530348283f
Introduce the command which is used to change the password to authenticate to the HSM. A small refactoring of extracting authkey out was necessary to prevent an import cycle from securechannel importing commands which (without the refactor) imported secure channel again. Documentation for this command: https://developers.yubico.com/YubiHSM2/Commands/Change_Authentication_Key.html |
||
|---|---|---|
| authkey | ||
| commands | ||
| connector | ||
| securechannel | ||
| .gitignore | ||
| LICENSE | ||
| README.md | ||
| go.mod | ||
| go.sum | ||
| manager.go | ||
README.md
yubihsm-go
Yubihsm-go is a minimal implementation of the securechannel and connector protocol of the YubiHSM2.
It also implements a simple SessionManager which keeps connections alive and swaps them if the maximum number of messages is depleted.
Currently the following commands are implemented:
- Reset
- GenerateAsymmetricKey
- SignDataEddsa
- PutAsymmetricKey
- GetPubKey
- DeriveEcdh
- Echo
- ChangeAuthenticationKey
- Authentication & Session related commands
Implementing new commands is really easy. Please consult commands/constructors.go and commands/response.go for reference.
Please submit a PR if you have implemented new commands or extended existing constructors.
Example of usage
c := connector.NewHTTPConnector("localhost:1234")
sm, err := yubihsm.NewSessionManager(c, 1, "password", 2)
if err != nil {
panic(err)
}
echoMessage := []byte("test")
command, err := commands.CreateEchoCommand(echoMessage)
if err != nil {
panic(err)
}
resp, err := sm.SendEncryptedCommand(command)
if err != nil {
panic(err)
}
parsedResp, matched := resp.(*commands.EchoResponse)
if !matched {
panic("invalid response type")
}
if bytes.Equal(parsedResp.Data, echoMessage) {
println("successfully echoed data")
} else {
panic(errors.New("echoed message did not equal requested message"))
}