diff --git a/Cargo.lock b/Cargo.lock index 6010dc4..258c003 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -453,6 +453,7 @@ dependencies = [ "byteorder", "digest 0.9.0", "rand_core 0.5.1", + "serde", "subtle", "zeroize", ] @@ -648,6 +649,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3cf420a7ec85d98495b0c34aa4a58ca117f982ffbece111aeb545160148d7010" dependencies = [ "pkcs8", + "serde", "signature", ] @@ -661,6 +663,7 @@ dependencies = [ "ed25519", "rand_core 0.6.4", "serde", + "serde_bytes", "sha2", "zeroize", ] @@ -2084,6 +2087,15 @@ dependencies = [ "serde_derive", ] +[[package]] +name = "serde_bytes" +version = "0.11.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "416bda436f9aab92e02c8e10d49a15ddd339cea90b6e340fe51ed97abb548294" +dependencies = [ + "serde", +] + [[package]] name = "serde_derive" version = "1.0.159" @@ -2777,7 +2789,7 @@ dependencies = [ [[package]] name = "trifid-pki" -version = "0.1.7" +version = "0.1.8" dependencies = [ "ed25519-dalek", "hex", @@ -3230,6 +3242,7 @@ checksum = "e5da623d8af10a62342bcbbb230e33e58a63255a58012f8653c578e54bab48df" dependencies = [ "curve25519-dalek 3.2.0", "rand_core 0.6.4", + "serde", "zeroize", ] diff --git a/dnapi-rs/Cargo.toml b/dnapi-rs/Cargo.toml index 8cb1bd3..1307825 100644 --- a/dnapi-rs/Cargo.toml +++ b/dnapi-rs/Cargo.toml @@ -19,7 +19,7 @@ reqwest = { version = "0.11.16", features = ["blocking", "json"] } url = "2.3.1" base64 = "0.21.0" serde_json = "1.0.95" -trifid-pki = { version = "0.1.6", path = "../trifid-pki" } +trifid-pki = { version = "0.1.6", path = "../trifid-pki", features = ["serde_derive"] } rand = "0.8.5" chrono = "0.4.24" diff --git a/dnapi-rs/src/client_async.rs b/dnapi-rs/src/client_async.rs index 2aa2099..c4d37df 100644 --- a/dnapi-rs/src/client_async.rs +++ b/dnapi-rs/src/client_async.rs @@ -10,6 +10,7 @@ use trifid_pki::ed25519_dalek::{Signature, Signer, SigningKey, Verifier}; use crate::credentials::{Credentials, ed25519_public_keys_from_pem}; use crate::crypto::{new_keys, nonce}; use crate::message::{CHECK_FOR_UPDATE, CheckForUpdateResponseWrapper, DO_UPDATE, DoUpdateRequest, DoUpdateResponse, ENDPOINT_V1, ENROLL_ENDPOINT, EnrollRequest, EnrollResponse, RequestV1, RequestWrapper, SignedResponseWrapper}; +use serde::{Serialize, Deserialize}; /// A type alias to abstract return types pub type NebulaConfig = Vec; @@ -23,6 +24,7 @@ pub struct Client { server_url: Url } +#[derive(Serialize, Deserialize)] /// A struct containing organization metadata returned as a result of enrollment pub struct EnrollMeta { /// The server organization ID this node is now a member of diff --git a/dnapi-rs/src/client_blocking.rs b/dnapi-rs/src/client_blocking.rs index f75c21c..2ee13fc 100644 --- a/dnapi-rs/src/client_blocking.rs +++ b/dnapi-rs/src/client_blocking.rs @@ -10,6 +10,7 @@ use trifid_pki::ed25519_dalek::{Signature, Signer, SigningKey, Verifier}; use crate::credentials::{Credentials, ed25519_public_keys_from_pem}; use crate::crypto::{new_keys, nonce}; use crate::message::{CHECK_FOR_UPDATE, CheckForUpdateResponseWrapper, DO_UPDATE, DoUpdateRequest, DoUpdateResponse, ENDPOINT_V1, ENROLL_ENDPOINT, EnrollRequest, EnrollResponse, RequestV1, RequestWrapper, SignedResponseWrapper}; +use serde::{Serialize, Deserialize}; /// A type alias to abstract return types pub type NebulaConfig = Vec; @@ -23,6 +24,7 @@ pub struct Client { server_url: Url } +#[derive(Serialize, Deserialize)] /// A struct containing organization metadata returned as a result of enrollment pub struct EnrollMeta { /// The server organization ID this node is now a member of diff --git a/dnapi-rs/src/credentials.rs b/dnapi-rs/src/credentials.rs index 01b3ce7..c54ad7a 100644 --- a/dnapi-rs/src/credentials.rs +++ b/dnapi-rs/src/credentials.rs @@ -3,7 +3,9 @@ use std::error::Error; use trifid_pki::cert::{deserialize_ed25519_public_many, serialize_ed25519_public}; use