Documentation ¶
Overview ¶
Package yubihsm implements core datatypes and serialization/deserialization the YubiHSM2 command protocol.
Index ¶
- Constants
- func Append[V ~[]byte](b []byte, v V) []byte
- func Append16[V ~uint16 | ~int16 | ~int](b []byte, v V) []byte
- func Append8[V ~uint8 | ~int8 | ~int](b []byte, v V) []byte
- func Parse16[V ~uint16 | ~int16](b []byte, o int, v *V)
- func Parse32[V ~uint32 | ~int32](b []byte, o int, v *V)
- func Parse8[V ~uint8 | ~int8](b []byte, o int, v *V)
- func ParseResponse(cmdID CommandID, rsp Response, buf []byte) error
- func Put16[V ~uint16 | ~int16 | ~int](b []byte, v V)
- func Put32[V ~uint32 | ~int32 | ~int](b []byte, v V)
- func Put8[V ~uint8 | ~int8 | ~int](b []byte, v V)
- type AlgorithmID
- type AuthenticateSessionCommand
- type AuthenticateSessionResponse
- type Challenge
- type CloseSessionCommand
- type CloseSessionResponse
- type Command
- type CommandID
- type CreateSessionCommand
- type CreateSessionResponse
- type Cryptogram
- type DecryptOAEPCommand
- type DecryptPKCS1v15Command
- type DecryptResponse
- type DeviceInfoCommand
- type DeviceInfoResponse
- type Echo
- type Error
- type GetPublicKeyCommand
- type GetPublicKeyResponse
- type InvalidLengthError
- type ListObjectsCommand
- type ListObjectsFilter
- type ListObjectsResponse
- type ObjectID
- type PublicKey
- type Response
- type SignECDSACommand
- type SignEdDSACommand
- type SignPKCS1v15Command
- type SignPSSCommand
- type SignResponse
- type TypeID
Constants ¶
const ( _,// CommandResponse is the high-order bit which is OR'ed to the // command ID in all response messages. CommandResponse = CommandID(iota), CommandID(0x80 | iota) CommandEcho, ResponseEcho CommandCreateSession, ResponseCreateSession CommandAuthenticateSession, ResponseAuthenticateSession CommandSessionMessage, ResponseSessionMessage CommandGetDeviceInfo, ResponseGetDeviceInfo CommandResetDevice, ResponseResetDevice CommandGetDevicePublicKey, ResponseGetDevicePublicKey CommandCloseSession = iota + 0x40 - CommandGetDevicePublicKey - 1 CommandGetStorageInfo CommandPutOpaque CommandGetOpaque CommandPutAuthenticationKey CommandPutAsymmetricKey CommandGenerateAsymmetricKey CommandSignPKCS1v15 CommandListObjects CommandDecryptPKCS1v15 CommandExportWrapped CommandImportWrapped CommandPutWrapKey CommandGetLogEntries CommandGetObjectInfo CommandSetOption CommandGetOption CommandGetPseudoRandom CommandPutHMACKey CommandSignHMAC CommandGetPublicKey CommandSignPSS CommandSignECDSA CommandDeriveECDH CommandDeleteObject CommandDecryptOAEP CommandGenerateHMACKey CommandGenerateWrapKey CommandVerifyHMAC CommandSignSSHCertificate CommandPutTemplate CommandGetTemplate CommandDecryptOTP CommandCreateOtpAEAD CommandRandomizeOTPAEAD CommandRewrapOTPAEAD CommandSignAttestationCertificate CommandPutOtpAEADKey CommandGenerateOTPAEADKey CommandSetLogIndex CommandWrapData CommandUnwrapData CommandSignEdDSA CommandBlinkDevice CommandChangeAuthenticationKey CommandPutSymmetricKey CommandGenerateSymmetrickey CommandDecryptAESECB CommandEncryptAESECB CommandDecryptAESCBC CommandEncryptAEDCBC )
const ErrRsaDecryptFailed = errMalformedCommand
ErrRsaDecryptFailed is the error from a failed RSA decryption command.
const ( // HeaderLength is the length of a command header; one byte of // command ID and a two byte length. HeaderLength = 1 + 2 )
Variables ¶
This section is empty.
