Use always go.step.sm/crypto

This commit is contained in:
Mariano Cano 2020-08-14 15:33:50 -07:00
parent 533ad0ca20
commit d30a95236d
40 changed files with 70 additions and 60 deletions

View file

@ -19,8 +19,8 @@ import (
"github.com/smallstep/certificates/acme"
"github.com/smallstep/certificates/authority/provisioner"
"github.com/smallstep/certificates/db"
"github.com/smallstep/cli/crypto/pemutil"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/pemutil"
)
type mockAcmeAuthority struct {

View file

@ -14,9 +14,9 @@ import (
"github.com/smallstep/certificates/api"
"github.com/smallstep/certificates/authority/provisioner"
"github.com/smallstep/certificates/logging"
"github.com/smallstep/cli/crypto/keys"
"github.com/smallstep/cli/jose"
"github.com/smallstep/nosql"
"go.step.sm/crypto/keyutil"
)
type nextHTTP = func(http.ResponseWriter, *http.Request)
@ -173,10 +173,10 @@ func (h *Handler) validateJWS(next nextHTTP) nextHTTP {
if hdr.JSONWebKey != nil {
switch k := hdr.JSONWebKey.Key.(type) {
case *rsa.PublicKey:
if k.Size() < keys.MinRSAKeyBytes {
if k.Size() < keyutil.MinRSAKeyBytes {
api.WriteError(w, acme.MalformedErr(errors.Errorf("rsa "+
"keys must be at least %d bits (%d bytes) in size",
8*keys.MinRSAKeyBytes, keys.MinRSAKeyBytes)))
8*keyutil.MinRSAKeyBytes, keyutil.MinRSAKeyBytes)))
return
}
default:

View file

@ -17,7 +17,7 @@ import (
"github.com/pkg/errors"
"github.com/smallstep/assert"
"github.com/smallstep/certificates/acme"
"github.com/smallstep/cli/crypto/pemutil"
"go.step.sm/crypto/pemutil"
)
func TestNewOrderRequestValidate(t *testing.T) {

View file

@ -10,9 +10,9 @@ import (
"github.com/pkg/errors"
"github.com/smallstep/assert"
"github.com/smallstep/certificates/db"
"github.com/smallstep/cli/crypto/pemutil"
"github.com/smallstep/nosql"
"github.com/smallstep/nosql/database"
"go.step.sm/crypto/pemutil"
)
func defaultCertOps() (*CertOptions, error) {

View file

@ -16,7 +16,7 @@ import (
"github.com/smallstep/certificates/kms"
kmsapi "github.com/smallstep/certificates/kms/apiv1"
"github.com/smallstep/certificates/templates"
"github.com/smallstep/cli/crypto/pemutil"
"go.step.sm/crypto/pemutil"
"golang.org/x/crypto/ssh"
)

View file

@ -15,8 +15,8 @@ import (
"github.com/smallstep/assert"
"github.com/smallstep/certificates/authority/provisioner"
"github.com/smallstep/certificates/db"
"github.com/smallstep/cli/crypto/pemutil"
stepJOSE "github.com/smallstep/cli/jose"
"go.step.sm/crypto/pemutil"
)
func testAuthority(t *testing.T, opts ...Option) *Authority {

View file

@ -17,8 +17,8 @@ import (
"github.com/smallstep/certificates/authority/provisioner"
"github.com/smallstep/certificates/db"
"github.com/smallstep/certificates/errs"
"github.com/smallstep/cli/crypto/pemutil"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/pemutil"
"go.step.sm/crypto/randutil"
"golang.org/x/crypto/ssh"
"gopkg.in/square/go-jose.v2/jwt"

View file

@ -11,8 +11,8 @@ import (
"github.com/pkg/errors"
"github.com/smallstep/certificates/errs"
"github.com/smallstep/cli/crypto/pemutil"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/pemutil"
"go.step.sm/crypto/sshutil"
"go.step.sm/crypto/x509util"
)

View file

@ -7,7 +7,7 @@ import (
"reflect"
"testing"
"github.com/smallstep/cli/crypto/pemutil"
"go.step.sm/crypto/pemutil"
"go.step.sm/crypto/x509util"
)

View file

@ -12,7 +12,7 @@ import (
"github.com/pkg/errors"
"github.com/smallstep/assert"
"github.com/smallstep/cli/crypto/pemutil"
"go.step.sm/crypto/pemutil"
)
func Test_emailOnlyIdentity_Valid(t *testing.T) {

View file

@ -8,7 +8,7 @@ import (
"time"
"github.com/pkg/errors"
"github.com/smallstep/cli/crypto/keys"
"go.step.sm/crypto/keyutil"
"golang.org/x/crypto/ssh"
)
@ -423,9 +423,9 @@ func (v sshDefaultPublicKeyValidator) Valid(cert *ssh.Certificate, o SignSSHOpti
if err != nil {
return err
}
if key.Size() < keys.MinRSAKeyBytes {
if key.Size() < keyutil.MinRSAKeyBytes {
return errors.Errorf("ssh certificate key must be at least %d bits (%d bytes)",
8*keys.MinRSAKeyBytes, keys.MinRSAKeyBytes)
8*keyutil.MinRSAKeyBytes, keyutil.MinRSAKeyBytes)
}
return nil
case ssh.KeyAlgoDSA:

View file

@ -7,7 +7,7 @@ import (
"github.com/pkg/errors"
"github.com/smallstep/assert"
"github.com/smallstep/cli/crypto/keys"
"go.step.sm/crypto/keyutil"
"golang.org/x/crypto/ssh"
)
@ -489,7 +489,7 @@ func Test_sshDefaultExtensionModifier_Modify(t *testing.T) {
}
func Test_sshCertDefaultValidator_Valid(t *testing.T) {
pub, _, err := keys.GenerateDefaultKeyPair()
pub, _, err := keyutil.GenerateDefaultKeyPair()
assert.FatalError(t, err)
sshPub, err := ssh.NewPublicKey(pub)
assert.FatalError(t, err)

View file

@ -13,8 +13,8 @@ import (
"github.com/smallstep/assert"
"github.com/smallstep/certificates/db"
"github.com/smallstep/certificates/errs"
"github.com/smallstep/cli/crypto/pemutil"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/pemutil"
"golang.org/x/crypto/ssh"
)

View file

@ -16,8 +16,8 @@ import (
"time"
"github.com/pkg/errors"
"github.com/smallstep/cli/crypto/pemutil"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/pemutil"
"go.step.sm/crypto/randutil"
"golang.org/x/crypto/ssh"
)

View file

@ -9,8 +9,8 @@ import (
"github.com/pkg/errors"
"github.com/smallstep/assert"
"github.com/smallstep/certificates/errs"
"github.com/smallstep/cli/crypto/pemutil"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/pemutil"
"go.step.sm/crypto/randutil"
)

View file

@ -9,7 +9,7 @@ import (
"github.com/pkg/errors"
"github.com/smallstep/assert"
"github.com/smallstep/certificates/errs"
"github.com/smallstep/cli/crypto/pemutil"
"go.step.sm/crypto/pemutil"
)
func TestRoot(t *testing.T) {

View file

@ -15,9 +15,9 @@ import (
"github.com/smallstep/certificates/authority/provisioner"
"github.com/smallstep/certificates/db"
"github.com/smallstep/certificates/errs"
"github.com/smallstep/cli/crypto/keys"
"github.com/smallstep/cli/crypto/pemutil"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/keyutil"
"go.step.sm/crypto/pemutil"
"go.step.sm/crypto/x509util"
)
@ -363,7 +363,7 @@ func (a *Authority) GetTLSCertificate() (*tls.Certificate, error) {
}
// Generate default key.
priv, err := keys.GenerateDefaultKey()
priv, err := keyutil.GenerateDefaultKey()
if err != nil {
return fatal(err)
}

View file

@ -22,9 +22,9 @@ import (
"github.com/smallstep/certificates/authority/provisioner"
"github.com/smallstep/certificates/db"
"github.com/smallstep/certificates/errs"
"github.com/smallstep/cli/crypto/keys"
"github.com/smallstep/cli/crypto/pemutil"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/keyutil"
"go.step.sm/crypto/pemutil"
"go.step.sm/crypto/x509util"
"gopkg.in/square/go-jose.v2/jwt"
)
@ -196,7 +196,7 @@ type basicConstraints struct {
}
func TestAuthority_Sign(t *testing.T) {
pub, priv, err := keys.GenerateDefaultKeyPair()
pub, priv, err := keyutil.GenerateDefaultKeyPair()
assert.FatalError(t, err)
a := testAuthority(t)
@ -745,7 +745,7 @@ func TestAuthority_Renew(t *testing.T) {
}
func TestAuthority_Rekey(t *testing.T) {
pub, _, err := keys.GenerateDefaultKeyPair()
pub, _, err := keyutil.GenerateDefaultKeyPair()
assert.FatalError(t, err)
a := testAuthority(t)

View file

@ -16,8 +16,8 @@ import (
"github.com/smallstep/certificates/acme"
acmeAPI "github.com/smallstep/certificates/acme/api"
"github.com/smallstep/certificates/api"
"github.com/smallstep/cli/crypto/pemutil"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/pemutil"
)
func TestNewACMEClient(t *testing.T) {

View file

@ -25,9 +25,9 @@ import (
"github.com/smallstep/certificates/authority"
"github.com/smallstep/certificates/authority/provisioner"
"github.com/smallstep/certificates/errs"
"github.com/smallstep/cli/crypto/keys"
"github.com/smallstep/cli/crypto/pemutil"
stepJOSE "github.com/smallstep/cli/jose"
"go.step.sm/crypto/keyutil"
"go.step.sm/crypto/pemutil"
"go.step.sm/crypto/randutil"
"go.step.sm/crypto/x509util"
jose "gopkg.in/square/go-jose.v2"
@ -76,7 +76,7 @@ func TestMain(m *testing.M) {
}
func TestCASign(t *testing.T) {
pub, priv, err := keys.GenerateDefaultKeyPair()
pub, priv, err := keyutil.GenerateDefaultKeyPair()
assert.FatalError(t, err)
asn1dn := &authority.ASN1DN{
@ -551,7 +551,7 @@ func TestCAHealth(t *testing.T) {
}
func TestCARenew(t *testing.T) {
pub, priv, err := keys.GenerateDefaultKeyPair()
pub, priv, err := keyutil.GenerateDefaultKeyPair()
assert.FatalError(t, err)
asn1dn := &authority.ASN1DN{

View file

@ -28,8 +28,8 @@ import (
"github.com/smallstep/certificates/ca/identity"
"github.com/smallstep/certificates/errs"
"github.com/smallstep/cli/config"
"github.com/smallstep/cli/crypto/keys"
"github.com/smallstep/cli/crypto/pemutil"
"go.step.sm/crypto/keyutil"
"go.step.sm/crypto/pemutil"
"go.step.sm/crypto/x509util"
"golang.org/x/net/http2"
"gopkg.in/square/go-jose.v2/jwt"
@ -1102,7 +1102,7 @@ func CreateSignRequest(ott string) (*api.SignRequest, crypto.PrivateKey, error)
// CreateCertificateRequest creates a new CSR with the given common name and
// SANs. If no san is provided the commonName will set also a SAN.
func CreateCertificateRequest(commonName string, sans ...string) (*api.CertificateRequest, crypto.PrivateKey, error) {
key, err := keys.GenerateDefaultKey()
key, err := keyutil.GenerateDefaultKey()
if err != nil {
return nil, nil, err
}

View file

@ -17,7 +17,7 @@ import (
"github.com/pkg/errors"
"github.com/smallstep/certificates/api"
"github.com/smallstep/cli/config"
"github.com/smallstep/cli/crypto/pemutil"
"go.step.sm/crypto/pemutil"
)
// Type represents the different types of identity files.

View file

@ -13,7 +13,7 @@ import (
"testing"
"github.com/smallstep/certificates/api"
"github.com/smallstep/cli/crypto/pemutil"
"go.step.sm/crypto/pemutil"
)
func TestLoadDefaultIdentity(t *testing.T) {

View file

@ -7,8 +7,8 @@ import (
"testing"
"time"
"github.com/smallstep/cli/crypto/pemutil"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/pemutil"
"go.step.sm/crypto/x509util"
)

View file

@ -16,9 +16,9 @@ import (
"github.com/smallstep/certificates/kms/apiv1"
"github.com/smallstep/certificates/kms/awskms"
"github.com/smallstep/cli/crypto/pemutil"
"github.com/smallstep/cli/ui"
"github.com/smallstep/cli/utils"
"go.step.sm/crypto/pemutil"
"golang.org/x/crypto/ssh"
)

View file

@ -17,9 +17,9 @@ import (
"github.com/smallstep/certificates/kms/apiv1"
"github.com/smallstep/certificates/kms/cloudkms"
"github.com/smallstep/cli/crypto/pemutil"
"github.com/smallstep/cli/ui"
"github.com/smallstep/cli/utils"
"go.step.sm/crypto/pemutil"
"golang.org/x/crypto/ssh"
)

View file

@ -19,9 +19,9 @@ import (
"github.com/pkg/errors"
"github.com/smallstep/certificates/kms"
"github.com/smallstep/certificates/kms/apiv1"
"github.com/smallstep/cli/crypto/pemutil"
"github.com/smallstep/cli/ui"
"github.com/smallstep/cli/utils"
"go.step.sm/crypto/pemutil"
// Enable yubikey.
_ "github.com/smallstep/certificates/kms/yubikey"

4
go.mod
View file

@ -18,7 +18,7 @@ require (
github.com/smallstep/nosql v0.3.0
github.com/urfave/cli v1.22.2
go.step.sm/crypto v0.1.1
golang.org/x/crypto v0.0.0-20200414173820-0848c9571904
golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de
golang.org/x/net v0.0.0-20200202094626-16171245cfb2
google.golang.org/api v0.15.0
google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb
@ -28,4 +28,4 @@ require (
// replace github.com/smallstep/cli => ../cli
// replace github.com/smallstep/nosql => ../nosql
// replace go.step.sm/crypto => ../crypto
replace go.step.sm/crypto => ../crypto

3
go.sum
View file

@ -479,6 +479,7 @@ github.com/smallstep/assert v0.0.0-20200103212524-b99dc1097b15/go.mod h1:MyOHs9P
github.com/smallstep/certificates v0.14.5/go.mod h1:zzpB8wMz967gL8FmK6zvCNB4pDVwFDKjPg1diTVc1h8=
github.com/smallstep/certinfo v1.3.0/go.mod h1:1gQJekdPwPvUwFWGTi7bZELmQT09cxC9wJ0VBkBNiwU=
github.com/smallstep/cli v0.14.5/go.mod h1:mRFuqC3cGwQESBGJvog4o76jZZZ7bMjkE+hAnq2QyR8=
github.com/smallstep/cli v0.14.6 h1:xc9rawDKB70Vgvg10gfQAh9EpDWS3k1O002J5bApqUk=
github.com/smallstep/cli v0.14.7-rc.1.0.20200721180458-731b7c4c8c95 h1:TcCYqEqh6EIEiFabRdtG0IGyFK01kRLTjx6TIKqjxX8=
github.com/smallstep/cli v0.14.7-rc.1.0.20200721180458-731b7c4c8c95/go.mod h1:7aWHk7WwJMpEP4PYyav86FMpaI9vuA0uJRliUAqCwxg=
github.com/smallstep/nosql v0.3.0 h1:V1X5vfDsDt89499h3jZFUlR4VnnsYYs5tXaQZ0w8z5U=
@ -609,6 +610,8 @@ golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59 h1:3zb4D3T4G8jdExgVU/95+v
golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200414173820-0848c9571904 h1:bXoxMPcSLOq08zI3/c5dEBT6lE4eh+jOh886GHrn6V8=
golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de h1:ikNHVSjEfnvz6sxdSPCaPt572qowuyMDMJLLm3Db3ig=
golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=

View file

@ -14,7 +14,7 @@ import (
"github.com/pkg/errors"
"github.com/smallstep/certificates/kms/apiv1"
"github.com/smallstep/certificates/kms/uri"
"github.com/smallstep/cli/crypto/pemutil"
"go.step.sm/crypto/pemutil"
)
// KMS implements a KMS using AWS Key Management Service.

View file

@ -14,7 +14,7 @@ import (
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/kms"
"github.com/smallstep/certificates/kms/apiv1"
"github.com/smallstep/cli/crypto/pemutil"
"go.step.sm/crypto/pemutil"
)
func TestNew(t *testing.T) {

View file

@ -8,7 +8,7 @@ import (
"github.com/aws/aws-sdk-go/service/kms"
"github.com/pkg/errors"
"github.com/smallstep/cli/crypto/pemutil"
"go.step.sm/crypto/pemutil"
)
// Signer implements a crypto.Signer using the AWS KMS.

View file

@ -13,7 +13,7 @@ import (
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/request"
"github.com/aws/aws-sdk-go/service/kms"
"github.com/smallstep/cli/crypto/pemutil"
"go.step.sm/crypto/pemutil"
)
func TestNewSigner(t *testing.T) {

View file

@ -14,7 +14,7 @@ import (
gax "github.com/googleapis/gax-go/v2"
"github.com/pkg/errors"
"github.com/smallstep/certificates/kms/apiv1"
"github.com/smallstep/cli/crypto/pemutil"
"go.step.sm/crypto/pemutil"
"google.golang.org/api/option"
kmspb "google.golang.org/genproto/googleapis/cloud/kms/v1"
)

View file

@ -11,7 +11,7 @@ import (
gax "github.com/googleapis/gax-go/v2"
"github.com/smallstep/certificates/kms/apiv1"
"github.com/smallstep/cli/crypto/pemutil"
"go.step.sm/crypto/pemutil"
kmspb "google.golang.org/genproto/googleapis/cloud/kms/v1"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"

