EC_POINT = 0x00000181
|
||||
|
@ -169,6 +198,9 @@ const (
|
|||
CKA_OTP_SERVICE_IDENTIFIER = 0x0000022B
|
||||
CKA_OTP_SERVICE_LOGO = 0x0000022C
|
||||
CKA_OTP_SERVICE_LOGO_TYPE = 0x0000022D
|
||||
CKA_GOSTR3410_PARAMS = 0x00000250
|
||||
CKA_GOSTR3411_PARAMS = 0x00000251
|
||||
CKA_GOST28147_PARAMS = 0x00000252
|
||||
CKA_HW_FEATURE_TYPE = 0x00000300
|
||||
CKA_RESET_ON_INIT = 0x00000301
|
||||
CKA_HAS_RESET = 0x00000302
|
||||
|
@ -206,6 +238,11 @@ const (
|
|||
CKM_DSA_KEY_PAIR_GEN = 0x00000010
|
||||
CKM_DSA = 0x00000011
|
||||
CKM_DSA_SHA1 = 0x00000012
|
||||
CKM_DSA_FIPS_G_GEN = 0x00000013
|
||||
CKM_DSA_SHA224 = 0x00000014
|
||||
CKM_DSA_SHA256 = 0x00000015
|
||||
CKM_DSA_SHA384 = 0x00000016
|
||||
CKM_DSA_SHA512 = 0x00000017
|
||||
CKM_DH_PKCS_KEY_PAIR_GEN = 0x00000020
|
||||
CKM_DH_PKCS_DERIVE = 0x00000021
|
||||
CKM_X9_42_DH_KEY_PAIR_GEN = 0x00000030
|
||||
|
@ -220,6 +257,18 @@ const (
|
|||
CKM_SHA512_RSA_PKCS_PSS = 0x00000045
|
||||
CKM_SHA224_RSA_PKCS = 0x00000046
|
||||
CKM_SHA224_RSA_PKCS_PSS = 0x00000047
|
||||
CKM_SHA512_224 = 0x00000048
|
||||
CKM_SHA512_224_HMAC = 0x00000049
|
||||
CKM_SHA512_224_HMAC_GENERAL = 0x0000004A
|
||||
CKM_SHA512_224_KEY_DERIVATION = 0x0000004B
|
||||
CKM_SHA512_256 = 0x0000004C
|
||||
CKM_SHA512_256_HMAC = 0x0000004D
|
||||
CKM_SHA512_256_HMAC_GENERAL = 0x0000004E
|
||||
CKM_SHA512_256_KEY_DERIVATION = 0x0000004F
|
||||
CKM_SHA512_T = 0x00000050
|
||||
CKM_SHA512_T_HMAC = 0x00000051
|
||||
CKM_SHA512_T_HMAC_GENERAL = 0x00000052
|
||||
CKM_SHA512_T_KEY_DERIVATION = 0x00000053
|
||||
CKM_RC2_KEY_GEN = 0x00000100
|
||||
CKM_RC2_ECB = 0x00000101
|
||||
CKM_RC2_CBC = 0x00000102
|
||||
|
@ -241,6 +290,8 @@ const (
|
|||
CKM_DES3_MAC = 0x00000134
|
||||
CKM_DES3_MAC_GENERAL = 0x00000135
|
||||
CKM_DES3_CBC_PAD = 0x00000136
|
||||
CKM_DES3_CMAC_GENERAL = 0x00000137
|
||||
CKM_DES3_CMAC = 0x00000138
|
||||
CKM_CDMF_KEY_GEN = 0x00000140
|
||||
CKM_CDMF_ECB = 0x00000141
|
||||
CKM_CDMF_CBC = 0x00000142
|
||||
|
@ -366,6 +417,16 @@ const (
|
|||
CKM_WTLS_PRF = 0x000003D3
|
||||
CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE = 0x000003D4
|
||||
CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE = 0x000003D5
|
||||
CKM_TLS10_MAC_SERVER = 0x000003D6
|
||||
CKM_TLS10_MAC_CLIENT = 0x000003D7
|
||||
CKM_TLS12_MAC = 0x000003D8
|
||||
CKM_TLS12_KDF = 0x000003D9
|
||||
CKM_TLS12_MASTER_KEY_DERIVE = 0x000003E0
|
||||
CKM_TLS12_KEY_AND_MAC_DERIVE = 0x000003E1
|
||||
CKM_TLS12_MASTER_KEY_DERIVE_DH = 0x000003E2
|
||||
CKM_TLS12_KEY_SAFE_DERIVE = 0x000003E3
|
||||
CKM_TLS_MAC = 0x000003E4
|
||||
CKM_TLS_KDF = 0x000003E5
|
||||
CKM_KEY_WRAP_LYNKS = 0x00000400
|
||||
CKM_KEY_WRAP_SET_OAEP = 0x00000401
|
||||
CKM_CMS_SIG = 0x00000500
|
||||
|
@ -389,6 +450,14 @@ const (
|
|||
CKM_ARIA_CBC_PAD = 0x00000565
|
||||
CKM_ARIA_ECB_ENCRYPT_DATA = 0x00000566
|
||||
CKM_ARIA_CBC_ENCRYPT_DATA = 0x00000567
|
||||
CKM_SEED_KEY_GEN = 0x00000650
|
||||
CKM_SEED_ECB = 0x00000651
|
||||
CKM_SEED_CBC = 0x00000652
|
||||
CKM_SEED_MAC = 0x00000653
|
||||
CKM_SEED_MAC_GENERAL = 0x00000654
|
||||
CKM_SEED_CBC_PAD = 0x00000655
|
||||
CKM_SEED_ECB_ENCRYPT_DATA = 0x00000656
|
||||
CKM_SEED_CBC_ENCRYPT_DATA = 0x00000657
|
||||
CKM_SKIPJACK_KEY_GEN = 0x00001000
|
||||
CKM_SKIPJACK_ECB64 = 0x00001001
|
||||
CKM_SKIPJACK_CBC64 = 0x00001002
|
||||
|
@ -402,6 +471,7 @@ const (
|
|||
CKM_SKIPJACK_RELAYX = 0x0000100a
|
||||
CKM_KEA_KEY_PAIR_GEN = 0x00001010
|
||||
CKM_KEA_KEY_DERIVE = 0x00001011
|
||||
CKM_KEA_DERIVE = 0x00001012
|
||||
CKM_FORTEZZA_TIMESTAMP = 0x00001020
|
||||
CKM_BATON_KEY_GEN = 0x00001030
|
||||
CKM_BATON_ECB128 = 0x00001031
|
||||
|
@ -414,9 +484,15 @@ const (
|
|||
CKM_EC_KEY_PAIR_GEN = 0x00001040
|
||||
CKM_ECDSA = 0x00001041
|
||||
CKM_ECDSA_SHA1 = 0x00001042
|
||||
CKM_ECDSA_SHA224 = 0x00001043
|
||||
CKM_ECDSA_SHA256 = 0x00001044
|
||||
CKM_ECDSA_SHA384 = 0x00001045
|
||||
CKM_ECDSA_SHA512 = 0x00001046
|
||||
CKM_ECDH1_DERIVE = 0x00001050
|
||||
CKM_ECDH1_COFACTOR_DERIVE = 0x00001051
|
||||
CKM_ECMQV_DERIVE = 0x00001052
|
||||
CKM_ECDH_AES_KEY_WRAP = 0x00001053
|
||||
CKM_RSA_AES_KEY_WRAP = 0x00001054
|
||||
CKM_JUNIPER_KEY_GEN = 0x00001060
|
||||
CKM_JUNIPER_ECB128 = 0x00001061
|
||||
CKM_JUNIPER_CBC128 = 0x00001062
|
||||
|
@ -431,19 +507,52 @@ const (
|
|||
CKM_AES_MAC_GENERAL = 0x00001084
|
||||
CKM_AES_CBC_PAD = 0x00001085
|
||||
CKM_AES_CTR = 0x00001086
|
||||
CKM_AES_GCM = 0x00001087
|
||||
CKM_AES_CCM = 0x00001088
|
||||
CKM_AES_CMAC_GENERAL = 0x00001089
|
||||
CKM_AES_CMAC = 0x0000108A
|
||||
CKM_AES_CTS = 0x0000108B
|
||||
CKM_AES_XCBC_MAC = 0x0000108C
|
||||
CKM_AES_XCBC_MAC_96 = 0x0000108D
|
||||
CKM_AES_GMAC = 0x0000108E
|
||||
CKM_BLOWFISH_KEY_GEN = 0x00001090
|
||||
CKM_BLOWFISH_CBC = 0x00001091
|
||||
CKM_TWOFISH_KEY_GEN = 0x00001092
|
||||
CKM_TWOFISH_CBC = 0x00001093
|
||||
CKM_BLOWFISH_CBC_PAD = 0x00001094
|
||||
CKM_TWOFISH_CBC_PAD = 0x00001095
|
||||
CKM_DES_ECB_ENCRYPT_DATA = 0x00001100
|
||||
CKM_DES_CBC_ENCRYPT_DATA = 0x00001101
|
||||
CKM_DES3_ECB_ENCRYPT_DATA = 0x00001102
|
||||
CKM_DES3_CBC_ENCRYPT_DATA = 0x00001103
|
||||
CKM_AES_ECB_ENCRYPT_DATA = 0x00001104
|
||||
CKM_AES_CBC_ENCRYPT_DATA = 0x00001105
|
||||
CKM_GOSTR3410_KEY_PAIR_GEN = 0x00001200
|
||||
CKM_GOSTR3410 = 0x00001201
|
||||
CKM_GOSTR3410_WITH_GOSTR3411 = 0x00001202
|
||||
CKM_GOSTR3410_KEY_WRAP = 0x00001203
|
||||
CKM_GOSTR3410_DERIVE = 0x00001204
|
||||
CKM_GOSTR3411 = 0x00001210
|
||||
CKM_GOSTR3411_HMAC = 0x00001211
|
||||
CKM_GOST28147_KEY_GEN = 0x00001220
|
||||
CKM_GOST28147_ECB = 0x00001221
|
||||
CKM_GOST28147 = 0x00001222
|
||||
CKM_GOST28147_MAC = 0x00001223
|
||||
CKM_GOST28147_KEY_WRAP = 0x00001224
|
||||
CKM_DSA_PARAMETER_GEN = 0x00002000
|
||||
CKM_DH_PKCS_PARAMETER_GEN = 0x00002001
|
||||
CKM_X9_42_DH_PARAMETER_GEN = 0x00002002
|
||||
CKM_DSA_PROBABLISTIC_PARAMETER_GEN = 0x00002003
|
||||
CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN = 0x00002004
