Merge pull request #5 from ecadlabs/master
Support for SignEcdsa and DeleteObject
This commit is contained in:
commit
3601184c8b
|
@ -4,6 +4,7 @@ import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"encoding/binary"
|
"encoding/binary"
|
||||||
"errors"
|
"errors"
|
||||||
|
"io"
|
||||||
)
|
)
|
||||||
|
|
||||||
func CreateCreateSessionCommand(keySetID uint16, hostChallenge []byte) (*CommandMessage, error) {
|
func CreateCreateSessionCommand(keySetID uint16, hostChallenge []byte) (*CommandMessage, error) {
|
||||||
|
@ -77,6 +78,20 @@ func CreateSignDataEddsaCommand(keyID uint16, data []byte) (*CommandMessage, err
|
||||||
return command, nil
|
return command, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func CreateSignDataEcdsaCommand(keyID uint16, data []byte) (*CommandMessage, error) {
|
||||||
|
command := &CommandMessage{
|
||||||
|
CommandType: CommandTypeSignDataEcdsa,
|
||||||
|
}
|
||||||
|
|
||||||
|
payload := bytes.NewBuffer([]byte{})
|
||||||
|
binary.Write(payload, binary.BigEndian, keyID)
|
||||||
|
payload.Write(data)
|
||||||
|
|
||||||
|
command.Data = payload.Bytes()
|
||||||
|
|
||||||
|
return command, nil
|
||||||
|
}
|
||||||
|
|
||||||
func CreatePutAsymmetricKeyCommand(keyID uint16, label []byte, domains uint16, capabilities uint64, algorithm Algorithm, keyPart1 []byte, keyPart2 []byte) (*CommandMessage, error) {
|
func CreatePutAsymmetricKeyCommand(keyID uint16, label []byte, domains uint16, capabilities uint64, algorithm Algorithm, keyPart1 []byte, keyPart2 []byte) (*CommandMessage, error) {
|
||||||
if len(label) > LabelLength {
|
if len(label) > LabelLength {
|
||||||
return nil, errors.New("label is too long")
|
return nil, errors.New("label is too long")
|
||||||
|
@ -104,6 +119,51 @@ func CreatePutAsymmetricKeyCommand(keyID uint16, label []byte, domains uint16, c
|
||||||
return command, nil
|
return command, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type ListCommandOption func(w io.Writer)
|
||||||
|
|
||||||
|
func NewObjectTypeOption(objectType uint8) ListCommandOption {
|
||||||
|
return func(w io.Writer) {
|
||||||
|
binary.Write(w, binary.BigEndian, ListObjectParamType)
|
||||||
|
binary.Write(w, binary.BigEndian, objectType)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewIDOption(id uint16) ListCommandOption {
|
||||||
|
return func(w io.Writer) {
|
||||||
|
binary.Write(w, binary.BigEndian, ListObjectParamID)
|
||||||
|
binary.Write(w, binary.BigEndian, id)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func CreateListObjectsCommand(options ...ListCommandOption) (*CommandMessage, error) {
|
||||||
|
command := &CommandMessage{
|
||||||
|
CommandType: CommandTypeListObjects,
|
||||||
|
}
|
||||||
|
|
||||||
|
payload := bytes.NewBuffer([]byte{})
|
||||||
|
for _, opt := range options {
|
||||||
|
opt(payload)
|
||||||
|
}
|
||||||
|
|
||||||
|
command.Data = payload.Bytes()
|
||||||
|
|
||||||
|
return command, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func CreateGetObjectInfoCommand(keyID uint16, objectType uint8) (*CommandMessage, error) {
|
||||||
|
command := &CommandMessage{
|
||||||
|
CommandType: CommandTypeGetObjectInfo,
|
||||||
|
}
|
||||||
|
|
||||||
|
payload := bytes.NewBuffer([]byte{})
|
||||||
|
binary.Write(payload, binary.BigEndian, keyID)
|
||||||
|
binary.Write(payload, binary.BigEndian, objectType)
|
||||||
|
|
||||||
|
command.Data = payload.Bytes()
|
||||||
|
|
||||||
|
return command, nil
|
||||||
|
}
|
||||||
|
|
||||||
func CreateCloseSessionCommand() (*CommandMessage, error) {
|
func CreateCloseSessionCommand() (*CommandMessage, error) {
|
||||||
command := &CommandMessage{
|
command := &CommandMessage{
|
||||||
CommandType: CommandTypeCloseSession,
|
CommandType: CommandTypeCloseSession,
|
||||||
|
@ -124,6 +184,19 @@ func CreateGetPubKeyCommand(keyID uint16) (*CommandMessage, error) {
|
||||||
return command, nil
|
return command, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func CreateDeleteObjectCommand(objID uint16, objType uint8) (*CommandMessage, error) {
|
||||||
|
command := &CommandMessage{
|
||||||
|
