github.com/letsencrypt/trillian@v1.1.2-0.20180615153820-ae375a99d36a/crypto/keys/pkcs11/pkcs11.go

github.com/letsencrypt/trillian@v1.1.2-0.20180615153820-ae375a99d36a/crypto/keys/pkcs11/pkcs11.go (about)

     1  // +build pkcs11
     2  
     3  // Copyright 2017 Google Inc. All Rights Reserved.
     4  //
     5  // Licensed under the Apache License, Version 2.0 (the "License");
     6  // you may not use this file except in compliance with the License.
     7  // You may obtain a copy of the License at
     8  //
     9  //     http://www.apache.org/licenses/LICENSE-2.0
    10  //
    11  // Unless required by applicable law or agreed to in writing, software
    12  // distributed under the License is distributed on an "AS IS" BASIS,
    13  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14  // See the License for the specific language governing permissions and
    15  // limitations under the License.
    16  
    17  package pkcs11
    18  
    19  import (
    20  	"crypto"
    21  	"errors"
    22  	"fmt"
    23  
    24  	"github.com/google/trillian/crypto/keys/pem"
    25  	"github.com/google/trillian/crypto/keyspb"
    26  	"github.com/letsencrypt/pkcs11key"
    27  )
    28  
    29  // FromConfig returns a crypto.Signer that uses a PKCS#11 interface.
    30  func FromConfig(modulePath string, config *keyspb.PKCS11Config) (crypto.Signer, error) {
    31  	if modulePath == "" {
    32  		return nil, errors.New("pkcs11: No module path")
    33  	}
    34  
    35  	pubKeyPEM := config.GetPublicKey()
    36  	pubKey, err := pem.UnmarshalPublicKey(pubKeyPEM)
    37  	if err != nil {
    38  		return nil, fmt.Errorf("pkcs11: error loading public key from %q: %v", pubKeyPEM, err)
    39  	}
    40  
    41  	return pkcs11key.New(modulePath, config.GetTokenLabel(), config.GetPin(), pubKey)
    42  }