fix gateway probe and remove code duplication for finalizing registration
This commit is contained in:
@@ -4,17 +4,16 @@
|
||||
use std::fmt;
|
||||
use std::net::{Ipv4Addr, Ipv6Addr};
|
||||
|
||||
use crate::latest::registration::IpPair;
|
||||
use crate::{AuthenticatorVersion, Error, v1, v2, v3, v4, v5, v6};
|
||||
use nym_credentials_interface::{
|
||||
BandwidthCredential, CredentialSpendingData, TicketType, UnknownTicketType,
|
||||
};
|
||||
use nym_crypto::asymmetric::x25519::PrivateKey;
|
||||
use nym_crypto::asymmetric::x25519;
|
||||
use nym_wireguard_types::PeerPublicKey;
|
||||
use serde::{Deserialize, Serialize};
|
||||
use tracing::error;
|
||||
|
||||
use crate::latest::registration::IpPair;
|
||||
use crate::{AuthenticatorVersion, Error, v1, v2, v3, v4, v5, v6};
|
||||
|
||||
#[derive(Serialize, Deserialize, Debug, Clone, PartialEq)]
|
||||
pub struct BandwidthClaim {
|
||||
pub credential: BandwidthCredential,
|
||||
@@ -179,7 +178,7 @@ impl InitMessage for v6::registration::InitMessage {
|
||||
|
||||
pub trait FinalMessage: Versionable + fmt::Debug {
|
||||
fn gateway_client_pub_key(&self) -> PeerPublicKey;
|
||||
fn verify(&self, private_key: &PrivateKey, nonce: u64) -> Result<(), Error>;
|
||||
fn verify(&self, private_key: &x25519::PrivateKey, nonce: u64) -> Result<(), Error>;
|
||||
fn private_ips(&self) -> IpPair;
|
||||
fn gateway_client_ipv4(&self) -> Option<Ipv4Addr>;
|
||||
fn gateway_client_ipv6(&self) -> Option<Ipv6Addr>;
|
||||
@@ -192,7 +191,7 @@ impl FinalMessage for v1::GatewayClient {
|
||||
self.pub_key
|
||||
}
|
||||
|
||||
fn verify(&self, private_key: &PrivateKey, nonce: u64) -> Result<(), Error> {
|
||||
fn verify(&self, private_key: &x25519::PrivateKey, nonce: u64) -> Result<(), Error> {
|
||||
self.verify(private_key, nonce)
|
||||
}
|
||||
|
||||
@@ -225,7 +224,7 @@ impl FinalMessage for v2::registration::FinalMessage {
|
||||
self.gateway_client.pub_key
|
||||
}
|
||||
|
||||
fn verify(&self, private_key: &PrivateKey, nonce: u64) -> Result<(), Error> {
|
||||
fn verify(&self, private_key: &x25519::PrivateKey, nonce: u64) -> Result<(), Error> {
|
||||
self.gateway_client.verify(private_key, nonce)
|
||||
}
|
||||
|
||||
@@ -262,7 +261,7 @@ impl FinalMessage for v3::registration::FinalMessage {
|
||||
self.gateway_client.pub_key
|
||||
}
|
||||
|
||||
fn verify(&self, private_key: &PrivateKey, nonce: u64) -> Result<(), Error> {
|
||||
fn verify(&self, private_key: &x25519::PrivateKey, nonce: u64) -> Result<(), Error> {
|
||||
self.gateway_client.verify(private_key, nonce)
|
||||
}
|
||||
|
||||
@@ -299,7 +298,7 @@ impl FinalMessage for v4::registration::FinalMessage {
|
||||
self.gateway_client.pub_key
|
||||
}
|
||||
|
||||
fn verify(&self, private_key: &PrivateKey, nonce: u64) -> Result<(), Error> {
|
||||
fn verify(&self, private_key: &x25519::PrivateKey, nonce: u64) -> Result<(), Error> {
|
||||
self.gateway_client.verify(private_key, nonce)
|
||||
}
|
||||
|
||||
@@ -334,7 +333,7 @@ impl FinalMessage for v5::registration::FinalMessage {
|
||||
self.gateway_client.pub_key
|
||||
}
|
||||
|
||||
fn verify(&self, private_key: &PrivateKey, nonce: u64) -> Result<(), Error> {
|
||||
fn verify(&self, private_key: &x25519::PrivateKey, nonce: u64) -> Result<(), Error> {
|
||||
self.gateway_client.verify(private_key, nonce)
|
||||
}
|
||||
|
||||
@@ -368,7 +367,7 @@ impl FinalMessage for v6::registration::FinalMessage {
|
||||
self.gateway_client.pub_key
|
||||
}
|
||||
|
||||
fn verify(&self, private_key: &PrivateKey, nonce: u64) -> Result<(), Error> {
|
||||
fn verify(&self, private_key: &x25519::PrivateKey, nonce: u64) -> Result<(), Error> {
|
||||
self.gateway_client.verify(private_key, nonce)
|
||||
}
|
||||
|
||||
@@ -568,9 +567,14 @@ impl Id for v6::response::TopUpBandwidthResponse {
|
||||
|
||||
pub trait PendingRegistrationResponse: Id + fmt::Debug {
|
||||
fn nonce(&self) -> u64;
|
||||
fn verify(&self, gateway_key: &PrivateKey) -> Result<(), Error>;
|
||||
fn verify(&self, gateway_key: &x25519::PrivateKey) -> Result<(), Error>;
|
||||
fn pub_key(&self) -> PeerPublicKey;
|
||||
fn private_ips(&self) -> IpPair;
|
||||
fn finalise_registration(
|
||||
&self,
|
||||
private_key: &x25519::PrivateKey,
|
||||
credential: Option<BandwidthClaim>,
|
||||
) -> Box<dyn FinalMessage + Send + Sync>;
|
||||
}
|
||||
|
||||
impl PendingRegistrationResponse for v2::response::PendingRegistrationResponse {
|
||||
@@ -578,7 +582,7 @@ impl PendingRegistrationResponse for v2::response::PendingRegistrationResponse {
|
||||
self.reply.nonce
|
||||
}
|
||||
|
||||
fn verify(&self, gateway_key: &PrivateKey) -> Result<(), Error> {
|
||||
fn verify(&self, gateway_key: &x25519::PrivateKey) -> Result<(), Error> {
|
||||
self.reply.gateway_data.verify(gateway_key, self.nonce())
|
||||
}
|
||||
|
||||
@@ -589,6 +593,22 @@ impl PendingRegistrationResponse for v2::response::PendingRegistrationResponse {
|
||||
fn private_ips(&self) -> IpPair {
|
||||
self.reply.gateway_data.private_ip.into()
|
||||
}
|
||||
|
||||
fn finalise_registration(
|
||||
&self,
|
||||
private_key: &x25519::PrivateKey,
|
||||
credential: Option<BandwidthClaim>,
|
||||
) -> Box<dyn FinalMessage + Send + Sync> {
|
||||
Box::new(v2::registration::FinalMessage {
|
||||
gateway_client: v2::registration::GatewayClient::new(
|
||||
private_key,
|
||||
self.pub_key().inner(),
|
||||
self.private_ips().ipv4.into(),
|
||||
self.nonce(),
|
||||
),
|
||||
credential: credential.and_then(|b| b.credential.into_zk_nym().map(|c| *c)),
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
impl PendingRegistrationResponse for v3::response::PendingRegistrationResponse {
|
||||
@@ -596,7 +616,7 @@ impl PendingRegistrationResponse for v3::response::PendingRegistrationResponse {
|
||||
self.reply.nonce
|
||||
}
|
||||
|
||||
fn verify(&self, gateway_key: &PrivateKey) -> Result<(), Error> {
|
||||
fn verify(&self, gateway_key: &x25519::PrivateKey) -> Result<(), Error> {
|
||||
self.reply.gateway_data.verify(gateway_key, self.nonce())
|
||||
}
|
||||
|
||||
@@ -607,6 +627,22 @@ impl PendingRegistrationResponse for v3::response::PendingRegistrationResponse {
|
||||
fn private_ips(&self) -> IpPair {
|
||||
self.reply.gateway_data.private_ip.into()
|
||||
}
|
||||
|
||||
fn finalise_registration(
|
||||
&self,
|
||||
private_key: &x25519::PrivateKey,
|
||||
credential: Option<BandwidthClaim>,
|
||||
) -> Box<dyn FinalMessage + Send + Sync> {
|
||||
Box::new(v3::registration::FinalMessage {
|
||||
gateway_client: v3::registration::GatewayClient::new(
|
||||
private_key,
|
||||
self.pub_key().inner(),
|
||||
self.private_ips().ipv4.into(),
|
||||
self.nonce(),
|
||||
),
|
||||
credential: credential.and_then(|b| b.credential.into_zk_nym().map(|c| *c)),
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
impl PendingRegistrationResponse for v4::response::PendingRegistrationResponse {
|
||||
@@ -614,7 +650,7 @@ impl PendingRegistrationResponse for v4::response::PendingRegistrationResponse {
|
||||
self.reply.nonce
|
||||
}
|
||||
|
||||
fn verify(&self, gateway_key: &PrivateKey) -> Result<(), Error> {
|
||||
fn verify(&self, gateway_key: &x25519::PrivateKey) -> Result<(), Error> {
|
||||
self.reply.gateway_data.verify(gateway_key, self.nonce())
|
||||
}
|
||||
|
||||
@@ -626,6 +662,22 @@ impl PendingRegistrationResponse for v4::response::PendingRegistrationResponse {
|
||||
// v4 -> v5 -> v6
|
||||
v5::registration::IpPair::from(self.reply.gateway_data.private_ips).into()
|
||||
}
|
||||
|
||||
fn finalise_registration(
|
||||
&self,
|
||||
private_key: &x25519::PrivateKey,
|
||||
credential: Option<BandwidthClaim>,
|
||||
) -> Box<dyn FinalMessage + Send + Sync> {
|
||||
Box::new(v4::registration::FinalMessage {
|
||||
gateway_client: v4::registration::GatewayClient::new(
|
||||
private_key,
|
||||