|
||||
CKM_AES_OFB = 0x00002104
|
||||
CKM_AES_CFB64 = 0x00002105
|
||||
CKM_AES_CFB8 = 0x00002106
|
||||
CKM_AES_CFB128 = 0x00002107
|
||||
CKM_AES_CFB1 = 0x00002108
|
||||
CKM_AES_KEY_WRAP = 0x00002109
|
||||
CKM_AES_KEY_WRAP_PAD = 0x0000210A
|
||||
CKM_RSA_PKCS_TPM_1_1 = 0x00004001
|
||||
CKM_RSA_PKCS_OAEP_TPM_1_1 = 0x00004002
|
||||
CKM_VENDOR_DEFINED = 0x80000000
|
||||
CKF_HW = 0x00000001
|
||||
CKF_ENCRYPT = 0x00000100
|
||||
|
@ -479,6 +588,7 @@ const (
|
|||
CKR_ATTRIBUTE_SENSITIVE = 0x00000011
|
||||
CKR_ATTRIBUTE_TYPE_INVALID = 0x00000012
|
||||
CKR_ATTRIBUTE_VALUE_INVALID = 0x00000013
|
||||
CKR_ACTION_PROHIBITED = 0x0000001B
|
||||
CKR_DATA_INVALID = 0x00000020
|
||||
CKR_DATA_LEN_RANGE = 0x00000021
|
||||
CKR_DEVICE_ERROR = 0x00000030
|
||||
|
@ -541,6 +651,7 @@ const (
|
|||
CKR_RANDOM_SEED_NOT_SUPPORTED = 0x00000120
|
||||
CKR_RANDOM_NO_RNG = 0x00000121
|
||||
CKR_DOMAIN_PARAMS_INVALID = 0x00000130
|
||||
CKR_CURVE_NOT_SUPPORTED = 0x00000140
|
||||
CKR_BUFFER_TOO_SMALL = 0x00000150
|
||||
CKR_SAVED_STATE_INVALID = 0x00000160
|
||||
CKR_INFORMATION_SENSITIVE = 0x00000170
|
||||
|
@ -551,6 +662,11 @@ const (
|
|||
CKR_MUTEX_NOT_LOCKED = 0x000001A1
|
||||
CKR_NEW_PIN_MODE = 0x000001B0
|
||||
CKR_NEXT_OTP = 0x000001B1
|
||||
CKR_EXCEEDED_MAX_ITERATIONS = 0x000001C0
|
||||
CKR_FIPS_SELF_TEST_FAILED = 0x000001C1
|
||||
CKR_LIBRARY_LOAD_FAILED = 0x000001C2
|
||||
CKR_PIN_TOO_WEAK = 0x000001C3
|
||||
CKR_PUBLIC_KEY_INVALID = 0x000001C4
|
||||
CKR_FUNCTION_REJECTED = 0x00000200
|
||||
CKR_VENDOR_DEFINED = 0x80000000
|
||||
CKF_LIBRARY_CANT_CREATE_OS_THREADS = 0x00000001
|
||||
|
|
|
@ -11,21 +11,21 @@ package pkcs11
|
|||
// * CK_ULONG never overflows an Go int
|
||||
|
||||
/*
|
||||
#cgo windows CFLAGS: -DREPACK_STRUCTURES
|
||||
#cgo windows LDFLAGS: -lltdl
|
||||
#cgo linux LDFLAGS: -lltdl -ldl
|
||||
#cgo darwin CFLAGS: -I/usr/local/share/libtool
|
||||
#cgo darwin LDFLAGS: -lltdl -L/usr/local/lib/
|
||||
#cgo openbsd CFLAGS: -I/usr/local/include/
|
||||
#cgo openbsd LDFLAGS: -lltdl -L/usr/local/lib/
|
||||
#cgo LDFLAGS: -lltdl
|
||||
#define CK_PTR *
|
||||
#ifndef NULL_PTR
|
||||
#define NULL_PTR 0
|
||||
#endif
|
||||
#define CK_DEFINE_FUNCTION(returnType, name) returnType name
|
||||
#define CK_DECLARE_FUNCTION(returnType, name) returnType name
|
||||
#define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType (* name)
|
||||
#define CK_CALLBACK_FUNCTION(returnType, name) returnType (* name)
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <ltdl.h>
|
||||
#include <unistd.h>
|
||||
#include "pkcs11.h"
|
||||
#include "pkcs11go.h"
|
||||
|
||||
struct ctx {
|
||||
lt_dlhandle handle;
|
||||
|
@ -70,9 +70,12 @@ void Destroy(struct ctx *c)
|
|||
free(c);
|
||||
}
|
||||
|
||||
CK_RV Initialize(struct ctx * c, CK_VOID_PTR initArgs)
|
||||
CK_RV Initialize(struct ctx * c)
|
||||
{
|
||||
return c->sym->C_Initialize(initArgs);
|
||||
CK_C_INITIALIZE_ARGS args;
|
||||
memset(&args, 0, sizeof(args));
|
||||
args.flags = CKF_OS_LOCKING_OK;
|
||||
return c->sym->C_Initialize(&args);
|
||||
}
|
||||
|
||||
CK_RV Finalize(struct ctx * c)
|
||||
|
@ -80,9 +83,19 @@ CK_RV Finalize(struct ctx * c)
|
|||
return c->sym->C_Finalize(NULL);
|
||||
}
|
||||
|
||||
CK_RV GetInfo(struct ctx * c, CK_INFO_PTR info)
|
||||
CK_RV GetInfo(struct ctx * c, ckInfoPtr info)
|
||||
{
|
||||
return c->sym->C_GetInfo(info);
|
||||
CK_INFO p;
|
||||
CK_RV e = c->sym->C_GetInfo(&p);
|
||||
if (e != CKR_OK) {
|
||||
return e;
|
||||
}
|
||||
info->cryptokiVersion = p.cryptokiVersion;
|
||||
memcpy(info->manufacturerID, p.manufacturerID, sizeof(p.manufacturerID));
|
||||
info->flags = p.flags;
|
||||
memcpy(info->libraryDescription, p.libraryDescription, sizeof(p.libraryDescription));
|
||||
info->libraryVersion = p.libraryVersion;
|
||||
return e;
|
||||
}
|
||||
|
||||
CK_RV GetSlotList(struct ctx * c, CK_BBOOL tokenPresent,
|
||||
|
@ -114,7 +127,8 @@ CK_RV GetMechanismList(struct ctx * c, CK_ULONG slotID,
|
|||
{
|
||||
CK_RV e =
|
||||
c->sym->C_GetMechanismList((CK_SLOT_ID) slotID, NULL, mechlen);
|
||||
if (e != CKR_OK) {
|
||||
// Gemaltos PKCS11 implementation returns CKR_BUFFER_TOO_SMALL on a NULL ptr instad of CKR_OK as the spec states.
|
||||
if (e != CKR_OK && e != CKR_BUFFER_TOO_SMALL) {
|
||||
return e;
|
||||
}
|
||||
*mech = calloc(*mechlen, sizeof(CK_MECHANISM_TYPE));
|
||||
|
@ -222,18 +236,22 @@ CK_RV Logout(struct ctx * c, CK_SESSION_HANDLE session)
|
|||
}
|
||||
|
||||
CK_RV CreateObject(struct ctx * c, CK_SESSION_HANDLE session,
|
||||
CK_ATTRIBUTE_PTR temp, CK_ULONG tempCount,
|
||||
ckAttrPtr temp, CK_ULONG tempCount,
|
||||
CK_OBJECT_HANDLE_PTR obj)
|
||||
{
|
||||
CK_RV e = c->sym->C_CreateObject(session, temp, tempCount, obj);
|
||||
ATTR_TO_C(tempc, temp, tempCount, NULL);
|
||||
CK_RV e = c->sym->C_CreateObject(session, tempc, tempCount, obj);
|
||||
ATTR_FREE(tempc);
|
||||
return e;
|
||||
}
|
||||
|
||||
CK_RV CopyObject(struct ctx * c, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE o,
|
||||
CK_ATTRIBUTE_PTR temp, CK_ULONG tempCount,
|
||||
ckAttrPtr temp, CK_ULONG tempCount,
|
||||
CK_OBJECT_HANDLE_PTR obj)
|
||||
{
|
||||
CK_RV e = c->sym->C_CopyObject(session, o, temp, tempCount, obj);
|
||||
ATTR_TO_C(tempc, temp, tempCount, NULL);
|
||||
CK_RV e = c->sym->C_CopyObject(session, o, tempc, tempCount, obj);
|
||||
ATTR_FREE(tempc);
|
||||
return e;
|
||||
}
|
||||
|
||||
|
@ -252,39 +270,47 @@ CK_RV GetObjectSize(struct ctx * c, CK_SESSION_HANDLE session,
|
|||
}
|
||||
|
||||
CK_RV GetAttributeValue(struct ctx * c, CK_SESSION_HANDLE session,
|
||||
CK_OBJECT_HANDLE object, CK_ATTRIBUTE_PTR temp,
|
||||
CK_OBJECT_HANDLE object, ckAttrPtr temp,
|
||||
CK_ULONG templen)
|
||||
{
|
||||
ATTR_TO_C(tempc, temp, templen, NULL);
|
||||
// Call for the first time, check the returned ulValue in the attributes, then
|
||||
// allocate enough space and try again.
|
||||
CK_RV e = c->sym->C_GetAttributeValue(session, object, temp, templen);
|
||||
CK_RV e = c->sym->C_GetAttributeValue(session, object, tempc, templen);
|
||||
if (e != CKR_OK) {
|
||||
ATTR_FREE(tempc);
|
||||
return e;
|
||||
}
|
||||
CK_ULONG i;
|
||||
for (i = 0; i < templen; i++) {
|
||||
if ((CK_LONG) temp[i].ulValueLen == -1) {
|
||||
if ((CK_LONG) tempc[i].ulValueLen == -1) {
|
||||
// either access denied or no such object
|
||||
continue;
|
||||
}
|
||||
temp[i].pValue = calloc(temp[i].ulValueLen, sizeof(CK_BYTE));
|
||||
tempc[i].pValue = calloc(tempc[i].ulValueLen, sizeof(CK_BYTE));
|
||||
}
|
||||
e = c->sym->C_GetAttributeValue(session, object, temp, templen);
|
||||
e = c->sym->C_GetAttributeValue(session, object, tempc, templen);
|
||||
ATTR_FROM_C(temp, tempc, templen);
|
||||
ATTR_FREE(tempc);
|
||||
return e;
|
||||
}
|
||||
|
||||
CK_RV SetAttributeValue(struct ctx * c, CK_SESSION_HANDLE session,
|
||||
CK_OBJECT_HANDLE object, CK_ATTRIBUTE_PTR temp,
|
||||
CK_OBJECT_HANDLE object, ckAttrPtr temp,
|
||||
CK_ULONG templen)
|
||||
{
|
||||
CK_RV e = c->sym->C_SetAttributeValue(session, object, temp, templen);
|
||||
ATTR_TO_C(tempc, temp, templen, NULL);
|
||||
CK_RV e = c->sym->C_SetAttributeValue(session, object, tempc, templen);
|
||||
ATTR_FREE(tempc);
|
||||
return e;
|
||||
}
|
||||
|
||||
CK_RV FindObjectsInit(struct ctx * c, CK_SESSION_HANDLE session,
|
||||
CK_ATTRIBUTE_PTR temp, CK_ULONG tempCount)
|
||||
ckAttrPtr temp, CK_ULONG tempCount)
|
||||
{
|
||||
CK_RV e = c->sym->C_FindObjectsInit(session, temp, tempCount);
|
||||
ATTR_TO_C(tempc, temp, tempCount, NULL);
|
||||
CK_RV e = c->sym->C_FindObjectsInit(session, tempc, tempCount);
|
||||
ATTR_FREE(tempc);
|
||||
return e;
|
||||
}
|
||||
|
||||
|
@ -304,9 +330,10 @@ CK_RV FindObjectsFinal(struct ctx * c, CK_SESSION_HANDLE session)
|
|||
}
|
||||
|
||||
CK_RV EncryptInit(struct ctx * c, CK_SESSION_HANDLE session,
|
||||
CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE key)
|
||||
ckMechPtr mechanism, CK_OBJECT_HANDLE key)
|
||||
{
|
||||
CK_RV e = c->sym->C_EncryptInit(session, mechanism, key);
|
||||
MECH_TO_C(m, mechanism);
|
||||
CK_RV e = c->sym->C_EncryptInit(session, m, key);
|
||||
return e;
|
||||
}
|
||||
|
||||
|
@ -359,9 +386,10 @@ CK_RV EncryptFinal(struct ctx * c, CK_SESSION_HANDLE session,
|
|||
}
|
||||
|
||||
CK_RV DecryptInit(struct ctx * c, CK_SESSION_HANDLE session,
|
||||
CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE key)
|
||||
ckMechPtr mechanism, CK_OBJECT_HANDLE key)
|
||||
{
|
||||
CK_RV e = c->sym->C_DecryptInit(session, mechanism, key);
|
||||
MECH_TO_C(m, mechanism);
|
||||
CK_RV e = c->sym->C_DecryptInit(session, m, key);
|
||||
return e;
|
||||
}
|
||||
|
||||
|
@ -414,9 +442,10 @@ CK_RV DecryptFinal(struct ctx * c, CK_SESSION_HANDLE session,
|
|||
}
|
||||
|
||||
CK_RV DigestInit(struct ctx * c, CK_SESSION_HANDLE session,
|
||||
CK_MECHANISM_PTR mechanism)
|
||||
ckMechPtr mechanism)
|
||||
{
|
||||
CK_RV e = c->sym->C_DigestInit(session, mechanism);
|
||||
MECH_TO_C(m, mechanism);
|
||||
CK_RV e = c->sym->C_DigestInit(session, m);
|
||||
return e;
|
||||
}
|
||||
|
||||
|
@ -464,9 +493,10 @@ CK_RV DigestFinal(struct ctx * c, CK_SESSION_HANDLE session, CK_BYTE_PTR * hash,
|
|||
}
|
||||
|
||||
CK_RV SignInit(struct ctx * c, CK_SESSION_HANDLE session,
|
||||
CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE key)
|
||||
ckMechPtr mechanism, CK_OBJECT_HANDLE key)
|
||||
{
|
||||
CK_RV e = c->sym->C_SignInit(session, mechanism, key);
|
||||
MECH_TO_C(m, mechanism);
|
||||
CK_RV e = c->sym->C_SignInit(session, m, key);
|
||||
return e;
|
||||
}
|
||||
|
||||
|
@ -508,9 +538,10 @@ CK_RV SignFinal(struct ctx * c, CK_SESSION_HANDLE session, CK_BYTE_PTR * sig,
|
|||
}
|
||||
|
||||
CK_RV SignRecoverInit(struct ctx * c, CK_SESSION_HANDLE session,
|
||||
CK_MECHANISM_PTR mech, CK_OBJECT_HANDLE key)
|
||||
ckMechPtr mech, CK_OBJECT_HANDLE key)
|
||||
{
|
||||
CK_RV rv = c->sym->C_SignRecoverInit(session, mech, key);
|
||||
MECH_TO_C(m, mech);
|
||||
CK_RV rv = c->sym->C_SignRecoverInit(session, m, key);
|
||||
return rv;
|
||||
}
|
||||
|
||||
|
@ -530,9 +561,10 @@ CK_RV SignRecover(struct ctx * c, CK_SESSION_HANDLE session, CK_BYTE_PTR data,
|
|||
}
|
||||
|
||||
CK_RV VerifyInit(struct ctx * c, CK_SESSION_HANDLE session,
|
||||
CK_MECHANISM_PTR mech, CK_OBJECT_HANDLE key)
|
||||
ckMechPtr mech, CK_OBJECT_HANDLE key)
|
||||
{
|
||||
CK_RV rv = c->sym->C_VerifyInit(session, mech, key);
|
||||
MECH_TO_C(m, mech);
|
||||
CK_RV rv = c->sym->C_VerifyInit(session, m, key);
|
||||
return rv;
|
||||
}
|
||||
|
||||
|
@ -558,9 +590,10 @@ CK_RV VerifyFinal(struct ctx * c, CK_SESSION_HANDLE session, CK_BYTE_PTR sig,
|
|||
}
|
||||
|
||||
CK_RV VerifyRecoverInit(struct ctx * c, CK_SESSION_HANDLE session,
|
||||
CK_MECHANISM_PTR mech, CK_OBJECT_HANDLE key)
|
||||
ckMechPtr mech, CK_OBJECT_HANDLE key)
|
||||
{
|
||||
CK_RV rv = c->sym->C_VerifyRecoverInit(session, mech, key);
|
||||
MECH_TO_C(m, mech);
|
||||
CK_RV rv = c->sym->C_VerifyRecoverInit(session, m, key);
|
||||
return rv;
|
||||
}
|
||||
|
||||
|
@ -653,33 +686,39 @@ CK_RV DecryptVerifyUpdate(struct ctx * c, CK_SESSION_HANDLE session,
|
|||
}
|
||||
|
||||
CK_RV GenerateKey(struct ctx * c, CK_SESSION_HANDLE session,
|
||||
CK_MECHANISM_PTR mechanism, CK_ATTRIBUTE_PTR temp,
|
||||
ckMechPtr mechanism, ckAttrPtr temp,
|
||||
CK_ULONG tempCount, CK_OBJECT_HANDLE_PTR key)
|
||||
{
|
||||
CK_RV e =
|
||||
c->sym->C_GenerateKey(session, mechanism, temp, tempCount, key);
|
||||
MECH_TO_C(m, mechanism);
|
||||
ATTR_TO_C(tempc, temp, tempCount, NULL);
|
||||
CK_RV e = c->sym->C_GenerateKey(session, m, tempc, tempCount, key);
|
||||
ATTR_FREE(tempc);
|
||||
return e;
|
||||
}
|
||||
|
||||
CK_RV GenerateKeyPair(struct ctx * c, CK_SESSION_HANDLE session,
|
||||
CK_MECHANISM_PTR mechanism, CK_ATTRIBUTE_PTR pub,
|
||||
CK_ULONG pubCount, CK_ATTRIBUTE_PTR priv,
|
||||
ckMechPtr mechanism, ckAttrPtr pub,
|
||||
CK_ULONG pubCount, ckAttrPtr priv,
|
||||
CK_ULONG privCount, CK_OBJECT_HANDLE_PTR pubkey,
|
||||
CK_OBJECT_HANDLE_PTR privkey)
|
||||
{
|
||||
CK_RV e =
|
||||
c->sym->C_GenerateKeyPair(session, mechanism, pub, pubCount, priv,
|
||||
privCount,
|
||||
pubkey, privkey);
|
||||
MECH_TO_C(m, mechanism);
|
||||
ATTR_TO_C(pubc, pub, pubCount, NULL);
|
||||
ATTR_TO_C(privc, priv, privCount, pubc);
|
||||
CK_RV e = c->sym->C_GenerateKeyPair(session, m, pubc, pubCount,
|
||||
privc, privCount, pubkey, privkey);
|
||||
ATTR_FREE(pubc);
|
||||
ATTR_FREE(privc);
|
||||
return e;
|
||||
}
|
||||
|
||||
CK_RV WrapKey(struct ctx * c, CK_SESSION_HANDLE session,
|
||||
CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE wrappingkey,
|
||||
ckMechPtr mechanism, CK_OBJECT_HANDLE wrappingkey,
|
||||
CK_OBJECT_HANDLE key, CK_BYTE_PTR * wrapped,
|
||||
CK_ULONG_PTR wrappedlen)
|
||||
{
|
||||
CK_RV rv = c->sym->C_WrapKey(session, mechanism, wrappingkey, key, NULL,
|
||||
MECH_TO_C(m, mechanism);
|
||||
CK_RV rv = c->sym->C_WrapKey(session, m, wrappingkey, key, NULL,
|
||||
wrappedlen);
|
||||
if (rv != CKR_OK) {
|
||||
return rv;
|
||||
|
@ -688,26 +727,32 @@ CK_RV WrapKey(struct ctx * c, CK_SESSION_HANDLE session,
|
|||
if (*wrapped == NULL) {
|
||||
return CKR_HOST_MEMORY;
|
||||
}
|
||||
rv = c->sym->C_WrapKey(session, mechanism, wrappingkey, key, *wrapped,
|
||||
rv = c->sym->C_WrapKey(session, m, wrappingkey, key, *wrapped,
|
||||
wrappedlen);
|
||||
return rv;
|
||||
}
|
||||
|
||||
CK_RV DeriveKey(struct ctx * c, CK_SESSION_HANDLE session,
|
||||
CK_MECHANISM_PTR mech, CK_OBJECT_HANDLE basekey,
|
||||
CK_ATTRIBUTE_PTR a, CK_ULONG alen, CK_OBJECT_HANDLE_PTR key)
|
||||
ckMechPtr mech, CK_OBJECT_HANDLE basekey,
|
||||
ckAttrPtr a, CK_ULONG alen, CK_OBJECT_HANDLE_PTR key)
|
||||
{
|
||||
CK_RV e = c->sym->C_DeriveKey(session, mech, basekey, a, alen, key);
|
||||
MECH_TO_C(m, mech);
|
||||
ATTR_TO_C(tempc, a, alen, NULL);
|
||||
CK_RV e = c->sym->C_DeriveKey(session, m, basekey, tempc, alen, key);
|
||||
ATTR_FREE(tempc);
|
||||
return e;
|
||||
}
|
||||
|
||||
CK_RV UnwrapKey(struct ctx * c, CK_SESSION_HANDLE session,
|
||||
CK_MECHANISM_PTR mech, CK_OBJECT_HANDLE unwrappingkey,
|
||||
ckMechPtr mech, CK_OBJECT_HANDLE unwrappingkey,
|
||||
CK_BYTE_PTR wrappedkey, CK_ULONG wrappedkeylen,
|
||||
CK_ATTRIBUTE_PTR a, CK_ULONG alen, CK_OBJECT_HANDLE_PTR key)
|
||||
ckAttrPtr a, CK_ULONG alen, CK_OBJECT_HANDLE_PTR key)
|
||||
{
|
||||
CK_RV e = c->sym->C_UnwrapKey(session, mech, unwrappingkey, wrappedkey,
|
||||
wrappedkeylen, a, alen, key);
|
||||
MECH_TO_C(m, mech);
|
||||
ATTR_TO_C(tempc, a, alen, NULL);
|
||||
CK_RV e = c->sym->C_UnwrapKey(session, m, unwrappingkey, wrappedkey,
|
||||
wrappedkeylen, tempc, alen, key);
|
||||
ATTR_FREE(tempc);
|
||||
return e;
|
||||
}
|
||||
|
||||
|
@ -735,6 +780,38 @@ CK_RV WaitForSlotEvent(struct ctx * c, CK_FLAGS flags, CK_ULONG_PTR slot)
|
|||
c->sym->C_WaitForSlotEvent(flags, (CK_SLOT_ID_PTR) slot, NULL);
|
||||
return e;
|
||||
}
|
||||
|
||||
#ifdef REPACK_STRUCTURES
|
||||
|
||||
CK_RV attrsToC(CK_ATTRIBUTE_PTR *attrOut, ckAttrPtr attrIn, CK_ULONG count) {
|
||||
CK_ATTRIBUTE_PTR attr = calloc(count, sizeof(CK_ATTRIBUTE));
|
||||
if (attr == NULL) {
|
||||
return CKR_HOST_MEMORY;
|
||||
}
|
||||
for (int i = 0; i < count; i++) {
|
||||
attr[i].type = attrIn[i].type;
|
||||
attr[i].pValue = attrIn[i].pValue;
|
||||
attr[i].ulValueLen = attrIn[i].ulValueLen;
|
||||
}
|
||||
*attrOut = attr;
|
||||
return CKR_OK;
|
||||
}
|
||||
|
||||
void attrsFromC(ckAttrPtr attrOut, CK_ATTRIBUTE_PTR attrIn, CK_ULONG count) {
|
||||
for (int i = 0; i < count; i++) {
|
||||
attrOut[i].type = attrIn[i].type;
|
||||
attrOut[i].pValue = attrIn[i].pValue;
|
||||
attrOut[i].ulValueLen = attrIn[i].ulValueLen;
|
||||
}
|
||||
}
|
||||
|
||||
void mechToC(CK_MECHANISM_PTR mechOut, ckMechPtr mechIn) {
|
||||
mechOut->mechanism = mechIn->mechanism;
|
||||
mechOut->pParameter = mechIn->pParameter;
|
||||
mechOut->ulParameterLen = mechIn->ulParameterLen;
|
||||
}
|
||||
|
||||
#endif
|
||||
*/
|
||||
import "C"
|
||||
import "strings"
|
||||
|
@ -748,6 +825,11 @@ type Ctx struct {
|
|||
|
||||
// New creates a new context and initializes the module/library for use.