Functions ¶
Types ¶
type AlgorithmID ¶
type AlgorithmID uint8
AlgorithmID is a cryptographic algorithm identified on a YubiHSM2.
const ( AlgorithmRSAPKCS1SHA1 AlgorithmID AlgorithmRSAPKCS1SHA256 AlgorithmRSAPKCS1SHA384 AlgorithmRSAPKCS1SHA512 AlgorithmRSAPSSSHA1 AlgorithmRSAPSSSHA256 AlgorithmRSAPSSSHA384 AlgorithmRSAPSSSHA512 AlgorithmRSA2048 AlgorithmRSA3072 AlgorithmRSA4096 AlgorithmECP256 AlgorithmECP384 AlgorithmECP521 AlgorithmECK256 AlgorithmECBP256 AlgorithmECBP384 AlgorithmECBP512 AlgorithmHMACSHA1 AlgorithmHMACSHA256 AlgorithmHMACSHA384 AlgorithmHMACSHA512 AlgorithmECDSASHA1 AlgorithmECECDH AlgorithmRSAOAEPSHA1 AlgorithmRSAOAEPSHA256 AlgorithmRSAOAEPSHA384 AlgorithmRSAOAEPSHA512 AlgorithmAES128CCMWRAP AlgorithmOpaqueData AlgorithmOpaqueX509Certificate AlgorithmMGF1SHA1 AlgorithmMGF1SHA256 AlgorithmMGF1SHA384 AlgorithmMGF1SHA512 AlgorithmSSHTemplate AlgorithmYubicoOTPAES128 AlgorithmYubicoAESAuthentication AlgorithmYubicoOTPAES192 AlgorithmYubicoOTPAES256 AlgorithmAES192CCMWRAP AlgorithmAES256CCMWRAP AlgorithmECDSASHA256 AlgorithmECDSASHA384 AlgorithmECDSASHA512 AlgorithmED25519 AlgorithmECP224 AlgorithmRSAPKCSv15Decrypt AlgorithmYubicoECP256Authentication AlgorithmAES128 AlgorithmAES192 AlgorithmAES256 AlgorithmAESECB AlgorithmAESCBC )
func (AlgorithmID) String ¶
func (i AlgorithmID) String() string
type AuthenticateSessionCommand ¶
type AuthenticateSessionCommand struct { SessionID byte HostCryptogram Cryptogram CMAC [8]byte }
func (*AuthenticateSessionCommand) ID ¶
func (c *AuthenticateSessionCommand) ID() CommandID
func (*AuthenticateSessionCommand) Serialize ¶
func (c *AuthenticateSessionCommand) Serialize(out []byte) []byte
type AuthenticateSessionResponse ¶
type AuthenticateSessionResponse = emptyResponse
type Challenge ¶
type Challenge [8]byte
Challenge is a fixed-width challenge exchanged during authentication and used to derive session keys.
type CloseSessionCommand ¶
type CloseSessionCommand struct{}
func (CloseSessionCommand) ID ¶
func (c CloseSessionCommand) ID() CommandID
func (CloseSessionCommand) Serialize ¶
func (c CloseSessionCommand) Serialize(out []byte) []byte
type CloseSessionResponse ¶
type CloseSessionResponse = emptyResponse
type CommandID ¶
type CommandID uint8
CommandID is the identified value for a (request, response) message pair.
func ParseHeader ¶
type CreateSessionCommand ¶
func (*CreateSessionCommand) ID ¶
func (*CreateSessionCommand) ID() CommandID
func (*CreateSessionCommand) Serialize ¶
func (c *CreateSessionCommand) Serialize(out []byte) []byte
type CreateSessionResponse ¶
type CreateSessionResponse struct { SessionID byte CardChallenge Challenge CardCryptogram Cryptogram }
func (*CreateSessionResponse) Parse ¶
func (r *CreateSessionResponse) Parse(b []byte) error
type Cryptogram ¶
type Cryptogram [8]byte
Cryptogram is a fixed-width challenge exchanged during authentication and used to derive session keys.
