2020-01-10 02:41:13 +00:00
|
|
|
package apiv1
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto"
|
|
|
|
"fmt"
|
|
|
|
)
|
|
|
|
|
|
|
|
// ProtectionLevel specifies on some KMS how cryptographic operations are
|
|
|
|
// performed.
|
|
|
|
type ProtectionLevel int
|
|
|
|
|
|
|
|
const (
|
|
|
|
// Protection level not specified.
|
|
|
|
UnspecifiedProtectionLevel ProtectionLevel = iota
|
|
|
|
// Crypto operations are performed in software.
|
|
|
|
Software
|
|
|
|
// Crypto operations are performed in a Hardware Security Module.
|
|
|
|
HSM
|
|
|
|
)
|
|
|
|
|
|
|
|
// String returns a string representation of p.
|
|
|
|
func (p ProtectionLevel) String() string {
|
|
|
|
switch p {
|
|
|
|
case UnspecifiedProtectionLevel:
|
|
|
|
return "unspecified"
|
|
|
|
case Software:
|
|
|
|
return "software"
|
|
|
|
case HSM:
|
|
|
|
return "hsm"
|
|
|
|
default:
|
|
|
|
return fmt.Sprintf("unknown(%d)", p)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// SignatureAlgorithm used for cryptographic signing.
|
|
|
|
type SignatureAlgorithm int
|
|
|
|
|
|
|
|
const (
|
|
|
|
// Not specified.
|
|
|
|
UnspecifiedSignAlgorithm SignatureAlgorithm = iota
|
|
|
|
// RSASSA-PKCS1-v1_5 key and a SHA256 digest.
|
|
|
|
SHA256WithRSA
|
|
|
|
// RSASSA-PKCS1-v1_5 key and a SHA384 digest.
|
|
|
|
SHA384WithRSA
|
|
|
|
// RSASSA-PKCS1-v1_5 key and a SHA512 digest.
|
|
|
|
SHA512WithRSA
|
|
|
|
// RSASSA-PSS key with a SHA256 digest.
|
|
|
|
SHA256WithRSAPSS
|
|
|
|
// RSASSA-PSS key with a SHA384 digest.
|
|
|
|
SHA384WithRSAPSS
|
|
|
|
// RSASSA-PSS key with a SHA512 digest.
|
|
|
|
SHA512WithRSAPSS
|
|
|
|
// ECDSA on the NIST P-256 curve with a SHA256 digest.
|
|
|
|
ECDSAWithSHA256
|
|
|
|
// ECDSA on the NIST P-384 curve with a SHA384 digest.
|
|
|
|
ECDSAWithSHA384
|
|
|
|
// ECDSA on the NIST P-521 curve with a SHA512 digest.
|
|
|
|
ECDSAWithSHA512
|
|
|
|
// EdDSA on Curve25519 with a SHA512 digest.
|
|
|
|
PureEd25519
|
|
|
|
)
|
|
|
|
|
|
|
|
// String returns a string representation of s.
|
|
|
|
func (s SignatureAlgorithm) String() string {
|
|
|
|
switch s {
|
|
|
|
case UnspecifiedSignAlgorithm:
|
|
|
|
return "unspecified"
|
|
|
|
case SHA256WithRSA:
|
|
|
|
return "SHA256-RSA"
|
|
|
|
case SHA384WithRSA:
|
|
|
|
return "SHA384-RSA"
|
|
|
|
case SHA512WithRSA:
|
|
|
|
return "SHA512-RSA"
|
|
|
|
case SHA256WithRSAPSS:
|
|
|
|
return "SHA256-RSAPSS"
|
|
|
|
case SHA384WithRSAPSS:
|
|
|
|
return "SHA384-RSAPSS"
|
|
|
|
case SHA512WithRSAPSS:
|
|
|
|
return "SHA512-RSAPSS"
|
|
|
|
case ECDSAWithSHA256:
|
|
|
|
return "ECDSA-SHA256"
|
|
|
|
case ECDSAWithSHA384:
|
|
|
|
return "ECDSA-SHA384"
|
|
|
|
case ECDSAWithSHA512:
|
|
|
|
return "ECDSA-SHA512"
|
|
|
|
case PureEd25519:
|
|
|
|
return "Ed25519"
|
|
|
|
default:
|
|
|
|
return fmt.Sprintf("unknown(%d)", s)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
type GetPublicKeyRequest struct {
|
|
|
|
Name string
|
|
|
|
}
|
|
|
|
|
|
|
|
type CreateKeyRequest struct {
|
|
|
|
Name string
|
|
|
|
SignatureAlgorithm SignatureAlgorithm
|
2020-01-15 02:42:14 +00:00
|
|
|
Bits int
|
2020-01-10 02:41:13 +00:00
|
|
|
|
|
|
|
// ProtectionLevel specifies how cryptographic operations are performed.
|
|
|
|
// Used by: cloudkms
|
|
|
|
ProtectionLevel ProtectionLevel
|
|
|
|
}
|
|
|
|
|
|
|
|
type CreateKeyResponse struct {
|
2020-01-15 02:42:14 +00:00
|
|
|
Name string
|
|
|
|
PublicKey crypto.PublicKey
|
|
|
|
PrivateKey crypto.PrivateKey
|
|
|
|
CreateSignerRequest CreateSignerRequest
|
2020-01-10 02:41:13 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
type CreateSignerRequest struct {
|
2020-01-15 02:42:14 +00:00
|
|
|
Signer crypto.Signer
|
2020-01-10 02:41:13 +00:00
|
|
|
SigningKey string
|
|
|
|
SigningKeyPEM []byte
|
2020-01-15 02:42:14 +00:00
|
|
|
TokenLabel string
|
|
|
|
PublicKey string
|
|
|
|
PublicKeyPEM []byte
|
|
|
|
Password []byte
|
2020-01-10 02:41:13 +00:00
|
|
|
}
|