fix gateway probe and remove code duplication for finalizing registration

This commit is contained in:
Jędrzej Stuczyński
2025-10-13 11:43:03 +01:00
parent 7f43f38879
commit 3f82cf6d5f
5 changed files with 240 additions and 229 deletions
+103 -19
View File
@@ -4,17 +4,16 @@
use std::fmt;
use std::net::{Ipv4Addr, Ipv6Addr};
use crate::latest::registration::IpPair;
use crate::{AuthenticatorVersion, Error, v1, v2, v3, v4, v5, v6};
use nym_credentials_interface::{
BandwidthCredential, CredentialSpendingData, TicketType, UnknownTicketType,
};
use nym_crypto::asymmetric::x25519::PrivateKey;
use nym_crypto::asymmetric::x25519;
use nym_wireguard_types::PeerPublicKey;
use serde::{Deserialize, Serialize};
use tracing::error;
use crate::latest::registration::IpPair;
use crate::{AuthenticatorVersion, Error, v1, v2, v3, v4, v5, v6};
#[derive(Serialize, Deserialize, Debug, Clone, PartialEq)]
pub struct BandwidthClaim {
pub credential: BandwidthCredential,
@@ -179,7 +178,7 @@ impl InitMessage for v6::registration::InitMessage {
pub trait FinalMessage: Versionable + fmt::Debug {
fn gateway_client_pub_key(&self) -> PeerPublicKey;
fn verify(&self, private_key: &PrivateKey, nonce: u64) -> Result<(), Error>;
fn verify(&self, private_key: &x25519::PrivateKey, nonce: u64) -> Result<(), Error>;
fn private_ips(&self) -> IpPair;
fn gateway_client_ipv4(&self) -> Option<Ipv4Addr>;
fn gateway_client_ipv6(&self) -> Option<Ipv6Addr>;
@@ -192,7 +191,7 @@ impl FinalMessage for v1::GatewayClient {
self.pub_key
}
fn verify(&self, private_key: &PrivateKey, nonce: u64) -> Result<(), Error> {
fn verify(&self, private_key: &x25519::PrivateKey, nonce: u64) -> Result<(), Error> {
self.verify(private_key, nonce)
}
@@ -225,7 +224,7 @@ impl FinalMessage for v2::registration::FinalMessage {
self.gateway_client.pub_key
}
fn verify(&self, private_key: &PrivateKey, nonce: u64) -> Result<(), Error> {
fn verify(&self, private_key: &x25519::PrivateKey, nonce: u64) -> Result<(), Error> {
self.gateway_client.verify(private_key, nonce)
}
@@ -262,7 +261,7 @@ impl FinalMessage for v3::registration::FinalMessage {
self.gateway_client.pub_key
}
fn verify(&self, private_key: &PrivateKey, nonce: u64) -> Result<(), Error> {
fn verify(&self, private_key: &x25519::PrivateKey, nonce: u64) -> Result<(), Error> {
self.gateway_client.verify(private_key, nonce)
}
@@ -299,7 +298,7 @@ impl FinalMessage for v4::registration::FinalMessage {
self.gateway_client.pub_key
}
fn verify(&self, private_key: &PrivateKey, nonce: u64) -> Result<(), Error> {
fn verify(&self, private_key: &x25519::PrivateKey, nonce: u64) -> Result<(), Error> {
self.gateway_client.verify(private_key, nonce)
}
@@ -334,7 +333,7 @@ impl FinalMessage for v5::registration::FinalMessage {
self.gateway_client.pub_key
}
fn verify(&self, private_key: &PrivateKey, nonce: u64) -> Result<(), Error> {
fn verify(&self, private_key: &x25519::PrivateKey, nonce: u64) -> Result<(), Error> {
self.gateway_client.verify(private_key, nonce)
}
@@ -368,7 +367,7 @@ impl FinalMessage for v6::registration::FinalMessage {
self.gateway_client.pub_key
}
fn verify(&self, private_key: &PrivateKey, nonce: u64) -> Result<(), Error> {
fn verify(&self, private_key: &x25519::PrivateKey, nonce: u64) -> Result<(), Error> {
self.gateway_client.verify(private_key, nonce)
}
@@ -568,9 +567,14 @@ impl Id for v6::response::TopUpBandwidthResponse {
pub trait PendingRegistrationResponse: Id + fmt::Debug {
fn nonce(&self) -> u64;
fn verify(&self, gateway_key: &PrivateKey) -> Result<(), Error>;
fn verify(&self, gateway_key: &x25519::PrivateKey) -> Result<(), Error>;
fn pub_key(&self) -> PeerPublicKey;
fn private_ips(&self) -> IpPair;
fn finalise_registration(
