core
/
trifid
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects 7 Releases Wiki Activity

update stuff to fix stuff

This commit is contained in:
core 2023-03-29 18:26:04 -04:00
parent c3d68c00f8
commit ef7d0f4b2c
Signed by: core
GPG Key ID: FDBF740DADDCEECF
9 changed files with 26 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
Cargo.lock generated
View File

@ -453,6 +453,7 @@ dependencies = [
"byteorder", "byteorder",
"digest 0.9.0", "digest 0.9.0",
"rand_core 0.5.1", "rand_core 0.5.1",
"serde",
"subtle", "subtle",
"zeroize", "zeroize",
] ]
@ -648,6 +649,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3cf420a7ec85d98495b0c34aa4a58ca117f982ffbece111aeb545160148d7010" checksum = "3cf420a7ec85d98495b0c34aa4a58ca117f982ffbece111aeb545160148d7010"
dependencies = [ dependencies = [
"pkcs8", "pkcs8",
"serde",
"signature", "signature",
] ]
@ -661,6 +663,7 @@ dependencies = [
"ed25519", "ed25519",
"rand_core 0.6.4", "rand_core 0.6.4",
"serde", "serde",
"serde_bytes",
"sha2", "sha2",
"zeroize", "zeroize",
] ]
@ -2084,6 +2087,15 @@ dependencies = [
"serde_derive", "serde_derive",
] ]
[[package]]
name = "serde_bytes"
version = "0.11.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "416bda436f9aab92e02c8e10d49a15ddd339cea90b6e340fe51ed97abb548294"
dependencies = [
"serde",
]
[[package]] [[package]]
name = "serde_derive" name = "serde_derive"
version = "1.0.159" version = "1.0.159"
@ -2777,7 +2789,7 @@ dependencies = [
[[package]] [[package]]
name = "trifid-pki" name = "trifid-pki"
version = "0.1.7" version = "0.1.8"
dependencies = [ dependencies = [
"ed25519-dalek", "ed25519-dalek",
"hex", "hex",
@ -3230,6 +3242,7 @@ checksum = "e5da623d8af10a62342bcbbb230e33e58a63255a58012f8653c578e54bab48df"
dependencies = [ dependencies = [
"curve25519-dalek 3.2.0", "curve25519-dalek 3.2.0",
"rand_core 0.6.4", "rand_core 0.6.4",
"serde",
"zeroize", "zeroize",
] ]

2
dnapi-rs/Cargo.toml
View File

@ -19,7 +19,7 @@ reqwest = { version = "0.11.16", features = ["blocking", "json"] }
url = "2.3.1" url = "2.3.1"
base64 = "0.21.0" base64 = "0.21.0"
serde_json = "1.0.95" serde_json = "1.0.95"
trifid-pki = { version = "0.1.6", path = "../trifid-pki" } trifid-pki = { version = "0.1.6", path = "../trifid-pki", features = ["serde_derive"] }
rand = "0.8.5" rand = "0.8.5"
chrono = "0.4.24" chrono = "0.4.24"

2
dnapi-rs/src/client_async.rs
View File

@ -10,6 +10,7 @@ use trifid_pki::ed25519_dalek::{Signature, Signer, SigningKey, Verifier};
use crate::credentials::{Credentials, ed25519_public_keys_from_pem}; use crate::credentials::{Credentials, ed25519_public_keys_from_pem};
use crate::crypto::{new_keys, nonce}; use crate::crypto::{new_keys, nonce};
use crate::message::{CHECK_FOR_UPDATE, CheckForUpdateResponseWrapper, DO_UPDATE, DoUpdateRequest, DoUpdateResponse, ENDPOINT_V1, ENROLL_ENDPOINT, EnrollRequest, EnrollResponse, RequestV1, RequestWrapper, SignedResponseWrapper}; use crate::message::{CHECK_FOR_UPDATE, CheckForUpdateResponseWrapper, DO_UPDATE, DoUpdateRequest, DoUpdateResponse, ENDPOINT_V1, ENROLL_ENDPOINT, EnrollRequest, EnrollResponse, RequestV1, RequestWrapper, SignedResponseWrapper};
use serde::{Serialize, Deserialize};
/// A type alias to abstract return types /// A type alias to abstract return types
pub type NebulaConfig = Vec<u8>; pub type NebulaConfig = Vec<u8>;
@ -23,6 +24,7 @@ pub struct Client {
server_url: Url server_url: Url
} }
#[derive(Serialize, Deserialize)]
/// A struct containing organization metadata returned as a result of enrollment /// A struct containing organization metadata returned as a result of enrollment
pub struct EnrollMeta { pub struct EnrollMeta {
/// The server organization ID this node is now a member of /// The server organization ID this node is now a member of

2
dnapi-rs/src/client_blocking.rs
View File

@ -10,6 +10,7 @@ use trifid_pki::ed25519_dalek::{Signature, Signer, SigningKey, Verifier};
use crate::credentials::{Credentials, ed25519_public_keys_from_pem}; use crate::credentials::{Credentials, ed25519_public_keys_from_pem};
use crate::crypto::{new_keys, nonce}; use crate::crypto::{new_keys, nonce};
use crate::message::{CHECK_FOR_UPDATE, CheckForUpdateResponseWrapper, DO_UPDATE, DoUpdateRequest, DoUpdateResponse, ENDPOINT_V1, ENROLL_ENDPOINT, EnrollRequest, EnrollResponse, RequestV1, RequestWrapper, SignedResponseWrapper}; use crate::message::{CHECK_FOR_UPDATE, CheckForUpdateResponseWrapper, DO_UPDATE, DoUpdateRequest, DoUpdateResponse, ENDPOINT_V1, ENROLL_ENDPOINT, EnrollRequest, EnrollResponse, RequestV1, RequestWrapper, SignedResponseWrapper};
use serde::{Serialize, Deserialize};
/// A type alias to abstract return types /// A type alias to abstract return types
pub type NebulaConfig = Vec<u8>; pub type NebulaConfig = Vec<u8>;
@ -23,6 +24,7 @@ pub struct Client {
server_url: Url server_url: Url
} }
#[derive(Serialize, Deserialize)]
/// A struct containing organization metadata returned as a result of enrollment /// A struct containing organization metadata returned as a result of enrollment
pub struct EnrollMeta { pub struct EnrollMeta {
/// The server organization ID this node is now a member of /// The server organization ID this node is now a member of

2
dnapi-rs/src/credentials.rs
View File

@ -3,7 +3,9 @@
use std::error::Error; use std::error::Error;
use trifid_pki::cert::{deserialize_ed25519_public_many, serialize_ed25519_public}; use trifid_pki::cert::{deserialize_ed25519_public_many, serialize_ed25519_public};
use trifid_pki::ed25519_dalek::{SigningKey, VerifyingKey}; use trifid_pki::ed25519_dalek::{SigningKey, VerifyingKey};
use serde::{Serialize, Deserialize};
#[derive(Serialize, Deserialize)]
/// Contains information necessary to make requests against the `DNClient` API. /// Contains information necessary to make requests against the `DNClient` API.
pub struct Credentials { pub struct Credentials {
/// The assigned Host ID that this client represents /// The assigned Host ID that this client represents

4
tfclient/Cargo.toml
View File

@ -8,7 +8,7 @@ description = "An open-source reimplementation of a Defined Networking-compatibl
[dependencies] [dependencies]
clap = { version = "4.1.10", features = ["derive"] } clap = { version = "4.1.10", features = ["derive"] }
trifid-pki = { version = "0.1.6", path = "../trifid-pki", features = ["serde_derive"] } trifid-pki = { version = "0.1.8", path = "../trifid-pki", features = ["serde_derive"] }
dirs = "5.0.0" dirs = "5.0.0"
log = "0.4.17" log = "0.4.17"
simple_logger = "4.1.0" simple_logger = "4.1.0"
@ -24,7 +24,7 @@ base64 = "0.21.0"
chrono = "0.4.24" chrono = "0.4.24"
ipnet = "2.7.1" ipnet = "2.7.1"
base64-serde = "0.7.0" base64-serde = "0.7.0"
dnapi-rs = { version = "0.1.1", path = "../dnapi-rs" } dnapi-rs = { version = "0.1.2", path = "../dnapi-rs" }
[build-dependencies] [build-dependencies]
serde = { version = "1.0.157", features = ["derive"] } serde = { version = "1.0.157", features = ["derive"] }

