Lib.rs

Development tools
#tss #tatsu #apticket #shsh

app micro-tss

A simple implementation of a Tatsu Signing Server

by turbocooler

1 unstable release

0.1.0 Feb 9, 2025

#465 in Development tools

Download history 81/week @ 2025-02-04 40/week @ 2025-02-11

121 downloads per month

MIT/Apache

36KB
395 lines

micro-tss

Micro TSS is a very simple implementation of a Tatsu Signing Server that mimics the way gs.apple.com/TSS/controller server works.

Configuration file format

Configuration file for micro-tss is a Property List file that may contain the following entries:

  • ListenAddr (required): A string containing an IPv4/IPv6 address and a port separated with a colon that the server will bind to (e.g. "127.0.0.1:3000").
  • ForwardLocalPolicy (optional): A boolean value specifying whether local policy requests should be forwarded to gs.apple.com. Default is false.
  • ApTicketSigner (required): A dictionary containing parameters used to sign APTickets (see below).
  • LocalPolicySigner (required): A dictionary containing parameters used to sign local policies (see below).

An example of a configuration file is the config.example.plist file contained in this repository.

"Signer" dictionaries

  • CertificateChainPath (required): A string containing a path to a file containing a PEM-encoded certificate chain.
  • PrivateKeyPath (required): A string containing a path to a file containing a PEM-encoded PCKS1 (for RSA) or PKCS8/SEC1 (for ECC) private key. Only NIST P256 and P384 keys are supported.
  • DigestAlgorithm: The value is one of "sha1", "sha256" and "sha384". All three can be used with RSA keys and thus this is a required parameter in that case. For ECC keys "sha256" can be used with NIST P256 keys and "sha384" with NIST P384 and thus the parameter is optional.

Minimum Supported Rust Version

This crate requires at least Rust 1.74. An MSRV change will be accompanied by a minor version bump.

License

Licensed under either of

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Dependencies

~20–32MB
~499K SLoC