Merge pull request #145 from nokia/ian2

Ian2

ga10/go.mod

@@ -12,6 +12,7 @@ require (
 	gopkg.in/yaml.v3 v3.0.1
 )
 
+require github.com/miekg/pkcs11 v1.1.1
 require gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 
 require (

ga10/go.sum

@@ -29,6 +29,8 @@ github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovk
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/miekg/pkcs11 v1.1.1 h1:Ugu9pdy6vAYku5DEpVWVFPYnzV+bxB+iRdbuFSu7TvU=
+github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
 github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc=
 github.com/montanaflynn/stats v0.7.1 h1:etflOAAHORrCC44V+aR6Ftzort912ZU+YLiSTuV8eaE=
 github.com/montanaflynn/stats v0.7.1/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow=

ga10/tests/p11test/p.go

@@ -0,0 +1,85 @@
+package main
+
+import(
+	"fmt"
+	"reflect"
+
+	"github.com/miekg/pkcs11/p11"	
+	"github.com/miekg/pkcs11"	
+
+)
+
+
+func main() {
+	fmt.Println("Starting")
+
+	module,_ := p11.OpenModule("/usr/lib/x86_64-linux-gnu/pkcs11/yubihsm_pkcs11.so")
+	//module,_ := p11.OpenModule("/usr/local/lib/softhsm/libsofthsm2.so")
+
+
+
+	slots,_ := module.Slots()
+	fmt.Printf("Slots %v\n",slots)
+
+	session,_ := slots[0].OpenSession()
+	fmt.Printf("Session %v\n",session)
+
+	//err := session.Login("1234")
+	err := session.Login("0001password")
+
+	fmt.Printf("Login error %v\n",err)
+
+	objects,err := session.FindObjects(nil)
+	fmt.Printf("Number of objects %v\n",len(objects))
+
+	fmt.Printf("All objects\n")
+	for i,v := range objects {
+		l,_ := v.Label()
+		cka,_ := v.Value()
+		attrpublic,_ := v.Attribute(pkcs11.CKO_PUBLIC_KEY)
+		attrprivate,_ := v.Attribute(pkcs11.CKO_PRIVATE_KEY)
+
+		fmt.Printf("#%v label is %v,  CKA %v PUB %v, PRIV %v\n",i,l,cka,attrpublic,string(attrprivate))
+	}
+
+
+	template := []*pkcs11.Attribute{ 
+		pkcs11.NewAttribute(pkcs11.CKA_LABEL, "asymkey"),
+		//pkcs11.NewAttribute(pkcs11.CKA_LABEL, "fred"),
+	 }
+	fmt.Printf("\nGetting attributes for template %v\n",template)
+
+	filteredobjects,err := session.FindObjects(template)
+	fmt.Printf("Private key is %v\n",filteredobjects)
+	for i,v := range filteredobjects {
+		l,_ := v.Label()
+		cka,_ := v.Value()
+		attrpublic,_ := v.Attribute(pkcs11.CKO_PUBLIC_KEY)
+		attrprivate,_ := v.Attribute(pkcs11.CKO_PRIVATE_KEY)
+
+		fmt.Printf("#%v label is %v,  CKA %v PUB %v, PRIV %v\n",i,l,cka,attrpublic,string(attrprivate))
+	}
+
+	privateKey := p11.PrivateKey(filteredobjects[0])
+    publicKey :=  p11.PublicKey(filteredobjects[1])
+	fmt.Printf("  private key %v , %v \n",privateKey, publicKey)
+	fmt.Printf("  types %v , %v \n", reflect.TypeOf(privateKey),reflect.TypeOf(publicKey))
+
+    plaintext := []byte("Croeso!")
+    mechanism :=pkcs11.NewMechanism(pkcs11.CKM_RSA_PKCS,nil) 
+
+    enc,err := publicKey.Encrypt( *mechanism,plaintext)
+    fmt.Printf(" plaintext %v, %v -> %v \n",err,plaintext, enc)
+
+    dec,err := privateKey.Decrypt(  *mechanism, enc)
+    fmt.Printf("     %v -> %v \n",err,dec)
+
+
+
+	fmt.Println("Logging out")
+	session.Logout()
+	fmt.Println("Closing")	
+	session.Close()
+	fmt.Println("Done")
+
+}

