From 8a73cfa938255c0e352b54a9e2833be33c08d1ab Mon Sep 17 00:00:00 2001 From: linuxdev53 Date: Fri, 30 Nov 2018 17:49:18 +0200 Subject: [PATCH 1/4] Added secp256k1 support --- commands/constructors.go | 14 ++++++++++++++ commands/response.go | 4 ++++ commands/types.go | 3 ++- connector/connector.go | 2 +- connector/http.go | 3 ++- manager.go | 7 ++++--- securechannel/channel.go | 7 ++++--- 7 files changed, 31 insertions(+), 9 deletions(-) diff --git a/commands/constructors.go b/commands/constructors.go index 12fc1e3..9716560 100644 --- a/commands/constructors.go +++ b/commands/constructors.go @@ -77,6 +77,20 @@ func CreateSignDataEddsaCommand(keyID uint16, data []byte) (*CommandMessage, err return command, nil } +func CreateSignDataEcdsaCommand(keyID uint16, data []byte) (*CommandMessage, error) { + command := &CommandMessage{ + CommandType: CommandTypeSignDataEcdsa, + } + + payload := bytes.NewBuffer([]byte{}) + binary.Write(payload, binary.BigEndian, keyID) + payload.Write(data) + + command.Data = payload.Bytes() + + return command, nil +} + func CreatePutAsymmetricKeyCommand(keyID uint16, label []byte, domains uint16, capabilities uint64, algorithm Algorithm, keyPart1 []byte, keyPart2 []byte) (*CommandMessage, error) { if len(label) > LabelLength { return nil, errors.New("label is too long") diff --git a/commands/response.go b/commands/response.go index 5503c72..f32c869 100644 --- a/commands/response.go +++ b/commands/response.go @@ -39,6 +39,10 @@ type ( Signature []byte } + SignDataEcdsaResponse struct { + Signature []byte + } + GetPubKeyResponse struct { Algorithm Algorithm // KeyData can contain different formats depending on the algorithm according to the YubiHSM2 documentation. diff --git a/commands/types.go b/commands/types.go index 683a353..2c3281b 100644 --- a/commands/types.go +++ b/commands/types.go @@ -78,7 +78,8 @@ const ( ErrorCodeCommandUnexecuted ErrorCode = 0xff // Algorithms - AlgorighmED25519 Algorithm = 46 + AlgorithmSecp256k1 Algorithm = 15 + AlgorighmED25519 Algorithm = 46 // Capabilities CapabilityGetOpaque uint64 = 0x0000000000000001 diff --git a/connector/connector.go b/connector/connector.go index 5ef8a2f..465b724 100644 --- a/connector/connector.go +++ b/connector/connector.go @@ -1,6 +1,6 @@ package connector -import "github.com/certusone/yubihsm-go/commands" +import "github.com/loomnetwork/yubihsm-go/commands" type ( // Connector implements a simple request interface with a YubiHSM2 diff --git a/connector/http.go b/connector/http.go index a31f23a..a55437f 100644 --- a/connector/http.go +++ b/connector/http.go @@ -3,10 +3,11 @@ package connector import ( "bytes" "fmt" - "github.com/certusone/yubihsm-go/commands" "io/ioutil" "net/http" "strings" + + "github.com/loomnetwork/yubihsm-go/commands" ) type ( diff --git a/manager.go b/manager.go index e682a02..a40b51a 100644 --- a/manager.go +++ b/manager.go @@ -3,11 +3,12 @@ package yubihsm import ( "bytes" "errors" - "github.com/certusone/yubihsm-go/commands" - "github.com/certusone/yubihsm-go/connector" - "github.com/certusone/yubihsm-go/securechannel" "sync" "time" + + "github.com/loomnetwork/yubihsm-go/commands" + "github.com/loomnetwork/yubihsm-go/connector" + "github.com/loomnetwork/yubihsm-go/securechannel" ) type ( diff --git a/securechannel/channel.go b/securechannel/channel.go index 75fe8d0..d3791e4 100644 --- a/securechannel/channel.go +++ b/securechannel/channel.go @@ -7,10 +7,11 @@ import ( "crypto/rand" "encoding/binary" "errors" - "github.com/certusone/yubihsm-go/commands" - "github.com/certusone/yubihsm-go/connector" - "github.com/enceve/crypto/cmac" "sync" + + "github.com/enceve/crypto/cmac" + "github.com/loomnetwork/yubihsm-go/commands" + "github.com/loomnetwork/yubihsm-go/connector" ) type ( From 0717d04d07c2868635a325b45a7e45a9caa4d088 Mon Sep 17 00:00:00 2001 From: linuxdev53 Date: Wed, 5 Dec 2018 15:42:38 +0200 Subject: [PATCH 2/4] Added secp256k1 keygen/sign, delete --- commands/constructors.go | 13 +++++++++++++ commands/response.go | 10 ++++++++++ commands/types.go | 9 +++++++++ 3 files changed, 32 insertions(+) diff --git a/commands/constructors.go b/commands/constructors.go index 9716560..1d4b3d3 100644 --- a/commands/constructors.go +++ b/commands/constructors.go @@ -138,6 +138,19 @@ func CreateGetPubKeyCommand(keyID uint16) (*CommandMessage, error) { return command, nil } +func CreateDeleteObjectCommand(objID uint16, objType uint8) (*CommandMessage, error) { + command := &CommandMessage{ + CommandType: CommandTypeDeleteObject, + } + + payload := bytes.NewBuffer([]byte{}) + binary.Write(payload, binary.BigEndian, objID) + binary.Write(payload, binary.BigEndian, objType) + command.Data = payload.Bytes() + + return command, nil +} + func CreateEchoCommand(data []byte) (*CommandMessage, error) { command := &CommandMessage{ CommandType: CommandTypeEcho, diff --git a/commands/response.go b/commands/response.go index f32c869..60ac2e3 100644 --- a/commands/response.go +++ b/commands/response.go @@ -86,12 +86,16 @@ func ParseResponse(data []byte) (Response, error) { return parseCreateAsymmetricKeyResponse(payload) case CommandTypeSignDataEddsa: return parseSignDataEddsaResponse(payload) + case CommandTypeSignDataEcdsa: + return parseSignDataEcdsaResponse(payload) case CommandTypePutAsymmetric: return parsePutAsymmetricKeyResponse(payload) case CommandTypeCloseSession: return nil, nil case CommandTypeGetPubKey: return parseGetPubKeyResponse(payload) + case CommandTypeDeleteObject: + return nil, nil case CommandTypeEcho: return parseEchoResponse(payload) case ErrorResponseCode: @@ -153,6 +157,12 @@ func parseSignDataEddsaResponse(payload []byte) (Response, error) { }, nil } +func parseSignDataEcdsaResponse(payload []byte) (Response, error) { + return &SignDataEcdsaResponse{ + Signature: payload, + }, nil +} + func parsePutAsymmetricKeyResponse(payload []byte) (Response, error) { if len(payload) != 2 { return nil, errors.New("invalid response payload length") diff --git a/commands/types.go b/commands/types.go index 2c3281b..d6da3e8 100644 --- a/commands/types.go +++ b/commands/types.go @@ -146,4 +146,13 @@ const ( Domain14 uint16 = 0x2000 Domain15 uint16 = 0x4000 Domain16 uint16 = 0x8000 + + // object types + ObjectTypeOpaque uint8 = 0x01 + ObjectTypeAuthenticationKey uint8 = 0x02 + ObjectTypeAsymmetricKey uint8 = 0x03 + ObjectTypeWrapKey uint8 = 0x04 + ObjectTypeHmacKey uint8 = 0x05 + ObjectTypeTemplate uint8 = 0x06 + ObjectTypeOtpAeadKey uint8 = 0x07 ) From 4f807229705ba9d17f07af3e35d672d47f61fb4d Mon Sep 17 00:00:00 2001 From: Simon Boissonneault-Robert