commands

package
v0.4.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 30, 2023 License: Apache-2.0 Imports: 6 Imported by: 2

Documentation

Index

Constants

View Source 
const (
	LogElementDataLength   = 16
	LogElementDigestLength = 16
	LogElementLength       = LogElementDataLength + LogElementDigestLength
)
View Source 
const (
	LogCommandTypeBoot  = CommandType(0x00)
	LogCommandTypeReset = CommandType(0xff)
)
View Source 
const (
	ResponseCommandOffset = 0x80
	ErrorResponseCode     = 0xff

	// LabelLength is the max length of a label
	LabelLength = 40

	CommandTypeEcho                    CommandType = 0x01
	CommandTypeCreateSession           CommandType = 0x03
	CommandTypeAuthenticateSession     CommandType = 0x04
	CommandTypeSessionMessage          CommandType = 0x05
	CommandTypeDeviceInfo              CommandType = 0x06
	CommandTypeReset                   CommandType = 0x08
	CommandTypeCloseSession            CommandType = 0x40
	CommandTypeStorageStatus           CommandType = 0x41
	CommandTypePutOpaque               CommandType = 0x42
	CommandTypeGetOpaque               CommandType = 0x43
	CommandTypePutAuthKey              CommandType = 0x44
	CommandTypePutAsymmetric           CommandType = 0x45
	CommandTypeGenerateAsymmetricKey   CommandType = 0x46
	CommandTypeSignDataPkcs1           CommandType = 0x47
	CommandTypeListObjects             CommandType = 0x48
	CommandTypeDecryptPkcs1            CommandType = 0x49
	CommandTypeExportWrapped           CommandType = 0x4a
	CommandTypeImportWrapped           CommandType = 0x4b
	CommandTypePutWrapKey              CommandType = 0x4c
	CommandTypeGetLogs                 CommandType = 0x4d
	CommandTypeGetObjectInfo           CommandType = 0x4e
	CommandTypeSetOption               CommandType = 0x4f
	CommandTypeGetOption               CommandType = 0x50
	CommandTypeGetPseudoRandom         CommandType = 0x51
	CommandTypePutHMACKey              CommandType = 0x52
	CommandTypeHMACData                CommandType = 0x53
	CommandTypeGetPubKey               CommandType = 0x54
	CommandTypeSignDataPss             CommandType = 0x55
	CommandTypeSignDataEcdsa           CommandType = 0x56
	CommandTypeDecryptEcdh             CommandType = 0x57 // here for backwards compatibility
	CommandTypeDeriveEcdh              CommandType = 0x57
	CommandTypeDeleteObject            CommandType = 0x58
	CommandTypeDecryptOaep             CommandType = 0x59
	CommandTypeGenerateHMACKey         CommandType = 0x5a
	CommandTypeGenerateWrapKey         CommandType = 0x5b
	CommandTypeVerifyHMAC              CommandType = 0x5c
	CommandTypeOTPDecrypt              CommandType = 0x60
	CommandTypeOTPAeadCreate           CommandType = 0x61
	CommandTypeOTPAeadRandom           CommandType = 0x62
	CommandTypeOTPAeadRewrap           CommandType = 0x63
	CommandTypeAttestAsymmetric        CommandType = 0x64
	CommandTypePutOTPAeadKey           CommandType = 0x65
	CommandTypeGenerateOTPAeadKey      CommandType = 0x66
	CommandTypeSetLogIndex             CommandType = 0x67
	CommandTypeWrapData                CommandType = 0x68
	CommandTypeUnwrapData              CommandType = 0x69
	CommandTypeSignDataEddsa           CommandType = 0x6a
	CommandTypeSetBlink                CommandType = 0x6b
	CommandTypeChangeAuthenticationKey CommandType = 0x6c

