cc6b8341a3
1. OID-check в parse_x25519_pkcs8_pem
До: брался последний 32-байтный slice любого PKCS#8 DER, OID не
проверялся. RSA/EC/Ed25519 ключ молча давал 32 неправильных байта
→ decrypt падал с generic "wrong key" без объяснения.
После: строгая проверка длины (48 байт) + OID 1.3.101.110 (X25519,
byte slice 9..12 = 0x2b,0x65,0x6e). Внешний openssl ключ другого
алгоритма теперь даёт явную ошибку с указанием реального OID.
Константы X25519_OID + X25519_PKCS8_DER_LEN.
RFC 8410 §3 + §7 ссылка в doc-комментарии.
2. x25519-dalek feature `zeroize`
До: features=["static_secrets"] — StaticSecret хранил priv-ключ
в куче без затирания при Drop. Локальный priv_raw.zeroize() стирал
только стек-копию, оригинал в куче оставался до GC.
После: features=["static_secrets","zeroize"] — StaticSecret сам
реализует ZeroizeOnDrop, ключ затирается при выходе из scope.
3. Два новых теста:
- parse_rejects_wrong_length_der — 32-байтный DER (вместо 48)
отклоняется с сообщением про "48 bytes"
- parse_rejects_wrong_oid — DER с OID Ed25519 (0x2b,0x65,0x70)
отклоняется с сообщением про "X25519"
8/8 тестов модуля проходят, cargo check workspace чисто.
Старая 0.14.5 mcp-server (с source maps содержавшими /Users/
denisparfionovich/...) удалена с keigit.com отдельной операцией
через Forgejo DELETE API.
75 lines
2.6 KiB
TOML
75 lines
2.6 KiB
TOML
[package]
|
|
name = "kei-buddy"
|
|
version = "0.1.0"
|
|
edition.workspace = true
|
|
rust-version.workspace = true
|
|
description = "KeiBuddy personal-assistant Telegram bot — onboarding state-machine + skeleton driver. Concept-level scaffold."
|
|
authors.workspace = true
|
|
license.workspace = true
|
|
|
|
[[bin]]
|
|
name = "kei-buddy"
|
|
path = "src/bin/kei-buddy.rs"
|
|
|
|
[[bin]]
|
|
name = "kei-buddy-tick"
|
|
path = "src/bin/kei-buddy-tick.rs"
|
|
|
|
[lib]
|
|
name = "kei_buddy"
|
|
path = "src/lib.rs"
|
|
|
|
[dependencies]
|
|
serde = { workspace = true, features = ["derive"] }
|
|
serde_json = { workspace = true }
|
|
thiserror = { workspace = true }
|
|
tokio = { workspace = true, features = ["macros", "rt-multi-thread", "net"] }
|
|
tracing = "0.1"
|
|
clap = { workspace = true, features = ["derive"] }
|
|
async-trait = { workspace = true }
|
|
rusqlite = { workspace = true }
|
|
reqwest = { workspace = true }
|
|
anyhow = { workspace = true }
|
|
kei-memory-sqlite = { path = "../kei-memory-sqlite" }
|
|
kei-chat-store = { path = "../kei-chat-store" }
|
|
kei-social-store = { path = "../kei-social-store" }
|
|
kei-sage = { path = "../kei-sage" }
|
|
kei-contacts-google = { path = "../kei-contacts-google" }
|
|
kei-contacts-apple = { path = "../kei-contacts-apple" }
|
|
chrono = { workspace = true }
|
|
|
|
# provision-crypto: x25519 ECDH + HKDF-SHA256 + XChaCha20-Poly1305
|
|
# Mirrors marketplace/src/lib/crypto-box.ts so VPS can decrypt the
|
|
# bot-token blob emitted by the browser.
|
|
x25519-dalek = { version = "2", features = ["static_secrets", "zeroize"] }
|
|
chacha20poly1305 = { version = "0.10", features = ["alloc"] }
|
|
hkdf = "0.12"
|
|
sha2 = "0.10"
|
|
base64 = "0.22"
|
|
rand_core = "0.6"
|
|
zeroize = "1"
|
|
|
|
# serve feature deps
|
|
axum = { version = "0.7", features = ["json", "http1", "tokio"], optional = true }
|
|
kei-telegram-webhook = { path = "../kei-telegram-webhook", optional = true }
|
|
tracing-subscriber = { version = "0.3", features = ["env-filter"], optional = true }
|
|
kei-stt = { path = "../kei-stt", default-features = false, features = ["whisper-local"], optional = true }
|
|
|
|
[dev-dependencies]
|
|
wiremock = { workspace = true }
|
|
tokio = { workspace = true }
|
|
|
|
[features]
|
|
default = ["serve"]
|
|
# HTTP server — axum router + webhook handler + Telegram send_message.
|
|
serve = ["axum", "kei-telegram-webhook", "tracing-subscriber", "kei-stt"]
|
|
# Enables OpenAiExtractor — real HTTP to LiteLLM proxy using reqwest.
|
|
# Off by default; tests use MockExtractor which has no extra deps.
|
|
extractor-openai = []
|
|
# future: pulls in kei-notify-telegram for real Telegram transport
|
|
telegram = []
|
|
|
|
[package.metadata.keisei]
|
|
maturity = "concept"
|
|
description = "KeiBuddy personal-assistant: onboarding FSM + bot driver scaffold"
|
|
authors = ["Denis Parfionovich <parfionovich@keilab.io>"]
|