hsm

package module

v0.0.0-...-b6677e2 Latest Latest Go to latest Published: Aug 30, 2021 License: Apache-2.0 Imports: 4 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/harwoeck/azoo

Links

Open Source Insights

README ¶

hsm

Package hsm is part of azoo.dev/utils/dvx, but has its own Go module. It provides a KeyPool implementation that derives keys from a PKCS#11 Hardware-Security-Module (HSM) using SHA256-HMAC and SHA512-HMAC.

Architecture

Picture of schematic architecture

Documentation ¶

Overview ¶

Package hsm provides a KeyPool implementation that derives keys from a PKCS#11 Hardware-Security-Module (HSM) using SHA256-HMAC and SHA512-HMAC.

Supported HSMs:

SoftHSM2 (https://github.com/opendnssec/SoftHSMv2) - Should only be used for testing!

Testing remaining:

YubiHSM2 (https://www.yubico.com/at/product/yubihsm-2/)
AWS CloudHSM (https://docs.aws.amazon.com/cloudhsm/latest/userguide/pkcs11-mechanisms.html)
Azure Dedicated HSM (https://docs.microsoft.com/en-us/azure/dedicated-hsm/)

Index ¶

type Config
type KeyPool
- func New(config *Config, log logger.Logger) (keyPool KeyPool, err error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Config ¶

type Config struct {
	// Module is the path to your PKCS#11 module.
	//   Example: "/usr/lib/softhsm/libsofthsm2.so"
	Module string
	// Label is the label of the token this HSM instance should use.
	//   Example: "dvx"
	Label string
	// UserPin is the pin of your user (not security officer!)
	UserPin string
	// RootKeyID is the ID of your root key
	RootKeyID string
	// RootKeyLabel is the label of your root key.
	RootKeyLabel string
}

Config provides all options for an HSM. Every field is required. Not providing valid configuration values results in unspecified behaviour. No checks are carried out!

type KeyPool ¶

type KeyPool interface {
	// KDF32 is a key derivation function that returns a 32-byte key for the
	// keyRing passed to it. Equal keyRings must always result in equal keys.
	KDF32(keyRing []byte) (key []byte, err error)
	// KDF64 is a key derivation function that returns a 64-byte key for the
	// keyRing passed to it. Equal keyRings must always result in equal keys.
	KDF64(keyRing []byte) (key []byte, err error)
	// Close closes the KeyPool and it's underlying instances.
	Close() error
}

KeyPool is an interface for a key derivation loader. It is copied from the parent project azoo.dev/utils/dvx

func New ¶

func New(config *Config, log logger.Logger) (keyPool KeyPool, err error)

New creates a new HSM instance and returns it as a KeyPool interface

Source Files ¶

View all Source files

hsm.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL