package pkcs11
import "github.com/miekg/pkcs11"
Package pkcs11 is a wrapper around the PKCS#11 cryptographic library.
Index ¶
- Constants
- func NewPSSParams(hashAlg, mgf, saltLength uint) []byte
- type Attribute
- type Ctx
- func New(module string) *Ctx
- func (c *Ctx) CloseAllSessions(slotID uint) error
- func (c *Ctx) CloseSession(sh SessionHandle) error
- func (c *Ctx) CopyObject(sh SessionHandle, o ObjectHandle, temp []*Attribute) (ObjectHandle, error)
- func (c *Ctx) CreateObject(sh SessionHandle, temp []*Attribute) (ObjectHandle, error)
- func (c *Ctx) Decrypt(sh SessionHandle, cipher []byte) ([]byte, error)
- func (c *Ctx) DecryptDigestUpdate(sh SessionHandle, cipher []byte) ([]byte, error)
- func (c *Ctx) DecryptFinal(sh SessionHandle) ([]byte, error)
- func (c *Ctx) DecryptInit(sh SessionHandle, m []*Mechanism, o ObjectHandle) error
- func (c *Ctx) DecryptUpdate(sh SessionHandle, cipher []byte) ([]byte, error)
- func (c *Ctx) DecryptVerifyUpdate(sh SessionHandle, cipher []byte) ([]byte, error)
- func (c *Ctx) DeriveKey(sh SessionHandle, m []*Mechanism, basekey ObjectHandle, a []*Attribute) (ObjectHandle, error)
- func (c *Ctx) Destroy()
- func (c *Ctx) DestroyObject(sh SessionHandle, oh ObjectHandle) error
- func (c *Ctx) Digest(sh SessionHandle, message []byte) ([]byte, error)
- func (c *Ctx) DigestEncryptUpdate(sh SessionHandle, part []byte) ([]byte, error)
- func (c *Ctx) DigestFinal(sh SessionHandle) ([]byte, error)
- func (c *Ctx) DigestInit(sh SessionHandle, m []*Mechanism) error
- func (c *Ctx) DigestKey(sh SessionHandle, key ObjectHandle) error
- func (c *Ctx) DigestUpdate(sh SessionHandle, message []byte) error
- func (c *Ctx) Encrypt(sh SessionHandle, message []byte) ([]byte, error)
- func (c *Ctx) EncryptFinal(sh SessionHandle) ([]byte, error)
- func (c *Ctx) EncryptInit(sh SessionHandle, m []*Mechanism, o ObjectHandle) error
- func (c *Ctx) EncryptUpdate(sh SessionHandle, plain []byte) ([]byte, error)
- func (c *Ctx) Finalize() error
- func (c *Ctx) FindObjects(sh SessionHandle, max int) ([]ObjectHandle, bool, error)
- func (c *Ctx) FindObjectsFinal(sh SessionHandle) error
- func (c *Ctx) FindObjectsInit(sh SessionHandle, temp []*Attribute) error
- func (c *Ctx) GenerateKey(sh SessionHandle, m []*Mechanism, temp []*Attribute) (ObjectHandle, error)
- func (c *Ctx) GenerateKeyPair(sh SessionHandle, m []*Mechanism, public, private []*Attribute) (ObjectHandle, ObjectHandle, error)
- func (c *Ctx) GenerateRandom(sh SessionHandle, length int) ([]byte, error)
- func (c *Ctx) GetAttributeValue(sh SessionHandle, o ObjectHandle, a []*Attribute) ([]*Attribute, error)
- func (c *Ctx) GetInfo() (Info, error)
- func (c *Ctx) GetMechanismInfo(slotID uint, m []*Mechanism) (MechanismInfo, error)
- func (c *Ctx) GetMechanismList(slotID uint) ([]*Mechanism, error)
- func (c *Ctx) GetObjectSize(sh SessionHandle, oh ObjectHandle) (uint, error)
- func (c *Ctx) GetOperationState(sh SessionHandle) ([]byte, error)
- func (c *Ctx) GetSessionInfo(sh SessionHandle) (SessionInfo, error)
- func (c *Ctx) GetSlotInfo(slotID uint) (SlotInfo, error)
- func (c *Ctx) GetSlotList(tokenPresent bool) ([]uint, error)
- func (c *Ctx) GetTokenInfo(slotID uint) (TokenInfo, error)
- func (c *Ctx) InitPIN(sh SessionHandle, pin string) error
- func (c *Ctx) InitToken(slotID uint, pin string, label string) error
- func (c *Ctx) Initialize() error
- func (c *Ctx) Login(sh SessionHandle, userType uint, pin string) error
- func (c *Ctx) Logout(sh SessionHandle) error
- func (c *Ctx) OpenSession(slotID uint, flags uint) (SessionHandle, error)
- func (c *Ctx) SeedRandom(sh SessionHandle, seed []byte) error
- func (c *Ctx) SetAttributeValue(sh SessionHandle, o ObjectHandle, a []*Attribute) error
- func (c *Ctx) SetOperationState(sh SessionHandle, state []byte, encryptKey, authKey ObjectHandle) error
- func (c *Ctx) SetPIN(sh SessionHandle, oldpin string, newpin string) error
- func (c *Ctx) Sign(sh SessionHandle, message []byte) ([]byte, error)
- func (c *Ctx) SignEncryptUpdate(sh SessionHandle, part []byte) ([]byte, error)
- func (c *Ctx) SignFinal(sh SessionHandle) ([]byte, error)
- func (c *Ctx) SignInit(sh SessionHandle, m []*Mechanism, o ObjectHandle) error
- func (c *Ctx) SignRecover(sh SessionHandle, data []byte) ([]byte, error)
- func (c *Ctx) SignRecoverInit(sh SessionHandle, m []*Mechanism, key ObjectHandle) error
- func (c *Ctx) SignUpdate(sh SessionHandle, message []byte) error
- func (c *Ctx) UnwrapKey(sh SessionHandle, m []*Mechanism, unwrappingkey ObjectHandle, wrappedkey []byte, a []*Attribute) (ObjectHandle, error)
- func (c *Ctx) Verify(sh SessionHandle, data []byte, signature []byte) error
- func (c *Ctx) VerifyFinal(sh SessionHandle, signature []byte) error
- func (c *Ctx) VerifyInit(sh SessionHandle, m []*Mechanism, key ObjectHandle) error
- func (c *Ctx) VerifyRecover(sh SessionHandle, signature []byte) ([]byte, error)
- func (c *Ctx) VerifyRecoverInit(sh SessionHandle, m []*Mechanism, key ObjectHandle) error
- func (c *Ctx) VerifyUpdate(sh SessionHandle, part []byte) error
- func (c *Ctx) WaitForSlotEvent(flags uint) chan SlotEvent
- func (c *Ctx) WrapKey(sh SessionHandle, m []*Mechanism, wrappingkey, key ObjectHandle) ([]byte, error)
- type ECDH1DeriveParams
- type Error
- type GCMParams
- func NewGCMParams(iv, aad []byte, tagSize int) *GCMParams
- func (a *GCMParams) Allocate(obj []byte) (C.CK_VOID_PTR, C.CK_ULONG)
- func (p *GCMParams) Free()
- func (p *GCMParams) IV() []byte
- type Info
- type Mechanism
- type MechanismInfo
- type OAEPParams
- type ObjectHandle
- type SessionHandle
- type SessionInfo
- type SlotEvent
- type SlotInfo
- type TokenInfo
- type Version
Examples ¶
Constants ¶
const ( NFCK_VENDOR_NCIPHER = 0xde436972 CKA_NCIPHER = NFCK_VENDOR_NCIPHER CKM_NCIPHER = NFCK_VENDOR_NCIPHER CKK_NCIPHER = NFCK_VENDOR_NCIPHER )
Vendor specific range for Ncipher network HSM.
const ( CKM_NC_SHA_1_HMAC_KEY_GEN = CKM_NCIPHER + 0x3 /* no params */ CKM_NC_MD5_HMAC_KEY_GEN = CKM_NCIPHER + 0x6 /* no params */ CKM_NC_SHA224_HMAC_KEY_GEN = CKM_NCIPHER + 0x24 /* no params */ CKM_NC_SHA256_HMAC_KEY_GEN = CKM_NCIPHER + 0x25 /* no params */ CKM_NC_SHA384_HMAC_KEY_GEN = CKM_NCIPHER + 0x26 /* no params */ CKM_NC_SHA512_HMAC_KEY_GEN = CKM_NCIPHER + 0x27 /* no params */ )
Vendor specific mechanisms for HMAC on Ncipher HSMs where Ncipher does not allow use of generic_secret keys.
const ( NSSCK_VENDOR_NSS = 0x4E534350 CKO_NSS = CKO_VENDOR_DEFINED | NSSCK_VENDOR_NSS CKK_NSS = CKK_VENDOR_DEFINED | NSSCK_VENDOR_NSS CKC_NSS = CKC_VENDOR_DEFINED | NSSCK_VENDOR_NSS CKA_NSS = CKA_VENDOR_DEFINED | NSSCK_VENDOR_NSS CKA_TRUST = CKA_NSS + 0x2000 CKM_NSS = CKM_VENDOR_DEFINED | NSSCK_VENDOR_NSS CKR_NSS = CKM_VENDOR_DEFINED | NSSCK_VENDOR_NSS CKT_VENDOR_DEFINED = 0x80000000 CKT_NSS = CKT_VENDOR_DEFINED | NSSCK_VENDOR_NSS )
Vendor specific range for Mozilla NSS.
