Skip to content

Commit

Permalink
added test for CA generation + use SeedSize constant
Browse files Browse the repository at this point in the history 
Previously, I just hard coded 256 as the key length that seeds the key
generation since it worked. Now, it uses ed25519.SeedSize (32) instead.
  • Loading branch information
@miampf
miampf committed Jan 9, 2025
1 parent 3afa72e commit 0cf04f0
Show file tree
Hide file tree
Showing 3 changed files with 38 additions and 2 deletions.
3 changes: 2 additions & 1 deletion bootstrapper/internal/initserver/initserver.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ package initserver
import (
"bufio"
"context"
"crypto/ed25519"
"errors"
"fmt"
"io"
Expand Down Expand Up @@ -225,7 +226,7 @@ func (s *Server) Init(req *initproto.InitRequest, stream initproto.API_InitServe
}

// Derive the emergency ssh CA key
key, err := cloudKms.GetDEK(stream.Context(), crypto.DEKPrefix+constants.SSHCAKeySuffix, 256)
key, err := cloudKms.GetDEK(stream.Context(), crypto.DEKPrefix+constants.SSHCAKeySuffix, ed25519.SeedSize)
if err != nil {
if e := s.sendLogsWithMessage(stream, status.Errorf(codes.Internal, "retrieving DEK for key derivation: %s", err)); e != nil {
err = errors.Join(err, e)
Expand Down
3 changes: 2 additions & 1 deletion cli/internal/cmd/ssh.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ SPDX-License-Identifier: AGPL-3.0-only
package cmd

import (
"crypto/ed25519"
"crypto/rand"
"fmt"
"os"
Expand Down Expand Up @@ -70,7 +71,7 @@ func runSSH(cmd *cobra.Command, _ []string) error {
if err != nil {
return fmt.Errorf("setting up KMS: %s", err)
}
key, err := kms.GetDEK(cmd.Context(), crypto.DEKPrefix+constants.SSHCAKeySuffix, 256)
key, err := kms.GetDEK(cmd.Context(), crypto.DEKPrefix+constants.SSHCAKeySuffix, ed25519.SeedSize)
if err != nil {
return fmt.Errorf("retrieving key from KMS: %s", err)
}
Expand Down
34 changes: 34 additions & 0 deletions internal/crypto/crypto_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ SPDX-License-Identifier: AGPL-3.0-only
package crypto

import (
"crypto/ed25519"
"crypto/x509"
"testing"

Expand Down Expand Up @@ -121,6 +122,39 @@ func TestGenerateRandomBytes(t *testing.T) {
assert.Len(n3, 16)
}

func TestGenerateEmergencySSHCAKey(t *testing.T) {
nullKey := make([]byte, ed25519.SeedSize)
for i := range nullKey {
nullKey[i] = 0x0
}

testCases := map[string]struct {
key []byte
wantErr bool
}{
"invalid key": {
key: make([]byte, 0),
wantErr: true,
},
"valid key": {
key: nullKey,
},
}

for name, tc := range testCases {
t.Run(name, func(t *testing.T) {
assert := assert.New(t)

_, err := GenerateEmergencySSHCAKey(tc.key)
if tc.wantErr {
assert.NotNil(err)
} else {
assert.Nil(err)
}
})
}
}

func TestPemToX509Cert(t *testing.T) {
testCases := map[string]struct {
pemCert []byte
Expand Down

0 comments on commit 0cf04f0

Please sign in to comment.