mirror of
https://github.com/cwinfo/yggdrasil-go.git
synced 2024-11-25 23:01:38 +00:00
Remove encryption public key options (they are now derived from ed25519 key conversion in IW), also bump link version number
This commit is contained in:
parent
6cb958e3dc
commit
bb92e61e68
@ -220,11 +220,7 @@ func main() {
|
|||||||
}
|
}
|
||||||
// Have we been asked for the node address yet? If so, print it and then stop.
|
// Have we been asked for the node address yet? If so, print it and then stop.
|
||||||
getNodeID := func() *crypto.NodeID {
|
getNodeID := func() *crypto.NodeID {
|
||||||
if pubkey, err := hex.DecodeString(cfg.EncryptionPublicKey); err == nil {
|
// TODO: curve
|
||||||
var box crypto.BoxPubKey
|
|
||||||
copy(box[:], pubkey)
|
|
||||||
return crypto.GetNodeID(&box)
|
|
||||||
}
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
switch {
|
switch {
|
||||||
|
@ -68,8 +68,6 @@ type NodeConfig struct {
|
|||||||
AdminListen string `comment:"Listen address for admin connections. Default is to listen for local\nconnections either on TCP/9001 or a UNIX socket depending on your\nplatform. Use this value for yggdrasilctl -endpoint=X. To disable\nthe admin socket, use the value \"none\" instead."`
|
AdminListen string `comment:"Listen address for admin connections. Default is to listen for local\nconnections either on TCP/9001 or a UNIX socket depending on your\nplatform. Use this value for yggdrasilctl -endpoint=X. To disable\nthe admin socket, use the value \"none\" instead."`
|
||||||
MulticastInterfaces []string `comment:"Regular expressions for which interfaces multicast peer discovery\nshould be enabled on. If none specified, multicast peer discovery is\ndisabled. The default value is .* which uses all interfaces."`
|
MulticastInterfaces []string `comment:"Regular expressions for which interfaces multicast peer discovery\nshould be enabled on. If none specified, multicast peer discovery is\ndisabled. The default value is .* which uses all interfaces."`
|
||||||
AllowedEncryptionPublicKeys []string `comment:"List of peer encryption public keys to allow incoming TCP peering\nconnections from. If left empty/undefined then all connections will\nbe allowed by default. This does not affect outgoing peerings, nor\ndoes it affect link-local peers discovered via multicast."`
|
AllowedEncryptionPublicKeys []string `comment:"List of peer encryption public keys to allow incoming TCP peering\nconnections from. If left empty/undefined then all connections will\nbe allowed by default. This does not affect outgoing peerings, nor\ndoes it affect link-local peers discovered via multicast."`
|
||||||
EncryptionPublicKey string `comment:"Your public encryption key. Your peers may ask you for this to put\ninto their AllowedEncryptionPublicKeys configuration."`
|
|
||||||
EncryptionPrivateKey string `comment:"Your private encryption key. DO NOT share this with anyone!"`
|
|
||||||
SigningPublicKey string `comment:"Your public signing key. You should not ordinarily need to share\nthis with anyone."`
|
SigningPublicKey string `comment:"Your public signing key. You should not ordinarily need to share\nthis with anyone."`
|
||||||
SigningPrivateKey string `comment:"Your private signing key. DO NOT share this with anyone!"`
|
SigningPrivateKey string `comment:"Your private signing key. DO NOT share this with anyone!"`
|
||||||
LinkLocalTCPPort uint16 `comment:"The port number to be used for the link-local TCP listeners for the\nconfigured MulticastInterfaces. This option does not affect listeners\nspecified in the Listen option. Unless you plan to firewall link-local\ntraffic, it is best to leave this as the default value of 0. This\noption cannot currently be changed by reloading config during runtime."`
|
LinkLocalTCPPort uint16 `comment:"The port number to be used for the link-local TCP listeners for the\nconfigured MulticastInterfaces. This option does not affect listeners\nspecified in the Listen option. Unless you plan to firewall link-local\ntraffic, it is best to leave this as the default value of 0. This\noption cannot currently be changed by reloading config during runtime."`
|
||||||
@ -113,14 +111,11 @@ type SwitchOptions struct {
|
|||||||
// using -autoconf.
|
// using -autoconf.
|
||||||
func GenerateConfig() *NodeConfig {
|
func GenerateConfig() *NodeConfig {
|
||||||
// Generate encryption keys.
|
// Generate encryption keys.
|
||||||
bpub, bpriv := crypto.NewBoxKeys()
|
|
||||||
spub, spriv := crypto.NewSigKeys()
|
spub, spriv := crypto.NewSigKeys()
|
||||||
// Create a node configuration and populate it.
|
// Create a node configuration and populate it.
|
||||||
cfg := NodeConfig{}
|
cfg := NodeConfig{}
|
||||||
cfg.Listen = []string{}
|
cfg.Listen = []string{}
|
||||||
cfg.AdminListen = defaults.GetDefaults().DefaultAdminListen
|
cfg.AdminListen = defaults.GetDefaults().DefaultAdminListen
|
||||||
cfg.EncryptionPublicKey = hex.EncodeToString(bpub[:])
|
|
||||||
cfg.EncryptionPrivateKey = hex.EncodeToString(bpriv[:])
|
|
||||||
cfg.SigningPublicKey = hex.EncodeToString(spub[:])
|
cfg.SigningPublicKey = hex.EncodeToString(spub[:])
|
||||||
cfg.SigningPrivateKey = hex.EncodeToString(spriv[:])
|
cfg.SigningPrivateKey = hex.EncodeToString(spriv[:])
|
||||||
cfg.Peers = []string{}
|
cfg.Peers = []string{}
|
||||||
@ -139,16 +134,6 @@ func GenerateConfig() *NodeConfig {
|
|||||||
return &cfg
|
return &cfg
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewEncryptionKeys replaces the encryption keypair in the NodeConfig with a
|
|
||||||
// new encryption keypair. The encryption keys are used by the router to encrypt
|
|
||||||
// traffic and to derive the node ID and IPv6 address/subnet of the node, so
|
|
||||||
// this is equivalent to discarding the node's identity on the network.
