diff --git a/go.sum b/go.sum index d5aac68d..09b050b4 100644 --- a/go.sum +++ b/go.sum @@ -307,6 +307,7 @@ golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de h1:ikNHVSjEfnvz6sxdSPCaPt golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897 h1:pLI5jrR7OSLijeIDcmRxNmw2api+jEfxLoykJVice/E= golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20201117144127-c1f2f97bffc9 h1:phUcVbl53swtrUN8kQEXFhUxPlIlWyBfKmidCu7P95o= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= diff --git a/kms/sshagentkms/sshagentkms.go b/kms/sshagentkms/sshagentkms.go index fd37051b..b3627a08 100644 --- a/kms/sshagentkms/sshagentkms.go +++ b/kms/sshagentkms/sshagentkms.go @@ -8,7 +8,6 @@ import ( "crypto/rsa" "crypto/x509" "io" - "log" "net" "os" "strings" @@ -32,7 +31,7 @@ func New(ctx context.Context, opts apiv1.Options) (*SSHAgentKMS, error) { socket := os.Getenv("SSH_AUTH_SOCK") conn, err := net.Dial("unix", socket) if err != nil { - log.Fatalf("Failed to open SSH_AUTH_SOCK: %v", err) + return nil, errors.Wrap(err, "failed to open SSH_AUTH_SOCK") } agentClient := agent.NewClient(conn) @@ -42,7 +41,8 @@ func New(ctx context.Context, opts apiv1.Options) (*SSHAgentKMS, error) { }, nil } -// For testing +// NewFromAgent initializes an SSHAgentKMS from a given agent, this method is +// used for testing purposes. func NewFromAgent(ctx context.Context, opts apiv1.Options, agentClient agent.Agent) (*SSHAgentKMS, error) { return &SSHAgentKMS{ agentClient: agentClient, @@ -55,20 +55,23 @@ func init() { }) } +// Close closes the agent. This is a noop for the SSHAgentKMS. func (k *SSHAgentKMS) Close() error { - // TODO: Is there any cleanup in Agent we can do? return nil } -// Utility class to wrap a ssh.Signer as a crypto.Signer +// WrappedSSHSigner is a utility type to wrap a ssh.Signer as a crypto.Signer type WrappedSSHSigner struct { Sshsigner ssh.Signer } +// Public returns the agent public key. The type of this public key is +// *agent.Key. func (s *WrappedSSHSigner) Public() crypto.PublicKey { return s.Sshsigner.PublicKey() } +// Sign signs the given digest using the ssh agent and returns the signature. func (s *WrappedSSHSigner) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error) { sig, err := s.Sshsigner.Sign(rand, digest) if err != nil { @@ -77,6 +80,8 @@ func (s *WrappedSSHSigner) Sign(rand io.Reader, digest []byte, opts crypto.Signe return sig.Blob, nil } +// NewWrappedSignerFromSSHSigner returns a new crypto signer wrapping the given +// one. func NewWrappedSignerFromSSHSigner(signer ssh.Signer) crypto.Signer { return &WrappedSSHSigner{signer} }