Compare commits

..

15 Commits

Author SHA1 Message Date
Bogdan-Ștefan Neacşu 697d55248d Simplify pub key translatations 2024-05-23 13:31:28 +00:00
Bogdan-Ștefan Neacşu 570cc36385 Merge remote-tracking branch 'origin/feature/refine_wg_config' into bogdan/testing 2024-05-23 13:24:06 +00:00
Bogdan-Ștefan Neacşu ee64762b87 Init wireguard on migration 2024-05-20 14:32:30 +00:00
Bogdan-Ștefan Neacşu f4528bb521 Remove upgrade code 2024-05-20 11:25:32 +00:00
Bogdan-Ștefan Neacşu f4630e0b8a Bump gateway version number 2024-05-20 10:59:56 +00:00
Bogdan-Ștefan Neacşu 65f948d012 Remove logs 2024-05-20 10:26:13 +00:00
Bogdan-Ștefan Neacşu d16a288b6d Propagate wireguard setup error message 2024-05-20 10:06:55 +00:00
Bogdan-Ștefan Neacşu 72c40d8576 Rename network to ip for wg gw 2024-05-20 09:48:06 +00:00
Bogdan-Ștefan Neacşu 34e1709b75 Generate and use own private key 2024-05-20 09:05:07 +00:00
Bogdan-Ștefan Neacşu 257df97e3a Use client reg 2024-05-17 12:48:46 +00:00
Bogdan-Ștefan Neacşu 870570d5c3 Move key paths to separate structure 2024-05-17 11:33:30 +00:00
Bogdan-Ștefan Neacşu 0000baa343 Activate wg feature in gw dep 2024-05-17 11:33:30 +00:00
Bogdan-Ștefan Neacşu 6a307d59b4 Create wg keypair 2024-05-17 11:33:30 +00:00
Bogdan-Ștefan Neacşu a4808635f9 Support nym node first 2024-05-17 11:33:30 +00:00
Bogdan-Ștefan Neacşu 29965782a2 Include wireguard in gw config 2024-05-17 11:33:30 +00:00
103 changed files with 1522 additions and 1810 deletions
+1 -5
View File
@@ -9,11 +9,7 @@ jobs:
steps:
- uses: actions/checkout@v3
- name: Install Dependencies (Linux)
run: sudo apt-get update && sudo apt-get install -y build-essential curl wget libssl-dev libudev-dev squashfs-tools protobuf-compiler git python3 && sudo apt-get update --fix-missing
- name: Install pip3
run: sudo apt install -y python3-pip
- name: Install Python3 modules
run: sudo pip3 install pandas tabulate
run: sudo apt-get update && sudo apt-get install -y build-essential curl wget libssl-dev libudev-dev squashfs-tools protobuf-compiler git
- name: Install rsync
run: sudo apt-get install rsync
- uses: rlespinasse/github-slug-action@v3.x
+1 -5
View File
@@ -13,11 +13,7 @@ jobs:
steps:
- uses: actions/checkout@v3
- name: Install Dependencies (Linux)
run: sudo apt-get update && sudo apt-get install -y build-essential curl wget libssl-dev libudev-dev squashfs-tools protobuf-compiler git python3 && sudo apt-get update --fix-missing
- name: Install pip3
run: sudo apt install -y python3-pip
- name: Install Python3 modules
run: sudo pip3 install pandas tabulate
run: sudo apt-get update && sudo apt-get install -y build-essential curl wget libssl-dev libudev-dev squashfs-tools protobuf-compiler git
- name: Install rsync
run: sudo apt-get install rsync
- uses: rlespinasse/github-slug-action@v3.x
Generated
+249 -105
View File
@@ -43,6 +43,19 @@ dependencies = [
"generic-array 0.14.7",
]
[[package]]
name = "aes"
version = "0.7.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9e8b47f52ea9bae42228d07ec09eb676433d7c4ed1ebdf0f1d1c29ed446f1ab8"
dependencies = [
"cfg-if",
"cipher 0.3.0",
"cpufeatures",
"ctr 0.8.0",
"opaque-debug 0.3.1",
]
[[package]]
name = "aes"
version = "0.8.4"
@@ -50,7 +63,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b169f7a6d4742236a0a00c541b845991d0ac43e546831af1249753ab4c3aa3a0"
dependencies = [
"cfg-if",
"cipher",
"cipher 0.4.4",
"cpufeatures",
]
@@ -61,9 +74,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "831010a0f742e1209b3bcea8fab6a8e149051ba6099432c8cb2cc117dec3ead1"
dependencies = [
"aead",
"aes",
"cipher",
"ctr",
"aes 0.8.4",
"cipher 0.4.4",
"ctr 0.9.2",
"ghash",
"subtle 2.5.0",
]
@@ -74,7 +87,7 @@ version = "0.7.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "891477e0c6a8957309ee5c45a6368af3ae14bb510732d2684ffa19af310920f9"
dependencies = [
"getrandom",
"getrandom 0.2.15",
"once_cell",
"version_check",
]
@@ -524,7 +537,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7e141fb0f8be1c7b45887af94c88b182472b57c96b56773250ae00cd6a14a164"
dependencies = [
"bs58 0.5.1",
"hmac",
"hmac 0.12.1",
"k256",
"once_cell",
"pbkdf2",
@@ -586,7 +599,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "94cb07b0da6a73955f8fb85d24c466778e70cda767a568229b104f0264089330"
dependencies = [
"byte-tools",
"crypto-mac",
"crypto-mac 0.7.0",
"digest 0.8.1",
"opaque-debug 0.2.3",
]
@@ -814,7 +827,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c3613f74bd2eac03dad61bd53dbe620703d4371614fe0bc3b9f04dd36fe4e818"
dependencies = [
"cfg-if",
"cipher",
"cipher 0.4.4",
"cpufeatures",
]
@@ -826,7 +839,7 @@ checksum = "10cd79432192d1c0f4e1a0fef9527696cc039165d729fb41b3f4f4f354c2dc35"
dependencies = [
"aead",
"chacha20",
"cipher",
"cipher 0.4.4",
"poly1305",
"zeroize",
]
@@ -873,6 +886,15 @@ dependencies = [
"half",
]
[[package]]
name = "cipher"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7ee52072ec15386f770805afd189a01c8841be8696bed250fa2f13c4c0d6dfb7"
dependencies = [
"generic-array 0.14.7",
]
[[package]]
name = "cipher"
version = "0.4.4"
@@ -1166,7 +1188,7 @@ dependencies = [
"rand_core 0.6.4",
"serde",
"serde_json",
"signature",
"signature 2.2.0",
"subtle-encoding",
"tendermint",
"thiserror",
@@ -1185,7 +1207,7 @@ dependencies = [
"rand_core 0.6.4",
"serde",
"serde_json",
"signature",
"signature 2.2.0",
"subtle-encoding",
"tendermint",
"tendermint-rpc",
@@ -1451,6 +1473,16 @@ dependencies = [
"subtle 1.0.0",
]
[[package]]
name = "crypto-mac"
version = "0.11.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "25fab6889090c8133f3deb8f73ba3c65a7f456f66436fc012a1b1e272b1e103e"
dependencies = [
"generic-array 0.14.7",
"subtle 2.5.0",
]
[[package]]
name = "csv"
version = "1.3.0"
@@ -1472,13 +1504,22 @@ dependencies = [
"memchr",
]
[[package]]
name = "ctr"
version = "0.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "049bb91fb4aaf0e3c7efa6cd5ef877dbbbd15b39dad06d9948de4ec8a75761ea"
dependencies = [
"cipher 0.3.0",
]
[[package]]
name = "ctr"
version = "0.9.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0369ee1ad671834580515889b80f2ea915f23b8be8d0daa4bbaf2ac5c7590835"
dependencies = [
"cipher",
"cipher 0.4.4",
]
[[package]]
@@ -1530,6 +1571,7 @@ dependencies = [
"byteorder",
"digest 0.9.0",
"rand_core 0.5.1",
"serde",
"subtle 2.5.0",
"zeroize",
]
@@ -1543,11 +1585,9 @@ dependencies = [
"cfg-if",
"cpufeatures",
"curve25519-dalek-derive",
"digest 0.10.7",
"fiat-crypto",
"platforms",
"rustc_version 0.4.0",
"serde",
"subtle 2.5.0",
"zeroize",
]
@@ -1945,10 +1985,20 @@ dependencies = [
"elliptic-curve",
"rfc6979",
"serdect",
"signature",
"signature 2.2.0",
"spki",
]
[[package]]
name = "ed25519"
version = "1.5.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "91cff35c70bba8a626e3185d8cd48cc11b5437e1a5bcd15b9b5fa3c64b6dfee7"
dependencies = [
"serde",
"signature 1.6.4",
]
[[package]]
name = "ed25519"
version = "2.2.3"
@@ -1956,8 +2006,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "115531babc129696a58c64a4fef0a8bf9e9698629fb97e9e40767d235cfbcd53"
dependencies = [
"pkcs8",
"serde",
"signature",
"signature 2.2.0",
]
[[package]]
@@ -1975,16 +2024,16 @@ dependencies = [
[[package]]
name = "ed25519-dalek"
version = "2.1.1"
version = "1.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4a3daa8e81a3963a60642bcc1f90a670680bd4a77535faa384e9d1c79d620871"
checksum = "c762bae6dcaf24c4c84667b8579785430908723d5c889f469d76a41d59cc7a9d"
dependencies = [
"curve25519-dalek 4.1.2",
"ed25519",
"rand_core 0.6.4",
"curve25519-dalek 3.2.0",
"ed25519 1.5.3",
"rand 0.7.3",
"serde",
"sha2 0.10.8",
"subtle 2.5.0",
"serde_bytes",
"sha2 0.9.9",
"zeroize",
]
@@ -2475,6 +2524,19 @@ dependencies = [
"zeroize",
]
[[package]]
name = "getrandom"
version = "0.1.16"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8fc3cb4d91f53b50155bdcfd23f6a4c39ae1969c2ae85982b135750cccaf5fce"
dependencies = [
"cfg-if",
"js-sys",
"libc",
"wasi 0.9.0+wasi-snapshot-preview1",
"wasm-bindgen",
]
[[package]]
name = "getrandom"
version = "0.2.15"
@@ -2484,7 +2546,7 @@ dependencies = [
"cfg-if",
"js-sys",
"libc",
"wasi",
"wasi 0.11.0+wasi-snapshot-preview1",
"wasm-bindgen",
]
@@ -2750,13 +2812,33 @@ dependencies = [
"winapi",
]
[[package]]
name = "hkdf"
version = "0.11.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "01706d578d5c281058480e673ae4086a9f4710d8df1ad80a5b03e39ece5f886b"
dependencies = [
"digest 0.9.0",
"hmac 0.11.0",
]
[[package]]
name = "hkdf"
version = "0.12.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7"
dependencies = [
"hmac",
"hmac 0.12.1",
]
[[package]]
name = "hmac"
version = "0.11.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2a2a2320eb7ec0ebe8da8f744d7812d9fc4cb4d09344ac01898dbcb6a20ae69b"
dependencies = [
"crypto-mac 0.11.0",
"digest 0.9.0",
]
[[package]]
@@ -3314,7 +3396,7 @@ dependencies = [
"elliptic-curve",
"once_cell",
"sha2 0.10.8",
"signature",
"signature 2.2.0",
]
[[package]]
@@ -3577,7 +3659,7 @@ checksum = "a4a650543ca06a924e8b371db273b2756685faae30f8487da1b56505a8f78b0c"
dependencies = [
"libc",
"log",
"wasi",
"wasi 0.11.0+wasi-snapshot-preview1",
"windows-sys 0.48.0",
]
@@ -3593,7 +3675,7 @@ dependencies = [
"nym-ordered-buffer",
"nym-service-providers-common",
"nym-socks5-requests",
"rand 0.8.5",
"rand 0.7.3",
"serde",
"serde-wasm-bindgen",
"thiserror",
@@ -3883,7 +3965,9 @@ dependencies = [
"nym-vesting-contract-common",
"okapi",
"pin-project",
"rand 0.7.3",
"rand 0.8.5",
"rand_chacha 0.2.2",
"rand_chacha 0.3.1",
"reqwest 0.12.4",
"rocket",
@@ -3948,7 +4032,7 @@ dependencies = [
"nym-crypto",
"nym-network-defaults",
"nym-validator-client",
"rand 0.8.5",
"rand 0.7.3",
"thiserror",
"url",
"zeroize",
@@ -4098,7 +4182,7 @@ dependencies = [
"nym-task",
"nym-topology",
"nym-validator-client",
"rand 0.8.5",
"rand 0.7.3",
"serde",
"serde_json",
"tap",
@@ -4146,7 +4230,7 @@ dependencies = [
"nym-task",
"nym-topology",
"nym-validator-client",
"rand 0.8.5",
"rand 0.7.3",
"serde",
"serde_json",
"sha2 0.10.8",
@@ -4226,7 +4310,7 @@ dependencies = [
"nym-bin-common",
"nym-node-tester-utils",
"nym-node-tester-wasm",
"rand 0.8.5",
"rand 0.7.3",
"serde",
"serde-wasm-bindgen",
"serde_json",
@@ -4258,7 +4342,7 @@ dependencies = [
"digest 0.9.0",
"doc-comment",
"ff",
"getrandom",
"getrandom 0.2.15",
"group",
"itertools 0.10.5",
"nym-dkg",
@@ -4369,7 +4453,7 @@ dependencies = [
"nym-credentials-interface",
"nym-crypto",
"nym-validator-client",
"rand 0.8.5",
"rand 0.7.3",
"serde",
"thiserror",
"time",
@@ -4390,25 +4474,25 @@ dependencies = [
name = "nym-crypto"
version = "0.4.0"
dependencies = [
"aes",
"aes 0.8.4",
"blake3",
"bs58 0.5.1",
"cipher",
"ctr",
"cipher 0.4.4",
"ctr 0.9.2",
"digest 0.10.7",
"ed25519-dalek",
"generic-array 0.14.7",
"hkdf",
"hmac",
"hkdf 0.12.4",
"hmac 0.12.1",
"nym-pemstore",
"nym-sphinx-types",
"rand 0.8.5",
"rand_chacha 0.3.1",
"rand 0.7.3",
"rand_chacha 0.2.2",
"serde",
"serde_bytes",
"subtle-encoding",
"thiserror",
"x25519-dalek",
"x25519-dalek 1.1.1",
"zeroize",
]
@@ -4492,7 +4576,7 @@ dependencies = [
[[package]]
name = "nym-gateway"
version = "1.1.36"
version = "1.1.37"
dependencies = [
"anyhow",
"async-trait",
@@ -4530,7 +4614,7 @@ dependencies = [
"nym-wireguard",
"nym-wireguard-types",
"once_cell",
"rand 0.8.5",
"rand 0.7.3",
"serde",
"serde_json",
"sqlx",
@@ -4550,7 +4634,7 @@ name = "nym-gateway-client"
version = "0.1.0"
dependencies = [
"futures",
"getrandom",
"getrandom 0.2.15",
"gloo-utils",
"log",
"nym-bandwidth-controller",
@@ -4563,7 +4647,7 @@ dependencies = [
"nym-sphinx",
"nym-task",
"nym-validator-client",
"rand 0.8.5",
"rand 0.7.3",
"serde",
"si-scale",
"thiserror",
@@ -4592,7 +4676,7 @@ dependencies = [
"nym-crypto",
"nym-pemstore",
"nym-sphinx",
"rand 0.8.5",
"rand 0.7.3",
"serde",
"serde_json",
"thiserror",
@@ -4818,7 +4902,7 @@ dependencies = [
"nym-topology",
"nym-types",
"nym-validator-client",
"rand 0.8.5",
"rand 0.7.3",
"serde",
"serde_json",
"sysinfo 0.27.8",
@@ -4940,7 +5024,7 @@ dependencies = [
"nym-types",
"pretty_env_logger",
"publicsuffix",
"rand 0.8.5",
"rand 0.7.3",
"regex",
"reqwest 0.12.4",
"serde",
@@ -5002,7 +5086,7 @@ dependencies = [
"nym-task",
"nym-types",
"nym-wireguard-types",
"rand 0.8.5",
"rand 0.7.3",
"semver 1.0.23",
"serde",
"serde_json",
@@ -5025,7 +5109,7 @@ dependencies = [
"dashmap",
"fastrand 2.1.0",
"headers",
"hmac",
"hmac 0.12.1",
"hyper 1.3.1",
"ipnetwork 0.16.0",
"nym-crypto",
@@ -5035,7 +5119,7 @@ dependencies = [
"nym-task",
"nym-wireguard",
"nym-wireguard-types",
"rand 0.8.5",
"rand 0.7.3",
"serde_json",
"thiserror",
"time",
@@ -5045,7 +5129,7 @@ dependencies = [
"tracing",
"utoipa",
"utoipa-swagger-ui",
"x25519-dalek",
"x25519-dalek 2.0.1",
]
[[package]]
@@ -5061,7 +5145,7 @@ dependencies = [
"nym-exit-policy",
"nym-http-api-client",
"nym-wireguard-types",
"rand_chacha 0.3.1",
"rand_chacha 0.2.2",
"schemars",
"serde",
"serde_json",
@@ -5082,7 +5166,7 @@ dependencies = [
"nym-sphinx-params",
"nym-task",
"nym-topology",
"rand 0.8.5",
"rand 0.7.3",
"serde",
"serde_json",
"thiserror",
@@ -5097,7 +5181,7 @@ dependencies = [
"futures",
"js-sys",
"nym-node-tester-utils",
"rand 0.8.5",
"rand 0.7.3",
"serde",
"serde-wasm-bindgen",
"thiserror",
@@ -5152,14 +5236,14 @@ dependencies = [
"chacha20",
"chacha20poly1305",
"criterion",
"curve25519-dalek 3.2.0",
"fastrand 1.9.0",
"getrandom",
"getrandom 0.2.15",
"log",
"rand 0.8.5",
"rand 0.7.3",
"rayon",
"sphinx-packet",
"thiserror",
"x25519-dalek",
"zeroize",
]
@@ -5204,7 +5288,7 @@ dependencies = [
"nym-validator-client",
"parking_lot 0.12.2",
"pretty_env_logger",
"rand 0.8.5",
"rand 0.7.3",
"reqwest 0.12.4",
"tap",
"thiserror",
@@ -5266,7 +5350,7 @@ dependencies = [
"nym-socks5-client-core",
"nym-sphinx",
"nym-topology",
"rand 0.8.5",
"rand 0.7.3",
"serde",
"serde_json",
"tap",
@@ -5299,7 +5383,7 @@ dependencies = [
"nym-task",
"nym-validator-client",
"pin-project",
"rand 0.8.5",
"rand 0.7.3",
"reqwest 0.12.4",
"schemars",
"serde",
@@ -5325,7 +5409,7 @@ dependencies = [
"nym-credential-storage",
"nym-crypto",
"nym-socks5-client-core",
"rand 0.8.5",
"rand 0.7.3",
"safer-ffi",
"serde",
"tokio",
@@ -5379,7 +5463,7 @@ dependencies = [
"nym-sphinx-routing",
"nym-sphinx-types",
"nym-topology",
"rand 0.8.5",
"rand 0.7.3",
"rand_distr",
"thiserror",
"tokio",
@@ -5397,7 +5481,7 @@ dependencies = [
"nym-sphinx-routing",
"nym-sphinx-types",
"nym-topology",
"rand 0.8.5",
"rand 0.7.3",
"serde",
"thiserror",
"zeroize",
@@ -5409,7 +5493,7 @@ version = "0.1.0"
dependencies = [
"nym-crypto",
"nym-sphinx-types",
"rand 0.8.5",
"rand 0.7.3",
"serde",
"thiserror",
]
@@ -5425,8 +5509,8 @@ dependencies = [
"nym-sphinx-routing",
"nym-sphinx-types",
"nym-topology",
"rand 0.8.5",
"rand_chacha 0.3.1",
"rand 0.7.3",
"rand_chacha 0.2.2",
"serde",
"thiserror",
"wasm-bindgen",
@@ -5440,7 +5524,7 @@ dependencies = [
"nym-sphinx-addressing",
"nym-sphinx-params",
"nym-sphinx-types",
"rand 0.8.5",
"rand 0.7.3",
"thiserror",
]
@@ -5457,7 +5541,7 @@ dependencies = [
"nym-sphinx-routing",
"nym-sphinx-types",
"nym-topology",
"rand 0.8.5",
"rand 0.7.3",
"thiserror",
]
@@ -5532,7 +5616,7 @@ dependencies = [
"aes-gcm",
"argon2",
"generic-array 0.14.7",
"getrandom",
"getrandom 0.2.15",
"rand 0.8.5",
"serde",
"serde_json",
@@ -5568,7 +5652,7 @@ dependencies = [
"nym-sphinx-addressing",
"nym-sphinx-routing",
"nym-sphinx-types",
"rand 0.8.5",
"rand 0.7.3",
"semver 0.11.0",
"serde",
"serde_json",
@@ -5598,7 +5682,7 @@ dependencies = [
"cosmrs 0.15.0 (git+https://github.com/jstuczyn/cosmos-rust?branch=nym-temp/all-validator-features)",
"cosmwasm-std",
"eyre",
"hmac",
"hmac 0.12.1",
"itertools 0.11.0",
"log",
"nym-config",
@@ -5616,7 +5700,7 @@ dependencies = [
"thiserror",
"ts-rs",
"url",
"x25519-dalek",
"x25519-dalek 2.0.1",
]
[[package]]
@@ -5748,7 +5832,7 @@ dependencies = [
"nym-task",
"nym-wireguard-types",
"tokio",
"x25519-dalek",
"x25519-dalek 2.0.1",
]
[[package]]
@@ -5757,16 +5841,18 @@ version = "0.1.0"
dependencies = [
"base64 0.21.7",
"dashmap",
"hmac",
"hmac 0.12.1",
"log",
"nym-config",
"nym-crypto",
"rand 0.8.5",
"nym-network-defaults",
"rand 0.7.3",
"serde",
"serde_json",
"sha2 0.10.8",
"thiserror",
"utoipa",
"x25519-dalek",
"x25519-dalek 2.0.1",
]
[[package]]
@@ -6090,7 +6176,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f8ed6a7761f76e3b9f92dfb0a60a6a6477c61024b775147ff0973a02653abaf2"
dependencies = [
"digest 0.10.7",
"hmac",
"hmac 0.12.1",
]
[[package]]
@@ -6551,7 +6637,7 @@ dependencies = [
"libc",
"rand_chacha 0.1.1",
"rand_core 0.4.2",
"rand_hc",
"rand_hc 0.1.0",
"rand_isaac",
"rand_jitter",
"rand_os",
@@ -6560,6 +6646,19 @@ dependencies = [
"winapi",
]
[[package]]
name = "rand"
version = "0.7.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6a6b1679d49b24bbfe0c803429aa1874472f50d9b363131f0e89fc356b544d03"
