Documentation ¶
Index ¶
- Constants
- type CK_ATTRIBUTE_PTR
- type CK_BBOOL
- type CK_BigInt
- type CK_Bytes
- type CK_DATE
- type CK_KEY_TYPE
- type CK_MECHANISM_TYPE
- type CK_MECHANISM_TYPE_PTR
- type CK_OBJECT_CLASS
- type CK_String
- type CK_ULONG
- type CkaDesc
- type CkaStruct
- type CommonKeyAttributes
- type CommonObjectAttributes
- type CommonPrivateKeyAttributes
- type CommonPublicKeyAttributes
- type CommonStorageObjectAttributes
- type ECCPrivateKeyAttributes
- type ECCPublicKeyAttributes
- type GenericSecretKeyAttributes
- type Pkcs11Config
- type Pkcs11KeyPair
- func (kp *Pkcs11KeyPair) Algorithm() keystores.KeyAlgorithm
- func (kp *Pkcs11KeyPair) Attestation(nonce []byte) (att keystores.Attestation, err error)
- func (kp *Pkcs11KeyPair) Decrypt(rand io.Reader, ciphertext []byte, opts crypto.DecrypterOpts) (plaintext []byte, err error)
- func (kp *Pkcs11KeyPair) Destroy() (retErr error)
- func (kp *Pkcs11KeyPair) ECDH(remote *ecdsa.PublicKey) ([]byte, error)
- func (kp *Pkcs11KeyPair) ExportPrivate() (privKey crypto.PrivateKey, err error)
- func (kp *Pkcs11KeyPair) Id() keystores.KeyPairId
- func (kp *Pkcs11KeyPair) KeyStore() keystores.KeyStore
- func (kp *Pkcs11KeyPair) KeyUsage() map[keystores.KeyUsage]bool
- func (kp *Pkcs11KeyPair) Label() string
- func (kp *Pkcs11KeyPair) Public() crypto.PublicKey
- func (kp *Pkcs11KeyPair) SetLabel(label string) error
- func (kp *Pkcs11KeyPair) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error)
- func (kp *Pkcs11KeyPair) Verify(signature []byte, digest []byte, opts crypto.SignerOpts) (err error)
- type Pkcs11KeyStore
- func (ks *Pkcs11KeyStore) Close() error
- func (ks *Pkcs11KeyStore) CreateKeyPair(opts keystores.GenKeyPairOpts) (keystores.KeyPair, error)
- func (ks *Pkcs11KeyStore) Id() string
- func (ks *Pkcs11KeyStore) ImportKeyPair(key crypto.PrivateKey, opts keystores.GenKeyPairOpts) (kp keystores.KeyPair, err error)
- func (ks *Pkcs11KeyStore) IsOpen() bool
- func (ks *Pkcs11KeyStore) KeyPairById(id keystores.KeyPairId) keystores.KeyPair
- func (ks *Pkcs11KeyStore) KeyPairs(reload bool) (keyPairs map[keystores.KeyPairId]keystores.KeyPair, retErr error)
- func (ks *Pkcs11KeyStore) Name() string
- func (ks *Pkcs11KeyStore) Open() error
- func (ks *Pkcs11KeyStore) Reload() error
- func (ks *Pkcs11KeyStore) SupportedPrivateKeyAlgorithms() []keystores.KeyAlgorithm
- type Pkcs11Provider
- type Pkcs11Session
- type Pkcs11TrustedCert
- type RSAPrivateKeyAttributes
- type RSAPublicKeyAttributes
Constants ¶
View Source
const CKK_AES = CK_KEY_TYPE(p11api.CKK_AES)
View Source
const CKK_EC = CK_KEY_TYPE(p11api.CKK_EC)
View Source
const CKK_ECDSA = CK_KEY_TYPE(p11api.CKK_ECDSA)
View Source
const CKK_RSA = CK_KEY_TYPE(p11api.CKK_RSA)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CK_ATTRIBUTE_PTR ¶
type CK_ATTRIBUTE_PTR CK_Bytes
type CK_KEY_TYPE ¶
type CK_KEY_TYPE CK_ULONG
type CK_MECHANISM_TYPE ¶
type CK_MECHANISM_TYPE CK_ULONG
type CK_MECHANISM_TYPE_PTR ¶
type CK_MECHANISM_TYPE_PTR []CK_MECHANISM_TYPE
type CK_OBJECT_CLASS ¶
type CK_OBJECT_CLASS CK_ULONG
type CK_ULONG ¶
type CK_ULONG uint32
From Pkcs11 spec: CK_ULONG will sometimes be 32 bits, and sometimes perhaps 64 bits
type CkaDesc ¶
type CkaDesc struct {
// contains filtered or unexported fields
}
func CkaDescByCode ¶
func CkaDescByName ¶
type CkaStruct ¶
