New signer implementation in Go
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Jan Dittberner f429d3da45 Refactor server handler
- rename protocols.Handler to ServerHandler
- rename ServerHandler methods to better express their purpose
- pass command and response as parameters
- simplify state machine and handle errors in serial/seriallink.go
- implement command read timeout
- remove currentCommand and currentResponse fields from MsgPackHandler
1 year ago
cmd Improve signer robustness 1 year ago
docs Rename intermediary CA to subordinate CA 2 years ago
internal Refactor server handler 1 year ago
pkg Refactor server handler 1 year ago
.gitattributes First DDD based signer implementation parts 3 years ago
.gitignore Implement command type handling 2 years ago
.golangci.yml Move internal code to internal packages 2 years ago
.goreleaser.yaml Add goreleaser configuration 2 years ago
LICENSE Configure and apply golangci-lint 2 years ago
Makefile Protocol improvements 2 years ago Implement serial link and protocol handling infrastructure 2 years ago
go.mod Protocol improvements 2 years ago
go.sum Protocol improvements 2 years ago

Running with softhsm2

Setup HSM keys and certificates

sudo apt install softhsm2
umask 077
mkdir -p ~/.config/softhsm2/tokens
echo "directories.tokendir = $HOME/.config/softhsm2/tokens/" > ~/.config/softhsm2/softhsm2.conf
cp docs/config.sample.yaml config.yaml
# modify config.yaml to fit your needs
softhsm2-util --init-token --free --label localhsm --so-pin 47110815 --pin 123456
# initialize the keys
export PKCS11_PIN_LOCALHSM=123456
go run ./cmd/signer -setup

Run the signer

export PKCS11_PIN_LOCALHSM=123456
go run ./cmd/signer

Run the client simulator with socat

You may run the client simulator that sends commands via stdout and reads responses on stdin via socat to simulate traffic on an emulated serial device:

sudo apt install socat
go build ./cmd/clientsim
socat -d -d -v pty,rawer,link=$(pwd)/testPty EXEC:./clientsim,pty,rawer

You will need to configure $(pwd)/testPty as serial/device in your config.yaml to let the signer command find the emulated serial device.