Cleanup types and add initial support for the options required for PKCS11.

This commit is contained in:
Mariano Cano 2020-01-14 18:42:14 -08:00
parent 9641ab33b8
commit 3f8de17a40
2 changed files with 24 additions and 24 deletions

View file

@ -25,18 +25,27 @@ const (
// DefaultKMS is a KMS implementation using software.
DefaultKMS Type = ""
// SoftKMS is a KMS implementation using software.
SoftKMS = "softkms"
SoftKMS Type = "softkms"
// CloudKMS is a KMS implementation using Google's Cloud KMS.
CloudKMS = "cloudkms"
CloudKMS Type = "cloudkms"
// AmazonKMS is a KMS implementation using Amazon AWS KMS.
AmazonKMS = "awskms"
AmazonKMS Type = "awskms"
// PKCS11 is a KMS implementation using the PKCS11 standard.
PKCS11 = "pkcs11"
PKCS11 Type = "pkcs11"
)
type Options struct {
// The type of the KMS to use.
Type string `json:"type"`
// Path to the credentials file used in CloudKMS.
CredentialsFile string `json:"credentialsFile"`
// Path to the module used with PKCS11 KMS.
Module string `json:"module"`
// Pin used to access the PKCS11 module.
Pin string `json:"pin"`
}
// Validate checks the fields in Options.

View file

@ -5,18 +5,6 @@ import (
"fmt"
)
type KeyType int
const (
// nolint:camelcase
RSA_2048 KeyType = iota
RSA_3072
RSA_4096
EC_P256
EC_P384
EC_P512
)
// ProtectionLevel specifies on some KMS how cryptographic operations are
// performed.
type ProtectionLevel int
@ -112,11 +100,9 @@ type GetPublicKeyResponse struct {
}
type CreateKeyRequest struct {
Parent string
Name string
Type KeyType
Bits int
SignatureAlgorithm SignatureAlgorithm
Bits int
// ProtectionLevel specifies how cryptographic operations are performed.
// Used by: cloudkms
@ -127,10 +113,15 @@ type CreateKeyResponse struct {
Name string
PublicKey crypto.PublicKey
PrivateKey crypto.PrivateKey
CreateSignerRequest CreateSignerRequest
}
type CreateSignerRequest struct {
Signer crypto.Signer
SigningKey string
SigningKeyPEM []byte
Password string
TokenLabel string
PublicKey string
PublicKeyPEM []byte
Password []byte
}