trifid_pki::ed25519_dalek::{SigningKey, VerifyingKey}; +use serde::{Serialize, Deserialize}; +#[derive(Serialize, Deserialize)] /// Contains information necessary to make requests against the `DNClient` API. pub struct Credentials { /// The assigned Host ID that this client represents diff --git a/tfclient/Cargo.toml b/tfclient/Cargo.toml index 339ec88..fde466b 100644 --- a/tfclient/Cargo.toml +++ b/tfclient/Cargo.toml @@ -8,7 +8,7 @@ description = "An open-source reimplementation of a Defined Networking-compatibl [dependencies] clap = { version = "4.1.10", features = ["derive"] } -trifid-pki = { version = "0.1.6", path = "../trifid-pki", features = ["serde_derive"] } +trifid-pki = { version = "0.1.8", path = "../trifid-pki", features = ["serde_derive"] } dirs = "5.0.0" log = "0.4.17" simple_logger = "4.1.0" @@ -24,7 +24,7 @@ base64 = "0.21.0" chrono = "0.4.24" ipnet = "2.7.1" base64-serde = "0.7.0" -dnapi-rs = { version = "0.1.1", path = "../dnapi-rs" } +dnapi-rs = { version = "0.1.2", path = "../dnapi-rs" } [build-dependencies] serde = { version = "1.0.157", features = ["derive"] } diff --git a/tfclient/src/apiworker.rs b/tfclient/src/apiworker.rs index 6ad2ae9..42c47cb 100644 --- a/tfclient/src/apiworker.rs +++ b/tfclient/src/apiworker.rs @@ -19,46 +19,6 @@ pub enum APIWorkerMessage { pub fn apiworker_main(config: TFClientConfig, instance: String, url: String, _transmitters: ThreadMessageSender, rx: Receiver) { let server = Url::parse(&url).unwrap(); - // Generate dhPubkey and edPubkey if it doesn't exist - // Load vardata - let mut vdata = match load_cdata(&instance) { - Ok(d) => d, - Err(e) => { - error!("Error loading vdata: {}", e); - error!("APIWorker exiting with error"); - return; - } - }; - - if vdata.ed_privkey.is_none() { - info!("Generating ed25519 key"); - let mut csprng = OsRng; - let key = SigningKey::generate(&mut csprng); - let ed_key_bytes = key.to_bytes().to_vec(); - vdata.ed_privkey = Some(ed_key_bytes.try_into().unwrap()); - } - if vdata.dh_privkey.is_none() { - info!("Generating ecdh key"); - let mut csprng = OsRng; - let key = StaticSecret::new(&mut csprng); - let dh_key_bytes = key.to_bytes(); - vdata.dh_privkey = Some(dh_key_bytes); - } - - info!("Loading keys"); - let ed_key = SigningKey::from_bytes(&SecretKey::from(vdata.ed_privkey.unwrap())); - let dh_key = StaticSecret::from(vdata.dh_privkey.unwrap()); - info!("Keys loaded successfully"); - - // Save vardata - match save_cdata(&instance, vdata) { - Ok(_) => (), - Err(e) => { - error!("Error saving vdata: {}", e); - error!("APIWorker exiting with error"); - return; - } - } loop { match rx.try_recv() { Ok(msg) => { @@ -93,7 +53,7 @@ pub fn apiworker_main(config: TFClientConfig, instance: String, url: String, _tr return; } }; - if cdata.host_id.is_some() { + if cdata. { warn!("enrollment failed: already enrolled"); continue; } diff --git a/tfclient/src/config.rs b/tfclient/src/config.rs index dfe48af..bda7a22 100644 --- a/tfclient/src/config.rs +++ b/tfclient/src/config.rs @@ -20,7 +20,6 @@ pub struct TFClientConfig { #[derive(Serialize, Deserialize, Clone)] pub struct TFClientData { - pub host_id: Option, pub dh_privkey: Option<[u8; 32]>, pub creds: Option } diff --git a/trifid-pki/Cargo.toml b/trifid-pki/Cargo.toml index 1ff64c2..0cb0bee 100644 --- a/trifid-pki/Cargo.toml +++ b/trifid-pki/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "trifid-pki" -version = "0.1.7" +version = "0.1.8" edition = "2021" description = "A rust implementation of the Nebula PKI system" license = "AGPL-3.0-or-later" @@ -24,4 +24,4 @@ serde = { version = "1", features = ["derive"], optional = true } [features] default = [] -serde_derive = ["serde", "ipnet/serde"] \ No newline at end of file +serde_derive = ["serde", "ipnet/serde", "x25519-dalek/serde", "ed25519-dalek/serde"] \ No newline at end of file