Commit graph

99 commits

Author SHA1 Message Date
Mariano Cano
f1ef3fb351 Add GetBool(s string) bool to URI type. 2021-10-07 15:48:11 -07:00
Mariano Cano
500b540406 Remove unused code. 2021-10-07 15:35:21 -07:00
Mariano Cano
2026787ce4 Add some extra coverage. 2021-10-07 15:01:11 -07:00
Mariano Cano
08c9902f29 Add new alias in the kms package. 2021-10-06 18:42:01 -07:00
Mariano Cano
505b1f3678 Add new test case with a version in the opaque string. 2021-10-06 18:41:31 -07:00
Mariano Cano
d2581489a3 Redefine uris and set proper type.
URIs will now have the form:

  - azurekms:name=my-key;vault=my-vault
  - azurekms:name=my-key;vault=my-vault?version=my-version
2021-10-06 18:39:12 -07:00
Mariano Cano
656099c4f0 Add type for azurekms. 2021-10-06 18:38:32 -07:00
Mariano Cano
56c3559e52 Add some extra coverage. 2021-10-05 20:41:55 -07:00
Mariano Cano
6389100325 Add unit tests for azurekms. 2021-10-05 20:35:52 -07:00
Mariano Cano
97d08a1b61 Fix typos. 2021-10-05 17:11:23 -07:00
Mariano Cano
392a18465f Add initial implementation of Azure Key Vault KMS.
Fixes #462
2021-10-05 17:06:17 -07:00
Mariano Cano
6d644880bd Allow to kms signers to define the SignatureAlgorithm
CloudKMS keys signs data using an specific signature algorithm, in RSA keys,
this can be PKCS#1 RSA or RSA-PSS, if the later is used, x509.CreateCertificate
will fail unless the template SignatureCertificate is properly set.

On contrast, AWSKMS RSA keys, are just RSA keys, and can sign with PKCS#1 or
RSA-PSS schemes, so right now the way to enforce one or the other is to used
templates.
2021-09-08 17:48:50 -07:00
max furman
8ba9013f5d gofmt linting errors 2021-09-07 11:35:51 -07:00
max furman
8bec473f8e fix gofmt linting errors 2021-09-07 11:30:35 -07:00
Mariano Cano
abd78e2d2a Make kms uri compatible with Go 1.17.
Go 1.17 introduces a change in the net/url package disallowing the
use of semicolon (;) in URL queries. We used url.ParseQuery to
decode the opaque string that is semicolon separated. This change
replaces the semicolon with ampersands before decoding it.
2021-08-17 13:25:55 -07:00
Mariano Cano
a864f0134d Fix key version when SHA512WithRSA is used.
There was a typo creating RSA keys with SHA256 digests instead of
SHA512
2021-08-16 14:47:38 -07:00
Mariano Cano
c4d0c8a18e Fix credentials file parameter on awskms 2021-06-11 21:40:04 -07:00
Herman Slatman
877fc9ae8c
Add tests for CreateDecrypter 2021-05-07 15:32:07 +02:00
Herman Slatman
68d5f6d0d2
Merge branch 'master' into hs/scep 2021-04-29 22:18:00 +02:00
Mariano Cano
180b5c3e3c Fix typo. 2021-04-21 16:20:53 -07:00
Herman Slatman
583d60dc0d
Address (most) PR comments 2021-03-21 16:42:41 +01:00
Herman Slatman
8c5b12e21d
Add non-TLS server and improve crypto.Decrypter interface
A server without TLS was added to serve the SCEP endpoints. According
to the RFC, SCEP has to be served via HTTP. The `sscep` client, for
example, will stop any URL that does not start with `http://` from
being used, so serving SCEP seems to be the right way to do it.

This commit adds a second server for which no TLS configuration is
configured. A distinct field in the configuration, `insecureAddress`
was added to specify the address for the insecure server.

