Additional documentation; rustfmt pass; extract stress test loop

author: Stuart Stock <stuart@int08h.com> 2018-10-27 13:22:53 -0500
committer: Stuart Stock <stuart@int08h.com> 2018-10-27 13:22:53 -0500
commit: f84d4d7907e49294a04e3cf8ca14fe0e15382c0d (patch)
tree: 19c6a6d031872f94d75dc6ac05bf988dda0aeaa9 /src/config
parent: 388976db0419127384055810ba54f0610d1069b9 (diff)
download: roughenough-f84d4d7907e49294a04e3cf8ca14fe0e15382c0d.zip
4 files changed, 41 insertions, 36 deletions
diff --git a/src/config/environment.rs b/src/config/environment.rs
index 797f422..fa96185 100644
--- a/src/config/environment.rs
+++ b/src/config/environment.rs
@@ -19,7 +19,7 @@ use std::time::Duration;
 
 use config::ServerConfig;
 use config::{DEFAULT_BATCH_SIZE, DEFAULT_STATUS_INTERVAL};
-use key::KeyProtection;
+use key::KmsProtection;
 use Error;
 
 ///
@@ -33,7 +33,7 @@ use Error;
 ///   seed              | `ROUGHENOUGH_SEED`
 ///   batch_size        | `ROUGHENOUGH_BATCH_SIZE`
 ///   status_interval   | `ROUGHENOUGH_STATUS_INTERVAL`
-///   key_protection    | `ROUGHENOUGH_KEY_PROTECTION`
+///   kms_protection    | `ROUGHENOUGH_KMS_PROTECTION`
 ///   health_check_port | `ROUGHENOUGH_HEALTH_CHECK_PORT`
 ///
 pub struct EnvironmentConfig {
@@ -42,7 +42,7 @@ pub struct EnvironmentConfig {
     seed: Vec<u8>,
     batch_size: u8,
     status_interval: Duration,
-    key_protection: KeyProtection,
+    kms_protection: KmsProtection,
     health_check_port: Option<u16>,
 }
 
@@ -51,7 +51,7 @@ const ROUGHENOUGH_INTERFACE: &str = "ROUGHENOUGH_INTERFACE";
 const ROUGHENOUGH_SEED: &str = "ROUGHENOUGH_SEED";
 const ROUGHENOUGH_BATCH_SIZE: &str = "ROUGHENOUGH_BATCH_SIZE";
 const ROUGHENOUGH_STATUS_INTERVAL: &str = "ROUGHENOUGH_STATUS_INTERVAL";
-const ROUGHENOUGH_KEY_PROTECTION: &str = "ROUGHENOUGH_KEY_PROTECTION";
+const ROUGHENOUGH_KMS_PROTECTION: &str = "ROUGHENOUGH_KMS_PROTECTION";
 const ROUGHENOUGH_HEALTH_CHECK_PORT: &str = "ROUGHENOUGH_HEALTH_CHECK_PORT";
 
 impl EnvironmentConfig {
@@ -62,7 +62,7 @@ impl EnvironmentConfig {
             seed: Vec::new(),
             batch_size: DEFAULT_BATCH_SIZE,
             status_interval: DEFAULT_STATUS_INTERVAL,
-            key_protection: KeyProtection::Plaintext,
+            kms_protection: KmsProtection::Plaintext,
             health_check_port: None,
         };
 
@@ -95,10 +95,10 @@ impl EnvironmentConfig {
             cfg.status_interval = Duration::from_secs(u64::from(val));
         };
 
-        if let Ok(key_protection) = env::var(ROUGHENOUGH_KEY_PROTECTION) {
-            cfg.key_protection = key_protection
+        if let Ok(kms_protection) = env::var(ROUGHENOUGH_KMS_PROTECTION) {
+            cfg.kms_protection = kms_protection
                 .parse()
-                .unwrap_or_else(|_| panic!("invalid key_protection value: {}", key_protection));
+                .unwrap_or_else(|_| panic!("invalid kms_protection value: {}", kms_protection));
         }
 
         if let Ok(health_check_port) = env::var(ROUGHENOUGH_HEALTH_CHECK_PORT) {
@@ -134,8 +134,8 @@ impl ServerConfig for EnvironmentConfig {
         self.status_interval
     }
 
