From 3f8de17a407e791533d7786266326436c4e8fef5 Mon Sep 17 00:00:00 2001
From: Mariano Cano <mariano@smallstep.com>
Date: Tue, 14 Jan 2020 18:42:14 -0800
Subject: [PATCH] Cleanup types and add initial support for the options
 required for PKCS11.

---
 kms/apiv1/options.go  | 19 ++++++++++++++-----
 kms/apiv1/requests.go | 29 ++++++++++-------------------
 2 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/kms/apiv1/options.go b/kms/apiv1/options.go
index a6672087..a46db037 100644
--- a/kms/apiv1/options.go
+++ b/kms/apiv1/options.go
@@ -25,18 +25,27 @@ const (
 	// DefaultKMS is a KMS implementation using software.
 	DefaultKMS Type = ""
 	// SoftKMS is a KMS implementation using software.
-	SoftKMS = "softkms"
+	SoftKMS Type = "softkms"
 	// CloudKMS is a KMS implementation using Google's Cloud KMS.
-	CloudKMS = "cloudkms"
+	CloudKMS Type = "cloudkms"
 	// AmazonKMS is a KMS implementation using Amazon AWS KMS.
-	AmazonKMS = "awskms"
+	AmazonKMS Type = "awskms"
 	// PKCS11 is a KMS implementation using the PKCS11 standard.
-	PKCS11 = "pkcs11"
+	PKCS11 Type = "pkcs11"
 )
 
 type Options struct {
-	Type            string `json:"type"`
+	// The type of the KMS to use.
+	Type string `json:"type"`
+
+	// Path to the credentials file used in CloudKMS.
 	CredentialsFile string `json:"credentialsFile"`
+
+	// Path to the module used with PKCS11 KMS.
+	Module string `json:"module"`
+
+	// Pin used to access the PKCS11 module.
+	Pin string `json:"pin"`
 }
 
 // Validate checks the fields in Options.
diff --git a/kms/apiv1/requests.go b/kms/apiv1/requests.go
index d079f6c1..ddcbb108 100644
--- a/kms/apiv1/requests.go
+++ b/kms/apiv1/requests.go
@@ -5,18 +5,6 @@ import (
 	"fmt"
 )
 
-type KeyType int
-
-const (
-	// nolint:camelcase
-	RSA_2048 KeyType = iota
-	RSA_3072
-	RSA_4096
-	EC_P256
-	EC_P384
-	EC_P512
-)
-
 // ProtectionLevel specifies on some KMS how cryptographic operations are
 // performed.
 type ProtectionLevel int
@@ -112,11 +100,9 @@ type GetPublicKeyResponse struct {
 }
 
 type CreateKeyRequest struct {
-	Parent             string
 	Name               string
-	Type               KeyType
-	Bits               int
 	SignatureAlgorithm SignatureAlgorithm
+	Bits               int
 
 	// ProtectionLevel specifies how cryptographic operations are performed.
 	// Used by: cloudkms
@@ -124,13 +110,18 @@ type CreateKeyRequest struct {
 }
 
 type CreateKeyResponse struct {
-	Name       string
-	PublicKey  crypto.PublicKey
-	PrivateKey crypto.PrivateKey
+	Name                string
+	PublicKey           crypto.PublicKey
+	PrivateKey          crypto.PrivateKey
+	CreateSignerRequest CreateSignerRequest
 }
 
 type CreateSignerRequest struct {
+	Signer        crypto.Signer
 	SigningKey    string
 	SigningKeyPEM []byte
-	Password      string
+	TokenLabel    string
+	PublicKey     string
+	PublicKeyPEM  []byte
+	Password      []byte
 }