Skip to content

Commit

Permalink
Support private keys on softkms GetPublicKey
Browse files Browse the repository at this point in the history
This commit adds supports for any crypto.Signer in softkms.GetPublicKey
as long as the key is not encrypted. It also adds support for x25519
keys.
  • Loading branch information
maraino committed May 24, 2023
1 parent 065de2d commit a1090dd
Show file tree
Hide file tree
Showing 6 changed files with 39 additions and 2 deletions.
5 changes: 4 additions & 1 deletion kms/softkms/softkms.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import (
"go.step.sm/crypto/kms/apiv1"
"go.step.sm/crypto/kms/uri"
"go.step.sm/crypto/pemutil"
"go.step.sm/crypto/x25519"
)

type algorithmAttributes struct {
Expand Down Expand Up @@ -139,8 +140,10 @@ func (k *SoftKMS) GetPublicKey(req *apiv1.GetPublicKeyRequest) (crypto.PublicKey
switch vv := v.(type) {
case *x509.Certificate:
return vv.PublicKey, nil
case *rsa.PublicKey, *ecdsa.PublicKey, ed25519.PublicKey:
case *rsa.PublicKey, *ecdsa.PublicKey, ed25519.PublicKey, x25519.PublicKey:
return vv, nil
case crypto.Signer:
return vv.Public(), nil
default:
return nil, errors.Errorf("unsupported public key type %T", v)
}
Expand Down
14 changes: 13 additions & 1 deletion kms/softkms/softkms_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ import (

"go.step.sm/crypto/kms/apiv1"
"go.step.sm/crypto/pemutil"
"go.step.sm/crypto/x25519"
)

func TestNew(t *testing.T) {
Expand Down Expand Up @@ -252,6 +253,13 @@ func TestSoftKMS_GetPublicKey(t *testing.T) {
t.Fatal(err)
}

nebulaPub := x25519.PublicKey{
0x7c, 0x7f, 0x14, 0xf3, 0xe2, 0x44, 0x63, 0xa6,
0xb3, 0x1d, 0x71, 0xce, 0xc1, 0x1a, 0x1b, 0xba,
0xb7, 0x1f, 0xdb, 0x95, 0x86, 0xfe, 0xe7, 0x8a,
0xc6, 0xf4, 0x3b, 0xb1, 0x0a, 0xd4, 0x54, 0x0f,
}

type args struct {
req *apiv1.GetPublicKeyRequest
}
Expand All @@ -267,8 +275,12 @@ func TestSoftKMS_GetPublicKey(t *testing.T) {
{"cert", args{&apiv1.GetPublicKeyRequest{Name: "testdata/cert.crt"}}, pub, false},
{"cert uri", args{&apiv1.GetPublicKeyRequest{Name: "softkms:testdata/cert.crt"}}, pub, false},
{"cert path uri", args{&apiv1.GetPublicKeyRequest{Name: "softkms:path=testdata/cert.crt"}}, pub, false},
{"private key", args{&apiv1.GetPublicKeyRequest{Name: "testdata/cert.key"}}, pub, false},
{"x25519 key", args{&apiv1.GetPublicKeyRequest{Name: "testdata/nebula.pem"}}, nebulaPub, false},
{"x25519 private key", args{&apiv1.GetPublicKeyRequest{Name: "testdata/nebula.key"}}, nebulaPub, false},
{"fail not exists", args{&apiv1.GetPublicKeyRequest{Name: "testdata/missing"}}, nil, true},
{"fail type", args{&apiv1.GetPublicKeyRequest{Name: "testdata/cert.key"}}, nil, true},
{"fail encrypted key", args{&apiv1.GetPublicKeyRequest{Name: "testdata/priv.pem"}}, nil, true},
{"fail unsupported key", args{&apiv1.GetPublicKeyRequest{Name: "testdata/dsa.pem"}}, nil, true},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
Expand Down
8 changes: 8 additions & 0 deletions kms/softkms/testdata/dsa.key
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
-----BEGIN DSA PRIVATE KEY-----
MIH3AgEAAkEAjcm6Okl66tWbbD068ymE17XI0wLNUpcIZgoCqvV24qRMT6cTl/J1
0DYkR/vTZaJ8EufEidCEf0ZHD06WoORE3QIVAI8EK3wRHdGmIX5AHBuhfj/7p3xT
AkBp8s2KAL/MsA1CINi3sOiVlbYPrA/WC9joLgV257BzOYLlWfZqiyketoSsd6sd
kZUqVJ02FxxLqSv8jouMWtOLAkA+ye7vjsTNnIV2xDkciQtnK1n4Di3DR15Tm0UP
Kf03FPxvYobFvCDxdgdlSAxDvjcDn1Z1ot7wzXFQX5IK4ApUAhRIG+8uWBKim3Rc
iUyGbE4gL/XByA==
-----END DSA PRIVATE KEY-----
8 changes: 8 additions & 0 deletions kms/softkms/testdata/dsa.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
-----BEGIN PUBLIC KEY-----
MIHwMIGoBgcqhkjOOAQBMIGcAkEAjcm6Okl66tWbbD068ymE17XI0wLNUpcIZgoC
qvV24qRMT6cTl/J10DYkR/vTZaJ8EufEidCEf0ZHD06WoORE3QIVAI8EK3wRHdGm
IX5AHBuhfj/7p3xTAkBp8s2KAL/MsA1CINi3sOiVlbYPrA/WC9joLgV257BzOYLl
WfZqiyketoSsd6sdkZUqVJ02FxxLqSv8jouMWtOLA0MAAkA+ye7vjsTNnIV2xDkc
iQtnK1n4Di3DR15Tm0UPKf03FPxvYobFvCDxdgdlSAxDvjcDn1Z1ot7wzXFQX5IK
4ApU
-----END PUBLIC KEY-----
3 changes: 3 additions & 0 deletions kms/softkms/testdata/nebula.key
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
-----BEGIN NEBULA X25519 PRIVATE KEY-----
sc9k10IOJEFg9QDXEAFqkDgVQ3KfuubYHfG+Xl2ODbs=
-----END NEBULA X25519 PRIVATE KEY-----
3 changes: 3 additions & 0 deletions kms/softkms/testdata/nebula.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
-----BEGIN NEBULA X25519 PUBLIC KEY-----
fH8U8+JEY6azHXHOwRoburcf25WG/ueKxvQ7sQrUVA8=
-----END NEBULA X25519 PUBLIC KEY-----

0 comments on commit a1090dd

Please sign in to comment.