|
|
||||||
func (cfg *NodeConfig) NewEncryptionKeys() {
|
|
||||||
bpub, bpriv := crypto.NewBoxKeys()
|
|
||||||
cfg.EncryptionPublicKey = hex.EncodeToString(bpub[:])
|
|
||||||
cfg.EncryptionPrivateKey = hex.EncodeToString(bpriv[:])
|
|
||||||
}
|
|
||||||
|
|
||||||
// NewSigningKeys replaces the signing keypair in the NodeConfig with a new
|
// NewSigningKeys replaces the signing keypair in the NodeConfig with a new
|
||||||
// signing keypair. The signing keys are used by the switch to derive the
|
// signing keypair. The signing keys are used by the switch to derive the
|
||||||
// structure of the spanning tree.
|
// structure of the spanning tree.
|
||||||
|
@ -10,7 +10,6 @@ package tuntap
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/ed25519"
|
"crypto/ed25519"
|
||||||
"encoding/hex"
|
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
"net"
|
||||||
@ -23,7 +22,6 @@ import (
|
|||||||
|
|
||||||
"github.com/yggdrasil-network/yggdrasil-go/src/address"
|
"github.com/yggdrasil-network/yggdrasil-go/src/address"
|
||||||
"github.com/yggdrasil-network/yggdrasil-go/src/config"
|
"github.com/yggdrasil-network/yggdrasil-go/src/config"
|
||||||
"github.com/yggdrasil-network/yggdrasil-go/src/crypto"
|
|
||||||
"github.com/yggdrasil-network/yggdrasil-go/src/defaults"
|
"github.com/yggdrasil-network/yggdrasil-go/src/defaults"
|
||||||
"github.com/yggdrasil-network/yggdrasil-go/src/types"
|
"github.com/yggdrasil-network/yggdrasil-go/src/types"
|
||||||
"github.com/yggdrasil-network/yggdrasil-go/src/yggdrasil"
|
"github.com/yggdrasil-network/yggdrasil-go/src/yggdrasil"
|
||||||
@ -118,7 +116,9 @@ func (tun *TunAdapter) Init(core *yggdrasil.Core, config *config.NodeState, log
|
|||||||
tun.store.init(tun)
|
tun.store.init(tun)
|
||||||
tun.config = config
|
tun.config = config
|
||||||
tun.log = log
|
tun.log = log
|
||||||
tun.core.SetOutOfBandHandler(tun.oobHandler)
|
if err := tun.core.SetOutOfBandHandler(tun.oobHandler); err != nil {
|
||||||
|
return fmt.Errorf("tun.core.SetOutOfBandHander: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
@ -141,12 +141,6 @@ func (tun *TunAdapter) _start() error {
|
|||||||
if tun.config == nil {
|
if tun.config == nil {
|
||||||
return errors.New("no configuration available to TUN")
|
return errors.New("no configuration available to TUN")
|
||||||
}
|
}
|
||||||
var boxPub crypto.BoxPubKey
|
|
||||||
boxPubHex, err := hex.DecodeString(current.EncryptionPublicKey)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
copy(boxPub[:], boxPubHex)
|
|
||||||
sk := tun.core.PrivateKey()
|
sk := tun.core.PrivateKey()
|
||||||
pk := sk.Public().(ed25519.PublicKey)
|
pk := sk.Public().(ed25519.PublicKey)
|
||||||
tun.addr = *address.AddrForKey(pk)
|
tun.addr = *address.AddrForKey(pk)
|
||||||
|
@ -52,16 +52,10 @@ func (c *Core) _init() error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
c.secret = ed25519.PrivateKey(sigPriv)
|
c.secret = ed25519.PrivateKey(sigPriv)
|
||||||
sigPub := c.secret.Public()
|
c.public = c.secret.Public().(ed25519.PublicKey)
|
||||||
c.public = sigPub.(ed25519.PublicKey)
|
|
||||||
|
|
||||||
pc, err := iw.NewPacketConn(c.secret)
|
c.PacketConn, err = iw.NewPacketConn(c.secret)
|
||||||
if err != nil {
|
|
||||||
return err
|
return err
|
||||||
}
|
|
||||||
c.PacketConn = pc
|
|
||||||
|
|
||||||
return nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// If any static peers were provided in the configuration above then we should
|
// If any static peers were provided in the configuration above then we should
|
||||||
|
@ -22,7 +22,7 @@ func version_getBaseMetadata() version_metadata {
|
|||||||
return version_metadata{
|
return version_metadata{
|
||||||
meta: [4]byte{'m', 'e', 't', 'a'},
|
meta: [4]byte{'m', 'e', 't', 'a'},
|
||||||
ver: 0,
|
ver: 0,
|
||||||
minorVer: 0,
|
minorVer: 1,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user