self.pub_key().inner(),
|
||||
self.reply.gateway_data.private_ips,
|
||||
self.nonce(),
|
||||
),
|
||||
credential: credential.and_then(|b| b.credential.into_zk_nym().map(|c| *c)),
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
impl PendingRegistrationResponse for v5::response::PendingRegistrationResponse {
|
||||
@@ -633,7 +685,7 @@ impl PendingRegistrationResponse for v5::response::PendingRegistrationResponse {
|
||||
self.reply.nonce
|
||||
}
|
||||
|
||||
fn verify(&self, gateway_key: &PrivateKey) -> Result<(), Error> {
|
||||
fn verify(&self, gateway_key: &x25519::PrivateKey) -> Result<(), Error> {
|
||||
self.reply.gateway_data.verify(gateway_key, self.nonce())
|
||||
}
|
||||
|
||||
@@ -644,6 +696,22 @@ impl PendingRegistrationResponse for v5::response::PendingRegistrationResponse {
|
||||
fn private_ips(&self) -> IpPair {
|
||||
self.reply.gateway_data.private_ips.into()
|
||||
}
|
||||
|
||||
fn finalise_registration(
|
||||
&self,
|
||||
private_key: &x25519::PrivateKey,
|
||||
credential: Option<BandwidthClaim>,
|
||||
) -> Box<dyn FinalMessage + Send + Sync> {
|
||||
Box::new(v5::registration::FinalMessage {
|
||||
gateway_client: v5::registration::GatewayClient::new(
|
||||
private_key,
|
||||
self.pub_key().inner(),
|
||||
self.reply.gateway_data.private_ips,
|
||||
self.nonce(),
|
||||
),
|
||||
credential: credential.and_then(|b| b.credential.into_zk_nym().map(|c| *c)),
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
impl PendingRegistrationResponse for v6::response::PendingRegistrationResponse {
|
||||
@@ -651,7 +719,7 @@ impl PendingRegistrationResponse for v6::response::PendingRegistrationResponse {
|
||||
self.reply.nonce
|
||||
}
|
||||
|
||||
fn verify(&self, gateway_key: &PrivateKey) -> Result<(), Error> {
|
||||
fn verify(&self, gateway_key: &x25519::PrivateKey) -> Result<(), Error> {
|
||||
self.reply.gateway_data.verify(gateway_key, self.nonce())
|
||||
}
|
||||
|
||||
@@ -660,7 +728,23 @@ impl PendingRegistrationResponse for v6::response::PendingRegistrationResponse {
|
||||
}
|
||||
|
||||
fn private_ips(&self) -> IpPair {
|
||||
self.reply.gateway_data.private_ips.into()
|
||||
self.reply.gateway_data.private_ips
|
||||
}
|
||||
|
||||
fn finalise_registration(
|
||||
&self,
|
||||
private_key: &x25519::PrivateKey,
|
||||
credential: Option<BandwidthClaim>,
|
||||
) -> Box<dyn FinalMessage + Send + Sync> {
|
||||
Box::new(v6::registration::FinalMessage {
|
||||
gateway_client: v6::registration::GatewayClient::new(
|
||||
private_key,
|
||||
self.pub_key().inner(),
|
||||
self.reply.gateway_data.private_ips,
|
||||
self.nonce(),
|
||||
),
|
||||
credential,
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
@@ -728,7 +812,7 @@ impl RegisteredResponse for v5::response::RegisteredResponse {
|
||||
|
||||
impl RegisteredResponse for v6::response::RegisteredResponse {
|
||||
fn private_ips(&self) -> IpPair {
|
||||
self.reply.private_ips.into()
|
||||
self.reply.private_ips
|
||||
}
|
||||
|
||||
fn pub_key(&self) -> PeerPublicKey {
|
||||
|
||||
@@ -1018,7 +1018,7 @@ fn deserialize_request(
|
||||
match version {
|
||||
AuthenticatorVersion::V1 => {
|
||||
// this branch should be unreachable as v1 has already been handled independently
|
||||
return Err(AuthenticatorError::UnknownVersion);
|
||||
Err(AuthenticatorError::UnknownVersion)
|
||||
}
|
||||
AuthenticatorVersion::V2 => {
|
||||
v2::request::AuthenticatorRequest::from_reconstructed_message(reconstructed)
|
||||
|
||||
+121
-157
@@ -17,7 +17,7 @@ use nym_authenticator_requests::{
|
||||
traits::Id, v2, v3, v4, v5, v6,
|
||||
};
|
||||
use nym_credentials_interface::{CredentialSpendingData, TicketType};
|
||||
use nym_sdk::mixnet::{IncludedSurbs, Recipient};
|
||||
use nym_sdk::mixnet::{IncludedSurbs, Recipient, ReconstructedMessage};
|
||||
use nym_service_provider_requests_common::{Protocol, ServiceProviderTypeExt};
|
||||
use nym_wireguard_types::PeerPublicKey;