dependencies = [
"getrandom 0.1.16",
"libc",
"rand_chacha 0.2.2",
"rand_core 0.5.1",
"rand_hc 0.2.0",
]
[[package]]
name = "rand"
version = "0.8.5"
@@ -6581,6 +6680,16 @@ dependencies = [
"rand_core 0.3.1",
]
[[package]]
name = "rand_chacha"
version = "0.2.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f4c8ed856279c9737206bf725bf36935d8666ead7aa69b52be55af369d193402"
dependencies = [
"ppv-lite86",
"rand_core 0.5.1",
]
[[package]]
name = "rand_chacha"
version = "0.3.1"
@@ -6611,6 +6720,9 @@ name = "rand_core"
version = "0.5.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "90bde5296fc891b0cef12a6d03ddccc162ce7b2aff54160af9338f8d40df6d19"
dependencies = [
"getrandom 0.1.16",
]
[[package]]
name = "rand_core"
@@ -6618,17 +6730,17 @@ version = "0.6.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c"
dependencies = [
"getrandom",
"getrandom 0.2.15",
]
[[package]]
name = "rand_distr"
version = "0.4.3"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "32cb0b9bc82b0a0876c2dd994a7e7a2683d3e7390ca40e6886785ef0c7e3ee31"
checksum = "c9e9532ada3929fb8b2e9dbe28d1e06c9b2cc65813f074fcb6bd5fbefeff9d56"
dependencies = [
"num-traits",
"rand 0.8.5",
"rand 0.7.3",
]
[[package]]
@@ -6640,6 +6752,15 @@ dependencies = [
"rand_core 0.3.1",
]
[[package]]
name = "rand_hc"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ca3129af7b92a17112d59ad498c6f81eaf463253766b90396d39ea7a39d6613c"
dependencies = [
"rand_core 0.5.1",
]
[[package]]
name = "rand_isaac"
version = "0.1.1"
@@ -6773,7 +6894,7 @@ version = "0.4.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bd283d9651eeda4b2a83a43c1c91b266c40fd76ecd39a50a8c630ae69dc72891"
dependencies = [
"getrandom",
"getrandom 0.2.15",
"libredox",
"thiserror",
]
@@ -6933,7 +7054,7 @@ version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2"
dependencies = [
"hmac",
"hmac 0.12.1",
"subtle 2.5.0",
]
@@ -6960,7 +7081,7 @@ checksum = "c17fa4cb658e3583423e915b9f3acc01cceaee1860e33d59ebae66adc3a2dc0d"
dependencies = [
"cc",
"cfg-if",
"getrandom",
"getrandom 0.2.15",
"libc",
"spin 0.9.8",
"untrusted 0.9.0",
@@ -7714,6 +7835,12 @@ dependencies = [
"libc",
]
[[package]]
name = "signature"
version = "1.6.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "74233d3b3b2f6d4b006dc19dee745e73e2a6bfb6f93607cd3b02bd5b00797d7c"
[[package]]
name = "signature"
version = "2.2.0"
@@ -7784,27 +7911,26 @@ dependencies = [
[[package]]
name = "sphinx-packet"
version = "0.2.0"
version = "0.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cffb0df8390239119e76d4f60a6b06900351ee971d78868fc4cfef18301728ad"
checksum = "cc43eda802856ee82a7555c7b75ceb9e07451741c7a2f5f23d036020e01189d4"
dependencies = [
"aes",
"aes 0.7.5",
"arrayref",
"blake2 0.8.1",
"bs58 0.5.1",
"bs58 0.4.0",
"byteorder",
"chacha",
"ctr",
"digest 0.10.7",
"hkdf",
"hmac",
"curve25519-dalek 3.2.0",
"digest 0.9.0",
"hkdf 0.11.0",
"hmac 0.11.0",
"lioness",
"log",
"rand 0.8.5",
"rand 0.7.3",
"rand_distr",
"sha2 0.10.8",
"sha2 0.9.9",
"subtle 2.5.0",
"x25519-dalek",
]
[[package]]
@@ -8194,7 +8320,7 @@ checksum = "15ab8f0a25d0d2ad49ac615da054d6a76aa6603ff95f7d18bafdd34450a1a04b"
dependencies = [
"bytes",
"digest 0.10.7",
"ed25519",
"ed25519 2.2.3",
"ed25519-consensus",
"flex-error",
"futures",
@@ -8209,7 +8335,7 @@ dependencies = [
"serde_json",
"serde_repr",
"sha2 0.10.8",
"signature",
"signature 2.2.0",
"subtle 2.5.0",
"subtle-encoding",
"tendermint-proto",
@@ -8260,7 +8386,7 @@ dependencies = [
"bytes",
"flex-error",
"futures",
"getrandom",
"getrandom 0.2.15",
"peg",
"pin-project",
"reqwest 0.11.27",
@@ -9164,7 +9290,7 @@ version = "1.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5e395fcf16a7a3d8127ec99782007af141946b4795001f876d54fb0d55978560"
dependencies = [
"getrandom",
"getrandom 0.2.15",
"wasm-bindgen",
]
@@ -9223,6 +9349,12 @@ dependencies = [
"try-lock",
]
[[package]]
name = "wasi"
version = "0.9.0+wasi-snapshot-preview1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519"
[[package]]
name = "wasi"
version = "0.11.0+wasi-snapshot-preview1"
@@ -9338,7 +9470,7 @@ dependencies = [
"nym-task",
"nym-topology",
"nym-validator-client",
"rand 0.8.5",
"rand 0.7.3",
"serde",
"serde-wasm-bindgen",
"thiserror",
@@ -9386,7 +9518,7 @@ name = "wasm-utils"
version = "0.1.0"
dependencies = [
"futures",
"getrandom",
"getrandom 0.2.15",
"gloo-net",
"gloo-utils",
"js-sys",
@@ -9794,6 +9926,18 @@ dependencies = [
"tap",
]
[[package]]
name = "x25519-dalek"
version = "1.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5a0c105152107e3b96f6a00a65e86ce82d9b125230e1c4302940eca58ff71f4f"
dependencies = [
"curve25519-dalek 3.2.0",
"rand_core 0.5.1",
"serde",
"zeroize",
]
[[package]]
name = "x25519-dalek"
version = "2.0.1"
+1 -1
View File
@@ -25,7 +25,7 @@ bs58 = { workspace = true }
clap = { workspace = true, features = ["cargo", "derive"] }
dirs = "4.0"
log = { workspace = true } # self explanatory
rand = { workspace = true }
rand = { version = "0.7.3", features = ["wasm-bindgen"] } # rng-related traits + some rng implementation to use
serde = { workspace = true, features = ["derive"] } # for config serialization/deserialization
serde_json = { workspace = true }
thiserror = { workspace = true }
+1 -1
View File
@@ -16,7 +16,7 @@ serde_json = { workspace = true }
tap = "1.0.1"
thiserror = { workspace = true }
tokio = { version = "1.24.1", features = ["rt-multi-thread", "net", "signal"] }
rand = { workspace = true }
rand = "0.7.3"
time = { workspace = true }
url = { workspace = true }
zeroize = { workspace = true }
+1 -1
View File
@@ -9,7 +9,7 @@ license.workspace = true
[dependencies]
bip39 = { workspace = true }
log = { workspace = true }
rand = { workspace = true }
rand = "0.7.3"
thiserror = { workspace = true }
url = { workspace = true }
zeroize = { workspace = true }
+1 -1
View File
@@ -17,7 +17,7 @@ clap = { workspace = true, optional = true }
futures = { workspace = true }
humantime-serde = { workspace = true }
log = { workspace = true }
rand = { workspace = true }
rand = { version = "0.7.3", features = ["wasm-bindgen"] }
serde = { workspace = true, features = ["derive"] }
serde_json = { workspace = true }
sha2 = "0.10.6"
+1 -1
View File
@@ -14,7 +14,7 @@ futures = { workspace = true }
log = { workspace = true }
thiserror = { workspace = true }
url = { workspace = true }
rand = { workspace = true }
rand = { version = "0.7.3", features = ["wasm-bindgen"] }
tokio = { version = "1.24.1", features = ["macros"] }
si-scale = "0.2.2"
time.workspace = true
+1 -1
View File
@@ -23,5 +23,5 @@ nym-api-requests = { path = "../../nym-api/nym-api-requests" }
nym-validator-client = { path = "../client-libs/validator-client", default-features = false }
[dev-dependencies]
rand = "0.8.5"
rand = "0.7.3"
+4 -4
View File
@@ -17,9 +17,9 @@ generic-array = { workspace = true, optional = true }
hkdf = { version = "0.12.3", optional = true }
hmac = { version = "0.12.1", optional = true }
cipher = { version = "0.4.3", optional = true }
x25519-dalek = { version = "2.0.0", optional = true }
ed25519-dalek = { version = "2.1", features = ["rand_core"], optional = true }
rand = { version = "0.8.5", optional = true }
x25519-dalek = { version = "1.1", optional = true }
ed25519-dalek = { version = "1.0", optional = true }
rand = { version = "0.7.3", features = ["wasm-bindgen"], optional = true }
serde_bytes = { version = "0.11.6", optional = true }
serde_crate = { version = "1.0", optional = true, default_features = false, features = ["derive"], package = "serde" }
subtle-encoding = { version = "0.5", features = ["bech32-preview"]}
@@ -31,7 +31,7 @@ nym-sphinx-types = { path = "../nymsphinx/types", version = "0.2.0", default-fea
nym-pemstore = { path = "../../common/pemstore", version = "0.3.0" }
[dev-dependencies]
rand_chacha = "0.3"
rand_chacha = "0.2"
[features]
default = ["sphinx"]
@@ -56,7 +56,7 @@ pub struct KeyPair {
impl KeyPair {
#[cfg(feature = "rand")]
pub fn new<R: RngCore + CryptoRng>(rng: &mut R) -> Self {
let private_key = x25519_dalek::StaticSecret::random_from_rng(rng);
let private_key = x25519_dalek::StaticSecret::new(rng);
let public_key = (&private_key).into();
KeyPair {
@@ -203,7 +203,7 @@ impl<'a> From<&'a PrivateKey> for PublicKey {
impl PrivateKey {
#[cfg(feature = "rand")]
pub fn new<R: RngCore + CryptoRng>(rng: &mut R) -> Self {
let x25519_secret = x25519_dalek::StaticSecret::random_from_rng(rng);
let x25519_secret = x25519_dalek::StaticSecret::new(rng);
PrivateKey(x25519_secret)
}
@@ -322,7 +322,9 @@ impl<'a> From<&'a PrivateKey> for nym_sphinx_types::PrivateKey {
#[cfg(feature = "sphinx")]
impl From<nym_sphinx_types::PrivateKey> for PrivateKey {
fn from(private_key: nym_sphinx_types::PrivateKey) -> Self {
Self(private_key)
let private_key_bytes = private_key.to_bytes();
assert_eq!(private_key_bytes.len(), PRIVATE_KEY_SIZE);
Self::from_bytes(&private_key_bytes).unwrap()
}
}
@@ -364,7 +366,7 @@ mod sphinx_key_conversion {
#[test]
fn works_for_backward_conversion() {
for _ in 0..NUM_ITERATIONS {
let (sphinx_private, sphinx_public) = nym_sphinx_types::test_utils::fixtures::keygen();
let (sphinx_private, sphinx_public) = nym_sphinx_types::crypto::keygen();
let private_bytes = sphinx_private.to_bytes();
let public_bytes = sphinx_public.as_bytes();
+15 -21
View File
@@ -1,8 +1,8 @@
// Copyright 2021-2023 - Nym Technologies SA <contact@nymtech.net>
// SPDX-License-Identifier: Apache-2.0
pub use ed25519_dalek::ed25519::signature::Signature as SignatureTrait;
pub use ed25519_dalek::SignatureError;
use ed25519_dalek::{Signer, SigningKey};
pub use ed25519_dalek::{Verifier, PUBLIC_KEY_LENGTH, SECRET_KEY_LENGTH, SIGNATURE_LENGTH};
use nym_pemstore::traits::{PemStorableKey, PemStorableKeyPair};
use std::fmt::{self, Display, Formatter};
@@ -30,9 +30,6 @@ pub enum Ed25519RecoveryError {
#[error(transparent)]
MalformedBytes(#[from] SignatureError),
#[error(transparent)]
BytesLengthError(#[from] std::array::TryFromSliceError),
#[error("the base58 representation of the public key was malformed - {source}")]
MalformedPublicKeyString {
#[source]
@@ -67,11 +64,11 @@ pub struct KeyPair {
impl KeyPair {
#[cfg(feature = "rand")]
pub fn new<R: RngCore + CryptoRng>(rng: &mut R) -> Self {
let ed25519_signing_key = ed25519_dalek::SigningKey::generate(rng);
let ed25519_keypair = ed25519_dalek::Keypair::generate(rng);
KeyPair {
private_key: PrivateKey(ed25519_signing_key.to_bytes()),
public_key: PublicKey(ed25519_signing_key.verifying_key()),
private_key: PrivateKey(ed25519_keypair.secret),
public_key: PublicKey(ed25519_keypair.public),
}
}
@@ -112,7 +109,7 @@ impl PemStorableKeyPair for KeyPair {
/// ed25519 EdDSA Public Key
#[derive(Debug, Copy, Clone, Eq, PartialEq)]
pub struct PublicKey(ed25519_dalek::VerifyingKey);
pub struct PublicKey(ed25519_dalek::PublicKey);
impl Display for PublicKey {
fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result {
@@ -138,9 +135,7 @@ impl PublicKey {
}
pub fn from_bytes(b: &[u8]) -> Result<Self, Ed25519RecoveryError> {
Ok(PublicKey(ed25519_dalek::VerifyingKey::from_bytes(
b.try_into()?,
)?))
