1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
package nssdb
import "encoding/binary"
// CKA_CLASS values
// https://github.com/nss-dev/nss/blob/NSS_3_107_RTM/lib/util/pkcs11t.h#L320-L334
const (
CKO_DATA = iota //nolint:stylecheck,revive // name matches source
CKO_CERTIFICATE //nolint:stylecheck,revive // name matches source
CKO_PUBLIC_KEY //nolint:stylecheck,revive // name matches source
CKO_PRIVATE_KEY //nolint:stylecheck,revive // name matches source
CKO_SECRET_KEY //nolint:stylecheck,revive // name matches source
CKO_HW_FEATURE //nolint:stylecheck,revive // name matches source
CKO_DOMAIN_PARAMETERS //nolint:stylecheck,revive // name matches source
CKO_MECHANISM //nolint:stylecheck,revive // name matches source
CKO_PROFILE //nolint:stylecheck,revive // name matches source
)
// CKA_KEY_TYPE values
// https://github.com/nss-dev/nss/blob/NSS_3_107_RTM/lib/util/pkcs11t.h#L366
const (
CKK_RSA = iota //nolint:stylecheck,revive // name matches source
CKK_DSA //nolint:stylecheck,revive // name matches source
CKK_DH //nolint:stylecheck,revive // name matches source
CKK_EC //nolint:stylecheck,revive // name matches source
)
// CKA_CERTIFICATE_TYPE values
// https://github.com/nss-dev/nss/blob/NSS_3_107_RTM/lib/util/pkcs11t.h#L453-L458
const (
CKC_X_509 = iota //nolint:stylecheck,revive // name matches source
CKC_X_509_ATTR_CERT //nolint:stylecheck,revive // name matches source
CKC_WTLS //nolint:stylecheck,revive // name matches source
)
// https://github.com/nss-dev/nss/blob/NSS_3_107_RTM/lib/softoken/sftkdb.c#L47
var ulongAttributes = map[string]bool{
"CKA_CERTIFICATE_CATEGORY": true,
"CKA_CERTIFICATE_TYPE": true,
"CKA_CLASS": true,
"CKA_JAVA_MIDP_SECURITY_DOMAIN": true,
"CKA_KEY_GEN_MECHANISM": true,
"CKA_KEY_TYPE": true,
"CKA_MECHANISM_TYPE": true,
"CKA_MODULUS_BITS": true,
"CKA_PRIME_BITS": true,
"CKA_SUBPRIME_BITS": true,
"CKA_VALUE_BITS": true,
"CKA_VALUE_LEN": true,
"CKA_TRUST_DIGITAL_SIGNATURE": true,
"CKA_TRUST_NON_REPUDIATION": true,
"CKA_TRUST_KEY_ENCIPHERMENT": true,
"CKA_TRUST_DATA_ENCIPHERMENT": true,
"CKA_TRUST_KEY_AGREEMENT": true,
"CKA_TRUST_KEY_CERT_SIGN": true,
"CKA_TRUST_CRL_SIGN": true,
"CKA_TRUST_SERVER_AUTH": true,
"CKA_TRUST_CLIENT_AUTH": true,
"CKA_TRUST_CODE_SIGNING": true,
"CKA_TRUST_EMAIL_PROTECTION": true,
"CKA_TRUST_IPSEC_END_SYSTEM": true,
"CKA_TRUST_IPSEC_TUNNEL": true,
"CKA_TRUST_IPSEC_USER": true,
"CKA_TRUST_TIME_STAMPING": true,
"CKA_TRUST_STEP_UP_APPROVED": true,
}
// https://github.com/nss-dev/nss/blob/NSS_3_107_RTM/lib/softoken/sftkdb.c#L89
var privateAttributes = map[string]bool{
"CKA_VALUE": true,
"CKA_PRIVATE_EXPONENT": true,
"CKA_PRIME_1": true,
"CKA_PRIME_2": true,
"CKA_EXPONENT_1": true,
"CKA_EXPONENT_2": true,
"CKA_COEFFICIENT": true,
}
// https://github.com/nss-dev/nss/blob/NSS_3_107_RTM/lib/softoken/sftkdb.c#L108
//
//nolint:unused // unused
var authenticatedAttributes = map[string]bool{
"CKA_MODULUS": true,
"CKA_PUBLIC_EXPONENT": true,
"CKA_CERT_SHA1_HASH": true,
"CKA_CERT_MD5_HASH": true,
"CKA_TRUST_SERVER_AUTH": true,
"CKA_TRUST_CLIENT_AUTH": true,
"CKA_TRUST_EMAIL_PROTECTION": true,
"CKA_TRUST_CODE_SIGNING": true,
"CKA_TRUST_STEP_UP_APPROVED": true,
"CKA_NSS_OVERRIDE_EXTENSIONS": true,
}
// https://github.com/nss-dev/nss/blob/NSS_3_107_RTM/lib/softoken/sftkdb.c#L132
func encodeDBUlong(ul uint32) []byte {
buf := make([]byte, 4)
binary.BigEndian.PutUint32(buf, ul)
return buf
}
// https://github.com/nss-dev/nss/blob/NSS_3_107_RTM/lib/softoken/sftkdb.c#L146
func decodeDBUlong(buf []byte) uint32 {
return binary.BigEndian.Uint32(buf)
}
|
