smallstep-certificates/kms/apiv1/requests.go

168 lines
4.2 KiB
Go
Raw Normal View History

2020-01-10 02:41:13 +00:00
package apiv1
import (
"crypto"
2020-05-08 01:22:09 +00:00
"crypto/x509"
2020-01-10 02:41:13 +00:00
"fmt"
)
// ProtectionLevel specifies on some KMS how cryptographic operations are
// performed.
type ProtectionLevel int
const (
// Protection level not specified.
UnspecifiedProtectionLevel ProtectionLevel = iota
// Crypto operations are performed in software.
Software
// Crypto operations are performed in a Hardware Security Module.
HSM
)
// String returns a string representation of p.
func (p ProtectionLevel) String() string {
switch p {
case UnspecifiedProtectionLevel:
return "unspecified"
case Software:
return "software"
case HSM:
return "hsm"
default:
return fmt.Sprintf("unknown(%d)", p)
}
}
// SignatureAlgorithm used for cryptographic signing.
type SignatureAlgorithm int
const (
// Not specified.
UnspecifiedSignAlgorithm SignatureAlgorithm = iota
// RSASSA-PKCS1-v1_5 key and a SHA256 digest.
SHA256WithRSA
// RSASSA-PKCS1-v1_5 key and a SHA384 digest.
SHA384WithRSA
// RSASSA-PKCS1-v1_5 key and a SHA512 digest.
SHA512WithRSA
// RSASSA-PSS key with a SHA256 digest.
SHA256WithRSAPSS
// RSASSA-PSS key with a SHA384 digest.
SHA384WithRSAPSS
// RSASSA-PSS key with a SHA512 digest.
SHA512WithRSAPSS
// ECDSA on the NIST P-256 curve with a SHA256 digest.
ECDSAWithSHA256
// ECDSA on the NIST P-384 curve with a SHA384 digest.
ECDSAWithSHA384
// ECDSA on the NIST P-521 curve with a SHA512 digest.
ECDSAWithSHA512
// EdDSA on Curve25519 with a SHA512 digest.
PureEd25519
)
// String returns a string representation of s.
func (s SignatureAlgorithm) String() string {
switch s {
case UnspecifiedSignAlgorithm:
return "unspecified"
case SHA256WithRSA:
return "SHA256-RSA"
case SHA384WithRSA:
return "SHA384-RSA"
case SHA512WithRSA:
return "SHA512-RSA"
case SHA256WithRSAPSS:
return "SHA256-RSAPSS"
case SHA384WithRSAPSS:
return "SHA384-RSAPSS"
case SHA512WithRSAPSS:
return "SHA512-RSAPSS"
case ECDSAWithSHA256:
return "ECDSA-SHA256"
case ECDSAWithSHA384:
return "ECDSA-SHA384"
case ECDSAWithSHA512:
return "ECDSA-SHA512"
case PureEd25519:
return "Ed25519"
default:
return fmt.Sprintf("unknown(%d)", s)
}
}
// GetPublicKeyRequest is the parameter used in the kms.GetPublicKey method.
2020-01-10 02:41:13 +00:00
type GetPublicKeyRequest struct {
Name string
}
// CreateKeyRequest is the parameter used in the kms.CreateKey method.
2020-01-10 02:41:13 +00:00
type CreateKeyRequest struct {
// Name represents the key name or label used to identify a key.
//
2021-10-29 21:47:57 +00:00
// Used by: awskms, cloudkms, azurekms, pkcs11, yubikey.
Name string
// SignatureAlgorithm represents the type of key to create.
2020-01-10 02:41:13 +00:00
SignatureAlgorithm SignatureAlgorithm
// Bits is the number of bits on RSA keys.
Bits int
2020-01-10 02:41:13 +00:00
// ProtectionLevel specifies how cryptographic operations are performed.
2021-10-29 21:47:57 +00:00
// Used by: cloudkms, azurekms.
2020-01-10 02:41:13 +00:00
ProtectionLevel ProtectionLevel
2021-06-17 13:06:35 +00:00
2021-10-29 21:47:57 +00:00
// Extractable defines if the new key may be exported from the HSM under a
// wrap key. On pkcs11 sets the CKA_EXTRACTABLE bit.
//
// Used by: pkcs11
2021-06-17 13:06:35 +00:00
Extractable bool
2020-01-10 02:41:13 +00:00
}
// CreateKeyResponse is the response value of the kms.CreateKey method.
2020-01-10 02:41:13 +00:00
type CreateKeyResponse struct {
Name string
PublicKey crypto.PublicKey
PrivateKey crypto.PrivateKey
CreateSignerRequest CreateSignerRequest
2020-01-10 02:41:13 +00:00
}
// CreateSignerRequest is the parameter used in the kms.CreateSigner method.
2020-01-10 02:41:13 +00:00
type CreateSignerRequest struct {
Signer crypto.Signer
2020-01-10 02:41:13 +00:00
SigningKey string
SigningKeyPEM []byte
TokenLabel string
PublicKey string
PublicKeyPEM []byte
Password []byte
2020-01-10 02:41:13 +00:00
}
2020-05-08 01:22:09 +00:00
// CreateDecrypterRequest is the parameter used in the kms.Decrypt method.
type CreateDecrypterRequest struct {
Decrypter crypto.Decrypter
DecryptionKey string
DecryptionKeyPEM []byte
Password []byte
}
2020-05-08 01:22:09 +00:00
// LoadCertificateRequest is the parameter used in the LoadCertificate method of
// a CertificateManager.
type LoadCertificateRequest struct {
Name string
}
// StoreCertificateRequest is the parameter used in the StoreCertificate method
// of a CertificateManager.
type StoreCertificateRequest struct {
Name string
Certificate *x509.Certificate
2021-10-29 21:47:57 +00:00
// Extractable defines if the new certificate may be exported from the HSM
// under a wrap key. On pkcs11 sets the CKA_EXTRACTABLE bit.
//
// Used by: pkcs11
Extractable bool
2020-05-08 01:22:09 +00:00
}