&self,
private_key: &x25519::PrivateKey,
credential: Option<BandwidthClaim>,
) -> Box<dyn FinalMessage + Send + Sync>;
}
impl PendingRegistrationResponse for v2::response::PendingRegistrationResponse {
@@ -578,7 +582,7 @@ impl PendingRegistrationResponse for v2::response::PendingRegistrationResponse {
self.reply.nonce
}
fn verify(&self, gateway_key: &PrivateKey) -> Result<(), Error> {
fn verify(&self, gateway_key: &x25519::PrivateKey) -> Result<(), Error> {
self.reply.gateway_data.verify(gateway_key, self.nonce())
}
@@ -589,6 +593,22 @@ impl PendingRegistrationResponse for v2::response::PendingRegistrationResponse {
fn private_ips(&self) -> IpPair {
self.reply.gateway_data.private_ip.into()
}
fn finalise_registration(
&self,
private_key: &x25519::PrivateKey,
credential: Option<BandwidthClaim>,
) -> Box<dyn FinalMessage + Send + Sync> {
Box::new(v2::registration::FinalMessage {
gateway_client: v2::registration::GatewayClient::new(
private_key,
self.pub_key().inner(),
self.private_ips().ipv4.into(),
self.nonce(),
),
credential: credential.and_then(|b| b.credential.into_zk_nym().map(|c| *c)),
})
}
}
impl PendingRegistrationResponse for v3::response::PendingRegistrationResponse {
@@ -596,7 +616,7 @@ impl PendingRegistrationResponse for v3::response::PendingRegistrationResponse {
self.reply.nonce
}
fn verify(&self, gateway_key: &PrivateKey) -> Result<(), Error> {
fn verify(&self, gateway_key: &x25519::PrivateKey) -> Result<(), Error> {
self.reply.gateway_data.verify(gateway_key, self.nonce())
}
@@ -607,6 +627,22 @@ impl PendingRegistrationResponse for v3::response::PendingRegistrationResponse {
fn private_ips(&self) -> IpPair {
self.reply.gateway_data.private_ip.into()
}
fn finalise_registration(
&self,
private_key: &x25519::PrivateKey,
credential: Option<BandwidthClaim>,
) -> Box<dyn FinalMessage + Send + Sync> {
Box::new(v3::registration::FinalMessage {
gateway_client: v3::registration::GatewayClient::new(
private_key,
self.pub_key().inner(),
self.private_ips().ipv4.into(),
self.nonce(),
),
credential: credential.and_then(|b| b.credential.into_zk_nym().map(|c| *c)),
})
}
}
impl PendingRegistrationResponse for v4::response::PendingRegistrationResponse {
@@ -614,7 +650,7 @@ impl PendingRegistrationResponse for v4::response::PendingRegistrationResponse {
self.reply.nonce
}
fn verify(&self, gateway_key: &PrivateKey) -> Result<(), Error> {
fn verify(&self, gateway_key: &x25519::PrivateKey) -> Result<(), Error> {
self.reply.gateway_data.verify(gateway_key, self.nonce())
}
@@ -626,6 +662,22 @@ impl PendingRegistrationResponse for v4::response::PendingRegistrationResponse {
// v4 -> v5 -> v6
v5::registration::IpPair::from(self.reply.gateway_data.private_ips).into()
}
fn finalise_registration(
&self,
private_key: &x25519::PrivateKey,
credential: Option<BandwidthClaim>,
) -> Box<dyn FinalMessage + Send + Sync> {
Box::new(v4::registration::FinalMessage {
gateway_client: v4::registration::GatewayClient::new(
private_key,
self.pub_key().inner(),
self.reply.gateway_data.private_ips,
self.nonce(),
),
credential: credential.and_then(|b| b.credential.into_zk_nym().map(|c| *c)),
})
}
}
impl PendingRegistrationResponse for v5::response::PendingRegistrationResponse {
@@ -633,7 +685,7 @@ impl PendingRegistrationResponse for v5::response::PendingRegistrationResponse {
self.reply.nonce
}
fn verify(&self, gateway_key: &PrivateKey) -> Result<(), Error> {
fn verify(&self, gateway_key: &x25519::PrivateKey) -> Result<(), Error> {
self.reply.gateway_data.verify(gateway_key, self.nonce())
}
@@ -644,6 +696,22 @@ impl PendingRegistrationResponse for v5::response::PendingRegistrationResponse {
fn private_ips(&self) -> IpPair {
