From de16535651bfe9cedb395decc8318fb37db2c112 Mon Sep 17 00:00:00 2001 From: core Date: Fri, 18 Aug 2023 22:46:03 -0400 Subject: [PATCH] keystore v2 work --- .idea/dataSources.xml | 2 +- Cargo.lock | 4 +- trifid-api/Cargo.toml | 4 +- trifid-api/src/routes/v1/dnclient.rs | 72 ++++++++-------------- trifid-api/trifid_api_entities/Cargo.toml | 2 +- trifid-api/trifid_api_migration/Cargo.toml | 2 +- 6 files changed, 32 insertions(+), 54 deletions(-) diff --git a/.idea/dataSources.xml b/.idea/dataSources.xml index 1fec8e5..7074b84 100644 --- a/.idea/dataSources.xml +++ b/.idea/dataSources.xml @@ -1,7 +1,7 @@ - + postgresql true org.postgresql.Driver diff --git a/Cargo.lock b/Cargo.lock index 1f04d4b..aa9e5b9 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -3928,14 +3928,14 @@ dependencies = [ [[package]] name = "trifid_api_entities" -version = "0.1.2" +version = "0.2.0" dependencies = [ "sea-orm", ] [[package]] name = "trifid_api_migration" -version = "0.1.2" +version = "0.2.0" dependencies = [ "async-std", "async-trait", diff --git a/trifid-api/Cargo.toml b/trifid-api/Cargo.toml index 91d9088..9dc8773 100644 --- a/trifid-api/Cargo.toml +++ b/trifid-api/Cargo.toml @@ -26,8 +26,8 @@ log = "0.4" # Logging simple_logger = "4" # Logging sea-orm = { version = "0.12", features = [ "sqlx-postgres", "runtime-actix-rustls", "macros" ]} # Database -trifid_api_migration = { version = "0.1", path = "trifid_api_migration" } # Database -trifid_api_entities = { version = "0.1", path = "trifid_api_entities" } # Database +trifid_api_migration = { version = "0.2", path = "trifid_api_migration" } # Database +trifid_api_entities = { version = "0.2", path = "trifid_api_entities" } # Database rand = "0.8" # Misc. hex = "0.4" # Misc. diff --git a/trifid-api/src/routes/v1/dnclient.rs b/trifid-api/src/routes/v1/dnclient.rs index 75ce2ba..7cf37ee 100644 --- a/trifid-api/src/routes/v1/dnclient.rs +++ b/trifid-api/src/routes/v1/dnclient.rs @@ -22,6 +22,7 @@ use crate::error::APIErrorsResponse; use sea_orm::{ColumnTrait, QueryFilter, IntoActiveModel}; use sea_orm::ActiveValue::Set; use trifid_api_entities::entity::prelude::KeystoreHost; +use crate::tokens::random_id; #[post("/v1/dnclient")] pub async fn dnclient( @@ -321,25 +322,11 @@ pub async fn dnclient( } }; + //// START KEYSTORE ENTRY - THIS IS THE BUGGY ZONE //// + let ks = keystore_header; - ks.certs.push(KSCert { - id: ks.current_cert + 1, - cert, - }); - ks.current_cert += 1; - - ks.config.push(KSConfig { - id: ks.current_config + 1, - config: cfg.clone(), - }); - ks.current_config += 1; - - ks.signing_keys.push(KSSigningKey { - id: ks.current_signing_key + 1, - key: ks.signing_keys[0].key.clone(), - }); - ks.current_signing_key += 1; + // make a new keystore entity let dh_pubkey = match deserialize_x25519_public(&do_update_req.dh_pubkey_pem) { Ok(r) => r, @@ -365,28 +352,30 @@ pub async fn dnclient( } }; - let dh_pubkey_typed: [u8; 32] = dh_pubkey.try_into().unwrap(); - - ks.client_keys.push(KSClientKey { - id: ks.current_client_key + 1, - dh_pub: PublicKey::from(dh_pubkey_typed), - ed_pub: VerifyingKey::from_bytes(&ed_pubkey.try_into().unwrap()).unwrap(), - }); - ks.current_client_key += 1; - - let host_in_ks = ks.clone(); - - match keystore_flush(&keystore) { - Ok(_) => (), + let config_str = match serde_yaml::to_string(&cfg) { + Ok(c_str) => c_str, Err(e) => { - error!("keystore save error: {}", e); + error!("config serialization error: {}", e); return HttpResponse::InternalServerError().json(vec![APIError { - code: "ERR_SAVE_ERR".to_string(), - message: "There was an error saving the keystore.".to_string(), + code: "ERR_CFG_SERIALIZATION".to_string(), + message: "There was an error serializing the new configuration." + .to_string(), path: None, }]); } - } + }; + + let new_ks_entry = keystore_entry::Model { + id: random_id("ksentry"), + host: keystore_header.id.clone(), + counter: counter + 1, + signing_key: keystore_data.signing_key.clone(), // TODO: Rotate keys + client_signing_key: ed_pubkey, + client_dh_key: dh_pubkey, + config: config_str.clone() + }; + + //// THIS IS THE END OF THE KEYSTORE ADDING BUGGY AREA //// // get the signing key that the client last trusted based on its current config version // this is their current counter @@ -397,19 +386,8 @@ pub async fn dnclient( .unwrap(); let msg = DoUpdateResponse { - config: match serde_yaml::to_string(&cfg) { - Ok(c_str) => c_str.as_bytes().to_vec(), - Err(e) => { - error!("config serialization error: {}", e); - return HttpResponse::InternalServerError().json(vec![APIError { - code: "ERR_CFG_SERIALIZATION".to_string(), - message: "There was an error serializing the new configuration." - .to_string(), - path: None, - }]); - } - }, - counter: host_in_ks.current_config as u32, + config: config_str.as_bytes().to_vec(), + counter: counter as u32, nonce: do_update_req.nonce, trusted_keys: ed25519_public_keys_to_pem(&[signing_key.key.verifying_key()]), }; diff --git a/trifid-api/trifid_api_entities/Cargo.toml b/trifid-api/trifid_api_entities/Cargo.toml index d2f566b..9bb713d 100644 --- a/trifid-api/trifid_api_entities/Cargo.toml +++ b/trifid-api/trifid_api_entities/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "trifid_api_entities" -version = "0.1.2" +version = "0.2.0" edition = "2021" description = "Database entities for trifid-api" license = "GPL-3.0-or-later" diff --git a/trifid-api/trifid_api_migration/Cargo.toml b/trifid-api/trifid_api_migration/Cargo.toml index 575f585..88247f5 100644 --- a/trifid-api/trifid_api_migration/Cargo.toml +++ b/trifid-api/trifid_api_migration/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "trifid_api_migration" -version = "0.1.2" +version = "0.2.0" edition = "2021" description = "Database migrations for trifid-api" license = "GPL-3.0-or-later"