keystore v2 work

This commit is contained in:
core 2023-08-18 22:46:03 -04:00
parent 3dadd40bba
commit de16535651
Signed by: core
GPG key ID: FDBF740DADDCEECF
6 changed files with 32 additions and 54 deletions

View file

@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="DataSourceManagerImpl" format="xml" multifile-model="true">
<data-source source="LOCAL" name="trifidapi@localhost" uuid="39c81b89-3fc4-493f-b203-7a00527cffe6">
<data-source source="LOCAL" name="trifid@localhost" uuid="39c81b89-3fc4-493f-b203-7a00527cffe6">
<driver-ref>postgresql</driver-ref>
<synchronize>true</synchronize>
<jdbc-driver>org.postgresql.Driver</jdbc-driver>

4
Cargo.lock generated
View file

@ -3928,14 +3928,14 @@ dependencies = [
[[package]]
name = "trifid_api_entities"
version = "0.1.2"
version = "0.2.0"
dependencies = [
"sea-orm",
]
[[package]]
name = "trifid_api_migration"
version = "0.1.2"
version = "0.2.0"
dependencies = [
"async-std",
"async-trait",

View file

@ -26,8 +26,8 @@ log = "0.4" # Logging
simple_logger = "4" # Logging
sea-orm = { version = "0.12", features = [ "sqlx-postgres", "runtime-actix-rustls", "macros" ]} # Database
trifid_api_migration = { version = "0.1", path = "trifid_api_migration" } # Database
trifid_api_entities = { version = "0.1", path = "trifid_api_entities" } # Database
trifid_api_migration = { version = "0.2", path = "trifid_api_migration" } # Database
trifid_api_entities = { version = "0.2", path = "trifid_api_entities" } # Database
rand = "0.8" # Misc.
hex = "0.4" # Misc.

View file

@ -22,6 +22,7 @@ use crate::error::APIErrorsResponse;
use sea_orm::{ColumnTrait, QueryFilter, IntoActiveModel};
use sea_orm::ActiveValue::Set;
use trifid_api_entities::entity::prelude::KeystoreHost;
use crate::tokens::random_id;
#[post("/v1/dnclient")]
pub async fn dnclient(
@ -321,25 +322,11 @@ pub async fn dnclient(
}
};
//// START KEYSTORE ENTRY - THIS IS THE BUGGY ZONE ////
let ks = keystore_header;
ks.certs.push(KSCert {
id: ks.current_cert + 1,
cert,
});
ks.current_cert += 1;
ks.config.push(KSConfig {
id: ks.current_config + 1,
config: cfg.clone(),
});
ks.current_config += 1;
ks.signing_keys.push(KSSigningKey {
id: ks.current_signing_key + 1,
key: ks.signing_keys[0].key.clone(),
});
ks.current_signing_key += 1;
// make a new keystore entity
let dh_pubkey = match deserialize_x25519_public(&do_update_req.dh_pubkey_pem) {
Ok(r) => r,
@ -365,28 +352,30 @@ pub async fn dnclient(
}
};
let dh_pubkey_typed: [u8; 32] = dh_pubkey.try_into().unwrap();
ks.client_keys.push(KSClientKey {
id: ks.current_client_key + 1,
dh_pub: PublicKey::from(dh_pubkey_typed),
ed_pub: VerifyingKey::from_bytes(&ed_pubkey.try_into().unwrap()).unwrap(),
});
ks.current_client_key += 1;
let host_in_ks = ks.clone();
match keystore_flush(&keystore) {
Ok(_) => (),
let config_str = match serde_yaml::to_string(&cfg) {
Ok(c_str) => c_str,
Err(e) => {
error!("keystore save error: {}", e);
error!("config serialization error: {}", e);
return HttpResponse::InternalServerError().json(vec![APIError {
code: "ERR_SAVE_ERR".to_string(),
message: "There was an error saving the keystore.".to_string(),
code: "ERR_CFG_SERIALIZATION".to_string(),
message: "There was an error serializing the new configuration."
.to_string(),
path: None,
}]);
}
}
};
let new_ks_entry = keystore_entry::Model {
id: random_id("ksentry"),
host: keystore_header.id.clone(),
counter: counter + 1,
signing_key: keystore_data.signing_key.clone(), // TODO: Rotate keys
client_signing_key: ed_pubkey,
client_dh_key: dh_pubkey,
config: config_str.clone()
};
//// THIS IS THE END OF THE KEYSTORE ADDING BUGGY AREA ////
// get the signing key that the client last trusted based on its current config version
// this is their current counter
@ -397,19 +386,8 @@ pub async fn dnclient(
.unwrap();
let msg = DoUpdateResponse {
config: match serde_yaml::to_string(&cfg) {
Ok(c_str) => c_str.as_bytes().to_vec(),
Err(e) => {
error!("config serialization error: {}", e);
return HttpResponse::InternalServerError().json(vec![APIError {
code: "ERR_CFG_SERIALIZATION".to_string(),
message: "There was an error serializing the new configuration."
.to_string(),
path: None,
}]);
}
},
counter: host_in_ks.current_config as u32,
config: config_str.as_bytes().to_vec(),
counter: counter as u32,
nonce: do_update_req.nonce,
trusted_keys: ed25519_public_keys_to_pem(&[signing_key.key.verifying_key()]),
};

View file

@ -1,6 +1,6 @@
[package]
name = "trifid_api_entities"
version = "0.1.2"
version = "0.2.0"
edition = "2021"
description = "Database entities for trifid-api"
license = "GPL-3.0-or-later"

View file

@ -1,6 +1,6 @@
[package]
name = "trifid_api_migration"
version = "0.1.2"
version = "0.2.0"
edition = "2021"
description = "Database migrations for trifid-api"
license = "GPL-3.0-or-later"