5
0
mirror of https://github.com/cwinfo/yggdrasil-go.git synced 2024-11-25 23:01:38 +00:00

Remove encryption public key options (they are now derived from ed25519 key conversion in IW), also bump link version number

This commit is contained in:
Neil Alexander 2021-05-10 22:06:38 +01:00
parent 6cb958e3dc
commit bb92e61e68
5 changed files with 8 additions and 39 deletions

View File

@ -220,11 +220,7 @@ func main() {
} }
// Have we been asked for the node address yet? If so, print it and then stop. // Have we been asked for the node address yet? If so, print it and then stop.
getNodeID := func() *crypto.NodeID { getNodeID := func() *crypto.NodeID {
if pubkey, err := hex.DecodeString(cfg.EncryptionPublicKey); err == nil { // TODO: curve
var box crypto.BoxPubKey
copy(box[:], pubkey)
return crypto.GetNodeID(&box)
}
return nil return nil
} }
switch { switch {

View File

@ -68,8 +68,6 @@ type NodeConfig struct {
AdminListen string `comment:"Listen address for admin connections. Default is to listen for local\nconnections either on TCP/9001 or a UNIX socket depending on your\nplatform. Use this value for yggdrasilctl -endpoint=X. To disable\nthe admin socket, use the value \"none\" instead."` AdminListen string `comment:"Listen address for admin connections. Default is to listen for local\nconnections either on TCP/9001 or a UNIX socket depending on your\nplatform. Use this value for yggdrasilctl -endpoint=X. To disable\nthe admin socket, use the value \"none\" instead."`
MulticastInterfaces []string `comment:"Regular expressions for which interfaces multicast peer discovery\nshould be enabled on. If none specified, multicast peer discovery is\ndisabled. The default value is .* which uses all interfaces."` MulticastInterfaces []string `comment:"Regular expressions for which interfaces multicast peer discovery\nshould be enabled on. If none specified, multicast peer discovery is\ndisabled. The default value is .* which uses all interfaces."`
AllowedEncryptionPublicKeys []string `comment:"List of peer encryption public keys to allow incoming TCP peering\nconnections from. If left empty/undefined then all connections will\nbe allowed by default. This does not affect outgoing peerings, nor\ndoes it affect link-local peers discovered via multicast."` AllowedEncryptionPublicKeys []string `comment:"List of peer encryption public keys to allow incoming TCP peering\nconnections from. If left empty/undefined then all connections will\nbe allowed by default. This does not affect outgoing peerings, nor\ndoes it affect link-local peers discovered via multicast."`
EncryptionPublicKey string `comment:"Your public encryption key. Your peers may ask you for this to put\ninto their AllowedEncryptionPublicKeys configuration."`
EncryptionPrivateKey string `comment:"Your private encryption key. DO NOT share this with anyone!"`
SigningPublicKey string `comment:"Your public signing key. You should not ordinarily need to share\nthis with anyone."` SigningPublicKey string `comment:"Your public signing key. You should not ordinarily need to share\nthis with anyone."`
SigningPrivateKey string `comment:"Your private signing key. DO NOT share this with anyone!"` SigningPrivateKey string `comment:"Your private signing key. DO NOT share this with anyone!"`
LinkLocalTCPPort uint16 `comment:"The port number to be used for the link-local TCP listeners for the\nconfigured MulticastInterfaces. This option does not affect listeners\nspecified in the Listen option. Unless you plan to firewall link-local\ntraffic, it is best to leave this as the default value of 0. This\noption cannot currently be changed by reloading config during runtime."` LinkLocalTCPPort uint16 `comment:"The port number to be used for the link-local TCP listeners for the\nconfigured MulticastInterfaces. This option does not affect listeners\nspecified in the Listen option. Unless you plan to firewall link-local\ntraffic, it is best to leave this as the default value of 0. This\noption cannot currently be changed by reloading config during runtime."`
@ -113,14 +111,11 @@ type SwitchOptions struct {
// using -autoconf. // using -autoconf.
func GenerateConfig() *NodeConfig { func GenerateConfig() *NodeConfig {
// Generate encryption keys. // Generate encryption keys.
bpub, bpriv := crypto.NewBoxKeys()
spub, spriv := crypto.NewSigKeys() spub, spriv := crypto.NewSigKeys()
// Create a node configuration and populate it. // Create a node configuration and populate it.
cfg := NodeConfig{} cfg := NodeConfig{}
cfg.Listen = []string{} cfg.Listen = []string{}
cfg.AdminListen = defaults.GetDefaults().DefaultAdminListen cfg.AdminListen = defaults.GetDefaults().DefaultAdminListen
cfg.EncryptionPublicKey = hex.EncodeToString(bpub[:])
cfg.EncryptionPrivateKey = hex.EncodeToString(bpriv[:])
cfg.SigningPublicKey = hex.EncodeToString(spub[:]) cfg.SigningPublicKey = hex.EncodeToString(spub[:])
cfg.SigningPrivateKey = hex.EncodeToString(spriv[:]) cfg.SigningPrivateKey = hex.EncodeToString(spriv[:])
cfg.Peers = []string{} cfg.Peers = []string{}
@ -139,16 +134,6 @@ func GenerateConfig() *NodeConfig {
return &cfg return &cfg
} }
// NewEncryptionKeys replaces the encryption keypair in the NodeConfig with a
// new encryption keypair. The encryption keys are used by the router to encrypt
// traffic and to derive the node ID and IPv6 address/subnet of the node, so
// this is equivalent to discarding the node's identity on the network.
func (cfg *NodeConfig) NewEncryptionKeys() {
bpub, bpriv := crypto.NewBoxKeys()
cfg.EncryptionPublicKey = hex.EncodeToString(bpub[:])
cfg.EncryptionPrivateKey = hex.EncodeToString(bpriv[:])
}
// NewSigningKeys replaces the signing keypair in the NodeConfig with a new // NewSigningKeys replaces the signing keypair in the NodeConfig with a new
// signing keypair. The signing keys are used by the switch to derive the // signing keypair. The signing keys are used by the switch to derive the
// structure of the spanning tree. // structure of the spanning tree.

