New signer implementation in Go
Jan Dittberner
3107ad8abb
This commit adds basic serial link and protocol support. None of the commands from the docs/design.md document is implemented yet. The following new packages have been added: - seriallink containing the serial link handler including COBS decoding and encoding - protocol containing the protocol handler including msgpack unmarshalling and marshaling - health containing a rudimentary health check implementation - messages containing command and response types and generated msgpack marshaling code A client simulation command has been added in cmd/clientsim. README.md got instructions how to run the client simulator. The docs/config.sample.yaml contains a new section for the serial connection parameters. |
||
---|---|---|
cmd | ||
docs | ||
pkg | ||
.gitattributes | ||
.gitignore | ||
.golangci.yml | ||
.goreleaser.yaml | ||
go.mod | ||
go.sum | ||
LICENSE | ||
README.md |
Running with softhsm2
Setup HSM keys and certificates
sudo apt install softhsm2
umask 077
mkdir -p ~/.config/softhsm2/tokens
echo "directories.tokendir = $HOME/.config/softhsm2/tokens/" > ~/.config/softhsm2/softhsm2.conf
cp docs/config.sample.yaml config.yaml
# modify config.yaml to fit your needs
softhsm2-util --init-token --free --label localhsm --so-pin 47110815 --pin 123456
# initialize the keys
export PKCS11_PIN_LOCALHSM=123456
go run ./cmd/signer -setup
Run the signer
export PKCS11_PIN_LOCALHSM=123456
go run ./cmd/signer
Run the client simulator with socat
You may run the client simulator that sends commands via stdout
and reads responses on stdin
via socat
to
simulate traffic on an emulated serial device:
sudo apt install socat
go build ./cmd/clientsim
socat -d -d -v pty,rawer,link=$(pwd)/testPty EXEC:./clientsim,pty,rawer
You will need to configure $(pwd)/testPty
as serial
/device
in your config.yaml
to let the signer command find
the emulated serial device.