The SCEP endpoints will also still be served via HTTPS. Some clients
may be able to work with that.

This commit also improves how the crypto.Decrypter interface is
handled for the different types of KMSes supported by step. The
apiv1.Decrypter interface was added. Currently only SoftKMS
implements this interface, providing a crypto.Decrypter required
for SCEP operations.
2021-03-12 14:18:36 +01:00
Herman Slatman
7948f65ac0
Merge branch 'master' into hs/scep 2021-02-26 00:41:33 +01:00
Herman Slatman
7ad90d10b3
Refactor initialization of SCEP authority 2021-02-26 00:32:21 +01:00
Max
8ead310d24
Merge pull request #485 from smallstep/max/actions
Convert to github actions
2021-02-22 22:23:48 -08:00
Mariano Cano
163eb7029c Refactor cloudkms signer to return an error on the constructor. 2021-02-19 15:36:55 -08:00
Mariano Cano
cae08bff80 Validate that the signer can get the public key. 2021-02-19 11:28:35 -08:00
max furman
f88f58440f add //nolint for new 1.16 deprecation warnings
- dsa
- pem.DecryptPEMBlock
2021-02-18 20:14:20 -08:00
Mariano Cano
2ba4e37530 Add URI support to configure yubikeys. 2021-02-16 15:02:20 -08:00
Mariano Cano
4c562160fc Fix typo. 2021-02-16 14:52:55 -08:00
Mariano Cano
4bec2b04ec Add support for retired key management slots on yubikey.
Fixes #461
2021-02-16 14:47:34 -08:00
Mariano Cano
a947779795 Add uri support initializing cloudkms. 2021-02-16 13:11:47 -08:00
Mariano Cano
4902e45729 Add URI support initializing an awskms. 2021-02-16 13:10:53 -08:00
Mariano Cano
1ddddb6bc7 Permit linting and testing without CGO support.
Use CGO for testing and building in travis.
Fixes #471
2021-02-12 13:18:30 -08:00
Mariano Cano
d03c088ab7 Add test cases for uris with only the schema. 2021-02-11 19:14:35 -08:00
Mariano Cano
f6cbd9dc88 Fix typos. 2021-02-11 19:14:15 -08:00
Mariano Cano
ebaeae9008 Avoid closing pkcs#11 context twice. 2021-02-08 19:16:57 -08:00
Mariano Cano
f425a81d36 Enforce the use of id and label when generating objects. 2021-02-04 12:53:08 -08:00
Mariano Cano
dd6a43ad13 Add fake implementation of pkcs11 key manager without cgo.
This allows other binaries to import pkcs11 directly even if they
are compiled without cgo.
2021-02-04 12:32:30 -08:00
Mariano Cano
3fdab93ab8 Add missing file. 2021-02-01 15:27:53 -08:00
Mariano Cano
a8260a3289 Add missing test. 2021-02-01 14:25:49 -08:00
Mariano Cano
41eff69fb3 Fix linting errors. 2021-02-01 14:22:53 -08:00
Mariano Cano
128d07f148 Use new GetEncoded method. 2021-02-01 14:17:39 -08:00
Mariano Cano
b28db61d5d Add missing close causing panic with softhsm2. 2021-02-01 14:16:55 -08:00
Mariano Cano
a74fc7a0b2 Remove unnecessary methods and add missing tests. 2021-02-01 14:16:08 -08:00
Mariano Cano
50e9018a44 Fix missing return. 2021-01-28 19:53:25 -08:00
Mariano Cano
84a3c8c984 Rename nitrokey initialization to opensc. 2021-01-28 19:51:17 -08:00
Mariano Cano
b7afc92758 Complete tests. 2021-01-28 19:48:08 -08:00
Mariano Cano
3a479cb0e8 Add support for nitrokey. 2021-01-28 19:47:44 -08:00
Mariano Cano
e78d45a060 Add benchmarks for signing operations. 2021-01-28 19:46:48 -08:00