|
||||
|
||||
@@ -61,6 +61,10 @@ impl AuthenticatorClient {
|
||||
}
|
||||
}
|
||||
|
||||
fn peer_public_key(&self) -> PeerPublicKey {
|
||||
PeerPublicKey::from(self.keypair.public_key().inner())
|
||||
}
|
||||
|
||||
pub async fn send_and_wait_for_response(
|
||||
&mut self,
|
||||
message: &ClientMessage,
|
||||
@@ -98,6 +102,79 @@ impl AuthenticatorClient {
|
||||
Ok(request_id)
|
||||
}
|
||||
|
||||
fn handle_response(
|
||||
&self,
|
||||
msg: Arc<ReconstructedMessage>,
|
||||
request_id: u64,
|
||||
) -> Option<Result<AuthenticatorResponse>> {
|
||||
let Some(header) = msg.message.first_chunk::<2>() else {
|
||||
debug!(
|
||||
"received too short message that couldn't have been from the authenticator while waiting for connect response"
|
||||
);
|
||||
return None;
|
||||
};
|
||||
|
||||
let Ok(protocol) = Protocol::try_from(header) else {
|
||||
debug!(
|
||||
"received a message not meant to any service provider while waiting for connect response"
|
||||
);
|
||||
return None;
|
||||
};
|
||||
|
||||
if !protocol.service_provider_type.is_authenticator() {
|
||||
debug!("Received non-authenticator message while waiting for connect response");
|
||||
return None;
|
||||
}
|
||||
// Confirm that the version is correct
|
||||
let version = AuthenticatorVersion::from(protocol.version);
|
||||
|
||||
// Then we deserialize the message
|
||||
debug!(
|
||||
"AuthClient: got message while waiting for connect response with version {version:?}"
|
||||
);
|
||||
let ret: Result<AuthenticatorResponse> = match version {
|
||||
AuthenticatorVersion::V1 | AuthenticatorVersion::UNKNOWN => {
|
||||
return Some(Err(Error::UnsupportedAuthenticatorVersion));
|
||||
}
|
||||
AuthenticatorVersion::V2 => {
|
||||
v2::response::AuthenticatorResponse::from_reconstructed_message(&msg)
|
||||
.map(Into::into)
|
||||
.map_err(Into::into)
|
||||
}
|
||||
AuthenticatorVersion::V3 => {
|
||||
v3::response::AuthenticatorResponse::from_reconstructed_message(&msg)
|
||||
.map(Into::into)
|
||||
.map_err(Into::into)
|
||||
}
|
||||
AuthenticatorVersion::V4 => {
|
||||
v4::response::AuthenticatorResponse::from_reconstructed_message(&msg)
|
||||
.map(Into::into)
|
||||
.map_err(Into::into)
|
||||
}
|
||||
AuthenticatorVersion::V5 => {
|
||||
v5::response::AuthenticatorResponse::from_reconstructed_message(&msg)
|
||||
.map(Into::into)
|
||||
.map_err(Into::into)
|
||||
}
|
||||
AuthenticatorVersion::V6 => {
|
||||
v6::response::AuthenticatorResponse::from_reconstructed_message(&msg)
|
||||
.map(Into::into)
|
||||
.map_err(Into::into)
|
||||
}
|
||||
};
|
||||
let Ok(response) = ret else {
|
||||
// This is ok, it's likely just one of our self-pings
|
||||
debug!("Failed to deserialize reconstructed message");
|
||||
return None;
|
||||
};
|
||||
|
||||
if response.id() == request_id {
|
||||
debug!("Got response with matching id");
|
||||
return Some(Ok(response));
|
||||
}
|
||||
None
|
||||
}
|
||||
|
||||
async fn listen_for_response(&mut self, request_id: u64) -> Result<AuthenticatorResponse> {
|
||||
let timeout = tokio::time::sleep(Duration::from_secs(10));
|
||||
tokio::pin!(timeout);
|
||||
@@ -113,43 +190,9 @@ impl AuthenticatorClient {
|
||||
return Err(Error::NoMixnetMessagesReceived);
|
||||
}
|
||||
Ok(msg) => {
|
||||
let Some(header) = msg.message.first_chunk::<2>() else {
|
||||
debug!("received too short message that couldn't have been from the authenticator while waiting for connect response");
|
||||
continue;
|
||||
};
|
||||
|
||||
let Ok(protocol) = Protocol::try_from(header) else {
|
||||
debug!("received a message not meant to any service provider while waiting for connect response");
|
||||
continue;
|
||||
};
|
||||
|
||||
if !protocol.service_provider_type.is_authenticator() {
|
||||
debug!("Received non-authenticator message while waiting for connect response");
|
||||
continue;
|
||||
}
|
||||
// Confirm that the version is correct
|
||||
let version = AuthenticatorVersion::from(protocol.version);
|
||||
|
||||
// Then we deserialize the message
|
||||
debug!("AuthClient: got message while waiting for connect response with version {version:?}");
|
||||
let ret: Result<AuthenticatorResponse> = match version {
|
||||
AuthenticatorVersion::V1 => Err(Error::UnsupportedVersion),
|
||||
AuthenticatorVersion::V2 => v2::response::AuthenticatorResponse::from_reconstructed_message(&msg).map(Into::into).map_err(Into::into),
|
||||
AuthenticatorVersion::V3 => v3::response::AuthenticatorResponse::from_reconstructed_message(&msg).map(Into::into).map_err(Into::into),
|
||||
AuthenticatorVersion::V4 => v4::response::AuthenticatorResponse::from_reconstructed_message(&msg).map(Into::into).map_err(Into::into),
|
||||
AuthenticatorVersion::V5 => v5::response::AuthenticatorResponse::from_reconstructed_message(&msg).map(Into::into).map_err(Into::into),
|
||||
AuthenticatorVersion::V6 => v6::response::AuthenticatorResponse::from_reconstructed_message(&msg).map(Into::into).map_err(Into::into),
|
||||
AuthenticatorVersion::UNKNOWN => Err(Error::UnknownVersion),
|
||||
};
|
||||
let Ok(response) = ret else {
|
||||
// This is ok, it's likely just one of our self-pings
|
||||
debug!("Failed to deserialize reconstructed message");
|
||||
continue;
|
||||
};
|
||||
|
||||
if response.id() == request_id {
|
||||
debug!("Got response with matching id");
|
||||
return Ok(response);
|
||||
match self.handle_response(msg, request_id) {
|
||||
None => continue,
|
||||
Some(res) => return res,
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -163,34 +206,27 @@ impl AuthenticatorClient {
|
||||
ticketbook_type: TicketType,
|
||||
) -> Result<GatewayData> {
|
||||
debug!("Registering with the wg gateway...");
|
||||
let pub_key = self.peer_public_key();
|
||||
|
||||
let init_message = match self.auth_version {
|
||||
AuthenticatorVersion::V1 => return Err(Error::UnsupportedAuthenticatorVersion),
|
||||
AuthenticatorVersion::V1 | AuthenticatorVersion::UNKNOWN => {
|
||||
return Err(Error::UnsupportedAuthenticatorVersion);
|
||||
}
|
||||
AuthenticatorVersion::V2 => {
|
||||
ClientMessage::Initial(Box::new(v2::registration::InitMessage {
|
||||
pub_key: PeerPublicKey::new(self.keypair.public_key().to_bytes().into()),
|
||||
}))
|
||||
ClientMessage::Initial(Box::new(v2::registration::InitMessage { pub_key }))
|
||||
}
|
||||
AuthenticatorVersion::V3 => {
|
||||
ClientMessage::Initial(Box::new(v3::registration::InitMessage {
|
||||
pub_key: PeerPublicKey::new(self.keypair.public_key().to_bytes().into()),
|
||||
}))
|
||||
ClientMessage::Initial(Box::new(v3::registration::InitMessage { pub_key }))
|
||||
}
|
||||
AuthenticatorVersion::V4 => {
|
||||
ClientMessage::Initial(Box::new(v4::registration::InitMessage {
|
||||
pub_key: PeerPublicKey::new(self.keypair.public_key().to_bytes().into()),
|
||||
}))
|
||||
ClientMessage::Initial(Box::new(v4::registration::InitMessage { pub_key }))
|
||||
}
|
||||
AuthenticatorVersion::V5 => {
|
||||
ClientMessage::Initial(Box::new(v5::registration::InitMessage {
|
||||
pub_key: PeerPublicKey::new(self.keypair.public_key().to_bytes().into()),
|
||||
}))
|
||||
ClientMessage::Initial(Box::new(v5::registration::InitMessage { pub_key }))
|
||||
}
|
||||
AuthenticatorVersion::V6 => {
|
||||
ClientMessage::Initial(Box::new(v6::registration::InitMessage {
|
||||
pub_key: PeerPublicKey::new(self.keypair.public_key().to_bytes().into()),
|
||||
}))
|
||||
ClientMessage::Initial(Box::new(v6::registration::InitMessage { pub_key }))
|
||||
}
|
||||
AuthenticatorVersion::UNKNOWN => return Err(Error::UnsupportedAuthenticatorVersion),
|
||||
};
|
||||
trace!("sending init msg to {}: {:?}", &self.ip_addr, &init_message);
|
||||
let response = self.send_and_wait_for_response(&init_message).await?;
|
||||
@@ -221,84 +257,19 @@ impl AuthenticatorClient {
|
||||
})?
|
||||
.data,
|
||||
);
|
||||
let credential = credential
|
||||
.map(TryInto::try_into)
|
||||
.transpose()
|
||||
.inspect_err(|err| error!("failed to convert {ticketbook_type} ticket to a valid BandwidthClaim: {err}"))
|
||||
.map_err(|_| Error::InternalError)?;
|
||||
|
||||
let finalized_message = match self.auth_version {
|
||||
AuthenticatorVersion::V1 => return Err(Error::UnsupportedAuthenticatorVersion),
|
||||
AuthenticatorVersion::V2 => {
|
||||
ClientMessage::Final(Box::new(v2::registration::FinalMessage {
|
||||
gateway_client: v2::registration::GatewayClient::new(
|
||||
self.keypair.private_key(),
|
||||
pending_registration_response.pub_key().inner(),
|
||||
pending_registration_response.private_ips().ipv4.into(),
|
||||
pending_registration_response.nonce(),
|
||||
),
|
||||
credential,
|
||||
}))
|
||||
}
|
||||
AuthenticatorVersion::V3 => {
|
||||
ClientMessage::Final(Box::new(v3::registration::FinalMessage {
|
||||
gateway_client: v3::registration::GatewayClient::new(
|
||||
self.keypair.private_key(),
|
||||
pending_registration_response.pub_key().inner(),
|
||||
pending_registration_response.private_ips().ipv4.into(),
|
||||
pending_registration_response.nonce(),
|
||||
),
|
||||
credential,
|
||||
}))
|
||||
}
|
||||
AuthenticatorVersion::V4 => {
|
||||
ClientMessage::Final(Box::new(v4::registration::FinalMessage {
|
||||
gateway_client: v4::registration::GatewayClient::new(
|
||||
self.keypair.private_key(),
|
||||
pending_registration_response.pub_key().inner(),
|
||||
// v6 -> v5 -> v4
|
||||
v5::registration::IpPair::from(
|
||||
pending_registration_response.private_ips(),
|
||||
)
|
||||
.into(),
|
||||
pending_registration_response.nonce(),
|
||||
),
|
||||
credential,
|
||||
}))
|
||||
}
|
||||
AuthenticatorVersion::V5 => {
|
||||
ClientMessage::Final(Box::new(v5::registration::FinalMessage {
|
||||
gateway_client: v5::registration::GatewayClient::new(
|
||||
self.keypair.private_key(),
|
||||
pending_registration_response.pub_key().inner(),
|
||||
pending_registration_response.private_ips().into(),
|
||||
pending_registration_response.nonce(),
|
||||
),
|
||||
credential,
|
||||
}))
|
||||
}
|
||||
AuthenticatorVersion::V6 => {
|
||||
ClientMessage::Final(Box::new(v6::registration::FinalMessage {
|
||||
gateway_client: v6::registration::GatewayClient::new(
|
||||
self.keypair.private_key(),
|
||||
pending_registration_response.pub_key().inner(),
|
||||
pending_registration_response.private_ips(),
|
||||
pending_registration_response.nonce(),
|
||||
),
|
||||
// this conversion, in this context, should be infallible,
|
||||
// as we should have retrieved a valid ticket type
|
||||
credential: credential
|
||||
.map(TryInto::try_into)
|
||||
.transpose()
|
||||
.inspect_err(|err| error!("failed to convert {ticketbook_type} ticket to a valid BandwidthClaim: {err}"))
|
||||
.map_err(|_| Error::InternalError)?,
|
||||
}))
|
||||
}
|
||||
AuthenticatorVersion::UNKNOWN => {
|
||||
return Err(Error::UnsupportedAuthenticatorVersion);
|
||||
}
|
||||
};
|
||||
trace!(
|
||||
"sending final msg to {}: {:?}",
|
||||
&self.ip_addr, &finalized_message
|
||||
);
|
||||
let finalized_message = pending_registration_response
|
||||
.finalise_registration(self.keypair.private_key(), credential);
|
||||
let client_message = ClientMessage::Final(finalized_message);
|
||||
|
||||
let response = self.send_and_wait_for_response(&finalized_message).await?;
|
||||
trace!("sending final msg to {}: {client_message:?}", &self.ip_addr);
|
||||
|
||||
let response = self.send_and_wait_for_response(&client_message).await?;
|
||||
let AuthenticatorResponse::Registered(registered_response) = response else {
|
||||
return Err(Error::InvalidGatewayAuthResponse);
|
||||
};
|
||||
