Cleanup types and add initial support for the options required for PKCS11.

2020-01-14 18:42:14 -08:00 · 2020-01-14 18:42:14 -08:00 · 3f8de17a40
commit 3f8de17a40
parent 9641ab33b8
2 changed files with 24 additions and 24 deletions
--- a/kms/apiv1/options.go
+++ b/kms/apiv1/options.go
@ -25,18 +25,27 @@ const (
 	// DefaultKMS is a KMS implementation using software.
 	DefaultKMS Type = ""
 	// SoftKMS is a KMS implementation using software.
-	SoftKMS = "softkms"
+	SoftKMS Type = "softkms"
 	// CloudKMS is a KMS implementation using Google's Cloud KMS.
-	CloudKMS = "cloudkms"
+	CloudKMS Type = "cloudkms"
 	// AmazonKMS is a KMS implementation using Amazon AWS KMS.
-	AmazonKMS = "awskms"
+	AmazonKMS Type = "awskms"
 	// PKCS11 is a KMS implementation using the PKCS11 standard.
-	PKCS11 = "pkcs11"
+	PKCS11 Type = "pkcs11"
 )

 type Options struct {
-	Type            string `json:"type"`
+	// The type of the KMS to use.
+	Type string `json:"type"`
+
+	// Path to the credentials file used in CloudKMS.
 	CredentialsFile string `json:"credentialsFile"`
+
+	// Path to the module used with PKCS11 KMS.
+	Module string `json:"module"`
+
+	// Pin used to access the PKCS11 module.
+	Pin string `json:"pin"`
 }

 // Validate checks the fields in Options.
--- a/kms/apiv1/requests.go
+++ b/kms/apiv1/requests.go
@ -5,18 +5,6 @@ import (
 	"fmt"
 )

-type KeyType int
-
-const (
-	// nolint:camelcase
-	RSA_2048 KeyType = iota
-	RSA_3072
-	RSA_4096
-	EC_P256
-	EC_P384
-	EC_P512
-)
-
 // ProtectionLevel specifies on some KMS how cryptographic operations are
 // performed.
 type ProtectionLevel int
@ -112,11 +100,9 @@ type GetPublicKeyResponse struct {
 }

 type CreateKeyRequest struct {
-	Parent             string
 	Name               string
-	Type               KeyType
-	Bits               int
 	SignatureAlgorithm SignatureAlgorithm
+	Bits               int

 	// ProtectionLevel specifies how cryptographic operations are performed.
 	// Used by: cloudkms
@ -124,13 +110,18 @@ type CreateKeyRequest struct {
 }

 type CreateKeyResponse struct {
-	Name       string
-	PublicKey  crypto.PublicKey
-	PrivateKey crypto.PrivateKey
+	Name                string
+	PublicKey           crypto.PublicKey
+	PrivateKey          crypto.PrivateKey
+	CreateSignerRequest CreateSignerRequest
 }

 type CreateSignerRequest struct {
+	Signer        crypto.Signer
 	SigningKey    string
 	SigningKeyPEM []byte
-	Password      string
+	TokenLabel    string
+	PublicKey     string
+	PublicKeyPEM  []byte
+	Password      []byte
 }