|
||||
func New(module string) *Ctx {
|
||||
// libtool-ltdl will return an assertion error if passed an empty string, so
|
||||
// we check for it explicitly.
|
||||
if module == "" {
|
||||
return nil
|
||||
}
|
||||
c := new(Ctx)
|
||||
mod := C.CString(module)
|
||||
defer C.free(unsafe.Pointer(mod))
|
||||
|
@ -769,8 +851,7 @@ func (c *Ctx) Destroy() {
|
|||
|
||||
/* Initialize initializes the Cryptoki library. */
|
||||
func (c *Ctx) Initialize() error {
|
||||
args := &C.CK_C_INITIALIZE_ARGS{nil, nil, nil, nil, C.CKF_OS_LOCKING_OK, nil}
|
||||
e := C.Initialize(c.ctx, C.CK_VOID_PTR(args))
|
||||
e := C.Initialize(c.ctx)
|
||||
return toError(e)
|
||||
}
|
||||
|
||||
|
@ -785,8 +866,8 @@ func (c *Ctx) Finalize() error {
|
|||
|
||||
/* GetInfo returns general information about Cryptoki. */
|
||||
func (c *Ctx) GetInfo() (Info, error) {
|
||||
var p C.CK_INFO
|
||||
e := C.GetInfo(c.ctx, C.CK_INFO_PTR(&p))
|
||||
var p C.ckInfo
|
||||
e := C.GetInfo(c.ctx, &p)
|
||||
i := Info{
|
||||
CryptokiVersion: toVersion(p.cryptokiVersion),
|
||||
ManufacturerID: strings.TrimRight(string(C.GoBytes(unsafe.Pointer(&p.manufacturerID[0]), 32)), " "),
|
||||
|
@ -1041,11 +1122,11 @@ func (c *Ctx) GetObjectSize(sh SessionHandle, oh ObjectHandle) (uint, error) {
|
|||
func (c *Ctx) GetAttributeValue(sh SessionHandle, o ObjectHandle, a []*Attribute) ([]*Attribute, error) {
|
||||
// copy the attribute list and make all the values nil, so that
|
||||
// the C function can (allocate) fill them in
|
||||
pa := make([]C.CK_ATTRIBUTE, len(a))
|
||||
pa := make([]C.ckAttr, len(a))
|
||||
for i := 0; i < len(a); i++ {
|
||||
pa[i]._type = C.CK_ATTRIBUTE_TYPE(a[i].Type)
|
||||
}
|
||||
e := C.GetAttributeValue(c.ctx, C.CK_SESSION_HANDLE(sh), C.CK_OBJECT_HANDLE(o), C.CK_ATTRIBUTE_PTR(&pa[0]), C.CK_ULONG(len(a)))
|
||||
e := C.GetAttributeValue(c.ctx, C.CK_SESSION_HANDLE(sh), C.CK_OBJECT_HANDLE(o), C.ckAttrPtr(&pa[0]), C.CK_ULONG(len(a)))
|
||||
if toError(e) != nil {
|
||||
return nil, toError(e)
|
||||
}
|
||||
|
@ -1529,7 +1610,7 @@ func (c *Ctx) UnwrapKey(sh SessionHandle, m []*Mechanism, unwrappingkey ObjectHa
|
|||
return ObjectHandle(key), toError(e)
|
||||
}
|
||||
|
||||
// DeriveKey derives a key from a base key, creating a new key object. */
|
||||
// DeriveKey derives a key from a base key, creating a new key object.
|
||||
func (c *Ctx) DeriveKey(sh SessionHandle, m []*Mechanism, basekey ObjectHandle, a []*Attribute) (ObjectHandle, error) {
|
||||
var key C.CK_OBJECT_HANDLE
|
||||
attrarena, ac, aclen := cAttributeList(a)
|
||||
|
|
|
@ -1,19 +1,12 @@
|
|||
/* pkcs11.h include file for PKCS #11. */
|
||||
/* $Revision: 1.2 $ */
|
||||
/* Copyright (c) OASIS Open 2016. All Rights Reserved./
|
||||
* /Distributed under the terms of the OASIS IPR Policy,
|
||||
* [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY
|
||||
* IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS FOR A
|
||||
* PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others.
|
||||
*/
|
||||
|
||||
/* License to copy and use this software is granted provided that it is
|
||||
* identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
|
||||
* (Cryptoki)" in all material mentioning or referencing this software.
|
||||
|
||||
* License is also granted to make and use derivative works provided that
|
||||
* such works are identified as "derived from the RSA Security Inc. PKCS #11
|
||||
* Cryptographic Token Interface (Cryptoki)" in all material mentioning or
|
||||
* referencing the derived work.
|
||||
|
||||
* RSA Security Inc. makes no representations concerning either the
|
||||
* merchantability of this software or the suitability of this software for
|
||||
* any particular purpose. It is provided "as is" without express or implied
|
||||
* warranty of any kind.
|
||||
/* Latest version of the specification:
|
||||
* http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html
|
||||
*/
|
||||
|
||||
#ifndef _PKCS11_H_
|
||||
|
@ -24,14 +17,14 @@ extern "C" {
|
|||
#endif
|
||||
|
||||
/* Before including this file (pkcs11.h) (or pkcs11t.h by
|
||||
* itself), 6 platform-specific macros must be defined. These
|
||||
* itself), 5 platform-specific macros must be defined. These
|
||||
* macros are described below, and typical definitions for them
|
||||
* are also given. Be advised that these definitions can depend
|
||||
* on both the platform and the compiler used (and possibly also
|
||||
* on whether a Cryptoki library is linked statically or
|
||||
* dynamically).
|
||||
*
|
||||
* In addition to defining these 6 macros, the packing convention
|
||||
* In addition to defining these 5 macros, the packing convention
|
||||
* for Cryptoki structures should be set. The Cryptoki
|
||||
* convention on packing is that structures should be 1-byte
|
||||
* aligned.
|
||||
|
@ -81,39 +74,7 @@ extern "C" {
|
|||
* #define CK_PTR *
|
||||
*
|
||||
*
|
||||
* 2. CK_DEFINE_FUNCTION(returnType, name): A macro which makes
|
||||
* an exportable Cryptoki library function definition out of a
|
||||
* return type and a function name. It should be used in the
|
||||
* following fashion to define the exposed Cryptoki functions in
|
||||
* a Cryptoki library:
|
||||
*
|
||||
* CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(
|
||||
* CK_VOID_PTR pReserved
|
||||
* )
|
||||
* {
|
||||
* ...
|
||||
* }
|
||||
*
|
||||
* If you're using Microsoft Developer Studio 5.0 to define a
|
||||
* function in a Win32 Cryptoki .dll, it might be defined by:
|
||||
*
|
||||
* #define CK_DEFINE_FUNCTION(returnType, name) \
|
||||
* returnType __declspec(dllexport) name
|
||||
*
|
||||
* If you're using an earlier version of Microsoft Developer
|
||||
* Studio to define a function in a Win16 Cryptoki .dll, it
|
||||
* might be defined by:
|
||||
*
|
||||
* #define CK_DEFINE_FUNCTION(returnType, name) \
|
||||
* returnType __export _far _pascal name
|
||||
*
|
||||
* In a UNIX environment, it might be defined by:
|
||||
*
|
||||
* #define CK_DEFINE_FUNCTION(returnType, name) \
|
||||
* returnType name
|
||||
*
|
||||
*
|
||||
* 3. CK_DECLARE_FUNCTION(returnType, name): A macro which makes
|
||||
* 2. CK_DECLARE_FUNCTION(returnType, name): A macro which makes
|
||||
* an importable Cryptoki library function declaration out of a
|
||||
* return type and a function name. It should be used in the
|
||||
* following fashion:
|
||||
|
@ -141,7 +102,7 @@ extern "C" {
|
|||
* returnType name
|
||||
*
|
||||
*
|
||||
* 4. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro
|
||||
* 3. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro
|
||||
* which makes a Cryptoki API function pointer declaration or
|
||||
* function pointer type declaration out of a return type and a
|
||||
* function name. It should be used in the following fashion:
|
||||
|
@ -178,7 +139,7 @@ extern "C" {
|
|||
* returnType (* name)
|
||||
*
|
||||
*
|
||||
* 5. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes
|
||||
* 4. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes
|
||||
* a function pointer type for an application callback out of
|
||||
* a return type for the callback and a name for the callback.
|
||||
* It should be used in the following fashion:
|
||||
|
@ -210,7 +171,7 @@ extern "C" {
|
|||
* returnType (* name)
|
||||
*
|
||||
*
|
||||
* 6. NULL_PTR: This macro is the value of a NULL pointer.
|
||||
* 5. NULL_PTR: This macro is the value of a NULL pointer.