	// Errors
	ErrorCodeOK                       ErrorCode = 0x00
	ErrorCodeInvalidCommand           ErrorCode = 0x01
	ErrorCodeInvalidData              ErrorCode = 0x02
	ErrorCodeInvalidSession           ErrorCode = 0x03
	ErrorCodeAuthFail                 ErrorCode = 0x04
	ErrorCodeSessionFull              ErrorCode = 0x05
	ErrorCodeSessionFailed            ErrorCode = 0x06
	ErrorCodeStorageFailed            ErrorCode = 0x07
	ErrorCodeWrongLength              ErrorCode = 0x08
	ErrorCodeInvalidPermission        ErrorCode = 0x09
	ErrorCodeLogFull                  ErrorCode = 0x0a
	ErrorCodeObjectNotFound           ErrorCode = 0x0b
	ErrorCodeInvalidID                ErrorCode = 0x0c
	ErrorCodeSSHCAConstraintViolation ErrorCode = 0x0e
	ErrorCodeInvalidOTP               ErrorCode = 0x0f
	ErrorCodeDemoMode                 ErrorCode = 0x10
	ErrorCodeObjectExists             ErrorCode = 0x11
	ErrorCodeCommandUnexecuted        ErrorCode = 0xff

	// Algorithms
	AlgorithmRSAPKCS1SHA1            Algorithm = 1
	AlgorithmRSAPKCS1SHA256          Algorithm = 2
	AlgorithmRSAPKCS1SHA384          Algorithm = 3
	AlgorithmRSAPKCS1SHA512          Algorithm = 4
	AlgorithmRSAPSSSHA1              Algorithm = 5
	AlgorithmRSAPSSSHA256            Algorithm = 6
	AlgorithmRSAPSSSHA384            Algorithm = 7
	AlgorithmRSAPSSSHA512            Algorithm = 8
	AlgorithmRSA2048                 Algorithm = 9
	AlgorithmRSA3072                 Algorithm = 10
	AlgorithmRSA4096                 Algorithm = 11
	AlgorithmP256                    Algorithm = 12
	AlgorithmP384                    Algorithm = 13
	AlgorithmP521                    Algorithm = 14
	AlgorithmSecp256k1               Algorithm = 15
	AlgorithmECBP256                 Algorithm = 16
	AlgorithmECBP384                 Algorithm = 17
	AlgorithmECBP512                 Algorithm = 18
	AlgorithmHMACSHA1                Algorithm = 19
	AlgorithmHMACSHA256              Algorithm = 20
	AlgorithmHMACSHA384              Algorithm = 21
	AlgorithmHMACSHA512              Algorithm = 22
	AlgorithmECECDSASHA1             Algorithm = 23
	AlgorithmECECDH                  Algorithm = 24
	AlgorithmRSAOAEPSHA1             Algorithm = 25
	AlgorithmRSAOAEPSHA256           Algorithm = 26
	AlgorithmRSAOAEPSHA384           Algorithm = 27
	AlgorithmRSAOAEPSHA512           Algorithm = 28
	AlgorithmAES128CCMWrap           Algorithm = 29
	AlgorithmOpaqueData              Algorithm = 30
	AlgorithmOpaqueX509Certificate   Algorithm = 31
	AlgorithmRSAMGF1SHA1             Algorithm = 32
	AlgorithmRSAMGF1SHA256           Algorithm = 33
	AlgorithmRSAMGF1SHA384           Algorithm = 34
	AlgorithmRSAMGF1SHA512           Algorithm = 35
	AlgorithmTEMPLATESSH             Algorithm = 36
	AlgorithmAES128YUBICOOTP         Algorithm = 37
	AlgorithmYubicoAESAuthentication Algorithm = 38
	AlgorithmAES192YUBICOOTP         Algorithm = 39
	AlgorithmAES256YUBICOOTP         Algorithm = 40
	AlgorithmAES192CCMWrap           Algorithm = 41
	AlgorithmAES256CCMWrap           Algorithm = 42
	AlgorithmECECDSASHA256           Algorithm = 43
	AlgorithmECECDSASHA384           Algorithm = 44
	AlgorithmECECDSASHA512           Algorithm = 45
	AlgorithmED25519                 Algorithm = 46
	AlgorithmECP224                  Algorithm = 47

	// Capabilities
	CapabilityNone                    uint64 = 0x0000000000000000
	CapabilityGetOpaque               uint64 = 0x0000000000000001
	CapabilityPutOpaque               uint64 = 0x0000000000000002
	CapabilityPutAuthenticationKey    uint64 = 0x0000000000000004
	CapabilityPutAsymmetric           uint64 = 0x0000000000000008
	CapabilityAsymmetricGen           uint64 = 0x0000000000000010
	CapabilityAsymmetricSignPkcs      uint64 = 0x0000000000000020
	CapabilityAsymmetricSignPss       uint64 = 0x0000000000000040
	CapabilityAsymmetricSignEcdsa     uint64 = 0x0000000000000080
	CapabilityAsymmetricSignEddsa     uint64 = 0x0000000000000100
	CapabilityAsymmetricDecryptPkcs   uint64 = 0x0000000000000200
	CapabilityAsymmetricDecryptOaep   uint64 = 0x0000000000000400
	CapabilityAsymmetricDecryptEcdh   uint64 = 0x0000000000000800 // here for backwards compatibility
	CapabilityAsymmetricDeriveEcdh    uint64 = 0x0000000000000800
	CapabilityExportWrapped           uint64 = 0x0000000000001000
	CapabilityImportWrapped           uint64 = 0x0000000000002000
	CapabilityPutWrapKey              uint64 = 0x0000000000004000
	CapabilityGenerateWrapKey         uint64 = 0x0000000000008000
	CapabilityExportableUnderWrap     uint64 = 0x0000000000010000
	CapabilityPutOption               uint64 = 0x0000000000020000
	CapabilityGetOption               uint64 = 0x0000000000040000
	CapabilityGetRandomness           uint64 = 0x0000000000080000
	CapabilityPutHmacKey              uint64 = 0x0000000000100000
	CapabilityHmacKeyGenerate         uint64 = 0x0000000000200000
	CapabilityHmacData                uint64 = 0x0000000000400000
	CapabilityHmacVerify              uint64 = 0x0000000000800000
	CapabilityAudit                   uint64 = 0x0000000001000000
	CapabilitySshCertify              uint64 = 0x0000000002000000
	CapabilityGetTemplate             uint64 = 0x0000000004000000
	CapabilityPutTemplate             uint64 = 0x0000000008000000
	CapabilityReset                   uint64 = 0x0000000010000000
	CapabilityOtpDecrypt              uint64 = 0x0000000020000000
	CapabilityOtpAeadCreate           uint64 = 0x0000000040000000
	CapabilityOtpAeadRandom           uint64 = 0x0000000080000000
	CapabilityOtpAeadRewrapFrom       uint64 = 0x0000000100000000
	CapabilityOtpAeadRewrapTo         uint64 = 0x0000000200000000
	CapabilityAttest                  uint64 = 0x0000000400000000
	CapabilityPutOtpAeadKey           uint64 = 0x0000000800000000
	CapabilityGenerateOtpAeadKey      uint64 = 0x0000001000000000
	CapabilityWrapData                uint64 = 0x0000002000000000
	CapabilityUnwrapData              uint64 = 0x0000004000000000
	CapabilityDeleteOpaque            uint64 = 0x0000008000000000
	CapabilityDeleteAuthKey           uint64 = 0x0000010000000000
	CapabilityDeleteAsymmetric        uint64 = 0x0000020000000000
	CapabilityDeleteWrapKey           uint64 = 0x0000040000000000
	CapabilityDeleteHmacKey           uint64 = 0x0000080000000000
	CapabilityDeleteTemplate          uint64 = 0x0000100000000000
	CapabilityDeleteOtpAeadKey        uint64 = 0x0000200000000000
	CapabilityChangeAuthenticationKey uint64 = 0x0000400000000000

	// Domains
	Domain1  uint16 = 0x0001
	Domain2  uint16 = 0x0002
	Domain3  uint16 = 0x0004
	Domain4  uint16 = 0x0008
	Domain5  uint16 = 0x0010
	Domain6  uint16 = 0x0020
	Domain7  uint16 = 0x0040
	Domain8  uint16 = 0x0080
	Domain9  uint16 = 0x0100
	Domain10 uint16 = 0x0200
	Domain11 uint16 = 0x0400
	Domain12 uint16 = 0x0800
	Domain13 uint16 = 0x1000
	Domain14 uint16 = 0x2000
	Domain15 uint16 = 0x4000
	Domain16 uint16 = 0x8000

	// object types
	ObjectTypeOpaque            uint8 = 0x01
	ObjectTypeAuthenticationKey uint8 = 0x02
	ObjectTypeAsymmetricKey     uint8 = 0x03
	ObjectTypeWrapKey           uint8 = 0x04
	ObjectTypeHmacKey           uint8 = 0x05
	ObjectTypeTemplate          uint8 = 0x06
	ObjectTypeOtpAeadKey        uint8 = 0x07

	// list objects params
	ListObjectParamID           uint8 = 0x01
	ListObjectParamType         uint8 = 0x02
	ListObjectParamDomains      uint8 = 0x03
	ListObjectParamCapabilities uint8 = 0x04
	ListObjectParamAlgorithm    uint8 = 0x05
	ListObjectParamLabel        uint8 = 0x06

	// options
	OptionForceAudit      uint8 = 0x01
	OptionCommandAudit    uint8 = 0x03
	OptionAlgorithmToggle uint8 = 0x04
	OptionFIPSMode        uint8 = 0x05

	// option values
	OptionValueOff uint8 = 0x00
	OptionValueOn  uint8 = 0x01
	OptionValueFix uint8 = 0x02
)

Variables

This section is empty.

Functions

func CapabilityPrimitiveFromSlice 

func CapabilityPrimitiveFromSlice(capabilitites []uint64) uint64

CapabilityPrimitiveFromSlice OR's all the capabilitites together.

Types

type Algorithm 

type Algorithm uint8

type ChangeAuthenticationKeyResponse 

type ChangeAuthenticationKeyResponse struct {
	ObjectID uint16
}

type CommandMessage 

type CommandMessage struct {
	UUID        uint8
	CommandType CommandType
	SessionID   *uint8
	Data        []byte
	MAC         []byte
}

func CreateAuthenticateSessionCommand 

func CreateAuthenticateSessionCommand(hostCryptogram []byte) (*CommandMessage, error)

func CreateChangeAuthenticationKeyCommand 

func CreateChangeAuthenticationKeyCommand(objID uint16, newPassword string) (*CommandMessage, error)

func CreateCloseSessionCommand 

func CreateCloseSessionCommand() (*CommandMessage, error)

func CreateCreateSessionCommand 

func CreateCreateSessionCommand(keySetID uint16, hostChallenge []byte) (*CommandMessage, error)

func CreateDeleteObjectCommand 

func CreateDeleteObjectCommand(objID uint16, objType uint8) (*CommandMessage, error)

func CreateDeriveEcdhCommand 

func CreateDeriveEcdhCommand(objID uint16, pubkey []byte) (*CommandMessage, error)

func CreateDeviceInfoCommand 

func CreateDeviceInfoCommand() (*CommandMessage, error)

func CreateEchoCommand 

func CreateEchoCommand(data []byte) (*CommandMessage, error)

func CreateExportWrappedCommand 

func CreateExportWrappedCommand(wrapObjID uint16, objType uint8, objID uint16) (*CommandMessage, error)

func CreateGenerateAsymmetricKeyCommand 

func CreateGenerateAsymmetricKeyCommand(keyID uint16, label []byte, domains uint16, capabilities uint64, algorithm Algorithm) (*CommandMessage, error)

