hatter/local-mini-kms
1
1
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

feat: v0.1.0

Browse Source
This commit is contained in:
Hatter Jiang
2022-07-24 23:44:05 +08:00
parent 3c8e12a8d2
commit b15da58154
5 changed files with 307 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
src/jose.rs
View File

@@ -6,6 +6,7 @@ use josekit::jwk::alg::rsa::RsaKeyPair;
use josekit::jwk::Jwk;
use rust_util::XResult;
use serde_json::Value;
use sha2::Digest;
const LOCAL_KMS_PREFIX: &'static str = "LKMS:";
@@ -13,23 +14,24 @@ pub fn generate_rsa_key(bits: u32) -> XResult<RsaKeyPair> {
Ok(RsaKeyPair::generate(bits)?)
}
// pub fn serialize_jwe_rsa(payload: &[u8], jwk: &Jwk) -> XResult<String> {
// let mut header = JweHeader::new();
// header.set_content_encryption("A256GCM");
// header.set_claim("vendor", Some(Value::String("local-mini-kms".to_string())))?;
// let encrypter = RsaesJweAlgorithm::RsaOaep.encrypter_from_jwk(&jwk)?;
// Ok(format!("{}{}", LOCAL_KMS_PREFIX, jwe::serialize_compact(payload, &header, &encrypter)?))
// }
pub fn serialize_jwe_rsa(payload: &[u8], jwk: &Jwk) -> XResult<String> {
let mut header = JweHeader::new();
header.set_content_encryption("A256GCM");
header.set_claim("vendor", Some(Value::String("local-mini-kms".to_string())))?;
let encrypter = RsaesJweAlgorithm::RsaOaep.encrypter_from_jwk(&jwk)?;
Ok(format!("{}{}", LOCAL_KMS_PREFIX, jwe::serialize_compact(payload, &header, &encrypter)?))
}
pub fn deserialize_jwe_rsa(jwe: &str, jwk: &Jwk) -> XResult<(Vec<u8>, JweHeader)> {
let decrypter = RsaesJweAlgorithm::RsaOaep.decrypter_from_jwk(jwk)?;
Ok(jwe::deserialize_json(&get_jwe(jwe), &decrypter)?)
Ok(jwe::deserialize_compact(&get_jwe(jwe), &decrypter)?)
}
pub fn serialize_jwe_aes(payload: &[u8], key: &[u8]) -> XResult<String> {
let mut header = JweHeader::new();
header.set_content_encryption("A256GCM");
header.set_claim("vendor", Some(Value::String("local-mini-kms".to_string())))?;
header.set_claim("version", Some(Value::String(get_master_key_checksum(key))))?;
let encrypter = AeskwJweAlgorithm::A256kw.encrypter_from_bytes(key)?;
Ok(format!("{}{}", LOCAL_KMS_PREFIX, jwe::serialize_compact(payload, &header, &encrypter)?))
}
@@ -39,6 +41,16 @@ pub fn deserialize_jwe_aes(jwe: &str, key: &[u8]) -> XResult<(Vec<u8>, JweHeader
Ok(jwe::deserialize_compact(&get_jwe(jwe), &decrypter)?)
}
fn get_master_key_checksum(key: &[u8]) -> String {
let digest = sha2::Sha256::digest(&key);
let digest = sha2::Sha256::digest(&digest.as_slice());
let digest = sha2::Sha256::digest(&digest.as_slice());
let digest = sha2::Sha256::digest(&digest.as_slice());
let digest = sha2::Sha256::digest(&digest.as_slice());
let digest = sha2::Sha256::digest(&digest.as_slice());
hex::encode(&digest[0..8])
}
fn get_jwe(jwe: &str) -> String {
if jwe.starts_with(LOCAL_KMS_PREFIX) {
jwe.chars().skip(LOCAL_KMS_PREFIX.len()).collect()