chore: Merge branch 'release/4.19.1'

CHANGELOG.md

@@ -2,6 +2,17 @@
 
 All notable changes to this project will be documented in this file.
 
+## [4.19.1] - 2024-10-11
+
+### 🚀 Features
+
+- Client `ckms`: merge attributes handling (set/get/delete) under `attributes` subcommand ([#329](https://github.com/Cosmian/kms/pull/329))
+
+### 🐛 Bug Fixes
+
+- Guard on size of ciphertexts for BulkData ([#330](https://github.com/Cosmian/kms/pull/330))
+- KMIP Attributes: fix deletion on Links and Vendor Attributes ([#329](https://github.com/Cosmian/kms/pull/329))
+
 ## [4.19.0] - 2024-10-09
 
 ### 🚀 Features

Cargo.toml

@@ -18,7 +18,7 @@ members = [
 resolver = "2"
 
 [workspace.package]
-version = "4.19.0"
+version = "4.19.1"
 edition = "2021"
 rust-version = "1.71.0"
 authors = [

Dockerfile

@@ -1,6 +1,6 @@
 FROM ubuntu:22.04 AS builder
 
-LABEL version="4.19.0"
+LABEL version="4.19.1"
 LABEL name="Cosmian KMS docker container"
 
 ENV DEBIAN_FRONTEND=noninteractive

Dockerfile.fips

@@ -1,6 +1,6 @@
 FROM ubuntu:22.04 AS builder
 
-LABEL version="4.19.0"
+LABEL version="4.19.1"
 LABEL name="Cosmian KMS docker container"
 
 ENV DEBIAN_FRONTEND=noninteractive

README.md

@@ -49,7 +49,7 @@ Keys can be wrapped and unwrapped using RSA, ECIES or RFC5649/AES KWP.
 
 ## Quick start
 
-Pre-built binaries [are available](https://package.cosmian.com/kms/4.19.0/)
+Pre-built binaries [are available](https://package.cosmian.com/kms/4.19.1/)
 for Linux, MacOS, and Windows, as well as Docker images. To run the server binary, OpenSSL must be
 available in your path (see "building the KMS" below for details); other binaries do not have this
 requirement.
@@ -58,7 +58,7 @@ Using Docker to quick-start a Cosmian KMS server on `http://localhost:9998` that
 inside the container, run the following command:
 
 ```sh
-docker run -p 9998:9998 --name kms ghcr.io/cosmian/kms:4.19.0
+docker run -p 9998:9998 --name kms ghcr.io/cosmian/kms:4.19.1
 ```
 
 Then, use the CLI to issue commands to the KMS.

crate/cli/src/actions/shared/delete_attributes.rs → crate/cli/src/actions/attributes/delete.rs

@@ -9,10 +9,10 @@ use cosmian_kms_client::{
 };
 use tracing::trace;
 
-use super::set_attributes::SetOrDeleteAttributes;
+use super::set::SetOrDeleteAttributes;
 use crate::{actions::console, cli_bail, error::result::CliResult};
 
-/// Delete the KMIP object attributes (one or multiple attributes).
+/// Delete the KMIP object attributes.
 #[derive(Parser, Debug)]
 #[clap(verbatim_doc_comment)]
 pub struct DeleteAttributesAction {

crate/cli/src/actions/shared/get_attributes.rs → crate/cli/src/actions/attributes/get.rs

@@ -117,10 +117,7 @@ impl GetAttributesAction {
             trace!("No attribute tag specified, returning all possible tags");
             let mut all_tags = Vec::new();
             for tag in Tag::iter() {
-                if tag != Tag::VendorExtension {
-                    // Just to avoid the vendor extension tag by default
-                    all_tags.push(tag);
-                }
+                all_tags.push(tag);
             }
             all_tags
         } else {
@@ -325,9 +322,7 @@ impl GetAttributesAction {
                         );
                     }
                 }
-                _x => {
-                    // trace!("Tag {x} not supported");
-                }
+                _x => {}
             }
         }
 

crate/cli/src/actions/attributes/mod.rs

@@ -0,0 +1,38 @@
+mod delete;
+mod get;
+mod set;
+
+use clap::Subcommand;
+use cosmian_kms_client::KmsClient;
+pub use delete::DeleteAttributesAction;
+pub use get::GetAttributesAction;
+pub use set::{SetAttributesAction, SetOrDeleteAttributes, VendorAttributeCli};
+
+use crate::error::result::CliResult;
+
+/// Get/Set/Delete the KMIP object attributes.
+#[derive(Subcommand)]
+pub enum AttributesCommands {
+    Get(GetAttributesAction),
+    Set(SetAttributesAction),
+    Delete(DeleteAttributesAction),
+}
+
+impl AttributesCommands {
+    /// Process the Attributes commands action.
+    ///
+    /// # Arguments
+    ///
+    /// * `kms_rest_client` - The KMS client instance used to communicate with the KMS server.
+    ///
+    /// # Errors
+    ///
+    /// Returns an error if the version query fails or if there is an issue writing to the console.
+    pub async fn process(&self, client_connector: &KmsClient) -> CliResult<()> {
+        match self {
+            Self::Get(action) => action.process(client_connector).await,
+            Self::Set(action) => action.process(client_connector).await,
+            Self::Delete(action) => action.process(client_connector).await,
+        }
+    }
+}

crate/cli/src/actions/shared/set_attributes.rs → crate/cli/src/actions/attributes/set.rs

@@ -7,17 +7,19 @@ use cosmian_kms_client::{
         kmip_operations::{SetAttribute, SetAttributeResponse},
         kmip_types::{
             self, Attribute, CryptographicAlgorithm, Link, LinkType, LinkedObjectIdentifier,
-            StateEnumeration, VendorAttribute,
+            VendorAttribute,
         },
     },
     KmsClient,
 };
 use serde::Deserialize;
 use tracing::{info, trace};
 