self.reply.gateway_data.private_ips.into()
}
fn finalise_registration(
&self,
private_key: &x25519::PrivateKey,
credential: Option<BandwidthClaim>,
) -> Box<dyn FinalMessage + Send + Sync> {
Box::new(v5::registration::FinalMessage {
gateway_client: v5::registration::GatewayClient::new(
private_key,
self.pub_key().inner(),
self.reply.gateway_data.private_ips,
self.nonce(),
),
credential: credential.and_then(|b| b.credential.into_zk_nym().map(|c| *c)),
})
}
}
impl PendingRegistrationResponse for v6::response::PendingRegistrationResponse {
@@ -651,7 +719,7 @@ impl PendingRegistrationResponse for v6::response::PendingRegistrationResponse {
self.reply.nonce
}
fn verify(&self, gateway_key: &PrivateKey) -> Result<(), Error> {
fn verify(&self, gateway_key: &x25519::PrivateKey) -> Result<(), Error> {
self.reply.gateway_data.verify(gateway_key, self.nonce())
}
@@ -660,7 +728,23 @@ impl PendingRegistrationResponse for v6::response::PendingRegistrationResponse {
}
fn private_ips(&self) -> IpPair {
self.reply.gateway_data.private_ips.into()
self.reply.gateway_data.private_ips
}
fn finalise_registration(
&self,
private_key: &x25519::PrivateKey,
credential: Option<BandwidthClaim>,
) -> Box<dyn FinalMessage + Send + Sync> {
Box::new(v6::registration::FinalMessage {
gateway_client: v6::registration::GatewayClient::new(
private_key,
self.pub_key().inner(),
self.reply.gateway_data.private_ips,
self.nonce(),
),
credential,
})
}
}
@@ -728,7 +812,7 @@ impl RegisteredResponse for v5::response::RegisteredResponse {
impl RegisteredResponse for v6::response::RegisteredResponse {
fn private_ips(&self) -> IpPair {
self.reply.private_ips.into()
self.reply.private_ips
}
fn pub_key(&self) -> PeerPublicKey {
@@ -1018,7 +1018,7 @@ fn deserialize_request(
match version {
AuthenticatorVersion::V1 => {
// this branch should be unreachable as v1 has already been handled independently
return Err(AuthenticatorError::UnknownVersion);
Err(AuthenticatorError::UnknownVersion)
}
AuthenticatorVersion::V2 => {
v2::request::AuthenticatorRequest::from_reconstructed_message(reconstructed)
+121 -157
View File
@@ -17,7 +17,7 @@ use nym_authenticator_requests::{
traits::Id, v2, v3, v4, v5, v6,
};
use nym_credentials_interface::{CredentialSpendingData, TicketType};
use nym_sdk::mixnet::{IncludedSurbs, Recipient};
use nym_sdk::mixnet::{IncludedSurbs, Recipient, ReconstructedMessage};
use nym_service_provider_requests_common::{Protocol, ServiceProviderTypeExt};
use nym_wireguard_types::PeerPublicKey;
@@ -61,6 +61,10 @@ impl AuthenticatorClient {
}
}
fn peer_public_key(&self) -> PeerPublicKey {
PeerPublicKey::from(self.keypair.public_key().inner())
}
pub async fn send_and_wait_for_response(
&mut self,
message: &ClientMessage,
@@ -98,6 +102,79 @@ impl AuthenticatorClient {
Ok(request_id)
}
fn handle_response(
&self,
msg: Arc<ReconstructedMessage>,
request_id: u64,
) -> Option<Result<AuthenticatorResponse>> {
let Some(header) = msg.message.first_chunk::<2>() else {
debug!(
"received too short message that couldn't have been from the authenticator while waiting for connect response"
);
return None;
};
let Ok(protocol) = Protocol::try_from(header) else {
debug!(
"received a message not meant to any service provider while waiting for connect response"
);
return None;
};
if !protocol.service_provider_type.is_authenticator() {
debug!("Received non-authenticator message while waiting for connect response");
return None;
}
// Confirm that the version is correct
let version = AuthenticatorVersion::from(protocol.version);
// Then we deserialize the message
debug!(
"AuthClient: got message while waiting for connect response with version {version:?}"
);
