[keymanager] GenerateKey API - incorporate signature change#677
[keymanager] GenerateKey API - incorporate signature change#677atulpatildbz wants to merge 2 commits intogoogle:mainfrom
Conversation
c6b247e to
65c8d9f
Compare
65c8d9f to
fcb3242
Compare
| if req.Algorithm.Type != "kem" { | ||
| writeError(w, fmt.Sprintf("unsupported algorithm type: %q. Only 'kem' is supported.", req.Algorithm.Type), http.StatusBadRequest) | ||
| return | ||
| } | ||
|
|
There was a problem hiding this comment.
How do we make this check future proof, since we will also be using this to generate signing keys in future?
There was a problem hiding this comment.
added a switch case here. that can be extended once we support new keys
| if req.KeyProtectionMechanism == KeyProtectionMechanismUnspecified { | ||
| req.KeyProtectionMechanism = KeyProtectionMechanismVMEmulated | ||
| } | ||
| if !req.KeyProtectionMechanism.IsSupported() { | ||
| writeError(w, fmt.Sprintf("unsupported keyProtectionMechanism: %s", req.KeyProtectionMechanism), http.StatusBadRequest) | ||
| return |
There was a problem hiding this comment.
GenerateKey does not have a KeyProtectionMechanism in the param anymore.
There was a problem hiding this comment.
thanks. somehow i had missed this. removed
| KemID: KemAlgorithmDHKEMX25519HKDFSHA256, | ||
| }, | ||
| }, | ||
| KeyProtectionMechanism: KeyProtectionMechanismVMEmulated, |
There was a problem hiding this comment.
Same KeyProtectionMechanism param anymore.
| KeyProtectionMechanismUnspecified: "KEY_PROTECTION_UNSPECIFIED", | ||
| KeyProtectionMechanismDefault: "DEFAULT", | ||
| KeyProtectionMechanismVM: "KEY_PROTECTION_VM", | ||
| KeyProtectionMechanismVMEmulated: "KEY_PROTECTION_VM_EMULATED", |
There was a problem hiding this comment.
Instead of two definitions, can we use the proto as the SoT? https://github.com/google/go-tpm-tools/pull/671/changes#diff-1bc4cf1b75525a6d94e7cf9573d1efbc30dc9015819879d337aa365be34e5ba5R15-R23
There was a problem hiding this comment.
removed this entirely
d5c867b to
a7a2b09
Compare
f26280f to
cb4e9af
Compare
Key changes: - Renamed endpoint from /v1/keys:generate_kem to /v1/keys:generate_key. - Restructured `GenerateKeyRequest` to use a nested `Algorithm` definition containing `Type` and an algorithm-specific `Params` object with `kem_id`. - Added support for `KEY_PROTECTION_VM_EMULATED` in the KeyProtectionMechanism enum and established this as the default and only supported mechanism for Vanguard so far. - Validated lifecycle configurations and parsed `Algorithm` appropriately according to updated schemas. - Updated associated unit and integration tests (server_test.go, integration_test.go) to use the new endpoints and the new request signature.
* Refactor GenerateKey algorithm validation to support future key types * remove KeyProtectionMechanism
cb4e9af to
5e805cc
Compare
GenerateKeyRequestto use a nestedAlgorithmdefinition containingTypeand an algorithm-specificParamsobject withkem_id.KEY_PROTECTION_VM_EMULATEDin the KeyProtectionMechanism enum and established this as the default and only supported mechanism for Vanguard so far.Algorithmappropriately according to updated schemas.Manually tested with :
result: