commands

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 19, 2021 License: Apache-2.0 Imports: 6 Imported by: 6

Documentation

Index

Constants

View Source 
const (
	ResponseCommandOffset = 0x80
	ErrorResponseCode     = 0xff

	// LabelLength is the max length of a label
	LabelLength = 40

	CommandTypeEcho                    CommandType = 0x01
	CommandTypeCreateSession           CommandType = 0x03
	CommandTypeAuthenticateSession     CommandType = 0x04
	CommandTypeSessionMessage          CommandType = 0x05
	CommandTypeDeviceInfo              CommandType = 0x06
	CommandTypeReset                   CommandType = 0x08
	CommandTypeCloseSession            CommandType = 0x40
	CommandTypeStorageStatus           CommandType = 0x41
	CommandTypePutOpaque               CommandType = 0x42
	CommandTypeGetOpaque               CommandType = 0x43
	CommandTypePutAuthKey              CommandType = 0x44
	CommandTypePutAsymmetric           CommandType = 0x45
	CommandTypeGenerateAsymmetricKey   CommandType = 0x46
	CommandTypeSignDataPkcs1           CommandType = 0x47
	CommandTypeListObjects             CommandType = 0x48
	CommandTypeDecryptPkcs1            CommandType = 0x49
	CommandTypeExportWrapped           CommandType = 0x4a
	CommandTypeImportWrapped           CommandType = 0x4b
	CommandTypePutWrapKey              CommandType = 0x4c
	CommandTypeGetLogs                 CommandType = 0x4d
	CommandTypeGetObjectInfo           CommandType = 0x4e
	CommandTypePutOption               CommandType = 0x4f
	CommandTypeGetOption               CommandType = 0x50
	CommandTypeGetPseudoRandom         CommandType = 0x51
	CommandTypePutHMACKey              CommandType = 0x52
	CommandTypeHMACData                CommandType = 0x53
	CommandTypeGetPubKey               CommandType = 0x54
	CommandTypeSignDataPss             CommandType = 0x55
	CommandTypeSignDataEcdsa           CommandType = 0x56
	CommandTypeDecryptEcdh             CommandType = 0x57 // here for backwards compatibility
	CommandTypeDeriveEcdh              CommandType = 0x57
	CommandTypeDeleteObject            CommandType = 0x58
	CommandTypeDecryptOaep             CommandType = 0x59
	CommandTypeGenerateHMACKey         CommandType = 0x5a
	CommandTypeGenerateWrapKey         CommandType = 0x5b
	CommandTypeVerifyHMAC              CommandType = 0x5c
	CommandTypeOTPDecrypt              CommandType = 0x60
	CommandTypeOTPAeadCreate           CommandType = 0x61
	CommandTypeOTPAeadRandom           CommandType = 0x62
	CommandTypeOTPAeadRewrap           CommandType = 0x63
	CommandTypeAttestAsymmetric        CommandType = 0x64
	CommandTypePutOTPAeadKey           CommandType = 0x65
	CommandTypeGenerateOTPAeadKey      CommandType = 0x66
	CommandTypeSetLogIndex             CommandType = 0x67
	CommandTypeWrapData                CommandType = 0x68
	CommandTypeUnwrapData              CommandType = 0x69
	CommandTypeSignDataEddsa           CommandType = 0x6a
	CommandTypeSetBlink                CommandType = 0x6b
	CommandTypeChangeAuthenticationKey CommandType = 0x6c

	// Errors
	ErrorCodeOK                ErrorCode = 0x00
	ErrorCodeInvalidCommand    ErrorCode = 0x01
	ErrorCodeInvalidData       ErrorCode = 0x02
	ErrorCodeInvalidSession    ErrorCode = 0x03
	ErrorCodeAuthFail          ErrorCode = 0x04
	ErrorCodeSessionFull       ErrorCode = 0x05
	ErrorCodeSessionFailed     ErrorCode = 0x06
	ErrorCodeStorageFailed     ErrorCode = 0x07
	ErrorCodeWrongLength       ErrorCode = 0x08
	ErrorCodeInvalidPermission ErrorCode = 0x09
	ErrorCodeLogFull           ErrorCode = 0x0a
	ErrorCodeObjectNotFound    ErrorCode = 0x0b
	ErrorCodeIDIllegal         ErrorCode = 0x0c
	ErrorCodeCommandUnexecuted ErrorCode = 0xff

	// Algorithms
	AlgorithmP256                    Algorithm = 12
	AlgorithmSecp256k1               Algorithm = 15
	AlgorithmYubicoAESAuthentication Algorithm = 38
	AlgorighmED25519                 Algorithm = 46
	AlgorithmAES128CCMWrap           Algorithm = 29
	AlgorithmAES192CCMWrap           Algorithm = 41
	AlgorithmAES256CCMWrap           Algorithm = 42

	// Capabilities
	CapabilityGetOpaque             uint64 = 0x0000000000000001
	CapabilityPutOpaque             uint64 = 0x0000000000000002
	CapabilityPutAuthKey            uint64 = 0x0000000000000004
	CapabilityPutAsymmetric         uint64 = 0x0000000000000008
	CapabilityAsymmetricGen         uint64 = 0x0000000000000010
	CapabilityAsymmetricSignPkcs    uint64 = 0x0000000000000020
	CapabilityAsymmetricSignPss     uint64 = 0x0000000000000040
	CapabilityAsymmetricSignEcdsa   uint64 = 0x0000000000000080
	CapabilityAsymmetricSignEddsa   uint64 = 0x0000000000000100
	CapabilityAsymmetricDecryptPkcs uint64 = 0x0000000000000200
	CapabilityAsymmetricDecryptOaep uint64 = 0x0000000000000400
	CapabilityAsymmetricDecryptEcdh uint64 = 0x0000000000000800 // here for backwards compatibility
	CapabilityAsymmetricDeriveEcdh  uint64 = 0x0000000000000800
	CapabilityExportWrapped         uint64 = 0x0000000000001000
	CapabilityImportWrapped         uint64 = 0x0000000000002000
	CapabilityPutWrapKey            uint64 = 0x0000000000004000
	CapabilityGenerateWrapKey       uint64 = 0x0000000000008000
	CapabilityExportUnderWrap       uint64 = 0x0000000000010000
	CapabilityPutOption             uint64 = 0x0000000000020000
	CapabilityGetOption             uint64 = 0x0000000000040000
	CapabilityGetRandomness         uint64 = 0x0000000000080000
	CapabilityPutHmacKey            uint64 = 0x0000000000100000
	CapabilityHmacKeyGenerate       uint64 = 0x0000000000200000
	CapabilityHmacData              uint64 = 0x0000000000400000
	CapabilityHmacVerify            uint64 = 0x0000000000800000
	CapabilityAudit                 uint64 = 0x0000000001000000
	CapabilitySshCertify            uint64 = 0x0000000002000000
	CapabilityGetTemplate           uint64 = 0x0000000004000000
	CapabilityPutTemplate           uint64 = 0x0000000008000000
	CapabilityReset                 uint64 = 0x0000000010000000
	CapabilityOtpDecrypt            uint64 = 0x0000000020000000
	CapabilityOtpAeadCreate         uint64 = 0x0000000040000000
	CapabilityOtpAeadRandom         uint64 = 0x0000000080000000
	CapabilityOtpAeadRewrapFrom     uint64 = 0x0000000100000000
	CapabilityOtpAeadRewrapTo       uint64 = 0x0000000200000000
	CapabilityAttest                uint64 = 0x0000000400000000
	CapabilityPutOtpAeadKey         uint64 = 0x0000000800000000
	CapabilityGenerateOtpAeadKey    uint64 = 0x0000001000000000
	CapabilityWrapData              uint64 = 0x0000002000000000
	CapabilityUnwrapData            uint64 = 0x0000004000000000
	CapabilityDeleteOpaque          uint64 = 0x0000008000000000
	CapabilityDeleteAuthKey         uint64 = 0x0000010000000000
	CapabilityDeleteAsymmetric      uint64 = 0x0000020000000000
	CapabilityDeleteWrapKey         uint64 = 0x0000040000000000
	CapabilityDeleteHmacKey         uint64 = 0x0000080000000000
	CapabilityDeleteTemplate        uint64 = 0x0000100000000000
	CapabilityDeleteOtpAeadKey      uint64 = 0x0000200000000000

