Skip to content

Instantly share code, notes, and snippets.

@jvehent

jvehent/pkcs11_sign.go

Created May 31, 2018 15:52
Show Gist options
  • Save jvehent/58efee0eece03893f90c8dd11504e77a to your computer and use it in GitHub Desktop.
Save jvehent/58efee0eece03893f90c8dd11504e77a to your computer and use it in GitHub Desktop.
Download ZIP
PKCS11 CloudHSM RSA Signing
Raw
pkcs11_sign.go
package main
import (
"encoding/base64"
"fmt"
"github.com/miekg/pkcs11"
)
func main() {
p := pkcs11.New("/opt/cloudhsm/lib/libcloudhsm_pkcs11.so")
err := p.Initialize()
if err != nil {
panic(err)
}
defer p.Destroy()
defer p.Finalize()
p.Initialize()
slots, err := p.GetSlotList(true)
if err != nil {
panic(err)
}
fmt.Printf("slots: %+v\n", slots)
session, err := p.OpenSession(slots[0], pkcs11.CKF_SERIAL_SESSION|pkcs11.CKF_RW_SESSION)
if err != nil {
panic(err)
}
defer p.CloseSession(session)
slotinfo, err := p.GetSlotInfo(slots[0])
if err != nil {
panic(err)
}
fmt.Printf("slot info: %+v\n", slotinfo)
tokeninfo, err := p.GetTokenInfo(slots[0])
if err != nil {
panic(err)
}
fmt.Printf("token info: %+v\n", tokeninfo)
err = p.Login(session, pkcs11.CKU_USER, "ulfr:e2deea623796eecd")
if err != nil {
panic(err)
}
defer p.Logout(session)
info, err := p.GetInfo()
if err != nil {
panic(err)
}
fmt.Printf("info: %+v\n", info)
mechs, err := p.GetMechanismList(slots[0])
if err != nil {
panic(err)
}
mechsinfo, err := p.GetMechanismInfo(slots[0], mechs)
if err != nil {
panic(err)
}
fmt.Printf("mechanisms: %+v\n", mechsinfo)
p.DigestInit(session, []*pkcs11.Mechanism{pkcs11.NewMechanism(pkcs11.CKM_SHA_1, nil)})
hash, err := p.Digest(session, []byte("this is a string"))
if err != nil {
panic(err)
}
fmt.Printf("sha1: %x\n", hash)
var (
privHandle pkcs11.ObjectHandle
)
privateKeyTemplate := []*pkcs11.Attribute{
pkcs11.NewAttribute(pkcs11.CKA_CLASS, pkcs11.CKO_PRIVATE_KEY),
pkcs11.NewAttribute(pkcs11.CKA_KEY_TYPE, pkcs11.CKK_RSA),
pkcs11.NewAttribute(pkcs11.CKA_PRIVATE, true),
pkcs11.NewAttribute(pkcs11.CKA_LABEL, "rsa2048"),
}
err = p.FindObjectsInit(session, privateKeyTemplate)
if err != nil {
panic(err)
}
handles, more, err := p.FindObjects(session, 1)
if err != nil {
panic(err)
}
if more {
panic("more than 1 key found")
}
if len(handles) == 0 {
panic("key not found")
}
p.FindObjectsFinal(session)
privHandle = handles[0]
fmt.Printf("privHandle: %+v\n", privHandle)
//objectsize, err := p.GetObjectSize(session, privHandle)
//if err != nil {
// panic(err)
//}
//fmt.Printf("object size: %d\n", objectsize)
err = p.SignInit(session, []*pkcs11.Mechanism{pkcs11.NewMechanism(pkcs11.CKM_RSA_PKCS, nil)}, privHandle)
if err != nil {
panic(err)
}
data := []byte("Lets sign this data")
sig, err := p.Sign(session, data)
if err != nil {
panic(err)
}
fmt.Printf("signature: %s\n", base64.StdEncoding.EncodeToString(sig))
}
@jvehent
Copy link
Author

jvehent commented May 31, 2018 

$ go run sign.go 
        SDK Version: 2.03
slots: [1]
slot info: {SlotDescription:Cavium Slot ManufacturerID:Cavium Networks Flags:5 HardwareVersion:{Major:3 Minor:0} FirmwareVersion:{Major:2 Minor:3}}
token info: {Label:cavium ManufacturerID:Cavium Networks Model:NITROX-III CNN35 SerialNumber:3.0G1735-ICM0014 Flags:1028 MaxSessionCount:524288 SessionCount:0 MaxRwSessionCount:0 RwSessionCount:0 MaxPinLen:536870912 MinPinLen:117440512 TotalPublicMemory:3566012416 FreePublicMemory:3765830656 TotalPrivateMemory:0 FreePrivateMemory:0 HardwareVersion:{Major:3 Minor:0} FirmwareVersion:{Major:2 Minor:3} UTCTime:}
info: {CryptokiVersion:{Major:2 Minor:40} ManufacturerID:Cavium Networks Flags:1073741824 LibraryDescription:Cavium PKCS#11 Interface LibraryVersion:{Major:1 Minor:0}}
mechanisms: {MinKeySize:1 MaxKeySize:256 Flags:32769}
sha1: 517592df8fec3ad146a79a9af153db2a4d784ec5
privHandle: 7
signature: bBOk7GjEeoX60iMlX5uxQo9qt8nTtR3vlXyHH0Yq50rqUCxz9cqG9Ml4NjdFeUlyGJjMWZYqketjk4zIBW/fLOMl6G4M3wc9ZiBYz+SbWHyRI+x1MPf319HL0GeGOYW8AdxUUmL0W0UuWXzAZcY/YHhFXOnM4zD19uYQAERK+YqSEjszctHJlgpEtSNbHAzzuCX/wWeMbI4DDNZr9fZ3jdceHf1wOQ9EFHDv6kGQTmup1YEIOv7cppCwNri89EOK2z3Zkrbey2vyyyaCPu2xFM3waXtIXUdKr1Gh8wMBqVDgj+dqJSu1dsrPPxGht+YNMbNAUlk1xQWiVpMBiRG23w==

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment