Correct conflicts and unit test failures in v3 branch #179
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Amend const_generate.go to not skip CK_* constants and have them in zconst.go as well. Special case (~0) for CK_UNAVAILABLE_INFORMATION. Fixes miekg#149 Signed-off-by: Miek Gieben <[email protected]>
* More complete parsing of pkcs11t.h Add newlines when the prefix (CKR_ -> CKM_) changes and add all comments founds, this includes Deprecated comments and the longer comments that detail what (some of) the constants mean. This change means this now also shows up in go doc. Signed-off-by: Miek Gieben <[email protected]> * rerun Signed-off-by: Miek Gieben <[email protected]> * newline before comments Signed-off-by: Miek Gieben <[email protected]> * more Signed-off-by: Miek Gieben <[email protected]>
Add a test that count the consts and grep pkcs11t.h to see if we have a matching count of defines and constants. Signed-off-by: Miek Gieben <[email protected]>
Defer is more expensive than a direct call, and right before a `return` statement is has no effect on the logic.
Useful, for example, for an elliptic curve Diffie-Hellman shared secret derivation.
It is not necessary to copy the memory in order to get a []byte representation of Go allocated memory, because the GC will take care of the lifetime of the underlying memory. This change introduces the memBytes() function, that returns a slice to an arbitrary memory area, and replaces all uses of C.GoBytes with Go allocated memory. This function could even be used for C allocated memory, but then the caller has to make sure that the underlying C memory is not freed during the lifetime of the returned slice. Signed-off-by: Sven Anderson <[email protected]>
Fixes miekg#158 Co-authored-by: Jeremy Rand <[email protected]>
Co-authored-by: Jeremy Rand <[email protected]>
* Return error from Destroy * Remove destroyed modules * Revert back to not change the API of Destroy
pkcs11-spec-v3.1-cs01
6.1.23 RSA AES KEY WRAP
The RSA AES key wrap mechanism based on the RSA public-key
cryptosystem and the AES key wrap mechanism. It supports
single-part key wrapping and key unwrapping.
How to use:
params := &pkcs11.RSAAESKeyWrapParams{
AESKeyBits: 256,
OAEPParams: pkcs11.OAEPParams{
HashAlg: pkcs11.CKM_SHA256,
MGF: pkcs11.CKG_MGF1_SHA256,
SourceType: pkcs11.CKZ_DATA_SPECIFIED,
},
}
mechanism := []*pkcs11.Mechanism {
pkcs11.NewMechanism(pkcs11.CKM_RSA_AES_KEY_WRAP, params)
}
unwrappedKey, err := ctx.UnwrapKey(session, mechanism, wrappingKeyObj,
wrappedKey, unwrappedKeyAttributes)
Signed-off-by: Valerii Chubar <[email protected]>
Co-authored-by: Valerii Chubar <[email protected]>
Signed-off-by: Miek Gieben <[email protected]>
…g#176) * const_generate: hardcode CK_TRUE/CK_FALSE values The PKCS11 constants are most useful when creating attributes with `NewAttribute()` in all kinds of different PKCS11 calls. The function is using generic type handling to decide attribute length. The CK_TRUE/CK_FALSE constants should evaluate to direct Golang bool values in order for these to be handled properly by the `NewAttribute()` calls, which interprets bool values as []byte{0}, []byte{1} for false, true respectively. If these stay integers, `NewAttribtue()` considers them 8-byte long byte slices. Some PKCS11 module implementations actually validate constant-length arguments size. https://github.com/opendnssec/SoftHSMv2/ is an example of a commonly used PKCS11-testing module that does that. Without this change, the module fails to perform certain actions as it errors out on unexpected attribute size. * regenerate zconst
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is #148 to help merge this back:
masterzconst.goandpkcs11t.h, corrected by regeneratingzconst.gosofthsm2and add note for Mac