-
Notifications
You must be signed in to change notification settings - Fork 35
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
AUT-252: add new public functions to crypto11 that allow us to genera…
…te keys with libkmsp11 (#987) * feat: bump rsa key in signer_test.go to 2048 bits I'd like to re-use this same key in the soon-to-be-added tests for GCPHSM, which doesn't support 1024 bit keys. * AUT-252: add new public functions to crypto11 that allow us to generate keys with libkmsp11 libkmsp11 does not accept any attributes on public keys, and very limited attributes on private keys. To accommodate this, I'm adding new public functions to crypto11 that allow us to fully specify the attributes for a new key creation request. The default attributes have been kept for the current functions to allow us to preserve backwards compatible for AWS. This means that we'll end up making different calls in MakeKey depending on whether we're in GCP or AWS, but I think it's preferable to removing the default attributes altogether, which we already know work fine for AWS. The new functions have been tested in bhearsum/crypto11-test-gcp@1094ddd (technically we could do some testing directly here or in Autograph if we injected the right things to avoid actually calling into libkmsp11...but I haven't been able to convince myself that it's worth spending the time doing it). A possible alternative here would be to add a separate method in crypto11 that uses the correct values for GCP, but I'm not sure that level of hardcoding is a great idea. * feat: add GCPHSM implementation
- Loading branch information
Showing
5 changed files
with
399 additions
and
76 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.