type DecryptOAEPCommand ¶
type DecryptOAEPCommand struct { KeyID ObjectID MGF1 crypto.Hash LabelHash crypto.Hash CipherText []byte Label []byte }
func (*DecryptOAEPCommand) ID ¶
func (d *DecryptOAEPCommand) ID() CommandID
func (*DecryptOAEPCommand) Serialize ¶
func (d *DecryptOAEPCommand) Serialize(out []byte) []byte
type DecryptPKCS1v15Command ¶
func (*DecryptPKCS1v15Command) ID ¶
func (d *DecryptPKCS1v15Command) ID() CommandID
func (*DecryptPKCS1v15Command) Serialize ¶
func (d *DecryptPKCS1v15Command) Serialize(out []byte) []byte
type DecryptResponse ¶
type DecryptResponse = sliceResponse
type DeviceInfoCommand ¶
type DeviceInfoCommand struct{}
func (DeviceInfoCommand) ID ¶
func (DeviceInfoCommand) ID() CommandID
func (DeviceInfoCommand) Serialize ¶
func (d DeviceInfoCommand) Serialize(out []byte) []byte
type DeviceInfoResponse ¶
type DeviceInfoResponse struct { Version string Serial uint32 LogStore uint8 LogLines uint8 Algorithms uint64 }
func (*DeviceInfoResponse) Parse ¶
func (r *DeviceInfoResponse) Parse(b []byte) error
type GetPublicKeyCommand ¶
type GetPublicKeyCommand struct {
KeyID ObjectID
}
func (*GetPublicKeyCommand) ID ¶
func (*GetPublicKeyCommand) ID() CommandID
func (*GetPublicKeyCommand) Serialize ¶
func (g *GetPublicKeyCommand) Serialize(out []byte) []byte
type GetPublicKeyResponse ¶
func (*GetPublicKeyResponse) Parse ¶
func (g *GetPublicKeyResponse) Parse(b []byte) error
type InvalidLengthError ¶
type InvalidLengthError struct{}
InvalidLengthError is the error returned when a received YubiHSM2 message has an invalid length.
func (InvalidLengthError) Error ¶
func (InvalidLengthError) Error() string
type ListObjectsCommand ¶
type ListObjectsCommand []ListObjectsFilter
func (ListObjectsCommand) ID ¶
func (l ListObjectsCommand) ID() CommandID
func (ListObjectsCommand) Serialize ¶
func (l ListObjectsCommand) Serialize(out []byte) []byte
type ListObjectsFilter ¶
func LabelFilter ¶
func LabelFilter(label string) ListObjectsFilter
func TypeFilter ¶
func TypeFilter(typeID TypeID) ListObjectsFilter
type ListObjectsResponse ¶
type ListObjectsResponse []listObjectsResponse
func (*ListObjectsResponse) Parse ¶
func (l *ListObjectsResponse) Parse(b []byte) error
type ObjectID ¶
type ObjectID uint16
ObjectID identifies a key or other object stored on a YubiHSM2.
type PublicKey ¶
PublicKey is the strongly-typed crypto.PublicKey.
type SignECDSACommand ¶
func (*SignECDSACommand) ID ¶
func (s *SignECDSACommand) ID() CommandID
func (*SignECDSACommand) Serialize ¶
func (s *SignECDSACommand) Serialize(out []byte) []byte
type SignEdDSACommand ¶
func (*SignEdDSACommand) ID ¶
func (s *SignEdDSACommand) ID() CommandID
func (*SignEdDSACommand) Serialize ¶
func (s *SignEdDSACommand) Serialize(out []byte) []byte
type SignPKCS1v15Command ¶
func (*SignPKCS1v15Command) ID ¶
func (s *SignPKCS1v15Command) ID() CommandID
func (*SignPKCS1v15Command) Serialize ¶
func (s *SignPKCS1v15Command) Serialize(out []byte) []byte
type SignPSSCommand ¶
func (*SignPSSCommand) ID ¶
func (s *SignPSSCommand) ID() CommandID
func (*SignPSSCommand) Serialize ¶
func (s *SignPSSCommand) Serialize(out []byte) []byte
type SignResponse ¶
type SignResponse = sliceResponse