"github.com/ThalesIgnite/crypto11"
"go.fuhry.dev/runtime/constants"
+ "go.fuhry.dev/runtime/utils/log"
)
const (
deviceTrustObjectLabel = "Device Identity"
)
+var pkcs11Logger = log.WithPrefix("mtls.provider_tpm2_pkcs11")
+
var pkcs11ModulePaths = []string{
"/usr/lib/pkcs11/libtpm2_pkcs11.so",
"/usr/lib/x86_64-linux-gnu/pkcs11/libtpm2_pkcs11.so",
func NewP11() (*p11, error) {
for _, p := range pkcs11ModulePaths {
+ pkcs11Logger.V(1).Debugf("trying to load pkcs11 module from path: %s", p)
if _, err := os.Stat(p); err == nil {
+ pkcs11Logger.V(1).Infof("found pkcs11 module at path: %s", p)
crypto11Config.Path = p
+ break
}
}
if crypto11Config.Path == "" {
return nil, fmt.Errorf("unable to stat tpm2 pkcs11 module at any known path: %v", pkcs11ModulePaths)
}
+ pkcs11Logger.V(1).Infof("configuring crypt11 with TokenLabel=%s", constants.DeviceTrustTokenName)
ctx, err := crypto11.Configure(crypto11Config)
if err != nil {
return nil, err
}
func (p *p11) GetCertificate() (*tls.Certificate, error) {
+ pkcs11Logger.V(1).Infof("trying to find device trust certificate with object label %s", deviceTrustObjectLabel)
cert, err := p.cHandle.FindCertificate(nil, []byte(deviceTrustObjectLabel), nil)
if err != nil {
+ pkcs11Logger.V(1).Errorf("find devicetrust certificate filed: %v", err)
return nil, err
}
privateKey, err := p.GetPrivateKey()
if err != nil {
+ pkcs11Logger.V(1).Errorf("find devicetrust private key filed: %v", err)
return nil, err
}
projects / runtime.git / commitdiff