	// Domains
	Domain1  uint16 = 0x0001
	Domain2  uint16 = 0x0002
	Domain3  uint16 = 0x0004
	Domain4  uint16 = 0x0008
	Domain5  uint16 = 0x0010
	Domain6  uint16 = 0x0020
	Domain7  uint16 = 0x0040
	Domain8  uint16 = 0x0080
	Domain9  uint16 = 0x0100
	Domain10 uint16 = 0x0200
	Domain11 uint16 = 0x0400
	Domain12 uint16 = 0x0800
	Domain13 uint16 = 0x1000
	Domain14 uint16 = 0x2000
	Domain15 uint16 = 0x4000
	Domain16 uint16 = 0x8000

	// object types
	ObjectTypeOpaque            uint8 = 0x01
	ObjectTypeAuthenticationKey uint8 = 0x02
	ObjectTypeAsymmetricKey     uint8 = 0x03
	ObjectTypeWrapKey           uint8 = 0x04
	ObjectTypeHmacKey           uint8 = 0x05
	ObjectTypeTemplate          uint8 = 0x06
	ObjectTypeOtpAeadKey        uint8 = 0x07

	// list objects params
	ListObjectParamID   uint8 = 0x01
	ListObjectParamType uint8 = 0x02
)

Variables

This section is empty.

Functions

func CapabilityPrimitiveFromSlice added in v0.2.0 

func CapabilityPrimitiveFromSlice(capabilitites []uint64) uint64

CapabilityPrimitiveFromSlice OR's all the capabilitites together.

Types

type Algorithm 

type Algorithm uint8

type ChangeAuthenticationKeyResponse added in v0.2.0 

type ChangeAuthenticationKeyResponse struct {
	ObjectID uint16
}

type CommandMessage 

type CommandMessage struct {
	UUID        uint8
	CommandType CommandType
	SessionID   *uint8
	Data        []byte
	MAC         []byte
}

func CreateAuthenticateSessionCommand 

func CreateAuthenticateSessionCommand(hostCryptogram []byte) (*CommandMessage, error)

func CreateChangeAuthenticationKeyCommand added in v0.2.0 

func CreateChangeAuthenticationKeyCommand(objID uint16, newPassword string) (*CommandMessage, error)

func CreateCloseSessionCommand 

func CreateCloseSessionCommand() (*CommandMessage, error)

func CreateCreateSessionCommand 

func CreateCreateSessionCommand(keySetID uint16, hostChallenge []byte) (*CommandMessage, error)

func CreateDeleteObjectCommand added in v0.2.0 

func CreateDeleteObjectCommand(objID uint16, objType uint8) (*CommandMessage, error)

func CreateDeriveEcdhCommand added in v0.2.0 

func CreateDeriveEcdhCommand(objID uint16, pubkey []byte) (*CommandMessage, error)

func CreateEchoCommand 

func CreateEchoCommand(data []byte) (*CommandMessage, error)

func CreateGenerateAsymmetricKeyCommand 

func CreateGenerateAsymmetricKeyCommand(keyID uint16, label []byte, domains uint16, capabilities uint64, algorithm Algorithm) (*CommandMessage, error)

func CreateGetObjectInfoCommand added in v0.2.0 

func CreateGetObjectInfoCommand(keyID uint16, objectType uint8) (*CommandMessage, error)

func CreateGetPseudoRandomCommand added in v0.2.0 

func CreateGetPseudoRandomCommand(numBytes uint16) *CommandMessage

func CreateGetPubKeyCommand 

func CreateGetPubKeyCommand(keyID uint16) (*CommandMessage, error)

func CreateListObjectsCommand added in v0.2.0 

func CreateListObjectsCommand(options ...ListCommandOption) (*CommandMessage, error)

func CreatePutAsymmetricKeyCommand 

func CreatePutAsymmetricKeyCommand(keyID uint16, label []byte, domains uint16, capabilities uint64, algorithm Algorithm, keyPart1 []byte, keyPart2 []byte) (*CommandMessage, error)

func CreatePutWrapkeyCommand added in v0.2.0 

func CreatePutWrapkeyCommand(objID uint16, label []byte, domains uint16, capabilities uint64, algorithm Algorithm, delegated uint64, wrapkey []byte) (*CommandMessage, error)

func CreateResetCommand 

func CreateResetCommand() (*CommandMessage, error)

func CreateSignDataEcdsaCommand added in v0.2.0 

func CreateSignDataEcdsaCommand(keyID uint16, data []byte) (*CommandMessage, error)

func CreateSignDataEddsaCommand 

func CreateSignDataEddsaCommand(keyID uint16, data []byte) (*CommandMessage, error)

func (*CommandMessage) BodyLength 

func (c *CommandMessage) BodyLength() uint16

func (*CommandMessage) Serialize 

func (c *CommandMessage) Serialize() ([]byte, error)

type CommandType 

type CommandType uint8

type CreateAsymmetricKeyResponse 

type CreateAsymmetricKeyResponse struct {
	KeyID uint16
}

type CreateSessionResponse 

type CreateSessionResponse struct {
	SessionID      uint8
	CardChallenge  []byte
	CardCryptogram []byte
}

type DeriveEcdhResponse added in v0.2.0 

type DeriveEcdhResponse struct {
	XCoordinate []byte
}

type EchoResponse 

type EchoResponse struct {
	Data []byte
}

type Error 

type Error struct {
	Code ErrorCode
}

func (*Error) Error 

func (e *Error) Error() string

Error formats a card error message into a human readable format

type ErrorCode 

type ErrorCode uint8

type GetPubKeyResponse 

type GetPubKeyResponse struct {
	Algorithm Algorithm
	// KeyData can contain different formats depending on the algorithm according to the YubiHSM2 documentation.
	KeyData []byte
}

type ListCommandOption added in v0.2.0 

type ListCommandOption func(w io.Writer)

func NewIDOption added in v0.2.0 

func NewIDOption(id uint16) ListCommandOption

func NewObjectTypeOption added in v0.2.0 

func NewObjectTypeOption(objectType uint8) ListCommandOption

type ListObjectsResponse added in v0.2.0 

type ListObjectsResponse struct {
	Objects []Object
}

type Object added in v0.2.0 

type Object struct {
	ObjectID   uint16
	ObjectType uint8
	Sequence   uint8
}

type ObjectInfoResponse added in v0.2.0 

type ObjectInfoResponse struct {
	Capabilities         uint64
	ObjectID             uint16
	Length               uint16
	Domains              uint16
	Type                 uint8
	Algorithm            Algorithm
	Sequence             uint8
	Origin               uint8
	Label                [40]byte
	DelegatedCapabilites uint64
}

type PutAsymmetricKeyResponse 

type PutAsymmetricKeyResponse struct {
	KeyID uint16
}

type PutWrapkeyResponse added in v0.2.0 

type PutWrapkeyResponse struct {
	ObjectID uint16
}

type Response 

type Response interface {
}

func ParseResponse 

func ParseResponse(data []byte) (Response, error)

ParseResponse parses the binary response from the card to the relevant Response type. If the response is an error zu parses the Error type response and returns an error of the type commands.Error with the parsed error message.

type SessionMessageResponse 

type SessionMessageResponse struct {
	SessionID     uint8
	EncryptedData []byte
	MAC           []byte
}

type SignDataEcdsaResponse added in v0.2.0 

type SignDataEcdsaResponse struct {
	Signature []byte
}

type SignDataEddsaResponse 

type SignDataEddsaResponse struct {
	Signature []byte
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.