Added Thales proprietary CKU_CRYPTO_USER

ThalesGroup · Sep 9, 2021 · 026f796 · 026f796
1 parent d334790
commit 026f796
Showing 1 changed file with 16 additions and 1 deletion.
diff --git a/crypto11.go b/crypto11.go
@@ -109,6 +109,10 @@ const (
 
 	// DefaultGCMIVLength controls the expected length of IVs generated by the token
 	DefaultGCMIVLength = 16
+
+	// Thales vendor constant for CKU_CRYPTO_USER
+	CryptoUser      = 0x80000001
+	DefaultUserType = 1 // 1 -> CKU_USER
 )
 
 // errTokenNotFound represents the failure to find the requested PKCS#11 token
@@ -241,6 +245,9 @@ type Config struct {
 	// Otherwise, the value specified must be at least 2.
 	MaxSessions int
 
+	// User type identifies the user type logging in. If zero, DefaultUserType is used.
+	UserType int
+
 	// Maximum time to wait for a session from the sessions pool. Zero means wait indefinitely.
 	PoolWaitTimeout time.Duration
 
@@ -300,6 +307,10 @@ func Configure(config *Config) (*Context, error) {
 		return nil, errors.New("MaxSessions must be larger than 1")
 	}
 
+	if config.UserType == 0 {
+		config.UserType = DefaultUserType
+	}
+
 	if config.GCMIVLength == 0 {
 		config.GCMIVLength = DefaultGCMIVLength
 	}
@@ -361,7 +372,11 @@ func Configure(config *Config) (*Context, error) {
 	if !config.LoginNotSupported {
 		// Try to log in our persistent session. This may fail with CKR_USER_ALREADY_LOGGED_IN if another instance
 		// already exists.
-		err = instance.ctx.Login(instance.persistentSession, pkcs11.CKU_USER, instance.cfg.Pin)
+		if instance.cfg.UserType == 1 {
+			err = instance.ctx.Login(instance.persistentSession, pkcs11.CKU_USER, instance.cfg.Pin)
+		} else {
+			err = instance.ctx.Login(instance.persistentSession, CryptoUser, instance.cfg.Pin)
+		}
 		if err != nil {
 
 			pErr, isP11Error := err.(pkcs11.Error)