ga10/tests/p11test/yubihsm_pkcs11.conf

@@ -0,0 +1 @@
+connector=http://localhost:12345

ga10/tests/pkcs11test/p.go

@@ -10,6 +10,10 @@ func main() {
 	fmt.Println("Starting")
 
 	p := pkcs11.New("/usr/lib/x86_64-linux-gnu/pkcs11/yubihsm_pkcs11.so")
+
+	//p := pkcs11.New("/usr/lib/x86_64-linux-gnu/pkcs11/gnome-keyring-pkcs11.so")
+
+
 	fmt.Printf("PKCS11 module is %v\n",p)
 
 	err := p.Initialize()
@@ -19,7 +23,72 @@ func main() {
 	defer p.Finalize()
 
 	slots, err := p.GetSlotList(true)
-	fmt.Printf("Slots %v , %v\n",err,slots)
+	fmt.Printf("err = %v , slots = %v\n",err,slots)
+
+	fmt.Println("SLOTS =========================================")
+	for i,v := range slots {
+		slotinfo, err := p.GetSlotInfo(v)
+		fmt.Printf("#%v err = %v, desc=%v,man=%v,flags=%v,hw=%v,fw=%v\n", i, err, slotinfo.SlotDescription, slotinfo.ManufacturerID,slotinfo.Flags,slotinfo.HardwareVersion,slotinfo.FirmwareVersion)
+	}
+
+	fmt.Println("TOKENS =========================================")
+	for _,v := range slots {
+		tokeninfo, err := p.GetTokenInfo(v)
+		fmt.Printf("err = %v, info =%v\n", err, tokeninfo)
+	}
+
+	fmt.Println("MECHANISMS =========================================")
+	mchs, err := p.GetMechanismList(slots[0])
+	fmt.Printf("err = %v, mchs =%v\n", err, mchs)
+
+
+
+
+	fmt.Println("\nOpening Session")
+	session, err := p.OpenSession(slots[0], pkcs11.CKF_SERIAL_SESSION)
+	fmt.Printf("Session err %v session %v\n",err,session)
+
+	fmt.Println("\nLogging In")
+	err = p.Login(session, pkcs11.CKU_USER, "0001password")
+	fmt.Printf("Login err %v \n",err)
+
+	fmt.Println("\nFinding Objects")
+
+	template := []*pkcs11.Attribute{ 
+		pkcs11.NewAttribute(pkcs11.CKA_LABEL, "rsa2048_ian"),
+		pkcs11.NewAttribute(pkcs11.CKO_PRIVATE_KEY, nil),
+	 }
+
+	if e := p.FindObjectsInit(session, template); e != nil {
+		fmt.Printf("Failed FindObjectsInit")
+	}
+
+	objs, b, err := p.FindObjects(session,10)
+	for i,oh := range objs {
+		fmt.Printf("#%v , err=%v, bools=%v, objecthandle = %v %v\n",i,err,b,oh)
+
+		ats := []*pkcs11.Attribute{
+			pkcs11.NewAttribute( pkcs11.CKA_LABEL, nil),
+		}
+
+		attr,err := p.GetAttributeValue(session, pkcs11.ObjectHandle(oh), ats)
+		fmt.Printf("  +.... %v attr= %v \n",err,attr)
+
+		//obj := pkcs11.ObjectHandle(oh)
+		//fmt.Printf("  +---- %v",obj.Label())
+	}
+
+	if e:=p.FindObjectsFinal(session); e != nil {
+		fmt.Printf("Failed FindObjectsFinal")
+
+	}
+
+
+
+
+	fmt.Println("\nClosing THings")
+	p.Logout(session)
+	p.CloseSession(session)
 
 
 }

ga10/tests/pkcs11test/yubihsm_pkcs11.conf

@@ -0,0 +1 @@
+connector=http://localhost:12345