k3s/vendor/github.com/stefanberger/go-pkcs11uri/README.md

2.0 KiB

go-pkcs11uri

Welcome to the go-pkcs11uri library. The implementation follows RFC 7512 and this errata.

Exampe usage:

The following example builds on this library here and are using softhsm2 on Fedora.

Example

This example program extending the one found here:

package main

import (
	"fmt"
	"os"
	"strconv"

	"github.com/miekg/pkcs11"
	pkcs11uri "github.com/stefanberger/go-pkcs11uri"
)

func main() {
	if len(os.Args) < 2 {
		panic("Missing pkcs11 URI argument")
	}
	uristr := os.Args[1]

	uri, err := pkcs11uri.New()
	if err != nil {
		panic(err)
	}
	err = uri.Parse(uristr)
	if err != nil {
		panic(err)
	}

	module, err := uri.GetModule()
	if err != nil {
		panic(err)
	}

	slot, ok := uri.GetPathAttribute("slot-id", false)
	if !ok {
		panic("No slot-id in pkcs11 URI")
	}
	slotid, err := strconv.Atoi(slot)
	if err != nil {
		panic(err)
	}

	pin, err := uri.GetPIN()
	if err != nil {
		panic(err)
	}

	p := pkcs11.New(module)
	err = p.Initialize()
	if err != nil {
		panic(err)
	}

	defer p.Destroy()
	defer p.Finalize()

	session, err := p.OpenSession(uint(slotid), pkcs11.CKF_SERIAL_SESSION|pkcs11.CKF_RW_SESSION)
	if err != nil {
		panic(err)
	}
	defer p.CloseSession(session)

	err = p.Login(session, pkcs11.CKU_USER, pin)
	if err != nil {
		panic(err)
	}
	defer p.Logout(session)

	p.DigestInit(session, []*pkcs11.Mechanism{pkcs11.NewMechanism(pkcs11.CKM_SHA_1, nil)})
	hash, err := p.Digest(session, []byte("this is a string"))
	if err != nil {
		panic(err)
	}

	for _, d := range hash {
		fmt.Printf("%x", d)
	}
	fmt.Println()
}

Exampe Usage

$ sudo softhsm2-util --init-token --slot 1 --label test --pin 1234 --so-pin 1234
The token has been initialized and is reassigned to slot 2053753261
$ go build ./...
$ sudo ./pkcs11-example 'pkcs11:slot-id=2053753261?module-path=/usr/lib64/pkcs11/libsofthsm2.so&pin-value=1234'
517592df8fec3ad146a79a9af153db2a4d784ec5