Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade go-piv to v2.2.0 #604

Merged
merged 3 commits into from
Oct 3, 2024
Merged

Upgrade go-piv to v2.2.0 #604

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
563e582
Bump github.com/go-piv/piv-go from 1.11.0 to 2.0.0+incompatible
dependabot[bot] Oct 3, 2024
2444fda
Upgrade to `go-piv` @ `v2.2.0`
hslatman Oct 3, 2024
aca4766
Fix linter issues
hslatman Oct 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ require (
github.com/aws/aws-sdk-go-v2/config v1.27.39
github.com/aws/aws-sdk-go-v2/service/kms v1.36.3
github.com/go-jose/go-jose/v3 v3.0.3
github.com/go-piv/piv-go v1.11.0
github.com/go-piv/piv-go/v2 v2.2.0
github.com/golang/mock v1.6.0
github.com/google/go-tpm v0.9.1
github.com/google/go-tpm-tools v0.4.4
Expand Down
4 changes: 2 additions & 2 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -303,8 +303,8 @@ github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
github.com/go-piv/piv-go v1.11.0 h1:5vAaCdRTFSIW4PeqMbnsDlUZ7odMYWnHBDGdmtU/Zhg=
github.com/go-piv/piv-go v1.11.0/go.mod h1:NZ2zmjVkfFaL/CF8cVQ/pXdXtuj110zEKGdJM6fJZZM=
github.com/go-piv/piv-go/v2 v2.2.0 h1:kOcyd7+JiKLF1BtGUO6vg7XlDJLhchinoMuksOpWBEI=
github.com/go-piv/piv-go/v2 v2.2.0/go.mod h1:ShZi74nnrWNQEdWzRUd/3cSig3uNOcEZp+EWl0oewnI=
github.com/go-playground/locales v0.12.1/go.mod h1:IUMDtCfWo/w/mtMfIE/IG2K+Ey3ygWanZIBtBW0W2TM=
github.com/go-playground/universal-translator v0.16.0/go.mod h1:1AnU7NaIRDWWzGEKwgtJRd2xk99HeFyHw3yid4rvQIY=
github.com/go-redis/redis v6.15.9+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
Expand Down
11 changes: 6 additions & 5 deletions kms/yubikey/yubikey.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,9 @@ import (
"strings"
"sync"

"github.com/go-piv/piv-go/piv"
"github.com/go-piv/piv-go/v2/piv"
"github.com/pkg/errors"

"go.step.sm/crypto/kms/apiv1"
"go.step.sm/crypto/kms/uri"
)
Expand All @@ -34,13 +35,13 @@ type YubiKey struct {
yk pivKey
pin string
card string
managementKey [24]byte
managementKey []byte
}

type pivKey interface {
Certificate(slot piv.Slot) (*x509.Certificate, error)
SetCertificate(key [24]byte, slot piv.Slot, cert *x509.Certificate) error
GenerateKey(key [24]byte, slot piv.Slot, opts piv.Key) (crypto.PublicKey, error)
SetCertificate(key []byte, slot piv.Slot, cert *x509.Certificate) error
GenerateKey(key []byte, slot piv.Slot, opts piv.Key) (crypto.PublicKey, error)
PrivateKey(slot piv.Slot, public crypto.PublicKey, auth piv.KeyAuth) (crypto.PrivateKey, error)
Attest(slot piv.Slot) (*x509.Certificate, error)
Serial() (uint32, error)
Expand Down Expand Up @@ -122,7 +123,7 @@ func New(_ context.Context, opts apiv1.Options) (*YubiKey, error) {
if len(b) != 24 {
return nil, errors.New("invalid managementKey: length is not 24 bytes")
}
copy(managementKey[:], b[:24])
copy(managementKey, b[:24])
}

if opts.Pin != "" {
Expand Down
1 change: 1 addition & 0 deletions kms/yubikey/yubikey_no_cgo.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (
"path/filepath"

"github.com/pkg/errors"

"go.step.sm/crypto/kms/apiv1"
)

Expand Down
37 changes: 19 additions & 18 deletions kms/yubikey/yubikey_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,10 @@ import (
"sync"
"testing"

"github.com/go-piv/piv-go/piv"
"github.com/go-piv/piv-go/v2/piv"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"

"go.step.sm/crypto/kms/apiv1"
"go.step.sm/crypto/minica"
)
Expand Down Expand Up @@ -147,16 +148,16 @@ func (s *stubPivKey) Certificate(slot piv.Slot) (*x509.Certificate, error) {
return cert, nil
}

func (s *stubPivKey) SetCertificate(key [24]byte, slot piv.Slot, cert *x509.Certificate) error {
if !bytes.Equal(piv.DefaultManagementKey[:], key[:]) {
func (s *stubPivKey) SetCertificate(key []byte, slot piv.Slot, cert *x509.Certificate) error {
if !bytes.Equal(piv.DefaultManagementKey, key) {
return errors.New("missing or invalid management key")
}
s.certMap[slot] = cert
return nil
}

func (s *stubPivKey) GenerateKey(key [24]byte, slot piv.Slot, opts piv.Key) (crypto.PublicKey, error) {
if !bytes.Equal(piv.DefaultManagementKey[:], key[:]) {
func (s *stubPivKey) GenerateKey(key []byte, slot piv.Slot, opts piv.Key) (crypto.PublicKey, error) {
if !bytes.Equal(piv.DefaultManagementKey, key) {
return nil, errors.New("missing or invalid management key")
}

Expand Down Expand Up @@ -306,7 +307,7 @@ func TestNew(t *testing.T) {
pivMap = sync.Map{}
pivCards = okMultiplePivCards
pivOpen = okPivOpen
}, &YubiKey{yk: yk, pin: "111111", card: "Yubico YubiKey OTP+FIDO+CCID", managementKey: [24]byte{0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0x00, 0x11, 0x22, 0x33}}, false},
}, &YubiKey{yk: yk, pin: "111111", card: "Yubico YubiKey OTP+FIDO+CCID", managementKey: []byte{0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0x00, 0x11, 0x22, 0x33}}, false},
{"ok with uri and serial", args{ctx, apiv1.Options{
URI: "yubikey:serial=112233?pin-value=123456",
}}, func() {
Expand All @@ -329,7 +330,7 @@ func TestNew(t *testing.T) {
pivMap = sync.Map{}
pivCards = okPivCards
pivOpen = okPivOpen
}, &YubiKey{yk: yk, pin: "123456", card: "Yubico YubiKey OTP+FIDO+CCID", managementKey: [24]byte{0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0x00, 0x11, 0x22, 0x33}}, false},
}, &YubiKey{yk: yk, pin: "123456", card: "Yubico YubiKey OTP+FIDO+CCID", managementKey: []byte{0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0x00, 0x11, 0x22, 0x33}}, false},
{"fail uri", args{ctx, apiv1.Options{URI: "badschema:"}}, func() {
pivMap = sync.Map{}
pivCards = okPivCards
Expand Down Expand Up @@ -390,7 +391,7 @@ func TestYubiKey_LoadCertificate(t *testing.T) {
type fields struct {
yk pivKey
pin string
managementKey [24]byte
managementKey []byte
}
type args struct {
req *apiv1.LoadCertificateRequest
Expand Down Expand Up @@ -450,7 +451,7 @@ func TestYubiKey_StoreCertificate(t *testing.T) {
type fields struct {
yk pivKey
pin string
managementKey [24]byte
managementKey []byte
}
type args struct {
req *apiv1.StoreCertificateRequest
Expand All @@ -472,7 +473,7 @@ func TestYubiKey_StoreCertificate(t *testing.T) {
Name: "slot-id=9c",
Certificate: cert,
}}, true},
{"fail setCertificate", fields{yk, "123456", [24]byte{}}, args{&apiv1.StoreCertificateRequest{
{"fail setCertificate", fields{yk, "123456", []byte{}}, args{&apiv1.StoreCertificateRequest{
Name: "yubikey:slot-id=9c",
Certificate: cert,
}}, true},
Expand All @@ -497,7 +498,7 @@ func TestYubiKey_GetPublicKey(t *testing.T) {
type fields struct {
yk pivKey
pin string
managementKey [24]byte
managementKey []byte
}
type args struct {
req *apiv1.GetPublicKeyRequest
Expand Down Expand Up @@ -544,7 +545,7 @@ func TestYubiKey_CreateKey(t *testing.T) {
type fields struct {
yk pivKey
pin string
managementKey [24]byte
managementKey []byte
}
type args struct {
req *apiv1.CreateKeyRequest
Expand Down Expand Up @@ -680,7 +681,7 @@ func TestYubiKey_CreateKey(t *testing.T) {
Name: "yubikey:foo=82",
SignatureAlgorithm: apiv1.ECDSAWithSHA256,
}}, func() *apiv1.CreateKeyResponse { return nil }, true},
{"fail generateKey", fields{yk, "123456", [24]byte{}}, args{&apiv1.CreateKeyRequest{
{"fail generateKey", fields{yk, "123456", []byte{}}, args{&apiv1.CreateKeyRequest{
Name: "yubikey:slot-id=82",
SignatureAlgorithm: apiv1.ECDSAWithSHA256,
}}, func() *apiv1.CreateKeyResponse { return nil }, true},
Expand Down Expand Up @@ -711,7 +712,7 @@ func TestYubiKey_CreateKey_policies(t *testing.T) {
type fields struct {
yk pivKey
pin string
managementKey [24]byte
managementKey []byte
}
type args struct {
req *apiv1.CreateKeyRequest
Expand Down Expand Up @@ -867,7 +868,7 @@ func TestYubiKey_CreateSigner(t *testing.T) {
type fields struct {
yk pivKey
pin string
managementKey [24]byte
managementKey []byte
}
type args struct {
req *apiv1.CreateSignerRequest
Expand Down Expand Up @@ -929,7 +930,7 @@ func TestYubiKey_CreateDecrypter(t *testing.T) {
type fields struct {
yk pivKey
pin string
managementKey [24]byte
managementKey []byte
}
type args struct {
req *apiv1.CreateDecrypterRequest
Expand Down Expand Up @@ -991,7 +992,7 @@ func TestYubiKey_CreateAttestation(t *testing.T) {
type fields struct {
yk pivKey
pin string
managementKey [24]byte
managementKey []byte
}
type args struct {
req *apiv1.CreateAttestationRequest
Expand Down Expand Up @@ -1079,7 +1080,7 @@ func TestYubiKey_Close(t *testing.T) {
type fields struct {
yk pivKey
pin string
managementKey [24]byte
managementKey []byte
}
tests := []struct {
name string
Expand Down