Documentation ¶
Overview ¶
Package tkeyclient provides a connection to a Tillitis TKey security stick. To create a new connection:
tk := tkeyclient.New() err := tk.Connect(port)
Then you can start using it by asking it to identify itself:
nameVer, err := tk.GetNameVersion()
Or loading and starting an app on the stick:
err = tk.LoadAppFromFile(*fileName)
After this, you will have to switch to a new protocol specific to the app, see for instance the Go package https://github.com/tillitis/tkeysign for one such app specific protocol to speak to the signer app:
https://github.com/tillitis/tkey-device-signer
When writing your app specific protocol you might still want to use the framing protocol provided here. See NewFrameBuf() and ReadFrame().
Index ¶
- Constants
- func DetectSerialPort(verbose bool) (string, error)
- func Dump(s string, d []byte)
- func NewFrameBuf(cmd Cmd, id int) ([]byte, error)
- func SilenceLogging()
- func WithSpeed(speed int) func(*TillitisKey)
- type Cmd
- type CmdLen
- type Endpoint
- type FramingHdr
- type NameVersion
- type SerialPort
- type TillitisKey
- func (tk TillitisKey) Close() error
- func (tk *TillitisKey) Connect(port string, options ...func(*TillitisKey)) error
- func (tk TillitisKey) GetNameVersion() (*NameVersion, error)
- func (tk TillitisKey) GetUDI() (*UDI, error)
- func (tk TillitisKey) LoadApp(bin []byte, secretPhrase []byte) error
- func (tk TillitisKey) LoadAppFromFile(fileName string, secretPhrase []byte) error
- func (tk TillitisKey) ReadFrame(expectedResp Cmd, expectedID int) ([]byte, FramingHdr, error)
- func (tk TillitisKey) SetReadTimeout(seconds int) errordeprecated
- func (tk TillitisKey) SetReadTimeoutNoErr(seconds int)
- func (tk TillitisKey) Write(d []byte) error
- type UDI
Constants ¶
const ( // Custom errors ErrNoDevice = constError("no TKey connected") ErrManyDevices = constError("more than one TKey connected") )
const ( // Speed in bps for talking to the TKey SerialSpeed = 62500 // Codes used in app proto responses StatusOK = 0x00 StatusBad = 0x01 // Size of RAM in the TKey. See TK1_APP_MAX_SIZE in tk1_mem.h AppMaxSize = 0x20000 )
const ErrResponseStatusNotOK = constError("response status not OK")
Variables ¶
This section is empty.
Functions ¶
func DetectSerialPort ¶
DetectSerialPort tries to detect an inserted TKey and returns the device path if successful.
func Dump ¶
Dump() hexdumps data in d with an explaining string s first. It expects d to contain the whole frame as sent on the wire, with the framing protocol header in the first byte.
func NewFrameBuf ¶
NewFrameBuf allocates a buffer with the appropriate size for the command in cmd, including the framing protocol header byte. The cmd parameter is used to get the endpoint and command length, which together with id parameter are encoded as the header byte. The header byte is placed in the first byte in the returned buffer. The command code from cmd is placed in the buffer's second byte.
Header byte (used for both command and response frame):
Bit [7] (1 bit). Reserved - possible protocol version.
Bits [6..5] (2 bits). Frame ID tag.
Bits [4..3] (2 bits). Endpoint number:
00 == reserved 01 == HW in application_fpga 10 == FW in application_fpga 11 == SW (application) in application_fpga
Bit [2] (1 bit). Usage:
Command: Unused. MUST be zero. Response: 0 == OK, 1 == Not OK (NOK)
Bits [1..0] (2 bits). Command/Response data length:
00 == 1 byte 01 == 4 bytes 10 == 32 bytes 11 == 128 bytes
Note that the number of bytes indicated by the command data length field does **not** include the header byte. This means that a complete command frame, with a header indicating a command length of 128 bytes, is 128+1 bytes in length.
func SilenceLogging ¶
func SilenceLogging()
func WithSpeed ¶
func WithSpeed(speed int) func(*TillitisKey)
Types ¶
type FramingHdr ¶
type NameVersion ¶
func (*NameVersion) Unpack ¶
func (n *NameVersion) Unpack(raw []byte)
type SerialPort ¶
func GetSerialPorts ¶
func GetSerialPorts() ([]SerialPort, error)
GetSerialPorts enumerates any existing TKey serial ports identified on the system.
type TillitisKey ¶
type TillitisKey struct {
// contains filtered or unexported fields
}
TillitisKey is a serial connection to a TKey and the commands that the firmware supports.
func New ¶
func New() *TillitisKey
New allocates a new TillitisKey. Use the Connect() method to actually open a connection.
func (*TillitisKey) Connect ¶
func (tk *TillitisKey) Connect(port string, options ...func(*TillitisKey)) error
Connect connects to a TKey serial port using the provided port device and options.
func (TillitisKey) GetNameVersion ¶
func (tk TillitisKey) GetNameVersion() (*NameVersion, error)
GetNameVersion gets the name and version from the TKey firmware
func (TillitisKey) GetUDI ¶
func (tk TillitisKey) GetUDI() (*UDI, error)
GetUDI gets the UDI (Unique Device ID) from the TKey firmware
func (TillitisKey) LoadApp ¶
func (tk TillitisKey) LoadApp(bin []byte, secretPhrase []byte) error
LoadApp loads the USS (User Supplied Secret), and contents of bin into the TKey, running the app after verifying that the digest calculated on the host is the same as the digest from the TKey.
The USS is a 32 bytes digest hashed from secretPhrase (which is provided by the user). If secretPhrase is an empty slice, 32 bytes of zeroes will be loaded as USS.
Loading USS is always done together with loading and running an app, because the host program can't otherwise be sure that the expected USS is used.
func (TillitisKey) LoadAppFromFile ¶
func (tk TillitisKey) LoadAppFromFile(fileName string, secretPhrase []byte) error
LoadAppFromFile loads and runs a raw binary file from fileName into the TKey.
func (TillitisKey) ReadFrame ¶
func (tk TillitisKey) ReadFrame(expectedResp Cmd, expectedID int) ([]byte, FramingHdr, error)
ReadFrame reads a response in the framing protocol. It expects the expected response endpoint and length in the expectedResp, and the expected frame ID in expectedID.
Returns the whole frame read, the parsed header, and any error. Returns ErrResponseStatusNotOK if the frame header indicated error. The payload may have more information about the error and is returned even when returning ErrResponseStatusNotOK.
func (TillitisKey) SetReadTimeout
deprecated
func (tk TillitisKey) SetReadTimeout(seconds int) error
SetReadTimeout sets the timeout of the underlying serial connection to the TKey. Pass 0 seconds to not have any timeout. Note that the timeout implemented in the serial lib only works for simple Read(). E.g. io.ReadFull() will Read() until the buffer is full.
Deprecated: use SetReadTimeoutNoErr, which can more easily be used with defer.
func (TillitisKey) SetReadTimeoutNoErr ¶ added in v1.1.0
func (tk TillitisKey) SetReadTimeoutNoErr(seconds int)
SetReadTimeoutNoErr sets the timeout, in seconds, of the underlying serial connection to the TKey. Pass 0 seconds to not have any timeout.
Note that the timeout only works for simple Read(). E.g. io.ReadFull() will still read until the buffer is full.
func (TillitisKey) Write ¶
func (tk TillitisKey) Write(d []byte) error