|
||||
*
|
||||
* In any ANSI/ISO C environment (and in many others as well),
|
||||
* this should best be defined by
|
||||
|
@ -222,7 +183,8 @@ extern "C" {
|
|||
|
||||
|
||||
/* All the various Cryptoki types and #define'd values are in the
|
||||
* file pkcs11t.h. */
|
||||
* file pkcs11t.h.
|
||||
*/
|
||||
#include "pkcs11t.h"
|
||||
|
||||
#define __PASTE(x,y) x##y
|
||||
|
@ -238,7 +200,8 @@ extern "C" {
|
|||
extern CK_DECLARE_FUNCTION(CK_RV, name)
|
||||
|
||||
/* pkcs11f.h has all the information about the Cryptoki
|
||||
* function prototypes. */
|
||||
* function prototypes.
|
||||
*/
|
||||
#include "pkcs11f.h"
|
||||
|
||||
#undef CK_NEED_ARG_LIST
|
||||
|
@ -257,7 +220,8 @@ extern "C" {
|
|||
typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, __PASTE(CK_,name))
|
||||
|
||||
/* pkcs11f.h has all the information about the Cryptoki
|
||||
* function prototypes. */
|
||||
* function prototypes.
|
||||
*/
|
||||
#include "pkcs11f.h"
|
||||
|
||||
#undef CK_NEED_ARG_LIST
|
||||
|
@ -282,7 +246,8 @@ struct CK_FUNCTION_LIST {
|
|||
|
||||
/* Pile all the function pointers into the CK_FUNCTION_LIST. */
|
||||
/* pkcs11f.h has all the information about the Cryptoki
|
||||
* function prototypes. */
|
||||
* function prototypes.
|
||||
*/
|
||||
#include "pkcs11f.h"
|
||||
|
||||
};
|
||||
|
@ -296,4 +261,5 @@ struct CK_FUNCTION_LIST {
|
|||
}
|
||||
#endif
|
||||
|
||||
#endif
|
||||
#endif /* _PKCS11_H_ */
|
||||
|
||||
|
|
|
@ -1,26 +1,20 @@
|
|||
/* pkcs11f.h include file for PKCS #11. */
|
||||
/* $Revision: 1.2 $ */
|
||||
|
||||
/* License to copy and use this software is granted provided that it is
|
||||
* identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
|
||||
* (Cryptoki)" in all material mentioning or referencing this software.
|
||||
|
||||
* License is also granted to make and use derivative works provided that
|
||||
* such works are identified as "derived from the RSA Security Inc. PKCS #11
|
||||
* Cryptographic Token Interface (Cryptoki)" in all material mentioning or
|
||||
* referencing the derived work.
|
||||
|
||||
* RSA Security Inc. makes no representations concerning either the
|
||||
* merchantability of this software or the suitability of this software for
|
||||
* any particular purpose. It is provided "as is" without express or implied
|
||||
* warranty of any kind.
|
||||
/* Copyright (c) OASIS Open 2016. All Rights Reserved./
|
||||
* /Distributed under the terms of the OASIS IPR Policy,
|
||||
* [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY
|
||||
* IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS FOR A
|
||||
* PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others.
|
||||
*/
|
||||
|
||||
/* This header file contains pretty much everything about all the */
|
||||
/* Cryptoki function prototypes. Because this information is */
|
||||
/* used for more than just declaring function prototypes, the */
|
||||
/* order of the functions appearing herein is important, and */
|
||||
/* should not be altered. */
|
||||
/* Latest version of the specification:
|
||||
* http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html
|
||||
*/
|
||||
|
||||
/* This header file contains pretty much everything about all the
|
||||
* Cryptoki function prototypes. Because this information is
|
||||
* used for more than just declaring function prototypes, the
|
||||
* order of the functions appearing herein is important, and
|
||||
* should not be altered.
|
||||
*/
|
||||
|
||||
/* General-purpose */
|
||||
|
||||
|
@ -30,13 +24,15 @@ CK_PKCS11_FUNCTION_INFO(C_Initialize)
|
|||
(
|
||||
CK_VOID_PTR pInitArgs /* if this is not NULL_PTR, it gets
|
||||
* cast to CK_C_INITIALIZE_ARGS_PTR
|
||||
* and dereferenced */
|
||||
* and dereferenced
|
||||
*/
|
||||
);
|
||||
#endif
|
||||
|
||||
|
||||
/* C_Finalize indicates that an application is done with the
|
||||
* Cryptoki library. */
|
||||
* Cryptoki library.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_Finalize)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -59,7 +55,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetFunctionList)
|
|||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
CK_FUNCTION_LIST_PTR_PTR ppFunctionList /* receives pointer to
|
||||
* function list */
|
||||
* function list
|
||||
*/
|
||||
);
|
||||
#endif
|
||||
|
||||
|
@ -71,7 +68,7 @@ CK_PKCS11_FUNCTION_INFO(C_GetFunctionList)
|
|||
CK_PKCS11_FUNCTION_INFO(C_GetSlotList)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
CK_BBOOL tokenPresent, /* only slots with tokens? */
|
||||
CK_BBOOL tokenPresent, /* only slots with tokens */
|
||||
CK_SLOT_ID_PTR pSlotList, /* receives array of slot IDs */
|
||||
CK_ULONG_PTR pulCount /* receives number of slots */
|
||||
);
|
||||
|
@ -79,7 +76,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetSlotList)
|
|||
|
||||
|
||||
/* C_GetSlotInfo obtains information about a particular slot in
|
||||
* the system. */
|
||||
* the system.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -90,7 +88,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo)
|
|||
|
||||
|
||||
/* C_GetTokenInfo obtains information about a particular token
|
||||
* in the system. */
|
||||
* in the system.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -101,7 +100,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo)
|
|||
|
||||
|
||||
/* C_GetMechanismList obtains a list of mechanism types
|
||||
* supported by a token. */
|
||||
* supported by a token.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_GetMechanismList)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -113,7 +113,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetMechanismList)
|
|||
|
||||
|
||||
/* C_GetMechanismInfo obtains information about a particular
|
||||
* mechanism possibly supported by a token. */
|
||||
* mechanism possibly supported by a token.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -127,7 +128,6 @@ CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo)
|
|||
/* C_InitToken initializes a token. */
|
||||
CK_PKCS11_FUNCTION_INFO(C_InitToken)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
/* pLabel changed from CK_CHAR_PTR to CK_UTF8CHAR_PTR for v2.10 */
|
||||
(
|
||||
CK_SLOT_ID slotID, /* ID of the token's slot */
|
||||
CK_UTF8CHAR_PTR pPin, /* the SO's initial PIN */
|
||||
|
@ -165,7 +165,8 @@ CK_PKCS11_FUNCTION_INFO(C_SetPIN)
|
|||
/* Session management */
|
||||
|
||||
/* C_OpenSession opens a session between an application and a
|
||||
* token. */
|
||||
* token.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_OpenSession)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -179,7 +180,8 @@ CK_PKCS11_FUNCTION_INFO(C_OpenSession)
|
|||
|
||||
|
||||
/* C_CloseSession closes a session between an application and a
|
||||
* token. */
|
||||
* token.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_CloseSession)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -187,6 +189,7 @@ CK_PKCS11_FUNCTION_INFO(C_CloseSession)
|
|||
);
|
||||
#endif
|
||||
|
||||
|
||||
/* C_CloseAllSessions closes all sessions with a token. */
|
||||
CK_PKCS11_FUNCTION_INFO(C_CloseAllSessions)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
|
@ -207,7 +210,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetSessionInfo)
|
|||
|
||||
|
||||
/* C_GetOperationState obtains the state of the cryptographic operation
|
||||
* in a session. */
|
||||
* in a session.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_GetOperationState)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -219,7 +223,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetOperationState)
|
|||
|
||||
|
||||
/* C_SetOperationState restores the state of the cryptographic
|
||||
* operation in a session. */
|
||||
* operation in a session.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_SetOperationState)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -267,8 +272,10 @@ CK_PKCS11_FUNCTION_INFO(C_CreateObject)
|
|||
);
|
||||
#endif
|
||||
|
||||
|
||||
/* C_CopyObject copies an object, creating a new object for the
|
||||
* copy. */
|
||||
* copy.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_CopyObject)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -303,7 +310,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetObjectSize)
|
|||
|
||||
|
||||
/* C_GetAttributeValue obtains the value of one or more object
|
||||
* attributes. */
|
||||
* attributes.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -316,7 +324,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue)
|
|||
|
||||
|
||||
/* C_SetAttributeValue modifies the value of one or more object
|
||||
* attributes */
|
||||
* attributes.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -329,7 +338,8 @@ CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue)
|
|||
|
||||
|
||||
/* C_FindObjectsInit initializes a search for token and session
|
||||
* objects that match a template. */
|
||||
* objects that match a template.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -342,7 +352,8 @@ CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit)
|
|||
|
||||
/* C_FindObjects continues a search for token and session
|
||||
* objects that match a template, obtaining additional object
|
||||
* handles. */
|
||||
* handles.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_FindObjects)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -355,7 +366,8 @@ CK_PKCS11_FUNCTION_INFO(C_FindObjects)
|
|||
|
||||
|
||||
/* C_FindObjectsFinal finishes a search for token and session
|
||||
* objects. */
|
||||
* objects.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_FindObjectsFinal)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -392,7 +404,8 @@ CK_PKCS11_FUNCTION_INFO(C_Encrypt)
|
|||
|
||||
|
||||
/* C_EncryptUpdate continues a multiple-part encryption
|
||||
* operation. */
|
||||
* operation.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -406,7 +419,8 @@ CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate)
|
|||
|
||||
|
||||
/* C_EncryptFinal finishes a multiple-part encryption
|
||||
* operation. */
|
||||
* operation.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_EncryptFinal)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -442,7 +456,8 @@ CK_PKCS11_FUNCTION_INFO(C_Decrypt)
|
|||
|
||||
|
||||
/* C_DecryptUpdate continues a multiple-part decryption
|
||||
* operation. */
|
||||
* operation.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -456,7 +471,8 @@ CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate)
|
|||
|
||||
|
||||
/* C_DecryptFinal finishes a multiple-part decryption
|
||||
* operation. */
|
||||
* operation.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_DecryptFinal)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -494,7 +510,8 @@ CK_PKCS11_FUNCTION_INFO(C_Digest)
|
|||
|
||||
|
||||
/* C_DigestUpdate continues a multiple-part message-digesting
|
||||
* operation. */
|
||||
* operation.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_DigestUpdate)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -507,7 +524,8 @@ CK_PKCS11_FUNCTION_INFO(C_DigestUpdate)
|
|||
|
||||
/* C_DigestKey continues a multi-part message-digesting
|
||||
* operation, by digesting the value of a secret key as part of
|
||||
* the data already digested. */
|
||||
* the data already digested.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_DigestKey)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -518,7 +536,8 @@ CK_PKCS11_FUNCTION_INFO(C_DigestKey)
|
|||
|
||||
|
||||
/* C_DigestFinal finishes a multiple-part message-digesting
|
||||
* operation. */
|
||||
* operation.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_DigestFinal)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -535,7 +554,8 @@ CK_PKCS11_FUNCTION_INFO(C_DigestFinal)
|
|||
/* C_SignInit initializes a signature (private key encryption)
|
||||
* operation, where the signature is (will be) an appendix to
|
||||
* the data, and plaintext cannot be recovered from the
|
||||
*signature. */
|
||||
* signature.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_SignInit)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -548,7 +568,8 @@ CK_PKCS11_FUNCTION_INFO(C_SignInit)
|
|||
|
||||
/* C_Sign signs (encrypts with private key) data in a single
|
||||
* part, where the signature is (will be) an appendix to the
|
||||
* data, and plaintext cannot be recovered from the signature. */
|
||||
* data, and plaintext cannot be recovered from the signature.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_Sign)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -563,7 +584,8 @@ CK_PKCS11_FUNCTION_INFO(C_Sign)
|
|||
|
||||
/* C_SignUpdate continues a multiple-part signature operation,
|
||||
* where the signature is (will be) an appendix to the data,
|
||||
* and plaintext cannot be recovered from the signature. */
|
||||
* and plaintext cannot be recovered from the signature.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_SignUpdate)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -575,7 +597,8 @@ CK_PKCS11_FUNCTION_INFO(C_SignUpdate)
|
|||
|
||||
|
||||
/* C_SignFinal finishes a multiple-part signature operation,
|
||||
* returning the signature. */
|
||||
* returning the signature.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_SignFinal)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -587,7 +610,8 @@ CK_PKCS11_FUNCTION_INFO(C_SignFinal)
|
|||
|
||||
|
||||
/* C_SignRecoverInit initializes a signature operation, where
|
||||
* the data can be recovered from the signature. */
|
||||
* the data can be recovered from the signature.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -599,7 +623,8 @@ CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit)
|
|||
|
||||
|
||||
/* C_SignRecover signs data in a single operation, where the
|
||||
* data can be recovered from the signature. */
|
||||
* data can be recovered from the signature.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_SignRecover)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -617,7 +642,8 @@ CK_PKCS11_FUNCTION_INFO(C_SignRecover)
|
|||
|
||||
/* C_VerifyInit initializes a verification operation, where the
|
||||
* signature is an appendix to the data, and plaintext cannot
|
||||
* cannot be recovered from the signature (e.g. DSA). */
|
||||
* cannot be recovered from the signature (e.g. DSA).