42
tfclient/src/apiworker.rs
View File

@ -19,46 +19,6 @@ pub enum APIWorkerMessage {
pub fn apiworker_main(config: TFClientConfig, instance: String, url: String, _transmitters: ThreadMessageSender, rx: Receiver<APIWorkerMessage>) { pub fn apiworker_main(config: TFClientConfig, instance: String, url: String, _transmitters: ThreadMessageSender, rx: Receiver<APIWorkerMessage>) {
let server = Url::parse(&url).unwrap(); let server = Url::parse(&url).unwrap();
// Generate dhPubkey and edPubkey if it doesn't exist
// Load vardata
let mut vdata = match load_cdata(&instance) {
Ok(d) => d,
Err(e) => {
error!("Error loading vdata: {}", e);
error!("APIWorker exiting with error");
return;
}
};
if vdata.ed_privkey.is_none() {
info!("Generating ed25519 key");
let mut csprng = OsRng;
let key = SigningKey::generate(&mut csprng);
let ed_key_bytes = key.to_bytes().to_vec();
vdata.ed_privkey = Some(ed_key_bytes.try_into().unwrap());
}
if vdata.dh_privkey.is_none() {
info!("Generating ecdh key");
let mut csprng = OsRng;
let key = StaticSecret::new(&mut csprng);
let dh_key_bytes = key.to_bytes();
vdata.dh_privkey = Some(dh_key_bytes);
}
info!("Loading keys");
let ed_key = SigningKey::from_bytes(&SecretKey::from(vdata.ed_privkey.unwrap()));
let dh_key = StaticSecret::from(vdata.dh_privkey.unwrap());
info!("Keys loaded successfully");
// Save vardata
match save_cdata(&instance, vdata) {
Ok(_) => (),
Err(e) => {
error!("Error saving vdata: {}", e);
error!("APIWorker exiting with error");
return;
}
}
loop { loop {
match rx.try_recv() { match rx.try_recv() {
Ok(msg) => { Ok(msg) => {
@ -93,7 +53,7 @@ pub fn apiworker_main(config: TFClientConfig, instance: String, url: String, _tr
return; return;
} }
}; };
if cdata.host_id.is_some() { if cdata. {
warn!("enrollment failed: already enrolled"); warn!("enrollment failed: already enrolled");
continue; continue;
} }

1
tfclient/src/config.rs
View File

@ -20,7 +20,6 @@ pub struct TFClientConfig {
#[derive(Serialize, Deserialize, Clone)] #[derive(Serialize, Deserialize, Clone)]
pub struct TFClientData { pub struct TFClientData {
pub host_id: Option<String>,
pub dh_privkey: Option<[u8; 32]>, pub dh_privkey: Option<[u8; 32]>,
pub creds: Option<Credentials> pub creds: Option<Credentials>
} }

4
trifid-pki/Cargo.toml
View File

@ -1,6 +1,6 @@
[package] [package]
name = "trifid-pki" name = "trifid-pki"
version = "0.1.7" version = "0.1.8"
edition = "2021" edition = "2021"
description = "A rust implementation of the Nebula PKI system" description = "A rust implementation of the Nebula PKI system"
license = "AGPL-3.0-or-later" license = "AGPL-3.0-or-later"
@ -24,4 +24,4 @@ serde = { version = "1", features = ["derive"], optional = true }
[features] [features]
default = [] default = []
serde_derive = ["serde", "ipnet/serde"] serde_derive = ["serde", "ipnet/serde", "x25519-dalek/serde", "ed25519-dalek/serde"]