View File

@ -10,7 +10,6 @@ package tuntap
import ( import (
"crypto/ed25519" "crypto/ed25519"
"encoding/hex"
"errors" "errors"
"fmt" "fmt"
"net" "net"
@ -23,7 +22,6 @@ import (
"github.com/yggdrasil-network/yggdrasil-go/src/address" "github.com/yggdrasil-network/yggdrasil-go/src/address"
"github.com/yggdrasil-network/yggdrasil-go/src/config" "github.com/yggdrasil-network/yggdrasil-go/src/config"
"github.com/yggdrasil-network/yggdrasil-go/src/crypto"
"github.com/yggdrasil-network/yggdrasil-go/src/defaults" "github.com/yggdrasil-network/yggdrasil-go/src/defaults"
"github.com/yggdrasil-network/yggdrasil-go/src/types" "github.com/yggdrasil-network/yggdrasil-go/src/types"
"github.com/yggdrasil-network/yggdrasil-go/src/yggdrasil" "github.com/yggdrasil-network/yggdrasil-go/src/yggdrasil"
@ -118,7 +116,9 @@ func (tun *TunAdapter) Init(core *yggdrasil.Core, config *config.NodeState, log
tun.store.init(tun) tun.store.init(tun)
tun.config = config tun.config = config
tun.log = log tun.log = log
tun.core.SetOutOfBandHandler(tun.oobHandler) if err := tun.core.SetOutOfBandHandler(tun.oobHandler); err != nil {
return fmt.Errorf("tun.core.SetOutOfBandHander: %w", err)
}
return nil return nil
} }
@ -141,12 +141,6 @@ func (tun *TunAdapter) _start() error {
if tun.config == nil { if tun.config == nil {
return errors.New("no configuration available to TUN") return errors.New("no configuration available to TUN")
} }
var boxPub crypto.BoxPubKey
boxPubHex, err := hex.DecodeString(current.EncryptionPublicKey)
if err != nil {
return err
}
copy(boxPub[:], boxPubHex)
sk := tun.core.PrivateKey() sk := tun.core.PrivateKey()
pk := sk.Public().(ed25519.PublicKey) pk := sk.Public().(ed25519.PublicKey)
tun.addr = *address.AddrForKey(pk) tun.addr = *address.AddrForKey(pk)

View File

@ -52,16 +52,10 @@ func (c *Core) _init() error {
} }
c.secret = ed25519.PrivateKey(sigPriv) c.secret = ed25519.PrivateKey(sigPriv)
sigPub := c.secret.Public() c.public = c.secret.Public().(ed25519.PublicKey)
c.public = sigPub.(ed25519.PublicKey)
pc, err := iw.NewPacketConn(c.secret) c.PacketConn, err = iw.NewPacketConn(c.secret)
if err != nil {
return err return err
}
c.PacketConn = pc
return nil
} }
// If any static peers were provided in the configuration above then we should // If any static peers were provided in the configuration above then we should

View File

@ -22,7 +22,7 @@ func version_getBaseMetadata() version_metadata {
return version_metadata{ return version_metadata{
meta: [4]byte{'m', 'e', 't', 'a'}, meta: [4]byte{'m', 'e', 't', 'a'},
ver: 0, ver: 0,
minorVer: 0, minorVer: 1,
} }
} }