let ret: Result<AuthenticatorResponse> = match version {
AuthenticatorVersion::V1 | AuthenticatorVersion::UNKNOWN => {
return Some(Err(Error::UnsupportedAuthenticatorVersion));
}
AuthenticatorVersion::V2 => {
v2::response::AuthenticatorResponse::from_reconstructed_message(&msg)
.map(Into::into)
.map_err(Into::into)
}
AuthenticatorVersion::V3 => {
v3::response::AuthenticatorResponse::from_reconstructed_message(&msg)
.map(Into::into)
.map_err(Into::into)
}
AuthenticatorVersion::V4 => {
v4::response::AuthenticatorResponse::from_reconstructed_message(&msg)
.map(Into::into)
.map_err(Into::into)
}
AuthenticatorVersion::V5 => {
v5::response::AuthenticatorResponse::from_reconstructed_message(&msg)
.map(Into::into)
.map_err(Into::into)
}
AuthenticatorVersion::V6 => {
v6::response::AuthenticatorResponse::from_reconstructed_message(&msg)
.map(Into::into)
.map_err(Into::into)
}
};
let Ok(response) = ret else {
// This is ok, it's likely just one of our self-pings
debug!("Failed to deserialize reconstructed message");
return None;
};
if response.id() == request_id {
debug!("Got response with matching id");
return Some(Ok(response));
}
None
}
async fn listen_for_response(&mut self, request_id: u64) -> Result<AuthenticatorResponse> {
let timeout = tokio::time::sleep(Duration::from_secs(10));
tokio::pin!(timeout);
@@ -113,43 +190,9 @@ impl AuthenticatorClient {
return Err(Error::NoMixnetMessagesReceived);
}
Ok(msg) => {
let Some(header) = msg.message.first_chunk::<2>() else {
debug!("received too short message that couldn't have been from the authenticator while waiting for connect response");
continue;
};
let Ok(protocol) = Protocol::try_from(header) else {
debug!("received a message not meant to any service provider while waiting for connect response");
continue;
};
if !protocol.service_provider_type.is_authenticator() {
debug!("Received non-authenticator message while waiting for connect response");
continue;
}
// Confirm that the version is correct
let version = AuthenticatorVersion::from(protocol.version);
// Then we deserialize the message
debug!("AuthClient: got message while waiting for connect response with version {version:?}");
let ret: Result<AuthenticatorResponse> = match version {
AuthenticatorVersion::V1 => Err(Error::UnsupportedVersion),
AuthenticatorVersion::V2 => v2::response::AuthenticatorResponse::from_reconstructed_message(&msg).map(Into::into).map_err(Into::into),
AuthenticatorVersion::V3 => v3::response::AuthenticatorResponse::from_reconstructed_message(&msg).map(Into::into).map_err(Into::into),
AuthenticatorVersion::V4 => v4::response::AuthenticatorResponse::from_reconstructed_message(&msg).map(Into::into).map_err(Into::into),
AuthenticatorVersion::V5 => v5::response::AuthenticatorResponse::from_reconstructed_message(&msg).map(Into::into).map_err(Into::into),
AuthenticatorVersion::V6 => v6::response::AuthenticatorResponse::from_reconstructed_message(&msg).map(Into::into).map_err(Into::into),
AuthenticatorVersion::UNKNOWN => Err(Error::UnknownVersion),
};
let Ok(response) = ret else {
// This is ok, it's likely just one of our self-pings
debug!("Failed to deserialize reconstructed message");
continue;
};
if response.id() == request_id {
debug!("Got response with matching id");
return Ok(response);
match self.handle_response(msg, request_id) {
None => continue,
Some(res) => return res,
}
}
}
@@ -163,34 +206,27 @@ impl AuthenticatorClient {
ticketbook_type: TicketType,
) -> Result<GatewayData> {
debug!("Registering with the wg gateway...");
let pub_key = self.peer_public_key();
let init_message = match self.auth_version {
AuthenticatorVersion::V1 => return Err(Error::UnsupportedAuthenticatorVersion),
