Go to file
ezekielnewren dac1fd2bba
add more algorithm constants (#24)
* add more algorithm constants
2023-01-11 13:49:06 +01:00
authkey Add ChangeAuthenticationKey command 2020-02-28 09:40:45 -08:00
commands add more algorithm constants (#24) 2023-01-11 13:49:06 +01:00
connector Connector: check len(values) to avoid nil pointer dereference (#21) 2023-01-11 13:46:18 +01:00
securechannel Add commands 2021-04-07 14:22:09 -07:00
.gitignore GitIgnore 2021-03-19 12:06:21 +00:00
LICENSE Prepare for GitHub publication 2018-10-01 14:48:56 +02:00
README.md Merge pull request #19 from rmeringe/add_get_device_info_command 2022-07-18 10:19:34 +02:00
go.mod Add commands 2021-04-07 14:22:09 -07:00
go.sum Add commands 2021-04-07 14:22:09 -07:00
manager.go Don't reset ping interval as failed commands do not recreate broken sessions 2019-08-14 07:41:44 +02:00

README.md

yubihsm-go

Yubihsm-go is a minimal implementation of the securechannel and connector protocol of the YubiHSM2.

It also implements a simple SessionManager which keeps connections alive and swaps them if the maximum number of messages is depleted.

Currently the following commands are implemented:

  • DeviceInfo
  • Reset
  • GenerateAsymmetricKey
  • SignDataEddsa
  • SignDataPkcs1
  • PutAsymmetricKey
  • GetPubKey
  • DeriveEcdh
  • Echo
  • ChangeAuthenticationKey
  • PutAuthenticationKey
  • GetOpaque
  • PutOpaque
  • SignAttestationCertificate
  • Authentication & Session related commands
  • GetPseudoRandom

Implementing new commands is really easy. Please consult commands/constructors.go and commands/response.go for reference.

Please submit a PR if you have implemented new commands or extended existing constructors.

Example of usage

c := connector.NewHTTPConnector("localhost:1234")
sm, err := yubihsm.NewSessionManager(c, 1, "password", 2)
if err != nil {
	panic(err)
}

echoMessage := []byte("test")

command, err := commands.CreateEchoCommand(echoMessage)
if err != nil {
	panic(err)
}

resp, err := sm.SendEncryptedCommand(command)
if err != nil {
	panic(err)
}

parsedResp, matched := resp.(*commands.EchoResponse)
if !matched {
	panic("invalid response type")
}

if bytes.Equal(parsedResp.Data, echoMessage) {
	println("successfully echoed data")
} else {
	panic(errors.New("echoed message did not equal requested message"))
}