Commit Graph

1867 Commits

Author SHA1 Message Date
Carl Tashian
73fc350b84 Add note about PKCS#11 2021-02-01 11:56:24 -08:00
Mariano Cano
51ac28656e Fix protection level for host keys in cloudkms script.
Fixes #460
2021-01-29 16:11:25 -08:00
Mariano Cano
7f9d7eadc9 Attempt to delete key and certificate with the same name.
Nitrokey will override the label of the key with the certificate one.
If they are stored with the same id.
2021-01-29 13:31:07 -08:00
Mariano Cano
162c535705 Add option to not store certificates in the pkcs11 module. 2021-01-28 20:13:28 -08:00
Mariano Cano
50e9018a44 Fix missing return. 2021-01-28 19:53:25 -08:00
Mariano Cano
84a3c8c984 Rename nitrokey initialization to opensc. 2021-01-28 19:51:17 -08:00
Mariano Cano
b7afc92758 Complete tests. 2021-01-28 19:48:08 -08:00
Mariano Cano
3a479cb0e8 Add support for nitrokey. 2021-01-28 19:47:44 -08:00
Mariano Cano
e78d45a060 Add benchmarks for signing operations. 2021-01-28 19:46:48 -08:00
Mariano Cano
673675fa89 Convert pkcs11 tests to use tags. 2021-01-28 14:43:22 -08:00
Mariano Cano
6c113542c8 Fix ecdsa signature verification test. 2021-01-28 11:38:21 -08:00
Carl Tashian
9fd0964e1c Add SystemCallFilter=@system-service 2021-01-28 09:45:20 -08:00
Carl Tashian
2af73881d7 Add ProtectHome=true 2021-01-28 07:48:21 -08:00
Mariano Cano
35bf9b787e Implement ecdsa.VerifyASN1 to be compatible with go < 1.15 2021-01-27 20:35:42 -08:00
Mariano Cano
d9da150a5f Fix test. 2021-01-27 20:23:45 -08:00
Mariano Cano
294f84b8d4 Add initial set of unit tests for pkcs11 kms. 2021-01-27 20:17:14 -08:00
Carl Tashian
82f82d438c Add systemd files 2021-01-27 17:29:29 -08:00
Mariano Cano
6c0cf99b24 Upgrade nosql with a 32-bit version of badger. 2021-01-27 11:02:56 -08:00
Mariano Cano
a6c784d5dd Add missing pkcs11 package. 2021-01-26 20:15:57 -08:00
Mariano Cano
8dca652bc7 Add support for PKCS #11 KMS.
The implementation works with YubiHSM2. Unit tests are still pending.

Fixes #301
2021-01-26 20:03:53 -08:00
Mariano Cano
c61222de1d Upgrade nosql version.
nosql has newer version of badgers v1 and v2.
2021-01-21 18:03:55 -08:00
Max
fc93d60c5d
Merge pull request #453 from smallstep/max/csr-san-empty
Allow empty SAN in CSR for validation ...
2021-01-14 19:30:11 -06:00
max furman
16665c97f0 Allow empty SAN in CSR for validation ...
- The default template will always use the SANs from the token.
- If there are any SANs they must be validated against the token.
2021-01-14 15:26:46 -06:00
Mariano Cano
00c6f08612
Merge pull request #440 from mkkeffeler/smallstep-by-provisioner-appendedcert
Begins to fix issue 87
2020-12-28 17:49:00 -08:00
Miclain Keffeler
ffbfcfb1f2 format. 2020-12-28 18:46:21 -06:00
Miclain K Keffeler
7a1eb43bb1
Update options.go 2020-12-28 17:12:37 -06:00
Miclain K Keffeler
f3396bf964
Update softcas.go 2020-12-28 17:10:44 -06:00
Mariano Cano
71a8e87eec Update go.sum with new version of go-piv. 2020-12-28 14:50:33 -08:00
Mariano Cano
6598ea9d73
Merge pull request #441 from gaffneyd4/gaffneyd4/x32
Bump go-piv to v1.7.0 for x32 overflow fix
2020-12-28 14:49:23 -08:00
Derek Gaffney
8416bd633d Bump go-piv to v1.7.0 for x32 overflow fix 2020-12-27 20:27:39 -05:00
Miclain Keffeler
e9bfa061b8 Merge branch 'smallstep-by-provisioner-appendedcert' of https://github.com/mkkeffeler/certificates into smallstep-by-provisioner-appendedcert 2020-12-23 22:46:41 -06:00
Miclain Keffeler
cf063d1f4a Revert "Begins to fix issue 87"
This reverts commit e2ba4159c3.
2020-12-23 22:46:21 -06:00
Miclain Keffeler
21dc406382 Begins to fix issue 87 2020-12-23 22:46:21 -06:00
Miclain Keffeler
bfd13f1f72 Revert "Begins to fix issue 87"
This reverts commit e2ba4159c3.
2020-12-23 22:43:47 -06:00
Miclain Keffeler
393c43201f Merge branch 'smallstep-by-provisioner-appendedcert' of https://github.com/mkkeffeler/certificates into smallstep-by-provisioner-appendedcert 2020-12-23 22:41:36 -06:00
Miclain Keffeler
7545b4a625 leverage intermediate_ca.crt for appending certs. 2020-12-23 22:41:10 -06:00
Miclain Keffeler
e2ba4159c3 Begins to fix issue 87 2020-12-22 16:39:39 -06:00
Max
c255863816
Merge pull request #438 from smallstep/max/broken-validate-challenge-test
Fix broken ValidateChallenge test
2020-12-18 18:24:47 -05:00
max furman
265d49dbf8 Remove debug statement 2020-12-18 18:17:55 -05:00
max furman
1f9aa65d66 Add test case 2020-12-18 17:05:25 -05:00
max furman
20f8d950c4 Fix broken ValidateChallenge test 2020-12-18 11:18:42 -05:00
Mariano Cano
bae209741f
Merge pull request #436 from smallstep/upgrade-crypto
Upgrade crypto and validate token id
2020-12-17 15:12:32 -08:00
Mariano Cano
5017b7d21f Recalculate token id instead of validating it. 2020-12-17 14:52:34 -08:00
Mariano Cano
86c947babc Upgrade crypto and fix test. 2020-12-17 14:17:08 -08:00
Mariano Cano
0cf594a003 Validate payload ID.
Related to #435
2020-12-17 13:35:14 -08:00
Mariano Cano
d6ea8b13ab Upgrade crypto.
Related to #435
2020-12-17 13:34:50 -08:00
Mariano Cano
1feb4fcb26 Merge branch 'glance--sshagentkms' 2020-11-18 17:53:15 -08:00
Mariano Cano
ccc403cf89 Fix comments, and return an error instead of fatal. 2020-11-18 17:50:21 -08:00
Mariano Cano
7d9997618f Upgrade crypto to v0.7.1
Add basic constraints extensions if defined.
2020-11-18 16:57:24 -08:00
max furman
19a3cd10a1 [docs] provisioners fix attr dupe and give warning about stale docs 2020-11-18 16:57:24 -08:00