CommandType: CommandTypeDeleteObject,
|
||||||
|
}
|
||||||
|
|
||||||
|
payload := bytes.NewBuffer([]byte{})
|
||||||
|
binary.Write(payload, binary.BigEndian, objID)
|
||||||
|
binary.Write(payload, binary.BigEndian, objType)
|
||||||
|
command.Data = payload.Bytes()
|
||||||
|
|
||||||
|
return command, nil
|
||||||
|
}
|
||||||
|
|
||||||
func CreateEchoCommand(data []byte) (*CommandMessage, error) {
|
func CreateEchoCommand(data []byte) (*CommandMessage, error) {
|
||||||
command := &CommandMessage{
|
command := &CommandMessage{
|
||||||
CommandType: CommandTypeEcho,
|
CommandType: CommandTypeEcho,
|
||||||
|
|
|
@ -35,10 +35,37 @@ type (
|
||||||
KeyID uint16
|
KeyID uint16
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ObjectInfoResponse struct {
|
||||||
|
Capabilities uint64
|
||||||
|
ObjectID uint16
|
||||||
|
Length uint16
|
||||||
|
Domains uint16
|
||||||
|
Type uint8
|
||||||
|
Algorithm Algorithm
|
||||||
|
Sequence uint8
|
||||||
|
Origin uint8
|
||||||
|
Label [40]byte
|
||||||
|
DelegatedCapabilites uint64
|
||||||
|
}
|
||||||
|
|
||||||
|
Object struct {
|
||||||
|
ObjectID uint16
|
||||||
|
ObjectType uint8
|
||||||
|
Sequence uint8
|
||||||
|
}
|
||||||
|
|
||||||
|
ListObjectsResponse struct {
|
||||||
|
Objects []Object
|
||||||
|
}
|
||||||
|
|
||||||
SignDataEddsaResponse struct {
|
SignDataEddsaResponse struct {
|
||||||
Signature []byte
|
Signature []byte
|
||||||
}
|
}
|
||||||
|
|
||||||
|
SignDataEcdsaResponse struct {
|
||||||
|
Signature []byte
|
||||||
|
}
|
||||||
|
|
||||||
GetPubKeyResponse struct {
|
GetPubKeyResponse struct {
|
||||||
Algorithm Algorithm
|
Algorithm Algorithm
|
||||||
// KeyData can contain different formats depending on the algorithm according to the YubiHSM2 documentation.
|
// KeyData can contain different formats depending on the algorithm according to the YubiHSM2 documentation.
|
||||||
|
@ -82,12 +109,20 @@ func ParseResponse(data []byte) (Response, error) {
|
||||||
return parseCreateAsymmetricKeyResponse(payload)
|
return parseCreateAsymmetricKeyResponse(payload)
|
||||||
case CommandTypeSignDataEddsa:
|
case CommandTypeSignDataEddsa:
|
||||||
return parseSignDataEddsaResponse(payload)
|
return parseSignDataEddsaResponse(payload)
|
||||||
|
case CommandTypeSignDataEcdsa:
|
||||||
|
return parseSignDataEcdsaResponse(payload)
|
||||||
case CommandTypePutAsymmetric:
|
case CommandTypePutAsymmetric:
|
||||||
return parsePutAsymmetricKeyResponse(payload)
|
return parsePutAsymmetricKeyResponse(payload)
|
||||||
|
case CommandTypeListObjects:
|
||||||
|
return parseListObjectsResponse(payload)
|
||||||
|
case CommandTypeGetObjectInfo:
|
||||||
|
return parseGetObjectInfoResponse(payload)
|
||||||
case CommandTypeCloseSession:
|
case CommandTypeCloseSession:
|
||||||
return nil, nil
|
return nil, nil
|
||||||
case CommandTypeGetPubKey:
|
case CommandTypeGetPubKey:
|
||||||
return parseGetPubKeyResponse(payload)
|
return parseGetPubKeyResponse(payload)
|
||||||
|
case CommandTypeDeleteObject:
|
||||||
|
return nil, nil
|
||||||
case CommandTypeEcho:
|
case CommandTypeEcho:
|
||||||
return parseEchoResponse(payload)
|
return parseEchoResponse(payload)
|
||||||
case ErrorResponseCode:
|
case ErrorResponseCode:
|
||||||
|
@ -149,6 +184,12 @@ func parseSignDataEddsaResponse(payload []byte) (Response, error) {
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func parseSignDataEcdsaResponse(payload []byte) (Response, error) {
|
||||||
|
return &SignDataEcdsaResponse{
|
||||||
|
Signature: payload,
|
||||||
|
}, nil
|
||||||
|
}
|
||||||
|
|
||||||
func parsePutAsymmetricKeyResponse(payload []byte) (Response, error) {
|
func parsePutAsymmetricKeyResponse(payload []byte) (Response, error) {
|
||||||
if len(payload) != 2 {
|
if len(payload) != 2 {
|
||||||
return nil, errors.New("invalid response payload length")
|
return nil, errors.New("invalid response payload length")
|
||||||
|
@ -165,6 +206,34 @@ func parsePutAsymmetricKeyResponse(payload []byte) (Response, error) {
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func parseListObjectsResponse(payload []byte) (Response, error) {
|
||||||
|
