From 8a73cfa938255c0e352b54a9e2833be33c08d1ab Mon Sep 17 00:00:00 2001 From: linuxdev53 Date: Fri, 30 Nov 2018 17:49:18 +0200 Subject: [PATCH 1/2] Added secp256k1 support --- commands/constructors.go | 14 ++++++++++++++ commands/response.go | 4 ++++ commands/types.go | 3 ++- connector/connector.go | 2 +- connector/http.go | 3 ++- manager.go | 7 ++++--- securechannel/channel.go | 7 ++++--- 7 files changed, 31 insertions(+), 9 deletions(-) diff --git a/commands/constructors.go b/commands/constructors.go index 12fc1e3..9716560 100644 --- a/commands/constructors.go +++ b/commands/constructors.go @@ -77,6 +77,20 @@ func CreateSignDataEddsaCommand(keyID uint16, data []byte) (*CommandMessage, err return command, nil } +func CreateSignDataEcdsaCommand(keyID uint16, data []byte) (*CommandMessage, error) { + command := &CommandMessage{ + CommandType: CommandTypeSignDataEcdsa, + } + + payload := bytes.NewBuffer([]byte{}) + binary.Write(payload, binary.BigEndian, keyID) + payload.Write(data) + + command.Data = payload.Bytes() + + return command, nil +} + func CreatePutAsymmetricKeyCommand(keyID uint16, label []byte, domains uint16, capabilities uint64, algorithm Algorithm, keyPart1 []byte, keyPart2 []byte) (*CommandMessage, error) { if len(label) > LabelLength { return nil, errors.New("label is too long") diff --git a/commands/response.go b/commands/response.go index 5503c72..f32c869 100644 --- a/commands/response.go +++ b/commands/response.go @@ -39,6 +39,10 @@ type ( Signature []byte } + SignDataEcdsaResponse struct { + Signature []byte + } + GetPubKeyResponse struct { Algorithm Algorithm // KeyData can contain different formats depending on the algorithm according to the YubiHSM2 documentation. diff --git a/commands/types.go b/commands/types.go index 683a353..2c3281b 100644 --- a/commands/types.go +++ b/commands/types.go @@ -78,7 +78,8 @@ const ( ErrorCodeCommandUnexecuted ErrorCode = 0xff // Algorithms - AlgorighmED25519 Algorithm = 46 + AlgorithmSecp256k1 Algorithm = 15 + AlgorighmED25519 Algorithm = 46 // Capabilities CapabilityGetOpaque uint64 = 0x0000000000000001 diff --git a/connector/connector.go b/connector/connector.go index 5ef8a2f..465b724 100644 --- a/connector/connector.go +++ b/connector/connector.go @@ -1,6 +1,6 @@ package connector -import "github.com/certusone/yubihsm-go/commands" +import "github.com/loomnetwork/yubihsm-go/commands" type ( // Connector implements a simple request interface with a YubiHSM2 diff --git a/connector/http.go b/connector/http.go index a31f23a..a55437f 100644 --- a/connector/http.go +++ b/connector/http.go @@ -3,10 +3,11 @@ package connector import ( "bytes" "fmt" - "github.com/certusone/yubihsm-go/commands" "io/ioutil" "net/http" "strings" + + "github.com/loomnetwork/yubihsm-go/commands" ) type ( diff --git a/manager.go b/manager.go index e682a02..a40b51a 100644 --- a/manager.go +++ b/manager.go @@ -3,11 +3,12 @@ package yubihsm import ( "bytes" "errors" - "github.com/certusone/yubihsm-go/commands" - "github.com/certusone/yubihsm-go/connector" - "github.com/certusone/yubihsm-go/securechannel" "sync" "time" + + "github.com/loomnetwork/yubihsm-go/commands" + "github.com/loomnetwork/yubihsm-go/connector" + "github.com/loomnetwork/yubihsm-go/securechannel" ) type ( diff --git a/securechannel/channel.go b/securechannel/channel.go index 75fe8d0..d3791e4 100644 --- a/securechannel/channel.go +++ b/securechannel/channel.go @@ -7,10 +7,11 @@ import ( "crypto/rand" "encoding/binary" "errors" - "github.com/certusone/yubihsm-go/commands" - "github.com/certusone/yubihsm-go/connector" - "github.com/enceve/crypto/cmac" "sync" + + "github.com/enceve/crypto/cmac" + "github.com/loomnetwork/yubihsm-go/commands" + "github.com/loomnetwork/yubihsm-go/connector" ) type ( From 0717d04d07c2868635a325b45a7e45a9caa4d088 Mon Sep 17 00:00:00 2001 From: linuxdev53 Date: Wed, 5 Dec 2018 15:42:38 +0200 Subject: [PATCH 2/2] Added secp256k1 keygen/sign, delete --- commands/constructors.go | 13 +++++++++++++ commands/response.go | 10 ++++++++++ commands/types.go | 9 +++++++++ 3 files changed, 32 insertions(+) diff --git a/commands/constructors.go b/commands/constructors.go index 9716560..1d4b3d3 100644 --- a/commands/constructors.go +++ b/commands/constructors.go @@ -138,6 +138,19 @@ func CreateGetPubKeyCommand(keyID uint16) (*CommandMessage, error) { return command, nil } +func CreateDeleteObjectCommand(objID uint16, objType uint8) (*CommandMessage, error) { + command := &CommandMessage{ + CommandType: CommandTypeDeleteObject, + } + + payload := bytes.NewBuffer([]byte{}) + binary.Write(payload, binary.BigEndian, objID) + binary.Write(payload, binary.BigEndian, objType) + command.Data = payload.Bytes() + + return command, nil +} + func CreateEchoCommand(data []byte) (*CommandMessage, error) { command := &CommandMessage{ CommandType: CommandTypeEcho, diff --git a/commands/response.go b/commands/response.go index f32c869..60ac2e3 100644 --- a/commands/response.go +++ b/commands/response.go @@ -86,12 +86,16 @@ func ParseResponse(data []byte) (Response, error) { return parseCreateAsymmetricKeyResponse(payload) case CommandTypeSignDataEddsa: return parseSignDataEddsaResponse(payload) + case CommandTypeSignDataEcdsa: + return parseSignDataEcdsaResponse(payload) case CommandTypePutAsymmetric: return parsePutAsymmetricKeyResponse(payload) case CommandTypeCloseSession: return nil, nil case CommandTypeGetPubKey: return parseGetPubKeyResponse(payload) + case CommandTypeDeleteObject: + return nil, nil case CommandTypeEcho: return parseEchoResponse(payload) case ErrorResponseCode: @@ -153,6 +157,12 @@ func parseSignDataEddsaResponse(payload []byte) (Response, error) { }, nil } +func parseSignDataEcdsaResponse(payload []byte) (Response, error) { + return &SignDataEcdsaResponse{ + Signature: payload, + }, nil +} + func parsePutAsymmetricKeyResponse(payload []byte) (Response, error) { if len(payload) != 2 { return nil, errors.New("invalid response payload length") diff --git a/commands/types.go b/commands/types.go index 2c3281b..d6da3e8 100644 --- a/commands/types.go +++ b/commands/types.go @@ -146,4 +146,13 @@ const ( Domain14 uint16 = 0x2000 Domain15 uint16 = 0x4000 Domain16 uint16 = 0x8000 + + // object types + ObjectTypeOpaque uint8 = 0x01 + ObjectTypeAuthenticationKey uint8 = 0x02 + ObjectTypeAsymmetricKey uint8 = 0x03 + ObjectTypeWrapKey uint8 = 0x04 + ObjectTypeHmacKey uint8 = 0x05 + ObjectTypeTemplate uint8 = 0x06 + ObjectTypeOtpAeadKey uint8 = 0x07 )