Ok(PublicKey(ed25519_dalek::PublicKey::from_bytes(b)?))
}
pub fn to_base58_string(self) -> String {
@@ -194,7 +189,7 @@ impl<'d> Deserialize<'d> for PublicKey {
where
D: Deserializer<'d>,
{
Ok(PublicKey(ed25519_dalek::VerifyingKey::deserialize(
Ok(PublicKey(ed25519_dalek::PublicKey::deserialize(
deserializer,
)?))
}
@@ -228,14 +223,14 @@ impl Display for PrivateKey {
impl<'a> From<&'a PrivateKey> for PublicKey {
fn from(pk: &'a PrivateKey) -> Self {
PublicKey(SigningKey::from_bytes(&pk.0).verifying_key())
PublicKey((&pk.0).into())
}
}
impl PrivateKey {
#[cfg(feature = "rand")]
pub fn new<R: RngCore + CryptoRng>(rng: &mut R) -> Self {
let ed25519_secret = ed25519_dalek::SigningKey::generate(rng).to_bytes();
let ed25519_secret = ed25519_dalek::SecretKey::generate(rng);
PrivateKey(ed25519_secret)
}
@@ -245,11 +240,11 @@ impl PrivateKey {
}
pub fn to_bytes(&self) -> [u8; SECRET_KEY_LENGTH] {
self.0
self.0.to_bytes()
}
pub fn from_bytes(b: &[u8]) -> Result<Self, Ed25519RecoveryError> {
Ok(PrivateKey(b.try_into()?))
Ok(PrivateKey(ed25519_dalek::SecretKey::from_bytes(b)?))
}
pub fn to_base58_string(&self) -> String {
@@ -264,8 +259,9 @@ impl PrivateKey {
}
pub fn sign<M: AsRef<[u8]>>(&self, message: M) -> Signature {
let signing_key: SigningKey = self.0.into();
let sig = signing_key.sign(message.as_ref());
let expanded_secret_key = ed25519_dalek::ExpandedSecretKey::from(&self.0);
let public_key: PublicKey = self.into();
let sig = expanded_secret_key.sign(message.as_ref(), &public_key.0);
Signature(sig)
}
@@ -334,9 +330,7 @@ impl Signature {
}
pub fn from_bytes(bytes: &[u8]) -> Result<Self, Ed25519RecoveryError> {
Ok(Signature(ed25519_dalek::Signature::from_bytes(
bytes.try_into()?,
)))
Ok(Signature(ed25519_dalek::Signature::from_bytes(bytes)?))
}
}
+2 -2
View File
@@ -3,11 +3,11 @@
use crate::asymmetric::encryption;
use crate::hkdf;
#[cfg(feature = "rand")]
use cipher::crypto_common::rand_core::{CryptoRng, RngCore};
use cipher::{Key, KeyIvInit, StreamCipher};
use digest::crypto_common::BlockSizeUser;
use digest::Digest;
#[cfg(feature = "rand")]
use rand::{CryptoRng, RngCore};
/// Generate an ephemeral encryption keypair and perform diffie-hellman to establish
/// shared key with the remote.
@@ -242,7 +242,7 @@ impl SphinxPacketProcessor {
#[cfg(test)]
mod tests {
use super::*;
use nym_sphinx_types::test_utils::fixtures::keygen;
use nym_sphinx_types::crypto::keygen;
fn fixture() -> SphinxPacketProcessor {
let local_keys = keygen();
+1 -1
View File
@@ -8,7 +8,7 @@ license.workspace = true
[dependencies]
futures = { workspace = true }
rand = { workspace = true }
rand = "0.7.3"
serde = { workspace = true }
serde_json = { workspace = true }
+2 -2
View File
@@ -9,8 +9,8 @@ repository = { workspace = true }
[dependencies]
log = { workspace = true }
rand = { workspace = true }
rand_distr = "0.4"
rand = { version = "0.7.3", features = ["wasm-bindgen"] }
rand_distr = "0.3"
thiserror = { workspace = true }
nym-sphinx-acknowledgements = { path = "acknowledgements" }
+1 -1
View File
@@ -8,7 +8,7 @@ license = { workspace = true }
repository = { workspace = true }
[dependencies]
rand = { workspace = true }
rand = { version = "0.7.3", features = ["wasm-bindgen"] }
serde_crate = { version = "1.0", optional = true, default_features = false, features = ["derive"], package = "serde" }
generic-array = { workspace = true, optional = true, features = ["serde"] }
thiserror = { workspace = true }
+1 -1
View File
@@ -14,5 +14,5 @@ serde = "1.0" # implementing serialization/deserialization for some types, like
thiserror = { workspace = true }
[dev-dependencies]
rand = "0.8.5"
rand = "0.7"
nym-crypto = { path = "../../crypto", features = ["rand"] }
@@ -8,7 +8,7 @@ license = { workspace = true }
repository = { workspace = true }
[dependencies]
rand = { workspace = true }
rand = { version = "0.7.3", features = ["wasm-bindgen"] }
bs58 = { workspace = true }
serde = { workspace = true }
thiserror = { workspace = true }
@@ -24,4 +24,4 @@ nym-topology = { path = "../../topology" }
version = "0.2.83"
[dev-dependencies]
rand_chacha = "0.3"
rand_chacha = "0.2"
@@ -570,7 +570,7 @@ mod tests {
let mut address_bytes = [0; NODE_ADDRESS_LENGTH];
rng.fill_bytes(&mut address_bytes);
let dummy_private = PrivateKey::random_from_rng(rng);
let dummy_private = PrivateKey::new_with_rng(rng);
let pub_key = (&dummy_private).into();
Node {
address: NodeAddressBytes::from_bytes(address_bytes),
+1 -1
View File
@@ -11,7 +11,7 @@ repository = { workspace = true }
[dependencies]
log = { workspace = true }
rand = { workspace = true }
rand = { version = "0.7.3", features = ["wasm-bindgen"] }
thiserror = { workspace = true }
nym-sphinx-addressing = { path = "../addressing" }
+1 -1
View File
@@ -8,7 +8,7 @@ license = { workspace = true }
repository = { workspace = true }
[dependencies]
rand = { workspace = true }
rand = { version = "0.7.3", features = ["wasm-bindgen"] }
thiserror = { workspace = true }
nym-crypto = { path = "../../crypto" }
+9 -9
View File
@@ -130,28 +130,28 @@ impl Decoder for NymCodec {
mod packet_encoding {
use super::*;
use nym_sphinx_types::{
test_utils, Delay as SphinxDelay, Destination, DestinationAddressBytes, Node,
NodeAddressBytes, DESTINATION_ADDRESS_LENGTH, IDENTIFIER_LENGTH, NODE_ADDRESS_LENGTH,
crypto, Delay as SphinxDelay, Destination, DestinationAddressBytes, Node, NodeAddressBytes,
DESTINATION_ADDRESS_LENGTH, IDENTIFIER_LENGTH, NODE_ADDRESS_LENGTH,
};
fn make_valid_outfox_packet(size: PacketSize) -> NymPacket {
let (_, node1_pk) = test_utils::fixtures::keygen();
let (_, node1_pk) = crypto::keygen();
let node1 = Node::new(
NodeAddressBytes::from_bytes([5u8; NODE_ADDRESS_LENGTH]),
node1_pk,
);
let (_, node2_pk) = test_utils::fixtures::keygen();
let (_, node2_pk) = crypto::keygen();
let node2 = Node::new(
NodeAddressBytes::from_bytes([4u8; NODE_ADDRESS_LENGTH]),
node2_pk,
);
let (_, node3_pk) = test_utils::fixtures::keygen();
let (_, node3_pk) = crypto::keygen();
let node3 = Node::new(
NodeAddressBytes::from_bytes([2u8; NODE_ADDRESS_LENGTH]),
node3_pk,
);
let (_, node4_pk) = test_utils::fixtures::keygen();
let (_, node4_pk) = crypto::keygen();
let node4 = Node::new(
NodeAddressBytes::from_bytes([2u8; NODE_ADDRESS_LENGTH]),
node4_pk,
@@ -170,17 +170,17 @@ mod packet_encoding {
}
fn make_valid_sphinx_packet(size: PacketSize) -> NymPacket {
let (_, node1_pk) = test_utils::fixtures::keygen();
let (_, node1_pk) = crypto::keygen();
let node1 = Node::new(
NodeAddressBytes::from_bytes([5u8; NODE_ADDRESS_LENGTH]),
node1_pk,
);
let (_, node2_pk) = test_utils::fixtures::keygen();
let (_, node2_pk) = crypto::keygen();
let node2 = Node::new(
NodeAddressBytes::from_bytes([4u8; NODE_ADDRESS_LENGTH]),
node2_pk,
);
let (_, node3_pk) = test_utils::fixtures::keygen();
let (_, node3_pk) = crypto::keygen();
let node3 = Node::new(
NodeAddressBytes::from_bytes([2u8; NODE_ADDRESS_LENGTH]),
node3_pk,
+1 -1
View File
@@ -8,7 +8,7 @@ license = { workspace = true }
repository = { workspace = true }
[dependencies]
sphinx-packet = { version = "0.2.0", optional = true }
sphinx-packet = { version = "0.1.0", optional = true }
nym-outfox = { path = "../../../nym-outfox", optional = true }
thiserror = { workspace = true }
+2 -2
View File
@@ -15,13 +15,13 @@ pub use sphinx_packet::{
self, DESTINATION_ADDRESS_LENGTH, IDENTIFIER_LENGTH, MAX_PATH_LENGTH, NODE_ADDRESS_LENGTH,
PAYLOAD_KEY_SIZE,
},
crypto::{self, PrivateKey, PublicKey},
crypto::{self, EphemeralSecret, PrivateKey, PublicKey, SharedSecret},
header::{self, delays, delays::Delay, ProcessedHeader, SphinxHeader, HEADER_SIZE},
packet::builder::DEFAULT_PAYLOAD_SIZE,
payload::{Payload, PAYLOAD_OVERHEAD_SIZE},
route::{Destination, DestinationAddressBytes, Node, NodeAddressBytes, SURBIdentifier},
surb::{SURBMaterial, SURB},
test_utils, Error as SphinxError, ProcessedPacket,
Error as SphinxError, ProcessedPacket,
};
#[cfg(feature = "sphinx")]
use sphinx_packet::{SphinxPacket, SphinxPacketBuilder};
+1 -1
View File
@@ -12,7 +12,7 @@ dirs = "4.0"
futures = { workspace = true }
log = { workspace = true }
pin-project = "1.0"
rand = { workspace = true }
rand = { version = "0.7.3", features = ["wasm-bindgen"] }
reqwest = { workspace = true }
schemars = { workspace = true, features = ["preserve_order"] }
serde = { workspace = true, features = ["derive"] } # for config serialization/deserialization
+1 -1
View File
@@ -14,7 +14,7 @@ documentation = { workspace = true }
[dependencies]
bs58 = { workspace = true }
log = { workspace = true }
rand = { workspace = true }
rand = { version = "0.7.3", features = ["wasm-bindgen"] }
thiserror = { workspace = true }
async-trait = { workspace = true, optional = true }
semver = "0.11"
+22
View File
@@ -171,3 +171,25 @@ impl fmt::Display for GatewayIpPacketRouterDetails {
writeln!(f, "\taddress: {}", self.address)
}
}
#[derive(Debug, Serialize, Deserialize)]
pub struct GatewayWireguardDetails {
pub enabled: bool,
pub announced_port: u16,
pub private_network_prefix: u8,
}
impl fmt::Display for GatewayWireguardDetails {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
writeln!(f, "wireguard:")?;
writeln!(f, "\tenabled: {}", self.enabled)?;
writeln!(f, "\tannounced_port: {}", self.announced_port)?;
writeln!(
f,
"\tprivate_network_prefix: {}",
self.private_network_prefix
)
}
}
+1 -1
View File
@@ -11,7 +11,7 @@ repository = "https://github.com/nymtech/nym"
[dependencies]
async-trait = { workspace = true }
js-sys = { workspace = true }
rand = { workspace = true }
rand = { version = "0.7.3", features = ["wasm-bindgen"] }
serde = { workspace = true, features = ["derive"] }
serde-wasm-bindgen = { workspace = true }
thiserror = { workspace = true }
+3 -1
View File
@@ -17,7 +17,9 @@ log = { workspace = true }
serde = { workspace = true, features = ["derive"] }
thiserror = { workspace = true }
nym-config = { path = "../config" }
nym-crypto = { path = "../crypto", features = ["asymmetric"] }
nym-network-defaults = { path = "../network-defaults" }
# feature-specific dependencies:
@@ -32,7 +34,7 @@ serde_json = { workspace = true, optional = true }
x25519-dalek = { version = "2.0.0", features = ["static_secrets"] }
[dev-dependencies]
rand = "0.8.5"
rand = "0.7.3"
nym-crypto = { path = "../crypto", features = ["rand"]}
+23
View File
@@ -0,0 +1,23 @@
// Copyright 2024 - Nym Technologies SA <contact@nymtech.net>
// SPDX-License-Identifier: Apache-2.0
use std::net::{IpAddr, SocketAddr};
#[derive(Copy, Clone, PartialEq, Eq, Hash, PartialOrd, Ord, Debug)]
pub struct Config {
/// Socket address this node will use for binding its wireguard interface.