-use super::utils::KeyUsage;
 use crate::{
-    actions::{console, shared::utils::build_usage_mask_from_key_usage},
+    actions::{
+        console,
+        shared::utils::{build_usage_mask_from_key_usage, KeyUsage},
+    },
     cli_bail,
     error::result::CliResult,
 };
@@ -30,7 +32,7 @@ pub struct VendorAttributeCli {
     /// The attribute name.
     #[clap(long, short = 'n', requires = "vendor_identification")]
     pub attribute_name: Option<String>,
-    /// The attribute value.
+    /// The attribute value (in hex format).
     #[clap(long, requires = "vendor_identification")]
     pub attribute_value: Option<String>,
 }
@@ -83,7 +85,7 @@ pub struct SetOrDeleteAttributes {
     #[clap(long = "tag", short = 't', value_name = "TAG", group = "id-tags")]
     pub(crate) tags: Option<Vec<String>>,
 
-    /// Set the activation date of the key.
+    /// Set the activation date of the key. Epoch time (or Unix time) in milliseconds.
     #[clap(long, short = 'd')]
     pub(crate) activation_date: Option<u64>,
 
@@ -95,7 +97,7 @@ pub struct SetOrDeleteAttributes {
     #[clap(long)]
     pub(crate) cryptographic_length: Option<i32>,
 
-    /// The key usage.
+    /// The key usage. Add multiple times to specify multiple key usages.
     #[clap(long, short = 'u')]
     pub(crate) key_usage: Option<Vec<KeyUsage>>,
 
@@ -127,10 +129,6 @@ pub struct SetOrDeleteAttributes {
     #[clap(long)]
     pub(crate) child_id: Option<String>,
 
-    /// The state of the object.
-    #[clap(long, short = 's')]
-    pub(crate) state: Option<StateEnumeration>,
-
     #[clap(flatten)]
     pub vendor_attributes: Option<VendorAttributeCli>,
 }
@@ -229,11 +227,6 @@ impl SetOrDeleteAttributes {
             result.push(attribute);
         }
 
-        if let Some(state) = &self.state {
-            let attribute = Attribute::State(state.to_owned());
-            result.push(attribute);
-        }
-
         if let Some(vendor_attributes) = &self.vendor_attributes {
             let attribute = Attribute::try_from(vendor_attributes)?;
             result.push(attribute);
@@ -243,7 +236,7 @@ impl SetOrDeleteAttributes {
     }
 }
 
-/// Set the KMIP object attributes (one or multiple attributes).
+/// Set the KMIP object attributes.
 #[derive(Parser, Debug)]
 #[clap(verbatim_doc_comment)]
 pub struct SetAttributesAction {

crate/cli/src/actions/elliptic_curves/keys/create_key_pair.rs

@@ -75,8 +75,8 @@ pub struct CreateKeyPairAction {
     #[clap(long = "tag", short = 't', value_name = "TAG")]
     tags: Vec<String>,
 
-    /// The unique id of the private key; a unique id based
-    /// on the key material is generated if not specified.
+    /// The unique id of the private key; a random uuid
+    /// is generated if not specified.
     #[clap(required = false)]
     private_key_id: Option<String>,
 }

crate/cli/src/actions/mod.rs

@@ -1,4 +1,5 @@
 pub mod access;
+pub mod attributes;
 pub mod certificates;
 pub mod console;
 #[cfg(not(feature = "fips"))]

crate/cli/src/actions/rsa/keys/create_key_pair.rs

@@ -34,8 +34,8 @@ pub struct CreateKeyPairAction {
     #[clap(long = "tag", short = 't', value_name = "TAG")]
     tags: Vec<String>,
 
-    /// The unique id of the private key; a unique id based
-    /// on the key material is generated if not specified.
+    /// The unique id of the private key; a random uuid
+    /// is generated if not specified.
     #[clap(required = false)]
     private_key_id: Option<String>,
 }

crate/cli/src/actions/shared/import_key.rs

@@ -60,8 +60,8 @@ pub struct ImportKeyAction {
     #[clap(required = true)]
     key_file: PathBuf,
 
-    /// The unique id of the key; a unique id based
-    /// on the key material is generated if not specified.
+    /// The unique id of the key; a random uuid
+    /// is generated if not specified.
     #[clap(required = false)]
     key_id: Option<String>,
 

crate/cli/src/actions/shared/mod.rs

@@ -1,21 +1,15 @@
-mod delete_attributes;
 mod export_key;
-mod get_attributes;
 pub(crate) mod import_key;
 mod locate;
-mod set_attributes;
 pub mod utils;
 
 mod wrap_key;
 
 mod unwrap_key;
 
-pub use delete_attributes::DeleteAttributesAction;
 pub use export_key::{ExportKeyAction, ExportKeyFormat};
-pub use get_attributes::GetAttributesAction;
 pub use import_key::ImportKeyAction;
 pub use locate::LocateObjectsAction;
-pub use set_attributes::{SetAttributesAction, SetOrDeleteAttributes, VendorAttributeCli};
 pub use unwrap_key::UnwrapKeyAction;
 pub use wrap_key::WrapKeyAction;
 

crate/cli/src/actions/symmetric/keys/create_key.rs

@@ -63,8 +63,8 @@ pub struct CreateKeyAction {
     #[clap(long = "tag", short = 't', value_name = "TAG")]
     tags: Vec<String>,
 
-    /// The unique id of the key; a unique id based
-    /// on the key material is generated if not specified.
+    /// The unique id of the key; a random uuid
+    /// is generated if not specified.
     #[clap(required = false)]
     key_id: Option<String>,
 }