-    fn key_protection(&self) -> &KeyProtection {
-        &self.key_protection
+    fn kms_protection(&self) -> &KmsProtection {
+        &self.kms_protection
     }
 
     fn health_check_port(&self) -> Option<u16> {
diff --git a/src/config/file.rs b/src/config/file.rs
index b70392d..d3ec64a 100644
--- a/src/config/file.rs
+++ b/src/config/file.rs
@@ -21,7 +21,7 @@ use yaml_rust::YamlLoader;
 
 use config::ServerConfig;
 use config::{DEFAULT_BATCH_SIZE, DEFAULT_STATUS_INTERVAL};
-use key::KeyProtection;
+use key::KmsProtection;
 use Error;
 
 ///
@@ -42,7 +42,7 @@ pub struct FileConfig {
     seed: Vec<u8>,
     batch_size: u8,
     status_interval: Duration,
-    key_protection: KeyProtection,
+    kms_protection: KmsProtection,
     health_check_port: Option<u16>,
 }
 
@@ -69,7 +69,7 @@ impl FileConfig {
             seed: Vec::new(),
             batch_size: DEFAULT_BATCH_SIZE,
             status_interval: DEFAULT_STATUS_INTERVAL,
-            key_protection: KeyProtection::Plaintext,
+            kms_protection: KmsProtection::Plaintext,
             health_check_port: None,
         };
 
@@ -87,13 +87,12 @@ impl FileConfig {
                     let val = value.as_i64().expect("status_interval value invalid");
                     config.status_interval = Duration::from_secs(val as u64)
                 }
-                "key_protection" => {
-                    let val = value
-                        .as_str()
-                        .unwrap()
-                        .parse()
-                        .unwrap_or_else(|_| panic!("invalid key_protection value: {:?}", value));
-                    config.key_protection = val
+                "kms_protection" => {
+                    let val =
+                        value.as_str().unwrap().parse().unwrap_or_else(|_| {
+                            panic!("invalid kms_protection value: {:?}", value)
+                        });
+                    config.kms_protection = val
                 }
                 "health_check_port" => {
                     let val = value.as_i64().unwrap() as u16;
@@ -133,8 +132,8 @@ impl ServerConfig for FileConfig {
         self.status_interval
     }
 
-    fn key_protection(&self) -> &KeyProtection {
-        &self.key_protection
+    fn kms_protection(&self) -> &KmsProtection {
+        &self.kms_protection
     }
 
     fn health_check_port(&self) -> Option<u16> {
diff --git a/src/config/memory.rs b/src/config/memory.rs
index 47480d6..e3aae7e 100644
--- a/src/config/memory.rs
+++ b/src/config/memory.rs
@@ -14,7 +14,7 @@
 
 use config::ServerConfig;
 use config::{DEFAULT_BATCH_SIZE, DEFAULT_STATUS_INTERVAL};
-use key::KeyProtection;
+use key::KmsProtection;
 use std::time::Duration;
 
 use hex;
@@ -28,7 +28,7 @@ pub struct MemoryConfig {
     pub seed: Vec<u8>,
     pub batch_size: u8,
     pub status_interval: Duration,
-    pub key_protection: KeyProtection,
+    pub kms_protection: KmsProtection,
     pub health_check_port: Option<u16>,
 }
 
@@ -41,8 +41,8 @@ impl MemoryConfig {
                 .unwrap(),
             batch_size: DEFAULT_BATCH_SIZE,
             status_interval: DEFAULT_STATUS_INTERVAL,
-            key_protection: KeyProtection::Plaintext,
-            health_check_port: None
+            kms_protection: KmsProtection::Plaintext,
+            health_check_port: None,
         }
     }
 }
@@ -68,8 +68,8 @@ impl ServerConfig for MemoryConfig {
         self.status_interval
     }
 
-    fn key_protection(&self) -> &KeyProtection {
-        &self.key_protection
+    fn kms_protection(&self) -> &KmsProtection {
+        &self.kms_protection
     }
 
     fn health_check_port(&self) -> Option<u16> {
diff --git a/src/config/mod.rs b/src/config/mod.rs
index b0ff9b4..b73892f 100644
--- a/src/config/mod.rs
+++ b/src/config/mod.rs
@@ -37,7 +37,7 @@ pub use self::environment::EnvironmentConfig;
 mod memory;
 pub use self::memory::MemoryConfig;
 
-use key::KeyProtection;
+use key::KmsProtection;
 use Error;
 
