pkcs11

package

v1.16.9 Latest Latest Go to latest Published: Nov 7, 2023 License: Apache-2.0 Imports: 26 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/theparanoids/crypki

Links

Open Source Insights

Documentation ¶

Overview ¶

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index ¶

func NewCertSign(ctx context.Context, pkcs11ModulePath string, keys []config.KeyConfig, ...) (crypki.CertSign, error)
type Config
type KeyInfo
type PKCS11Ctx
type Request
type SignerPool
type Work
- func (w *Work) DoWork(workerCtx context.Context, worker *scheduler.Worker)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewCertSign ¶

func NewCertSign(ctx context.Context, pkcs11ModulePath string, keys []config.KeyConfig, requireX509CACert map[string]bool, hostname string, ips []net.IP, uris []*url.URL, requestTimeout uint) (crypki.CertSign, error)

NewCertSign initializes a CertSign object that interacts with PKCS11 compliant device.

Types ¶

type Config ¶

type Config struct {
	// Keys are a map of key identifier and info
	Keys map[crypki.SignType]KeyInfo
	// ModulePath is the path of pkcs11 module
	ModulePath string
}

Config is the config struct used in pkcs11

type KeyInfo ¶

type KeyInfo struct {
	// SlotNumber indicates slot number on the HSM
	SlotNumber uint
	// TokenLabel indicates token label on the HSM
	TokenLabel string
	// UserPinPath indicates the filepath which contains the pin to login
	// to the specified slot.
	UserPinPath string
	// KeyLabel indicates the label of the key on the slot
	KeyLabel string
	// SignersPerPool is the number of signers we assign on a specific key
	SignersPerPool int
	// KeyType specifies the type of key, such as RSA or ECDSA.
	KeyType x509.PublicKeyAlgorithm
}

KeyInfo contains the info of specific key

type PKCS11Ctx ¶

type PKCS11Ctx interface {
	GetAttributeValue(p11.SessionHandle, p11.ObjectHandle, []*p11.Attribute) ([]*p11.Attribute, error)
	SignInit(p11.SessionHandle, []*p11.Mechanism, p11.ObjectHandle) error
	Sign(p11.SessionHandle, []byte) ([]byte, error)
	Login(p11.SessionHandle, uint, string) error
	GenerateRandom(p11.SessionHandle, int) ([]byte, error)
	FindObjectsInit(sh p11.SessionHandle, temp []*p11.Attribute) error
	FindObjects(sh p11.SessionHandle, max int) ([]p11.ObjectHandle, bool, error)
	FindObjectsFinal(sh p11.SessionHandle) error
	CloseSession(sh p11.SessionHandle) error
	OpenSession(slotID uint, flags uint) (p11.SessionHandle, error)
	GetSlotList(tokenPresent bool) ([]uint, error)
	GetSlotInfo(slotID uint) (p11.SlotInfo, error)
	GetTokenInfo(slotID uint) (p11.TokenInfo, error)
}

PKCS11Ctx interface is added to mock pkcs11.Ctx run the following command to generate mock

type Request ¶ added in v1.11.0

type Request struct {
	// contains filtered or unexported fields
}

Request holds information needed by the collector to fetch the request & process it. It has multiple channels, one for response & other to notify the worker if the client request times out to stop processing any request from the client.

type SignerPool ¶

type SignerPool struct {
	// contains filtered or unexported fields
}

SignerPool is a pool of PKCS11 signers each key is corresponding with a SignerPool

type Work ¶ added in v1.11.0

type Work struct {
	scheduler.DoWorker
	// contains filtered or unexported fields
}

func (*Work) DoWork ¶ added in v1.11.0

func (w *Work) DoWork(workerCtx context.Context, worker *scheduler.Worker)

DoWork performs the work of fetching the signer from the pool and sending it back on the response channel. If the client cancels the request or times out, the worker should not wait indefinitely for getting the signer from the pool. We also have a PKCS11 timeout which is the maximum duration for which worker waits to fetch the signer from pool & cancel the client request if it exceeds that.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
mock_pkcs11 Package mock_pkcs11 is a generated GoMock package.	Package mock_pkcs11 is a generated GoMock package.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL