Compare commits
15 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 697d55248d | |||
| 570cc36385 | |||
| ee64762b87 | |||
| f4528bb521 | |||
| f4630e0b8a | |||
| 65f948d012 | |||
| d16a288b6d | |||
| 72c40d8576 | |||
| 34e1709b75 | |||
| 257df97e3a | |||
| 870570d5c3 | |||
| 0000baa343 | |||
| 6a307d59b4 | |||
| a4808635f9 | |||
| 29965782a2 |
@@ -9,11 +9,7 @@ jobs:
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- name: Install Dependencies (Linux)
|
||||
run: sudo apt-get update && sudo apt-get install -y build-essential curl wget libssl-dev libudev-dev squashfs-tools protobuf-compiler git python3 && sudo apt-get update --fix-missing
|
||||
- name: Install pip3
|
||||
run: sudo apt install -y python3-pip
|
||||
- name: Install Python3 modules
|
||||
run: sudo pip3 install pandas tabulate
|
||||
run: sudo apt-get update && sudo apt-get install -y build-essential curl wget libssl-dev libudev-dev squashfs-tools protobuf-compiler git
|
||||
- name: Install rsync
|
||||
run: sudo apt-get install rsync
|
||||
- uses: rlespinasse/github-slug-action@v3.x
|
||||
|
||||
@@ -13,11 +13,7 @@ jobs:
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- name: Install Dependencies (Linux)
|
||||
run: sudo apt-get update && sudo apt-get install -y build-essential curl wget libssl-dev libudev-dev squashfs-tools protobuf-compiler git python3 && sudo apt-get update --fix-missing
|
||||
- name: Install pip3
|
||||
run: sudo apt install -y python3-pip
|
||||
- name: Install Python3 modules
|
||||
run: sudo pip3 install pandas tabulate
|
||||
run: sudo apt-get update && sudo apt-get install -y build-essential curl wget libssl-dev libudev-dev squashfs-tools protobuf-compiler git
|
||||
- name: Install rsync
|
||||
run: sudo apt-get install rsync
|
||||
- uses: rlespinasse/github-slug-action@v3.x
|
||||
|
||||
Generated
+249
-105
@@ -43,6 +43,19 @@ dependencies = [
|
||||
"generic-array 0.14.7",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "aes"
|
||||
version = "0.7.5"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "9e8b47f52ea9bae42228d07ec09eb676433d7c4ed1ebdf0f1d1c29ed446f1ab8"
|
||||
dependencies = [
|
||||
"cfg-if",
|
||||
"cipher 0.3.0",
|
||||
"cpufeatures",
|
||||
"ctr 0.8.0",
|
||||
"opaque-debug 0.3.1",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "aes"
|
||||
version = "0.8.4"
|
||||
@@ -50,7 +63,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "b169f7a6d4742236a0a00c541b845991d0ac43e546831af1249753ab4c3aa3a0"
|
||||
dependencies = [
|
||||
"cfg-if",
|
||||
"cipher",
|
||||
"cipher 0.4.4",
|
||||
"cpufeatures",
|
||||
]
|
||||
|
||||
@@ -61,9 +74,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "831010a0f742e1209b3bcea8fab6a8e149051ba6099432c8cb2cc117dec3ead1"
|
||||
dependencies = [
|
||||
"aead",
|
||||
"aes",
|
||||
"cipher",
|
||||
"ctr",
|
||||
"aes 0.8.4",
|
||||
"cipher 0.4.4",
|
||||
"ctr 0.9.2",
|
||||
"ghash",
|
||||
"subtle 2.5.0",
|
||||
]
|
||||
@@ -74,7 +87,7 @@ version = "0.7.8"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "891477e0c6a8957309ee5c45a6368af3ae14bb510732d2684ffa19af310920f9"
|
||||
dependencies = [
|
||||
"getrandom",
|
||||
"getrandom 0.2.15",
|
||||
"once_cell",
|
||||
"version_check",
|
||||
]
|
||||
@@ -524,7 +537,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "7e141fb0f8be1c7b45887af94c88b182472b57c96b56773250ae00cd6a14a164"
|
||||
dependencies = [
|
||||
"bs58 0.5.1",
|
||||
"hmac",
|
||||
"hmac 0.12.1",
|
||||
"k256",
|
||||
"once_cell",
|
||||
"pbkdf2",
|
||||
@@ -586,7 +599,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "94cb07b0da6a73955f8fb85d24c466778e70cda767a568229b104f0264089330"
|
||||
dependencies = [
|
||||
"byte-tools",
|
||||
"crypto-mac",
|
||||
"crypto-mac 0.7.0",
|
||||
"digest 0.8.1",
|
||||
"opaque-debug 0.2.3",
|
||||
]
|
||||
@@ -814,7 +827,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "c3613f74bd2eac03dad61bd53dbe620703d4371614fe0bc3b9f04dd36fe4e818"
|
||||
dependencies = [
|
||||
"cfg-if",
|
||||
"cipher",
|
||||
"cipher 0.4.4",
|
||||
"cpufeatures",
|
||||
]
|
||||
|
||||
@@ -826,7 +839,7 @@ checksum = "10cd79432192d1c0f4e1a0fef9527696cc039165d729fb41b3f4f4f354c2dc35"
|
||||
dependencies = [
|
||||
"aead",
|
||||
"chacha20",
|
||||
"cipher",
|
||||
"cipher 0.4.4",
|
||||
"poly1305",
|
||||
"zeroize",
|
||||
]
|
||||
@@ -873,6 +886,15 @@ dependencies = [
|
||||
"half",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "cipher"
|
||||
version = "0.3.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "7ee52072ec15386f770805afd189a01c8841be8696bed250fa2f13c4c0d6dfb7"
|
||||
dependencies = [
|
||||
"generic-array 0.14.7",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "cipher"
|
||||
version = "0.4.4"
|
||||
@@ -1166,7 +1188,7 @@ dependencies = [
|
||||
"rand_core 0.6.4",
|
||||
"serde",
|
||||
"serde_json",
|
||||
"signature",
|
||||
"signature 2.2.0",
|
||||
"subtle-encoding",
|
||||
"tendermint",
|
||||
"thiserror",
|
||||
@@ -1185,7 +1207,7 @@ dependencies = [
|
||||
"rand_core 0.6.4",
|
||||
"serde",
|
||||
"serde_json",
|
||||
"signature",
|
||||
"signature 2.2.0",
|
||||
"subtle-encoding",
|
||||
"tendermint",
|
||||
"tendermint-rpc",
|
||||
@@ -1451,6 +1473,16 @@ dependencies = [
|
||||
"subtle 1.0.0",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "crypto-mac"
|
||||
version = "0.11.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "25fab6889090c8133f3deb8f73ba3c65a7f456f66436fc012a1b1e272b1e103e"
|
||||
dependencies = [
|
||||
"generic-array 0.14.7",
|
||||
"subtle 2.5.0",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "csv"
|
||||
version = "1.3.0"
|
||||
@@ -1472,13 +1504,22 @@ dependencies = [
|
||||
"memchr",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "ctr"
|
||||
version = "0.8.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "049bb91fb4aaf0e3c7efa6cd5ef877dbbbd15b39dad06d9948de4ec8a75761ea"
|
||||
dependencies = [
|
||||
"cipher 0.3.0",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "ctr"
|
||||
version = "0.9.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "0369ee1ad671834580515889b80f2ea915f23b8be8d0daa4bbaf2ac5c7590835"
|
||||
dependencies = [
|
||||
"cipher",
|
||||
"cipher 0.4.4",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
@@ -1530,6 +1571,7 @@ dependencies = [
|
||||
"byteorder",
|
||||
"digest 0.9.0",
|
||||
"rand_core 0.5.1",
|
||||
"serde",
|
||||
"subtle 2.5.0",
|
||||
"zeroize",
|
||||
]
|
||||
@@ -1543,11 +1585,9 @@ dependencies = [
|
||||
"cfg-if",
|
||||
"cpufeatures",
|
||||
"curve25519-dalek-derive",
|
||||
"digest 0.10.7",
|
||||
"fiat-crypto",
|
||||
"platforms",
|
||||
"rustc_version 0.4.0",
|
||||
"serde",
|
||||
"subtle 2.5.0",
|
||||
"zeroize",
|
||||
]
|
||||
@@ -1945,10 +1985,20 @@ dependencies = [
|
||||
"elliptic-curve",
|
||||
"rfc6979",
|
||||
"serdect",
|
||||
"signature",
|
||||
"signature 2.2.0",
|
||||
"spki",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "ed25519"
|
||||
version = "1.5.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "91cff35c70bba8a626e3185d8cd48cc11b5437e1a5bcd15b9b5fa3c64b6dfee7"
|
||||
dependencies = [
|
||||
"serde",
|
||||
"signature 1.6.4",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "ed25519"
|
||||
version = "2.2.3"
|
||||
@@ -1956,8 +2006,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "115531babc129696a58c64a4fef0a8bf9e9698629fb97e9e40767d235cfbcd53"
|
||||
dependencies = [
|
||||
"pkcs8",
|
||||
"serde",
|
||||
"signature",
|
||||
"signature 2.2.0",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
@@ -1975,16 +2024,16 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "ed25519-dalek"
|
||||
version = "2.1.1"
|
||||
version = "1.0.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "4a3daa8e81a3963a60642bcc1f90a670680bd4a77535faa384e9d1c79d620871"
|
||||
checksum = "c762bae6dcaf24c4c84667b8579785430908723d5c889f469d76a41d59cc7a9d"
|
||||
dependencies = [
|
||||
"curve25519-dalek 4.1.2",
|
||||
"ed25519",
|
||||
"rand_core 0.6.4",
|
||||
"curve25519-dalek 3.2.0",
|
||||
"ed25519 1.5.3",
|
||||
"rand 0.7.3",
|
||||
"serde",
|
||||
"sha2 0.10.8",
|
||||
"subtle 2.5.0",
|
||||
"serde_bytes",
|
||||
"sha2 0.9.9",
|
||||
"zeroize",
|
||||
]
|
||||
|
||||
@@ -2475,6 +2524,19 @@ dependencies = [
|
||||
"zeroize",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "getrandom"
|
||||
version = "0.1.16"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "8fc3cb4d91f53b50155bdcfd23f6a4c39ae1969c2ae85982b135750cccaf5fce"
|
||||
dependencies = [
|
||||
"cfg-if",
|
||||
"js-sys",
|
||||
"libc",
|
||||
"wasi 0.9.0+wasi-snapshot-preview1",
|
||||
"wasm-bindgen",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "getrandom"
|
||||
version = "0.2.15"
|
||||
@@ -2484,7 +2546,7 @@ dependencies = [
|
||||
"cfg-if",
|
||||
"js-sys",
|
||||
"libc",
|
||||
"wasi",
|
||||
"wasi 0.11.0+wasi-snapshot-preview1",
|
||||
"wasm-bindgen",
|
||||
]
|
||||
|
||||
@@ -2750,13 +2812,33 @@ dependencies = [
|
||||
"winapi",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "hkdf"
|
||||
version = "0.11.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "01706d578d5c281058480e673ae4086a9f4710d8df1ad80a5b03e39ece5f886b"
|
||||
dependencies = [
|
||||
"digest 0.9.0",
|
||||
"hmac 0.11.0",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "hkdf"
|
||||
version = "0.12.4"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7"
|
||||
dependencies = [
|
||||
"hmac",
|
||||
"hmac 0.12.1",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "hmac"
|
||||
version = "0.11.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "2a2a2320eb7ec0ebe8da8f744d7812d9fc4cb4d09344ac01898dbcb6a20ae69b"
|
||||
dependencies = [
|
||||
"crypto-mac 0.11.0",
|
||||
"digest 0.9.0",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
@@ -3314,7 +3396,7 @@ dependencies = [
|
||||
"elliptic-curve",
|
||||
"once_cell",
|
||||
"sha2 0.10.8",
|
||||
"signature",
|
||||
"signature 2.2.0",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
@@ -3577,7 +3659,7 @@ checksum = "a4a650543ca06a924e8b371db273b2756685faae30f8487da1b56505a8f78b0c"
|
||||
dependencies = [
|
||||
"libc",
|
||||
"log",
|
||||
"wasi",
|
||||
"wasi 0.11.0+wasi-snapshot-preview1",
|
||||
"windows-sys 0.48.0",
|
||||
]
|
||||
|
||||
@@ -3593,7 +3675,7 @@ dependencies = [
|
||||
"nym-ordered-buffer",
|
||||
"nym-service-providers-common",
|
||||
"nym-socks5-requests",
|
||||
"rand 0.8.5",
|
||||
"rand 0.7.3",
|
||||
"serde",
|
||||
"serde-wasm-bindgen",
|
||||
"thiserror",
|
||||
@@ -3883,7 +3965,9 @@ dependencies = [
|
||||
"nym-vesting-contract-common",
|
||||
"okapi",
|
||||
"pin-project",
|
||||
"rand 0.7.3",
|
||||
"rand 0.8.5",
|
||||
"rand_chacha 0.2.2",
|
||||
"rand_chacha 0.3.1",
|
||||
"reqwest 0.12.4",
|
||||
"rocket",
|
||||
@@ -3948,7 +4032,7 @@ dependencies = [
|
||||
"nym-crypto",
|
||||
"nym-network-defaults",
|
||||
"nym-validator-client",
|
||||
"rand 0.8.5",
|
||||
"rand 0.7.3",
|
||||
"thiserror",
|
||||
"url",
|
||||
"zeroize",
|
||||
@@ -4098,7 +4182,7 @@ dependencies = [
|
||||
"nym-task",
|
||||
"nym-topology",
|
||||
"nym-validator-client",
|
||||
"rand 0.8.5",
|
||||
"rand 0.7.3",
|
||||
"serde",
|
||||
"serde_json",
|
||||
"tap",
|
||||
@@ -4146,7 +4230,7 @@ dependencies = [
|
||||
"nym-task",
|
||||
"nym-topology",
|
||||
"nym-validator-client",
|
||||
"rand 0.8.5",
|
||||
"rand 0.7.3",
|
||||
"serde",
|
||||
"serde_json",
|
||||
"sha2 0.10.8",
|
||||
@@ -4226,7 +4310,7 @@ dependencies = [
|
||||
"nym-bin-common",
|
||||
"nym-node-tester-utils",
|
||||
"nym-node-tester-wasm",
|
||||
"rand 0.8.5",
|
||||
"rand 0.7.3",
|
||||
"serde",
|
||||
"serde-wasm-bindgen",
|
||||
"serde_json",
|
||||
@@ -4258,7 +4342,7 @@ dependencies = [
|
||||
"digest 0.9.0",
|
||||
"doc-comment",
|
||||
"ff",
|
||||
"getrandom",
|
||||
"getrandom 0.2.15",
|
||||
"group",
|
||||
"itertools 0.10.5",
|
||||
"nym-dkg",
|
||||
@@ -4369,7 +4453,7 @@ dependencies = [
|
||||
"nym-credentials-interface",
|
||||
"nym-crypto",
|
||||
"nym-validator-client",
|
||||
"rand 0.8.5",
|
||||
"rand 0.7.3",
|
||||
"serde",
|
||||
"thiserror",
|
||||
"time",
|
||||
@@ -4390,25 +4474,25 @@ dependencies = [
|
||||
name = "nym-crypto"
|
||||
version = "0.4.0"
|
||||
dependencies = [
|
||||
"aes",
|
||||
"aes 0.8.4",
|
||||
"blake3",
|
||||
"bs58 0.5.1",
|
||||
"cipher",
|
||||
"ctr",
|
||||
"cipher 0.4.4",
|
||||
"ctr 0.9.2",
|
||||
"digest 0.10.7",
|
||||
"ed25519-dalek",
|
||||
"generic-array 0.14.7",
|
||||
"hkdf",
|
||||
"hmac",
|
||||
"hkdf 0.12.4",
|
||||
"hmac 0.12.1",
|
||||
"nym-pemstore",
|
||||
"nym-sphinx-types",
|
||||
"rand 0.8.5",
|
||||
"rand_chacha 0.3.1",
|
||||
"rand 0.7.3",
|
||||
"rand_chacha 0.2.2",
|
||||
"serde",
|
||||
"serde_bytes",
|
||||
"subtle-encoding",
|
||||
"thiserror",
|
||||
"x25519-dalek",
|
||||
"x25519-dalek 1.1.1",
|
||||
"zeroize",
|
||||
]
|
||||
|
||||
@@ -4492,7 +4576,7 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "nym-gateway"
|
||||
version = "1.1.36"
|
||||
version = "1.1.37"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"async-trait",
|
||||
@@ -4530,7 +4614,7 @@ dependencies = [
|
||||
"nym-wireguard",
|
||||
"nym-wireguard-types",
|
||||
"once_cell",
|
||||
"rand 0.8.5",
|
||||
"rand 0.7.3",
|
||||
"serde",
|
||||
"serde_json",
|
||||
"sqlx",
|
||||
@@ -4550,7 +4634,7 @@ name = "nym-gateway-client"
|
||||
version = "0.1.0"
|
||||
dependencies = [
|
||||
"futures",
|
||||
"getrandom",
|
||||
"getrandom 0.2.15",
|
||||
"gloo-utils",
|
||||
"log",
|
||||
"nym-bandwidth-controller",
|
||||
@@ -4563,7 +4647,7 @@ dependencies = [
|
||||
"nym-sphinx",
|
||||
"nym-task",
|
||||
"nym-validator-client",
|
||||
"rand 0.8.5",
|
||||
"rand 0.7.3",
|
||||
"serde",
|
||||
"si-scale",
|
||||
"thiserror",
|
||||
@@ -4592,7 +4676,7 @@ dependencies = [
|
||||
"nym-crypto",
|
||||
"nym-pemstore",
|
||||
"nym-sphinx",
|
||||
"rand 0.8.5",
|
||||
"rand 0.7.3",
|
||||
"serde",
|
||||
"serde_json",
|
||||
"thiserror",
|
||||
@@ -4818,7 +4902,7 @@ dependencies = [
|
||||
"nym-topology",
|
||||
"nym-types",
|
||||
"nym-validator-client",
|
||||
"rand 0.8.5",
|
||||
"rand 0.7.3",
|
||||
"serde",
|
||||
"serde_json",
|
||||
"sysinfo 0.27.8",
|
||||
@@ -4940,7 +5024,7 @@ dependencies = [
|
||||
"nym-types",
|
||||
"pretty_env_logger",
|
||||
"publicsuffix",
|
||||
"rand 0.8.5",
|
||||
"rand 0.7.3",
|
||||
"regex",
|
||||
"reqwest 0.12.4",
|
||||
"serde",
|
||||
@@ -5002,7 +5086,7 @@ dependencies = [
|
||||
"nym-task",
|
||||
"nym-types",
|
||||
"nym-wireguard-types",
|
||||
"rand 0.8.5",
|
||||
"rand 0.7.3",
|
||||
"semver 1.0.23",
|
||||
"serde",
|
||||
"serde_json",
|
||||
@@ -5025,7 +5109,7 @@ dependencies = [
|
||||
"dashmap",
|
||||
"fastrand 2.1.0",
|
||||
"headers",
|
||||
"hmac",
|
||||
"hmac 0.12.1",
|
||||
"hyper 1.3.1",
|
||||
"ipnetwork 0.16.0",
|
||||
"nym-crypto",
|
||||
@@ -5035,7 +5119,7 @@ dependencies = [
|
||||
"nym-task",
|
||||
"nym-wireguard",
|
||||
"nym-wireguard-types",
|
||||
"rand 0.8.5",
|
||||
"rand 0.7.3",
|
||||
"serde_json",
|
||||
"thiserror",
|
||||
"time",
|
||||
@@ -5045,7 +5129,7 @@ dependencies = [
|
||||
"tracing",
|
||||
"utoipa",
|
||||
"utoipa-swagger-ui",
|
||||
"x25519-dalek",
|
||||
"x25519-dalek 2.0.1",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
@@ -5061,7 +5145,7 @@ dependencies = [
|
||||
"nym-exit-policy",
|
||||
"nym-http-api-client",
|
||||
"nym-wireguard-types",
|
||||
"rand_chacha 0.3.1",
|
||||
"rand_chacha 0.2.2",
|
||||
"schemars",
|
||||
"serde",
|
||||
"serde_json",
|
||||
@@ -5082,7 +5166,7 @@ dependencies = [
|
||||
"nym-sphinx-params",
|
||||
"nym-task",
|
||||
"nym-topology",
|
||||
"rand 0.8.5",
|
||||
"rand 0.7.3",
|
||||
"serde",
|
||||
"serde_json",
|
||||
"thiserror",
|
||||
@@ -5097,7 +5181,7 @@ dependencies = [
|
||||
"futures",
|
||||
"js-sys",
|
||||
"nym-node-tester-utils",
|
||||
"rand 0.8.5",
|
||||
"rand 0.7.3",
|
||||
"serde",
|
||||
"serde-wasm-bindgen",
|
||||
"thiserror",
|
||||
@@ -5152,14 +5236,14 @@ dependencies = [
|
||||
"chacha20",
|
||||
"chacha20poly1305",
|
||||
"criterion",
|
||||
"curve25519-dalek 3.2.0",
|
||||
"fastrand 1.9.0",
|
||||
"getrandom",
|
||||
"getrandom 0.2.15",
|
||||
"log",
|
||||
"rand 0.8.5",
|
||||
"rand 0.7.3",
|
||||
"rayon",
|
||||
"sphinx-packet",
|
||||
"thiserror",
|
||||
"x25519-dalek",
|
||||
"zeroize",
|
||||
]
|
||||
|
||||
@@ -5204,7 +5288,7 @@ dependencies = [
|
||||
"nym-validator-client",
|
||||
"parking_lot 0.12.2",
|
||||
"pretty_env_logger",
|
||||
"rand 0.8.5",
|
||||
"rand 0.7.3",
|
||||
"reqwest 0.12.4",
|
||||
"tap",
|
||||
"thiserror",
|
||||
@@ -5266,7 +5350,7 @@ dependencies = [
|
||||
"nym-socks5-client-core",
|
||||
"nym-sphinx",
|
||||
"nym-topology",
|
||||
"rand 0.8.5",
|
||||
"rand 0.7.3",
|
||||
"serde",
|
||||
"serde_json",
|
||||
"tap",
|
||||
@@ -5299,7 +5383,7 @@ dependencies = [
|
||||
"nym-task",
|
||||
"nym-validator-client",
|
||||
"pin-project",
|
||||
"rand 0.8.5",
|
||||
"rand 0.7.3",
|
||||
"reqwest 0.12.4",
|
||||
"schemars",
|
||||
"serde",
|
||||
@@ -5325,7 +5409,7 @@ dependencies = [
|
||||
"nym-credential-storage",
|
||||
"nym-crypto",
|
||||
"nym-socks5-client-core",
|
||||
"rand 0.8.5",
|
||||
"rand 0.7.3",
|
||||
"safer-ffi",
|
||||
"serde",
|
||||
"tokio",
|
||||
@@ -5379,7 +5463,7 @@ dependencies = [
|
||||
"nym-sphinx-routing",
|
||||
"nym-sphinx-types",
|
||||
"nym-topology",
|
||||
"rand 0.8.5",
|
||||
"rand 0.7.3",
|
||||
"rand_distr",
|
||||
"thiserror",
|
||||
"tokio",
|
||||
@@ -5397,7 +5481,7 @@ dependencies = [
|
||||
"nym-sphinx-routing",
|
||||
"nym-sphinx-types",
|
||||
"nym-topology",
|
||||
"rand 0.8.5",
|
||||
"rand 0.7.3",
|
||||
"serde",
|
||||
"thiserror",
|
||||
"zeroize",
|
||||
@@ -5409,7 +5493,7 @@ version = "0.1.0"
|
||||
dependencies = [
|
||||
"nym-crypto",
|
||||
"nym-sphinx-types",
|
||||
"rand 0.8.5",
|
||||
"rand 0.7.3",
|
||||
"serde",
|
||||
"thiserror",
|
||||
]
|
||||
@@ -5425,8 +5509,8 @@ dependencies = [
|
||||
"nym-sphinx-routing",
|
||||
"nym-sphinx-types",
|
||||
"nym-topology",
|
||||
"rand 0.8.5",
|
||||
"rand_chacha 0.3.1",
|
||||
"rand 0.7.3",
|
||||
"rand_chacha 0.2.2",
|
||||
"serde",
|
||||
"thiserror",
|
||||
"wasm-bindgen",
|
||||
@@ -5440,7 +5524,7 @@ dependencies = [
|
||||
"nym-sphinx-addressing",
|
||||
"nym-sphinx-params",
|
||||
"nym-sphinx-types",
|
||||
"rand 0.8.5",
|
||||
"rand 0.7.3",
|
||||
"thiserror",
|
||||
]
|
||||
|
||||
@@ -5457,7 +5541,7 @@ dependencies = [
|
||||
"nym-sphinx-routing",
|
||||
"nym-sphinx-types",
|
||||
"nym-topology",
|
||||
"rand 0.8.5",
|
||||
"rand 0.7.3",
|
||||
"thiserror",
|
||||
]
|
||||
|
||||
@@ -5532,7 +5616,7 @@ dependencies = [
|
||||
"aes-gcm",
|
||||
"argon2",
|
||||
"generic-array 0.14.7",
|
||||
"getrandom",
|
||||
"getrandom 0.2.15",
|
||||
"rand 0.8.5",
|
||||
"serde",
|
||||
"serde_json",
|
||||
@@ -5568,7 +5652,7 @@ dependencies = [
|
||||
"nym-sphinx-addressing",
|
||||
"nym-sphinx-routing",
|
||||
"nym-sphinx-types",
|
||||
"rand 0.8.5",
|
||||
"rand 0.7.3",
|
||||
"semver 0.11.0",
|
||||
"serde",
|
||||
"serde_json",
|
||||
@@ -5598,7 +5682,7 @@ dependencies = [
|
||||
"cosmrs 0.15.0 (git+https://github.com/jstuczyn/cosmos-rust?branch=nym-temp/all-validator-features)",
|
||||
"cosmwasm-std",
|
||||
"eyre",
|
||||
"hmac",
|
||||
"hmac 0.12.1",
|
||||
"itertools 0.11.0",
|
||||
"log",
|
||||
"nym-config",
|
||||
@@ -5616,7 +5700,7 @@ dependencies = [
|
||||
"thiserror",
|
||||
"ts-rs",
|
||||
"url",
|
||||
"x25519-dalek",
|
||||
"x25519-dalek 2.0.1",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
@@ -5748,7 +5832,7 @@ dependencies = [
|
||||
"nym-task",
|
||||
"nym-wireguard-types",
|
||||
"tokio",
|
||||
"x25519-dalek",
|
||||
"x25519-dalek 2.0.1",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
@@ -5757,16 +5841,18 @@ version = "0.1.0"
|
||||
dependencies = [
|
||||
"base64 0.21.7",
|
||||
"dashmap",
|
||||
"hmac",
|
||||
"hmac 0.12.1",
|
||||
"log",
|
||||
"nym-config",
|
||||
"nym-crypto",
|
||||
"rand 0.8.5",
|
||||
"nym-network-defaults",
|
||||
"rand 0.7.3",
|
||||
"serde",
|
||||
"serde_json",
|
||||
"sha2 0.10.8",
|
||||
"thiserror",
|
||||
"utoipa",
|
||||
"x25519-dalek",
|
||||
"x25519-dalek 2.0.1",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
@@ -6090,7 +6176,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "f8ed6a7761f76e3b9f92dfb0a60a6a6477c61024b775147ff0973a02653abaf2"
|
||||
dependencies = [
|
||||
"digest 0.10.7",
|
||||
"hmac",
|
||||
"hmac 0.12.1",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
@@ -6551,7 +6637,7 @@ dependencies = [
|
||||
"libc",
|
||||
"rand_chacha 0.1.1",
|
||||
"rand_core 0.4.2",
|
||||
"rand_hc",
|
||||
"rand_hc 0.1.0",
|
||||
"rand_isaac",
|
||||
"rand_jitter",
|
||||
"rand_os",
|
||||
@@ -6560,6 +6646,19 @@ dependencies = [
|
||||
"winapi",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "rand"
|
||||
version = "0.7.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "6a6b1679d49b24bbfe0c803429aa1874472f50d9b363131f0e89fc356b544d03"
|
||||
dependencies = [
|
||||
"getrandom 0.1.16",
|
||||
"libc",
|
||||
"rand_chacha 0.2.2",
|
||||
"rand_core 0.5.1",
|
||||
"rand_hc 0.2.0",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "rand"
|
||||
version = "0.8.5"
|
||||
@@ -6581,6 +6680,16 @@ dependencies = [
|
||||
"rand_core 0.3.1",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "rand_chacha"
|
||||
version = "0.2.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "f4c8ed856279c9737206bf725bf36935d8666ead7aa69b52be55af369d193402"
|
||||
dependencies = [
|
||||
"ppv-lite86",
|
||||
"rand_core 0.5.1",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "rand_chacha"
|
||||
version = "0.3.1"
|
||||
@@ -6611,6 +6720,9 @@ name = "rand_core"
|
||||
version = "0.5.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "90bde5296fc891b0cef12a6d03ddccc162ce7b2aff54160af9338f8d40df6d19"
|
||||
dependencies = [
|
||||
"getrandom 0.1.16",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "rand_core"
|
||||
@@ -6618,17 +6730,17 @@ version = "0.6.4"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c"
|
||||
dependencies = [
|
||||
"getrandom",
|
||||
"getrandom 0.2.15",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "rand_distr"
|
||||
version = "0.4.3"
|
||||
version = "0.3.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "32cb0b9bc82b0a0876c2dd994a7e7a2683d3e7390ca40e6886785ef0c7e3ee31"
|
||||
checksum = "c9e9532ada3929fb8b2e9dbe28d1e06c9b2cc65813f074fcb6bd5fbefeff9d56"
|
||||
dependencies = [
|
||||
"num-traits",
|
||||
"rand 0.8.5",
|
||||
"rand 0.7.3",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
@@ -6640,6 +6752,15 @@ dependencies = [
|
||||
"rand_core 0.3.1",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "rand_hc"
|
||||
version = "0.2.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "ca3129af7b92a17112d59ad498c6f81eaf463253766b90396d39ea7a39d6613c"
|
||||
dependencies = [
|
||||
"rand_core 0.5.1",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "rand_isaac"
|
||||
version = "0.1.1"
|
||||
@@ -6773,7 +6894,7 @@ version = "0.4.5"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "bd283d9651eeda4b2a83a43c1c91b266c40fd76ecd39a50a8c630ae69dc72891"
|
||||
dependencies = [
|
||||
"getrandom",
|
||||
"getrandom 0.2.15",
|
||||
"libredox",
|
||||
"thiserror",
|
||||
]
|
||||
@@ -6933,7 +7054,7 @@ version = "0.4.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2"
|
||||
dependencies = [
|
||||
"hmac",
|
||||
"hmac 0.12.1",
|
||||
"subtle 2.5.0",
|
||||
]
|
||||
|
||||
@@ -6960,7 +7081,7 @@ checksum = "c17fa4cb658e3583423e915b9f3acc01cceaee1860e33d59ebae66adc3a2dc0d"
|
||||
dependencies = [
|
||||
"cc",
|
||||
"cfg-if",
|
||||
"getrandom",
|
||||
"getrandom 0.2.15",
|
||||
"libc",
|
||||
"spin 0.9.8",
|
||||
"untrusted 0.9.0",
|
||||
@@ -7714,6 +7835,12 @@ dependencies = [
|
||||
"libc",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "signature"
|
||||
version = "1.6.4"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "74233d3b3b2f6d4b006dc19dee745e73e2a6bfb6f93607cd3b02bd5b00797d7c"
|
||||
|
||||
[[package]]
|
||||
name = "signature"
|
||||
version = "2.2.0"
|
||||
@@ -7784,27 +7911,26 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "sphinx-packet"
|
||||
version = "0.2.0"
|
||||
version = "0.1.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "cffb0df8390239119e76d4f60a6b06900351ee971d78868fc4cfef18301728ad"
|
||||
checksum = "cc43eda802856ee82a7555c7b75ceb9e07451741c7a2f5f23d036020e01189d4"
|
||||
dependencies = [
|
||||
"aes",
|
||||
"aes 0.7.5",
|
||||
"arrayref",
|
||||
"blake2 0.8.1",
|
||||
"bs58 0.5.1",
|
||||
"bs58 0.4.0",
|
||||
"byteorder",
|
||||
"chacha",
|
||||
"ctr",
|
||||
"digest 0.10.7",
|
||||
"hkdf",
|
||||
"hmac",
|
||||
"curve25519-dalek 3.2.0",
|
||||
"digest 0.9.0",
|
||||
"hkdf 0.11.0",
|
||||
"hmac 0.11.0",
|
||||
"lioness",
|
||||
"log",
|
||||
"rand 0.8.5",
|
||||
"rand 0.7.3",
|
||||
"rand_distr",
|
||||
"sha2 0.10.8",
|
||||
"sha2 0.9.9",
|
||||
"subtle 2.5.0",
|
||||
"x25519-dalek",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
@@ -8194,7 +8320,7 @@ checksum = "15ab8f0a25d0d2ad49ac615da054d6a76aa6603ff95f7d18bafdd34450a1a04b"
|
||||
dependencies = [
|
||||
"bytes",
|
||||
"digest 0.10.7",
|
||||
"ed25519",
|
||||
"ed25519 2.2.3",
|
||||
"ed25519-consensus",
|
||||
"flex-error",
|
||||
"futures",
|
||||
@@ -8209,7 +8335,7 @@ dependencies = [
|
||||
"serde_json",
|
||||
"serde_repr",
|
||||
"sha2 0.10.8",
|
||||
"signature",
|
||||
"signature 2.2.0",
|
||||
"subtle 2.5.0",
|
||||
"subtle-encoding",
|
||||
"tendermint-proto",
|
||||
@@ -8260,7 +8386,7 @@ dependencies = [
|
||||
"bytes",
|
||||
"flex-error",
|
||||
"futures",
|
||||
"getrandom",
|
||||
"getrandom 0.2.15",
|
||||
"peg",
|
||||
"pin-project",
|
||||
"reqwest 0.11.27",
|
||||
@@ -9164,7 +9290,7 @@ version = "1.6.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "5e395fcf16a7a3d8127ec99782007af141946b4795001f876d54fb0d55978560"
|
||||
dependencies = [
|
||||
"getrandom",
|
||||
"getrandom 0.2.15",
|
||||
"wasm-bindgen",
|
||||
]
|
||||
|
||||
@@ -9223,6 +9349,12 @@ dependencies = [
|
||||
"try-lock",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "wasi"
|
||||
version = "0.9.0+wasi-snapshot-preview1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519"
|
||||
|
||||
[[package]]
|
||||
name = "wasi"
|
||||
version = "0.11.0+wasi-snapshot-preview1"
|
||||
@@ -9338,7 +9470,7 @@ dependencies = [
|
||||
"nym-task",
|
||||
"nym-topology",
|
||||
"nym-validator-client",
|
||||
"rand 0.8.5",
|
||||
"rand 0.7.3",
|
||||
"serde",
|
||||
"serde-wasm-bindgen",
|
||||
"thiserror",
|
||||
@@ -9386,7 +9518,7 @@ name = "wasm-utils"
|
||||
version = "0.1.0"
|
||||
dependencies = [
|
||||
"futures",
|
||||
"getrandom",
|
||||
"getrandom 0.2.15",
|
||||
"gloo-net",
|
||||
"gloo-utils",
|
||||
"js-sys",
|
||||
@@ -9794,6 +9926,18 @@ dependencies = [
|
||||
"tap",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "x25519-dalek"
|
||||
version = "1.1.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "5a0c105152107e3b96f6a00a65e86ce82d9b125230e1c4302940eca58ff71f4f"
|
||||
dependencies = [
|
||||
"curve25519-dalek 3.2.0",
|
||||
"rand_core 0.5.1",
|
||||
"serde",
|
||||
"zeroize",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "x25519-dalek"
|
||||
version = "2.0.1"
|
||||
|
||||
@@ -25,7 +25,7 @@ bs58 = { workspace = true }
|
||||
clap = { workspace = true, features = ["cargo", "derive"] }
|
||||
dirs = "4.0"
|
||||
log = { workspace = true } # self explanatory
|
||||
rand = { workspace = true }
|
||||
rand = { version = "0.7.3", features = ["wasm-bindgen"] } # rng-related traits + some rng implementation to use
|
||||
serde = { workspace = true, features = ["derive"] } # for config serialization/deserialization
|
||||
serde_json = { workspace = true }
|
||||
thiserror = { workspace = true }
|
||||
|
||||
@@ -16,7 +16,7 @@ serde_json = { workspace = true }
|
||||
tap = "1.0.1"
|
||||
thiserror = { workspace = true }
|
||||
tokio = { version = "1.24.1", features = ["rt-multi-thread", "net", "signal"] }
|
||||
rand = { workspace = true }
|
||||
rand = "0.7.3"
|
||||
time = { workspace = true }
|
||||
url = { workspace = true }
|
||||
zeroize = { workspace = true }
|
||||
|
||||
@@ -9,7 +9,7 @@ license.workspace = true
|
||||
[dependencies]
|
||||
bip39 = { workspace = true }
|
||||
log = { workspace = true }
|
||||
rand = { workspace = true }
|
||||
rand = "0.7.3"
|
||||
thiserror = { workspace = true }
|
||||
url = { workspace = true }
|
||||
zeroize = { workspace = true }
|
||||
|
||||
@@ -17,7 +17,7 @@ clap = { workspace = true, optional = true }
|
||||
futures = { workspace = true }
|
||||
humantime-serde = { workspace = true }
|
||||
log = { workspace = true }
|
||||
rand = { workspace = true }
|
||||
rand = { version = "0.7.3", features = ["wasm-bindgen"] }
|
||||
serde = { workspace = true, features = ["derive"] }
|
||||
serde_json = { workspace = true }
|
||||
sha2 = "0.10.6"
|
||||
|
||||
@@ -14,7 +14,7 @@ futures = { workspace = true }
|
||||
log = { workspace = true }
|
||||
thiserror = { workspace = true }
|
||||
url = { workspace = true }
|
||||
rand = { workspace = true }
|
||||
rand = { version = "0.7.3", features = ["wasm-bindgen"] }
|
||||
tokio = { version = "1.24.1", features = ["macros"] }
|
||||
si-scale = "0.2.2"
|
||||
time.workspace = true
|
||||
|
||||
@@ -23,5 +23,5 @@ nym-api-requests = { path = "../../nym-api/nym-api-requests" }
|
||||
nym-validator-client = { path = "../client-libs/validator-client", default-features = false }
|
||||
|
||||
[dev-dependencies]
|
||||
rand = "0.8.5"
|
||||
rand = "0.7.3"
|
||||
|
||||
|
||||
@@ -17,9 +17,9 @@ generic-array = { workspace = true, optional = true }
|
||||
hkdf = { version = "0.12.3", optional = true }
|
||||
hmac = { version = "0.12.1", optional = true }
|
||||
cipher = { version = "0.4.3", optional = true }
|
||||
x25519-dalek = { version = "2.0.0", optional = true }
|
||||
ed25519-dalek = { version = "2.1", features = ["rand_core"], optional = true }
|
||||
rand = { version = "0.8.5", optional = true }
|
||||
x25519-dalek = { version = "1.1", optional = true }
|
||||
ed25519-dalek = { version = "1.0", optional = true }
|
||||
rand = { version = "0.7.3", features = ["wasm-bindgen"], optional = true }
|
||||
serde_bytes = { version = "0.11.6", optional = true }
|
||||
serde_crate = { version = "1.0", optional = true, default_features = false, features = ["derive"], package = "serde" }
|
||||
subtle-encoding = { version = "0.5", features = ["bech32-preview"]}
|
||||
@@ -31,7 +31,7 @@ nym-sphinx-types = { path = "../nymsphinx/types", version = "0.2.0", default-fea
|
||||
nym-pemstore = { path = "../../common/pemstore", version = "0.3.0" }
|
||||
|
||||
[dev-dependencies]
|
||||
rand_chacha = "0.3"
|
||||
rand_chacha = "0.2"
|
||||
|
||||
[features]
|
||||
default = ["sphinx"]
|
||||
|
||||
@@ -56,7 +56,7 @@ pub struct KeyPair {
|
||||
impl KeyPair {
|
||||
#[cfg(feature = "rand")]
|
||||
pub fn new<R: RngCore + CryptoRng>(rng: &mut R) -> Self {
|
||||
let private_key = x25519_dalek::StaticSecret::random_from_rng(rng);
|
||||
let private_key = x25519_dalek::StaticSecret::new(rng);
|
||||
let public_key = (&private_key).into();
|
||||
|
||||
KeyPair {
|
||||
@@ -203,7 +203,7 @@ impl<'a> From<&'a PrivateKey> for PublicKey {
|
||||
impl PrivateKey {
|
||||
#[cfg(feature = "rand")]
|
||||
pub fn new<R: RngCore + CryptoRng>(rng: &mut R) -> Self {
|
||||
let x25519_secret = x25519_dalek::StaticSecret::random_from_rng(rng);
|
||||
let x25519_secret = x25519_dalek::StaticSecret::new(rng);
|
||||
|
||||
PrivateKey(x25519_secret)
|
||||
}
|
||||
@@ -322,7 +322,9 @@ impl<'a> From<&'a PrivateKey> for nym_sphinx_types::PrivateKey {
|
||||
#[cfg(feature = "sphinx")]
|
||||
impl From<nym_sphinx_types::PrivateKey> for PrivateKey {
|
||||
fn from(private_key: nym_sphinx_types::PrivateKey) -> Self {
|
||||
Self(private_key)
|
||||
let private_key_bytes = private_key.to_bytes();
|
||||
assert_eq!(private_key_bytes.len(), PRIVATE_KEY_SIZE);
|
||||
Self::from_bytes(&private_key_bytes).unwrap()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -364,7 +366,7 @@ mod sphinx_key_conversion {
|
||||
#[test]
|
||||
fn works_for_backward_conversion() {
|
||||
for _ in 0..NUM_ITERATIONS {
|
||||
let (sphinx_private, sphinx_public) = nym_sphinx_types::test_utils::fixtures::keygen();
|
||||
let (sphinx_private, sphinx_public) = nym_sphinx_types::crypto::keygen();
|
||||
|
||||
let private_bytes = sphinx_private.to_bytes();
|
||||
let public_bytes = sphinx_public.as_bytes();
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
// Copyright 2021-2023 - Nym Technologies SA <contact@nymtech.net>
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
pub use ed25519_dalek::ed25519::signature::Signature as SignatureTrait;
|
||||
pub use ed25519_dalek::SignatureError;
|
||||
use ed25519_dalek::{Signer, SigningKey};
|
||||
pub use ed25519_dalek::{Verifier, PUBLIC_KEY_LENGTH, SECRET_KEY_LENGTH, SIGNATURE_LENGTH};
|
||||
use nym_pemstore::traits::{PemStorableKey, PemStorableKeyPair};
|
||||
use std::fmt::{self, Display, Formatter};
|
||||
@@ -30,9 +30,6 @@ pub enum Ed25519RecoveryError {
|
||||
#[error(transparent)]
|
||||
MalformedBytes(#[from] SignatureError),
|
||||
|
||||
#[error(transparent)]
|
||||
BytesLengthError(#[from] std::array::TryFromSliceError),
|
||||
|
||||
#[error("the base58 representation of the public key was malformed - {source}")]
|
||||
MalformedPublicKeyString {
|
||||
#[source]
|
||||
@@ -67,11 +64,11 @@ pub struct KeyPair {
|
||||
impl KeyPair {
|
||||
#[cfg(feature = "rand")]
|
||||
pub fn new<R: RngCore + CryptoRng>(rng: &mut R) -> Self {
|
||||
let ed25519_signing_key = ed25519_dalek::SigningKey::generate(rng);
|
||||
let ed25519_keypair = ed25519_dalek::Keypair::generate(rng);
|
||||
|
||||
KeyPair {
|
||||
private_key: PrivateKey(ed25519_signing_key.to_bytes()),
|
||||
public_key: PublicKey(ed25519_signing_key.verifying_key()),
|
||||
private_key: PrivateKey(ed25519_keypair.secret),
|
||||
public_key: PublicKey(ed25519_keypair.public),
|
||||
}
|
||||
}
|
||||
|
||||
@@ -112,7 +109,7 @@ impl PemStorableKeyPair for KeyPair {
|
||||
|
||||
/// ed25519 EdDSA Public Key
|
||||
#[derive(Debug, Copy, Clone, Eq, PartialEq)]
|
||||
pub struct PublicKey(ed25519_dalek::VerifyingKey);
|
||||
pub struct PublicKey(ed25519_dalek::PublicKey);
|
||||
|
||||
impl Display for PublicKey {
|
||||
fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result {
|
||||
@@ -138,9 +135,7 @@ impl PublicKey {
|
||||
}
|
||||
|
||||
pub fn from_bytes(b: &[u8]) -> Result<Self, Ed25519RecoveryError> {
|
||||
Ok(PublicKey(ed25519_dalek::VerifyingKey::from_bytes(
|
||||
b.try_into()?,
|
||||
)?))
|
||||
Ok(PublicKey(ed25519_dalek::PublicKey::from_bytes(b)?))
|
||||
}
|
||||
|
||||
pub fn to_base58_string(self) -> String {
|
||||
@@ -194,7 +189,7 @@ impl<'d> Deserialize<'d> for PublicKey {
|
||||
where
|
||||
D: Deserializer<'d>,
|
||||
{
|
||||
Ok(PublicKey(ed25519_dalek::VerifyingKey::deserialize(
|
||||
Ok(PublicKey(ed25519_dalek::PublicKey::deserialize(
|
||||
deserializer,
|
||||
)?))
|
||||
}
|
||||
@@ -228,14 +223,14 @@ impl Display for PrivateKey {
|
||||
|
||||
impl<'a> From<&'a PrivateKey> for PublicKey {
|
||||
fn from(pk: &'a PrivateKey) -> Self {
|
||||
PublicKey(SigningKey::from_bytes(&pk.0).verifying_key())
|
||||
PublicKey((&pk.0).into())
|
||||
}
|
||||
}
|
||||
|
||||
impl PrivateKey {
|
||||
#[cfg(feature = "rand")]
|
||||
pub fn new<R: RngCore + CryptoRng>(rng: &mut R) -> Self {
|
||||
let ed25519_secret = ed25519_dalek::SigningKey::generate(rng).to_bytes();
|
||||
let ed25519_secret = ed25519_dalek::SecretKey::generate(rng);
|
||||
|
||||
PrivateKey(ed25519_secret)
|
||||
}
|
||||
@@ -245,11 +240,11 @@ impl PrivateKey {
|
||||
}
|
||||
|
||||
pub fn to_bytes(&self) -> [u8; SECRET_KEY_LENGTH] {
|
||||
self.0
|
||||
self.0.to_bytes()
|
||||
}
|
||||
|
||||
pub fn from_bytes(b: &[u8]) -> Result<Self, Ed25519RecoveryError> {
|
||||
Ok(PrivateKey(b.try_into()?))
|
||||
Ok(PrivateKey(ed25519_dalek::SecretKey::from_bytes(b)?))
|
||||
}
|
||||
|
||||
pub fn to_base58_string(&self) -> String {
|
||||
@@ -264,8 +259,9 @@ impl PrivateKey {
|
||||
}
|
||||
|
||||
pub fn sign<M: AsRef<[u8]>>(&self, message: M) -> Signature {
|
||||
let signing_key: SigningKey = self.0.into();
|
||||
let sig = signing_key.sign(message.as_ref());
|
||||
let expanded_secret_key = ed25519_dalek::ExpandedSecretKey::from(&self.0);
|
||||
let public_key: PublicKey = self.into();
|
||||
let sig = expanded_secret_key.sign(message.as_ref(), &public_key.0);
|
||||
Signature(sig)
|
||||
}
|
||||
|
||||
@@ -334,9 +330,7 @@ impl Signature {
|
||||
}
|
||||
|
||||
pub fn from_bytes(bytes: &[u8]) -> Result<Self, Ed25519RecoveryError> {
|
||||
Ok(Signature(ed25519_dalek::Signature::from_bytes(
|
||||
bytes.try_into()?,
|
||||
)))
|
||||
Ok(Signature(ed25519_dalek::Signature::from_bytes(bytes)?))
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -3,11 +3,11 @@
|
||||
|
||||
use crate::asymmetric::encryption;
|
||||
use crate::hkdf;
|
||||
#[cfg(feature = "rand")]
|
||||
use cipher::crypto_common::rand_core::{CryptoRng, RngCore};
|
||||
use cipher::{Key, KeyIvInit, StreamCipher};
|
||||
use digest::crypto_common::BlockSizeUser;
|
||||
use digest::Digest;
|
||||
#[cfg(feature = "rand")]
|
||||
use rand::{CryptoRng, RngCore};
|
||||
|
||||
/// Generate an ephemeral encryption keypair and perform diffie-hellman to establish
|
||||
/// shared key with the remote.
|
||||
|
||||
@@ -242,7 +242,7 @@ impl SphinxPacketProcessor {
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use super::*;
|
||||
use nym_sphinx_types::test_utils::fixtures::keygen;
|
||||
use nym_sphinx_types::crypto::keygen;
|
||||
|
||||
fn fixture() -> SphinxPacketProcessor {
|
||||
let local_keys = keygen();
|
||||
|
||||
@@ -8,7 +8,7 @@ license.workspace = true
|
||||
|
||||
[dependencies]
|
||||
futures = { workspace = true }
|
||||
rand = { workspace = true }
|
||||
rand = "0.7.3"
|
||||
|
||||
serde = { workspace = true }
|
||||
serde_json = { workspace = true }
|
||||
|
||||
@@ -9,8 +9,8 @@ repository = { workspace = true }
|
||||
|
||||
[dependencies]
|
||||
log = { workspace = true }
|
||||
rand = { workspace = true }
|
||||
rand_distr = "0.4"
|
||||
rand = { version = "0.7.3", features = ["wasm-bindgen"] }
|
||||
rand_distr = "0.3"
|
||||
thiserror = { workspace = true }
|
||||
|
||||
nym-sphinx-acknowledgements = { path = "acknowledgements" }
|
||||
|
||||
@@ -8,7 +8,7 @@ license = { workspace = true }
|
||||
repository = { workspace = true }
|
||||
|
||||
[dependencies]
|
||||
rand = { workspace = true }
|
||||
rand = { version = "0.7.3", features = ["wasm-bindgen"] }
|
||||
serde_crate = { version = "1.0", optional = true, default_features = false, features = ["derive"], package = "serde" }
|
||||
generic-array = { workspace = true, optional = true, features = ["serde"] }
|
||||
thiserror = { workspace = true }
|
||||
|
||||
@@ -14,5 +14,5 @@ serde = "1.0" # implementing serialization/deserialization for some types, like
|
||||
thiserror = { workspace = true }
|
||||
|
||||
[dev-dependencies]
|
||||
rand = "0.8.5"
|
||||
rand = "0.7"
|
||||
nym-crypto = { path = "../../crypto", features = ["rand"] }
|
||||
@@ -8,7 +8,7 @@ license = { workspace = true }
|
||||
repository = { workspace = true }
|
||||
|
||||
[dependencies]
|
||||
rand = { workspace = true }
|
||||
rand = { version = "0.7.3", features = ["wasm-bindgen"] }
|
||||
bs58 = { workspace = true }
|
||||
serde = { workspace = true }
|
||||
thiserror = { workspace = true }
|
||||
@@ -24,4 +24,4 @@ nym-topology = { path = "../../topology" }
|
||||
version = "0.2.83"
|
||||
|
||||
[dev-dependencies]
|
||||
rand_chacha = "0.3"
|
||||
rand_chacha = "0.2"
|
||||
|
||||
@@ -570,7 +570,7 @@ mod tests {
|
||||
let mut address_bytes = [0; NODE_ADDRESS_LENGTH];
|
||||
rng.fill_bytes(&mut address_bytes);
|
||||
|
||||
let dummy_private = PrivateKey::random_from_rng(rng);
|
||||
let dummy_private = PrivateKey::new_with_rng(rng);
|
||||
let pub_key = (&dummy_private).into();
|
||||
Node {
|
||||
address: NodeAddressBytes::from_bytes(address_bytes),
|
||||
|
||||
@@ -11,7 +11,7 @@ repository = { workspace = true }
|
||||
|
||||
[dependencies]
|
||||
log = { workspace = true }
|
||||
rand = { workspace = true }
|
||||
rand = { version = "0.7.3", features = ["wasm-bindgen"] }
|
||||
thiserror = { workspace = true }
|
||||
|
||||
nym-sphinx-addressing = { path = "../addressing" }
|
||||
|
||||
@@ -8,7 +8,7 @@ license = { workspace = true }
|
||||
repository = { workspace = true }
|
||||
|
||||
[dependencies]
|
||||
rand = { workspace = true }
|
||||
rand = { version = "0.7.3", features = ["wasm-bindgen"] }
|
||||
thiserror = { workspace = true }
|
||||
|
||||
nym-crypto = { path = "../../crypto" }
|
||||
|
||||
@@ -130,28 +130,28 @@ impl Decoder for NymCodec {
|
||||
mod packet_encoding {
|
||||
use super::*;
|
||||
use nym_sphinx_types::{
|
||||
test_utils, Delay as SphinxDelay, Destination, DestinationAddressBytes, Node,
|
||||
NodeAddressBytes, DESTINATION_ADDRESS_LENGTH, IDENTIFIER_LENGTH, NODE_ADDRESS_LENGTH,
|
||||
crypto, Delay as SphinxDelay, Destination, DestinationAddressBytes, Node, NodeAddressBytes,
|
||||
DESTINATION_ADDRESS_LENGTH, IDENTIFIER_LENGTH, NODE_ADDRESS_LENGTH,
|
||||
};
|
||||
|
||||
fn make_valid_outfox_packet(size: PacketSize) -> NymPacket {
|
||||
let (_, node1_pk) = test_utils::fixtures::keygen();
|
||||
let (_, node1_pk) = crypto::keygen();
|
||||
let node1 = Node::new(
|
||||
NodeAddressBytes::from_bytes([5u8; NODE_ADDRESS_LENGTH]),
|
||||
node1_pk,
|
||||
);
|
||||
let (_, node2_pk) = test_utils::fixtures::keygen();
|
||||
let (_, node2_pk) = crypto::keygen();
|
||||
let node2 = Node::new(
|
||||
NodeAddressBytes::from_bytes([4u8; NODE_ADDRESS_LENGTH]),
|
||||
node2_pk,
|
||||
);
|
||||
let (_, node3_pk) = test_utils::fixtures::keygen();
|
||||
let (_, node3_pk) = crypto::keygen();
|
||||
let node3 = Node::new(
|
||||
NodeAddressBytes::from_bytes([2u8; NODE_ADDRESS_LENGTH]),
|
||||
node3_pk,
|
||||
);
|
||||
|
||||
let (_, node4_pk) = test_utils::fixtures::keygen();
|
||||
let (_, node4_pk) = crypto::keygen();
|
||||
let node4 = Node::new(
|
||||
NodeAddressBytes::from_bytes([2u8; NODE_ADDRESS_LENGTH]),
|
||||
node4_pk,
|
||||
@@ -170,17 +170,17 @@ mod packet_encoding {
|
||||
}
|
||||
|
||||
fn make_valid_sphinx_packet(size: PacketSize) -> NymPacket {
|
||||
let (_, node1_pk) = test_utils::fixtures::keygen();
|
||||
let (_, node1_pk) = crypto::keygen();
|
||||
let node1 = Node::new(
|
||||
NodeAddressBytes::from_bytes([5u8; NODE_ADDRESS_LENGTH]),
|
||||
node1_pk,
|
||||
);
|
||||
let (_, node2_pk) = test_utils::fixtures::keygen();
|
||||
let (_, node2_pk) = crypto::keygen();
|
||||
let node2 = Node::new(
|
||||
NodeAddressBytes::from_bytes([4u8; NODE_ADDRESS_LENGTH]),
|
||||
node2_pk,
|
||||
);
|
||||
let (_, node3_pk) = test_utils::fixtures::keygen();
|
||||
let (_, node3_pk) = crypto::keygen();
|
||||
let node3 = Node::new(
|
||||
NodeAddressBytes::from_bytes([2u8; NODE_ADDRESS_LENGTH]),
|
||||
node3_pk,
|
||||
|
||||
@@ -8,7 +8,7 @@ license = { workspace = true }
|
||||
repository = { workspace = true }
|
||||
|
||||
[dependencies]
|
||||
sphinx-packet = { version = "0.2.0", optional = true }
|
||||
sphinx-packet = { version = "0.1.0", optional = true }
|
||||
nym-outfox = { path = "../../../nym-outfox", optional = true }
|
||||
thiserror = { workspace = true }
|
||||
|
||||
|
||||
@@ -15,13 +15,13 @@ pub use sphinx_packet::{
|
||||
self, DESTINATION_ADDRESS_LENGTH, IDENTIFIER_LENGTH, MAX_PATH_LENGTH, NODE_ADDRESS_LENGTH,
|
||||
PAYLOAD_KEY_SIZE,
|
||||
},
|
||||
crypto::{self, PrivateKey, PublicKey},
|
||||
crypto::{self, EphemeralSecret, PrivateKey, PublicKey, SharedSecret},
|
||||
header::{self, delays, delays::Delay, ProcessedHeader, SphinxHeader, HEADER_SIZE},
|
||||
packet::builder::DEFAULT_PAYLOAD_SIZE,
|
||||
payload::{Payload, PAYLOAD_OVERHEAD_SIZE},
|
||||
route::{Destination, DestinationAddressBytes, Node, NodeAddressBytes, SURBIdentifier},
|
||||
surb::{SURBMaterial, SURB},
|
||||
test_utils, Error as SphinxError, ProcessedPacket,
|
||||
Error as SphinxError, ProcessedPacket,
|
||||
};
|
||||
#[cfg(feature = "sphinx")]
|
||||
use sphinx_packet::{SphinxPacket, SphinxPacketBuilder};
|
||||
|
||||
@@ -12,7 +12,7 @@ dirs = "4.0"
|
||||
futures = { workspace = true }
|
||||
log = { workspace = true }
|
||||
pin-project = "1.0"
|
||||
rand = { workspace = true }
|
||||
rand = { version = "0.7.3", features = ["wasm-bindgen"] }
|
||||
reqwest = { workspace = true }
|
||||
schemars = { workspace = true, features = ["preserve_order"] }
|
||||
serde = { workspace = true, features = ["derive"] } # for config serialization/deserialization
|
||||
|
||||
@@ -14,7 +14,7 @@ documentation = { workspace = true }
|
||||
[dependencies]
|
||||
bs58 = { workspace = true }
|
||||
log = { workspace = true }
|
||||
rand = { workspace = true }
|
||||
rand = { version = "0.7.3", features = ["wasm-bindgen"] }
|
||||
thiserror = { workspace = true }
|
||||
async-trait = { workspace = true, optional = true }
|
||||
semver = "0.11"
|
||||
|
||||
@@ -171,3 +171,25 @@ impl fmt::Display for GatewayIpPacketRouterDetails {
|
||||
writeln!(f, "\taddress: {}", self.address)
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Debug, Serialize, Deserialize)]
|
||||
pub struct GatewayWireguardDetails {
|
||||
pub enabled: bool,
|
||||
|
||||
pub announced_port: u16,
|
||||
pub private_network_prefix: u8,
|
||||
}
|
||||
|
||||
impl fmt::Display for GatewayWireguardDetails {
|
||||
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
|
||||
writeln!(f, "wireguard:")?;
|
||||
writeln!(f, "\tenabled: {}", self.enabled)?;
|
||||
|
||||
writeln!(f, "\tannounced_port: {}", self.announced_port)?;
|
||||
writeln!(
|
||||
f,
|
||||
"\tprivate_network_prefix: {}",
|
||||
self.private_network_prefix
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -11,7 +11,7 @@ repository = "https://github.com/nymtech/nym"
|
||||
[dependencies]
|
||||
async-trait = { workspace = true }
|
||||
js-sys = { workspace = true }
|
||||
rand = { workspace = true }
|
||||
rand = { version = "0.7.3", features = ["wasm-bindgen"] }
|
||||
serde = { workspace = true, features = ["derive"] }
|
||||
serde-wasm-bindgen = { workspace = true }
|
||||
thiserror = { workspace = true }
|
||||
|
||||
@@ -17,7 +17,9 @@ log = { workspace = true }
|
||||
serde = { workspace = true, features = ["derive"] }
|
||||
thiserror = { workspace = true }
|
||||
|
||||
nym-config = { path = "../config" }
|
||||
nym-crypto = { path = "../crypto", features = ["asymmetric"] }
|
||||
nym-network-defaults = { path = "../network-defaults" }
|
||||
|
||||
# feature-specific dependencies:
|
||||
|
||||
@@ -32,7 +34,7 @@ serde_json = { workspace = true, optional = true }
|
||||
x25519-dalek = { version = "2.0.0", features = ["static_secrets"] }
|
||||
|
||||
[dev-dependencies]
|
||||
rand = "0.8.5"
|
||||
rand = "0.7.3"
|
||||
nym-crypto = { path = "../crypto", features = ["rand"]}
|
||||
|
||||
|
||||
|
||||
@@ -0,0 +1,23 @@
|
||||
// Copyright 2024 - Nym Technologies SA <contact@nymtech.net>
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
use std::net::{IpAddr, SocketAddr};
|
||||
|
||||
#[derive(Copy, Clone, PartialEq, Eq, Hash, PartialOrd, Ord, Debug)]
|
||||
pub struct Config {
|
||||
/// Socket address this node will use for binding its wireguard interface.
|
||||
/// default: `0.0.0.0:51822`
|
||||
pub bind_address: SocketAddr,
|
||||
|
||||
/// Private IP address of the wireguard gateway.
|
||||
/// default: `10.1.0.1`
|
||||
pub private_ip: IpAddr,
|
||||
|
||||
/// Port announced to external clients wishing to connect to the wireguard interface.
|
||||
/// Useful in the instances where the node is behind a proxy.
|
||||
pub announced_port: u16,
|
||||
|
||||
/// The prefix denoting the maximum number of the clients that can be connected via Wireguard.
|
||||
/// The maximum value for IPv4 is 32 and for IPv6 is 128
|
||||
pub private_network_prefix: u8,
|
||||
}
|
||||
@@ -1,15 +1,51 @@
|
||||
// Copyright 2023 - Nym Technologies SA <contact@nymtech.net>
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
use dashmap::DashMap;
|
||||
use nym_crypto::asymmetric::encryption::KeyPair;
|
||||
use std::sync::Arc;
|
||||
|
||||
pub mod config;
|
||||
pub mod error;
|
||||
pub mod public_key;
|
||||
pub mod registration;
|
||||
|
||||
pub use config::Config;
|
||||
pub use error::Error;
|
||||
pub use public_key::PeerPublicKey;
|
||||
pub use registration::{
|
||||
ClientMac, ClientMessage, ClientRegistrationResponse, GatewayClient, InitMessage, Nonce,
|
||||
ClientMac, ClientMessage, ClientRegistrationResponse, GatewayClient, GatewayClientRegistry,
|
||||
InitMessage, Nonce,
|
||||
};
|
||||
|
||||
#[cfg(feature = "verify")]
|
||||
pub use registration::HmacSha256;
|
||||
|
||||
#[derive(Clone)]
|
||||
pub struct WireguardGatewayData {
|
||||
config: Config,
|
||||
keypair: Arc<KeyPair>,
|
||||
client_registry: Arc<GatewayClientRegistry>,
|
||||
}
|
||||
|
||||
impl WireguardGatewayData {
|
||||
pub fn new(config: Config, keypair: Arc<KeyPair>) -> Self {
|
||||
WireguardGatewayData {
|
||||
config,
|
||||
keypair,
|
||||
client_registry: Arc::new(DashMap::default()),
|
||||
}
|
||||
}
|
||||
|
||||
pub fn config(&self) -> Config {
|
||||
self.config
|
||||
}
|
||||
|
||||
pub fn keypair(&self) -> &Arc<KeyPair> {
|
||||
&self.keypair
|
||||
}
|
||||
|
||||
pub fn client_registry(&self) -> &Arc<GatewayClientRegistry> {
|
||||
&self.client_registry
|
||||
}
|
||||
}
|
||||
|
||||
@@ -24,6 +24,10 @@ impl PeerPublicKey {
|
||||
pub fn as_bytes(&self) -> &[u8] {
|
||||
self.0.as_bytes()
|
||||
}
|
||||
|
||||
pub fn inner(&self) -> PublicKey {
|
||||
self.0
|
||||
}
|
||||
}
|
||||
|
||||
impl fmt::Display for PeerPublicKey {
|
||||
|
||||
@@ -12,7 +12,7 @@ use std::{fmt, ops::Deref, str::FromStr};
|
||||
#[cfg(feature = "verify")]
|
||||
use hmac::{Hmac, Mac};
|
||||
#[cfg(feature = "verify")]
|
||||
use nym_crypto::asymmetric::encryption::{PrivateKey, PublicKey};
|
||||
use nym_crypto::asymmetric::encryption::PrivateKey;
|
||||
#[cfg(feature = "verify")]
|
||||
use sha2::Sha256;
|
||||
|
||||
@@ -87,7 +87,7 @@ impl GatewayClient {
|
||||
#[cfg(feature = "verify")]
|
||||
pub fn new(
|
||||
local_secret: &PrivateKey,
|
||||
remote_public: PublicKey,
|
||||
remote_public: x25519_dalek::PublicKey,
|
||||
private_ip: IpAddr,
|
||||
nonce: u64,
|
||||
) -> Self {
|
||||
@@ -96,8 +96,6 @@ impl GatewayClient {
|
||||
let static_secret = x25519_dalek::StaticSecret::from(local_secret.to_bytes());
|
||||
let local_public: x25519_dalek::PublicKey = (&static_secret).into();
|
||||
|
||||
let remote_public = x25519_dalek::PublicKey::from(remote_public.to_bytes());
|
||||
|
||||
let dh = static_secret.diffie_hellman(&remote_public);
|
||||
|
||||
// TODO: change that to use our nym_crypto::hmac module instead
|
||||
|
||||
+15
-18
@@ -3,40 +3,37 @@
|
||||
// #![warn(clippy::expect_used)]
|
||||
// #![warn(clippy::unwrap_used)]
|
||||
|
||||
pub mod setup;
|
||||
|
||||
/// Start wireguard device
|
||||
#[cfg(target_os = "linux")]
|
||||
pub async fn start_wireguard(
|
||||
mut task_client: nym_task::TaskClient,
|
||||
_gateway_client_registry: std::sync::Arc<
|
||||
nym_wireguard_types::registration::GatewayClientRegistry,
|
||||
>,
|
||||
wireguard_data: std::sync::Arc<nym_wireguard_types::WireguardGatewayData>,
|
||||
) -> Result<defguard_wireguard_rs::WGApi, Box<dyn std::error::Error + Send + Sync + 'static>> {
|
||||
use crate::setup::{peer_allowed_ips, peer_static_public_key, PRIVATE_KEY};
|
||||
use base64::{prelude::BASE64_STANDARD, Engine};
|
||||
use defguard_wireguard_rs::{
|
||||
host::Peer, key::Key, net::IpAddrMask, InterfaceConfiguration, WGApi, WireguardInterfaceApi,
|
||||
};
|
||||
use nym_network_defaults::{WG_PORT, WG_TUN_DEVICE_ADDRESS};
|
||||
|
||||
let mut peers = vec![];
|
||||
for peer_client in wireguard_data.client_registry().iter() {
|
||||
let mut peer = Peer::new(Key::new(peer_client.pub_key.to_bytes()));
|
||||
let peer_ip_mask = IpAddrMask::new(peer_client.private_ip, 32);
|
||||
peer.set_allowed_ips(vec![peer_ip_mask]);
|
||||
peers.push(peer);
|
||||
}
|
||||
|
||||
let ifname = String::from("wg0");
|
||||
let wgapi = WGApi::new(ifname.clone(), false)?;
|
||||
wgapi.create_interface()?;
|
||||
let interface_config = InterfaceConfiguration {
|
||||
name: ifname.clone(),
|
||||
prvkey: PRIVATE_KEY.to_string(),
|
||||
address: WG_TUN_DEVICE_ADDRESS.to_string(),
|
||||
port: WG_PORT as u32,
|
||||
peers: vec![],
|
||||
prvkey: BASE64_STANDARD.encode(wireguard_data.keypair().private_key().to_bytes()),
|
||||
address: wireguard_data.config().private_ip.to_string(),
|
||||
port: wireguard_data.config().announced_port as u32,
|
||||
peers,
|
||||
};
|
||||
wgapi.configure_interface(&interface_config)?;
|
||||
let peer = peer_static_public_key();
|
||||
let mut peer = Peer::new(Key::new(peer.to_bytes()));
|
||||
let peer_ip = peer_allowed_ips();
|
||||
let peer_ip_mask = IpAddrMask::new(peer_ip.network_address(), peer_ip.netmask());
|
||||
peer.set_allowed_ips(vec![peer_ip_mask]);
|
||||
wgapi.configure_peer(&peer)?;
|
||||
wgapi.configure_peer_routing(&[peer.clone()])?;
|
||||
// wgapi.configure_peer_routing(&peers)?;
|
||||
|
||||
tokio::spawn(async move { task_client.recv().await });
|
||||
|
||||
|
||||
@@ -1,56 +0,0 @@
|
||||
use std::net::IpAddr;
|
||||
|
||||
use base64::{engine::general_purpose, Engine as _};
|
||||
use log::info;
|
||||
|
||||
// The wireguard UDP listener
|
||||
pub const WG_ADDRESS: &str = "0.0.0.0";
|
||||
|
||||
// The private key of the listener
|
||||
// Corresponding public key: "WM8s8bYegwMa0TJ+xIwhk+dImk2IpDUKslDBCZPizlE="
|
||||
pub(crate) const PRIVATE_KEY: &str = "AEqXrLFT4qjYq3wmX0456iv94uM6nDj5ugp6Jedcflg=";
|
||||
|
||||
// The AllowedIPs for the connected peer, which is one a single IP and the same as the IP that the
|
||||
// peer has configured on their side.
|
||||
const ALLOWED_IPS: &str = "10.1.0.2";
|
||||
|
||||
fn decode_base64_key(base64_key: &str) -> [u8; 32] {
|
||||
general_purpose::STANDARD
|
||||
.decode(base64_key)
|
||||
.unwrap()
|
||||
.try_into()
|
||||
.unwrap()
|
||||
}
|
||||
|
||||
pub fn server_static_private_key() -> x25519_dalek::StaticSecret {
|
||||
// TODO: this is a temporary solution for development
|
||||
let static_private_bytes: [u8; 32] = decode_base64_key(PRIVATE_KEY);
|
||||
let static_private = x25519_dalek::StaticSecret::from(static_private_bytes);
|
||||
let static_public = x25519_dalek::PublicKey::from(&static_private);
|
||||
info!(
|
||||
"wg public key: {}",
|
||||
general_purpose::STANDARD.encode(static_public)
|
||||
);
|
||||
static_private
|
||||
}
|
||||
|
||||
pub fn peer_static_public_key() -> x25519_dalek::PublicKey {
|
||||
// A single static public key is used during development
|
||||
|
||||
// Read from NYM_PEER_PUBLIC_KEY env variable
|
||||
let peer = std::env::var("NYM_PEER_PUBLIC_KEY").expect("NYM_PEER_PUBLIC_KEY must be set");
|
||||
|
||||
let peer_static_public_bytes: [u8; 32] = decode_base64_key(&peer);
|
||||
let peer_static_public = x25519_dalek::PublicKey::from(peer_static_public_bytes);
|
||||
info!(
|
||||
"Adding wg peer public key: {}",
|
||||
general_purpose::STANDARD.encode(peer_static_public)
|
||||
);
|
||||
peer_static_public
|
||||
}
|
||||
|
||||
pub fn peer_allowed_ips() -> ip_network::IpNetwork {
|
||||
let key: IpAddr = ALLOWED_IPS.parse().unwrap();
|
||||
let cidr = 32u8;
|
||||
ip_network::IpNetwork::new_truncate(key, cidr).unwrap()
|
||||
}
|
||||
Generated
+348
-284
File diff suppressed because it is too large
Load Diff
@@ -32,7 +32,7 @@ cw-multi-test = { workspace = true }
|
||||
cw3-flex-multisig = { path = "../multisig/cw3-flex-multisig" }
|
||||
cw4-group = { path = "../multisig/cw4-group" }
|
||||
|
||||
rand_chacha = "0.3"
|
||||
rand_chacha = "0.2"
|
||||
|
||||
[[test]]
|
||||
name = "coconut-test"
|
||||
|
||||
@@ -25,7 +25,7 @@ nym-vesting-contract = { path = "../vesting" }
|
||||
nym-crypto = { path = "../../common/crypto", features = ["asymmetric", "rand"] }
|
||||
|
||||
# external dependencies
|
||||
rand_chacha = "0.3"
|
||||
rand_chacha = "0.2"
|
||||
|
||||
[[test]]
|
||||
name = "mixnet-vesting-test"
|
||||
|
||||
@@ -44,7 +44,7 @@ time = { version = "0.3", features = ["macros"] }
|
||||
semver = { workspace = true, default-features = false }
|
||||
|
||||
[dev-dependencies]
|
||||
rand_chacha = "0.3"
|
||||
rand_chacha = "0.2"
|
||||
nym-crypto = { path = "../../common/crypto", features = ["asymmetric", "rand"] }
|
||||
|
||||
[build-dependencies]
|
||||
|
||||
@@ -33,7 +33,7 @@ cw-multi-test = { workspace = true }
|
||||
nym-crypto = { path = "../../common/crypto", features = ["asymmetric", "rand"] }
|
||||
nym-sphinx-addressing = { path = "../../common/nymsphinx/addressing" }
|
||||
rand = "0.8.5"
|
||||
rand_chacha = "0.3"
|
||||
rand_chacha = "0.2"
|
||||
rstest = "0.17.0"
|
||||
|
||||
[features]
|
||||
|
||||
@@ -31,7 +31,7 @@ vergen = { version = "=7.4.3", default-features = false, features = ["build", "g
|
||||
anyhow = "1.0.40"
|
||||
cw-multi-test = { workspace = true }
|
||||
nym-crypto = { path = "../../common/crypto", features = ["asymmetric", "rand"] }
|
||||
rand_chacha = "0.3"
|
||||
rand_chacha = "0.2"
|
||||
rstest = "0.17.0"
|
||||
|
||||
[features]
|
||||
|
||||
@@ -27,15 +27,13 @@
|
||||
- [Maintenance](nodes/maintenance.md)
|
||||
- [Manual Node Upgrade](nodes/manual-upgrade.md)
|
||||
- [Automatic Node Upgrade: Nymvisor Setup and Usage](nodes/nymvisor-upgrade.md)
|
||||
- [Performance Monitoring & Testing](testing/performance.md)
|
||||
<!--- [Node Setup](testing/node-setup.md)-->
|
||||
- [Gateway Probe](testing/gateway-probe.md)
|
||||
- [Performance Testing](testing/performance.md)
|
||||
- [Node Setup](testing/node-setup.md)
|
||||
- [Metrics Monitoring](testing/templates.md)
|
||||
- [Prometheus & Grafana](testing/prometheus-grafana.md)
|
||||
- [ExploreNYM scripts](testing/explorenym-scripts.md)
|
||||
<!-- - [Run in a Docker](testing/docker-monitor.md) -->
|
||||
|
||||
|
||||
|
||||
# Troubleshooting
|
||||
|
||||
- [VPS Setup](troubleshooting/vps-isp.md)
|
||||
@@ -58,7 +56,6 @@
|
||||
|
||||
- [Exit Gateway](legal/exit-gateway.md)
|
||||
- [Community Counsel](legal/community-counsel.md)
|
||||
- [ISP List](legal/isp-list.md)
|
||||
- [Jurisdictions](legal/jurisdictions.md)
|
||||
- [Switzerland](legal/swiss.md)
|
||||
- [United States](legal/united-states.md)
|
||||
|
||||
@@ -1,8 +0,0 @@
|
||||
**ISP**,**Locations**,**Public IPv6**,**Crypto Payments**,**Comments**,**Last Updated**
|
||||
[Flokinet](https://flokinet.is),"Netherlands, Iceland, Romania,France","Yes, needs a ticket and custom setup","yes, including XMR","Very slow customer support","05/2024"
|
||||
[BitLaunch](https://bitlaunch.io),"Canada, USA, UK","No","Yes","Expensive. Digial Ocean through BitLanch has IPv6","05/2024"
|
||||
[Hostinger](https://hostinger.com),"France, Lithuania, India, USA, Brazil","Yes, out of the box","Yes","Crypto payments must be done per each server monthly or annually.","05/2024"
|
||||
[Linode](https://linode.com),"USA, Canada, Japan, India, Indonesia, Sweden, Netherlands, Germany, Brazil, France, UK, Australia, Italy","Yes out of the box","No, only through [BitLAunch](https://bitlaunch.io)","IPv6 sometimes need to be re-added in Networking tab, no reboot needed","05/2024"
|
||||
[Cherry Servers](https://www.cherryservers.com),"Lithuania, Netherlands, USA, Singapore","No","Yes","Issued IP doesn’t match the location offered by the provider.","05/2024"
|
||||
[Njalla](https://nja.la),"Sweden","Yes","Yes","Privacy vandguards! The biggest VPS 45 is 3 cores only, but it works better than many “larger” servers on the market.","05/2024"
|
||||
[HostSailor](https://hostsailor.com),"USA","Yes, based on ticket","Yes","The IPv6 setup needs custom research and is not documented","05/2024"
|
||||
|
@@ -1,25 +0,0 @@
|
||||
# Where to host your `nym-node`?
|
||||
|
||||
```admonish info
|
||||
The entire content of this page is under [Creative Commons Attribution 4.0 International Public License](https://creativecommons.org/licenses/by/4.0/).
|
||||
```
|
||||
|
||||
Inspired by a valuable resource, done by Tor community - [*Good Bad ISPs*](https://community.torproject.org/relay/community-resources/good-bad-isps/), LunarDAO squad initiated a table customised for Nym Exit Gateways operators.
|
||||
|
||||
This ISP list is fully managed by Nym operator community and it serves as a space to share their experience of running Exit Gateways on various Internet Service Providers (ISPs). The ISPs greatly differ in regards to services they offer as well as to their openess of hosting exit routing software.
|
||||
|
||||
Please share any experiences running a node like policies, complains, legal issues and solutions, discrepancy between offers and reality (bandwidth, IP range, locations) or anything regarding pricing or customer support.
|
||||
|
||||
If you came across any legal findings, please share them in our [list of jurisdictions](jurisdictions.md).
|
||||
|
||||
While we trust that Nym node operators are honest, we would like to ask everyone to do your own research.
|
||||
|
||||
```admonish caution title=""
|
||||
To edit or add information to the ISP list, make changes to the csv file located [here](https://github.com/nymtech/nym/blob/develop/documentation/operators/src/data/isp-sheet.csv) and submit your edits as a pull request according to [this guide](add-content.md).
|
||||
```
|
||||
|
||||
```admonish note title=""
|
||||
As of now the list is quite short. When it grows, we can divide it according the localities of the listed ISPs.
|
||||
```
|
||||
|
||||
<!--cmdrun python3 ../../../scripts/csv2md.py ../data/isp-sheet.csv -s 0 -->
|
||||
@@ -148,8 +148,8 @@ Options:
|
||||
Specifies whether the wireguard service is enabled on this node [env: NYMNODE_WG_ENABLED=] [possible values: true, false]
|
||||
--wireguard-bind-address <WIREGUARD_BIND_ADDRESS>
|
||||
Socket address this node will use for binding its wireguard interface. default: `0.0.0.0:51822` [env: NYMNODE_WG_BIND_ADDRESS=]
|
||||
--wireguard-private-network-ip <WIREGUARD_PRIVATE_NETWORK_IP>
|
||||
Ip address of the private wireguard network. default: `10.1.0.0` [env: NYMNODE_WG_IP_NETWORK=]
|
||||
--wireguard-private-gw-ip <WIREGUARD_PRIVATE_IP>
|
||||
Private IP address of the wireguard gateway. default: `10.1.0.1` [env: NYMNODE_WG_IP=]
|
||||
--wireguard-announced-port <WIREGUARD_ANNOUNCED_PORT>
|
||||
Port announced to external clients wishing to connect to the wireguard interface. Useful in the instances where the node is behind a proxy [env: NYMNODE_WG_ANNOUNCED_PORT=]
|
||||
--wireguard-private-network-prefix <WIREGUARD_PRIVATE_NETWORK_PREFIX>
|
||||
|
||||
@@ -10,9 +10,9 @@ A suboptimally configured VPS often results in a non-functional node. To follow
|
||||
|
||||
You will need to rent a VPS to run your node on. One key reason for this is that your node **must be able to send TCP data using both IPv4 and IPv6** (as other nodes you talk to may use either protocol).
|
||||
|
||||
Tor community created a very helpful table called [*Good Bad ISPs*](https://community.torproject.org/relay/community-resources/good-bad-isps/), you can use that one as a guideline for your choice of ISP for your VPS.
|
||||
Tor community created a very helpful table called [*Good Bad ISPs*](https://community.torproject.org/relay/community-resources/good-bad-isps/), use that one as a guideline for your choice of ISP for your VPS.
|
||||
|
||||
**Update:** Nym community started an ISP table called [*Where to host your nym node?*](../legal/isp-list.md), check it out and add your findings!
|
||||
Currently we run [performance testing](../testing/performance.md) events to find out the best optimization. Sphinx packet decryption is CPU-bound, so more fast cores the better throughput.
|
||||
|
||||
### `nym-node`
|
||||
|
||||
|
||||
@@ -1,79 +0,0 @@
|
||||
# Nym Gateway Probe
|
||||
|
||||
Nym Node operators running Gateway functionality are already familiar with the monitoring tool [Harbourmaster.nymtech.net](https://harbourmaster.nymtech.net). Under the hood of Nym Harbourmaster runs iterations of `nym-gateway-probe` doing various checks and displaying the results on the interface. Operators don't have to rely on the probe ran by Nym and wait for the data to refresh. With `nym-gateway-probe` everyone can check any Gateway's networking status from their own computer at any time. In one command the client queries data from:
|
||||
|
||||
- [`nym-api`](https://validator.nymtech.net/api/)
|
||||
- [`explorer-api`](https://explorer.nymtech.net/api/)
|
||||
- [`harbour-master`](https://harbourmaster.nymtech.net/)
|
||||
|
||||
|
||||
## Preparation
|
||||
|
||||
We recommend to have install all [the prerequisites](../binaries/building-nym.md#prerequisites) needed to build `nym-node` from source including latest [Rust Toolchain](https://www.rust-lang.org/tools/install).
|
||||
|
||||
## Installation
|
||||
|
||||
`nym-gateway-probe` source code is in [`nym-vpn-client`](https://github.com/nymtech/nym-vpn-client) repository. The client needs to be build from source.
|
||||
|
||||
1. Clone the repository:
|
||||
|
||||
```sh
|
||||
git clone https://github.com/nymtech/nym-vpn-client.git
|
||||
```
|
||||
|
||||
2. Build `nym-gateway-probe`:
|
||||
|
||||
```sh
|
||||
cd nym-vpn-client
|
||||
|
||||
cargo build --release -p nym-gateway-probe
|
||||
```
|
||||
|
||||
## Running the client
|
||||
|
||||
```sh
|
||||
./target/release/nym-gateway-probe --help
|
||||
```
|
||||
~~~admonish collapsible=true
|
||||
```
|
||||
Usage: nym-gateway-probe [OPTIONS]
|
||||
|
||||
Options:
|
||||
-c, --config-env-file <CONFIG_ENV_FILE> Path pointing to an env file describing the network
|
||||
-g, --gateway <GATEWAY>
|
||||
-n, --no-log
|
||||
-h, --help Print help
|
||||
-V, --version Print version
|
||||
|
||||
```
|
||||
~~~
|
||||
|
||||
To run the client, simply add a flag `--gateway` with a targeted gateway identity key.
|
||||
|
||||
```sh
|
||||
./target/release/nym-gateway-probe --gateway <GATEWAY_IDENTITY_KEY>
|
||||
```
|
||||
|
||||
For any `nym-node --mode exit-gateway` the aim is to have this outcome:
|
||||
```sh
|
||||
{
|
||||
"gateway": "<GATEWAY_IDENTITY_KEY>",
|
||||
"outcome": {
|
||||
"as_entry": {
|
||||
"can_connect": true,
|
||||
"can_route": true
|
||||
},
|
||||
"as_exit": {
|
||||
"can_connect": true,
|
||||
"can_route_ip_v4": true,
|
||||
"can_route_ip_external_v4": true,
|
||||
"can_route_ip_v6": true,
|
||||
"can_route_ip_external_v6": true
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
If you don't provide a `--gateway` flag it will pick a random one to test.
|
||||
|
||||
|
||||
@@ -1,14 +1,10 @@
|
||||
# Node Setup for Performance Testing Event
|
||||
|
||||
```admonish info
|
||||
For the moment we paused Fast and Furious `perf` environment. Nym Mainnet environment will be used for future tests, please wait for further instructions.
|
||||
```
|
||||
|
||||
To join the [Performance testing event]({{performance_testing_webpage}}) node operators need to do proceed with the following tasks:
|
||||
|
||||
1. **[Sign their node]({{performance_testing_webpage}}) into the testing environment**
|
||||
2. **[Configure their node](#node-configuration) for the test**
|
||||
3. (*Not mandatory*) [Setup metric monitoring system](performance.md#monitoring) to observe node performance at any time
|
||||
3. (*Not mandatory*) [Setup metric monitoring system](templates.md) to observe node performance at any time
|
||||
|
||||
## Node Configuration
|
||||
|
||||
|
||||
@@ -1,34 +1,8 @@
|
||||
# Performance Monitoring & Testing
|
||||
# Performance Testing
|
||||
|
||||
Nym Mixnet has been running on mainnet for quite some time. There is still work to be done in order for the network to meet its full potential - mass adoption of privacy through fully distributed Mixnet.
|
||||
> To configure your node for a testing event, visit [node setup page](node-setup.md).
|
||||
|
||||
As developers we need to be constantly improving the software. Operators have as much important role, keep their nodes up to date, monitor their performance and share their feedback with the rest of the community and core developers.
|
||||
|
||||
Therefore [monitoring](#monitoring) and [testing](#testing) are essential pieces of our common work. We call out all Nym operators to join the efforts!
|
||||
|
||||
## Monitoring
|
||||
|
||||
There are multiple ways to monitor performance of nodes and the machines on which they run. For the purpose of maximal privacy and decentralisation of the data - preventing Nym Mixnet from any global adversary takeover - we created these pages as a source of mutual empowerment, a place where operators can share and learn new skills to **setup metrics monitors on their own infrastructure**.
|
||||
|
||||
### Guides to Setup Own Metrics
|
||||
|
||||
A list of different scripts, templates and guides for easier navigation:
|
||||
|
||||
* [`nym-gateway-probe`](gateway-probe.md) - a useful tool used under the hood of [harbourmaster.nymtech.net](https://harbourmaster.nymtech.net)
|
||||
* [Prometheus and Grafana](prometheus-grafana.md) self-hosted setup
|
||||
* [Nym-node CPU cron service](https://gist.github.com/tommyv1987/97e939a7adf491333d686a8eaa68d4bd) - an easy bash script by Nym core developer [@tommy1987](https://gist.github.com/tommyv1987), designed to monitor a CPU usage of your node, running locally
|
||||
* Nym's script [`prom_targets.py`](https://github.com/nymtech/nym/blob/develop/scripts/prom_targets.py) - a useful python program to request data from API and can be run on its own or plugged to more sophisticated flows
|
||||
|
||||
### Collecting Testing Metrics
|
||||
|
||||
For the purpose of the performance testing Nym core developers plan to run instances of Prometheus and Grafana connected to Node explorer in the house. The network overall key insights we seek from these tests are primarily internal. We're focused on pinpointing bottlenecks, capacity loads, and monitoring cpu usage on the nodes' machines.
|
||||
|
||||
|
||||
## Testing
|
||||
|
||||
```admonish info
|
||||
For the moment we paused Fast and Furious `perf` environment. Nym Mainnet environment will be used for future tests, please wait for further instructions.
|
||||
```
|
||||
Nym Mixnet has been running on mainnet for quite some time. There is still work to be done in order for the network to meet its full potential - mass adoption of privacy through fully distributed Mixnet.
|
||||
|
||||
Nym asks its decentralised community of operators to join a series of performance testing events in order to **increase the overall quality of the Mixnet**. The main takeaways of such event are:
|
||||
|
||||
@@ -47,7 +21,7 @@ Visit [Fast and Furious web page]({{performance_testing_webpage}}) and [Nym Harb
|
||||
|
||||
* Nym runs a paralel network environment [validator.performance.nymte.ch]({{performance_validator}}) with a chain ID `perf`
|
||||
* Operators of Nym Nodes join by following easy steps on [performance testing web page]({{performance_testing_webpage}}), including simplified node authentication signature (while keep running their nodes on the mainnet)
|
||||
* Once signed in, operators will be asked to swap their binary for the modified version with metrics endpoint to be able to connect their own [monitoring system](#monitoring)
|
||||
* Once signed in, operators will be asked to swap their binary for the modified version with metrics endpoint to be able to connect their own [monitoring system](templates.md)
|
||||
* Core node data will be fed to a unique mixnet contract for the `perf` side chain
|
||||
* Nym starts a new API and start packet transition in high load through these nodes in both settings
|
||||
* Nym tracks packet flow using Prometheus and Grafana
|
||||
@@ -57,5 +31,4 @@ Visit [Fast and Furious web page]({{performance_testing_webpage}}) and [Nym Harb
|
||||
## More Information
|
||||
|
||||
* What happens after the test or what operators get for participating is shared up to date on the [performance testing web page]({{performance_testing_webpage}})
|
||||
|
||||
|
||||
* Visit our guides to [setup metrics template](templates.md) and learn how to operate them in self-custodial way
|
||||
|
||||
@@ -16,8 +16,6 @@ Begin with the steps listed in [*Connectivity Test and Configuration*](../nodes/
|
||||
2. Checkout your VPS dashboard and make sure your IPv6-public enabled.
|
||||
3. If you are able to add IPv6 address `/64` range, do it.
|
||||
|
||||
**Update:** Nym community started an ISP table called [*Where to host your nym node?*](../legal/isp-list.md), check it out and add your findings!
|
||||
|
||||

|
||||
|
||||
4. Search or ask your ISP for additional documentation related to IPv6 routing and ask them to provide you with `IPv6 IP address` and `IPv6 IP gateway address`
|
||||
|
||||
@@ -1,59 +0,0 @@
|
||||
#!/usr/bin/python3
|
||||
|
||||
"""CLI to display .csv files as markdown"""
|
||||
|
||||
import argparse
|
||||
import pandas as pd
|
||||
import sys
|
||||
import csv
|
||||
|
||||
def create_table(args):
|
||||
"""Imports csv and creates a table"""
|
||||
file = args.file
|
||||
csv = pd.read_csv(file)
|
||||
if args.sort != None:
|
||||
csv = csv.sort_values(csv.columns[args.sort])
|
||||
if args.table:
|
||||
table = csv.to_markdown(tablefmt="grid", index=args.index)
|
||||
else:
|
||||
table = csv.to_markdown(index=args.index)
|
||||
return table
|
||||
|
||||
def display_file(args):
|
||||
"""Display csv file as a table"""
|
||||
table = create_table(args)
|
||||
print(table)
|
||||
|
||||
def panic(msg):
|
||||
"""Error message print"""
|
||||
print(f"error: {msg}", file=sys.stderr)
|
||||
sys.exit(-1)
|
||||
|
||||
def parser_main():
|
||||
"""Main function initializing ArgumentParser, storing arguments and executing commands."""
|
||||
# Top level parser
|
||||
parser = argparse.ArgumentParser(
|
||||
prog='CSV2MD',
|
||||
description='''Displays .csv files in markdown''',
|
||||
epilog='''Code is power!'''
|
||||
)
|
||||
|
||||
# Parser arguments
|
||||
parser.add_argument("-V","--version", action="version", version='%(prog)s 1.1.0')
|
||||
parser.add_argument("file", help="path/to/file.csv")
|
||||
parser.add_argument("-t","--table", default=False, action="store_true", help="output with a tabulate option for terminal reading - does not render in mdbook")
|
||||
parser.add_argument("-i","--index", default=False, action="store_true", help="output with an index column")
|
||||
parser.add_argument("-s","--sort", type=int, help="supply with column index to sort your output accordingly (ascending way)")
|
||||
|
||||
parser.set_defaults(func=display_file)
|
||||
args = parser.parse_args()
|
||||
|
||||
try:
|
||||
args.func(args)
|
||||
except AttributeError as e:
|
||||
msg = f"{e}.\nPlease run with --help or read the error message in case your .csv file is corrupted."
|
||||
panic(msg)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
parser_main()
|
||||
+2
-2
@@ -4,7 +4,7 @@
|
||||
[package]
|
||||
name = "nym-gateway"
|
||||
license = "GPL-3.0"
|
||||
version = "1.1.36"
|
||||
version = "1.1.37"
|
||||
authors = [
|
||||
"Dave Hrycyszyn <futurechimp@users.noreply.github.com>",
|
||||
"Jędrzej Stuczyński <andrew@nymtech.net>",
|
||||
@@ -30,7 +30,7 @@ humantime-serde = { workspace = true }
|
||||
ipnetwork = "0.16"
|
||||
log = { workspace = true }
|
||||
once_cell = "1.7.2"
|
||||
rand = { workspace = true }
|
||||
rand = "0.7"
|
||||
serde = { workspace = true, features = ["derive"] }
|
||||
serde_json = { workspace = true }
|
||||
sqlx = { workspace = true, features = [
|
||||
|
||||
@@ -15,7 +15,7 @@ bs58 = { workspace = true }
|
||||
futures = { workspace = true }
|
||||
generic-array = { workspace = true, features = ["serde"] }
|
||||
log = { workspace = true }
|
||||
rand = { workspace = true }
|
||||
rand = { version = "0.7.3", features = ["wasm-bindgen"] }
|
||||
serde = { workspace = true, features = ["derive"] }
|
||||
serde_json = { workspace = true }
|
||||
thiserror = { workspace = true }
|
||||
|
||||
@@ -82,10 +82,8 @@ impl SharedKeys {
|
||||
)
|
||||
}
|
||||
};
|
||||
let mac = compute_keyed_hmac::<GatewayIntegrityHmacAlgorithm>(
|
||||
self.mac_key().as_slice(),
|
||||
&encrypted_data,
|
||||
);
|
||||
let mac =
|
||||
compute_keyed_hmac::<GatewayIntegrityHmacAlgorithm>(self.mac_key(), &encrypted_data);
|
||||
|
||||
mac.into_bytes().into_iter().chain(encrypted_data).collect()
|
||||
}
|
||||
@@ -104,7 +102,7 @@ impl SharedKeys {
|
||||
let message_bytes = &enc_data[mac_size..];
|
||||
|
||||
if !recompute_keyed_hmac_and_verify_tag::<GatewayIntegrityHmacAlgorithm>(
|
||||
self.mac_key().as_slice(),
|
||||
self.mac_key(),
|
||||
message_bytes,
|
||||
mac_tag,
|
||||
) {
|
||||
|
||||
@@ -421,7 +421,7 @@ impl BinaryResponse {
|
||||
let message_bytes = &raw_req[mac_size..];
|
||||
|
||||
if !recompute_keyed_hmac_and_verify_tag::<GatewayIntegrityHmacAlgorithm>(
|
||||
shared_keys.mac_key().as_slice(),
|
||||
shared_keys.mac_key(),
|
||||
message_bytes,
|
||||
mac_tag,
|
||||
) {
|
||||
|
||||
@@ -84,13 +84,13 @@ fn try_upgrade_v1_1_29_config(id: &str) -> Result<bool, GatewayError> {
|
||||
}
|
||||
|
||||
fn try_upgrade_v1_1_31_config(id: &str) -> Result<bool, GatewayError> {
|
||||
// explicitly load it as v1.1.30 (which is incompatible with the current, i.e. 1.1.31+)
|
||||
// explicitly load it as v1.1.35 (which is incompatible with the current, i.e. 1.1.36+)
|
||||
let Ok(old_config) = ConfigV1_1_31::read_from_default_path(id) else {
|
||||
// if we failed to load it, there might have been nothing to upgrade
|
||||
// or maybe it was an even older file. in either way. just ignore it and carry on with our day
|
||||
return Ok(false);
|
||||
};
|
||||
info!("It seems the gateway is using <= v1.1.30 config template.");
|
||||
info!("It seems the gateway is using <= v1.1.35 config template.");
|
||||
info!("It is going to get updated to the current specification.");
|
||||
|
||||
let updated: Config = old_config.into();
|
||||
|
||||
@@ -11,7 +11,7 @@ use nym_config::{
|
||||
must_get_home, read_config_from_toml_file, save_formatted_config_to_file, NymConfigTemplate,
|
||||
DEFAULT_CONFIG_DIR, DEFAULT_CONFIG_FILENAME, DEFAULT_DATA_DIR, NYM_DIR,
|
||||
};
|
||||
use nym_network_defaults::{mainnet, DEFAULT_NYM_NODE_HTTP_PORT, WG_PORT};
|
||||
use nym_network_defaults::{mainnet, DEFAULT_NYM_NODE_HTTP_PORT};
|
||||
use serde::{Deserialize, Serialize};
|
||||
use std::io;
|
||||
use std::net::{IpAddr, Ipv4Addr, SocketAddr};
|
||||
@@ -20,7 +20,7 @@ use std::time::Duration;
|
||||
use url::Url;
|
||||
use zeroize::{Zeroize, ZeroizeOnDrop};
|
||||
|
||||
pub use crate::config::persistence::paths::{GatewayPaths, WireguardPaths};
|
||||
pub use crate::config::persistence::paths::GatewayPaths;
|
||||
|
||||
pub mod old_config_v1_1_20;
|
||||
pub mod old_config_v1_1_28;
|
||||
@@ -85,10 +85,6 @@ pub struct Config {
|
||||
|
||||
pub gateway: Gateway,
|
||||
|
||||
// currently not really used for anything useful
|
||||
#[serde(default)]
|
||||
pub wireguard: Wireguard,
|
||||
|
||||
pub storage_paths: GatewayPaths,
|
||||
|
||||
pub network_requester: NetworkRequester,
|
||||
@@ -121,7 +117,6 @@ impl Config {
|
||||
},
|
||||
http: Default::default(),
|
||||
gateway: default_gateway,
|
||||
wireguard: Default::default(),
|
||||
storage_paths: GatewayPaths::new_default(id.as_ref()),
|
||||
network_requester: Default::default(),
|
||||
ip_packet_router: Default::default(),
|
||||
@@ -135,7 +130,6 @@ impl Config {
|
||||
host: impl Into<Host>,
|
||||
http: impl Into<Http>,
|
||||
gateway: impl Into<Gateway>,
|
||||
wireguard: impl Into<Wireguard>,
|
||||
storage_paths: impl Into<GatewayPaths>,
|
||||
network_requester: impl Into<NetworkRequester>,
|
||||
ip_packet_router: impl Into<IpPacketRouter>,
|
||||
@@ -147,7 +141,6 @@ impl Config {
|
||||
host: host.into(),
|
||||
http: http.into(),
|
||||
gateway: gateway.into(),
|
||||
wireguard: wireguard.into(),
|
||||
storage_paths: storage_paths.into(),
|
||||
network_requester: network_requester.into(),
|
||||
ip_packet_router: ip_packet_router.into(),
|
||||
@@ -262,8 +255,6 @@ impl Config {
|
||||
|
||||
let http_port = self.http.bind_address.port();
|
||||
self.http.bind_address = SocketAddr::new(listening_address, http_port);
|
||||
let wg_port = self.wireguard.bind_address.port();
|
||||
self.wireguard.bind_address = SocketAddr::new(listening_address, wg_port);
|
||||
|
||||
self
|
||||
}
|
||||
@@ -347,40 +338,6 @@ impl Default for Http {
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Debug, Deserialize, PartialEq, Serialize)]
|
||||
#[serde(deny_unknown_fields)]
|
||||
pub struct Wireguard {
|
||||
/// Specifies whether the wireguard service is enabled on this node.
|
||||
pub enabled: bool,
|
||||
|
||||
/// Socket address this node will use for binding its wireguard interface.
|
||||
/// default: `0.0.0.0:51822`
|
||||
pub bind_address: SocketAddr,
|
||||
|
||||
/// Port announced to external clients wishing to connect to the wireguard interface.
|
||||
/// Useful in the instances where the node is behind a proxy.
|
||||
pub announced_port: u16,
|
||||
|
||||
/// The prefix denoting the maximum number of the clients that can be connected via Wireguard.
|
||||
/// The maximum value for IPv4 is 32 and for IPv6 is 128
|
||||
pub private_network_prefix: u8,
|
||||
|
||||
/// Paths for wireguard keys, client registries, etc.
|
||||
pub storage_paths: WireguardPaths,
|
||||
}
|
||||
|
||||
impl Default for Wireguard {
|
||||
fn default() -> Self {
|
||||
Wireguard {
|
||||
enabled: false,
|
||||
bind_address: SocketAddr::new(IpAddr::V4(Ipv4Addr::UNSPECIFIED), WG_PORT),
|
||||
announced_port: WG_PORT,
|
||||
private_network_prefix: 16,
|
||||
storage_paths: WireguardPaths {},
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// we only really care about the mnemonic being zeroized
|
||||
#[derive(Debug, Deserialize, PartialEq, Eq, Serialize, Zeroize, ZeroizeOnDrop)]
|
||||
pub struct Gateway {
|
||||
|
||||
@@ -1,8 +1,6 @@
|
||||
// Copyright 2020-2023 - Nym Technologies SA <contact@nymtech.net>
|
||||
// SPDX-License-Identifier: GPL-3.0-only
|
||||
|
||||
use crate::config::persistence::paths::{GatewayPaths, WireguardPaths};
|
||||
use nym_bin_common::logging::LoggingSettings;
|
||||
use nym_config::{
|
||||
must_get_home, read_config_from_toml_file, DEFAULT_CONFIG_DIR, DEFAULT_CONFIG_FILENAME, NYM_DIR,
|
||||
};
|
||||
@@ -14,8 +12,9 @@ use std::path::{Path, PathBuf};
|
||||
use std::time::Duration;
|
||||
use url::Url;
|
||||
|
||||
use super::persistence::paths::KeysPaths;
|
||||
use super::{Config, Debug, Gateway, Host, Http, NetworkRequester, Wireguard};
|
||||
use super::{Host, Http};
|
||||
use crate::config::persistence::paths::KeysPaths;
|
||||
use crate::config::{Config, Debug, Gateway, GatewayPaths, LoggingSettings, NetworkRequester};
|
||||
|
||||
const DEFAULT_GATEWAYS_DIR: &str = "gateways";
|
||||
|
||||
@@ -125,15 +124,6 @@ impl From<ConfigV1_1_31> for Config {
|
||||
nyxd_urls: value.gateway.nyxd_urls,
|
||||
cosmos_mnemonic: value.gateway.cosmos_mnemonic,
|
||||
},
|
||||
wireguard: Wireguard {
|
||||
enabled: value.wireguard.enabled,
|
||||
bind_address: value.wireguard.bind_address,
|
||||
announced_port: value.wireguard.announced_port,
|
||||
private_network_prefix: Default::default(),
|
||||
storage_paths: WireguardPaths {
|
||||
// no fields (yet)
|
||||
},
|
||||
},
|
||||
storage_paths: GatewayPaths {
|
||||
keys: KeysPaths {
|
||||
private_identity_key_file: value.storage_paths.keys.private_identity_key_file,
|
||||
|
||||
@@ -169,15 +169,3 @@ impl KeysPaths {
|
||||
&self.public_sphinx_key_file
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, Deserialize, PartialEq, Eq, Serialize)]
|
||||
#[serde(deny_unknown_fields)]
|
||||
pub struct WireguardPaths {
|
||||
// pub keys:
|
||||
}
|
||||
|
||||
impl WireguardPaths {
|
||||
pub fn new_empty() -> Self {
|
||||
WireguardPaths {}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -63,6 +63,17 @@ pub enum GatewayError {
|
||||
source: io::Error,
|
||||
},
|
||||
|
||||
#[error(
|
||||
"failed to load config file for wireguard (gateway-id: '{id}') using path '{}'. detailed message: {source}",
|
||||
path.display()
|
||||
)]
|
||||
WireguardConfigLoadFailure {
|
||||
id: String,
|
||||
path: PathBuf,
|
||||
#[source]
|
||||
source: io::Error,
|
||||
},
|
||||
|
||||
#[error(
|
||||
"failed to save config file for id {id} using path '{}'. detailed message: {source}", path.display()
|
||||
)]
|
||||
@@ -167,6 +178,17 @@ pub enum GatewayError {
|
||||
#[cfg(all(feature = "wireguard", target_os = "linux"))]
|
||||
#[error("failed to remove wireguard interface: {0}")]
|
||||
WireguardInterfaceError(#[from] defguard_wireguard_rs::error::WireguardInterfaceError),
|
||||
|
||||
#[cfg(all(feature = "wireguard", target_os = "linux"))]
|
||||
#[error("wireguard not set")]
|
||||
WireguardNotSet,
|
||||
|
||||
#[cfg(all(feature = "wireguard", target_os = "linux"))]
|
||||
#[error("failed to catch an interrupt: {source}")]
|
||||
StdError {
|
||||
#[source]
|
||||
source: Box<dyn std::error::Error + Send + Sync>,
|
||||
},
|
||||
}
|
||||
|
||||
impl From<ClientCoreError> for GatewayError {
|
||||
|
||||
+8
-34
@@ -4,7 +4,6 @@
|
||||
use crate::config::Config;
|
||||
use crate::error::GatewayError;
|
||||
use crate::helpers::load_public_key;
|
||||
use ipnetwork::IpNetwork;
|
||||
use log::{debug, error, warn};
|
||||
use nym_bin_common::bin_info_owned;
|
||||
use nym_crypto::asymmetric::{encryption, identity};
|
||||
@@ -12,30 +11,19 @@ use nym_network_requester::RequestFilter;
|
||||
use nym_node_http_api::api::api_requests;
|
||||
use nym_node_http_api::api::api_requests::v1::network_requester::exit_policy::models::UsedExitPolicy;
|
||||
use nym_node_http_api::api::api_requests::SignedHostInformation;
|
||||
use nym_node_http_api::router::WireguardAppState;
|
||||
use nym_node_http_api::NymNodeHttpError;
|
||||
use nym_sphinx::addressing::clients::Recipient;
|
||||
use nym_task::TaskClient;
|
||||
use nym_wireguard_types::registration::GatewayClientRegistry;
|
||||
use std::net::{IpAddr, Ipv4Addr};
|
||||
use nym_wireguard_types::WireguardGatewayData;
|
||||
use std::sync::Arc;
|
||||
|
||||
fn load_gateway_details(
|
||||
config: &Config,
|
||||
) -> Result<api_requests::v1::gateway::models::Gateway, GatewayError> {
|
||||
let wireguard = if config.wireguard.enabled {
|
||||
Some(api_requests::v1::gateway::models::Wireguard {
|
||||
port: config.wireguard.announced_port,
|
||||
public_key: "placeholder key value".to_string(),
|
||||
})
|
||||
} else {
|
||||
None
|
||||
};
|
||||
|
||||
Ok(api_requests::v1::gateway::models::Gateway {
|
||||
enforces_zk_nyms: config.gateway.only_coconut_credentials,
|
||||
client_interfaces: api_requests::v1::gateway::models::ClientInterfaces {
|
||||
wireguard,
|
||||
wireguard: None,
|
||||
mixnet_websockets: Some(api_requests::v1::gateway::models::WebSockets {
|
||||
ws_port: config.gateway.clients_port,
|
||||
wss_port: config.gateway.clients_wss_port,
|
||||
@@ -154,7 +142,7 @@ pub(crate) struct HttpApiBuilder<'a> {
|
||||
// TODO: this should be a wg specific key and not re-used sphinx
|
||||
sphinx_keypair: Arc<encryption::KeyPair>,
|
||||
|
||||
client_registry: Option<Arc<GatewayClientRegistry>>,
|
||||
wireguard_data: Option<Arc<WireguardGatewayData>>,
|
||||
}
|
||||
|
||||
impl<'a> HttpApiBuilder<'a> {
|
||||
@@ -170,7 +158,7 @@ impl<'a> HttpApiBuilder<'a> {
|
||||
exit_policy: None,
|
||||
identity_keypair,
|
||||
sphinx_keypair,
|
||||
client_registry: None,
|
||||
wireguard_data: None,
|
||||
}
|
||||
}
|
||||
|
||||
@@ -235,11 +223,11 @@ impl<'a> HttpApiBuilder<'a> {
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub(crate) fn with_wireguard_client_registry(
|
||||
pub(crate) fn with_wireguard_data(
|
||||
mut self,
|
||||
client_registry: Arc<GatewayClientRegistry>,
|
||||
wireguard_data: Option<Arc<WireguardGatewayData>>,
|
||||
) -> Self {
|
||||
self.client_registry = Some(client_registry);
|
||||
self.wireguard_data = wireguard_data;
|
||||
self
|
||||
}
|
||||
|
||||
@@ -281,22 +269,8 @@ impl<'a> HttpApiBuilder<'a> {
|
||||
)?);
|
||||
}
|
||||
|
||||
let wireguard_private_network = IpNetwork::new(
|
||||
IpAddr::from(Ipv4Addr::new(10, 1, 0, 0)),
|
||||
self.gateway_config.wireguard.private_network_prefix,
|
||||
)?;
|
||||
let wg_state = self.client_registry.and_then(|client_registry| {
|
||||
WireguardAppState::new(
|
||||
client_registry,
|
||||
Default::default(),
|
||||
self.gateway_config.wireguard.bind_address.port(),
|
||||
wireguard_private_network,
|
||||
)
|
||||
.ok()
|
||||
});
|
||||
|
||||
let bind_address = self.gateway_config.http.bind_address;
|
||||
let router = nym_node_http_api::NymNodeRouter::new(config, None, wg_state);
|
||||
let router = nym_node_http_api::NymNodeRouter::new(config, None, None);
|
||||
|
||||
tokio::spawn(async move {
|
||||
let server = match router.build_server(&bind_address).await {
|
||||
|
||||
+23
-15
@@ -16,7 +16,6 @@ use crate::node::client_handling::websocket::connection_handler::coconut::Coconu
|
||||
use crate::node::helpers::{initialise_main_storage, load_network_requester_config};
|
||||
use crate::node::mixnet_handling::receiver::connection_handler::ConnectionHandler;
|
||||
use crate::node::statistics::collector::GatewayStatisticsCollector;
|
||||
use dashmap::DashMap;
|
||||
use futures::channel::{mpsc, oneshot};
|
||||
use log::*;
|
||||
use nym_crypto::asymmetric::{encryption, identity};
|
||||
@@ -28,7 +27,7 @@ use nym_task::{TaskClient, TaskHandle, TaskManager};
|
||||
use nym_types::gateway::GatewayNodeDetailsResponse;
|
||||
use nym_validator_client::nyxd::{Coin, CosmWasmClient};
|
||||
use nym_validator_client::{nyxd, DirectSigningHttpRpcNyxdClient};
|
||||
use nym_wireguard_types::registration::GatewayClientRegistry;
|
||||
use nym_wireguard_types::WireguardGatewayData;
|
||||
use rand::seq::SliceRandom;
|
||||
use rand::thread_rng;
|
||||
use std::net::SocketAddr;
|
||||
@@ -126,9 +125,10 @@ pub struct Gateway<St = PersistentStorage> {
|
||||
|
||||
/// x25519 keypair used for Diffie-Hellman. Currently only used for sphinx key derivation.
|
||||
sphinx_keypair: Arc<encryption::KeyPair>,
|
||||
|
||||
storage: St,
|
||||
|
||||
client_registry: Arc<GatewayClientRegistry>,
|
||||
wireguard_data: Option<Arc<WireguardGatewayData>>,
|
||||
|
||||
run_http_server: bool,
|
||||
task_client: Option<TaskClient>,
|
||||
@@ -149,7 +149,7 @@ impl<St> Gateway<St> {
|
||||
config,
|
||||
network_requester_opts,
|
||||
ip_packet_router_opts,
|
||||
client_registry: Arc::new(DashMap::new()),
|
||||
wireguard_data: None,
|
||||
run_http_server: true,
|
||||
task_client: None,
|
||||
})
|
||||
@@ -170,7 +170,7 @@ impl<St> Gateway<St> {
|
||||
identity_keypair,
|
||||
sphinx_keypair,
|
||||
storage,
|
||||
client_registry: Arc::new(DashMap::new()),
|
||||
wireguard_data: None,
|
||||
run_http_server: true,
|
||||
task_client: None,
|
||||
}
|
||||
@@ -184,12 +184,14 @@ impl<St> Gateway<St> {
|
||||
self.task_client = Some(task_client)
|
||||
}
|
||||
|
||||
pub fn set_wireguard_client_registry(&mut self, client_registry: Arc<GatewayClientRegistry>) {
|
||||
pub fn set_wireguard_data(&mut self, wireguard_data: Arc<WireguardGatewayData>) {
|
||||
// sanity check:
|
||||
if Arc::strong_count(&self.client_registry) != 1 {
|
||||
panic!("the client registry is already being used elsewhere")
|
||||
if let Some(wg_data) = self.wireguard_data.as_ref() {
|
||||
if Arc::strong_count(wg_data) != 1 {
|
||||
panic!("the client registry is already being used elsewhere")
|
||||
}
|
||||
}
|
||||
self.client_registry = client_registry
|
||||
self.wireguard_data = Some(wireguard_data)
|
||||
}
|
||||
|
||||
pub async fn node_details(&self) -> Result<GatewayNodeDetailsResponse, GatewayError> {
|
||||
@@ -230,7 +232,11 @@ impl<St> Gateway<St> {
|
||||
&self,
|
||||
shutdown: TaskClient,
|
||||
) -> Result<defguard_wireguard_rs::WGApi, Box<dyn std::error::Error + Send + Sync>> {
|
||||
nym_wireguard::start_wireguard(shutdown, Arc::clone(&self.client_registry)).await
|
||||
if let Some(wireguard_data) = self.wireguard_data.as_ref() {
|
||||
nym_wireguard::start_wireguard(shutdown, Arc::clone(wireguard_data)).await
|
||||
} else {
|
||||
Err(Box::new(GatewayError::WireguardNotSet))
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(all(feature = "wireguard", not(target_os = "linux")))]
|
||||
@@ -555,7 +561,7 @@ impl<St> Gateway<St> {
|
||||
self.identity_keypair.as_ref(),
|
||||
self.sphinx_keypair.clone(),
|
||||
)
|
||||
.with_wireguard_client_registry(self.client_registry.clone())
|
||||
.with_wireguard_data(self.wireguard_data.clone())
|
||||
.with_maybe_network_requester(self.network_requester_opts.as_ref().map(|o| &o.config))
|
||||
.with_maybe_network_request_filter(nr_request_filter)
|
||||
.with_maybe_ip_packet_router(self.ip_packet_router_opts.as_ref().map(|o| &o.config))
|
||||
@@ -565,7 +571,10 @@ impl<St> Gateway<St> {
|
||||
// Once this is a bit more mature, make this a commandline flag instead of a compile time
|
||||
// flag
|
||||
#[cfg(all(feature = "wireguard", target_os = "linux"))]
|
||||
let wg_api = self.start_wireguard(shutdown.fork("wireguard")).await.ok();
|
||||
let wg_api = self
|
||||
.start_wireguard(shutdown.fork("wireguard"))
|
||||
.await
|
||||
.map_err(|source| GatewayError::StdError { source })?;
|
||||
|
||||
#[cfg(all(feature = "wireguard", not(target_os = "linux")))]
|
||||
self.start_wireguard(shutdown.fork("wireguard")).await;
|
||||
@@ -577,9 +586,8 @@ impl<St> Gateway<St> {
|
||||
return Err(GatewayError::ShutdownFailure { source });
|
||||
}
|
||||
#[cfg(all(feature = "wireguard", target_os = "linux"))]
|
||||
if let Some(wg_api) = wg_api {
|
||||
defguard_wireguard_rs::WireguardInterfaceApi::remove_interface(&wg_api)?;
|
||||
}
|
||||
defguard_wireguard_rs::WireguardInterfaceApi::remove_interface(&wg_api)?;
|
||||
|
||||
Ok(())
|
||||
}
|
||||
}
|
||||
|
||||
+1
-1
@@ -28,7 +28,7 @@ futures = { workspace = true }
|
||||
humantime-serde = { workspace = true }
|
||||
lazy_static = "1.4"
|
||||
log = { workspace = true }
|
||||
rand = { workspace = true }
|
||||
rand = "0.7.3"
|
||||
serde = { workspace = true, features = ["derive"] }
|
||||
serde_json = { workspace = true }
|
||||
sysinfo = "0.27.7"
|
||||
|
||||
@@ -141,8 +141,8 @@ mod tests {
|
||||
use nym_sphinx_params::packet_sizes::PacketSize;
|
||||
use nym_sphinx_params::PacketType;
|
||||
use nym_sphinx_types::{
|
||||
test_utils, Delay as SphinxDelay, Destination, DestinationAddressBytes, Node,
|
||||
NodeAddressBytes, DESTINATION_ADDRESS_LENGTH, IDENTIFIER_LENGTH, NODE_ADDRESS_LENGTH,
|
||||
crypto, Delay as SphinxDelay, Destination, DestinationAddressBytes, Node, NodeAddressBytes,
|
||||
DESTINATION_ADDRESS_LENGTH, IDENTIFIER_LENGTH, NODE_ADDRESS_LENGTH,
|
||||
};
|
||||
|
||||
#[derive(Default)]
|
||||
@@ -166,17 +166,17 @@ mod tests {
|
||||
}
|
||||
|
||||
fn make_valid_sphinx_packet(size: PacketSize) -> NymPacket {
|
||||
let (_, node1_pk) = test_utils::fixtures::keygen();
|
||||
let (_, node1_pk) = crypto::keygen();
|
||||
let node1 = Node::new(
|
||||
NodeAddressBytes::from_bytes([5u8; NODE_ADDRESS_LENGTH]),
|
||||
node1_pk,
|
||||
);
|
||||
let (_, node2_pk) = test_utils::fixtures::keygen();
|
||||
let (_, node2_pk) = crypto::keygen();
|
||||
let node2 = Node::new(
|
||||
NodeAddressBytes::from_bytes([4u8; NODE_ADDRESS_LENGTH]),
|
||||
node2_pk,
|
||||
);
|
||||
let (_, node3_pk) = test_utils::fixtures::keygen();
|
||||
let (_, node3_pk) = crypto::keygen();
|
||||
let node3 = Node::new(
|
||||
NodeAddressBytes::from_bytes([2u8; NODE_ADDRESS_LENGTH]),
|
||||
node3_pk,
|
||||
@@ -197,23 +197,23 @@ mod tests {
|
||||
}
|
||||
|
||||
fn make_valid_outfox_packet(size: PacketSize) -> NymPacket {
|
||||
let (_, node1_pk) = test_utils::fixtures::keygen();
|
||||
let (_, node1_pk) = crypto::keygen();
|
||||
let node1 = Node::new(
|
||||
NodeAddressBytes::from_bytes([5u8; NODE_ADDRESS_LENGTH]),
|
||||
node1_pk,
|
||||
);
|
||||
let (_, node2_pk) = test_utils::fixtures::keygen();
|
||||
let (_, node2_pk) = crypto::keygen();
|
||||
let node2 = Node::new(
|
||||
NodeAddressBytes::from_bytes([4u8; NODE_ADDRESS_LENGTH]),
|
||||
node2_pk,
|
||||
);
|
||||
let (_, node3_pk) = test_utils::fixtures::keygen();
|
||||
let (_, node3_pk) = crypto::keygen();
|
||||
let node3 = Node::new(
|
||||
NodeAddressBytes::from_bytes([2u8; NODE_ADDRESS_LENGTH]),
|
||||
node3_pk,
|
||||
);
|
||||
|
||||
let (_, node4_pk) = test_utils::fixtures::keygen();
|
||||
let (_, node4_pk) = crypto::keygen();
|
||||
let node4 = Node::new(
|
||||
NodeAddressBytes::from_bytes([2u8; NODE_ADDRESS_LENGTH]),
|
||||
node4_pk,
|
||||
|
||||
+3
-1
@@ -29,7 +29,8 @@ humantime-serde = { workspace = true }
|
||||
k256 = { version = "*", features = ["ecdsa-core"] } # needed for the Verifier trait; pull whatever version is used by other dependencies
|
||||
log = { workspace = true }
|
||||
pin-project = "1.0"
|
||||
rand = { workspace = true }
|
||||
rand = "0.8.5"
|
||||
rand-07 = { package = "rand", version = "0.7.3" } # required for compatibility
|
||||
reqwest = { workspace = true, features = ["json"] }
|
||||
rocket = { version = "0.5.0", features = ["json"] }
|
||||
rocket_cors = { version = "0.6.0" }
|
||||
@@ -124,5 +125,6 @@ tempfile = "3.3.0"
|
||||
cw3 = { workspace = true }
|
||||
cw-utils = { workspace = true }
|
||||
rand_chacha = "0.3"
|
||||
rand_chacha_02 = { package = "rand_chacha", version = "0.2" }
|
||||
sha2 = "0.9"
|
||||
|
||||
|
||||
@@ -27,6 +27,11 @@ pub fn test_rng(seed: [u8; 32]) -> ChaCha20Rng {
|
||||
ChaCha20Rng::from_seed(seed)
|
||||
}
|
||||
|
||||
pub fn test_rng_07(seed: [u8; 32]) -> rand_chacha_02::ChaCha20Rng {
|
||||
use rand_chacha_02::rand_core::SeedableRng;
|
||||
rand_chacha_02::ChaCha20Rng::from_seed(seed)
|
||||
}
|
||||
|
||||
pub fn pseudorandom_account(rng: &mut ChaCha20Rng) -> AccountId {
|
||||
let mut dummy_account_key_hash = [0u8; 32];
|
||||
rng.fill_bytes(&mut dummy_account_key_hash);
|
||||
@@ -37,8 +42,13 @@ pub fn dealer_fixture(mut rng: &mut ChaCha20Rng, id: NodeIndex) -> DealerDetails
|
||||
// we might possibly need that private key later on
|
||||
let keypair = DkgKeyPair::new(dkg::params(), &mut rng);
|
||||
|
||||
// lol, instantiate rng with an rng due to incompatibility, but even though it looks dodgy AF,
|
||||
// it's 100% deterministic
|
||||
let mut secondary_seed = [0u8; 32];
|
||||
rng.fill_bytes(&mut secondary_seed);
|
||||
|
||||
let addr = pseudorandom_account(rng);
|
||||
let identity_keypair = identity::KeyPair::new(&mut rng);
|
||||
let identity_keypair = identity::KeyPair::new(&mut test_rng_07(secondary_seed));
|
||||
let bte_public_key_with_proof = bs58::encode(&keypair.public_key().to_bytes()).into_string();
|
||||
|
||||
let port = 8080 + id;
|
||||
@@ -146,7 +156,7 @@ impl TestingDkgControllerBuilder {
|
||||
let mut secondary_seed = [0u8; 32];
|
||||
rng.fill_bytes(&mut secondary_seed);
|
||||
|
||||
let identity_keypair = identity::KeyPair::new(&mut test_rng(secondary_seed));
|
||||
let identity_keypair = identity::KeyPair::new(&mut test_rng_07(secondary_seed));
|
||||
|
||||
DealerDetails {
|
||||
address: Addr::unchecked(address.as_ref()),
|
||||
|
||||
@@ -49,8 +49,8 @@ use nym_validator_client::nyxd::Coin;
|
||||
use nym_validator_client::nyxd::{
|
||||
AccountId, Algorithm, Event, EventAttribute, ExecTxResult, Fee, Hash, TxResponse,
|
||||
};
|
||||
use rand::rngs::OsRng;
|
||||
use rand::RngCore;
|
||||
use rand_07::rngs::OsRng;
|
||||
use rand_07::RngCore;
|
||||
use rocket::http::Status;
|
||||
use rocket::local::asynchronous::Client;
|
||||
use std::collections::{BTreeMap, HashMap};
|
||||
@@ -1336,7 +1336,7 @@ struct TestFixture {
|
||||
|
||||
impl TestFixture {
|
||||
async fn new() -> Self {
|
||||
let mut rng = crate::coconut::tests::fixtures::test_rng([69u8; 32]);
|
||||
let mut rng = crate::coconut::tests::fixtures::test_rng_07([69u8; 32]);
|
||||
let params = Parameters::new(4).unwrap();
|
||||
let coconut_keypair = nym_coconut::ttp_keygen(¶ms, 1, 1).unwrap().remove(0);
|
||||
let identity = identity::KeyPair::new(&mut rng);
|
||||
|
||||
@@ -8,7 +8,7 @@ use nym_sphinx::{
|
||||
acknowledgements::AckKey, addressing::clients::Recipient, preparer::MessagePreparer,
|
||||
};
|
||||
use nym_topology::NymTopology;
|
||||
use rand::rngs::OsRng;
|
||||
use rand_07::rngs::OsRng;
|
||||
use std::time::Duration;
|
||||
|
||||
const DEFAULT_AVERAGE_PACKET_DELAY: Duration = Duration::from_millis(200);
|
||||
|
||||
@@ -73,7 +73,7 @@ impl<'a> NetworkMonitorBuilder<'a> {
|
||||
// TODO: those keys change constant throughout the whole execution of the monitor.
|
||||
// and on top of that, they are used with ALL the gateways -> presumably this should change
|
||||
// in the future
|
||||
let mut rng = rand::rngs::OsRng;
|
||||
let mut rng = rand_07::rngs::OsRng;
|
||||
|
||||
let identity_keypair = Arc::new(identity::KeyPair::new(&mut rng));
|
||||
let encryption_keypair = Arc::new(encryption::KeyPair::new(&mut rng));
|
||||
|
||||
@@ -14,7 +14,7 @@ use nym_sphinx::addressing::clients::Recipient;
|
||||
use nym_sphinx::forwarding::packet::MixPacket;
|
||||
use nym_sphinx::params::{PacketSize, PacketType};
|
||||
use nym_topology::{gateway, mix};
|
||||
use rand::{rngs::ThreadRng, seq::SliceRandom, thread_rng, Rng};
|
||||
use rand_07::{rngs::ThreadRng, seq::SliceRandom, thread_rng, Rng};
|
||||
use std::collections::{HashMap, HashSet};
|
||||
|
||||
use std::fmt::{self, Display, Formatter};
|
||||
|
||||
@@ -9,6 +9,7 @@ use crate::support::config::{
|
||||
use anyhow::{Context, Result};
|
||||
use nym_crypto::asymmetric::identity;
|
||||
use rand::rngs::OsRng;
|
||||
use rand_07::rngs::OsRng as OsRng07;
|
||||
use std::{fs, io};
|
||||
|
||||
// TODO: once we upgrade ed25519 library, we could use the same rand library and use proper
|
||||
@@ -19,7 +20,7 @@ fn init_identity_keys(config: &config::NymApiPaths) -> Result<()> {
|
||||
&config.public_identity_key_file,
|
||||
);
|
||||
|
||||
let mut rng = OsRng;
|
||||
let mut rng = OsRng07;
|
||||
let keypair = identity::KeyPair::new(&mut rng);
|
||||
nym_pemstore::store_keypair(&keypair, &keypaths)
|
||||
.context("failed to store identity keys of the nym api")?;
|
||||
|
||||
Generated
+220
-390
File diff suppressed because it is too large
Load Diff
@@ -30,24 +30,15 @@ itertools = "0.10.5"
|
||||
log = { version = "0.4", features = ["serde"] }
|
||||
pretty_env_logger = "0.4.0"
|
||||
rand = "0.8"
|
||||
reqwest = { version = "0.11.22", features = ["json", "socks"] }
|
||||
rand-07 = { package = "rand", version = "0.7.3" }
|
||||
reqwest = { version = "0.12.4", features = ["json", "socks"] }
|
||||
rust-embed = { version = "6.4.2", features = ["include-exclude"] }
|
||||
serde = { version = "1.0", features = ["derive"] }
|
||||
serde_json = "1.0"
|
||||
serde_repr = "0.1"
|
||||
tap = "1.0.1"
|
||||
# 07.07.23: JS: I changed the version from ^1.2.2 to fix up indirect import of web-sys
|
||||
tauri = { version = "1.4.1", features = [
|
||||
"clipboard-write-text",
|
||||
"macos-private-api",
|
||||
"notification-all",
|
||||
"shell-open",
|
||||
"system-tray",
|
||||
"updater",
|
||||
"window-close",
|
||||
"window-minimize",
|
||||
"window-start-dragging",
|
||||
] }
|
||||
tauri = { version = "1.4.1", features = ["clipboard-write-text", "macos-private-api", "notification-all", "shell-open", "system-tray", "updater", "window-close", "window-minimize", "window-start-dragging"] }
|
||||
#tendermint-rpc = "0.23.0"
|
||||
thiserror = "1.0"
|
||||
time = { version = "0.3.17", features = ["local-offset"] }
|
||||
|
||||
@@ -20,7 +20,7 @@ use nym_config::{
|
||||
};
|
||||
use nym_crypto::asymmetric::identity;
|
||||
use nym_socks5_client_core::config::Config as Socks5CoreConfig;
|
||||
use rand::rngs::OsRng;
|
||||
use rand_07::rngs::OsRng;
|
||||
use serde::{Deserialize, Serialize};
|
||||
use std::path::{Path, PathBuf};
|
||||
use std::{fs, io};
|
||||
@@ -214,7 +214,7 @@ pub async fn init_socks5_config(provider_address: String, chosen_gateway_id: Str
|
||||
let gateway_setup = if !already_init {
|
||||
let selection_spec =
|
||||
GatewaySelectionSpecification::new(Some(chosen_gateway_id), None, false);
|
||||
let mut rng = rand::thread_rng();
|
||||
let mut rng = rand_07::thread_rng();
|
||||
let available_gateways =
|
||||
current_gateways(&mut rng, &config.core.base.client.nym_api_urls).await?;
|
||||
GatewaySetup::New {
|
||||
|
||||
@@ -87,7 +87,7 @@ async fn select_gateway_by_latency(gateways: Vec<GatewayBondAnnotated>) -> Resul
|
||||
.filter_map(|g| g.gateway_bond.try_into().ok())
|
||||
.collect();
|
||||
|
||||
let mut rng = rand::rngs::OsRng;
|
||||
let mut rng = rand_07::rngs::OsRng;
|
||||
let selected_gateway = nym_client_core::init::helpers::choose_gateway_by_latency(
|
||||
&mut rng,
|
||||
&gateways_as_nodes,
|
||||
|
||||
+4
-1
@@ -22,7 +22,7 @@ colored = "2"
|
||||
clap = { workspace = true, features = ["cargo", "env"] }
|
||||
humantime-serde = { workspace = true }
|
||||
ipnetwork = "0.16.0"
|
||||
rand = { workspace = true }
|
||||
rand = "0.7.3"
|
||||
serde = { workspace = true, features = ["derive"] }
|
||||
serde_json.workspace = true
|
||||
thiserror.workspace = true
|
||||
@@ -60,3 +60,6 @@ nym-ip-packet-router = { path = "../service-providers/ip-packet-router" }
|
||||
[build-dependencies]
|
||||
# temporary bonding information v1 (to grab and parse nym-mixnode and nym-gateway package versions)
|
||||
cargo_metadata = "0.18.1"
|
||||
|
||||
[features]
|
||||
wireguard = ["nym-gateway/wireguard"]
|
||||
|
||||
@@ -23,7 +23,7 @@ utoipa-swagger-ui = { workspace = true, features = ["axum"] }
|
||||
|
||||
colored = "2"
|
||||
ipnetwork = "0.16"
|
||||
rand = { workspace = true }
|
||||
rand = "0.7.3"
|
||||
|
||||
# Wireguard:
|
||||
fastrand = "2"
|
||||
|
||||
+6
-5
@@ -10,7 +10,6 @@ use crate::router::types::RequestError;
|
||||
use axum::extract::{Path, Query, State};
|
||||
use axum::http::StatusCode;
|
||||
use axum::Json;
|
||||
use nym_crypto::asymmetric::encryption::PublicKey;
|
||||
use nym_node_requests::api::v1::gateway::client_interfaces::wireguard::models::{
|
||||
ClientMessage, ClientRegistrationResponse, GatewayClient, InitMessage, Nonce, PeerPublicKey,
|
||||
};
|
||||
@@ -31,7 +30,10 @@ async fn process_final_message(
|
||||
}
|
||||
};
|
||||
|
||||
if client.verify(&state.private_key, preshared_nonce).is_ok() {
|
||||
if client
|
||||
.verify(&state.keypair.private_key(), preshared_nonce)
|
||||
.is_ok()
|
||||
{
|
||||
state.registration_in_progress.remove(&client.pub_key());
|
||||
state.client_registry.insert(client.pub_key(), client);
|
||||
|
||||
@@ -86,8 +88,7 @@ pub(crate) async fn register_client(
|
||||
|
||||
match payload {
|
||||
ClientMessage::Initial(init) => {
|
||||
let remote_public = PublicKey::from_bytes(init.pub_key().as_bytes())
|
||||
.map_err(|_| RequestError::new_status(StatusCode::BAD_REQUEST))?;
|
||||
let remote_public = init.pub_key().inner();
|
||||
let nonce = process_init_message(init, state).await;
|
||||
let mut private_ip_ref = state
|
||||
.free_private_network_ips
|
||||
@@ -101,7 +102,7 @@ pub(crate) async fn register_client(
|
||||
// mark it as used, even though it's not final
|
||||
*private_ip_ref = false;
|
||||
let gateway_data = GatewayClient::new(
|
||||
&state.private_key,
|
||||
&state.keypair.private_key(),
|
||||
remote_public,
|
||||
*private_ip_ref.key(),
|
||||
nonce,
|
||||
|
||||
+7
-9
@@ -8,11 +8,11 @@ use crate::error::NymNodeHttpError;
|
||||
use axum::routing::{get, post};
|
||||
use axum::Router;
|
||||
use ipnetwork::IpNetwork;
|
||||
use nym_crypto::asymmetric::encryption::PrivateKey;
|
||||
use nym_crypto::asymmetric::x25519::KeyPair;
|
||||
use nym_node_requests::routes::api::v1::gateway::client_interfaces::wireguard;
|
||||
use nym_wireguard::setup;
|
||||
use nym_wireguard_types::registration::PrivateIPs;
|
||||
use nym_wireguard_types::registration::{GatewayClientRegistry, PendingRegistrations};
|
||||
use nym_wireguard_types::WireguardGatewayData;
|
||||
use std::sync::Arc;
|
||||
|
||||
pub(crate) mod client_registry;
|
||||
@@ -27,17 +27,15 @@ pub struct WireguardAppState {
|
||||
|
||||
impl WireguardAppState {
|
||||
pub fn new(
|
||||
client_registry: Arc<GatewayClientRegistry>,
|
||||
wireguard_gateway_data: &WireguardGatewayData,
|
||||
registration_in_progress: Arc<PendingRegistrations>,
|
||||
binding_port: u16,
|
||||
private_ip_network: IpNetwork,
|
||||
) -> Result<Self, NymNodeHttpError> {
|
||||
Ok(WireguardAppState {
|
||||
inner: Some(WireguardAppStateInner {
|
||||
private_key: Arc::new(PrivateKey::from_bytes(
|
||||
setup::server_static_private_key().as_ref(),
|
||||
)?),
|
||||
client_registry,
|
||||
keypair: wireguard_gateway_data.keypair().clone(),
|
||||
client_registry: wireguard_gateway_data.client_registry().clone(),
|
||||
registration_in_progress,
|
||||
binding_port,
|
||||
free_private_network_ips: Arc::new(
|
||||
@@ -83,7 +81,7 @@ macro_rules! get_state {
|
||||
|
||||
#[derive(Clone)]
|
||||
pub(crate) struct WireguardAppStateInner {
|
||||
private_key: Arc<PrivateKey>,
|
||||
keypair: Arc<KeyPair>,
|
||||
client_registry: Arc<GatewayClientRegistry>,
|
||||
registration_in_progress: Arc<PendingRegistrations>,
|
||||
binding_port: u16,
|
||||
@@ -168,7 +166,7 @@ mod test {
|
||||
let state = WireguardAppState {
|
||||
inner: Some(WireguardAppStateInner {
|
||||
client_registry: Arc::clone(&client_registry),
|
||||
private_key: Arc::new(gateway_private_key),
|
||||
keypair: Arc::new(gateway_private_key),
|
||||
registration_in_progress: Arc::clone(®istration_in_progress),
|
||||
binding_port: 8080,
|
||||
free_private_network_ips,
|
||||
|
||||
@@ -36,7 +36,7 @@ nym-bin-common = { path = "../../common/bin-common", features = ["bin_info_schem
|
||||
|
||||
[dev-dependencies]
|
||||
tokio = { workspace = true, features = ["full"] }
|
||||
rand_chacha = "0.3"
|
||||
rand_chacha = "0.2"
|
||||
nym-crypto = { path = "../../common/crypto", features = ["rand"] }
|
||||
|
||||
|
||||
|
||||
@@ -18,8 +18,8 @@ use nym_mixnode::MixnodeError;
|
||||
use nym_network_requester::{CustomGatewayDetails, GatewayDetails};
|
||||
use nym_node::config;
|
||||
use nym_node::config::mixnode::DEFAULT_VERLOC_PORT;
|
||||
use nym_node::config::Config;
|
||||
use nym_node::config::{default_config_filepath, ConfigBuilder, NodeMode};
|
||||
use nym_node::config::{Config, DEFAULT_WIREGUARD_NETWORK_IP};
|
||||
use nym_node::error::{EntryGatewayError, ExitGatewayError, NymNodeError};
|
||||
use nym_node_http_api::api::api_requests::v1::node::models::NodeDescription;
|
||||
use rand::rngs::OsRng;
|
||||
@@ -400,15 +400,6 @@ async fn migrate_gateway(mut args: Args) -> Result<(), NymNodeError> {
|
||||
},
|
||||
..config::MixnodeConfig::new_default()
|
||||
}))
|
||||
.with_wireguard(args.wireguard.override_config_section(config::Wireguard {
|
||||
enabled: cfg.wireguard.enabled,
|
||||
bind_address: cfg.wireguard.bind_address,
|
||||
private_network_ip: DEFAULT_WIREGUARD_NETWORK_IP,
|
||||
announced_port: cfg.wireguard.announced_port,
|
||||
private_network_prefix: cfg.wireguard.private_network_prefix,
|
||||
// this is fine as currently the paths stored inside gateway itself are empty
|
||||
storage_paths: config::persistence::WireguardPaths::new(&data_dir),
|
||||
}))
|
||||
.with_entry_gateway(args.entry_gateway.override_config_section(
|
||||
config::EntryGatewayConfig {
|
||||
storage_paths: config::persistence::EntryGatewayPaths::new(&data_dir),
|
||||
@@ -606,6 +597,8 @@ async fn migrate_gateway(mut args: Args) -> Result<(), NymNodeError> {
|
||||
.await?;
|
||||
}
|
||||
|
||||
crate::node::WireguardData::initialise(&config.wireguard)?;
|
||||
|
||||
save_node_description(
|
||||
&config.storage_paths.description,
|
||||
&NodeDescription::default(),
|
||||
|
||||
@@ -253,13 +253,13 @@ pub(crate) struct WireguardArgs {
|
||||
)]
|
||||
pub(crate) wireguard_bind_address: Option<SocketAddr>,
|
||||
|
||||
/// Ip address of the private wireguard network.
|
||||
/// default: `10.1.0.0`
|
||||
/// Private IP address of the wireguard gateway.
|
||||
/// default: `10.1.0.1`
|
||||
#[clap(
|
||||
long,
|
||||
env = NYMNODE_WG_IP_NETWORK_ARG,
|
||||
env = NYMNODE_WG_IP_ARG,
|
||||
)]
|
||||
pub(crate) wireguard_private_network_ip: Option<IpAddr>,
|
||||
pub(crate) wireguard_private_ip: Option<IpAddr>,
|
||||
|
||||
/// Port announced to external clients wishing to connect to the wireguard interface.
|
||||
/// Useful in the instances where the node is behind a proxy.
|
||||
@@ -300,8 +300,8 @@ impl WireguardArgs {
|
||||
section.announced_port = announced_port
|
||||
}
|
||||
|
||||
if let Some(private_network_ip) = self.wireguard_private_network_ip {
|
||||
section.private_network_ip = private_network_ip
|
||||
if let Some(private_ip) = self.wireguard_private_ip {
|
||||
section.private_ip = private_ip
|
||||
}
|
||||
|
||||
if let Some(private_network_prefix) = self.wireguard_private_network_prefix {
|
||||
|
||||
@@ -13,6 +13,8 @@ use serde::{Deserialize, Serialize};
|
||||
use std::path::Path;
|
||||
use url::Url;
|
||||
|
||||
use super::LocalWireguardOpts;
|
||||
|
||||
#[derive(Debug, Clone, Serialize, Deserialize)]
|
||||
#[serde(deny_unknown_fields)]
|
||||
pub struct ExitGatewayConfig {
|
||||
@@ -136,6 +138,7 @@ pub struct EphemeralConfig {
|
||||
pub gateway: nym_gateway::config::Config,
|
||||
pub nr_opts: LocalNetworkRequesterOpts,
|
||||
pub ipr_opts: LocalIpPacketRouterOpts,
|
||||
pub wg_opts: LocalWireguardOpts,
|
||||
}
|
||||
|
||||
fn base_client_config(config: &Config) -> nym_client_core_config_types::Client {
|
||||
@@ -241,6 +244,18 @@ pub fn ephemeral_exit_gateway_config(
|
||||
let ipr_enabled = config.exit_gateway.ip_packet_router.debug.enabled;
|
||||
let nr_enabled = config.exit_gateway.network_requester.debug.enabled;
|
||||
|
||||
let wg_opts = LocalWireguardOpts {
|
||||
config: super::Wireguard {
|
||||
enabled: config.wireguard.enabled,
|
||||
bind_address: config.wireguard.bind_address,
|
||||
private_ip: config.wireguard.private_ip,
|
||||
announced_port: config.wireguard.announced_port,
|
||||
private_network_prefix: config.wireguard.private_network_prefix,
|
||||
storage_paths: config.wireguard.storage_paths.clone(),
|
||||
},
|
||||
custom_mixnet_path: None,
|
||||
};
|
||||
|
||||
let mut gateway = ephemeral_gateway_config(config, mnemonic)?;
|
||||
gateway.ip_packet_router.enabled = ipr_enabled;
|
||||
gateway.network_requester.enabled = nr_enabled;
|
||||
@@ -253,6 +268,7 @@ pub fn ephemeral_exit_gateway_config(
|
||||
Ok(EphemeralConfig {
|
||||
nr_opts,
|
||||
ipr_opts,
|
||||
wg_opts,
|
||||
gateway,
|
||||
})
|
||||
}
|
||||
|
||||
@@ -57,19 +57,10 @@ pub fn ephemeral_gateway_config(
|
||||
cosmos_mnemonic: mnemonic.clone(),
|
||||
};
|
||||
|
||||
let wireguard = nym_gateway::config::Wireguard {
|
||||
enabled: config.wireguard.enabled,
|
||||
bind_address: config.wireguard.bind_address,
|
||||
announced_port: config.wireguard.announced_port,
|
||||
private_network_prefix: config.wireguard.private_network_prefix,
|
||||
storage_paths: nym_gateway::config::WireguardPaths::new_empty(),
|
||||
};
|
||||
|
||||
Ok(nym_gateway::config::Config::externally_loaded(
|
||||
host,
|
||||
http,
|
||||
gateway,
|
||||
wireguard,
|
||||
nym_gateway::config::GatewayPaths::new_empty(),
|
||||
nym_gateway::config::NetworkRequester { enabled: false },
|
||||
nym_gateway::config::IpPacketRouter { enabled: false },
|
||||
|
||||
@@ -40,7 +40,7 @@ pub use crate::config::mixnode::MixnodeConfig;
|
||||
const DEFAULT_NYMNODES_DIR: &str = "nym-nodes";
|
||||
|
||||
pub const DEFAULT_WIREGUARD_PORT: u16 = WG_PORT;
|
||||
pub const DEFAULT_WIREGUARD_NETWORK_IP: IpAddr = IpAddr::V4(Ipv4Addr::new(10, 1, 0, 0));
|
||||
pub const DEFAULT_WIREGUARD_IP: IpAddr = IpAddr::V4(Ipv4Addr::new(10, 1, 0, 1));
|
||||
pub const DEFAULT_WIREGUARD_PREFIX: u8 = 16;
|
||||
pub const DEFAULT_HTTP_PORT: u16 = DEFAULT_NYM_NODE_HTTP_PORT;
|
||||
pub const DEFAULT_MIXNET_PORT: u16 = DEFAULT_MIX_LISTENING_PORT;
|
||||
@@ -500,9 +500,9 @@ pub struct Wireguard {
|
||||
/// default: `0.0.0.0:51822`
|
||||
pub bind_address: SocketAddr,
|
||||
|
||||
/// Ip address of the private wireguard network.
|
||||
/// default: `10.1.0.0`
|
||||
pub private_network_ip: IpAddr,
|
||||
/// Private IP address of the wireguard gateway.
|
||||
/// default: `10.1.0.1`
|
||||
pub private_ip: IpAddr,
|
||||
|
||||
/// Port announced to external clients wishing to connect to the wireguard interface.
|
||||
/// Useful in the instances where the node is behind a proxy.
|
||||
@@ -524,10 +524,28 @@ impl Wireguard {
|
||||
IpAddr::V4(Ipv4Addr::UNSPECIFIED),
|
||||
DEFAULT_WIREGUARD_PORT,
|
||||
),
|
||||
private_network_ip: DEFAULT_WIREGUARD_NETWORK_IP,
|
||||
private_ip: DEFAULT_WIREGUARD_IP,
|
||||
announced_port: DEFAULT_WIREGUARD_PORT,
|
||||
private_network_prefix: DEFAULT_WIREGUARD_PREFIX,
|
||||
storage_paths: persistence::WireguardPaths::new(data_dir),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl Into<nym_wireguard_types::Config> for Wireguard {
|
||||
fn into(self) -> nym_wireguard_types::Config {
|
||||
nym_wireguard_types::Config {
|
||||
bind_address: self.bind_address,
|
||||
private_ip: self.private_ip,
|
||||
announced_port: self.announced_port,
|
||||
private_network_prefix: self.private_network_prefix,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone)]
|
||||
pub struct LocalWireguardOpts {
|
||||
pub config: Wireguard,
|
||||
|
||||
pub custom_mixnet_path: Option<PathBuf>,
|
||||
}
|
||||
|
||||
@@ -43,6 +43,10 @@ pub const DEFAULT_IPR_ACK_KEY_FILENAME: &str = "aes128ctr_ipr_ack";
|
||||
pub const DEFAULT_IPR_REPLY_SURB_DB_FILENAME: &str = "ipr_persistent_reply_store.sqlite";
|
||||
pub const DEFAULT_IPR_GATEWAYS_DB_FILENAME: &str = "ipr_gateways_info_store.sqlite";
|
||||
|
||||
// Wireguard
|
||||
pub const DEFAULT_X25519_WG_DH_KEY_FILENAME: &str = "x25519_wg_dh";
|
||||
pub const DEFAULT_X25519_WG_PUBLIC_DH_KEY_FILENAME: &str = "x25519_wg_dh.pub";
|
||||
|
||||
#[derive(Debug, Clone, Deserialize, PartialEq, Eq, Serialize)]
|
||||
#[serde(deny_unknown_fields)]
|
||||
pub struct NymNodePaths {
|
||||
@@ -366,11 +370,23 @@ impl ExitGatewayPaths {
|
||||
#[derive(Debug, Clone, Deserialize, PartialEq, Eq, Serialize)]
|
||||
#[serde(deny_unknown_fields)]
|
||||
pub struct WireguardPaths {
|
||||
// pub keys:
|
||||
pub private_diffie_hellman_key_file: PathBuf,
|
||||
pub public_diffie_hellman_key_file: PathBuf,
|
||||
}
|
||||
|
||||
impl WireguardPaths {
|
||||
pub fn new<P: AsRef<Path>>(_data_dir: P) -> Self {
|
||||
WireguardPaths {}
|
||||
pub fn new<P: AsRef<Path>>(data_dir: P) -> Self {
|
||||
let data_dir = data_dir.as_ref();
|
||||
WireguardPaths {
|
||||
private_diffie_hellman_key_file: data_dir.join(DEFAULT_X25519_WG_DH_KEY_FILENAME),
|
||||
public_diffie_hellman_key_file: data_dir.join(DEFAULT_X25519_WG_PUBLIC_DH_KEY_FILENAME),
|
||||
}
|
||||
}
|
||||
|
||||
pub fn x25519_wireguard_storage_paths(&self) -> nym_pemstore::KeyPairPath {
|
||||
nym_pemstore::KeyPairPath::new(
|
||||
&self.private_diffie_hellman_key_file,
|
||||
&self.public_diffie_hellman_key_file,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -115,9 +115,9 @@ enabled = {{ wireguard.enabled }}
|
||||
# default: `0.0.0.0:51822`
|
||||
bind_address = '{{ wireguard.bind_address }}'
|
||||
|
||||
# Ip address of the private wireguard network.
|
||||
# default: `10.1.0.0`
|
||||
private_network_ip = '{{ wireguard.private_network_ip }}'
|
||||
# Private IP address of the wireguard gateway.
|
||||
# default: `10.1.0.1`
|
||||
private_ip = '{{ wireguard.private_ip }}'
|
||||
|
||||
# Port announced to external clients wishing to connect to the wireguard interface.
|
||||
# Useful in the instances where the node is behind a proxy.
|
||||
@@ -127,9 +127,12 @@ announced_port = {{ wireguard.announced_port }}
|
||||
# The maximum value for IPv4 is 32 and for IPv6 is 128
|
||||
private_network_prefix = {{ wireguard.private_network_prefix }}
|
||||
|
||||
# Paths for wireguard keys, client registries, etc.
|
||||
[wireguard.storage_paths]
|
||||
# currently empty
|
||||
# Path to file containing wireguard x25519 diffie hellman private key.
|
||||
private_diffie_hellman_key_file = '{{ wireguard.storage_paths.private_diffie_hellman_key_file }}'
|
||||
|
||||
# Path to file containing wireguard x25519 diffie hellman public key.
|
||||
public_diffie_hellman_key_file = '{{ wireguard.storage_paths.public_diffie_hellman_key_file }}'
|
||||
|
||||
|
||||
##### mixnode mode nym-node config options #####
|
||||
|
||||
+1
-1
@@ -40,7 +40,7 @@ pub mod vars {
|
||||
// wireguard:
|
||||
pub const NYMNODE_WG_ENABLED_ARG: &str = "NYMNODE_WG_ENABLED";
|
||||
pub const NYMNODE_WG_BIND_ADDRESS_ARG: &str = "NYMNODE_WG_BIND_ADDRESS";
|
||||
pub const NYMNODE_WG_IP_NETWORK_ARG: &str = "NYMNODE_WG_IP_NETWORK";
|
||||
pub const NYMNODE_WG_IP_ARG: &str = "NYMNODE_WG_IP";
|
||||
pub const NYMNODE_WG_ANNOUNCED_PORT_ARG: &str = "NYMNODE_WG_ANNOUNCED_PORT";
|
||||
pub const NYMNODE_WG_PRIVATE_NETWORK_PREFIX_ARG: &str = "NYMNODE_WG_PRIVATE_NETWORK_PREFIX";
|
||||
|
||||
|
||||
@@ -34,6 +34,7 @@ pub(crate) struct DisplayDetails {
|
||||
pub(crate) ed25519_identity_key: String,
|
||||
pub(crate) x25519_sphinx_key: String,
|
||||
pub(crate) x25519_noise_key: String,
|
||||
pub(crate) x25519_wireguard_key: String,
|
||||
|
||||
pub(crate) exit_network_requester_address: String,
|
||||
pub(crate) exit_ip_packet_router_address: String,
|
||||
@@ -139,6 +140,12 @@ pub(crate) fn load_x25519_noise_keypair(
|
||||
Ok(load_keypair(paths, "x25519-noise")?)
|
||||
}
|
||||
|
||||
pub(crate) fn load_x25519_wireguard_keypair(
|
||||
paths: KeyPairPath,
|
||||
) -> Result<x25519::KeyPair, NymNodeError> {
|
||||
Ok(load_keypair(paths, "x25519-wireguard")?)