@@ -329,29 +300,20 @@ impl AuthenticatorClient {
|
||||
}
|
||||
|
||||
pub async fn query_bandwidth(&mut self) -> Result<Option<i64>> {
|
||||
let pub_key = self.peer_public_key();
|
||||
let version = self.auth_version;
|
||||
|
||||
let query_message = match self.auth_version {
|
||||
AuthenticatorVersion::V1 => return Err(Error::UnsupportedAuthenticatorVersion),
|
||||
AuthenticatorVersion::V2 => ClientMessage::Query(Box::new(QueryMessageImpl {
|
||||
pub_key: PeerPublicKey::new(self.keypair.public_key().to_bytes().into()),
|
||||
version: AuthenticatorVersion::V2,
|
||||
})),
|
||||
AuthenticatorVersion::V3 => ClientMessage::Query(Box::new(QueryMessageImpl {
|
||||
pub_key: PeerPublicKey::new(self.keypair.public_key().to_bytes().into()),
|
||||
version: AuthenticatorVersion::V3,
|
||||
})),
|
||||
AuthenticatorVersion::V4 => ClientMessage::Query(Box::new(QueryMessageImpl {
|
||||
pub_key: PeerPublicKey::new(self.keypair.public_key().to_bytes().into()),
|
||||
version: AuthenticatorVersion::V4,
|
||||
})),
|
||||
AuthenticatorVersion::V5 => ClientMessage::Query(Box::new(QueryMessageImpl {
|
||||
pub_key: PeerPublicKey::new(self.keypair.public_key().to_bytes().into()),
|
||||
version: AuthenticatorVersion::V5,
|
||||
})),
|
||||
AuthenticatorVersion::V6 => ClientMessage::Query(Box::new(QueryMessageImpl {
|
||||
pub_key: PeerPublicKey::new(self.keypair.public_key().to_bytes().into()),
|
||||
version: AuthenticatorVersion::V6,
|
||||
})),
|
||||
AuthenticatorVersion::UNKNOWN => return Err(Error::UnsupportedAuthenticatorVersion),
|
||||
AuthenticatorVersion::V1 | AuthenticatorVersion::UNKNOWN => {
|
||||
return Err(Error::UnsupportedAuthenticatorVersion);
|
||||
}
|
||||
AuthenticatorVersion::V2
|
||||
| AuthenticatorVersion::V3
|
||||
| AuthenticatorVersion::V4
|
||||
| AuthenticatorVersion::V5
|
||||
| AuthenticatorVersion::V6 => {
|
||||
ClientMessage::Query(Box::new(QueryMessageImpl { pub_key, version }))
|
||||
}
|
||||
};
|
||||
let response = self.send_and_wait_for_response(&query_message).await?;
|
||||
|
||||
@@ -387,23 +349,25 @@ impl AuthenticatorClient {
|
||||
}
|
||||
|
||||
pub async fn top_up(&mut self, credential: CredentialSpendingData) -> Result<i64> {
|
||||
let pub_key = self.peer_public_key();
|
||||
|
||||
let top_up_message = match self.auth_version {
|
||||
AuthenticatorVersion::V3 => ClientMessage::TopUp(Box::new(v3::topup::TopUpMessage {
|
||||
pub_key: PeerPublicKey::new(self.keypair.public_key().to_bytes().into()),
|
||||
pub_key,
|
||||
credential,
|
||||
})),
|
||||
// NOTE: looks like a bug here using v3. But we're leaving it as is since it's working
|
||||
// and V4 is deprecated in favour of V5
|
||||
AuthenticatorVersion::V4 => ClientMessage::TopUp(Box::new(v4::topup::TopUpMessage {
|
||||
pub_key: PeerPublicKey::new(self.keypair.public_key().to_bytes().into()),
|
||||
pub_key,
|
||||
credential,
|
||||
})),
|
||||
AuthenticatorVersion::V5 => ClientMessage::TopUp(Box::new(v5::topup::TopUpMessage {
|
||||
pub_key: PeerPublicKey::new(self.keypair.public_key().to_bytes().into()),
|
||||
pub_key,
|
||||
credential,
|
||||
})),
|
||||
AuthenticatorVersion::V6 => ClientMessage::TopUp(Box::new(v6::topup::TopUpMessage {
|
||||
pub_key: PeerPublicKey::new(self.keypair.public_key().to_bytes().into()),
|
||||
pub_key,
|
||||
credential,
|
||||
})),
|
||||
AuthenticatorVersion::V1 | AuthenticatorVersion::V2 | AuthenticatorVersion::UNKNOWN => {
|
||||
|
||||
@@ -16,7 +16,7 @@ use futures::StreamExt;
|
||||
use nym_authenticator_client::{AuthClientMixnetListener, AuthenticatorClient};
|
||||
use nym_authenticator_requests::{
|
||||
AuthenticatorVersion, client_message::ClientMessage, response::AuthenticatorResponse, v2, v3,
|
||||
v4, v5,
|
||||
v4, v5, v6,
|
||||
};
|
||||
use nym_client_core::config::ForgetMe;
