Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PutAuthkey #12

Merged
merged 1 commit into from
Mar 22, 2021
Merged

PutAuthkey #12

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 36 additions & 0 deletions commands/constructors.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -290,3 +290,39 @@ func CreatePutWrapkeyCommand(objID uint16, label []byte, domains uint16, capabil

return command, nil
}

func CreatePutAuthkeyCommand(objID uint16, label []byte, domains uint16, capabilities, delegated uint64, encKey, macKey []byte) (*CommandMessage, error) {
if len(label) > LabelLength {
return nil, errors.New("label is too long")
}
if len(label) < LabelLength {
label = append(label, bytes.Repeat([]byte{0x00}, LabelLength-len(label))...)
}
algorithm := AlgorithmYubicoAESAuthentication
// TODO: support P256 Authentication when it is released
// https://github.com/Yubico/yubihsm-shell/blob/1c8e254603e72f3f39cf1c3910996dbfcdba2b12/lib/yubihsm.c#L3110
if len(encKey) != 16 {
return nil, errors.New("invalid encryption key length")
}
if len(macKey) != 16 {
return nil, errors.New("invalid mac key length")
}

command := &CommandMessage{
CommandType: CommandTypePutAuthKey,
}

payload := bytes.NewBuffer([]byte{})
binary.Write(payload, binary.BigEndian, objID)
payload.Write(label)
binary.Write(payload, binary.BigEndian, domains)
binary.Write(payload, binary.BigEndian, capabilities)
binary.Write(payload, binary.BigEndian, algorithm)
binary.Write(payload, binary.BigEndian, delegated)
payload.Write(encKey)
payload.Write(macKey)

command.Data = payload.Bytes()

return command, nil
}
19 changes: 19 additions & 0 deletions commands/response.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,10 @@ type (
PutWrapkeyResponse struct {
ObjectID uint16
}

PutAuthkeyResponse struct {
ObjectID uint16
}
)

// ParseResponse parses the binary response from the card to the relevant Response type.
Expand Down Expand Up @@ -145,6 +149,8 @@ func ParseResponse(data []byte) (Response, error) {
return parseGetPseudoRandomResponse(payload), nil
case CommandTypePutWrapKey:
return parsePutWrapkeyResponse(payload)
case CommandTypePutAuthKey:
return parsePutAuthkeyResponse(payload)
case ErrorResponseCode:
return nil, parseErrorResponse(payload)
default:
Expand Down Expand Up @@ -307,6 +313,19 @@ func parsePutWrapkeyResponse(payload []byte) (Response, error) {
return &PutWrapkeyResponse{ObjectID: objectID}, nil
}

func parsePutAuthkeyResponse(payload []byte) (Response, error) {
if len(payload) != 2 {
return nil, errors.New("invalid response payload length")
}

var objectID uint16
err := binary.Read(bytes.NewReader(payload), binary.BigEndian, &objectID)
if err != nil {
return nil, err
}
return &PutAuthkeyResponse{ObjectID: objectID}, nil
}

// Error formats a card error message into a human readable format
func (e *Error) Error() string {
message := ""
Expand Down