 /// Maximum number of requests to process in one batch and include the the Merkle tree.
@@ -56,17 +56,19 @@ pub const DEFAULT_STATUS_INTERVAL: Duration = Duration::from_secs(600);
 /// --- | --- | --- | ---
 /// `interface` | `ROUGHENOUGH_INTERFACE` | Required | IP address or interface name for listening to client requests
 /// `port` | `ROUGHENOUGH_PORT` | Required | UDP port to listen for requests
-/// `seed` | `ROUGHENOUGH_SEED` | Required | A 32-byte hexadecimal value used to generate the server's long-term key pair. **This is a secret value and must be un-guessable**, treat it with care.
-/// `batch_size` | `ROUGHENOUGH_BATCH_SIZE` | Optional | The maximum number of requests to process in one batch. All nonces in a batch are used to build a Merkle tree, the root of which is signed. Defaults to [DEFAULT_BATCH_SIZE](constant.DEFAULT_BATCH_SIZE.html) requests per batch.
-/// `status_interval` | `ROUGHENOUGH_STATUS_INTERVAL` | Optional | Number of _seconds_ between each logged status update. Default value is [DEFAULT_STATUS_INTERVAL](constant.DEFAULT_STATUS_INTERVAL.html).
-/// `key_protection` | `ROUGHENOUGH_KEY_PROTECTION` | Optional | Encryption method (if any) applied to the `seed`.  Defaults to "`plaintext`" (no encryption, `seed` is in the clear).
-/// `health_check_port` | `ROUGHENOUGH_HEALTH_CHECK_PORT` | Optional | If present, the TCP port to respond to Google-style HTTP "legacy health check".
+/// `seed` | `ROUGHENOUGH_SEED` | Required | A 32-byte hexadecimal value used to generate the server's long-term key pair. **This is a secret value and must be un-guessable**, treat it with care. (If compiled with KMS support, length will vary)
+/// `batch_size` | `ROUGHENOUGH_BATCH_SIZE` | Optional | The maximum number of requests to process in one batch. All nonces in a batch are used to build a Merkle tree, the root of which is signed. Default is `64` requests per batch.
+/// `status_interval` | `ROUGHENOUGH_STATUS_INTERVAL` | Optional | Number of _seconds_ between each logged status update. Default is `600` seconds (10 minutes).
+/// `health_check_port` | `ROUGHENOUGH_HEALTH_CHECK_PORT` | Optional | If present, enable an HTTP health check responder on the provided port. **Use with caution**.
+/// `kms_protection` | `ROUGHENOUGH_KMS_PROTECTION` | Optional | If compiled with KMS support, the ID of the KMS key used to protect the long-term identity.
 ///
 /// Implementations of this trait obtain a valid configuration from different back-end
 /// sources. See:
 ///   * [FileConfig](struct.FileConfig.html) - configure via a YAML file
 ///   * [EnvironmentConfig](struct.EnvironmentConfig.html) - configure via environment vars
 ///
+/// The health check and KMS features require
+///
 pub trait ServerConfig {
     /// [Required] IP address or interface name to listen for client requests
     fn interface(&self) -> &str;
@@ -90,7 +92,7 @@ pub trait ServerConfig {
 
     /// [Optional] Method used to protect the seed for the server's long-term key pair.
     /// Defaults to "`plaintext`" (no encryption, seed is in the clear).
-    fn key_protection(&self) -> &KeyProtection;
+    fn kms_protection(&self) -> &KmsProtection;
 
     /// [Optional] If present, the TCP port to respond to Google-style HTTP "legacy health check".
     /// This is a *very* simplistic check, it emits a fixed HTTP response to all TCP connections.
@@ -145,10 +147,14 @@ pub fn is_valid_config(cfg: &Box<ServerConfig>) -> bool {
         error!("seed value is missing");
         is_valid = false;
     }
-    if *cfg.key_protection() == KeyProtection::Plaintext && cfg.seed().len() != 32 {
+    if *cfg.kms_protection() == KmsProtection::Plaintext && cfg.seed().len() != 32 {
         error!("plaintext seed value must be 32 characters long");
         is_valid = false;
     }
+    if *cfg.kms_protection() != KmsProtection::Plaintext && cfg.seed().len() <= 32 {
+        error!("KMS use enabled but seed value is too short to be an encrypted blob");
+        is_valid = false;
+    }
     if cfg.batch_size() < 1 || cfg.batch_size() > 64 {
         error!(
             "batch_size {} is invalid; valid range 1-64",
author	Stuart Stock <stuart@int08h.com>	2018-10-27 13:22:53 -0500
committer	Stuart Stock <stuart@int08h.com>	2018-10-27 13:22:53 -0500
commit	f84d4d7907e49294a04e3cf8ca14fe0e15382c0d (patch)
tree	19c6a6d031872f94d75dc6ac05bf988dda0aeaa9 /src/config
parent	388976db0419127384055810ba54f0610d1069b9 (diff)
download	roughenough-f84d4d7907e49294a04e3cf8ca14fe0e15382c0d.zip