Date: Mon, 17 Jun 2019 16:41:08 -0400 Subject: [PATCH 3/4] Changing imports to match original repo --- connector/connector.go | 2 +- connector/http.go | 2 +- manager.go | 6 +++--- securechannel/channel.go | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/connector/connector.go b/connector/connector.go index 465b724..5ef8a2f 100644 --- a/connector/connector.go +++ b/connector/connector.go @@ -1,6 +1,6 @@ package connector -import "github.com/loomnetwork/yubihsm-go/commands" +import "github.com/certusone/yubihsm-go/commands" type ( // Connector implements a simple request interface with a YubiHSM2 diff --git a/connector/http.go b/connector/http.go index a55437f..ca2f195 100644 --- a/connector/http.go +++ b/connector/http.go @@ -7,7 +7,7 @@ import ( "net/http" "strings" - "github.com/loomnetwork/yubihsm-go/commands" + "github.com/certusone/yubihsm-go/commands" ) type ( diff --git a/manager.go b/manager.go index a40b51a..d72585b 100644 --- a/manager.go +++ b/manager.go @@ -6,9 +6,9 @@ import ( "sync" "time" - "github.com/loomnetwork/yubihsm-go/commands" - "github.com/loomnetwork/yubihsm-go/connector" - "github.com/loomnetwork/yubihsm-go/securechannel" + "github.com/certusone/yubihsm-go/commands" + "github.com/certusone/yubihsm-go/connector" + "github.com/certusone/yubihsm-go/securechannel" ) type ( diff --git a/securechannel/channel.go b/securechannel/channel.go index d3791e4..dab6b49 100644 --- a/securechannel/channel.go +++ b/securechannel/channel.go @@ -10,8 +10,8 @@ import ( "sync" "github.com/enceve/crypto/cmac" - "github.com/loomnetwork/yubihsm-go/commands" - "github.com/loomnetwork/yubihsm-go/connector" + "github.com/certusone/yubihsm-go/commands" + "github.com/certusone/yubihsm-go/connector" ) type ( From b28a514e8f0f13447cfb1255be7e7f8111eec38f Mon Sep 17 00:00:00 2001 From: Simon Boissonneault-Robert Date: Tue, 18 Jun 2019 16:18:13 -0400 Subject: [PATCH 4/4] Add ListObject and GetObjectInfo support Misc: removed pinged print --- commands/constructors.go | 46 +++++++++++++++++++++++++++++++++ commands/response.go | 55 ++++++++++++++++++++++++++++++++++++++++ commands/types.go | 5 ++++ manager.go | 1 - 4 files changed, 106 insertions(+), 1 deletion(-) diff --git a/commands/constructors.go b/commands/constructors.go index 1d4b3d3..74e9153 100644 --- a/commands/constructors.go +++ b/commands/constructors.go @@ -4,6 +4,7 @@ import ( "bytes" "encoding/binary" "errors" + "io" ) func CreateCreateSessionCommand(keySetID uint16, hostChallenge []byte) (*CommandMessage, error) { @@ -118,6 +119,51 @@ func CreatePutAsymmetricKeyCommand(keyID uint16, label []byte, domains uint16, c return command, nil } +type ListCommandOption func(w io.Writer) + +func NewObjectTypeOption(objectType uint8) ListCommandOption { + return func(w io.Writer) { + binary.Write(w, binary.BigEndian, ListObjectParamType) + binary.Write(w, binary.BigEndian, objectType) + } +} + +func NewIDOption(id uint16) ListCommandOption { + return func(w io.Writer) { + binary.Write(w, binary.BigEndian, ListObjectParamID) + binary.Write(w, binary.BigEndian, id) + } +} + +func CreateListObjectsCommand(options ...ListCommandOption) (*CommandMessage, error) { + command := &CommandMessage{ + CommandType: CommandTypeListObjects, + } + + payload := bytes.NewBuffer([]byte{}) + for _, opt := range options { + opt(payload) + } + + command.Data = payload.Bytes() + + return command, nil +} + +func CreateGetObjectInfoCommand(keyID uint16, objectType uint8) (*CommandMessage, error) { + command := &CommandMessage{ + CommandType: CommandTypeGetObjectInfo, + } + + payload := bytes.NewBuffer([]byte{}) + binary.Write(payload, binary.BigEndian, keyID) + binary.Write(payload, binary.BigEndian, objectType) + + command.Data = payload.Bytes() + + return command, nil +} + func CreateCloseSessionCommand() (*CommandMessage, error) { command := &CommandMessage{ CommandType: CommandTypeCloseSession, diff --git a/commands/response.go b/commands/response.go index 60ac2e3..1597efd 100644 --- a/commands/response.go +++ b/commands/response.go @@ -35,6 +35,29 @@ type ( KeyID uint16 } + ObjectInfoResponse struct { + Capabilities uint64 + ObjectID uint16 + Length uint16 + Domains uint16 + Type uint8 + Algorithm Algorithm + Sequence uint8 + Origin uint8 + Label [40]byte + DelegatedCapabilites uint64 + } + + Object struct { + ObjectID uint16 + ObjectType uint8 + Sequence uint8 + } + + ListObjectsResponse struct { + Objects []Object + } + SignDataEddsaResponse struct { Signature []byte } @@ -90,6 +113,10 @@ func ParseResponse(data []byte) (Response, error) { return parseSignDataEcdsaResponse(payload) case CommandTypePutAsymmetric: return parsePutAsymmetricKeyResponse(payload) + case CommandTypeListObjects: + return parseListObjectsResponse(payload) + case CommandTypeGetObjectInfo: + return parseGetObjectInfoResponse(payload) case CommandTypeCloseSession: return nil, nil case CommandTypeGetPubKey: @@ -179,6 +206,34 @@ func parsePutAsymmetricKeyResponse(payload []byte) (Response, error) { }, nil } +func parseListObjectsResponse(payload []byte) (Response, error) { + if len(payload)%4 != 0 { + return nil, errors.New("invalid response payload length") + } + + response := ListObjectsResponse{ + Objects: make([]Object, len(payload)/4), + } + + err := binary.Read(bytes.NewReader(payload), binary.BigEndian, &response.Objects) + if err != nil { + return nil, err + } + + return &response, nil +} + +func parseGetObjectInfoResponse(payload []byte) (Response, error) { + response := ObjectInfoResponse{} + + err := binary.Read(bytes.NewReader(payload), binary.BigEndian, &response) + if err != nil { + return nil, err + } + + return &response, nil +} + func parseGetPubKeyResponse(payload []byte) (Response, error) { if len(payload) < 1 { return nil, errors.New("invalid response payload length") diff --git a/commands/types.go b/commands/types.go index d6da3e8..830d42f 100644 --- a/commands/types.go +++ b/commands/types.go @@ -78,6 +78,7 @@ const ( ErrorCodeCommandUnexecuted ErrorCode = 0xff // Algorithms + AlgorithmP256 Algorithm = 12 AlgorithmSecp256k1 Algorithm = 15 AlgorighmED25519 Algorithm = 46 @@ -155,4 +156,8 @@ const ( ObjectTypeHmacKey uint8 = 0x05 ObjectTypeTemplate uint8 = 0x06 ObjectTypeOtpAeadKey uint8 = 0x07 + + // list objects params + ListObjectParamID uint8 = 0x01 + ListObjectParamType uint8 = 0x02 ) diff --git a/manager.go b/manager.go index d72585b..3bdca77 100644 --- a/manager.go +++ b/manager.go @@ -71,7 +71,6 @@ func (s *SessionManager) pingRoutine() { } } - println("pinged") s.keepAlive.Reset(pingInterval) } }