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_VerifyInit)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -630,7 +656,8 @@ CK_PKCS11_FUNCTION_INFO(C_VerifyInit)
|
|||
|
||||
/* C_Verify verifies a signature in a single-part operation,
|
||||
* where the signature is an appendix to the data, and plaintext
|
||||
* cannot be recovered from the signature. */
|
||||
* cannot be recovered from the signature.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_Verify)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -645,7 +672,8 @@ CK_PKCS11_FUNCTION_INFO(C_Verify)
|
|||
|
||||
/* C_VerifyUpdate continues a multiple-part verification
|
||||
* operation, where the signature is an appendix to the data,
|
||||
* and plaintext cannot be recovered from the signature. */
|
||||
* and plaintext cannot be recovered from the signature.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -657,7 +685,8 @@ CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate)
|
|||
|
||||
|
||||
/* C_VerifyFinal finishes a multiple-part verification
|
||||
* operation, checking the signature. */
|
||||
* operation, checking the signature.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_VerifyFinal)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -669,7 +698,8 @@ CK_PKCS11_FUNCTION_INFO(C_VerifyFinal)
|
|||
|
||||
|
||||
/* C_VerifyRecoverInit initializes a signature verification
|
||||
* operation, where the data is recovered from the signature. */
|
||||
* operation, where the data is recovered from the signature.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -681,7 +711,8 @@ CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit)
|
|||
|
||||
|
||||
/* C_VerifyRecover verifies a signature in a single-part
|
||||
* operation, where the data is recovered from the signature. */
|
||||
* operation, where the data is recovered from the signature.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_VerifyRecover)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -698,7 +729,8 @@ CK_PKCS11_FUNCTION_INFO(C_VerifyRecover)
|
|||
/* Dual-function cryptographic operations */
|
||||
|
||||
/* C_DigestEncryptUpdate continues a multiple-part digesting
|
||||
* and encryption operation. */
|
||||
* and encryption operation.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -712,7 +744,8 @@ CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate)
|
|||
|
||||
|
||||
/* C_DecryptDigestUpdate continues a multiple-part decryption and
|
||||
* digesting operation. */
|
||||
* digesting operation.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -726,7 +759,8 @@ CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate)
|
|||
|
||||
|
||||
/* C_SignEncryptUpdate continues a multiple-part signing and
|
||||
* encryption operation. */
|
||||
* encryption operation.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -740,7 +774,8 @@ CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate)
|
|||
|
||||
|
||||
/* C_DecryptVerifyUpdate continues a multiple-part decryption and
|
||||
* verify operation. */
|
||||
* verify operation.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -757,7 +792,8 @@ CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate)
|
|||
/* Key management */
|
||||
|
||||
/* C_GenerateKey generates a secret key, creating a new key
|
||||
* object. */
|
||||
* object.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_GenerateKey)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -771,30 +807,19 @@ CK_PKCS11_FUNCTION_INFO(C_GenerateKey)
|
|||
|
||||
|
||||
/* C_GenerateKeyPair generates a public-key/private-key pair,
|
||||
* creating new key objects. */
|
||||
* creating new key objects.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
CK_SESSION_HANDLE hSession, /* session
|
||||
* handle */
|
||||
CK_MECHANISM_PTR pMechanism, /* key-gen
|
||||
* mech. */
|
||||
CK_ATTRIBUTE_PTR pPublicKeyTemplate, /* template
|
||||
* for pub.
|
||||
* key */
|
||||
CK_ULONG ulPublicKeyAttributeCount, /* # pub.
|
||||
* attrs. */
|
||||
CK_ATTRIBUTE_PTR pPrivateKeyTemplate, /* template
|
||||
* for priv.
|
||||
* key */
|
||||
CK_ULONG ulPrivateKeyAttributeCount, /* # priv.
|
||||
* attrs. */
|
||||
CK_OBJECT_HANDLE_PTR phPublicKey, /* gets pub.
|
||||
* key
|
||||
* handle */
|
||||
CK_OBJECT_HANDLE_PTR phPrivateKey /* gets
|
||||
* priv. key
|
||||
* handle */
|
||||
CK_SESSION_HANDLE hSession, /* session handle */
|
||||
CK_MECHANISM_PTR pMechanism, /* key-gen mech. */
|
||||
CK_ATTRIBUTE_PTR pPublicKeyTemplate, /* template for pub. key */
|
||||
CK_ULONG ulPublicKeyAttributeCount, /* # pub. attrs. */
|
||||
CK_ATTRIBUTE_PTR pPrivateKeyTemplate, /* template for priv. key */
|
||||
CK_ULONG ulPrivateKeyAttributeCount, /* # priv. attrs. */
|
||||
CK_OBJECT_HANDLE_PTR phPublicKey, /* gets pub. key handle */
|
||||
CK_OBJECT_HANDLE_PTR phPrivateKey /* gets priv. key handle */
|
||||
);
|
||||
#endif
|
||||
|
||||
|
@ -814,7 +839,8 @@ CK_PKCS11_FUNCTION_INFO(C_WrapKey)
|
|||
|
||||
|
||||
/* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new
|
||||
* key object. */
|
||||
* key object.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_UnwrapKey)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -831,7 +857,8 @@ CK_PKCS11_FUNCTION_INFO(C_UnwrapKey)
|
|||
|
||||
|
||||
/* C_DeriveKey derives a key from a base key, creating a new key
|
||||
* object. */
|
||||
* object.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_DeriveKey)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -849,7 +876,8 @@ CK_PKCS11_FUNCTION_INFO(C_DeriveKey)
|
|||
/* Random number generation */
|
||||
|
||||
/* C_SeedRandom mixes additional seed material into the token's
|
||||
* random number generator. */
|
||||
* random number generator.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_SeedRandom)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -876,7 +904,8 @@ CK_PKCS11_FUNCTION_INFO(C_GenerateRandom)
|
|||
|
||||
/* C_GetFunctionStatus is a legacy function; it obtains an
|
||||
* updated status of a function running in parallel with an
|
||||
* application. */
|
||||
* application.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -886,7 +915,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus)
|
|||
|
||||
|
||||
/* C_CancelFunction is a legacy function; it cancels a function
|
||||
* running in parallel. */
|
||||
* running in parallel.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_CancelFunction)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -895,11 +925,9 @@ CK_PKCS11_FUNCTION_INFO(C_CancelFunction)
|
|||
#endif
|
||||
|
||||
|
||||
|
||||
/* Functions added in for Cryptoki Version 2.01 or later */
|
||||
|
||||
/* C_WaitForSlotEvent waits for a slot event (token insertion,
|
||||
* removal, etc.) to occur. */
|
||||
* removal, etc.) to occur.
|
||||
*/
|
||||
CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent)
|
||||
#ifdef CK_NEED_ARG_LIST
|
||||
(
|
||||
|
@ -908,3 +936,4 @@ CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent)
|
|||
CK_VOID_PTR pRserved /* reserved. Should be NULL_PTR */
|
||||
);
|
||||
#endif
|
||||
|
||||
|
|
|
@ -0,0 +1,83 @@
|
|||
//
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
//
|
||||
|
||||
#define CK_PTR *
|
||||
#ifndef NULL_PTR
|
||||
#define NULL_PTR 0
|
||||
#endif
|
||||
#define CK_DEFINE_FUNCTION(returnType, name) returnType name
|
||||
#define CK_DECLARE_FUNCTION(returnType, name) returnType name
|
||||
#define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType (* name)
|
||||
#define CK_CALLBACK_FUNCTION(returnType, name) returnType (* name)
|
||||
|
||||
#include <unistd.h>
|
||||
#ifdef REPACK_STRUCTURES
|
||||
# pragma pack(push, 1)
|
||||
# include "pkcs11.h"
|
||||
# pragma pack(pop)
|
||||
#else
|
||||
# include "pkcs11.h"
|
||||
#endif
|
||||
|
||||
#ifdef REPACK_STRUCTURES
|
||||
|
||||
// Go doesn't support structures with non-default packing, but PKCS#11 requires
|
||||
// pack(1) on Windows. Use structures with the same members as the CK_ ones but
|
||||
// default packing, and copy data between the two.
|
||||
|
||||
typedef struct ckInfo {
|
||||
CK_VERSION cryptokiVersion;
|
||||
CK_UTF8CHAR manufacturerID[32];
|
||||
CK_FLAGS flags;
|
||||
CK_UTF8CHAR libraryDescription[32];
|
||||
CK_VERSION libraryVersion;
|
||||
} ckInfo, *ckInfoPtr;
|
||||
|
||||
typedef struct ckAttr {
|
||||
CK_ATTRIBUTE_TYPE type;
|
||||
CK_VOID_PTR pValue;
|
||||
CK_ULONG ulValueLen;
|
||||
} ckAttr, *ckAttrPtr;
|
||||
|
||||
typedef struct ckMech {
|
||||
CK_MECHANISM_TYPE mechanism;
|
||||
CK_VOID_PTR pParameter;
|
||||
CK_ULONG ulParameterLen;
|
||||
} ckMech, *ckMechPtr;
|
||||
|
||||
CK_RV attrsToC(CK_ATTRIBUTE_PTR *attrOut, ckAttrPtr attrIn, CK_ULONG count);
|
||||
void attrsFromC(ckAttrPtr attrOut, CK_ATTRIBUTE_PTR attrIn, CK_ULONG count);
|
||||
void mechToC(CK_MECHANISM_PTR mechOut, ckMechPtr mechIn);
|
||||
|
||||
#define ATTR_TO_C(aout, ain, count, other) \
|
||||
CK_ATTRIBUTE_PTR aout; \
|
||||
{ \
|
||||
CK_RV e = attrsToC(&aout, ain, count); \
|
||||
if (e != CKR_OK ) { \
|
||||
if (other != NULL) free(other); \
|
||||
return e; \
|
||||
} \
|
||||
}
|
||||
#define ATTR_FREE(aout) free(aout)
|
||||
#define ATTR_FROM_C(aout, ain, count) attrsFromC(aout, ain, count)
|
||||
#define MECH_TO_C(mout, min) \
|
||||
CK_MECHANISM mval, *mout = &mval; \
|
||||
if (min != NULL) { mechToC(mout, min); \
|
||||
} else { mout = NULL; }
|
||||
|
||||
#else // REPACK_STRUCTURES
|
||||
|
||||
// Dummy types and macros to avoid any unnecessary copying on UNIX
|
||||
|
||||
typedef CK_INFO ckInfo, *ckInfoPtr;
|
||||
typedef CK_ATTRIBUTE ckAttr, *ckAttrPtr;
|
||||
typedef CK_MECHANISM ckMech, *ckMechPtr;
|
||||
|
||||
#define ATTR_TO_C(aout, ain, count, other) CK_ATTRIBUTE_PTR aout = ain
|
||||
#define ATTR_FREE(aout)
|
||||
#define ATTR_FROM_C(aout, ain, count)
|
||||
#define MECH_TO_C(mout, min) CK_MECHANISM_PTR mout = min
|
||||
|
||||
#endif // REPACK_STRUCTURES
|
File diff suppressed because it is too large
Load Diff
|
@ -5,18 +5,9 @@
|
|||
package pkcs11
|
||||
|
||||
/*
|
||||
#define CK_PTR *
|
||||
#ifndef NULL_PTR
|
||||
#define NULL_PTR 0
|
||||
#endif
|
||||
#define CK_DEFINE_FUNCTION(returnType, name) returnType name
|
||||
#define CK_DECLARE_FUNCTION(returnType, name) returnType name
|
||||
#define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType (* name)
|
||||
#define CK_CALLBACK_FUNCTION(returnType, name) returnType (* name)
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include "pkcs11.h"
|
||||
#include "pkcs11go.h"
|
||||
|
||||
CK_ULONG Index(CK_ULONG_PTR array, CK_ULONG i)
|
||||
{
|
||||
|
@ -196,20 +187,22 @@ func NewAttribute(typ uint, x interface{}) *Attribute {
|
|||
}
|
||||
|
||||
// cAttribute returns the start address and the length of an attribute list.
|
||||
func cAttributeList(a []*Attribute) (arena, C.CK_ATTRIBUTE_PTR, C.CK_ULONG) {
|
||||
func cAttributeList(a []*Attribute) (arena, C.ckAttrPtr, C.CK_ULONG) {
|
||||
var arena arena
|
||||
if len(a) == 0 {
|
||||
return nil, nil, 0
|
||||
}
|
||||
pa := make([]C.CK_ATTRIBUTE, len(a))
|
||||
pa := make([]C.ckAttr, len(a))
|
||||
for i := 0; i < len(a); i++ {
|
||||
pa[i]._type = C.CK_ATTRIBUTE_TYPE(a[i].Type)
|
||||
if a[i].Value == nil {
|
||||
//skip attribute if length is 0 to prevent panic in arena.Allocate
|
||||
if a[i].Value == nil || len(a[i].Value) == 0 {
|
||||
continue
|
||||
}
|
||||
|
||||
pa[i].pValue, pa[i].ulValueLen = arena.Allocate(a[i].Value)
|
||||
}
|
||||
return arena, C.CK_ATTRIBUTE_PTR(&pa[0]), C.CK_ULONG(len(a))
|
||||
return arena, C.ckAttrPtr(&pa[0]), C.CK_ULONG(len(a))
|
||||
}
|
||||
|
||||
func cDate(t time.Time) []byte {
|
||||
|
@ -243,20 +236,22 @@ func NewMechanism(mech uint, x interface{}) *Mechanism {
|
|||
return m
|
||||
}
|
||||
|
||||
func cMechanismList(m []*Mechanism) (arena, C.CK_MECHANISM_PTR, C.CK_ULONG) {
|
||||
func cMechanismList(m []*Mechanism) (arena, C.ckMechPtr, C.CK_ULONG) {
|
||||
var arena arena
|
||||
if len(m) == 0 {
|
||||
return nil, nil, 0
|
||||
}
|
||||
pm := make([]C.CK_MECHANISM, len(m))
|
||||
pm := make([]C.ckMech, len(m))
|
||||
for i := 0; i < len(m); i++ {
|
||||
pm[i].mechanism = C.CK_MECHANISM_TYPE(m[i].Mechanism)
|
||||
if m[i].Parameter == nil {
|
||||
//skip parameter if length is 0 to prevent panic in arena.Allocate
|
||||
if m[i].Parameter == nil || len(m[i].Parameter) == 0 {
|
||||
continue
|
||||
}
|
||||
|
||||
pm[i].pParameter, pm[i].ulParameterLen = arena.Allocate(m[i].Parameter)
|
||||
}
|
||||
return arena, C.CK_MECHANISM_PTR(&pm[0]), C.CK_ULONG(len(m))
|
||||
return arena, C.ckMechPtr(&pm[0]), C.CK_ULONG(len(m))
|
||||
}
|
||||
|
||||
// MechanismInfo provides information about a particular mechanism.
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
<img src="docs/images/notary-blk.svg" alt="Notary" width="400px"/>
|
||||
|
||||
[![GoDoc](https://godoc.org/github.com/theupdateframework/notary?status.svg)](https://godoc.org/github.com/theupdateframework/notary)
|
||||
[![Circle CI](https://circleci.com/gh/theupdateframework/notary/tree/master.svg?style=shield)](https://circleci.com/gh/theupdateframework/notary/tree/master) [![CodeCov](https://codecov.io/github/theupdateframework/notary/coverage.svg?branch=master)](https://codecov.io/github/theupdateframework/notary) [![GoReportCard](https://goreportcard.com/badge/theupdateframework/notary)](https://goreportcard.com/report/github.com/theupdateframework/notary)
|
||||
[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Ftheupdateframework%2Fnotary.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Ftheupdateframework%2Fnotary?ref=badge_shield)
|
||||
|
||||
# Notice
|
||||
|
||||
|
@ -14,7 +16,7 @@ location via GitHub's redirect.
|
|||
# Overview
|
||||
|
||||
The Notary project comprises a [server](cmd/notary-server) and a [client](cmd/notary) for running and interacting
|
||||
with trusted collections. Please see the [service architecture](docs/service_architecture.md) documentation
|
||||
with trusted collections. See the [service architecture](docs/service_architecture.md) documentation
|
||||
for more information.
|
||||
|
||||
Notary aims to make the internet more secure by making it easy for people to
|
||||
|
@ -44,26 +46,26 @@ Notary is based on [The Update Framework](https://www.theupdateframework.com/),
|
|||
|
||||
## Security
|
||||
|
||||
Please see our [service architecture docs](docs/service_architecture.md#threat-model) for more information about our threat model, which details the varying survivability and severities for key compromise as well as mitigations.
|
||||
See Notary's [service architecture docs](docs/service_architecture.md#threat-model) for more information about our threat model, which details the varying survivability and severities for key compromise as well as mitigations.
|
||||
|
||||
Our last security audit was on July 31, 2015 by NCC ([results](docs/resources/ncc_docker_notary_audit_2015_07_31.pdf)).
|
||||
Notary's last security audit was on July 31, 2015 by NCC ([results](docs/resources/ncc_docker_notary_audit_2015_07_31.pdf)).
|
||||
|
||||
Any security vulnerabilities can be reported to security@docker.com.
|
||||
|
||||
# Getting started with the Notary CLI
|
||||
|
||||
Please get the Notary Client CLI binary from [the official releases page](https://github.com/theupdateframework/notary/releases) or you can [build one yourself](#building-notary).
|
||||
Get the Notary Client CLI binary from [the official releases page](https://github.com/theupdateframework/notary/releases) or you can [build one yourself](#building-notary).
|
||||
The version of Notary server and signer should be greater than or equal to Notary CLI's version to ensure feature compatibility (ex: CLI version 0.2, server/signer version >= 0.2), and all official releases are associated with GitHub tags.
|
||||
|
||||
To use the Notary CLI with Docker hub images, please have a look at our
|
||||
To use the Notary CLI with Docker hub images, have a look at Notary's
|
||||
[getting started docs](docs/getting_started.md).
|
||||
|
||||
For more advanced usage, please see the
|
||||
For more advanced usage, see the
|
||||
[advanced usage docs](docs/advanced_usage.md).
|
||||
|
||||
To use the CLI against a local Notary server rather than against Docker Hub:
|
||||
|
||||
1. Please ensure that you have [docker and docker-compose](http://docs.docker.com/compose/install/) installed.
|
||||
1. Ensure that you have [docker and docker-compose](http://docs.docker.com/compose/install/) installed.
|
||||
1. `git clone https://github.com/theupdateframework/notary.git` and from the cloned repository path,
|
||||
start up a local Notary server and signer and copy the config file and testing certs to your
|
||||
local notary config directory:
|
||||
|
@ -89,28 +91,31 @@ to use `notary` with Docker images.
|
|||
|
||||
## Building Notary
|
||||
|
||||
Note that our [latest stable release](https://github.com/theupdateframework/notary/releases) is at the head of the
|
||||
Note that Notary's [latest stable release](https://github.com/theupdateframework/notary/releases) is at the head of the
|
||||
[releases branch](https://github.com/theupdateframework/notary/tree/releases). The master branch is the development
|
||||
branch and contains features for the next release.
|
||||
|
||||
Prerequisites:
|
||||
|
||||
- Go >= 1.7.1
|
||||
- [godep](https://github.com/tools/godep) installed
|
||||
- Fedora: `dnf install golang`
|
||||
- libtool development headers installed
|
||||
- Ubuntu: `apt-get install libltdl-dev`
|
||||
- CentOS/RedHat: `yum install libtool-ltdl-devel`
|
||||
- Fedora: `dnf install libtool-ltdl-devel`
|
||||
- Mac OS ([Homebrew](http://brew.sh/)): `brew install libtool`
|
||||
|
||||
Run `make client`, which creates the Notary Client CLI binary at `bin/notary`.
