certusone
/
yubihsm-go
mirror of https://github.com/certusone/yubihsm-go.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
yubihsm-go/authkey/authkey.go

34 lines
735 B
Go
Raw Normal View History

Add ChangeAuthenticationKey command Introduce the command which is used to change the password to authenticate to the HSM. A small refactoring of extracting authkey out was necessary to prevent an import cycle from securechannel importing commands which (without the refactor) imported secure channel again. Documentation for this command: https://developers.yubico.com/YubiHSM2/Commands/Change_Authentication_Key.html
2020-02-28 09:40:45 -08:00
package authkey
initial commit
2018-09-02 05:46:37 -07:00
import (
"crypto/sha256"
Add ChangeAuthenticationKey command Introduce the command which is used to change the password to authenticate to the HSM. A small refactoring of extracting authkey out was necessary to prevent an import cycle from securechannel importing commands which (without the refactor) imported secure channel again. Documentation for this command: https://developers.yubico.com/YubiHSM2/Commands/Change_Authentication_Key.html
2020-02-28 09:40:45 -08:00
initial commit
2018-09-02 05:46:37 -07:00
"golang.org/x/crypto/pbkdf2"
)
type (
// AuthKey is a key to authenticate with the HSM
AuthKey []byte
)
const (
authKeyLength = 32
authKeyIterations = 10000
yubicoSeed = "Yubico"
)
Add ChangeAuthenticationKey command Introduce the command which is used to change the password to authenticate to the HSM. A small refactoring of extracting authkey out was necessary to prevent an import cycle from securechannel importing commands which (without the refactor) imported secure channel again. Documentation for this command: https://developers.yubico.com/YubiHSM2/Commands/Change_Authentication_Key.html
2020-02-28 09:40:45 -08:00
// NewFromPassword derives an AuthKey using pkdf2 as specified in the HSM documentation
func NewFromPassword(password string) AuthKey {
initial commit
2018-09-02 05:46:37 -07:00
return pbkdf2.Key([]byte(password), []byte(yubicoSeed), authKeyIterations, authKeyLength, sha256.New)
}
// GetEncKey returns the EncryptionKey part of the AuthKey
func (k AuthKey) GetEncKey() []byte {
Add ChangeAuthenticationKey command Introduce the command which is used to change the password to authenticate to the HSM. A small refactoring of extracting authkey out was necessary to prevent an import cycle from securechannel importing commands which (without the refactor) imported secure channel again. Documentation for this command: https://developers.yubico.com/YubiHSM2/Commands/Change_Authentication_Key.html
2020-02-28 09:40:45 -08:00
return k[:authKeyLength/2]
initial commit
2018-09-02 05:46:37 -07:00
}
Add ChangeAuthenticationKey command Introduce the command which is used to change the password to authenticate to the HSM. A small refactoring of extracting authkey out was necessary to prevent an import cycle from securechannel importing commands which (without the refactor) imported secure channel again. Documentation for this command: https://developers.yubico.com/YubiHSM2/Commands/Change_Authentication_Key.html
2020-02-28 09:40:45 -08:00
// GetMacKey returns the MACKey part of the AuthKey
initial commit
2018-09-02 05:46:37 -07:00
func (k AuthKey) GetMacKey() []byte {
Add ChangeAuthenticationKey command Introduce the command which is used to change the password to authenticate to the HSM. A small refactoring of extracting authkey out was necessary to prevent an import cycle from securechannel importing commands which (without the refactor) imported secure channel again. Documentation for this command: https://developers.yubico.com/YubiHSM2/Commands/Change_Authentication_Key.html
2020-02-28 09:40:45 -08:00
return k[authKeyLength/2:]
initial commit
2018-09-02 05:46:37 -07:00
}