|
||||
}
|
||||
|
||||
pub(crate) fn load_x25519_sphinx_public_key<P: AsRef<Path>>(
|
||||
path: P,
|
||||
) -> Result<x25519::PublicKey, NymNodeError> {
|
||||
|
||||
+69
-10
@@ -20,7 +20,9 @@ use nym_network_requester::{
|
||||
use nym_node::config::entry_gateway::ephemeral_entry_gateway_config;
|
||||
use nym_node::config::exit_gateway::ephemeral_exit_gateway_config;
|
||||
use nym_node::config::mixnode::ephemeral_mixnode_config;
|
||||
use nym_node::config::{Config, EntryGatewayConfig, ExitGatewayConfig, MixnodeConfig, NodeMode};
|
||||
use nym_node::config::{
|
||||
Config, EntryGatewayConfig, ExitGatewayConfig, MixnodeConfig, NodeMode, Wireguard,
|
||||
};
|
||||
use nym_node::error::{EntryGatewayError, ExitGatewayError, MixnodeError, NymNodeError};
|
||||
use nym_node_http_api::api::api_requests;
|
||||
use nym_node_http_api::api::api_requests::v1::node::models::NodeDescription;
|
||||
@@ -31,7 +33,7 @@ use nym_node_http_api::{NymNodeHTTPServer, NymNodeRouter};
|
||||
use nym_sphinx_acknowledgements::AckKey;
|
||||
use nym_sphinx_addressing::Recipient;
|
||||
use nym_task::{TaskClient, TaskManager};
|
||||
use nym_wireguard_types::registration::GatewayClientRegistry;
|
||||
use nym_wireguard_types::WireguardGatewayData;
|
||||
use rand::rngs::OsRng;
|
||||
use rand::{CryptoRng, RngCore};
|
||||
use std::path::Path;
|
||||
@@ -39,6 +41,8 @@ use std::sync::Arc;
|
||||
use tracing::{debug, error, info, trace};
|
||||
use zeroize::Zeroizing;
|
||||
|
||||
use self::helpers::load_x25519_wireguard_keypair;
|
||||
|
||||
pub mod bonding_information;
|
||||
pub mod description;
|
||||
pub mod helpers;
|
||||
@@ -63,7 +67,7 @@ impl MixnodeData {
|
||||
pub struct EntryGatewayData {
|
||||
mnemonic: Zeroizing<bip39::Mnemonic>,
|
||||
client_storage: nym_gateway::node::PersistentStorage,
|
||||
client_registry: Arc<GatewayClientRegistry>,
|
||||
wireguard_data: WireguardGatewayData,
|
||||
}
|
||||
|
||||
impl EntryGatewayData {
|
||||
@@ -81,7 +85,10 @@ impl EntryGatewayData {
|
||||
Ok(())
|
||||
}
|
||||
|
||||
async fn new(config: &EntryGatewayConfig) -> Result<EntryGatewayData, EntryGatewayError> {
|
||||
async fn new(
|
||||
config: &EntryGatewayConfig,
|
||||
wireguard_data: WireguardGatewayData,
|
||||
) -> Result<EntryGatewayData, EntryGatewayError> {
|
||||
Ok(EntryGatewayData {
|
||||
mnemonic: config.storage_paths.load_mnemonic_from_file()?,
|
||||
client_storage: nym_gateway::node::PersistentStorage::init(
|
||||
@@ -90,7 +97,7 @@ impl EntryGatewayData {
|
||||
)
|
||||
.await
|
||||
.map_err(nym_gateway::GatewayError::from)?,
|
||||
client_registry: Arc::new(Default::default()),
|
||||
wireguard_data: wireguard_data.clone(),
|
||||
})
|
||||
}
|
||||
}
|
||||
@@ -244,6 +251,33 @@ impl ExitGatewayData {
|
||||
}
|
||||
}
|
||||
|
||||
pub struct WireguardData {
|
||||
x25519_wireguard_keys: Arc<x25519::KeyPair>,
|
||||
}
|
||||
|
||||
impl WireguardData {
|
||||
pub(crate) fn new(config: &Wireguard) -> Result<Self, NymNodeError> {
|
||||
Ok(WireguardData {
|
||||
x25519_wireguard_keys: Arc::new(load_x25519_wireguard_keypair(
|
||||
config.storage_paths.x25519_wireguard_storage_paths(),
|
||||
)?),
|
||||
})
|
||||
}
|
||||
|
||||
pub(crate) fn initialise(config: &Wireguard) -> Result<(), ExitGatewayError> {
|
||||
let mut rng = OsRng;
|
||||
let x25519_keys = x25519::KeyPair::new(&mut rng);
|
||||
|
||||
store_keypair(
|
||||
&x25519_keys,
|
||||
config.storage_paths.x25519_wireguard_storage_paths(),
|
||||
"wg-x25519-dh",
|
||||
)?;
|
||||
|
||||
Ok(())
|
||||
}
|
||||
}
|
||||
|
||||
pub(crate) struct NymNode {
|
||||
config: Config,
|
||||
description: NodeDescription,
|
||||
@@ -259,6 +293,8 @@ pub(crate) struct NymNode {
|
||||
#[allow(dead_code)]
|
||||
exit_gateway: ExitGatewayData,
|
||||
|
||||
wireguard: WireguardData,
|
||||
|
||||
ed25519_identity_keys: Arc<ed25519::KeyPair>,
|
||||
x25519_sphinx_keys: Arc<x25519::KeyPair>,
|
||||
|
||||
@@ -314,10 +350,18 @@ impl NymNode {
|
||||
ExitGatewayData::initialise(&config.exit_gateway, *ed25519_identity_keys.public_key())
|
||||
.await?;
|
||||
|
||||
// wireguard initialisation
|
||||
WireguardData::initialise(&config.wireguard)?;
|
||||
|
||||
config.save()
|
||||
}
|
||||
|
||||
pub(crate) async fn new(config: Config) -> Result<Self, NymNodeError> {
|
||||
let wireguard_data = WireguardData::new(&config.wireguard)?;
|
||||
let wireguard_gateway_data = WireguardGatewayData::new(
|
||||
config.wireguard.clone().into(),
|
||||
wireguard_data.x25519_wireguard_keys.clone(),
|
||||
);
|
||||
Ok(NymNode {
|
||||
ed25519_identity_keys: Arc::new(load_ed25519_identity_keypair(
|
||||
config.storage_paths.keys.ed25519_identity_storage_paths(),
|
||||
@@ -331,8 +375,10 @@ impl NymNode {
|
||||
description: load_node_description(&config.storage_paths.description)?,
|
||||
verloc_stats: Default::default(),
|
||||
mixnode: MixnodeData::new(&config.mixnode)?,
|
||||
entry_gateway: EntryGatewayData::new(&config.entry_gateway).await?,
|
||||
entry_gateway: EntryGatewayData::new(&config.entry_gateway, wireguard_gateway_data)
|
||||
.await?,
|
||||
exit_gateway: ExitGatewayData::new(&config.exit_gateway)?,
|
||||
wireguard: wireguard_data,
|
||||
config,
|
||||
})
|
||||
}
|
||||
@@ -353,6 +399,10 @@ impl NymNode {
|
||||
)
|
||||
}
|
||||
|
||||
fn x25519_wireguard_key(&self) -> &x25519::PublicKey {
|
||||
self.wireguard.x25519_wireguard_keys.public_key()
|
||||
}
|
||||
|
||||
pub(crate) fn display_details(&self) -> DisplayDetails {
|
||||
DisplayDetails {
|
||||
current_mode: self.config.mode,
|
||||
@@ -360,6 +410,7 @@ impl NymNode {
|
||||
ed25519_identity_key: self.ed25519_identity_key().to_base58_string(),
|
||||
x25519_sphinx_key: self.x25519_sphinx_key().to_base58_string(),
|
||||
x25519_noise_key: self.x25519_noise_key().to_base58_string(),
|
||||
x25519_wireguard_key: self.x25519_wireguard_key().to_base58_string(),
|
||||
exit_network_requester_address: self.exit_network_requester_address().to_string(),
|
||||
exit_ip_packet_router_address: self.exit_ip_packet_router_address().to_string(),
|
||||
}
|
||||
@@ -409,6 +460,10 @@ impl NymNode {
|
||||
|
||||
let config =
|
||||
ephemeral_entry_gateway_config(self.config.clone(), &self.entry_gateway.mnemonic)?;
|
||||
let wireguard_data = Arc::new(WireguardGatewayData::new(
|
||||
self.config.wireguard.clone().into(),
|
||||
self.wireguard.x25519_wireguard_keys.clone(),
|
||||
));
|
||||
let mut entry_gateway = Gateway::new_loaded(
|
||||
config,
|
||||
None,
|
||||
@@ -419,7 +474,7 @@ impl NymNode {
|
||||
);
|
||||
entry_gateway.disable_http_server();
|
||||
entry_gateway.set_task_client(task_client);
|
||||
entry_gateway.set_wireguard_client_registry(self.entry_gateway.client_registry.clone());
|
||||
entry_gateway.set_wireguard_data(wireguard_data);
|
||||
|
||||
tokio::spawn(async move {
|
||||
if let Err(err) = entry_gateway.run().await {
|
||||
@@ -434,6 +489,10 @@ impl NymNode {
|
||||
|
||||
let config =
|
||||
ephemeral_exit_gateway_config(self.config.clone(), &self.entry_gateway.mnemonic)?;
|
||||
let wireguard_data = Arc::new(WireguardGatewayData::new(
|
||||
self.config.wireguard.clone().into(),
|
||||
self.wireguard.x25519_wireguard_keys.clone(),
|
||||
));
|
||||
|
||||
let mut exit_gateway = Gateway::new_loaded(
|
||||
config.gateway,
|
||||
@@ -445,7 +504,7 @@ impl NymNode {
|
||||
);
|
||||
exit_gateway.disable_http_server();
|
||||
exit_gateway.set_task_client(task_client);
|
||||
exit_gateway.set_wireguard_client_registry(self.entry_gateway.client_registry.clone());
|
||||
exit_gateway.set_wireguard_data(wireguard_data);
|
||||
|
||||
tokio::spawn(async move {
|
||||
if let Err(err) = exit_gateway.run().await {
|
||||
@@ -517,12 +576,12 @@ impl NymNode {
|
||||
};
|
||||
|
||||
let wireguard_private_network = IpNetwork::new(
|
||||
self.config.wireguard.private_network_ip,
|
||||
self.config.wireguard.private_ip,
|
||||
self.config.wireguard.private_network_prefix,
|
||||
)?;
|
||||
|
||||
let wg_state = WireguardAppState::new(
|
||||
self.entry_gateway.client_registry.clone(),
|
||||
&self.entry_gateway.wireguard_data,
|
||||
Default::default(),
|
||||
self.config.wireguard.bind_address.port(),
|
||||
wireguard_private_network,
|
||||
|
||||
@@ -14,12 +14,12 @@ rayon = "1.5.1"
|
||||
blake3 = "1.3"
|
||||
zeroize = "1.5"
|
||||
chacha20 = { version = "0.9.0", features = ["std"] }
|
||||
x25519-dalek = { version = "2.0.0", features = ["static_secrets"]}
|
||||
curve25519-dalek = "3.2"
|
||||
chacha20poly1305 = "0.10.1"
|
||||
getrandom = { workspace = true, features = ["js"] }
|
||||
thiserror = { workspace = true }
|
||||
sphinx-packet = "0.2.0"
|
||||
rand = { workspace = true }
|
||||
sphinx-packet = "0.1.0"
|
||||
rand = "0.7.3"
|
||||
log = "0.4"
|
||||
|
||||
[dev-dependencies]
|
||||
|
||||
+16
-18
@@ -59,7 +59,9 @@ use chacha20poly1305::ChaCha20Poly1305;
|
||||
use chacha20poly1305::KeyInit;
|
||||
|
||||
use chacha20poly1305::Tag;
|
||||
use x25519_dalek::{PublicKey, SharedSecret, StaticSecret};
|
||||
use curve25519_dalek::constants::ED25519_BASEPOINT_TABLE;
|
||||
use curve25519_dalek::montgomery::MontgomeryPoint;
|
||||
use curve25519_dalek::scalar::Scalar;
|
||||
|
||||
use std::ops::Range;
|
||||
use std::u8;
|
||||
@@ -220,12 +222,10 @@ impl MixStageParameters {
|
||||
user_secret_key: &[u8],
|
||||
node_pub_key: &[u8],
|
||||
destination: &[u8; 32],
|
||||
) -> Result<SharedSecret, OutfoxError> {
|
||||
) -> Result<MontgomeryPoint, OutfoxError> {
|
||||
let routing_data = destination;
|
||||
let node_pub_key_bytes: [u8; 32] = node_pub_key.try_into()?;
|
||||
let mix_public_key = PublicKey::from(node_pub_key_bytes);
|
||||
let user_secret_key_bytes: [u8; 32] = user_secret_key.try_into()?;
|
||||
let user_secret_key = StaticSecret::from(user_secret_key_bytes);
|
||||
let mix_public_key = MontgomeryPoint(node_pub_key.try_into()?);
|
||||
let user_secret_key = Scalar::from_bytes_mod_order(user_secret_key.try_into()?);
|
||||
|
||||
if buffer.len() != self.incoming_packet_length() {
|
||||
return Err(OutfoxError::LenMismatch {
|
||||
@@ -241,14 +241,14 @@ impl MixStageParameters {
|
||||
});
|
||||
}
|
||||
|
||||
let user_public_key = PublicKey::from(&user_secret_key);
|
||||
let shared_key = user_secret_key.diffie_hellman(&mix_public_key);
|
||||
let user_public_key = (&ED25519_BASEPOINT_TABLE * &user_secret_key).to_montgomery();
|
||||
let shared_key = user_secret_key * mix_public_key;
|
||||
|
||||
// Copy rounting data into buffer
|
||||
buffer[self.routing_data_range()].copy_from_slice(routing_data);
|
||||
|
||||
// Perform the AEAD
|
||||
let header_aead_key = ChaCha20Poly1305::new_from_slice(&shared_key.to_bytes())?;
|
||||
let header_aead_key = ChaCha20Poly1305::new_from_slice(&shared_key.0[..])?;
|
||||
let nonce = [0u8; 12];
|
||||
|
||||
let tag = header_aead_key
|
||||
@@ -259,10 +259,10 @@ impl MixStageParameters {
|
||||
buffer[self.tag_range()].copy_from_slice(&tag[..]);
|
||||
|
||||
// Copy own public key into buffer
|
||||
buffer[self.pub_element_range()].copy_from_slice(&user_public_key.to_bytes());
|
||||
buffer[self.pub_element_range()].copy_from_slice(&user_public_key.0[..]);
|
||||
|
||||
// Do a round of LION on the payload
|
||||
lion_transform_encrypt(&mut buffer[self.payload_range()], &shared_key.to_bytes())?;
|
||||
lion_transform_encrypt(&mut buffer[self.payload_range()], &shared_key.0)?;
|
||||
|
||||
Ok(shared_key)
|
||||
}
|
||||
@@ -274,8 +274,7 @@ impl MixStageParameters {
|
||||
) -> Result<Vec<u8>, OutfoxError> {
|
||||
// Check the length of the incoming buffer is correct.
|
||||
|
||||
let mix_secret_key_bytes: [u8; 32] = mix_secret_key.try_into()?;
|
||||
let mix_secret_key = StaticSecret::from(mix_secret_key_bytes);
|
||||
let mix_secret_key = Scalar::from_bytes_mod_order(mix_secret_key.try_into()?);
|
||||
|
||||
if buffer.len() != self.incoming_packet_length() {
|
||||
return Err(OutfoxError::LenMismatch {
|
||||
@@ -285,12 +284,11 @@ impl MixStageParameters {
|
||||
}
|
||||
|
||||
// Derive the shared key for this packet
|
||||
let user_public_key_bytes: [u8; 32] = buffer[self.pub_element_range()].try_into()?;
|
||||
let user_public_key = PublicKey::from(user_public_key_bytes);
|
||||
let shared_key = mix_secret_key.diffie_hellman(&user_public_key);
|
||||
let user_public_key = MontgomeryPoint(buffer[self.pub_element_range()].try_into()?);
|
||||
let shared_key = mix_secret_key * user_public_key;
|
||||
|
||||
// Compute the AEAD and check the Tag, if wrong return Err
|
||||
let header_aead_key = ChaCha20Poly1305::new_from_slice(&shared_key.to_bytes())?;
|
||||
let header_aead_key = ChaCha20Poly1305::new_from_slice(&shared_key.0[..])?;
|
||||
let nonce = [0; 12];
|
||||
|
||||
let tag_bytes = buffer[self.tag_range()].to_vec();
|
||||
@@ -307,7 +305,7 @@ impl MixStageParameters {
|
||||
|
||||
let routing_data = buffer[self.routing_data_range()].to_vec();
|
||||
// Do a round of LION on the payload
|
||||
lion_transform_decrypt(&mut buffer[self.payload_range()], &shared_key.to_bytes())?;
|
||||
lion_transform_decrypt(&mut buffer[self.payload_range()], &shared_key.0)?;
|
||||
|
||||
Ok(routing_data)
|
||||
}
|
||||
|
||||
@@ -9,6 +9,8 @@ mod tests {
|
||||
repeat_with(|| fastrand::u8(..)).take(n).collect()
|
||||
}
|
||||
|
||||
use curve25519_dalek::constants::ED25519_BASEPOINT_TABLE;
|
||||
use curve25519_dalek::scalar::Scalar;
|
||||
use nym_outfox::packet::OutfoxPacket;
|
||||
use sphinx_packet::constants::NODE_ADDRESS_LENGTH;
|
||||
use sphinx_packet::crypto::PublicKey;
|
||||
@@ -19,7 +21,6 @@ mod tests {
|
||||
|
||||
use nym_outfox::format::*;
|
||||
use nym_outfox::lion::*;
|
||||
use x25519_dalek::StaticSecret;
|
||||
|
||||
#[test]
|
||||
fn test_encode_decode() {
|
||||
@@ -29,10 +30,11 @@ mod tests {
|
||||
payload_length_bytes: 1024, // 1kb
|
||||
};
|
||||
|
||||
let user_secret: [u8; 32] = randombytes(32).try_into().unwrap();
|
||||
let mix_secret: [u8; 32] = randombytes(32).try_into().unwrap();
|
||||
let mix_secret_key = StaticSecret::from(mix_secret);
|
||||
let mix_public_key = PublicKey::from(&mix_secret_key);
|
||||
let user_secret = randombytes(32);
|
||||
let mix_secret = randombytes(32);
|
||||
let mix_secret_scalar =
|
||||
Scalar::from_bytes_mod_order(mix_secret.clone().try_into().unwrap());
|
||||
let mix_public_key = (&ED25519_BASEPOINT_TABLE * &mix_secret_scalar).to_montgomery();
|
||||
|
||||
let routing = [0; 32];
|
||||
let destination = [0; 32];
|
||||
@@ -85,23 +87,23 @@ mod tests {
|
||||
|
||||
#[test]
|
||||
fn test_packet_params_short() {
|
||||
let (node1_pk, node1_pub) = sphinx_packet::test_utils::fixtures::keygen();
|
||||
let (node1_pk, node1_pub) = sphinx_packet::crypto::keygen();
|
||||
let node1 = Node::new(
|
||||
NodeAddressBytes::from_bytes([0u8; NODE_ADDRESS_LENGTH]),
|
||||
node1_pub,
|
||||
);
|
||||
let (node2_pk, node2_pub) = sphinx_packet::test_utils::fixtures::keygen();
|
||||
let (node2_pk, node2_pub) = sphinx_packet::crypto::keygen();
|
||||
let node2 = Node::new(
|
||||
NodeAddressBytes::from_bytes([1u8; NODE_ADDRESS_LENGTH]),
|
||||
node2_pub,
|
||||
);
|
||||
let (node3_pk, node3_pub) = sphinx_packet::test_utils::fixtures::keygen();
|
||||
let (node3_pk, node3_pub) = sphinx_packet::crypto::keygen();
|
||||
let node3 = Node::new(
|
||||
NodeAddressBytes::from_bytes([2u8; NODE_ADDRESS_LENGTH]),
|
||||
node3_pub,
|
||||
);
|
||||
|
||||
let (gateway_pk, gateway_pub) = sphinx_packet::test_utils::fixtures::keygen();
|
||||
let (gateway_pk, gateway_pub) = sphinx_packet::crypto::keygen();
|
||||
let gateway = Node::new(
|
||||
NodeAddressBytes::from_bytes([3u8; NODE_ADDRESS_LENGTH]),
|
||||
gateway_pub,
|
||||
@@ -141,23 +143,23 @@ mod tests {
|
||||
|
||||
#[test]
|
||||
fn test_packet_params_long() {
|
||||
let (node1_pk, node1_pub) = sphinx_packet::test_utils::fixtures::keygen();
|
||||
let (node1_pk, node1_pub) = sphinx_packet::crypto::keygen();
|
||||
let node1 = Node::new(
|
||||
NodeAddressBytes::from_bytes([0u8; NODE_ADDRESS_LENGTH]),
|
||||
node1_pub,
|
||||
);
|
||||
let (node2_pk, node2_pub) = sphinx_packet::test_utils::fixtures::keygen();
|
||||
let (node2_pk, node2_pub) = sphinx_packet::crypto::keygen();
|
||||
let node2 = Node::new(
|
||||
NodeAddressBytes::from_bytes([1u8; NODE_ADDRESS_LENGTH]),
|
||||
node2_pub,
|
||||
);
|
||||
let (node3_pk, node3_pub) = sphinx_packet::test_utils::fixtures::keygen();
|
||||
let (node3_pk, node3_pub) = sphinx_packet::crypto::keygen();
|
||||
let node3 = Node::new(
|
||||
NodeAddressBytes::from_bytes([2u8; NODE_ADDRESS_LENGTH]),
|
||||
node3_pub,
|
||||
);
|
||||
|
||||
let (gateway_pk, gateway_pub) = sphinx_packet::test_utils::fixtures::keygen();
|
||||
let (gateway_pk, gateway_pub) = sphinx_packet::crypto::keygen();
|
||||
let gateway = Node::new(
|
||||
NodeAddressBytes::from_bytes([3u8; NODE_ADDRESS_LENGTH]),
|
||||
gateway_pub,
|
||||
|
||||
Generated
+198
-381
File diff suppressed because it is too large
Load Diff
@@ -64,7 +64,7 @@ nym-store-cipher = { path = "../../common/store-cipher", features = ["json"] }
|
||||
|
||||
[dev-dependencies]
|
||||
nym-crypto = { path = "../../common/crypto", features = ["rand"] }
|
||||
rand_chacha = "0.3"
|
||||
rand_chacha = "0.2"
|
||||
tempfile = "3.3.0"
|
||||
ts-rs = "7.0.0"
|
||||
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
use nym_contracts_common::signing::SigningAlgorithm;
|
||||
use nym_crypto::asymmetric::identity;
|
||||
use nym_crypto::asymmetric::identity::Ed25519RecoveryError;
|
||||
use nym_types::error::TypesError;
|
||||
use nym_validator_client::nym_api::error::NymAPIError;
|
||||
@@ -149,6 +150,9 @@ pub enum BackendError {
|
||||
#[error(transparent)]
|
||||
Ed25519Recovery(#[from] Ed25519RecoveryError),
|
||||
|
||||
#[error("failed to verify ed25519 signature: {0}")]
|
||||
Ed25519SignatureError(#[from] identity::SignatureError),
|
||||
|
||||
#[error("This command ({name}) has been removed. Please try to use {alternative} instead.")]
|
||||
RemovedCommand { name: String, alternative: String },
|
||||
}
|
||||
|
||||
@@ -26,7 +26,7 @@ nym-socks5-client-core = { path = "../../../common/socks5-client-core", default-
|
||||
serde = { workspace = true }
|
||||
tokio = { workspace = true, features = ["sync", "time"] }
|
||||
log = "0.4.17"
|
||||
rand = { workspace = true }
|
||||
rand = "0.7.3"
|
||||
|
||||
safer-ffi = { version = "0.1.4" }
|
||||
|
||||
|
||||
@@ -32,7 +32,7 @@ http = "0.2.9"
|
||||
|
||||
futures = { workspace = true }
|
||||
log = { workspace = true }
|
||||
rand = { workspace = true }
|
||||
rand = { version = "0.7.3" }
|
||||
tap = "1.0.1"
|
||||
thiserror = { workspace = true }
|
||||
url = { workspace = true }
|
||||
|
||||
@@ -28,7 +28,7 @@ ipnetwork = "0.20.0"
|
||||
log = { workspace = true }
|
||||
pretty_env_logger = "0.4.0"
|
||||
publicsuffix = "2.2.3"
|
||||
rand = { workspace = true }
|
||||
rand = "0.7.3"
|
||||
regex = "1.8.4"
|
||||
reqwest = { workspace = true, features = ["json"] }
|
||||
serde = { workspace = true, features = ["derive"] }
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user