hatter/local-mini-kms
1
1
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

feat: v0.3.7, yubikey is optional

Browse Source
This commit is contained in:
Hatter Jiang
2024-11-10 18:38:56 +08:00
parent 8918d1d59b
commit ec7aaa9fca
6 changed files with 28 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Cargo.lock generated
View File

@@ -742,7 +742,7 @@ checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89"
[[package]] [[package]]
name = "local-mini-kms" name = "local-mini-kms"
version = "0.3.6" version = "0.3.7"
dependencies = [ dependencies = [
"base64 0.21.7", "base64 0.21.7",
"clap", "clap",

8
Cargo.toml
View File

@@ -1,10 +1,14 @@
[package] [package]
name = "local-mini-kms" name = "local-mini-kms"
version = "0.3.6" version = "0.3.7"
edition = "2021" edition = "2021"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[features]
default = ["yubikey"]
yubikey = ["yubico_manager"]
[dependencies] [dependencies]
zeroize = "1.8" zeroize = "1.8"
clap = "2.34" clap = "2.34"
@@ -22,7 +26,7 @@ rust_util = { version = "0.6", features = ["use_clap"] }
tokio = { version = "1.37", features = ["full"] } tokio = { version = "1.37", features = ["full"] }
hyper = { version = "0.14", features = ["client", "server", "tcp", "http1", "http2"] } hyper = { version = "0.14", features = ["client", "server", "tcp", "http1", "http2"] }
rusqlite = "0.31" rusqlite = "0.31"
yubico_manager = "0.9" yubico_manager = { version = "0.9", optional = true }
rpassword = "7.3" rpassword = "7.3"
rand = "0.8" rand = "0.8"

6
README.md
View File

@@ -2,6 +2,12 @@
Mini-KMS runs local written by Rust Mini-KMS runs local written by Rust
## Build
```shell
cargo build --release [--no-default-features]
```
## Init ## Init
New random master key: New random master key:

13
src/main.rs
View File

@@ -1,18 +1,20 @@
use clap::{App, AppSettings, ArgMatches}; use clap::{App, AppSettings, ArgMatches};
use rust_util::{failure_and_exit, information, success, warning};
use rust_util::util_clap::{Command, CommandError}; use rust_util::util_clap::{Command, CommandError};
use rust_util::{failure_and_exit, information, success, warning};
mod db; mod db;
mod proc; mod proc;
mod jose; mod jose;
mod cli; mod cli;
mod yubikey_hmac;
mod serve; mod serve;
mod serve_common; mod serve_common;
mod serve_status; mod serve_status;
mod serve_init; mod serve_init;
mod serve_encrypt_decrypt; mod serve_encrypt_decrypt;
mod serve_read_write; mod serve_read_write;
#[cfg(feature = "yubikey")]
mod yubikey_hmac;
#[cfg(feature = "yubikey")]
mod yubikey_init_master_key; mod yubikey_init_master_key;
mod serve_datakey; mod serve_datakey;
@@ -48,12 +50,17 @@ fn inner_main() -> CommandError {
let commands: Vec<Box<dyn Command>> = vec![ let commands: Vec<Box<dyn Command>> = vec![
Box::new(cli::CommandImpl), Box::new(cli::CommandImpl),
Box::new(serve::CommandImpl), Box::new(serve::CommandImpl),
#[cfg(feature = "yubikey")]
Box::new(yubikey_init_master_key::CommandImpl), Box::new(yubikey_init_master_key::CommandImpl),
]; ];
let mut features: Vec<String> = vec![];
#[cfg(feature = "yubikey")]
features.push("yubikey".to_string());
let long_about = format!("Local mini KMS, features: [{}]", features.join(", "));
let mut app = App::new(env!("CARGO_PKG_NAME")) let mut app = App::new(env!("CARGO_PKG_NAME"))
.version(env!("CARGO_PKG_VERSION")) .version(env!("CARGO_PKG_VERSION"))
.about(env!("CARGO_PKG_DESCRIPTION")) .about(env!("CARGO_PKG_DESCRIPTION"))
.long_about("Local mini KMS") .long_about(long_about.as_str())
.setting(AppSettings::ColoredHelp); .setting(AppSettings::ColoredHelp);
app = DefaultCommandImpl::process_command(app); app = DefaultCommandImpl::process_command(app);
for command in &commands { for command in &commands {

3
src/serve.rs
View File

@@ -16,6 +16,7 @@ use crate::serve_init;
use crate::serve_init::InitRequest; use crate::serve_init::InitRequest;
use crate::serve_read_write; use crate::serve_read_write;
use crate::serve_status; use crate::serve_status;
#[cfg(feature = "yubikey")]
use crate::yubikey_hmac; use crate::yubikey_hmac;
use crate::{db, jose, proc}; use crate::{db, jose, proc};
use crate::{do_response, serve_datakey}; use crate::{do_response, serve_datakey};
@@ -42,6 +43,7 @@ impl Command for CommandImpl {
} }
let rt = Runtime::new().expect("Create tokio runtime error"); let rt = Runtime::new().expect("Create tokio runtime error");
#[cfg(feature = "yubikey")]
init_with_yubikey_challenge(&rt, sub_arg_matches); init_with_yubikey_challenge(&rt, sub_arg_matches);
let listen = sub_arg_matches.value_of("listen").expect("Get argument listen error"); let listen = sub_arg_matches.value_of("listen").expect("Get argument listen error");
@@ -175,6 +177,7 @@ Supports commands:
} }
} }
#[cfg(feature = "yubikey")]
fn init_with_yubikey_challenge(rt: &Runtime, sub_arg_matches: &ArgMatches) { fn init_with_yubikey_challenge(rt: &Runtime, sub_arg_matches: &ArgMatches) {
let mut yubikey_challenge = sub_arg_matches.value_of("yubikey-challenge").map(ToString::to_string); let mut yubikey_challenge = sub_arg_matches.value_of("yubikey-challenge").map(ToString::to_string);
let init_encrypted_master_key = sub_arg_matches.value_of("init-encrypted-master-key"); let init_encrypted_master_key = sub_arg_matches.value_of("init-encrypted-master-key");

2
src/serve_init.rs
View File

@@ -11,6 +11,7 @@ use zeroize::Zeroize;
use crate::db::Key; use crate::db::Key;
use crate::do_response; use crate::do_response;
use crate::serve_common::{self, Result}; use crate::serve_common::{self, Result};
#[cfg(feature = "yubikey")]
use crate::yubikey_hmac; use crate::yubikey_hmac;
use crate::{db, jose}; use crate::{db, jose};
@@ -81,6 +82,7 @@ pub async fn inner_init_request(init_request: InitRequest) -> XResult<(StatusCod
} }
information!("Set master key success"); information!("Set master key success");
#[cfg(feature = "yubikey")]
if let Some(yubikey_challenge) = &init_request.yubikey_challenge { if let Some(yubikey_challenge) = &init_request.yubikey_challenge {
match yubikey_hmac::yubikey_challenge_as_32_bytes(yubikey_challenge.as_bytes()) { match yubikey_hmac::yubikey_challenge_as_32_bytes(yubikey_challenge.as_bytes()) {
Err(e) => warning!("Yubikey challenge failed: {}", e), Err(e) => warning!("Yubikey challenge failed: {}", e),