DockerCLI/vendor/github.com/miekg/pkcs11
Sebastiaan van Stijn 0bc3d1fd2d
bump miekg/pkcs11 v1.0.2
full diff: 6120d95c0e...v1.0.2

relevant changes:

- miekg/pkcs11#110 Fix issue freeing memory on GetOperationState when NOT CK_OK
- miekg/pkcs11#106 Move to go modules
- miekg/pkcs11#104 Expose login API for vendor specific login types

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 54428b1f37)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-27 11:51:03 +02:00
..
LICENSE Add vendor 2017-04-17 18:12:58 -04:00
README.md Update PKCS11 library 2019-02-26 11:45:19 +00:00
const.go Update PKCS11 library 2019-02-26 11:45:19 +00:00
error.go Add vendor 2017-04-17 18:12:58 -04:00
go.mod bump miekg/pkcs11 v1.0.2 2019-09-27 11:51:03 +02:00
params.go bump miekg/pkcs11 v1.0.2 2019-09-27 11:51:03 +02:00
pkcs11.go bump miekg/pkcs11 v1.0.2 2019-09-27 11:51:03 +02:00
pkcs11.h Update Notary vendor to 0.6.0 release 2018-03-02 14:56:12 +00:00
pkcs11f.h Update Notary vendor to 0.6.0 release 2018-03-02 14:56:12 +00:00
pkcs11go.h Update PKCS11 library 2019-02-26 11:45:19 +00:00
pkcs11t.h Update PKCS11 library 2019-02-26 11:45:19 +00:00
release.go bump miekg/pkcs11 v1.0.2 2019-09-27 11:51:03 +02:00
types.go Update PKCS11 library 2019-02-26 11:45:19 +00:00
vendor.go Update PKCS11 library 2019-02-26 11:45:19 +00:00

README.md

PKCS#11 Build Status GoDoc

This is a Go implementation of the PKCS#11 API. It wraps the library closely, but uses Go idiom were it makes sense. It has been tested with SoftHSM.

SoftHSM

  • Make it use a custom configuration file export SOFTHSM_CONF=$PWD/softhsm.conf

  • Then use softhsm to init it

      softhsm --init-token --slot 0 --label test --pin 1234
    
  • Then use libsofthsm.so as the pkcs11 module:

        p := pkcs11.New("/usr/lib/softhsm/libsofthsm.so")

Examples

A skeleton program would look somewhat like this (yes, pkcs#11 is verbose):

    p := pkcs11.New("/usr/lib/softhsm/libsofthsm.so")
    err := p.Initialize()
    if err != nil {
        panic(err)
    }

    defer p.Destroy()
    defer p.Finalize()

    slots, err := p.GetSlotList(true)
    if err != nil {
        panic(err)
    }

    session, err := p.OpenSession(slots[0], pkcs11.CKF_SERIAL_SESSION|pkcs11.CKF_RW_SESSION)
    if err != nil {
        panic(err)
    }
    defer p.CloseSession(session)

    err = p.Login(session, pkcs11.CKU_USER, "1234")
    if err != nil {
        panic(err)
    }
    defer p.Logout(session)

    p.DigestInit(session, []*pkcs11.Mechanism{pkcs11.NewMechanism(pkcs11.CKM_SHA_1, nil)})
    hash, err := p.Digest(session, []byte("this is a string"))
    if err != nil {
        panic(err)
    }

    for _, d := range hash {
            fmt.Printf("%x", d)
    }
    fmt.Println()

Further examples are included in the tests.

To expose PKCS#11 keys using the crypto.Signer interface, please see github.com/thalesignite/crypto11.

TODO

  • Fix/double check endian stuff, see types.go NewAttribute()
  • Look at the memory copying in fast functions (sign, hash etc)