type CkaStruct interface { *CommonObjectAttributes | *CommonStorageObjectAttributes | *CommonKeyAttributes | *CommonPublicKeyAttributes | *CommonPrivateKeyAttributes | *RSAPublicKeyAttributes | *RSAPrivateKeyAttributes | *ECCPublicKeyAttributes | *ECCPrivateKeyAttributes | *GenericSecretKeyAttributes }
type CommonKeyAttributes ¶
type CommonKeyAttributes struct { CommonStorageObjectAttributes CKA_KEY_TYPE CK_KEY_TYPE // Type of key CKA_ID CK_Bytes // Key identifier for key (default empty) CKA_START_DATE CK_DATE // Start date for the key (default empty) CKA_END_DATE CK_DATE // End date for the key (default empty) CKA_DERIVE CK_BBOOL // CK_TRUE if key supports key derivation (i.e., if other keys can be derived from this one (default CK_FALSE) CKA_LOCAL CK_BBOOL // CK_TRUE only if key was either generated locally (i.e., on the token) with a C_GenerateKey or C_GenerateKeyPair call created with a C_CopyObject call as a copy of a key which had its CKA_LOCAL attribute set to CK_TRUE CKA_KEY_GEN_MECHANISM CK_MECHANISM_TYPE // Identifier of the mechanism used to generate the key material. CKA_ALLOWED_MECHANISMS CK_MECHANISM_TYPE_PTR // pointer to a CK_MECHANISM_TYPE array A list of mechanisms allowed to be used with this key. The number of mechanisms in the array is the ulValueLen component of the attribute divided by the size of CK_MECHANISM_TYPE. }
type CommonObjectAttributes ¶
type CommonObjectAttributes struct {
CKA_CLASS CK_OBJECT_CLASS // Object class (type)
}
type CommonPrivateKeyAttributes ¶
type CommonPrivateKeyAttributes struct { CommonKeyAttributes CKA_SUBJECT CK_Bytes // DER-encoding of certificate subject name (default empty) CKA_SENSITIVE CK_BBOOL // CK_TRUE if key is sensitive CKA_DECRYPT CK_BBOOL // CK_TRUE if key supports decryption CKA_SIGN CK_BBOOL // CK_TRUE if key supports signatures where the signature is an appendix to the data CKA_SIGN_RECOVER CK_BBOOL // CK_TRUE if key supports signatures where the data can be recovered from the signature CKA_UNWRAP CK_BBOOL // CK_TRUE if key supports unwrapping (i.e., can be used to unwrap other keys) CKA_EXTRACTABLE CK_BBOOL // CK_TRUE if key is extractable and can be wrapped CKA_ALWAYS_SENSITIVE CK_BBOOL // CK_TRUE if key has always had the CKA_SENSITIVE attribute set to CK_TRUE CKA_NEVER_EXTRACTABLE CK_BBOOL // CK_TRUE if key has never had the CKA_EXTRACTABLE attribute set to CK_TRUE CKA_WRAP_WITH_TRUSTED CK_BBOOL // CK_TRUE if the key can only be wrapped with a wrapping key that has CKA_TRUSTED set to CK_TRUE. Default is CK_FALSE. CKA_UNWRAP_TEMPLATE CK_ATTRIBUTE_PTR // For wrapping keys. The attribute template to apply to any keys unwrapped using this wrapping key. Any user supplied template is applied after this template as if the object has already been created. The number of attributes in the array is the ulValueLen component of the attribute divided by the size of CK_ATTRIBUTE. CKA_ALWAYS_AUTHENTICATE CK_BBOOL // If CK_TRUE, the user has to supply the PIN for each use (sign or decrypt) with the key. Default is CK_FALSE. CKA_PUBLIC_KEY_INFO CK_Bytes // DER-encoding of the SubjectPublicKeyInfo for the associated public key (MAY be empty; DEFAULT derived from the underlying private key data; MAY be manually set for specific key types; if set; MUST be consistent with the underlying private key data) }
type CommonPublicKeyAttributes ¶
