micro-tss 0.1.0

A simple implementation of a Tatsu Signing Server.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

# micro-tss

Micro TSS is a very simple implementation of a [Tatsu Signing Server](https://theapplewiki.com/wiki/Tatsu_Signing_Server) 
that mimics the way gs.apple.com/TSS/controller server works.

## Configuration file format

Configuration file for **micro-tss** is a Property List file that may contain the following entries:

* **ListenAddr** (required): A string containing an IPv4/IPv6 address and a port separated with a colon 
  that the server will bind to (e.g. `"127.0.0.1:3000"`).
* **ForwardLocalPolicy** (optional): A boolean value specifying whether local policy requests should be
  forwarded to `gs.apple.com`. Default is `false`.
* **ApTicketSigner** (required): A dictionary containing parameters used to sign APTickets (see below).
* **LocalPolicySigner** (required): A dictionary containing parameters used to sign local policies (see 
  below).

An example of a configuration file is the `config.example.plist` file contained in this repository.

### "Signer" dictionaries

* **CertificateChainPath** (required): A string containing a path to a file containing a PEM-encoded 
  certificate chain.
* **PrivateKeyPath** (required): A string containing a path to a file containing a PEM-encoded PCKS1 
  (for RSA) or PKCS8/SEC1 (for ECC) private key. Only NIST P256 and P384 keys are supported.
* **DigestAlgorithm**: The value is one of `"sha1"`, `"sha256"` and `"sha384"`. All three can be used
  with RSA keys and thus this is a **required parameter** in that case. For ECC keys `"sha256"` can
  be used with NIST P256 keys and `"sha384"` with NIST P384 and thus the parameter is **optional**.

## Minimum Supported Rust Version

This crate requires at least **Rust 1.74**. An MSRV change will be accompanied by a minor version bump.

## License

Licensed under either of

* Apache License, Version 2.0
  ([LICENSE-APACHE](LICENSE-APACHE) or http://www.apache.org/licenses/LICENSE-2.0)
* MIT license
  ([LICENSE-MIT](LICENSE-MIT) or http://opensource.org/licenses/MIT)

at your option.

## Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted
for inclusion in the work by you, as defined in the Apache-2.0 license, shall be
dual licensed as above, without any additional terms or conditions.