const ( CKO_NSS_CRL = CKO_NSS + 1 CKO_NSS_SMIME = CKO_NSS + 2 CKO_NSS_TRUST = CKO_NSS + 3 CKO_NSS_BUILTIN_ROOT_LIST = CKO_NSS + 4 CKO_NSS_NEWSLOT = CKO_NSS + 5 CKO_NSS_DELSLOT = CKO_NSS + 6 CKK_NSS_PKCS8 = CKK_NSS + 1 CKK_NSS_JPAKE_ROUND1 = CKK_NSS + 2 CKK_NSS_JPAKE_ROUND2 = CKK_NSS + 3 CKK_NSS_CHACHA20 = CKK_NSS + 4 CKA_NSS_URL = CKA_NSS + 1 CKA_NSS_EMAIL = CKA_NSS + 2 CKA_NSS_SMIME_INFO = CKA_NSS + 3 CKA_NSS_SMIME_TIMESTAMP = CKA_NSS + 4 CKA_NSS_PKCS8_SALT = CKA_NSS + 5 CKA_NSS_PASSWORD_CHECK = CKA_NSS + 6 CKA_NSS_EXPIRES = CKA_NSS + 7 CKA_NSS_KRL = CKA_NSS + 8 CKA_NSS_PQG_COUNTER = CKA_NSS + 20 CKA_NSS_PQG_SEED = CKA_NSS + 21 CKA_NSS_PQG_H = CKA_NSS + 22 CKA_NSS_PQG_SEED_BITS = CKA_NSS + 23 CKA_NSS_MODULE_SPEC = CKA_NSS + 24 CKA_NSS_OVERRIDE_EXTENSIONS = CKA_NSS + 25 CKA_NSS_JPAKE_SIGNERID = CKA_NSS + 26 CKA_NSS_JPAKE_PEERID = CKA_NSS + 27 CKA_NSS_JPAKE_GX1 = CKA_NSS + 28 CKA_NSS_JPAKE_GX2 = CKA_NSS + 29 CKA_NSS_JPAKE_GX3 = CKA_NSS + 30 CKA_NSS_JPAKE_GX4 = CKA_NSS + 31 CKA_NSS_JPAKE_X2 = CKA_NSS + 32 CKA_NSS_JPAKE_X2S = CKA_NSS + 33 CKA_NSS_MOZILLA_CA_POLICY = CKA_NSS + 34 CKA_TRUST_DIGITAL_SIGNATURE = CKA_TRUST + 1 CKA_TRUST_NON_REPUDIATION = CKA_TRUST + 2 CKA_TRUST_KEY_ENCIPHERMENT = CKA_TRUST + 3 CKA_TRUST_DATA_ENCIPHERMENT = CKA_TRUST + 4 CKA_TRUST_KEY_AGREEMENT = CKA_TRUST + 5 CKA_TRUST_KEY_CERT_SIGN = CKA_TRUST + 6 CKA_TRUST_CRL_SIGN = CKA_TRUST + 7 CKA_TRUST_SERVER_AUTH = CKA_TRUST + 8 CKA_TRUST_CLIENT_AUTH = CKA_TRUST + 9 CKA_TRUST_CODE_SIGNING = CKA_TRUST + 10 CKA_TRUST_EMAIL_PROTECTION = CKA_TRUST + 11 CKA_TRUST_IPSEC_END_SYSTEM = CKA_TRUST + 12 CKA_TRUST_IPSEC_TUNNEL = CKA_TRUST + 13 CKA_TRUST_IPSEC_USER = CKA_TRUST + 14 CKA_TRUST_TIME_STAMPING = CKA_TRUST + 15 CKA_TRUST_STEP_UP_APPROVED = CKA_TRUST + 16 CKA_CERT_SHA1_HASH = CKA_TRUST + 100 CKA_CERT_MD5_HASH = CKA_TRUST + 101 CKM_NSS_AES_KEY_WRAP = CKM_NSS + 1 CKM_NSS_AES_KEY_WRAP_PAD = CKM_NSS + 2 CKM_NSS_HKDF_SHA1 = CKM_NSS + 3 CKM_NSS_HKDF_SHA256 = CKM_NSS + 4 CKM_NSS_HKDF_SHA384 = CKM_NSS + 5 CKM_NSS_HKDF_SHA512 = CKM_NSS + 6 CKM_NSS_JPAKE_ROUND1_SHA1 = CKM_NSS + 7 CKM_NSS_JPAKE_ROUND1_SHA256 = CKM_NSS + 8 CKM_NSS_JPAKE_ROUND1_SHA384 = CKM_NSS + 9 CKM_NSS_JPAKE_ROUND1_SHA512 = CKM_NSS + 10 CKM_NSS_JPAKE_ROUND2_SHA1 = CKM_NSS + 11 CKM_NSS_JPAKE_ROUND2_SHA256 = CKM_NSS + 12 CKM_NSS_JPAKE_ROUND2_SHA384 = CKM_NSS + 13 CKM_NSS_JPAKE_ROUND2_SHA512 = CKM_NSS + 14 CKM_NSS_JPAKE_FINAL_SHA1 = CKM_NSS + 15 CKM_NSS_JPAKE_FINAL_SHA256 = CKM_NSS + 16 CKM_NSS_JPAKE_FINAL_SHA384 = CKM_NSS + 17 CKM_NSS_JPAKE_FINAL_SHA512 = CKM_NSS + 18 CKM_NSS_HMAC_CONSTANT_TIME = CKM_NSS + 19 CKM_NSS_SSL3_MAC_CONSTANT_TIME = CKM_NSS + 20 CKM_NSS_TLS_PRF_GENERAL_SHA256 = CKM_NSS + 21 CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256 = CKM_NSS + 22 CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256 = CKM_NSS + 23 CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 = CKM_NSS + 24 CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE = CKM_NSS + 25 CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH = CKM_NSS + 26 CKM_NSS_CHACHA20_KEY_GEN = CKM_NSS + 27 CKM_NSS_CHACHA20_POLY1305 = CKM_NSS + 28 CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN = CKM_NSS + 29 CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN = CKM_NSS + 30 CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN = CKM_NSS + 31 CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN = CKM_NSS + 32 CKR_NSS_CERTDB_FAILED = CKR_NSS + 1 CKR_NSS_KEYDB_FAILED = CKR_NSS + 2 CKT_NSS_TRUSTED = CKT_NSS + 1 CKT_NSS_TRUSTED_DELEGATOR = CKT_NSS + 2 CKT_NSS_MUST_VERIFY_TRUST = CKT_NSS + 3 CKT_NSS_NOT_TRUSTED = CKT_NSS + 10 CKT_NSS_TRUST_UNKNOWN = CKT_NSS + 5 )
Vendor specific values for Mozilla NSS.
const ( CK_TRUE = 1 CK_FALSE = 0 CK_UNAVAILABLE_INFORMATION = ^uint(0) CK_EFFECTIVELY_INFINITE = 0 CK_INVALID_HANDLE = 0 CKN_SURRENDER = 0 CKN_OTP_CHANGED = 1 CKF_TOKEN_PRESENT = 0x00000001 CKF_REMOVABLE_DEVICE = 0x00000002 CKF_HW_SLOT = 0x00000004 CKF_RNG = 0x00000001 CKF_WRITE_PROTECTED = 0x00000002 CKF_LOGIN_REQUIRED = 0x00000004 CKF_USER_PIN_INITIALIZED = 0x00000008 CKF_RESTORE_KEY_NOT_NEEDED = 0x00000020 CKF_CLOCK_ON_TOKEN = 0x00000040 CKF_PROTECTED_AUTHENTICATION_PATH = 0x00000100 CKF_DUAL_CRYPTO_OPERATIONS = 0x00000200 CKF_TOKEN_INITIALIZED = 0x00000400 CKF_SECONDARY_AUTHENTICATION = 0x00000800 CKF_USER_PIN_COUNT_LOW = 0x00010000 CKF_USER_PIN_FINAL_TRY = 0x00020000 CKF_USER_PIN_LOCKED = 0x00040000 CKF_USER_PIN_TO_BE_CHANGED = 0x00080000 CKF_SO_PIN_COUNT_LOW = 0x00100000 CKF_SO_PIN_FINAL_TRY = 0x00200000 CKF_SO_PIN_LOCKED = 0x00400000 CKF_SO_PIN_TO_BE_CHANGED = 0x00800000 CKF_ERROR_STATE = 0x01000000 CKU_SO = 0 CKU_USER = 1 CKU_CONTEXT_SPECIFIC = 2 CKS_RO_PUBLIC_SESSION = 0 CKS_RO_USER_FUNCTIONS = 1 CKS_RW_PUBLIC_SESSION = 2 CKS_RW_USER_FUNCTIONS = 3 CKS_RW_SO_FUNCTIONS = 4 CKF_RW_SESSION = 0x00000002 CKF_SERIAL_SESSION = 0x00000004 CKO_DATA = 0x00000000 CKO_CERTIFICATE = 0x00000001 CKO_PUBLIC_KEY = 0x00000002 CKO_PRIVATE_KEY = 0x00000003 CKO_SECRET_KEY = 0x00000004 CKO_HW_FEATURE = 0x00000005 CKO_DOMAIN_PARAMETERS = 0x00000006 CKO_MECHANISM = 0x00000007 CKO_OTP_KEY = 0x00000008 CKO_VENDOR_DEFINED = 0x80000000 CKH_MONOTONIC_COUNTER = 0x00000001 CKH_CLOCK = 0x00000002 CKH_USER_INTERFACE = 0x00000003 CKH_VENDOR_DEFINED = 0x80000000 CKK_RSA = 0x00000000 CKK_DSA = 0x00000001 CKK_DH = 0x00000002 CKK_ECDSA = 0x00000003 // Deprecated CKK_EC = 0x00000003 CKK_X9_42_DH = 0x00000004 CKK_KEA = 0x00000005 CKK_GENERIC_SECRET = 0x00000010 CKK_RC2 = 0x00000011 CKK_RC4 = 0x00000012 CKK_DES = 0x00000013 CKK_DES2 = 0x00000014 CKK_DES3 = 0x00000015 CKK_CAST = 0x00000016 CKK_CAST3 = 0x00000017 CKK_CAST5 = 0x00000018 // Deprecated CKK_CAST128 = 0x00000018 CKK_RC5 = 0x00000019 CKK_IDEA = 0x0000001A CKK_SKIPJACK = 0x0000001B CKK_BATON = 0x0000001C CKK_JUNIPER = 0x0000001D CKK_CDMF = 0x0000001E CKK_AES = 0x0000001F CKK_BLOWFISH = 0x00000020 CKK_TWOFISH = 0x00000021 CKK_SECURID = 0x00000022 CKK_HOTP = 0x00000023 CKK_ACTI = 0x00000024 CKK_CAMELLIA = 0x00000025 CKK_ARIA = 0x00000026 CKK_MD5_HMAC = 0x00000027 CKK_SHA_1_HMAC = 0x00000028 CKK_RIPEMD128_HMAC = 0x00000029 CKK_RIPEMD160_HMAC = 0x0000002A CKK_SHA256_HMAC = 0x0000002B CKK_SHA384_HMAC = 0x0000002C CKK_SHA512_HMAC = 0x0000002D CKK_SHA224_HMAC = 0x0000002E CKK_SEED = 0x0000002F CKK_GOSTR3410 = 0x00000030 CKK_GOSTR3411 = 0x00000031 CKK_GOST28147 = 0x00000032 CKK_SHA3_224_HMAC = 0x00000033 CKK_SHA3_256_HMAC = 0x00000034 CKK_SHA3_384_HMAC = 0x00000035 CKK_SHA3_512_HMAC = 0x00000036 CKK_VENDOR_DEFINED = 0x80000000 CK_CERTIFICATE_CATEGORY_UNSPECIFIED = 0 CK_CERTIFICATE_CATEGORY_TOKEN_USER = 1 CK_CERTIFICATE_CATEGORY_AUTHORITY = 2 CK_CERTIFICATE_CATEGORY_OTHER_ENTITY = 3 CK_SECURITY_DOMAIN_UNSPECIFIED = 0 CK_SECURITY_DOMAIN_MANUFACTURER = 1 CK_SECURITY_DOMAIN_OPERATOR = 2 CK_SECURITY_DOMAIN_THIRD_PARTY = 3 CKC_X_509 = 0x00000000 CKC_X_509_ATTR_CERT = 0x00000001 CKC_WTLS = 0x00000002 CKC_VENDOR_DEFINED = 0x80000000 CKF_ARRAY_ATTRIBUTE = 0x40000000 CK_OTP_FORMAT_DECIMAL = 0 CK_OTP_FORMAT_HEXADECIMAL = 1 CK_OTP_FORMAT_ALPHANUMERIC = 2 CK_OTP_FORMAT_BINARY = 3 CK_OTP_PARAM_IGNORED = 0 CK_OTP_PARAM_OPTIONAL = 1 CK_OTP_PARAM_MANDATORY = 2 CKA_CLASS = 0x00000000 CKA_TOKEN = 0x00000001 CKA_PRIVATE = 0x00000002 CKA_LABEL = 0x00000003 CKA_APPLICATION = 0x00000010 CKA_VALUE = 0x00000011 CKA_OBJECT_ID = 0x00000012 CKA_CERTIFICATE_TYPE = 0x00000080 CKA_ISSUER = 0x00000081 CKA_SERIAL_NUMBER = 0x00000082 CKA_AC_ISSUER = 0x00000083 CKA_OWNER = 0x00000084 CKA_ATTR_TYPES = 0x00000085 CKA_TRUSTED = 0x00000086 CKA_CERTIFICATE_CATEGORY = 0x00000087 CKA_JAVA_MIDP_SECURITY_DOMAIN = 0x00000088 CKA_URL = 0x00000089 CKA_HASH_OF_SUBJECT_PUBLIC_KEY = 0x0000008A CKA_HASH_OF_ISSUER_PUBLIC_KEY = 0x0000008B CKA_NAME_HASH_ALGORITHM = 0x0000008C CKA_CHECK_VALUE = 0x00000090 CKA_KEY_TYPE = 0x00000100 CKA_SUBJECT = 0x00000101 CKA_ID = 0x00000102 CKA_SENSITIVE = 0x00000103 CKA_ENCRYPT = 0x00000104 CKA_DECRYPT = 0x00000105 CKA_WRAP = 0x00000106 CKA_UNWRAP = 0x00000107 CKA_SIGN = 0x00000108 CKA_SIGN_RECOVER = 0x00000109 CKA_VERIFY = 0x0000010A CKA_VERIFY_RECOVER = 0x0000010B CKA_DERIVE = 0x0000010C CKA_START_DATE = 0x00000110 CKA_END_DATE = 0x00000111 CKA_MODULUS = 0x00000120 CKA_MODULUS_BITS = 0x00000121 CKA_PUBLIC_EXPONENT = 0x00000122 CKA_PRIVATE_EXPONENT = 0x00000123 CKA_PRIME_1 = 0x00000124 CKA_PRIME_2 = 0x00000125 CKA_EXPONENT_1 = 0x00000126 CKA_EXPONENT_2 = 0x00000127 CKA_COEFFICIENT = 0x00000128 CKA_PUBLIC_KEY_INFO = 0x00000129 CKA_PRIME = 0x00000130 CKA_SUBPRIME = 0x00000131 CKA_BASE = 0x00000132 CKA_PRIME_BITS = 0x00000133 CKA_SUBPRIME_BITS = 0x00000134 CKA_SUB_PRIME_BITS = CKA_SUBPRIME_BITS CKA_VALUE_BITS = 0x00000160 CKA_VALUE_LEN = 0x00000161 CKA_EXTRACTABLE = 0x00000162 CKA_LOCAL = 0x00000163 CKA_NEVER_EXTRACTABLE = 0x00000164 CKA_ALWAYS_SENSITIVE = 0x00000165 CKA_KEY_GEN_MECHANISM = 0x00000166 CKA_MODIFIABLE = 0x00000170 CKA_COPYABLE = 0x00000171 CKA_DESTROYABLE = 0x00000172 CKA_ECDSA_PARAMS = 0x00000180 // Deprecated CKA_EC_PARAMS = 0x00000180 CKA_EC_POINT = 0x00000181 CKA_SECONDARY_AUTH = 0x00000200 // Deprecated CKA_AUTH_PIN_FLAGS = 0x00000201 // Deprecated CKA_ALWAYS_AUTHENTICATE = 0x00000202 CKA_WRAP_WITH_TRUSTED = 0x00000210 CKA_WRAP_TEMPLATE = (CKF_ARRAY_ATTRIBUTE | 0x00000211) CKA_UNWRAP_TEMPLATE = (CKF_ARRAY_ATTRIBUTE | 0x00000212) CKA_DERIVE_TEMPLATE = (CKF_ARRAY_ATTRIBUTE | 0x00000213) CKA_OTP_FORMAT = 0x00000220 CKA_OTP_LENGTH = 0x00000221 CKA_OTP_TIME_INTERVAL = 0x00000222 CKA_OTP_USER_FRIENDLY_MODE = 0x00000223 CKA_OTP_CHALLENGE_REQUIREMENT = 0x00000224 CKA_OTP_TIME_REQUIREMENT = 0x00000225 CKA_OTP_COUNTER_REQUIREMENT = 0x00000226 CKA_OTP_PIN_REQUIREMENT = 0x00000227 CKA_OTP_COUNTER = 0x0000022E CKA_OTP_TIME = 0x0000022F CKA_OTP_USER_IDENTIFIER = 0x0000022A CKA_OTP_SERVICE_IDENTIFIER = 0x0000022B CKA_OTP_SERVICE_LOGO = 0x0000022C CKA_OTP_SERVICE_LOGO_TYPE = 0x0000022D CKA_GOSTR3410_PARAMS = 0x00000250 CKA_GOSTR3411_PARAMS = 0x00000251 CKA_GOST28147_PARAMS = 0x00000252 CKA_HW_FEATURE_TYPE = 0x00000300 CKA_RESET_ON_INIT = 0x00000301 CKA_HAS_RESET = 0x00000302 CKA_PIXEL_X = 0x00000400 CKA_PIXEL_Y = 0x00000401 CKA_RESOLUTION = 0x00000402 CKA_CHAR_ROWS = 0x00000403 CKA_CHAR_COLUMNS = 0x00000404 CKA_COLOR = 0x00000405 CKA_BITS_PER_PIXEL = 0x00000406 CKA_CHAR_SETS = 0x00000480 CKA_ENCODING_METHODS = 0x00000481 CKA_MIME_TYPES = 0x00000482 CKA_MECHANISM_TYPE = 0x00000500 CKA_REQUIRED_CMS_ATTRIBUTES = 0x00000501 CKA_DEFAULT_CMS_ATTRIBUTES = 0x00000502 CKA_SUPPORTED_CMS_ATTRIBUTES = 0x00000503 CKA_ALLOWED_MECHANISMS = (CKF_ARRAY_ATTRIBUTE | 0x00000600) CKA_VENDOR_DEFINED = 0x80000000 CKM_RSA_PKCS_KEY_PAIR_GEN = 0x00000000 CKM_RSA_PKCS = 0x00000001 CKM_RSA_9796 = 0x00000002 CKM_RSA_X_509 = 0x00000003 CKM_MD2_RSA_PKCS = 0x00000004 CKM_MD5_RSA_PKCS = 0x00000005 CKM_SHA1_RSA_PKCS = 0x00000006 CKM_RIPEMD128_RSA_PKCS = 0x00000007 CKM_RIPEMD160_RSA_PKCS = 0x00000008 CKM_RSA_PKCS_OAEP = 0x00000009 CKM_RSA_X9_31_KEY_PAIR_GEN = 0x0000000A CKM_RSA_X9_31 = 0x0000000B CKM_SHA1_RSA_X9_31 = 0x0000000C CKM_RSA_PKCS_PSS = 0x0000000D CKM_SHA1_RSA_PKCS_PSS = 0x0000000E CKM_DSA_KEY_PAIR_GEN = 0x00000010 CKM_DSA = 0x00000011 CKM_DSA_SHA1 = 0x00000012 CKM_DSA_SHA224 = 0x00000013 CKM_DSA_SHA256 = 0x00000014 CKM_DSA_SHA384 = 0x00000015 CKM_DSA_SHA512 = 0x00000016 CKM_DSA_SHA3_224 = 0x00000018 CKM_DSA_SHA3_256 = 0x00000019 CKM_DSA_SHA3_384 = 0x0000001A CKM_DSA_SHA3_512 = 0x0000001B CKM_DH_PKCS_KEY_PAIR_GEN = 0x00000020 CKM_DH_PKCS_DERIVE = 0x00000021 CKM_X9_42_DH_KEY_PAIR_GEN = 0x00000030 CKM_X9_42_DH_DERIVE = 0x00000031 CKM_X9_42_DH_HYBRID_DERIVE = 0x00000032 CKM_X9_42_MQV_DERIVE = 0x00000033 CKM_SHA256_RSA_PKCS = 0x00000040 CKM_SHA384_RSA_PKCS = 0x00000041 CKM_SHA512_RSA_PKCS = 0x00000042 CKM_SHA256_RSA_PKCS_PSS = 0x00000043 CKM_SHA384_RSA_PKCS_PSS = 0x00000044 CKM_SHA512_RSA_PKCS_PSS = 0x00000045 CKM_SHA224_RSA_PKCS = 0x00000046 CKM_SHA224_RSA_PKCS_PSS = 0x00000047 CKM_SHA512_224 = 0x00000048 CKM_SHA512_224_HMAC = 0x00000049 CKM_SHA512_224_HMAC_GENERAL = 0x0000004A CKM_SHA512_224_KEY_DERIVATION = 0x0000004B CKM_SHA512_256 = 0x0000004C CKM_SHA512_256_HMAC = 0x0000004D CKM_SHA512_256_HMAC_GENERAL = 0x0000004E CKM_SHA512_256_KEY_DERIVATION = 0x0000004F CKM_SHA512_T = 0x00000050 CKM_SHA512_T_HMAC = 0x00000051 CKM_SHA512_T_HMAC_GENERAL = 0x00000052 CKM_SHA512_T_KEY_DERIVATION = 0x00000053 CKM_SHA3_256_RSA_PKCS = 0x00000060 CKM_SHA3_384_RSA_PKCS = 0x00000061 CKM_SHA3_512_RSA_PKCS = 0x00000062 CKM_SHA3_256_RSA_PKCS_PSS = 0x00000063 CKM_SHA3_384_RSA_PKCS_PSS = 0x00000064 CKM_SHA3_512_RSA_PKCS_PSS = 0x00000065 CKM_SHA3_224_RSA_PKCS = 0x00000066 CKM_SHA3_224_RSA_PKCS_PSS = 0x00000067 CKM_RC2_KEY_GEN = 0x00000100 CKM_RC2_ECB = 0x00000101 CKM_RC2_CBC = 0x00000102 CKM_RC2_MAC = 0x00000103 CKM_RC2_MAC_GENERAL = 0x00000104 CKM_RC2_CBC_PAD = 0x00000105 CKM_RC4_KEY_GEN = 0x00000110 CKM_RC4 = 0x00000111 CKM_DES_KEY_GEN = 0x00000120 CKM_DES_ECB = 0x00000121 CKM_DES_CBC = 0x00000122 CKM_DES_MAC = 0x00000123 CKM_DES_MAC_GENERAL = 0x00000124 CKM_DES_CBC_PAD = 0x00000125 CKM_DES2_KEY_GEN = 0x00000130 CKM_DES3_KEY_GEN = 0x00000131 CKM_DES3_ECB = 0x00000132 CKM_DES3_CBC = 0x00000133 CKM_DES3_MAC = 0x00000134 CKM_DES3_MAC_GENERAL = 0x00000135 CKM_DES3_CBC_PAD = 0x00000136 CKM_DES3_CMAC_GENERAL = 0x00000137 CKM_DES3_CMAC = 0x00000138 CKM_CDMF_KEY_GEN = 0x00000140 CKM_CDMF_ECB = 0x00000141 CKM_CDMF_CBC = 0x00000142 CKM_CDMF_MAC = 0x00000143 CKM_CDMF_MAC_GENERAL = 0x00000144 CKM_CDMF_CBC_PAD = 0x00000145 CKM_DES_OFB64 = 0x00000150 CKM_DES_OFB8 = 0x00000151 CKM_DES_CFB64 = 0x00000152 CKM_DES_CFB8 = 0x00000153 CKM_MD2 = 0x00000200 CKM_MD2_HMAC = 0x00000201 CKM_MD2_HMAC_GENERAL = 0x00000202 CKM_MD5 = 0x00000210 CKM_MD5_HMAC = 0x00000211 CKM_MD5_HMAC_GENERAL = 0x00000212 CKM_SHA_1 = 0x00000220 CKM_SHA_1_HMAC = 0x00000221 CKM_SHA_1_HMAC_GENERAL = 0x00000222 CKM_RIPEMD128 = 0x00000230 CKM_RIPEMD128_HMAC = 0x00000231 CKM_RIPEMD128_HMAC_GENERAL = 0x00000232 CKM_RIPEMD160 = 0x00000240 CKM_RIPEMD160_HMAC = 0x00000241 CKM_RIPEMD160_HMAC_GENERAL = 0x00000242 CKM_SHA256 = 0x00000250 CKM_SHA256_HMAC = 0x00000251 CKM_SHA256_HMAC_GENERAL = 0x00000252 CKM_SHA224 = 0x00000255 CKM_SHA224_HMAC = 0x00000256 CKM_SHA224_HMAC_GENERAL = 0x00000257 CKM_SHA384 = 0x00000260 CKM_SHA384_HMAC = 0x00000261 CKM_SHA384_HMAC_GENERAL = 0x00000262 CKM_SHA512 = 0x00000270 CKM_SHA512_HMAC = 0x00000271 CKM_SHA512_HMAC_GENERAL = 0x00000272 CKM_SECURID_KEY_GEN = 0x00000280 CKM_SECURID = 0x00000282 CKM_HOTP_KEY_GEN = 0x00000290 CKM_HOTP = 0x00000291 CKM_ACTI = 0x000002A0 CKM_ACTI_KEY_GEN = 0x000002A1 CKM_SHA3_256 = 0x000002B0 CKM_SHA3_256_HMAC = 0x000002B1 CKM_SHA3_256_HMAC_GENERAL = 0x000002B2 CKM_SHA3_256_KEY_GEN = 0x000002B3 CKM_SHA3_224 = 0x000002B5 CKM_SHA3_224_HMAC = 0x000002B6 CKM_SHA3_224_HMAC_GENERAL = 0x000002B7 CKM_SHA3_224_KEY_GEN = 0x000002B8 CKM_SHA3_384 = 0x000002C0 CKM_SHA3_384_HMAC = 0x000002C1 CKM_SHA3_384_HMAC_GENERAL = 0x000002C2 CKM_SHA3_384_KEY_GEN = 0x000002C3 CKM_SHA3_512 = 0x000002D0 CKM_SHA3_512_HMAC = 0x000002D1 CKM_SHA3_512_HMAC_GENERAL = 0x000002D2 CKM_SHA3_512_KEY_GEN = 0x000002D3 CKM_CAST_KEY_GEN = 0x00000300 CKM_CAST_ECB = 0x00000301 CKM_CAST_CBC = 0x00000302 CKM_CAST_MAC = 0x00000303 CKM_CAST_MAC_GENERAL = 0x00000304 CKM_CAST_CBC_PAD = 0x00000305 CKM_CAST3_KEY_GEN = 0x00000310 CKM_CAST3_ECB = 0x00000311 CKM_CAST3_CBC = 0x00000312 CKM_CAST3_MAC = 0x00000313 CKM_CAST3_MAC_GENERAL = 0x00000314 CKM_CAST3_CBC_PAD = 0x00000315 CKM_CAST5_KEY_GEN = 0x00000320 CKM_CAST128_KEY_GEN = 0x00000320 CKM_CAST5_ECB = 0x00000321 CKM_CAST128_ECB = 0x00000321 CKM_CAST5_CBC = 0x00000322 // Deprecated CKM_CAST128_CBC = 0x00000322 CKM_CAST5_MAC = 0x00000323 // Deprecated CKM_CAST128_MAC = 0x00000323 CKM_CAST5_MAC_GENERAL = 0x00000324 // Deprecated CKM_CAST128_MAC_GENERAL = 0x00000324 CKM_CAST5_CBC_PAD = 0x00000325 // Deprecated CKM_CAST128_CBC_PAD = 0x00000325 CKM_RC5_KEY_GEN = 0x00000330 CKM_RC5_ECB = 0x00000331 CKM_RC5_CBC = 0x00000332 CKM_RC5_MAC = 0x00000333 CKM_RC5_MAC_GENERAL = 0x00000334 CKM_RC5_CBC_PAD = 0x00000335 CKM_IDEA_KEY_GEN = 0x00000340 CKM_IDEA_ECB = 0x00000341 CKM_IDEA_CBC = 0x00000342 CKM_IDEA_MAC = 0x00000343 CKM_IDEA_MAC_GENERAL = 0x00000344 CKM_IDEA_CBC_PAD = 0x00000345 CKM_GENERIC_SECRET_KEY_GEN = 0x00000350 CKM_CONCATENATE_BASE_AND_KEY = 0x00000360 CKM_CONCATENATE_BASE_AND_DATA = 0x00000362 CKM_CONCATENATE_DATA_AND_BASE = 0x00000363 CKM_XOR_BASE_AND_DATA = 0x00000364 CKM_EXTRACT_KEY_FROM_KEY = 0x00000365 CKM_SSL3_PRE_MASTER_KEY_GEN = 0x00000370 CKM_SSL3_MASTER_KEY_DERIVE = 0x00000371 CKM_SSL3_KEY_AND_MAC_DERIVE = 0x00000372 CKM_SSL3_MASTER_KEY_DERIVE_DH = 0x00000373 CKM_TLS_PRE_MASTER_KEY_GEN = 0x00000374 CKM_TLS_MASTER_KEY_DERIVE = 0x00000375 CKM_TLS_KEY_AND_MAC_DERIVE = 0x00000376 CKM_TLS_MASTER_KEY_DERIVE_DH = 0x00000377 CKM_TLS_PRF = 0x00000378 CKM_SSL3_MD5_MAC = 0x00000380 CKM_SSL3_SHA1_MAC = 0x00000381 CKM_MD5_KEY_DERIVATION = 0x00000390 CKM_MD2_KEY_DERIVATION = 0x00000391 CKM_SHA1_KEY_DERIVATION = 0x00000392 CKM_SHA256_KEY_DERIVATION = 0x00000393 CKM_SHA384_KEY_DERIVATION = 0x00000394 CKM_SHA512_KEY_DERIVATION = 0x00000395 CKM_SHA224_KEY_DERIVATION = 0x00000396 CKM_SHA3_256_KEY_DERIVE = 0x00000397 CKM_SHA3_224_KEY_DERIVE = 0x00000398 CKM_SHA3_384_KEY_DERIVE = 0x00000399 CKM_SHA3_512_KEY_DERIVE = 0x0000039A CKM_SHAKE_128_KEY_DERIVE = 0x0000039B CKM_SHAKE_256_KEY_DERIVE = 0x0000039C CKM_PBE_MD2_DES_CBC = 0x000003A0 CKM_PBE_MD5_DES_CBC = 0x000003A1 CKM_PBE_MD5_CAST_CBC = 0x000003A2 CKM_PBE_MD5_CAST3_CBC = 0x000003A3 CKM_PBE_MD5_CAST5_CBC = 0x000003A4 // Deprecated CKM_PBE_MD5_CAST128_CBC = 0x000003A4 CKM_PBE_SHA1_CAST5_CBC = 0x000003A5 // Deprecated CKM_PBE_SHA1_CAST128_CBC = 0x000003A5 CKM_PBE_SHA1_RC4_128 = 0x000003A6 CKM_PBE_SHA1_RC4_40 = 0x000003A7 CKM_PBE_SHA1_DES3_EDE_CBC = 0x000003A8 CKM_PBE_SHA1_DES2_EDE_CBC = 0x000003A9 CKM_PBE_SHA1_RC2_128_CBC = 0x000003AA CKM_PBE_SHA1_RC2_40_CBC = 0x000003AB CKM_PKCS5_PBKD2 = 0x000003B0 CKM_PBA_SHA1_WITH_SHA1_HMAC = 0x000003C0 CKM_WTLS_PRE_MASTER_KEY_GEN = 0x000003D0 CKM_WTLS_MASTER_KEY_DERIVE = 0x000003D1 CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC = 0x000003D2 CKM_WTLS_PRF = 0x000003D3 CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE = 0x000003D4 CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE = 0x000003D5 CKM_TLS10_MAC_SERVER = 0x000003D6 CKM_TLS10_MAC_CLIENT = 0x000003D7 CKM_TLS12_MAC = 0x000003D8 CKM_TLS12_KDF = 0x000003D9 CKM_TLS12_MASTER_KEY_DERIVE = 0x000003E0 CKM_TLS12_KEY_AND_MAC_DERIVE = 0x000003E1 CKM_TLS12_MASTER_KEY_DERIVE_DH = 0x000003E2 CKM_TLS12_KEY_SAFE_DERIVE = 0x000003E3 CKM_TLS_MAC = 0x000003E4 CKM_TLS_KDF = 0x000003E5 CKM_KEY_WRAP_LYNKS = 0x00000400 CKM_KEY_WRAP_SET_OAEP = 0x00000401 CKM_CMS_SIG = 0x00000500 CKM_KIP_DERIVE = 0x00000510 CKM_KIP_WRAP = 0x00000511 CKM_KIP_MAC = 0x00000512 CKM_CAMELLIA_KEY_GEN = 0x00000550 CKM_CAMELLIA_ECB = 0x00000551 CKM_CAMELLIA_CBC = 0x00000552 CKM_CAMELLIA_MAC = 0x00000553 CKM_CAMELLIA_MAC_GENERAL = 0x00000554 CKM_CAMELLIA_CBC_PAD = 0x00000555 CKM_CAMELLIA_ECB_ENCRYPT_DATA = 0x00000556 CKM_CAMELLIA_CBC_ENCRYPT_DATA = 0x00000557 CKM_CAMELLIA_CTR = 0x00000558 CKM_ARIA_KEY_GEN = 0x00000560 CKM_ARIA_ECB = 0x00000561 CKM_ARIA_CBC = 0x00000562 CKM_ARIA_MAC = 0x00000563 CKM_ARIA_MAC_GENERAL = 0x00000564 CKM_ARIA_CBC_PAD = 0x00000565 CKM_ARIA_ECB_ENCRYPT_DATA = 0x00000566 CKM_ARIA_CBC_ENCRYPT_DATA = 0x00000567 CKM_SEED_KEY_GEN = 0x00000650 CKM_SEED_ECB = 0x00000651 CKM_SEED_CBC = 0x00000652 CKM_SEED_MAC = 0x00000653 CKM_SEED_MAC_GENERAL = 0x00000654 CKM_SEED_CBC_PAD = 0x00000655 CKM_SEED_ECB_ENCRYPT_DATA = 0x00000656 CKM_SEED_CBC_ENCRYPT_DATA = 0x00000657 CKM_SKIPJACK_KEY_GEN = 0x00001000 CKM_SKIPJACK_ECB64 = 0x00001001 CKM_SKIPJACK_CBC64 = 0x00001002 CKM_SKIPJACK_OFB64 = 0x00001003 CKM_SKIPJACK_CFB64 = 0x00001004 CKM_SKIPJACK_CFB32 = 0x00001005 CKM_SKIPJACK_CFB16 = 0x00001006 CKM_SKIPJACK_CFB8 = 0x00001007 CKM_SKIPJACK_WRAP = 0x00001008 CKM_SKIPJACK_PRIVATE_WRAP = 0x00001009 CKM_SKIPJACK_RELAYX = 0x0000100a CKM_KEA_KEY_PAIR_GEN = 0x00001010 CKM_KEA_KEY_DERIVE = 0x00001011 CKM_KEA_DERIVE = 0x00001012 CKM_FORTEZZA_TIMESTAMP = 0x00001020 CKM_BATON_KEY_GEN = 0x00001030 CKM_BATON_ECB128 = 0x00001031 CKM_BATON_ECB96 = 0x00001032 CKM_BATON_CBC128 = 0x00001033 CKM_BATON_COUNTER = 0x00001034 CKM_BATON_SHUFFLE = 0x00001035 CKM_BATON_WRAP = 0x00001036 CKM_ECDSA_KEY_PAIR_GEN = 0x00001040 // Deprecated CKM_EC_KEY_PAIR_GEN = 0x00001040 CKM_ECDSA = 0x00001041 CKM_ECDSA_SHA1 = 0x00001042 CKM_ECDSA_SHA224 = 0x00001043 CKM_ECDSA_SHA256 = 0x00001044 CKM_ECDSA_SHA384 = 0x00001045 CKM_ECDSA_SHA512 = 0x00001046 CKM_ECDH1_DERIVE = 0x00001050 CKM_ECDH1_COFACTOR_DERIVE = 0x00001051 CKM_ECMQV_DERIVE = 0x00001052 CKM_ECDH_AES_KEY_WRAP = 0x00001053 CKM_RSA_AES_KEY_WRAP = 0x00001054 CKM_JUNIPER_KEY_GEN = 0x00001060 CKM_JUNIPER_ECB128 = 0x00001061 CKM_JUNIPER_CBC128 = 0x00001062 CKM_JUNIPER_COUNTER = 0x00001063 CKM_JUNIPER_SHUFFLE = 0x00001064 CKM_JUNIPER_WRAP = 0x00001065 CKM_FASTHASH = 0x00001070 CKM_AES_KEY_GEN = 0x00001080 CKM_AES_ECB = 0x00001081 CKM_AES_CBC = 0x00001082 CKM_AES_MAC = 0x00001083 CKM_AES_MAC_GENERAL = 0x00001084 CKM_AES_CBC_PAD = 0x00001085 CKM_AES_CTR = 0x00001086 CKM_AES_GCM = 0x00001087 CKM_AES_CCM = 0x00001088 CKM_AES_CTS = 0x00001089 CKM_AES_CMAC = 0x0000108A CKM_AES_CMAC_GENERAL = 0x0000108B CKM_AES_XCBC_MAC = 0x0000108C CKM_AES_XCBC_MAC_96 = 0x0000108D CKM_AES_GMAC = 0x0000108E CKM_BLOWFISH_KEY_GEN = 0x00001090 CKM_BLOWFISH_CBC = 0x00001091 CKM_TWOFISH_KEY_GEN = 0x00001092 CKM_TWOFISH_CBC = 0x00001093 CKM_BLOWFISH_CBC_PAD = 0x00001094 CKM_TWOFISH_CBC_PAD = 0x00001095 CKM_DES_ECB_ENCRYPT_DATA = 0x00001100 CKM_DES_CBC_ENCRYPT_DATA = 0x00001101 CKM_DES3_ECB_ENCRYPT_DATA = 0x00001102 CKM_DES3_CBC_ENCRYPT_DATA = 0x00001103 CKM_AES_ECB_ENCRYPT_DATA = 0x00001104 CKM_AES_CBC_ENCRYPT_DATA = 0x00001105 CKM_GOSTR3410_KEY_PAIR_GEN = 0x00001200 CKM_GOSTR3410 = 0x00001201 CKM_GOSTR3410_WITH_GOSTR3411 = 0x00001202 CKM_GOSTR3410_KEY_WRAP = 0x00001203 CKM_GOSTR3410_DERIVE = 0x00001204 CKM_GOSTR3411 = 0x00001210 CKM_GOSTR3411_HMAC = 0x00001211 CKM_GOST28147_KEY_GEN = 0x00001220 CKM_GOST28147_ECB = 0x00001221 CKM_GOST28147 = 0x00001222 CKM_GOST28147_MAC = 0x00001223 CKM_GOST28147_KEY_WRAP = 0x00001224 CKM_DSA_PARAMETER_GEN = 0x00002000 CKM_DH_PKCS_PARAMETER_GEN = 0x00002001 CKM_X9_42_DH_PARAMETER_GEN = 0x00002002 CKM_DSA_PROBABLISTIC_PARAMETER_GEN = 0x00002003 CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN = 0x00002004 CKM_AES_OFB = 0x00002104 CKM_AES_CFB64 = 0x00002105 CKM_AES_CFB8 = 0x00002106 CKM_AES_CFB128 = 0x00002107 CKM_AES_CFB1 = 0x00002108 CKM_AES_KEY_WRAP = 0x00002109 CKM_AES_KEY_WRAP_PAD = 0x0000210A CKM_RSA_PKCS_TPM_1_1 = 0x00004001 CKM_RSA_PKCS_OAEP_TPM_1_1 = 0x00004002 CKM_VENDOR_DEFINED = 0x80000000 CKF_HW = 0x00000001 CKF_ENCRYPT = 0x00000100 CKF_DECRYPT = 0x00000200 CKF_DIGEST = 0x00000400 CKF_SIGN = 0x00000800 CKF_SIGN_RECOVER = 0x00001000 CKF_VERIFY = 0x00002000 CKF_VERIFY_RECOVER = 0x00004000 CKF_GENERATE = 0x00008000 CKF_GENERATE_KEY_PAIR = 0x00010000 CKF_WRAP = 0x00020000 CKF_UNWRAP = 0x00040000 CKF_DERIVE = 0x00080000 CKF_EC_F_P = 0x00100000 CKF_EC_F_2M = 0x00200000 CKF_EC_ECPARAMETERS = 0x00400000 CKF_EC_NAMEDCURVE = 0x00800000 CKF_EC_UNCOMPRESS = 0x01000000 CKF_EC_COMPRESS = 0x02000000 CKF_EXTENSION = 0x80000000 CKR_OK = 0x00000000 CKR_CANCEL = 0x00000001 CKR_HOST_MEMORY = 0x00000002 CKR_SLOT_ID_INVALID = 0x00000003 CKR_GENERAL_ERROR = 0x00000005 CKR_FUNCTION_FAILED = 0x00000006 CKR_ARGUMENTS_BAD = 0x00000007 CKR_NO_EVENT = 0x00000008 CKR_NEED_TO_CREATE_THREADS = 0x00000009 CKR_CANT_LOCK = 0x0000000A CKR_ATTRIBUTE_READ_ONLY = 0x00000010 CKR_ATTRIBUTE_SENSITIVE = 0x00000011 CKR_ATTRIBUTE_TYPE_INVALID = 0x00000012 CKR_ATTRIBUTE_VALUE_INVALID = 0x00000013 CKR_ACTION_PROHIBITED = 0x0000001B CKR_DATA_INVALID = 0x00000020 CKR_DATA_LEN_RANGE = 0x00000021 CKR_DEVICE_ERROR = 0x00000030 CKR_DEVICE_MEMORY = 0x00000031 CKR_DEVICE_REMOVED = 0x00000032 CKR_ENCRYPTED_DATA_INVALID = 0x00000040 CKR_ENCRYPTED_DATA_LEN_RANGE = 0x00000041 CKR_FUNCTION_CANCELED = 0x00000050 CKR_FUNCTION_NOT_PARALLEL = 0x00000051 CKR_FUNCTION_NOT_SUPPORTED = 0x00000054 CKR_KEY_HANDLE_INVALID = 0x00000060 CKR_KEY_SIZE_RANGE = 0x00000062 CKR_KEY_TYPE_INCONSISTENT = 0x00000063 CKR_KEY_NOT_NEEDED = 0x00000064 CKR_KEY_CHANGED = 0x00000065 CKR_KEY_NEEDED = 0x00000066 CKR_KEY_INDIGESTIBLE = 0x00000067 CKR_KEY_FUNCTION_NOT_PERMITTED = 0x00000068 CKR_KEY_NOT_WRAPPABLE = 0x00000069 CKR_KEY_UNEXTRACTABLE = 0x0000006A CKR_MECHANISM_INVALID = 0x00000070 CKR_MECHANISM_PARAM_INVALID = 0x00000071 CKR_OBJECT_HANDLE_INVALID = 0x00000082 CKR_OPERATION_ACTIVE = 0x00000090 CKR_OPERATION_NOT_INITIALIZED = 0x00000091 CKR_PIN_INCORRECT = 0x000000A0 CKR_PIN_INVALID = 0x000000A1 CKR_PIN_LEN_RANGE = 0x000000A2 CKR_PIN_EXPIRED = 0x000000A3 CKR_PIN_LOCKED = 0x000000A4 CKR_SESSION_CLOSED = 0x000000B0 CKR_SESSION_COUNT = 0x000000B1 CKR_SESSION_HANDLE_INVALID = 0x000000B3 CKR_SESSION_PARALLEL_NOT_SUPPORTED = 0x000000B4 CKR_SESSION_READ_ONLY = 0x000000B5 CKR_SESSION_EXISTS = 0x000000B6 CKR_SESSION_READ_ONLY_EXISTS = 0x000000B7 CKR_SESSION_READ_WRITE_SO_EXISTS = 0x000000B8 CKR_SIGNATURE_INVALID = 0x000000C0 CKR_SIGNATURE_LEN_RANGE = 0x000000C1 CKR_TEMPLATE_INCOMPLETE = 0x000000D0 CKR_TEMPLATE_INCONSISTENT = 0x000000D1 CKR_TOKEN_NOT_PRESENT = 0x000000E0 CKR_TOKEN_NOT_RECOGNIZED = 0x000000E1 CKR_TOKEN_WRITE_PROTECTED = 0x000000E2 CKR_UNWRAPPING_KEY_HANDLE_INVALID = 0x000000F0 CKR_UNWRAPPING_KEY_SIZE_RANGE = 0x000000F1 CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT = 0x000000F2 CKR_USER_ALREADY_LOGGED_IN = 0x00000100 CKR_USER_NOT_LOGGED_IN = 0x00000101 CKR_USER_PIN_NOT_INITIALIZED = 0x00000102 CKR_USER_TYPE_INVALID = 0x00000103 CKR_USER_ANOTHER_ALREADY_LOGGED_IN = 0x00000104 CKR_USER_TOO_MANY_TYPES = 0x00000105 CKR_WRAPPED_KEY_INVALID = 0x00000110 CKR_WRAPPED_KEY_LEN_RANGE = 0x00000112 CKR_WRAPPING_KEY_HANDLE_INVALID = 0x00000113 CKR_WRAPPING_KEY_SIZE_RANGE = 0x00000114 CKR_WRAPPING_KEY_TYPE_INCONSISTENT = 0x00000115 CKR_RANDOM_SEED_NOT_SUPPORTED = 0x00000120 CKR_RANDOM_NO_RNG = 0x00000121 CKR_DOMAIN_PARAMS_INVALID = 0x00000130 CKR_CURVE_NOT_SUPPORTED = 0x00000140 CKR_BUFFER_TOO_SMALL = 0x00000150 CKR_SAVED_STATE_INVALID = 0x00000160 CKR_INFORMATION_SENSITIVE = 0x00000170 CKR_STATE_UNSAVEABLE = 0x00000180 CKR_CRYPTOKI_NOT_INITIALIZED = 0x00000190 CKR_CRYPTOKI_ALREADY_INITIALIZED = 0x00000191 CKR_MUTEX_BAD = 0x000001A0 CKR_MUTEX_NOT_LOCKED = 0x000001A1 CKR_NEW_PIN_MODE = 0x000001B0 CKR_NEXT_OTP = 0x000001B1 CKR_EXCEEDED_MAX_ITERATIONS = 0x000001B5 CKR_FIPS_SELF_TEST_FAILED = 0x000001B6 CKR_LIBRARY_LOAD_FAILED = 0x000001B7 CKR_PIN_TOO_WEAK = 0x000001B8 CKR_PUBLIC_KEY_INVALID = 0x000001B9 CKR_FUNCTION_REJECTED = 0x00000200 CKR_VENDOR_DEFINED = 0x80000000 CKF_LIBRARY_CANT_CREATE_OS_THREADS = 0x00000001 CKF_OS_LOCKING_OK = 0x00000002 CKF_DONT_BLOCK = 1 CKG_MGF1_SHA1 = 0x00000001 CKG_MGF1_SHA256 = 0x00000002 CKG_MGF1_SHA384 = 0x00000003 CKG_MGF1_SHA512 = 0x00000004 CKG_MGF1_SHA224 = 0x00000005 CKZ_DATA_SPECIFIED = 0x00000001 CKD_NULL = 0x00000001 CKD_SHA1_KDF = 0x00000002 CKD_SHA1_KDF_ASN1 = 0x00000003 CKD_SHA1_KDF_CONCATENATE = 0x00000004 CKD_SHA224_KDF = 0x00000005 CKD_SHA256_KDF = 0x00000006 CKD_SHA384_KDF = 0x00000007 CKD_SHA512_KDF = 0x00000008 CKD_CPDIVERSIFY_KDF = 0x00000009 CKD_SHA3_224_KDF = 0x0000000A CKD_SHA3_256_KDF = 0x0000000B CKD_SHA3_384_KDF = 0x0000000C CKD_SHA3_512_KDF = 0x0000000D CKP_PKCS5_PBKD2_HMAC_SHA1 = 0x00000001 CKP_PKCS5_PBKD2_HMAC_GOSTR3411 = 0x00000002 CKP_PKCS5_PBKD2_HMAC_SHA224 = 0x00000003 CKP_PKCS5_PBKD2_HMAC_SHA256 = 0x00000004 CKP_PKCS5_PBKD2_HMAC_SHA384 = 0x00000005 CKP_PKCS5_PBKD2_HMAC_SHA512 = 0x00000006 CKP_PKCS5_PBKD2_HMAC_SHA512_224 = 0x00000007 CKP_PKCS5_PBKD2_HMAC_SHA512_256 = 0x00000008 CKZ_SALT_SPECIFIED = 0x00000001 CK_OTP_VALUE = 0 CK_OTP_PIN = 1 CK_OTP_CHALLENGE = 2 CK_OTP_TIME = 3 CK_OTP_COUNTER = 4 CK_OTP_FLAGS = 5 CK_OTP_OUTPUT_LENGTH = 6 CK_OTP_OUTPUT_FORMAT = 7 CKF_NEXT_OTP = 0x00000001 CKF_EXCLUDE_TIME = 0x00000002 CKF_EXCLUDE_COUNTER = 0x00000004 CKF_EXCLUDE_CHALLENGE = 0x00000008 CKF_EXCLUDE_PIN = 0x00000010 CKF_USER_FRIENDLY_OTP = 0x00000020 )
Functions ¶
func NewPSSParams ¶
NewPSSParams creates a CK_RSA_PKCS_PSS_PARAMS structure and returns it as a byte array for use with the CKM_RSA_PKCS_PSS mechanism.
Types ¶
type Attribute ¶
Attribute holds an attribute type/value combination.
func NewAttribute ¶
NewAttribute allocates a Attribute and returns a pointer to it. Note that this is merely a convenience function, as values returned from the HSM are not converted back to Go values, those are just raw byte slices.
type Ctx ¶
type Ctx struct {
// contains filtered or unexported fields
}
Ctx contains the current pkcs11 context.
func New ¶
New creates a new context and initializes the module/library for use.
func (*Ctx) CloseAllSessions ¶
CloseAllSessions closes all sessions with a token.
func (*Ctx) CloseSession ¶
func (c *Ctx) CloseSession(sh SessionHandle) error
CloseSession closes a session between an application and a token.
func (*Ctx) CopyObject ¶
func (c *Ctx) CopyObject(sh SessionHandle, o ObjectHandle, temp []*Attribute) (ObjectHandle, error)
CopyObject copies an object, creating a new object for the copy.
func (*Ctx) CreateObject ¶
func (c *Ctx) CreateObject(sh SessionHandle, temp []*Attribute) (ObjectHandle, error)
CreateObject creates a new object.
func (*Ctx) Decrypt ¶
func (c *Ctx) Decrypt(sh SessionHandle, cipher []byte) ([]byte, error)
Decrypt decrypts encrypted data in a single part.
func (*Ctx) DecryptDigestUpdate ¶
func (c *Ctx) DecryptDigestUpdate(sh SessionHandle, cipher []byte) ([]byte, error)
DecryptDigestUpdate continues a multiple-part decryption and digesting operation.
func (*Ctx) DecryptFinal ¶
func (c *Ctx) DecryptFinal(sh SessionHandle) ([]byte, error)
DecryptFinal finishes a multiple-part decryption operation.
func (*Ctx) DecryptInit ¶
func (c *Ctx) DecryptInit(sh SessionHandle, m []*Mechanism, o ObjectHandle) error
DecryptInit initializes a decryption operation.
func (*Ctx) DecryptUpdate ¶
func (c *Ctx) DecryptUpdate(sh SessionHandle, cipher []byte) ([]byte, error)
DecryptUpdate continues a multiple-part decryption operation.
func (*Ctx) DecryptVerifyUpdate ¶
func (c *Ctx) DecryptVerifyUpdate(sh SessionHandle, cipher []byte) ([]byte, error)
DecryptVerifyUpdate continues a multiple-part decryption and verify operation.
func (*Ctx) DeriveKey ¶
func (c *Ctx) DeriveKey(sh SessionHandle, m []*Mechanism, basekey ObjectHandle, a []*Attribute) (ObjectHandle, error)
DeriveKey derives a key from a base key, creating a new key object.
func (*Ctx) Destroy ¶
func (c *Ctx) Destroy()
Destroy unloads the module/library and frees any remaining memory.
func (*Ctx) DestroyObject ¶
func (c *Ctx) DestroyObject(sh SessionHandle, oh ObjectHandle) error
DestroyObject destroys an object.
func (*Ctx) Digest ¶
func (c *Ctx) Digest(sh SessionHandle, message []byte) ([]byte, error)
Digest digests message in a single part.
func (*Ctx) DigestEncryptUpdate ¶
func (c *Ctx) DigestEncryptUpdate(sh SessionHandle, part []byte) ([]byte, error)
DigestEncryptUpdate continues a multiple-part digesting and encryption operation.
func (*Ctx) DigestFinal ¶
func (c *Ctx) DigestFinal(sh SessionHandle) ([]byte, error)
DigestFinal finishes a multiple-part message-digesting operation.
func (*Ctx) DigestInit ¶
func (c *Ctx) DigestInit(sh SessionHandle, m []*Mechanism) error
DigestInit initializes a message-digesting operation.
func (*Ctx) DigestKey ¶
func (c *Ctx) DigestKey(sh SessionHandle, key ObjectHandle) error
DigestKey continues a multi-part message-digesting operation, by digesting the value of a secret key as part of the data already digested.
func (*Ctx) DigestUpdate ¶
func (c *Ctx) DigestUpdate(sh SessionHandle, message []byte) error
DigestUpdate continues a multiple-part message-digesting operation.
func (*Ctx) Encrypt ¶
func (c *Ctx) Encrypt(sh SessionHandle, message []byte) ([]byte, error)
Encrypt encrypts single-part data.
func (*Ctx) EncryptFinal ¶
func (c *Ctx) EncryptFinal(sh SessionHandle) ([]byte, error)
EncryptFinal finishes a multiple-part encryption operation.
func (*Ctx) EncryptInit ¶
func (c *Ctx) EncryptInit(sh SessionHandle, m []*Mechanism, o ObjectHandle) error
EncryptInit initializes an encryption operation.
func (*Ctx) EncryptUpdate ¶
func (c *Ctx) EncryptUpdate(sh SessionHandle, plain []byte) ([]byte, error)
EncryptUpdate continues a multiple-part encryption operation.
func (*Ctx) Finalize ¶
Finalize indicates that an application is done with the Cryptoki library.
func (*Ctx) FindObjects ¶
func (c *Ctx) FindObjects(sh SessionHandle, max int) ([]ObjectHandle, bool, error)
FindObjects continues a search for token and session objects that match a template, obtaining additional object handles. Calling the function repeatedly may yield additional results until an empty slice is returned.
The returned boolean value is deprecated and should be ignored.
func (*Ctx) FindObjectsFinal ¶
func (c *Ctx) FindObjectsFinal(sh SessionHandle) error
FindObjectsFinal finishes a search for token and session objects.
func (*Ctx) FindObjectsInit ¶
func (c *Ctx) FindObjectsInit(sh SessionHandle, temp []*Attribute) error
FindObjectsInit initializes a search for token and session objects that match a template.
func (*Ctx) GenerateKey ¶
func (c *Ctx) GenerateKey(sh SessionHandle, m []*Mechanism, temp []*Attribute) (ObjectHandle, error)
GenerateKey generates a secret key, creating a new key object.
func (*Ctx) GenerateKeyPair ¶
func (c *Ctx) GenerateKeyPair(sh SessionHandle, m []*Mechanism, public, private []*Attribute) (ObjectHandle, ObjectHandle, error)
GenerateKeyPair generates a public-key/private-key pair creating new key objects.
func (*Ctx) GenerateRandom ¶
func (c *Ctx) GenerateRandom(sh SessionHandle, length int) ([]byte, error)
GenerateRandom generates random data.
func (*Ctx) GetAttributeValue ¶
func (c *Ctx) GetAttributeValue(sh SessionHandle, o ObjectHandle, a []*Attribute) ([]*Attribute, error)
GetAttributeValue obtains the value of one or more object attributes.
func (*Ctx) GetInfo ¶
GetInfo returns general information about Cryptoki.
func (*Ctx) GetMechanismInfo ¶
func (c *Ctx) GetMechanismInfo(slotID uint, m []*Mechanism) (MechanismInfo, error)
GetMechanismInfo obtains information about a particular mechanism possibly supported by a token.
func (*Ctx) GetMechanismList ¶
GetMechanismList obtains a list of mechanism types supported by a token.
func (*Ctx) GetObjectSize ¶
func (c *Ctx) GetObjectSize(sh SessionHandle, oh ObjectHandle) (uint, error)
GetObjectSize gets the size of an object in bytes.
func (*Ctx) GetOperationState ¶
func (c *Ctx) GetOperationState(sh SessionHandle) ([]byte, error)
GetOperationState obtains the state of the cryptographic operation in a session.
func (*Ctx) GetSessionInfo ¶
func (c *Ctx) GetSessionInfo(sh SessionHandle) (SessionInfo, error)
GetSessionInfo obtains information about the session.
func (*Ctx) GetSlotInfo ¶
GetSlotInfo obtains information about a particular slot in the system.
func (*Ctx) GetSlotList ¶
GetSlotList obtains a list of slots in the system.
func (*Ctx) GetTokenInfo ¶
GetTokenInfo obtains information about a particular token in the system.
func (*Ctx) InitPIN ¶
func (c *Ctx) InitPIN(sh SessionHandle, pin string) error
InitPIN initializes the normal user's PIN.
func (*Ctx) InitToken ¶
InitToken initializes a token. The label must be 32 characters long, it is blank padded if it is not. If it is longer it is capped to 32 characters.
func (*Ctx) Initialize ¶
Initialize initializes the Cryptoki library.
func (*Ctx) Login ¶
func (c *Ctx) Login(sh SessionHandle, userType uint, pin string) error
Login logs a user into a token.
func (*Ctx) Logout ¶
func (c *Ctx) Logout(sh SessionHandle) error
Logout logs a user out from a token.
func (*Ctx) OpenSession ¶
func (c *Ctx) OpenSession(slotID uint, flags uint) (SessionHandle, error)
OpenSession opens a session between an application and a token.
func (*Ctx) SeedRandom ¶
func (c *Ctx) SeedRandom(sh SessionHandle, seed []byte) error
SeedRandom mixes additional seed material into the token's random number generator.
func (*Ctx) SetAttributeValue ¶
func (c *Ctx) SetAttributeValue(sh SessionHandle, o ObjectHandle, a []*Attribute) error
SetAttributeValue modifies the value of one or more object attributes
func (*Ctx) SetOperationState ¶
func (c *Ctx) SetOperationState(sh SessionHandle, state []byte, encryptKey, authKey ObjectHandle) error
SetOperationState restores the state of the cryptographic operation in a session.
func (*Ctx) SetPIN ¶
func (c *Ctx) SetPIN(sh SessionHandle, oldpin string, newpin string) error
SetPIN modifies the PIN of the user who is logged in.
func (*Ctx) Sign ¶
func (c *Ctx) Sign(sh SessionHandle, message []byte) ([]byte, error)
Sign signs (encrypts with private key) data in a single part, where the signature
is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
ExampleSign shows how to sign some data with a private key.
Note: error correction is not implemented in this example.
Code:
Output:Example¶
{
if x := os.Getenv("SOFTHSM_LIB"); x != "" {
lib = x
}
p := New(lib)
if p == nil {
log.Fatal("Failed to init lib")
}
p.Initialize()
defer p.Destroy()
defer p.Finalize()
slots, _ := p.GetSlotList(true)
session, _ := p.OpenSession(slots[0], CKF_SERIAL_SESSION|CKF_RW_SESSION)
defer p.CloseSession(session)
p.Login(session, CKU_USER, "1234")
defer p.Logout(session)
publicKeyTemplate := []*Attribute{
NewAttribute(CKA_CLASS, CKO_PUBLIC_KEY),
NewAttribute(CKA_KEY_TYPE, CKK_RSA),
NewAttribute(CKA_TOKEN, false),
NewAttribute(CKA_ENCRYPT, true),
NewAttribute(CKA_PUBLIC_EXPONENT, []byte{3}),
NewAttribute(CKA_MODULUS_BITS, 1024),
NewAttribute(CKA_LABEL, "ExampleSign"),
}
privateKeyTemplate := []*Attribute{
NewAttribute(CKA_CLASS, CKO_PRIVATE_KEY),
NewAttribute(CKA_KEY_TYPE, CKK_RSA),
NewAttribute(CKA_TOKEN, false),
NewAttribute(CKA_PRIVATE, true),
NewAttribute(CKA_SIGN, true),
NewAttribute(CKA_LABEL, "ExampleSign"),
}
_, priv, err := p.GenerateKeyPair(session,
[]*Mechanism{NewMechanism(CKM_RSA_PKCS_KEY_PAIR_GEN, nil)},
publicKeyTemplate, privateKeyTemplate)
if err != nil {
log.Fatal(err)
}
p.SignInit(session, []*Mechanism{NewMechanism(CKM_SHA1_RSA_PKCS, nil)}, priv)
// Sign something with the private key.
data := []byte("Lets sign this data")
_, err = p.Sign(session, data)
if err != nil {
log.Fatal(err)
}
fmt.Printf("It works!")
// Output: It works!
}
It works!
func (*Ctx) SignEncryptUpdate ¶
func (c *Ctx) SignEncryptUpdate(sh SessionHandle, part []byte) ([]byte, error)
SignEncryptUpdate continues a multiple-part signing and encryption operation.
func (*Ctx) SignFinal ¶
func (c *Ctx) SignFinal(sh SessionHandle) ([]byte, error)
SignFinal finishes a multiple-part signature operation returning the signature.
func (*Ctx) SignInit ¶
func (c *Ctx) SignInit(sh SessionHandle, m []*Mechanism, o ObjectHandle) error
SignInit initializes a signature (private key encryption) operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
func (*Ctx) SignRecover ¶
func (c *Ctx) SignRecover(sh SessionHandle, data []byte) ([]byte, error)
SignRecover signs data in a single operation, where the data can be recovered from the signature.
func (*Ctx) SignRecoverInit ¶
func (c *Ctx) SignRecoverInit(sh SessionHandle, m []*Mechanism, key ObjectHandle) error
SignRecoverInit initializes a signature operation, where the data can be recovered from the signature.
func (*Ctx) SignUpdate ¶
func (c *Ctx) SignUpdate(sh SessionHandle, message []byte) error
SignUpdate continues a multiple-part signature operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
func (*Ctx) UnwrapKey ¶
func (c *Ctx) UnwrapKey(sh SessionHandle, m []*Mechanism, unwrappingkey ObjectHandle, wrappedkey []byte, a []*Attribute) (ObjectHandle, error)
UnwrapKey unwraps (decrypts) a wrapped key, creating a new key object.
func (*Ctx) Verify ¶
func (c *Ctx) Verify(sh SessionHandle, data []byte, signature []byte) error
Verify verifies a signature in a single-part operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
func (*Ctx) VerifyFinal ¶
func (c *Ctx) VerifyFinal(sh SessionHandle, signature []byte) error
VerifyFinal finishes a multiple-part verification operation, checking the signature.
func (*Ctx) VerifyInit ¶
func (c *Ctx) VerifyInit(sh SessionHandle, m []*Mechanism, key ObjectHandle) error
VerifyInit initializes a verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature (e.g. DSA).
func (*Ctx) VerifyRecover ¶
func (c *Ctx) VerifyRecover(sh SessionHandle, signature []byte) ([]byte, error)
VerifyRecover verifies a signature in a single-part operation, where the data is recovered from the signature.
func (*Ctx) VerifyRecoverInit ¶
func (c *Ctx) VerifyRecoverInit(sh SessionHandle, m []*Mechanism, key ObjectHandle) error
VerifyRecoverInit initializes a signature verification operation, where the data is recovered from the signature.
func (*Ctx) VerifyUpdate ¶
func (c *Ctx) VerifyUpdate(sh SessionHandle, part []byte) error
VerifyUpdate continues a multiple-part verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
func (*Ctx) WaitForSlotEvent ¶
WaitForSlotEvent returns a channel which returns a slot event (token insertion, removal, etc.) when it occurs.
func (*Ctx) WrapKey ¶
func (c *Ctx) WrapKey(sh SessionHandle, m []*Mechanism, wrappingkey, key ObjectHandle) ([]byte, error)
WrapKey wraps (i.e., encrypts) a key.
type ECDH1DeriveParams ¶
ECDH1DeriveParams can be passed to NewMechanism to implement CK_ECDH1_DERIVE_PARAMS.
func NewECDH1DeriveParams ¶
func NewECDH1DeriveParams(kdf uint, sharedData []byte, publicKeyData []byte) *ECDH1DeriveParams
NewECDH1DeriveParams creates a CK_ECDH1_DERIVE_PARAMS structure suitable for use with the CKM_ECDH1_DERIVE mechanism.
type Error ¶
type Error uint
Error represents an PKCS#11 error.
func (Error) Error ¶
type GCMParams ¶
type GCMParams struct {
// contains filtered or unexported fields
}
GCMParams represents the parameters for the AES-GCM mechanism.
func NewGCMParams ¶
NewGCMParams returns a pointer to AES-GCM parameters that can be used with the CKM_AES_GCM mechanism. The Free() method must be called after the operation is complete.
Note that some HSMs, like CloudHSM, will ignore the IV you pass in and write their own. As a result, to support all libraries, memory is not freed automatically, so that after the EncryptInit/Encrypt operation the HSM's IV can be read back out. It is up to the caller to ensure that Free() is called on the GCMParams object at an appropriate time, which is after
Encrypt/Decrypt. As an example:
gcmParams := pkcs11.NewGCMParams(make([]byte, 12), nil, 128) p.ctx.EncryptInit(session, []*pkcs11.Mechanism{pkcs11.NewMechanism(pkcs11.CKM_AES_GCM, gcmParams)}, aesObjHandle) ct, _ := p.ctx.Encrypt(session, pt) iv := gcmParams.IV() gcmParams.Free()
func (*GCMParams) Allocate ¶
func (*GCMParams) Free ¶
func (p *GCMParams) Free()
Free deallocates the memory reserved for the HSM to write back the actual IV.
This must be called after the entire operation is complete, i.e. after Encrypt or EncryptFinal. It is safe to call Free multiple times.
func (*GCMParams) IV ¶
IV returns a copy of the actual IV used for the operation.
Some HSMs may ignore the user-specified IV and write their own at the end of the encryption operation; this method allows you to retrieve it.
type Info ¶
type Info struct { CryptokiVersion Version ManufacturerID string Flags uint LibraryDescription string LibraryVersion Version }
Info provides information about the library and hardware used.
type Mechanism ¶
Mechanism holds an mechanism type/value combination.
func NewMechanism ¶
NewMechanism returns a pointer to an initialized Mechanism.
type MechanismInfo ¶
MechanismInfo provides information about a particular mechanism.
type OAEPParams ¶
OAEPParams can be passed to NewMechanism to implement CKM_RSA_PKCS_OAEP.
func NewOAEPParams ¶
func NewOAEPParams(hashAlg, mgf, sourceType uint, sourceData []byte) *OAEPParams
NewOAEPParams creates a CK_RSA_PKCS_OAEP_PARAMS structure suitable for use with the CKM_RSA_PKCS_OAEP mechanism.
type ObjectHandle ¶
type ObjectHandle uint
ObjectHandle is a token-specific identifier for an object.
type SessionHandle ¶
type SessionHandle uint
SessionHandle is a Cryptoki-assigned value that identifies a session.
type SessionInfo ¶
SessionInfo provides information about a session.
type SlotEvent ¶
type SlotEvent struct { SlotID uint }
SlotEvent holds the SlotID which for which an slot event (token insertion, removal, etc.) occurred.
type SlotInfo ¶
type SlotInfo struct { SlotDescription string // 64 bytes. ManufacturerID string // 32 bytes. Flags uint HardwareVersion Version FirmwareVersion Version }
SlotInfo provides information about a slot.
type TokenInfo ¶
type TokenInfo struct { Label string ManufacturerID string Model string SerialNumber string Flags uint MaxSessionCount uint SessionCount uint MaxRwSessionCount uint RwSessionCount uint MaxPinLen uint MinPinLen uint TotalPublicMemory uint FreePublicMemory uint TotalPrivateMemory uint FreePrivateMemory uint HardwareVersion Version FirmwareVersion Version UTCTime string }
TokenInfo provides information about a token.
type Version ¶
Version represents any version information from the library.
Source Files ¶
error.go params.go pkcs11.go types.go vendor.go zconst.go
Directories ¶
Path | Synopsis |
---|---|
p11 | Package p11 wraps `miekg/pkcs11` to make it easier to use and more idiomatic to Go, as compared with the more straightforward C wrapper that `miekg/pkcs11` presents. |
- Version
- v1.1.1 (latest)
- Published
- Jan 5, 2022
- Platform
- linux/amd64
- Imports
- 5 packages
- Last checked
- 2 days ago –
Tools for package owners.