Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add PKCS#11 Wrapper #8

Closed
wants to merge 3 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions wrappers/pkcs11/go.mod
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
module github.com/openbao/go-kms-wrapping/wrappers/pkcs11/v2

go 1.22.1

replace github.com/openbao/go-kms-wrapping/v2 => ../../

require (
github.com/miekg/pkcs11 v1.1.2-0.20231115102856-9078ad6b9d4b
github.com/openbao/go-kms-wrapping/v2 v2.0.0-00010101000000-000000000000
)

require (
github.com/hashicorp/go-uuid v1.0.3 // indirect
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
google.golang.org/protobuf v1.31.0 // indirect
)

retract [v2.0.0, v2.0.2]
21 changes: 21 additions & 0 deletions wrappers/pkcs11/go.sum
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
github.com/miekg/pkcs11 v1.1.2-0.20231115102856-9078ad6b9d4b h1:J/AzCvg5z0Hn1rqZUJjpbzALUmkKX0Zwbc/i4fw7Sfk=
github.com/miekg/pkcs11 v1.1.2-0.20231115102856-9078ad6b9d4b/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
140 changes: 140 additions & 0 deletions wrappers/pkcs11/options.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,140 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0

package pkcs11

import (
"strconv"

wrapping "github.com/openbao/go-kms-wrapping/v2"
)

// getOpts iterates the inbound Options and returns a struct
func getOpts(opt ...wrapping.Option) (*options, error) {
// First, separate out options into local and global
opts := getDefaultOptions()
var wrappingOptions []wrapping.Option
var localOptions []OptionFunc
for _, o := range opt {
if o == nil {
continue
}
iface := o()
switch to := iface.(type) {
case wrapping.OptionFunc:
wrappingOptions = append(wrappingOptions, o)
case OptionFunc:
localOptions = append(localOptions, to)
}
}

// Parse the global options
var err error
opts.Options, err = wrapping.GetOpts(wrappingOptions...)
if err != nil {
return nil, err
}

// Don't ever return blank options
if opts.Options == nil {
opts.Options = new(wrapping.Options)
}

// Local options can be provided either via the WithConfigMap field
// (for over the plugin barrier or embedding) or via local option functions
// (for embedding). First pull from the option.
if opts.WithConfigMap != nil {
for k, v := range opts.WithConfigMap {
switch k {
case "kms_key_id": // deprecated backend-specific value, set global
opts.WithKeyId = v
case "slot":
var err error
var slot uint64
slot, err = strconv.ParseUint(v, 10, 64)
if err != nil {
return nil, err
}
opts.withSlot = uint(slot)
case "pin":
opts.withPin = v
case "module":
opts.withModule = v
case "label":
opts.withLabel = v
case "mechanism":
opts.withMechanism = v
}
}
}

// Now run the local options functions. This may overwrite options set by
// the options above.
for _, o := range localOptions {
if o != nil {
if err := o(&opts); err != nil {
return nil, err
}
}
}

return &opts, nil
}

// OptionFunc holds a function with local options
type OptionFunc func(*options) error

// options = how options are represented
type options struct {
*wrapping.Options

withSlot uint
withPin string
withModule string
withLabel string
withMechanism string
}

func getDefaultOptions() options {
return options{}
}

// WithSlot sets the slot
func WithSlot(slot uint) OptionFunc {
return func(o *options) error {
o.withSlot = slot
return nil
}
}

// WithPin sets the pin
func WithPin(pin string) OptionFunc {
return func(o *options) error {
o.withPin = pin
return nil
}
}

// WithModule sets the module
func WithModule(module string) OptionFunc {
return func(o *options) error {
o.withModule = module
return nil
}
}

// WithLabel sets the label
func WithLabel(label string) OptionFunc {
return func(o *options) error {
o.withLabel = label
return nil
}
}

// WithMechanism sets the mechanism
func WithMechanism(mechanism string) OptionFunc {
return func(o *options) error {
o.withMechanism = mechanism
return nil
}
}
Loading