From bb92e61e68c0db85cd4164c0e2267abccbde0891 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Mon, 10 May 2021 22:06:38 +0100 Subject: [PATCH] Remove encryption public key options (they are now derived from ed25519 key conversion in IW), also bump link version number --- cmd/yggdrasil/main.go | 6 +----- src/config/config.go | 15 --------------- src/tuntap/tun.go | 12 +++--------- src/yggdrasil/core.go | 12 +++--------- src/yggdrasil/version.go | 2 +- 5 files changed, 8 insertions(+), 39 deletions(-) diff --git a/cmd/yggdrasil/main.go b/cmd/yggdrasil/main.go index 464d3c0f..bc3e1c40 100644 --- a/cmd/yggdrasil/main.go +++ b/cmd/yggdrasil/main.go @@ -220,11 +220,7 @@ func main() { } // Have we been asked for the node address yet? If so, print it and then stop. getNodeID := func() *crypto.NodeID { - if pubkey, err := hex.DecodeString(cfg.EncryptionPublicKey); err == nil { - var box crypto.BoxPubKey - copy(box[:], pubkey) - return crypto.GetNodeID(&box) - } + // TODO: curve return nil } switch { diff --git a/src/config/config.go b/src/config/config.go index 95d9bbd1..17c2618a 100644 --- a/src/config/config.go +++ b/src/config/config.go @@ -68,8 +68,6 @@ type NodeConfig struct { AdminListen string `comment:"Listen address for admin connections. Default is to listen for local\nconnections either on TCP/9001 or a UNIX socket depending on your\nplatform. Use this value for yggdrasilctl -endpoint=X. To disable\nthe admin socket, use the value \"none\" instead."` MulticastInterfaces []string `comment:"Regular expressions for which interfaces multicast peer discovery\nshould be enabled on. If none specified, multicast peer discovery is\ndisabled. The default value is .* which uses all interfaces."` AllowedEncryptionPublicKeys []string `comment:"List of peer encryption public keys to allow incoming TCP peering\nconnections from. If left empty/undefined then all connections will\nbe allowed by default. This does not affect outgoing peerings, nor\ndoes it affect link-local peers discovered via multicast."` - EncryptionPublicKey string `comment:"Your public encryption key. Your peers may ask you for this to put\ninto their AllowedEncryptionPublicKeys configuration."` - EncryptionPrivateKey string `comment:"Your private encryption key. DO NOT share this with anyone!"` SigningPublicKey string `comment:"Your public signing key. You should not ordinarily need to share\nthis with anyone."` SigningPrivateKey string `comment:"Your private signing key. DO NOT share this with anyone!"` LinkLocalTCPPort uint16 `comment:"The port number to be used for the link-local TCP listeners for the\nconfigured MulticastInterfaces. This option does not affect listeners\nspecified in the Listen option. Unless you plan to firewall link-local\ntraffic, it is best to leave this as the default value of 0. This\noption cannot currently be changed by reloading config during runtime."` @@ -113,14 +111,11 @@ type SwitchOptions struct { // using -autoconf. func GenerateConfig() *NodeConfig { // Generate encryption keys. - bpub, bpriv := crypto.NewBoxKeys() spub, spriv := crypto.NewSigKeys() // Create a node configuration and populate it. cfg := NodeConfig{} cfg.Listen = []string{} cfg.AdminListen = defaults.GetDefaults().DefaultAdminListen - cfg.EncryptionPublicKey = hex.EncodeToString(bpub[:]) - cfg.EncryptionPrivateKey = hex.EncodeToString(bpriv[:]) cfg.SigningPublicKey = hex.EncodeToString(spub[:]) cfg.SigningPrivateKey = hex.EncodeToString(spriv[:]) cfg.Peers = []string{} @@ -139,16 +134,6 @@ func GenerateConfig() *NodeConfig { return &cfg } -// NewEncryptionKeys replaces the encryption keypair in the NodeConfig with a -// new encryption keypair. The encryption keys are used by the router to encrypt -// traffic and to derive the node ID and IPv6 address/subnet of the node, so -// this is equivalent to discarding the node's identity on the network. -func (cfg *NodeConfig) NewEncryptionKeys() { - bpub, bpriv := crypto.NewBoxKeys() - cfg.EncryptionPublicKey = hex.EncodeToString(bpub[:]) - cfg.EncryptionPrivateKey = hex.EncodeToString(bpriv[:]) -} - // NewSigningKeys replaces the signing keypair in the NodeConfig with a new // signing keypair. The signing keys are used by the switch to derive the // structure of the spanning tree. diff --git a/src/tuntap/tun.go b/src/tuntap/tun.go index 68785cc1..2e44a017 100644 --- a/src/tuntap/tun.go +++ b/src/tuntap/tun.go @@ -10,7 +10,6 @@ package tuntap import ( "crypto/ed25519" - "encoding/hex" "errors" "fmt" "net" @@ -23,7 +22,6 @@ import ( "github.com/yggdrasil-network/yggdrasil-go/src/address" "github.com/yggdrasil-network/yggdrasil-go/src/config" - "github.com/yggdrasil-network/yggdrasil-go/src/crypto" "github.com/yggdrasil-network/yggdrasil-go/src/defaults" "github.com/yggdrasil-network/yggdrasil-go/src/types" "github.com/yggdrasil-network/yggdrasil-go/src/yggdrasil" @@ -118,7 +116,9 @@ func (tun *TunAdapter) Init(core *yggdrasil.Core, config *config.NodeState, log tun.store.init(tun) tun.config = config tun.log = log - tun.core.SetOutOfBandHandler(tun.oobHandler) + if err := tun.core.SetOutOfBandHandler(tun.oobHandler); err != nil { + return fmt.Errorf("tun.core.SetOutOfBandHander: %w", err) + } return nil } @@ -141,12 +141,6 @@ func (tun *TunAdapter) _start() error { if tun.config == nil { return errors.New("no configuration available to TUN") } - var boxPub crypto.BoxPubKey - boxPubHex, err := hex.DecodeString(current.EncryptionPublicKey) - if err != nil { - return err - } - copy(boxPub[:], boxPubHex) sk := tun.core.PrivateKey() pk := sk.Public().(ed25519.PublicKey) tun.addr = *address.AddrForKey(pk) diff --git a/src/yggdrasil/core.go b/src/yggdrasil/core.go index 4a55b007..e3c992d3 100644 --- a/src/yggdrasil/core.go +++ b/src/yggdrasil/core.go @@ -52,16 +52,10 @@ func (c *Core) _init() error { } c.secret = ed25519.PrivateKey(sigPriv) - sigPub := c.secret.Public() - c.public = sigPub.(ed25519.PublicKey) + c.public = c.secret.Public().(ed25519.PublicKey) - pc, err := iw.NewPacketConn(c.secret) - if err != nil { - return err - } - c.PacketConn = pc - - return nil + c.PacketConn, err = iw.NewPacketConn(c.secret) + return err } // If any static peers were provided in the configuration above then we should diff --git a/src/yggdrasil/version.go b/src/yggdrasil/version.go index a3c9bce5..e653e92f 100644 --- a/src/yggdrasil/version.go +++ b/src/yggdrasil/version.go @@ -22,7 +22,7 @@ func version_getBaseMetadata() version_metadata { return version_metadata{ meta: [4]byte{'m', 'e', 't', 'a'}, ver: 0, - minorVer: 0, + minorVer: 1, } }