if len(payload)%4 != 0 {
|
||||||
|
return nil, errors.New("invalid response payload length")
|
||||||
|
}
|
||||||
|
|
||||||
|
response := ListObjectsResponse{
|
||||||
|
Objects: make([]Object, len(payload)/4),
|
||||||
|
}
|
||||||
|
|
||||||
|
err := binary.Read(bytes.NewReader(payload), binary.BigEndian, &response.Objects)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return &response, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func parseGetObjectInfoResponse(payload []byte) (Response, error) {
|
||||||
|
response := ObjectInfoResponse{}
|
||||||
|
|
||||||
|
err := binary.Read(bytes.NewReader(payload), binary.BigEndian, &response)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return &response, nil
|
||||||
|
}
|
||||||
|
|
||||||
func parseGetPubKeyResponse(payload []byte) (Response, error) {
|
func parseGetPubKeyResponse(payload []byte) (Response, error) {
|
||||||
if len(payload) < 1 {
|
if len(payload) < 1 {
|
||||||
return nil, errors.New("invalid response payload length")
|
return nil, errors.New("invalid response payload length")
|
||||||
|
|
|
@ -78,7 +78,9 @@ const (
|
||||||
ErrorCodeCommandUnexecuted ErrorCode = 0xff
|
ErrorCodeCommandUnexecuted ErrorCode = 0xff
|
||||||
|
|
||||||
// Algorithms
|
// Algorithms
|
||||||
AlgorighmED25519 Algorithm = 46
|
AlgorithmP256 Algorithm = 12
|
||||||
|
AlgorithmSecp256k1 Algorithm = 15
|
||||||
|
AlgorighmED25519 Algorithm = 46
|
||||||
|
|
||||||
// Capabilities
|
// Capabilities
|
||||||
CapabilityGetOpaque uint64 = 0x0000000000000001
|
CapabilityGetOpaque uint64 = 0x0000000000000001
|
||||||
|
@ -145,4 +147,17 @@ const (
|
||||||
Domain14 uint16 = 0x2000
|
Domain14 uint16 = 0x2000
|
||||||
Domain15 uint16 = 0x4000
|
Domain15 uint16 = 0x4000
|
||||||
Domain16 uint16 = 0x8000
|
Domain16 uint16 = 0x8000
|
||||||
|
|
||||||
|
// object types
|
||||||
|
ObjectTypeOpaque uint8 = 0x01
|
||||||
|
ObjectTypeAuthenticationKey uint8 = 0x02
|
||||||
|
ObjectTypeAsymmetricKey uint8 = 0x03
|
||||||
|
ObjectTypeWrapKey uint8 = 0x04
|
||||||
|
ObjectTypeHmacKey uint8 = 0x05
|
||||||
|
ObjectTypeTemplate uint8 = 0x06
|
||||||
|
ObjectTypeOtpAeadKey uint8 = 0x07
|
||||||
|
|
||||||
|
// list objects params
|
||||||
|
ListObjectParamID uint8 = 0x01
|
||||||
|
ListObjectParamType uint8 = 0x02
|
||||||
)
|
)
|
||||||
|
|
|
@ -3,10 +3,11 @@ package connector
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"fmt"
|
"fmt"
|
||||||
"github.com/certusone/yubihsm-go/commands"
|
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"net/http"
|
"net/http"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
|
"github.com/certusone/yubihsm-go/commands"
|
||||||
)
|
)
|
||||||
|
|
||||||
type (
|
type (
|
||||||
|
|
|
@ -3,11 +3,12 @@ package yubihsm
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"errors"
|
"errors"
|
||||||
|
"sync"
|
||||||
|
"time"
|
||||||
|
|
||||||
"github.com/certusone/yubihsm-go/commands"
|
"github.com/certusone/yubihsm-go/commands"
|
||||||
"github.com/certusone/yubihsm-go/connector"
|
"github.com/certusone/yubihsm-go/connector"
|
||||||
"github.com/certusone/yubihsm-go/securechannel"
|
"github.com/certusone/yubihsm-go/securechannel"
|
||||||
"sync"
|
|
||||||
"time"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
type (
|
type (
|
||||||
|
@ -70,7 +71,6 @@ func (s *SessionManager) pingRoutine() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
println("pinged")
|
|
||||||
s.keepAlive.Reset(pingInterval)
|
s.keepAlive.Reset(pingInterval)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,10 +7,11 @@ import (
|
||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
"encoding/binary"
|
"encoding/binary"
|
||||||
"errors"
|
"errors"
|
||||||
|
"sync"
|
||||||
|
|
||||||
|
"github.com/enceve/crypto/cmac"
|
||||||
"github.com/certusone/yubihsm-go/commands"
|
"github.com/certusone/yubihsm-go/commands"
|
||||||
"github.com/certusone/yubihsm-go/connector"
|
"github.com/certusone/yubihsm-go/connector"
|
||||||
"github.com/enceve/crypto/cmac"
|
|
||||||
"sync"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
type (
|
type (
|
||||||
|
|
Loading…
Reference in New Issue