|
||||
Note that `make client` assumes a standard Go directory structure, in which
|
||||
Notary is checked out to the `src` directory in your `GOPATH`. For example:
|
||||
```
|
||||
$GOPATH/
|
||||
src/
|
||||
github.com/
|
||||
docker/
|
||||
notary/
|
||||
Set [```GOPATH```](https://golang.org/doc/code.html#GOPATH). Then, run:
|
||||
|
||||
```bash
|
||||
$ go get github.com/theupdateframework/notary
|
||||
# build with pcks11 support by default to support yubikey
|
||||
$ go install -tags pkcs11 github.com/theupdateframework/notary/cmd/notary
|
||||
$ notary
|
||||
```
|
||||
|
||||
To build the server and signer, please run `docker-compose build`.
|
||||
To build the server and signer, run `docker-compose build`.
|
||||
|
||||
|
||||
## License
|
||||
[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Ftheupdateframework%2Fnotary.svg?type=large)](https://app.fossa.io/projects/git%2Bgithub.com%2Ftheupdateframework%2Fnotary?ref=badge_large)
|
||||
|
|
|
@ -1,88 +1,4 @@
|
|||
/*
|
||||
Package client implements everything required for interacting with a Notary repository.
|
||||
|
||||
Usage
|
||||
|
||||
Use this package by creating a new repository object and calling methods on it.
|
||||
|
||||
package main
|
||||
|
||||
import (
|
||||
"encoding/hex"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"os"
|
||||
"time"
|
||||
|
||||
"github.com/docker/distribution/registry/client/auth"
|
||||
"github.com/docker/distribution/registry/client/auth/challenge"
|
||||
"github.com/docker/distribution/registry/client/transport"
|
||||
notary "github.com/theupdateframework/notary/client"
|
||||
"github.com/theupdateframework/notary/trustpinning"
|
||||
"github.com/theupdateframework/notary/tuf/data"
|
||||
)
|
||||
|
||||
func main() {
|
||||
rootDir := ".trust"
|
||||
if err := os.MkdirAll(rootDir, 0700); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
server := "https://notary.docker.io"
|
||||
image := "docker.io/library/alpine"
|
||||
repo, err := notary.NewFileCachedNotaryRepository(
|
||||
rootDir,
|
||||
data.GUN(image),
|
||||
server,
|
||||
makeHubTransport(server, image),
|
||||
nil,
|
||||
trustpinning.TrustPinConfig{},
|
||||
)
|
||||
|
||||
targets, err := repo.ListTargets()
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
for _, tgt := range targets {
|
||||
fmt.Printf("%s\t%s\n", tgt.Name, hex.EncodeToString(tgt.Hashes["sha256"]))
|
||||
}
|
||||
}
|
||||
|
||||
func makeHubTransport(server, image string) http.RoundTripper {
|
||||
base := http.DefaultTransport
|
||||
modifiers := []transport.RequestModifier{
|
||||
transport.NewHeaderRequestModifier(http.Header{
|
||||
"User-Agent": []string{"my-client"},
|
||||
}),
|
||||
}
|
||||
|
||||
authTransport := transport.NewTransport(base, modifiers...)
|
||||
pingClient := &http.Client{
|
||||
Transport: authTransport,
|
||||
Timeout: 5 * time.Second,
|
||||
}
|
||||
req, err := http.NewRequest("GET", server+"/v2/", nil)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
challengeManager := challenge.NewSimpleManager()
|
||||
resp, err := pingClient.Do(req)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
if err := challengeManager.AddResponse(resp); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
tokenHandler := auth.NewTokenHandler(base, nil, image, "pull")
|
||||
modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, tokenHandler, auth.NewBasicHandler(nil)))
|
||||
|
||||
return transport.NewTransport(base, modifiers...)
|
||||
}
|
||||
|
||||
*/
|
||||
//Package client implements everything required for interacting with a Notary repository.
|
||||
package client
|
||||
|
||||
import (
|
||||
|
|
|
@ -3,6 +3,7 @@ package trustmanager
|
|||
import (
|
||||
"encoding/pem"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"path/filepath"
|
||||
|
@ -100,8 +101,9 @@ func ImportKeys(from io.Reader, to []Importer, fallbackRole string, fallbackGUN
|
|||
return err
|
||||
}
|
||||
var (
|
||||
writeTo string
|
||||
toWrite []byte
|
||||
writeTo string
|
||||
toWrite []byte
|
||||
errBlocks []string
|
||||
)
|
||||
for block, rest := pem.Decode(data); block != nil; block, rest = pem.Decode(rest) {
|
||||
handleLegacyPath(block)
|
||||
|
@ -110,6 +112,7 @@ func ImportKeys(from io.Reader, to []Importer, fallbackRole string, fallbackGUN
|
|||
loc, err := checkValidity(block)
|
||||
if err != nil {
|
||||
// already logged in checkValidity
|
||||
errBlocks = append(errBlocks, err.Error())
|
||||
continue
|
||||
}
|
||||
|
||||
|
@ -157,6 +160,9 @@ func ImportKeys(from io.Reader, to []Importer, fallbackRole string, fallbackGUN
|
|||
if toWrite != nil { // close out final iteration if there's data left
|
||||
return importToStores(to, writeTo, toWrite)
|
||||
}
|
||||
if len(errBlocks) > 0 {
|
||||
return fmt.Errorf("failed to import all keys: %s", strings.Join(errBlocks, ", "))
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
2
vendor/github.com/theupdateframework/notary/trustmanager/yubikey/pkcs11_linux.go
generated
vendored
2
vendor/github.com/theupdateframework/notary/trustmanager/yubikey/pkcs11_linux.go
generated
vendored
|
@ -4,7 +4,9 @@ package yubikey
|
|||
|
||||
var possiblePkcs11Libs = []string{
|
||||
"/usr/lib/libykcs11.so",
|
||||
"/usr/lib/libykcs11.so.1", // yubico-piv-tool on Fedora installs here
|
||||
"/usr/lib64/libykcs11.so",
|
||||
"/usr/lib64/libykcs11.so.1", // yubico-piv-tool on Fedora installs here
|
||||
"/usr/lib/x86_64-linux-gnu/libykcs11.so",
|
||||
"/usr/local/lib/libykcs11.so",
|
||||
}
|
||||
|
|
|
@ -248,17 +248,14 @@ func (tr *Repo) GetDelegationRole(name data.RoleName) (data.DelegationRole, erro
|
|||
}
|
||||
// Check all public key certificates in the role for expiry
|
||||
// Currently we do not reject expired delegation keys but warn if they might expire soon or have already
|
||||
for keyID, pubKey := range delgRole.Keys {
|
||||
for _, pubKey := range delgRole.Keys {
|
||||
certFromKey, err := utils.LoadCertFromPEM(pubKey.Public())
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
if err := utils.ValidateCertificate(certFromKey, true); err != nil {
|
||||
if _, ok := err.(data.ErrCertExpired); !ok {
|
||||
// do not allow other invalid cert errors
|
||||
return err
|
||||
}
|
||||
logrus.Warnf("error with delegation %s key ID %d: %s", delgRole.Name, keyID, err)
|
||||
//Don't check the delegation certificate expiry once added, use the TUF role expiry instead
|
||||
if err := utils.ValidateCertificate(certFromKey, false); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
foundRole = &delgRole
|
||||
|
|
|
@ -6,7 +6,7 @@ github.com/bugsnag/panicwrap e2c28503fcd0675329da73bf48b33404db873782
|
|||
github.com/bugsnag/osext 0dd3f918b21bec95ace9dc86c7e70266cfc5c702
|
||||
github.com/docker/distribution edc3ab29cdff8694dd6feb85cfeb4b5f1b38ed9c
|
||||
github.com/opencontainers/go-digest a6d0ee40d4207ea02364bd3b9e8e77b9159ba1eb
|
||||
github.com/docker/go-connections 3ede32e2033de7505e6500d6c868c2b9ed9f169d
|
||||
github.com/docker/go-connections 7395e3f8aa162843a74ed6d48e79627d9792ac55
|
||||
github.com/docker/go d30aec9fd63c35133f8f79c3412ad91a3b08be06
|
||||
github.com/dvsekhvalnov/jose2go 6387d3c1f5abd8443b223577d5a7e0f4e0e5731f # v1.2
|
||||
github.com/go-sql-driver/mysql a0583e0143b1624142adab07e0e97fe106d99561 # v1.3
|
||||
|
@ -15,22 +15,22 @@ github.com/jinzhu/gorm 5409931a1bb87e484d68d649af9367c207713ea2
|
|||
github.com/jinzhu/inflection 1c35d901db3da928c72a72d8458480cc9ade058f
|
||||
github.com/lib/pq 0dad96c0b94f8dee039aa40467f767467392a0af
|
||||
github.com/mattn/go-sqlite3 b4142c444a8941d0d92b0b7103a24df9cd815e42 # v1.0.0
|
||||
github.com/miekg/pkcs11 ba39b9c6300b7e0be41b115330145ef8afdff7d6
|
||||
github.com/miekg/pkcs11 5f6e0d0dad6f472df908c8e968a98ef00c9224bb
|
||||
github.com/mitchellh/go-homedir df55a15e5ce646808815381b3db47a8c66ea62f4
|
||||
github.com/prometheus/client_golang 449ccefff16c8e2b7229f6be1921ba22f62461fe
|
||||
github.com/prometheus/client_model fa8ad6fec33561be4280a8f0514318c79d7f6cb6 # model-0.0.2-12-gfa8ad6f
|
||||
github.com/prometheus/procfs b1afdc266f54247f5dc725544f5d351a8661f502
|
||||
github.com/prometheus/common 4fdc91a58c9d3696b982e8a680f4997403132d44
|
||||
github.com/golang/protobuf c3cefd437628a0b7d31b34fe44b3a7a540e98527
|
||||
github.com/spf13/cobra f368244301305f414206f889b1735a54cfc8bde8
|
||||
github.com/spf13/cobra 7b2c5ac9fc04fc5efafb60700713d4fa609b777b # v0.0.1
|
||||
github.com/spf13/viper be5ff3e4840cf692388bde7a057595a474ef379e
|
||||
golang.org/x/crypto 76eec36fa14229c4b25bb894c2d0e591527af429
|
||||
golang.org/x/net 6a513affb38dc9788b449d59ffed099b8de18fa0
|
||||
golang.org/x/sys 739734461d1c916b6c72a63d7efda2b27edb369f
|
||||
golang.org/x/sys 314a259e304ff91bd6985da2a7149bbf91237993
|
||||
google.golang.org/grpc 708a7f9f3283aa2d4f6132d287d78683babe55c8 # v1.0.5
|
||||
github.com/pkg/errors 839d9e913e063e28dfd0e6c7b7512793e0a48be9
|
||||
|
||||
github.com/spf13/pflag cb88ea77998c3f024757528e3305022ab50b43be
|
||||
github.com/spf13/pflag e57e3eeb33f795204c1ca35f56c44f83227c6e66 # v1.0.0
|
||||
github.com/spf13/cast 4d07383ffe94b5e5a6fa3af9211374a4507a0184
|
||||
gopkg.in/yaml.v2 bef53efd0c76e49e6de55ead051f886bea7e9420
|
||||
gopkg.in/fatih/pool.v2 cba550ebf9bce999a02e963296d4bc7a486cb715
|
||||
|
|
Loading…
Reference in New Issue