AB#2200 Merge Owner and Cluster ID (#282)

* Merge Owner and Cluster ID into single value * Remove aTLS from KMS, as it is no longer used for cluster external communication * Update verify command to use cluster-id instead of unique-id flag * Remove owner ID from init output Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2025-08-20 20:48:12 -04:00 · 2022-07-26 10:58:39 +02:00 · 2022-07-26 10:58:39 +02:00 · db79784045
commit db79784045
parent 48d614c959
57 changed files with 746 additions and 585 deletions
--- a/bootstrapper/util/util.go
+++ b/bootstrapper/util/util.go
@ -1,42 +1,9 @@
 package util

 import (
-	"crypto/rand"
-	"crypto/sha256"
-	"io"
-	"math/big"
 	"net"
-
-	"golang.org/x/crypto/hkdf"
 )

-// DeriveKey derives a key from a secret.
-//
-// TODO: decide on a secure key derivation function.
-func DeriveKey(secret, salt, info []byte, length uint) ([]byte, error) {
-	hkdf := hkdf.New(sha256.New, secret, salt, info)
-	key := make([]byte, length)
-	if _, err := io.ReadFull(hkdf, key); err != nil {
-		return nil, err
-	}
-	return key, nil
-}
-
-// GenerateCertificateSerialNumber generates a random serial number for an X.509 certificate.
-func GenerateCertificateSerialNumber() (*big.Int, error) {
-	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
-	return rand.Int(rand.Reader, serialNumberLimit)
-}
-
-// GenerateRandomBytes reads length bytes from getrandom(2) if available, /dev/urandom otherwise.
-func GenerateRandomBytes(length int) ([]byte, error) {
-	nonce := make([]byte, length)
-	if _, err := rand.Read(nonce); err != nil {
-		return nil, err
-	}
-	return nonce, nil
-}
-
 func GetIPAddr() (string, error) {
 	conn, err := net.Dial("udp", "8.8.8.8:80")
 	if err != nil {