type CommonPublicKeyAttributes struct { CommonKeyAttributes CKA_SUBJECT CK_Bytes // DER-encoding of the key subject name (default empty) CKA_ENCRYPT CK_BBOOL // CK_TRUE if key supports encryption CKA_VERIFY CK_BBOOL // CK_TRUE if key supports verification where the signature is an appendix to the data CKA_VERIFY_RECOVER CK_BBOOL // CK_TRUE if key supports verification where the data is recovered from the signature CKA_WRAP CK_BBOOL // CK_TRUE if key supports wrapping (i.e., can be used to wrap other keys) CKA_TRUSTED CK_BBOOL // The key can be trusted for the application that it was created. The wrapping key can be used to wrap keys with CKA_WRAP_WITH_TRUSTED set to CK_TRUE. CKA_WRAP_TEMPLATE CK_ATTRIBUTE_PTR // For wrapping keys. The attribute template to match against any keys wrapped using this wrapping key. Keys that do not match cannot be wrapped. The number of attributes in the array is the ulValueLen component of the attribute divided by the size of CK_ATTRIBUTE. CKA_PUBLIC_KEY_INFO CK_Bytes // DER-encoding of the SubjectPublicKeyInfo for this public key. (MAY be empty, DEFAULT derived from the underlying public key data) }
type CommonStorageObjectAttributes ¶
type CommonStorageObjectAttributes struct { CommonObjectAttributes CKA_TOKEN CK_BBOOL // CK_TRUE if object is a token object; CK_FALSE if object is a session object. Default is CK_FALSE. CKA_PRIVATE CK_BBOOL // CK_TRUE if object is a private object; CK_FALSE if object is a public object. Default value is token-specific, and may depend on the values of other attributes of the object. CKA_MODIFIABLE CK_BBOOL // CK_TRUE if object can be modified Default is CK_TRUE. CKA_LABEL CK_String // Description of the object (default empty). CKA_COPYABLE CK_BBOOL // CK_TRUE if object can be copied using C_CopyObject. Defaults to CK_TRUE. Can’t be set to TRUE once it is set to FALSE. CKA_DESTROYABLE CK_BBOOL // CK_TRUE if the object can be destroyed using C_DestroyObject. Default is CK_TRUE. }
type ECCPrivateKeyAttributes ¶
type ECCPrivateKeyAttributes struct { CommonPrivateKeyAttributes CKA_EC_PARAMS CK_Bytes // DER-encoding of an ANSI X9.62 Parameters value CKA_VALUE CK_BigInt // ANSI X9.62 private value d }
type ECCPublicKeyAttributes ¶
type ECCPublicKeyAttributes struct { CommonPublicKeyAttributes CKA_EC_PARAMS CK_Bytes // DER-encoding of an ANSI X9.62 Parameters value CKA_EC_POINT CK_Bytes // DER-encoding of ANSI X9.62 ECPoint value Q }
type GenericSecretKeyAttributes ¶
type GenericSecretKeyAttributes struct { CommonKeyAttributes CKA_VALUE CK_Bytes // Key value (arbitrary length) CKA_VALUE_LEN CK_ULONG // Length in bytes of key value }
type Pkcs11Config ¶
type Pkcs11Config struct {
DriverPath string
}
type Pkcs11KeyPair ¶
type Pkcs11KeyPair struct {
// contains filtered or unexported fields
}
func (*Pkcs11KeyPair) Algorithm ¶
func (kp *Pkcs11KeyPair) Algorithm() keystores.KeyAlgorithm
func (*Pkcs11KeyPair) Attestation ¶
func (kp *Pkcs11KeyPair) Attestation(nonce []byte) (att keystores.Attestation, err error)
func (*Pkcs11KeyPair) Decrypt ¶
func (kp *Pkcs11KeyPair) Decrypt(rand io.Reader, ciphertext []byte, opts crypto.DecrypterOpts) (plaintext []byte, err error)
func (*Pkcs11KeyPair) Destroy ¶
func (kp *Pkcs11KeyPair) Destroy() (retErr error)
func (*Pkcs11KeyPair) ExportPrivate ¶
func (kp *Pkcs11KeyPair) ExportPrivate() (privKey crypto.PrivateKey, err error)
func (*Pkcs11KeyPair) Id ¶
func (kp *Pkcs11KeyPair) Id() keystores.KeyPairId
func (*Pkcs11KeyPair) KeyStore ¶
func (kp *Pkcs11KeyPair) KeyStore() keystores.KeyStore
func (*Pkcs11KeyPair) KeyUsage ¶