AuthenticatorVersion::V1 | AuthenticatorVersion::UNKNOWN => {
return Err(Error::UnsupportedAuthenticatorVersion);
}
AuthenticatorVersion::V2 => {
ClientMessage::Initial(Box::new(v2::registration::InitMessage {
pub_key: PeerPublicKey::new(self.keypair.public_key().to_bytes().into()),
}))
ClientMessage::Initial(Box::new(v2::registration::InitMessage { pub_key }))
}
AuthenticatorVersion::V3 => {
ClientMessage::Initial(Box::new(v3::registration::InitMessage {
pub_key: PeerPublicKey::new(self.keypair.public_key().to_bytes().into()),
}))
ClientMessage::Initial(Box::new(v3::registration::InitMessage { pub_key }))
}
AuthenticatorVersion::V4 => {
ClientMessage::Initial(Box::new(v4::registration::InitMessage {
pub_key: PeerPublicKey::new(self.keypair.public_key().to_bytes().into()),
}))
ClientMessage::Initial(Box::new(v4::registration::InitMessage { pub_key }))
}
AuthenticatorVersion::V5 => {
ClientMessage::Initial(Box::new(v5::registration::InitMessage {
pub_key: PeerPublicKey::new(self.keypair.public_key().to_bytes().into()),
}))
ClientMessage::Initial(Box::new(v5::registration::InitMessage { pub_key }))
}
AuthenticatorVersion::V6 => {
ClientMessage::Initial(Box::new(v6::registration::InitMessage {
pub_key: PeerPublicKey::new(self.keypair.public_key().to_bytes().into()),
}))
ClientMessage::Initial(Box::new(v6::registration::InitMessage { pub_key }))
}
AuthenticatorVersion::UNKNOWN => return Err(Error::UnsupportedAuthenticatorVersion),
};
trace!("sending init msg to {}: {:?}", &self.ip_addr, &init_message);
let response = self.send_and_wait_for_response(&init_message).await?;
@@ -221,84 +257,19 @@ impl AuthenticatorClient {
})?
.data,
);
let credential = credential
.map(TryInto::try_into)
.transpose()
.inspect_err(|err| error!("failed to convert {ticketbook_type} ticket to a valid BandwidthClaim: {err}"))
.map_err(|_| Error::InternalError)?;
let finalized_message = match self.auth_version {
AuthenticatorVersion::V1 => return Err(Error::UnsupportedAuthenticatorVersion),
AuthenticatorVersion::V2 => {
ClientMessage::Final(Box::new(v2::registration::FinalMessage {
gateway_client: v2::registration::GatewayClient::new(
self.keypair.private_key(),
pending_registration_response.pub_key().inner(),
pending_registration_response.private_ips().ipv4.into(),
pending_registration_response.nonce(),
),
credential,
}))
}
AuthenticatorVersion::V3 => {
ClientMessage::Final(Box::new(v3::registration::FinalMessage {
gateway_client: v3::registration::GatewayClient::new(
self.keypair.private_key(),
pending_registration_response.pub_key().inner(),
pending_registration_response.private_ips().ipv4.into(),
pending_registration_response.nonce(),
),
credential,
}))
}
AuthenticatorVersion::V4 => {
ClientMessage::Final(Box::new(v4::registration::FinalMessage {
gateway_client: v4::registration::GatewayClient::new(
self.keypair.private_key(),
pending_registration_response.pub_key().inner(),
// v6 -> v5 -> v4
v5::registration::IpPair::from(
pending_registration_response.private_ips(),
)
.into(),
pending_registration_response.nonce(),
),
credential,
}))
}
AuthenticatorVersion::V5 => {
ClientMessage::Final(Box::new(v5::registration::FinalMessage {
gateway_client: v5::registration::GatewayClient::new(
self.keypair.private_key(),
pending_registration_response.pub_key().inner(),
pending_registration_response.private_ips().into(),
pending_registration_response.nonce(),
),
credential,
}))
}
AuthenticatorVersion::V6 => {
ClientMessage::Final(Box::new(v6::registration::FinalMessage {
gateway_client: v6::registration::GatewayClient::new(
self.keypair.private_key(),
pending_registration_response.pub_key().inner(),
pending_registration_response.private_ips(),
pending_registration_response.nonce(),
),
// this conversion, in this context, should be infallible,
// as we should have retrieved a valid ticket type
credential: credential
.map(TryInto::try_into)
.transpose()
.inspect_err(|err| error!("failed to convert {ticketbook_type} ticket to a valid BandwidthClaim: {err}"))
.map_err(|_| Error::InternalError)?,
}))
}
AuthenticatorVersion::UNKNOWN => {
return Err(Error::UnsupportedAuthenticatorVersion);
}
};
trace!(
"sending final msg to {}: {:?}",
&self.ip_addr, &finalized_message
);
let finalized_message = pending_registration_response
.finalise_registration(self.keypair.private_key(), credential);
let client_message = ClientMessage::Final(finalized_message);
let response = self.send_and_wait_for_response(&finalized_message).await?;
trace!("sending final msg to {}: {client_message:?}", &self.ip_addr);
let response = self.send_and_wait_for_response(&client_message).await?;
let AuthenticatorResponse::Registered(registered_response) = response else {
return Err(Error::InvalidGatewayAuthResponse);
};
@@ -329,29 +300,20 @@ impl AuthenticatorClient {
}
pub async fn query_bandwidth(&mut self) -> Result<Option<i64>> {
let pub_key = self.peer_public_key();
let version = self.auth_version;
let query_message = match self.auth_version {
AuthenticatorVersion::V1 => return Err(Error::UnsupportedAuthenticatorVersion),
AuthenticatorVersion::V2 => ClientMessage::Query(Box::new(QueryMessageImpl {
pub_key: PeerPublicKey::new(self.keypair.public_key().to_bytes().into()),
version: AuthenticatorVersion::V2,
})),
AuthenticatorVersion::V3 => ClientMessage::Query(Box::new(QueryMessageImpl {
pub_key: PeerPublicKey::new(self.keypair.public_key().to_bytes().into()),
version: AuthenticatorVersion::V3,
})),
AuthenticatorVersion::V4 => ClientMessage::Query(Box::new(QueryMessageImpl {
pub_key: PeerPublicKey::new(self.keypair.public_key().to_bytes().into()),
version: AuthenticatorVersion::V4,
})),
AuthenticatorVersion::V5 => ClientMessage::Query(Box::new(QueryMessageImpl {
pub_key: PeerPublicKey::new(self.keypair.public_key().to_bytes().into()),
version: AuthenticatorVersion::V5,
})),
AuthenticatorVersion::V6 => ClientMessage::Query(Box::new(QueryMessageImpl {
pub_key: PeerPublicKey::new(self.keypair.public_key().to_bytes().into()),
version: AuthenticatorVersion::V6,
})),
AuthenticatorVersion::UNKNOWN => return Err(Error::UnsupportedAuthenticatorVersion),
AuthenticatorVersion::V1 | AuthenticatorVersion::UNKNOWN => {
return Err(Error::UnsupportedAuthenticatorVersion);
}
AuthenticatorVersion::V2
| AuthenticatorVersion::V3
| AuthenticatorVersion::V4
| AuthenticatorVersion::V5
| AuthenticatorVersion::V6 => {
ClientMessage::Query(Box::new(QueryMessageImpl { pub_key, version }))
}
};
let response = self.send_and_wait_for_response(&query_message).await?;
@@ -387,23 +349,25 @@ impl AuthenticatorClient {
}
pub async fn top_up(&mut self, credential: CredentialSpendingData) -> Result<i64> {
let pub_key = self.peer_public_key();
let top_up_message = match self.auth_version {
AuthenticatorVersion::V3 => ClientMessage::TopUp(Box::new(v3::topup::TopUpMessage {
pub_key: PeerPublicKey::new(self.keypair.public_key().to_bytes().into()),
pub_key,
credential,
})),
// NOTE: looks like a bug here using v3. But we're leaving it as is since it's working
// and V4 is deprecated in favour of V5
AuthenticatorVersion::V4 => ClientMessage::TopUp(Box::new(v4::topup::TopUpMessage {
pub_key: PeerPublicKey::new(self.keypair.public_key().to_bytes().into()),
pub_key,
credential,
})),
AuthenticatorVersion::V5 => ClientMessage::TopUp(Box::new(v5::topup::TopUpMessage {
pub_key: PeerPublicKey::new(self.keypair.public_key().to_bytes().into()),
pub_key,
credential,
})),
AuthenticatorVersion::V6 => ClientMessage::TopUp(Box::new(v6::topup::TopUpMessage {
pub_key: PeerPublicKey::new(self.keypair.public_key().to_bytes().into()),
pub_key,
credential,
})),
AuthenticatorVersion::V1 | AuthenticatorVersion::V2 | AuthenticatorVersion::UNKNOWN => {
+15 -51
View File
@@ -16,7 +16,7 @@ use futures::StreamExt;
use nym_authenticator_client::{AuthClientMixnetListener, AuthenticatorClient};
use nym_authenticator_requests::{
AuthenticatorVersion, client_message::ClientMessage, response::AuthenticatorResponse, v2, v3,
v4, v5,
v4, v5, v6,
};
use nym_client_core::config::ForgetMe;
use nym_config::defaults::{
@@ -467,6 +467,7 @@ async fn wg_probe(
auth_version: AuthenticatorVersion,
awg_args: String,
netstack_args: NetstackArgs,
// TODO: update type
credential: CredentialSpendingData,
) -> anyhow::Result<WgProbeResults> {
info!("attempting to use authenticator version {auth_version:?}");
@@ -493,6 +494,9 @@ async fn wg_probe(
AuthenticatorVersion::V5 => ClientMessage::Initial(Box::new(
v5::registration::InitMessage::new(authenticator_pub_key),
)),
AuthenticatorVersion::V6 => ClientMessage::Initial(Box::new(
v6::registration::InitMessage::new(authenticator_pub_key),
)),
AuthenticatorVersion::V1 | AuthenticatorVersion::UNKNOWN => bail!("unknown version number"),
};
@@ -512,57 +516,17 @@ async fn wg_probe(
debug!("Verifying data");
pending_registration_response.verify(&private_key)?;
let finalized_message = match auth_version {
AuthenticatorVersion::V2 => {
ClientMessage::Final(Box::new(v2::registration::FinalMessage {
gateway_client: v2::registration::GatewayClient::new(
&private_key,
pending_registration_response.pub_key().inner(),
pending_registration_response.private_ips().ipv4.into(),
pending_registration_response.nonce(),
),
credential: Some(credential),
}))
}
AuthenticatorVersion::V3 => {
ClientMessage::Final(Box::new(v3::registration::FinalMessage {
gateway_client: v3::registration::GatewayClient::new(
&private_key,
pending_registration_response.pub_key().inner(),
pending_registration_response.private_ips().ipv4.into(),
pending_registration_response.nonce(),
),
credential: Some(credential),
}))
}
AuthenticatorVersion::V4 => {
ClientMessage::Final(Box::new(v4::registration::FinalMessage {
gateway_client: v4::registration::GatewayClient::new(
&private_key,
pending_registration_response.pub_key().inner(),
pending_registration_response.private_ips().into(),
pending_registration_response.nonce(),
),
credential: Some(credential),
}))
}
AuthenticatorVersion::V5 => {
ClientMessage::Final(Box::new(v5::registration::FinalMessage {
gateway_client: v5::registration::GatewayClient::new(
&private_key,
pending_registration_response.pub_key().inner(),
pending_registration_response.private_ips(),
pending_registration_response.nonce(),
),
credential: Some(credential),
}))
}
AuthenticatorVersion::V1 | AuthenticatorVersion::UNKNOWN => {
bail!("Unknown version number")
}
};
let credential = credential
.try_into()
.inspect_err(|err| error!("invalid zk-nym data: {err}"))
.ok();
let finalized_message =
pending_registration_response.finalise_registration(&private_key, credential);
let client_message = ClientMessage::Final(finalized_message);
let response = auth_client
.send_and_wait_for_response(&finalized_message)
.send_and_wait_for_response(&client_message)
.await?;
let AuthenticatorResponse::Registered(registered_response) = response else {
bail!("Unexpected response");
@@ -1408,7 +1408,6 @@ pub async fn try_upgrade_config_v9<P: AsRef<Path>>(
.zk_nym_tickets
.maximum_time_between_redemption,
},
..Default::default()
},
},
service_providers: ServiceProvidersConfigV10 {