Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Compatibility fixes and a standalone mockhsm example #529

Open
wants to merge 5 commits into
base: main
Choose a base branch
from

Conversation

nholstein
Copy link

@nholstein nholstein commented Mar 10, 2024

This branch contains a small series of compatibility fixes needed to create a standalone mockhsm example application. I used this standalone application to test a Go based library I've developed.

There's four types of fixes:

  • warnings from a newer clippy version (1.78)
  • correct the key=value\n in the HTTP /status endpoint
  • RSASSA-PSS signature support in mockhsm
  • allow device-info outside an authenticated session

Additionally, I tested this using a new examples/mockhsm.rs which exports the mockhsm via HTTP. I thought it might be useful for others, but this commit could easily be reverted if not desired.

Most warnings fell into two categories:

 * Duplicated imports, either implicit from the prelude or specified
   multiple times.

 * Type parameter bounds specified in multiple places:

    warning: bound is defined in more than one place
       --> src/serialization/ser.rs:198:26
	|
    198 |     fn serialize_element<T: ?Sized>(&mut self, value: &T) -> Result<(), Error>
	|                          ^
    199 |     where
    200 |         T: serde::Serialize,
	|         ^
Each line is "key=value\n", including the final line:

    $ curl http://localhost:12345/connector/status
    status=OK
    serial=*
    version=3.0.2
    pid=54209
    address=localhost
    port=12345
This can be tested with the yubihsm-shell command:

    $ yubihsm-shell -a get-device-info
    Using default connector URL: http://127.0.0.1:12345
    Session keepalive set up to run every 15 seconds
    Version number:         2.2.0
    Serial number:          12345678
    Log used:               26/62
    Supported algorithms:   rsa-pkcs1-sha1, rsa-pkcs1-sha256, rsa-pkcs1-sha384,
			    rsa-pkcs1-sha512, rsa-pss-sha1, rsa-pss-sha256,
			    rsa-pss-sha384, rsa-pss-sha512, rsa2048,
			    rsa3072, rsa4096, ecp256,
			    ecp384, ecp521, eck256,
			    ecbp256, ecbp384, ecbp512,
			    hmac-sha1, hmac-sha256, hmac-sha384,
			    hmac-sha512, ecdsa-sha1, ecdh,
			    rsa-oaep-sha1, rsa-oaep-sha256, rsa-oaep-sha384,
			    rsa-oaep-sha512, aes128-ccm-wrap, opaque-data,
			    opaque-x509-certificate, mgf1-sha1, mgf1-sha256,
			    mgf1-sha384, mgf1-sha512, template-ssh,
			    aes128-yubico-otp, aes128-yubico-authentication, aes192-yubico-otp,
			    aes256-yubico-otp, aes192-ccm-wrap, aes256-ccm-wrap,
			    ecdsa-sha256, ecdsa-sha384, ecdsa-sha512,
			    ed25519, ecp224, rsa-pkcs1-decrypt,
This spins up a default MockHsm instance with the HTTP connector to
allow testing against external programs.
@baloo
Copy link
Contributor

baloo commented May 10, 2024

the rsa implementation partially reimplements #493

@baloo
Copy link
Contributor

baloo commented Jun 27, 2024

I think this can be rebased and some commits should now conflict (I'm surprised github doesn't report conflicts).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants