Skip to content

Commit bbccf9e

Browse files
committed
Refactor Enumerate Keys API Go implementation
1 parent 8a0f86c commit bbccf9e

File tree

5 files changed

+38
-26
lines changed

5 files changed

+38
-26
lines changed

keymanager/key_protection_service/key_custody_core/kps_key_custody_core_cgo.go

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -91,11 +91,15 @@ func EnumerateKEMKeys() ([]KEMKeyInfo, error) {
9191
bindingPubKey := make([]byte, e.binding_pub_key_len)
9292
copy(bindingPubKey, C.GoBytes(unsafe.Pointer(&e.binding_pub_key[0]), C.int(e.binding_pub_key_len)))
9393

94+
algoBytes := C.GoBytes(unsafe.Pointer(&e.algorithm[0]), C.int(e.algorithm_len))
95+
algo := &algorithms.HpkeAlgorithm{}
96+
if err := proto.Unmarshal(algoBytes, algo); err != nil {
97+
return nil, fmt.Errorf("failed to unmarshal algorithm for key %d: %w", i, err)
98+
}
99+
94100
result[i] = KEMKeyInfo{
95101
ID: id,
96-
KemAlgorithm: int32(e.algorithm.kem),
97-
KdfAlgorithm: int32(e.algorithm.kdf),
98-
AeadAlgorithm: int32(e.algorithm.aead),
102+
Algorithm: algo,
99103
KEMPubKey: kemPubKey,
100104
BindingPubKey: bindingPubKey,
101105
RemainingLifespanSecs: uint64(e.remaining_lifespan_secs),

keymanager/key_protection_service/key_custody_core/types.go

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,15 @@
11
package kpskcc
22

3-
import "github.com/google/uuid"
3+
import (
4+
algorithms "github.com/google/go-tpm-tools/keymanager/km_common/proto"
5+
"github.com/google/uuid"
6+
)
47

8+
// KEMKeyInfo holds metadata for a single KEM key returned by EnumerateKEMKeys.
59
// KEMKeyInfo holds metadata for a single KEM key returned by EnumerateKEMKeys.
610
type KEMKeyInfo struct {
711
ID uuid.UUID
8-
KemAlgorithm int32
9-
KdfAlgorithm int32
10-
AeadAlgorithm int32
12+
Algorithm *algorithms.HpkeAlgorithm
1113
KEMPubKey []byte
1214
BindingPubKey []byte
1315
RemainingLifespanSecs uint64

keymanager/key_protection_service/service_test.go

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -63,10 +63,12 @@ func TestServiceGenerateKEMKeypairError(t *testing.T) {
6363
func TestServiceEnumerateKEMKeysSuccess(t *testing.T) {
6464
expectedKeys := []kpskcc.KEMKeyInfo{
6565
{
66-
ID: uuid.New(),
67-
KemAlgorithm: 1,
68-
KdfAlgorithm: 1,
69-
AeadAlgorithm: 1,
66+
ID: uuid.New(),
67+
Algorithm: &algorithms.HpkeAlgorithm{
68+
Kem: algorithms.KemAlgorithm_KEM_ALGORITHM_DHKEM_X25519_HKDF_SHA256,
69+
Kdf: algorithms.KdfAlgorithm_KDF_ALGORITHM_HKDF_SHA256,
70+
Aead: algorithms.AeadAlgorithm_AEAD_ALGORITHM_AES_256_GCM,
71+
},
7072
KEMPubKey: make([]byte, 32),
7173
BindingPubKey: make([]byte, 32),
7274
RemainingLifespanSecs: 3500,

keymanager/workload_service/server.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -191,14 +191,14 @@ func (s *Server) handleEnumerateKeys(w http.ResponseWriter, r *http.Request) {
191191
BoundKemInfo: &BoundKEMInfo{
192192
KeyHandle: KeyHandle{Handle: k.ID.String()},
193193
KemPubKey: KemPublicKey{
194-
Algorithm: KemAlgorithm(k.KemAlgorithm),
194+
Algorithm: KemAlgorithm(k.Algorithm.Kem),
195195
PublicKey: base64.StdEncoding.EncodeToString(k.KEMPubKey),
196196
},
197197
BindingPubKey: HpkePublicKey{
198198
Algorithm: HpkeAlgorithm{
199-
Kem: KemAlgorithm(k.KemAlgorithm),
200-
Kdf: KdfAlgorithm(k.KdfAlgorithm),
201-
Aead: AeadAlgorithm(k.AeadAlgorithm),
199+
Kem: KemAlgorithm(k.Algorithm.Kem),
200+
Kdf: KdfAlgorithm(k.Algorithm.Kdf),
201+
Aead: AeadAlgorithm(k.Algorithm.Aead),
202202
},
203203
PublicKey: base64.StdEncoding.EncodeToString(k.BindingPubKey),
204204
},

keymanager/workload_service/server_test.go

Lines changed: 15 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -205,9 +205,9 @@ func TestHandleGenerateKemBadJSON(t *testing.T) {
205205
body string
206206
}{
207207
{"not json", "not json"},
208-
{"lifespan as string", `{"algorithm":1,"key_protection_mechanism":2,"lifespan":"3600"}`},
209-
{"lifespan as string with suffix", `{"algorithm":1,"key_protection_mechanism":2,"lifespan":"3600s"}`},
210-
{"lifespan negative", `{"algorithm":1,"key_protection_mechanism":2,"lifespan":-1}`},
208+
{"lifespan as integer", `{"algorithm":1,"key_protection_mechanism":2,"lifespan":3600}`},
209+
{"lifespan missing s suffix", `{"algorithm":1,"key_protection_mechanism":2,"lifespan":"3600"}`},
210+
{"lifespan negative", `{"algorithm":1,"key_protection_mechanism":2,"lifespan":"-1s"}`},
211211
}
212212

213213
for _, tc := range badBodies {
@@ -342,19 +342,23 @@ func TestHandleEnumerateKeysWithKeys(t *testing.T) {
342342
mockEnum := &mockKEMKeyEnumerator{
343343
keys: []kpskcc.KEMKeyInfo{
344344
{
345-
ID: kem1,
346-
KemAlgorithm: 1,
347-
KdfAlgorithm: 1,
348-
AeadAlgorithm: 1,
345+
ID: kem1,
346+
Algorithm: &algorithms.HpkeAlgorithm{
347+
Kem: algorithms.KemAlgorithm_KEM_ALGORITHM_DHKEM_X25519_HKDF_SHA256,
348+
Kdf: algorithms.KdfAlgorithm_KDF_ALGORITHM_HKDF_SHA256,
349+
Aead: algorithms.AeadAlgorithm_AEAD_ALGORITHM_AES_256_GCM,
350+
},
349351
KEMPubKey: kemPubKey1,
350352
BindingPubKey: bindingPubKey1,
351353
RemainingLifespanSecs: 3500,
352354
},
353355
{
354-
ID: kem2,
355-
KemAlgorithm: 1,
356-
KdfAlgorithm: 1,
357-
AeadAlgorithm: 1,
356+
ID: kem2,
357+
Algorithm: &algorithms.HpkeAlgorithm{
358+
Kem: algorithms.KemAlgorithm_KEM_ALGORITHM_DHKEM_X25519_HKDF_SHA256,
359+
Kdf: algorithms.KdfAlgorithm_KDF_ALGORITHM_HKDF_SHA256,
360+
Aead: algorithms.AeadAlgorithm_AEAD_ALGORITHM_AES_256_GCM,
361+
},
358362
KEMPubKey: kemPubKey2,
359363
BindingPubKey: bindingPubKey2,
360364
RemainingLifespanSecs: 7100,

0 commit comments

Comments
 (0)