Merge branch 'master' into lenfix

2023-01-11 13:43:27 +01:00 · 2023-01-11 13:43:27 +01:00 · c0e51f5405
parent 995af3b2fd ce1163658f
commit c0e51f5405
5 changed files with 77 additions and 19 deletions
--- a/README.md
+++ b/README.md
@ -6,6 +6,7 @@ messages is depleted.

 Currently the following commands are implemented:

+ * DeviceInfo
 * Reset
 * GenerateAsymmetricKey
 * SignDataEddsa
@ -28,7 +29,7 @@ Please submit a PR if you have implemented new commands or extended existing con

 ## Example of usage

-```
+```go
 c := connector.NewHTTPConnector("localhost:1234")
 sm, err := yubihsm.NewSessionManager(c, 1, "password", 2)
 if err != nil {
--- a/commands/constructors.go
+++ b/commands/constructors.go
@ -9,6 +9,15 @@ import (
 	"github.com/certusone/yubihsm-go/authkey"
 )

+
+func CreateDeviceInfoCommand() (*CommandMessage, error) {
+	command := &CommandMessage{
+		CommandType: CommandTypeDeviceInfo,
+	}
+
+	return command, nil
+}
+
 func CreateCreateSessionCommand(keySetID uint16, hostChallenge []byte) (*CommandMessage, error) {
 	command := &CommandMessage{
 		CommandType: CommandTypeCreateSession,
--- a/commands/response.go
+++ b/commands/response.go
@ -15,6 +15,16 @@ type (
 		Code ErrorCode
 	}

+	DeviceInfoResponse struct {
+		MajorVersion        uint8
+		MinorVersion        uint8
+		BuildVersion        uint8
+		SerialNumber        uint32
+		LogTotal            uint8
+		LogUsed             uint8
+		SupportedAlgorithms []Algorithm
+	}
+
 	CreateSessionResponse struct {
 		SessionID      uint8
 		CardChallenge  []byte
@ -141,6 +151,8 @@ func ParseResponse(data []byte) (Response, error) {
 	}

 	switch transactionType {
+	case CommandTypeDeviceInfo:
+		return parseDeviceInfoResponse(payload)
 	case CommandTypeCreateSession:
 		return parseCreateSessionResponse(payload)
 	case CommandTypeAuthenticateSession:
@ -214,6 +226,28 @@ func parseSessionMessage(payload []byte) (Response, error) {
 	}, nil
 }

+func parseDeviceInfoResponse(payload []byte) (Response, error) {
+	var serialNumber uint32
+	err := binary.Read(bytes.NewReader(payload[3:7]), binary.BigEndian, &serialNumber)
+	if err != nil {
+		return nil, err
+	}
+
+	var supportedAlgorithms []Algorithm
+	for _, alg := range payload[9:] {
+		supportedAlgorithms = append(supportedAlgorithms, Algorithm(alg))
+	}
+
+	return &DeviceInfoResponse{
+		MajorVersion: payload[0],
+		MinorVersion: payload[1],
+		BuildVersion: payload[2],
+		SerialNumber: serialNumber,
+		LogTotal: payload[7],
+		LogUsed: payload[8],
+		SupportedAlgorithms: supportedAlgorithms,
+	}, nil
+}
 func parseCreateSessionResponse(payload []byte) (Response, error) {
 	if len(payload) != 17 {
 		return nil, errors.New("invalid response payload length")
--- a/commands/types.go
+++ b/commands/types.go
@ -86,6 +86,8 @@ const (
 	// Algorithms
 	AlgorithmRSA2048                 Algorithm = 9
 	AlgorithmP256                    Algorithm = 12
+	AlgorithmP384                    Algorithm = 13
+	AlgorithmP521                    Algorithm = 14
 	AlgorithmSecp256k1               Algorithm = 15
 	AlgorithmOpaqueData              Algorithm = 30
 	AlgorithmOpaqueX509Certificate   Algorithm = 31
--- a/connector/http.go
+++ b/connector/http.go
@ -28,40 +28,50 @@ func NewHTTPConnector(url string) *HTTPConnector {
 }

 // Request encodes and executes a command on the HSM and returns the binary response
-func (c *HTTPConnector) Request(command *commands.CommandMessage) ([]byte, error) {
-	requestData, err := command.Serialize()
+func (c *HTTPConnector) Request(command *commands.CommandMessage) (data []byte, err error) {
+	var requestData []byte
+	requestData, err = command.Serialize()
 	if err != nil {
-		return nil, err
+		return
 	}

-	res, err := http.DefaultClient.Post("http://"+c.URL+"/connector/api", "application/octet-stream", bytes.NewReader(requestData))
+	var res *http.Response
+	res, err = http.DefaultClient.Post("http://"+c.URL+"/connector/api", "application/octet-stream", bytes.NewReader(requestData))
 	if err != nil {
-		return nil, err
+		return
 	}

+	defer func() {
+		closeErr := res.Body.Close()
+		if err == nil {
+			err = closeErr
+		}
+	}()
+
 	if res.StatusCode != http.StatusOK {
-		return nil, fmt.Errorf("server returned non OK status code %d", res.StatusCode)
+		err = fmt.Errorf("server returned non OK status code %d", res.StatusCode)
+		return
 	}

-	data, err := ioutil.ReadAll(res.Body)
-	if err != nil {
-		return nil, err
-	}
+	data, err = ioutil.ReadAll(res.Body)

-	return data, nil
+	return
 }

 // GetStatus requests the status of the HSM connector route /connector/status
-func (c *HTTPConnector) GetStatus() (*StatusResponse, error) {
-	res, err := http.DefaultClient.Get("http://" + c.URL + "/connector/status")
+func (c *HTTPConnector) GetStatus() (status *StatusResponse, err error) {
+	var res *http.Response
+	res, err = http.DefaultClient.Get("http://" + c.URL + "/connector/status")
 	if err != nil {
-		return nil, err
+		return
 	}

-	data, err := ioutil.ReadAll(res.Body)
+	var data []byte
+	data, err = ioutil.ReadAll(res.Body)
 	if err != nil {
-		return nil, err
+		return
 	}
+
 	bodyString := string(data)
 	pairs := strings.Split(bodyString, "\n")

@ -69,12 +79,12 @@ func (c *HTTPConnector) GetStatus() (*StatusResponse, error) {
 	for _, pair := range pairs {
 		values = append(values, strings.Split(pair, "=")...)
 	}
-	status := &StatusResponse{}

 	if values == nil || len(values) < 12 {
 		return nil, ErrInvalidResponseValueLength
 	}

+	status = &StatusResponse{}
 	status.Status = Status(values[1])
 	status.Serial = values[3]
 	status.Version = values[5]
@ -82,5 +92,7 @@ func (c *HTTPConnector) GetStatus() (*StatusResponse, error) {
 	status.Address = values[9]
 	status.Port = values[11]

-	return status, nil
+	err = res.Body.Close()
+
+	return
 }