View file

@ -5,7 +5,7 @@ import (
"io"
"github.com/pkg/errors"
"github.com/smallstep/cli/crypto/pemutil"
"go.step.sm/crypto/pemutil"
kmspb "google.golang.org/genproto/googleapis/cloud/kms/v1"
)

View file

@ -11,7 +11,7 @@ import (
"testing"
gax "github.com/googleapis/gax-go/v2"
"github.com/smallstep/cli/crypto/pemutil"
"go.step.sm/crypto/pemutil"
kmspb "google.golang.org/genproto/googleapis/cloud/kms/v1"
)

View file

@ -10,8 +10,9 @@ import (
"github.com/pkg/errors"
"github.com/smallstep/certificates/kms/apiv1"
"github.com/smallstep/cli/crypto/keys"
"github.com/smallstep/cli/crypto/pemutil"
"github.com/smallstep/cli/ui"
"go.step.sm/crypto/keyutil"
"go.step.sm/crypto/pemutil"
)
type algorithmAttributes struct {
@ -41,7 +42,7 @@ var generateKey = func(kty, crv string, size int) (interface{}, interface{}, err
if kty == "RSA" && size == 0 {
size = DefaultRSAKeySize
}
return keys.GenerateKeyPair(kty, crv, size)
return keyutil.GenerateKeyPair(kty, crv, size)
}
// SoftKMS is a key manager that uses keys stored in disk.
@ -53,6 +54,9 @@ func New(ctx context.Context, opts apiv1.Options) (*SoftKMS, error) {
}
func init() {
pemutil.PromptPassword = func(msg string) ([]byte, error) {
return ui.PromptPassword(msg)
}
apiv1.Register(apiv1.SoftKMS, func(ctx context.Context, opts apiv1.Options) (apiv1.KeyManager, error) {
return New(ctx, opts)
})
@ -98,6 +102,8 @@ func (k *SoftKMS) CreateSigner(req *apiv1.CreateSignerRequest) (crypto.Signer, e
}
}
// CreateKey generates a new key using Golang crypto and returns both public and
// private key.
func (k *SoftKMS) CreateKey(req *apiv1.CreateKeyRequest) (*apiv1.CreateKeyResponse, error) {
v, ok := signatureAlgorithmMapping[req.SignatureAlgorithm]
if !ok {
@ -123,6 +129,7 @@ func (k *SoftKMS) CreateKey(req *apiv1.CreateKeyRequest) (*apiv1.CreateKeyRespon
}, nil
}
// GetPublicKey returns the public key from the file passed in the request name.
func (k *SoftKMS) GetPublicKey(req *apiv1.GetPublicKeyRequest) (crypto.PublicKey, error) {
v, err := pemutil.Read(req.Name)
if err != nil {

View file

@ -16,7 +16,7 @@ import (
"testing"
"github.com/smallstep/certificates/kms/apiv1"
"github.com/smallstep/cli/crypto/pemutil"
"go.step.sm/crypto/pemutil"
)
func TestNew(t *testing.T) {

View file

@ -22,12 +22,12 @@ import (
"github.com/smallstep/certificates/ca"
"github.com/smallstep/certificates/db"
"github.com/smallstep/cli/config"
"github.com/smallstep/cli/crypto/keys"
"github.com/smallstep/cli/crypto/pemutil"
"github.com/smallstep/cli/errs"
"github.com/smallstep/cli/jose"
"github.com/smallstep/cli/ui"
"github.com/smallstep/cli/utils"
"go.step.sm/crypto/keyutil"
"go.step.sm/crypto/pemutil"
"go.step.sm/crypto/x509util"
"golang.org/x/crypto/ssh"
)
@ -115,7 +115,7 @@ func GetProvisioners(caURL, rootFile string) (provisioner.List, error) {
}
func generateDefaultKey() (crypto.Signer, error) {
priv, err := keys.GenerateDefaultKey()
priv, err := keyutil.GenerateDefaultKey()
if err != nil {
return nil, err
}
@ -369,7 +369,7 @@ func (p *PKI) GenerateSSHSigningKeys(password []byte) error {
var pubNames = []string{p.sshHostPubKey, p.sshUserPubKey}
var privNames = []string{p.sshHostKey, p.sshUserKey}
for i := 0; i < 2; i++ {
pub, priv, err := keys.GenerateDefaultKeyPair()
pub, priv, err := keyutil.GenerateDefaultKeyPair()
if err != nil {
return err
}