Return crypto.PublicKey on kms.GetPublicKey.

kms/apiv1/requests.go

@@ -94,11 +94,6 @@ type GetPublicKeyRequest struct {
 	Name string
 }
 
-type GetPublicKeyResponse struct {
-	Name      string
-	PublicKey crypto.PublicKey
-}
-
 type CreateKeyRequest struct {
 	Name               string
 	SignatureAlgorithm SignatureAlgorithm

kms/cloudkms/cloudkms.go

@@ -223,7 +223,7 @@ func (k *CloudKMS) createKeyRingIfNeeded(name string) error {
 // GetPublicKey gets from Google's Cloud KMS a public key by name. Key names
 // follow the pattern:
 //   projects/([^/]+)/locations/([a-zA-Z0-9_-]{1,63})/keyRings/([a-zA-Z0-9_-]{1,63})/cryptoKeys/([a-zA-Z0-9_-]{1,63})/cryptoKeyVersions/([a-zA-Z0-9_-]{1,63})
-func (k *CloudKMS) GetPublicKey(req *apiv1.GetPublicKeyRequest) (*apiv1.GetPublicKeyResponse, error) {
+func (k *CloudKMS) GetPublicKey(req *apiv1.GetPublicKeyRequest) (crypto.PublicKey, error) {
 	ctx, cancel := defaultContext()
 	defer cancel()
 
@@ -239,10 +239,7 @@ func (k *CloudKMS) GetPublicKey(req *apiv1.GetPublicKeyRequest) (*apiv1.GetPubli
 		return nil, err
 	}
 
-	return &apiv1.GetPublicKeyResponse{
-		Name:      req.Name,
-		PublicKey: pk,
-	}, nil
+	return pk, nil
 }
 
 func defaultContext() (context.Context, context.CancelFunc) {

kms/kms.go

@@ -13,7 +13,7 @@ import (
 
 // KeyManager is the interface implemented by all the KMS.
 type KeyManager interface {
-	GetPublicKey(req *apiv1.GetPublicKeyRequest) (*apiv1.GetPublicKeyResponse, error)
+	GetPublicKey(req *apiv1.GetPublicKeyRequest) (crypto.PublicKey, error)
 	CreateKey(req *apiv1.CreateKeyRequest) (*apiv1.CreateKeyResponse, error)
 	CreateSigner(req *apiv1.CreateSignerRequest) (crypto.Signer, error)
 	Close() error

kms/softkms/softkms.go

@@ -19,6 +19,9 @@ type algorithmAttributes struct {
 	Curve string
 }
 
+// DefaultRSAKeySize is the default size for RSA keys.
+const DefaultRSAKeySize = 3072
+
 var signatureAlgorithmMapping = map[apiv1.SignatureAlgorithm]algorithmAttributes{
 	apiv1.UnspecifiedSignAlgorithm: algorithmAttributes{"EC", "P-256"},
 	apiv1.SHA256WithRSA:            algorithmAttributes{"RSA", ""},
@@ -33,6 +36,14 @@ var signatureAlgorithmMapping = map[apiv1.SignatureAlgorithm]algorithmAttributes
 	apiv1.PureEd25519:              algorithmAttributes{"OKP", "Ed25519"},
 }
 
+// generateKey is used for testing purposes.
+var generateKey = func(kty, crv string, size int) (interface{}, interface{}, error) {
+	if kty == "RSA" && size == 0 {
+		size = DefaultRSAKeySize
+	}
+	return keys.GenerateKeyPair(kty, crv, size)
+}
+
 // SoftKSM is a key manager that uses keys stored in disk.
 type SoftKMS struct{}
 
@@ -87,7 +98,7 @@ func (k *SoftKMS) CreateKey(req *apiv1.CreateKeyRequest) (*apiv1.CreateKeyRespon
 		return nil, errors.Errorf("softKMS does not support signature algorithm '%s'", req.SignatureAlgorithm)
 	}
 
-	pub, priv, err := keys.GenerateKeyPair(v.Type, v.Curve, req.Bits)
+	pub, priv, err := generateKey(v.Type, v.Curve, req.Bits)
 	if err != nil {
 		return nil, err
 	}
@@ -106,21 +117,18 @@ func (k *SoftKMS) CreateKey(req *apiv1.CreateKeyRequest) (*apiv1.CreateKeyRespon
 	}, nil
 }
 
-func (k *SoftKMS) GetPublicKey(req *apiv1.GetPublicKeyRequest) (*apiv1.GetPublicKeyResponse, error) {
+func (k *SoftKMS) GetPublicKey(req *apiv1.GetPublicKeyRequest) (crypto.PublicKey, error) {
 	v, err := pemutil.Read(req.Name)
 	if err != nil {
 		return nil, err
 	}
 
-	switch v.(type) {
+	switch vv := v.(type) {
 	case *x509.Certificate:
+		return vv.PublicKey, nil
 	case *rsa.PublicKey, *ecdsa.PublicKey, ed25519.PublicKey:
+		return vv, nil
 	default:
 		return nil, errors.Errorf("unsupported public key type %T", v)
 	}
-
-	return &apiv1.GetPublicKeyResponse{
-		Name:      req.Name,
-		PublicKey: v,
-	}, nil
 }