func CreateGetLogsCommand 

func CreateGetLogsCommand() *CommandMessage

func CreateGetObjectInfoCommand 

func CreateGetObjectInfoCommand(keyID uint16, objectType uint8) (*CommandMessage, error)

func CreateGetOpaqueCommand 

func CreateGetOpaqueCommand(objID uint16) (*CommandMessage, error)

func CreateGetOptionCommand 

func CreateGetOptionCommand(option uint8) (*CommandMessage, error)

func CreateGetPseudoRandomCommand 

func CreateGetPseudoRandomCommand(numBytes uint16) *CommandMessage

func CreateGetPubKeyCommand 

func CreateGetPubKeyCommand(keyID uint16) (*CommandMessage, error)

func CreateImportWrappedCommand 

func CreateImportWrappedCommand(wrapObjID uint16, nonce, data []byte) (*CommandMessage, error)

CreateImportWrappedCommand will import a wrapped/encrypted Object that was previously exported by an YubiHSM2 device. The imported object will retain its metadata (Object ID, Domains, Capabilities …etc), however, the object’s origin will be marked as imported instead of generated.

func CreateListObjectsCommand 

func CreateListObjectsCommand(options ...ListCommandOption) (*CommandMessage, error)

func CreatePutAsymmetricKeyCommand 

func CreatePutAsymmetricKeyCommand(keyID uint16, label []byte, domains uint16, capabilities uint64, algorithm Algorithm, keyPart1 []byte, keyPart2 []byte) (*CommandMessage, error)

func CreatePutAuthkeyCommand 

func CreatePutAuthkeyCommand(objID uint16, label []byte, domains uint16, capabilities, delegated uint64, encKey, macKey []byte) (*CommandMessage, error)

func CreatePutDerivedAuthenticationKeyCommand 

func CreatePutDerivedAuthenticationKeyCommand(objID uint16, label []byte, domains uint16, capabilities uint64, delegated uint64, password string) (*CommandMessage, error)

func CreatePutOpaqueCommand 

func CreatePutOpaqueCommand(objID uint16, label []byte, domains uint16, capabilities uint64, algorithm Algorithm, data []byte) (*CommandMessage, error)

func CreatePutWrapkeyCommand 

func CreatePutWrapkeyCommand(objID uint16, label []byte, domains uint16, capabilities uint64, algorithm Algorithm, delegated uint64, wrapkey []byte) (*CommandMessage, error)

func CreateResetCommand 

func CreateResetCommand() (*CommandMessage, error)

func CreateSetLogIndexCommand 

func CreateSetLogIndexCommand(index uint16) *CommandMessage

func CreateSetOptionCommand 

func CreateSetOptionCommand(option uint8, values []byte) (*CommandMessage, error)

func CreateSignAttestationCertCommand 

func CreateSignAttestationCertCommand(keyObjID, attestationObjID uint16) (*CommandMessage, error)

func CreateSignDataEcdsaCommand 

func CreateSignDataEcdsaCommand(keyID uint16, data []byte) (*CommandMessage, error)

func CreateSignDataEddsaCommand 

func CreateSignDataEddsaCommand(keyID uint16, data []byte) (*CommandMessage, error)

func CreateSignDataPkcs1Command 

func CreateSignDataPkcs1Command(keyID uint16, data []byte) (*CommandMessage, error)

func (*CommandMessage) BodyLength 

func (c *CommandMessage) BodyLength() uint16

func (*CommandMessage) Serialize 

func (c *CommandMessage) Serialize() ([]byte, error)

type CommandType 

type CommandType uint8

type CreateAsymmetricKeyResponse 

type CreateAsymmetricKeyResponse struct {
	KeyID uint16
}

type CreateSessionResponse 

type CreateSessionResponse struct {
	SessionID      uint8
	CardChallenge  []byte
	CardCryptogram []byte
}

type DeriveEcdhResponse 

type DeriveEcdhResponse struct {
	XCoordinate []byte
}

type DeviceInfoResponse 

type DeviceInfoResponse struct {
	MajorVersion        uint8
	MinorVersion        uint8
	BuildVersion        uint8
	SerialNumber        uint32
	LogTotal            uint8
	LogUsed             uint8
	SupportedAlgorithms []Algorithm
}

type EchoResponse 

type EchoResponse struct {
	Data []byte
}

type Error 

type Error struct {
	Code ErrorCode
}

func (*Error) Error 

func (e *Error) Error() string

Error formats a card error message into a human readable format

type ErrorCode 

type ErrorCode uint8

type ExportWrappedResponse 

type ExportWrappedResponse struct {
	Nonce []byte
	Data  []byte
}

type GetLogsResponse 

type GetLogsResponse struct {
	UnloggedBootEvents           uint16
	UnloggedAuthenticationEvents uint16
	Elements                     []LogElement
}

type GetOpaqueResponse 

type GetOpaqueResponse struct {
	Data []byte
}

type GetOptionResponse 

type GetOptionResponse struct {
	Values []byte
}

type GetPubKeyResponse 

type GetPubKeyResponse struct {
	Algorithm Algorithm
	// KeyData can contain different formats depending on the algorithm according to the YubiHSM2 documentation.
	KeyData []byte
}

type ImportWrappedResponse 

type ImportWrappedResponse struct {
	ObjectType uint8
	ObjectID   uint16
}

type ListCommandOption 

type ListCommandOption func(w io.Writer)

func NewDomainOption 

func NewDomainOption(domain uint16) ListCommandOption

func NewIDOption 

func NewIDOption(id uint16) ListCommandOption

func NewLabelOption 

func NewLabelOption(label []byte) (ListCommandOption, error)

func NewObjectTypeOption 

func NewObjectTypeOption(objectType uint8) ListCommandOption

type ListObjectsResponse 

type ListObjectsResponse struct {
	Objects []Object
}

type LogElement 

type LogElement struct {
	CommandNumber  uint16
	CommandType    CommandType
	CommandLength  uint16
	SessionID      uint16
	KeyID          uint16
	SecondaryKeyID uint16
	Result         ErrorCode
	SysTick        uint32
	Digest         []byte
}

func (LogElement) IsBoot 

func (le LogElement) IsBoot() bool

func (LogElement) IsReset 

func (le LogElement) IsReset() bool

type Object 

type Object struct {
	ObjectID   uint16
	ObjectType uint8
	Sequence   uint8
}

type ObjectInfoResponse 

type ObjectInfoResponse struct {
	Capabilities         uint64
	ObjectID             uint16
	Length               uint16
	Domains              uint16
	Type                 uint8
	Algorithm            Algorithm
	Sequence             uint8
	Origin               uint8
	Label                [40]byte
	DelegatedCapabilites uint64
}

type PutAsymmetricKeyResponse 

type PutAsymmetricKeyResponse struct {
	KeyID uint16
}

type PutAuthkeyResponse 

type PutAuthkeyResponse struct {
	ObjectID uint16
}

type PutOpaqueResponse 

type PutOpaqueResponse struct {
	ObjectID uint16
}

type PutWrapkeyResponse 

type PutWrapkeyResponse struct {
	ObjectID uint16
}

type Response 

type Response interface {
}

func ParseResponse 

func ParseResponse(data []byte) (Response, error)

ParseResponse parses the binary response from the card to the relevant Response type. If the response is an error zu parses the Error type response and returns an error of the type commands.Error with the parsed error message.

type SessionMessageResponse 

type SessionMessageResponse struct {
	SessionID     uint8
	EncryptedData []byte
	MAC           []byte
}

type SignAttestationCertResponse 

type SignAttestationCertResponse struct {
	Cert []byte
}

type SignDataEcdsaResponse 

type SignDataEcdsaResponse struct {
	Signature []byte
}

type SignDataEddsaResponse 

type SignDataEddsaResponse struct {
	Signature []byte
}

type SignDataPkcs1Response 

type SignDataPkcs1Response struct {
	Signature []byte
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.