func (kp *Pkcs11KeyPair) KeyUsage() map[keystores.KeyUsage]bool
func (*Pkcs11KeyPair) Label ¶
func (kp *Pkcs11KeyPair) Label() string
func (*Pkcs11KeyPair) Public ¶
func (kp *Pkcs11KeyPair) Public() crypto.PublicKey
func (*Pkcs11KeyPair) SetLabel ¶
func (kp *Pkcs11KeyPair) SetLabel(label string) error
func (*Pkcs11KeyPair) Sign ¶
func (kp *Pkcs11KeyPair) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error)
func (*Pkcs11KeyPair) Verify ¶
func (kp *Pkcs11KeyPair) Verify(signature []byte, digest []byte, opts crypto.SignerOpts) (err error)
type Pkcs11KeyStore ¶
type Pkcs11KeyStore struct {
// contains filtered or unexported fields
}
func (*Pkcs11KeyStore) Close ¶
func (ks *Pkcs11KeyStore) Close() error
func (*Pkcs11KeyStore) CreateKeyPair ¶
func (ks *Pkcs11KeyStore) CreateKeyPair(opts keystores.GenKeyPairOpts) (keystores.KeyPair, error)
func (*Pkcs11KeyStore) Id ¶
func (ks *Pkcs11KeyStore) Id() string
func (*Pkcs11KeyStore) ImportKeyPair ¶
func (ks *Pkcs11KeyStore) ImportKeyPair(key crypto.PrivateKey, opts keystores.GenKeyPairOpts) (kp keystores.KeyPair, err error)
func (*Pkcs11KeyStore) IsOpen ¶
func (ks *Pkcs11KeyStore) IsOpen() bool
func (*Pkcs11KeyStore) KeyPairById ¶
func (ks *Pkcs11KeyStore) KeyPairById(id keystores.KeyPairId) keystores.KeyPair
func (*Pkcs11KeyStore) KeyPairs ¶
func (ks *Pkcs11KeyStore) KeyPairs(reload bool) (keyPairs map[keystores.KeyPairId]keystores.KeyPair, retErr error)
func (*Pkcs11KeyStore) Name ¶
func (ks *Pkcs11KeyStore) Name() string
func (*Pkcs11KeyStore) Open ¶
func (ks *Pkcs11KeyStore) Open() error
func (*Pkcs11KeyStore) Reload ¶
func (ks *Pkcs11KeyStore) Reload() error
func (*Pkcs11KeyStore) SupportedPrivateKeyAlgorithms ¶
func (ks *Pkcs11KeyStore) SupportedPrivateKeyAlgorithms() []keystores.KeyAlgorithm
type Pkcs11Provider ¶
type Pkcs11Provider struct { PINAuthenticator func(keystoreDesc string, keyDesc string, isSO bool) (string, error) // contains filtered or unexported fields }
func NewPkcs11Provider ¶
func NewPkcs11Provider(config Pkcs11Config) *Pkcs11Provider
func (*Pkcs11Provider) Close ¶
func (p *Pkcs11Provider) Close() error
func (*Pkcs11Provider) FindKeyStore ¶
func (p *Pkcs11Provider) FindKeyStore(tokenLabel string, tokenSerial string) (*Pkcs11KeyStore, error)
func (*Pkcs11Provider) IsOpen ¶
func (p *Pkcs11Provider) IsOpen() bool
func (*Pkcs11Provider) KeyStores ¶
func (p *Pkcs11Provider) KeyStores() ([]keystores.KeyStore, error)
func (*Pkcs11Provider) Open ¶
func (p *Pkcs11Provider) Open() error
type Pkcs11Session ¶
type Pkcs11Session struct {
// contains filtered or unexported fields
}
type Pkcs11TrustedCert ¶
type Pkcs11TrustedCert struct { }
type RSAPrivateKeyAttributes ¶
type RSAPrivateKeyAttributes struct { CommonPrivateKeyAttributes CKA_MODULUS CK_BigInt // Modulus n CKA_PUBLIC_EXPONENT CK_BigInt // Public exponent e CKA_PRIVATE_EXPONENT CK_BigInt // Private exponent d CKA_PRIME_1 CK_BigInt // Prime p CKA_PRIME_2 CK_BigInt // Prime q CKA_EXPONENT_1 CK_BigInt // Private exponent d modulo p-1 CKA_EXPONENT_2 CK_BigInt // Private exponent d modulo q-1 CKA_COEFFICIENT CK_BigInt // CRT coefficient 1/q mod p }
type RSAPublicKeyAttributes ¶
type RSAPublicKeyAttributes struct { CommonPublicKeyAttributes CKA_MODULUS CK_BigInt // Modulus n CKA_MODULUS_BITS CK_ULONG // Length in bits of modulus n CKA_PUBLIC_EXPONENT CK_BigInt // Public exponent e }
Click to show internal directories.
Click to hide internal directories.