|
||||
use nym_config::defaults::{
|
||||
@@ -467,6 +467,7 @@ async fn wg_probe(
|
||||
auth_version: AuthenticatorVersion,
|
||||
awg_args: String,
|
||||
netstack_args: NetstackArgs,
|
||||
// TODO: update type
|
||||
credential: CredentialSpendingData,
|
||||
) -> anyhow::Result<WgProbeResults> {
|
||||
info!("attempting to use authenticator version {auth_version:?}");
|
||||
@@ -493,6 +494,9 @@ async fn wg_probe(
|
||||
AuthenticatorVersion::V5 => ClientMessage::Initial(Box::new(
|
||||
v5::registration::InitMessage::new(authenticator_pub_key),
|
||||
)),
|
||||
AuthenticatorVersion::V6 => ClientMessage::Initial(Box::new(
|
||||
v6::registration::InitMessage::new(authenticator_pub_key),
|
||||
)),
|
||||
AuthenticatorVersion::V1 | AuthenticatorVersion::UNKNOWN => bail!("unknown version number"),
|
||||
};
|
||||
|
||||
@@ -512,57 +516,17 @@ async fn wg_probe(
|
||||
debug!("Verifying data");
|
||||
pending_registration_response.verify(&private_key)?;
|
||||
|
||||
let finalized_message = match auth_version {
|
||||
AuthenticatorVersion::V2 => {
|
||||
ClientMessage::Final(Box::new(v2::registration::FinalMessage {
|
||||
gateway_client: v2::registration::GatewayClient::new(
|
||||
&private_key,
|
||||
pending_registration_response.pub_key().inner(),
|
||||
pending_registration_response.private_ips().ipv4.into(),
|
||||
pending_registration_response.nonce(),
|
||||
),
|
||||
credential: Some(credential),
|
||||
}))
|
||||
}
|
||||
AuthenticatorVersion::V3 => {
|
||||
ClientMessage::Final(Box::new(v3::registration::FinalMessage {
|
||||
gateway_client: v3::registration::GatewayClient::new(
|
||||
&private_key,
|
||||
pending_registration_response.pub_key().inner(),
|
||||
pending_registration_response.private_ips().ipv4.into(),
|
||||
pending_registration_response.nonce(),
|
||||
),
|
||||
credential: Some(credential),
|
||||
}))
|
||||
}
|
||||
AuthenticatorVersion::V4 => {
|
||||
ClientMessage::Final(Box::new(v4::registration::FinalMessage {
|
||||
gateway_client: v4::registration::GatewayClient::new(
|
||||
&private_key,
|
||||
pending_registration_response.pub_key().inner(),
|
||||
pending_registration_response.private_ips().into(),
|
||||
pending_registration_response.nonce(),
|
||||
),
|
||||
credential: Some(credential),
|
||||
}))
|
||||
}
|
||||
AuthenticatorVersion::V5 => {
|
||||
ClientMessage::Final(Box::new(v5::registration::FinalMessage {
|
||||
gateway_client: v5::registration::GatewayClient::new(
|
||||
&private_key,
|
||||
pending_registration_response.pub_key().inner(),
|
||||
pending_registration_response.private_ips(),
|
||||
pending_registration_response.nonce(),
|
||||
),
|
||||
credential: Some(credential),
|
||||
}))
|
||||
}
|
||||
AuthenticatorVersion::V1 | AuthenticatorVersion::UNKNOWN => {
|
||||
bail!("Unknown version number")
|
||||
}
|
||||
};
|
||||
let credential = credential
|
||||
.try_into()
|
||||
.inspect_err(|err| error!("invalid zk-nym data: {err}"))
|
||||
.ok();
|
||||
|
||||
let finalized_message =
|
||||
pending_registration_response.finalise_registration(&private_key, credential);
|
||||
let client_message = ClientMessage::Final(finalized_message);
|
||||
|
||||
let response = auth_client
|
||||
.send_and_wait_for_response(&finalized_message)
|
||||
.send_and_wait_for_response(&client_message)
|
||||
.await?;
|
||||
let AuthenticatorResponse::Registered(registered_response) = response else {
|
||||
bail!("Unexpected response");
|
||||
|
||||
@@ -1408,7 +1408,6 @@ pub async fn try_upgrade_config_v9<P: AsRef<Path>>(
|
||||
.zk_nym_tickets
|
||||
.maximum_time_between_redemption,
|
||||
},
|
||||
..Default::default()
|
||||
},
|
||||
},
|
||||
service_providers: ServiceProvidersConfigV10 {
|
||||
|
||||
Reference in New Issue
Block a user