Permalink
Browse files

New unlock code

  • Loading branch information...
Ratler committed Oct 3, 2011
1 parent c254055 commit 11d96077f7a035284a3c944f6938692ca86ffed0
@@ -22,10 +22,10 @@
import org.slf4j.LoggerFactory;
import org.unitedid.yhsm.internal.*;
-import static org.unitedid.yhsm.utility.Utils.*;
-
import java.util.Map;
+import static org.unitedid.yhsm.utility.Utils.*;
+
/** <code>YubiHSM</code> the main class to use for YubiHSM commands */
public class YubiHSM {
/** Logger */
@@ -80,8 +80,8 @@ public String infoToString() throws YubiHSMErrorException {
Map<String, String> info = SystemInfoCmd.execute(deviceHandler);
return String.format("Version %s.%s.%s Protocol=%s SysId: %s", info.get("major"), info.get("minor"),
- info.get("build"), info.get("protocol"),
- info.get("sysid"));
+ info.get("build"), info.get("protocol"),
+ info.get("sysid"));
}
/**
@@ -374,6 +374,18 @@ public boolean compareAES_ECB(int keyHandle, String cipherText, String plaintext
return AESECBCmd.compare(deviceHandler, keyHandle, cipherText, plaintext);
}
+ public boolean unlock(String password) throws YubiHSMErrorException, YubiHSMCommandFailedException, YubiHSMInputException {
+ if (info().get("major").equals("1")) {
+ return keyStoreDecrypt(password);
+ } else {
+ return keyStorageUnlock(password);
+ }
+ }
+
+ public boolean keyStoreDecrypt(String key) throws YubiHSMCommandFailedException, YubiHSMErrorException, YubiHSMInputException {
+ return KeyStoreDecryptCmd.execute(deviceHandler, key);
+ }
+
/**
* Unlock the YubiHSM key storage using the HSM password.
*
@@ -72,6 +72,7 @@ private Defines() {}
final static public byte YSM_RANDOM_RESEED = 0x25;
final static public byte YSM_SYSTEM_INFO_QUERY = 0x26;
final static public byte YSM_KEY_STORAGE_UNLOCK = 0x27;
+ final static public byte YSM_KEY_STORE_DECRYPT = 0x29;
final static public byte YSM_MONITOR_EXIT = 0x7f;
/**
@@ -102,6 +103,7 @@ private Defines() {}
put(0x25, "YSM_RANDOM_RESEED");
put(0x26, "YSM_SYSTEM_INFO_QUERY");
put(0x27, "YSM_KEY_STORAGE_UNLOCK");
+ put(0x29, "YSM_KEY_STORE_DECRYPT");
}});
/**
@@ -0,0 +1,44 @@
+/*
+ * Copyright (c) 2011 United ID. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * @author Stefan Wold <stefan.wold@unitedid.org>
+ */
+
+package org.unitedid.yhsm.internal;
+
+import static org.unitedid.yhsm.internal.Defines.*;
+import static org.unitedid.yhsm.utility.Utils.*;
+
+public class KeyStoreDecryptCmd {
+
+ /** Constructur */
+ private KeyStoreDecryptCmd() {}
+
+ public static boolean execute(DeviceHandler device, String key) throws YubiHSMInputException, YubiHSMErrorException, YubiHSMCommandFailedException {
+ byte[] keyBA = hexToByteArray(key);
+ keyBA = validateByteArray("key", keyBA, YSM_MAX_KEY_SIZE, 0, YSM_MAX_KEY_SIZE);
+ return parseResult(CommandHandler.execute(device, YSM_KEY_STORE_DECRYPT, keyBA, true));
+ }
+
+ private static boolean parseResult(byte[] result) throws YubiHSMCommandFailedException {
+ if (result[0] == YSM_STATUS_OK) {
+ return true;
+ } else if (result[0] == YSM_MISMATCH) {
+ return false;
+ } else {
+ throw new YubiHSMCommandFailedException("Command " + getCommandString(YSM_KEY_STORE_DECRYPT) + " failed: " + getCommandStatus(result[0]));
+ }
+ }
+}
@@ -38,8 +38,16 @@ public void tearDown() throws Exception {
@Test
public void testConfigureHSM() throws Exception {
+ String cmd = null;
+ if (hsm.info().get("major").equals("1")) {
+ //cmd = "hsm ffffffff\r\r\r2f6af1e667456bb94528e7987344515b00000000000000000000000000000000\ryes";
+ cmd = "hsm ffffffff\r\r\r2f6af1e667456bb94528e7987344515b\ryes";
+ } else {
+ cmd = "hsm ffffffff\r\r2f6af1e667456bb94528e7987344515b\ryes";
+ }
+
hsm.exitMonitorDebugMode();
- System.out.println(runCommand("hsm ffffffff\r\r2f6af1e667456bb94528e7987344515b\ryes", true));
+ System.out.println(runCommand(cmd, true));
System.out.println(runCommand("sysinfo", true));
hsm.drainData();
addKeys();
@@ -45,11 +45,11 @@ public void tearDown() throws Exception {
@Test
public void failedUnlockHsm() throws YubiHSMCommandFailedException, YubiHSMErrorException, YubiHSMInputException {
- assertFalse(hsm.keyStorageUnlock("1111"));
+ assertFalse(hsm.unlock("1111"));
}
@Test
public void unlockHsm() throws Exception {
- assertTrue(hsm.keyStorageUnlock("2f6af1e667456bb94528e7987344515b"));
+ assertTrue(hsm.unlock("2f6af1e667456bb94528e7987344515b"));
}
}

0 comments on commit 11d9607

Please sign in to comment.