/// default: `0.0.0.0:51822`
pub bind_address: SocketAddr,
/// Private IP address of the wireguard gateway.
/// default: `10.1.0.1`
pub private_ip: IpAddr,
/// Port announced to external clients wishing to connect to the wireguard interface.
/// Useful in the instances where the node is behind a proxy.
pub announced_port: u16,
/// The prefix denoting the maximum number of the clients that can be connected via Wireguard.
/// The maximum value for IPv4 is 32 and for IPv6 is 128
pub private_network_prefix: u8,
}
+37 -1
View File
@@ -1,15 +1,51 @@
// Copyright 2023 - Nym Technologies SA <contact@nymtech.net>
// SPDX-License-Identifier: Apache-2.0
use dashmap::DashMap;
use nym_crypto::asymmetric::encryption::KeyPair;
use std::sync::Arc;
pub mod config;
pub mod error;
pub mod public_key;
pub mod registration;
pub use config::Config;
pub use error::Error;
pub use public_key::PeerPublicKey;
pub use registration::{
ClientMac, ClientMessage, ClientRegistrationResponse, GatewayClient, InitMessage, Nonce,
ClientMac, ClientMessage, ClientRegistrationResponse, GatewayClient, GatewayClientRegistry,
InitMessage, Nonce,
};
#[cfg(feature = "verify")]
pub use registration::HmacSha256;
#[derive(Clone)]
pub struct WireguardGatewayData {
config: Config,
keypair: Arc<KeyPair>,
client_registry: Arc<GatewayClientRegistry>,
}
impl WireguardGatewayData {
pub fn new(config: Config, keypair: Arc<KeyPair>) -> Self {
WireguardGatewayData {
config,
keypair,
client_registry: Arc::new(DashMap::default()),
}
}
pub fn config(&self) -> Config {
self.config
}
pub fn keypair(&self) -> &Arc<KeyPair> {
&self.keypair
}
pub fn client_registry(&self) -> &Arc<GatewayClientRegistry> {
&self.client_registry
}
}
+4
View File
@@ -24,6 +24,10 @@ impl PeerPublicKey {
pub fn as_bytes(&self) -> &[u8] {
self.0.as_bytes()
}
pub fn inner(&self) -> PublicKey {
self.0
}
}
impl fmt::Display for PeerPublicKey {
+2 -4
View File
@@ -12,7 +12,7 @@ use std::{fmt, ops::Deref, str::FromStr};
#[cfg(feature = "verify")]
use hmac::{Hmac, Mac};
#[cfg(feature = "verify")]
use nym_crypto::asymmetric::encryption::{PrivateKey, PublicKey};
use nym_crypto::asymmetric::encryption::PrivateKey;
#[cfg(feature = "verify")]
use sha2::Sha256;
@@ -87,7 +87,7 @@ impl GatewayClient {
#[cfg(feature = "verify")]
pub fn new(
local_secret: &PrivateKey,
remote_public: PublicKey,
remote_public: x25519_dalek::PublicKey,
private_ip: IpAddr,
nonce: u64,
) -> Self {
@@ -96,8 +96,6 @@ impl GatewayClient {
let static_secret = x25519_dalek::StaticSecret::from(local_secret.to_bytes());
let local_public: x25519_dalek::PublicKey = (&static_secret).into();
let remote_public = x25519_dalek::PublicKey::from(remote_public.to_bytes());
let dh = static_secret.diffie_hellman(&remote_public);
// TODO: change that to use our nym_crypto::hmac module instead
+15 -18
View File
@@ -3,40 +3,37 @@
// #![warn(clippy::expect_used)]
// #![warn(clippy::unwrap_used)]
pub mod setup;
/// Start wireguard device
#[cfg(target_os = "linux")]
pub async fn start_wireguard(
mut task_client: nym_task::TaskClient,
_gateway_client_registry: std::sync::Arc<
nym_wireguard_types::registration::GatewayClientRegistry,
>,
wireguard_data: std::sync::Arc<nym_wireguard_types::WireguardGatewayData>,
) -> Result<defguard_wireguard_rs::WGApi, Box<dyn std::error::Error + Send + Sync + 'static>> {
use crate::setup::{peer_allowed_ips, peer_static_public_key, PRIVATE_KEY};
use base64::{prelude::BASE64_STANDARD, Engine};
use defguard_wireguard_rs::{
host::Peer, key::Key, net::IpAddrMask, InterfaceConfiguration, WGApi, WireguardInterfaceApi,
};
use nym_network_defaults::{WG_PORT, WG_TUN_DEVICE_ADDRESS};
let mut peers = vec![];
for peer_client in wireguard_data.client_registry().iter() {
let mut peer = Peer::new(Key::new(peer_client.pub_key.to_bytes()));
let peer_ip_mask = IpAddrMask::new(peer_client.private_ip, 32);
peer.set_allowed_ips(vec![peer_ip_mask]);
peers.push(peer);
}
let ifname = String::from("wg0");
let wgapi = WGApi::new(ifname.clone(), false)?;
wgapi.create_interface()?;
let interface_config = InterfaceConfiguration {
name: ifname.clone(),
prvkey: PRIVATE_KEY.to_string(),
address: WG_TUN_DEVICE_ADDRESS.to_string(),
port: WG_PORT as u32,
peers: vec![],
prvkey: BASE64_STANDARD.encode(wireguard_data.keypair().private_key().to_bytes()),
address: wireguard_data.config().private_ip.to_string(),
port: wireguard_data.config().announced_port as u32,
peers,
};
wgapi.configure_interface(&interface_config)?;
let peer = peer_static_public_key();
let mut peer = Peer::new(Key::new(peer.to_bytes()));
let peer_ip = peer_allowed_ips();
let peer_ip_mask = IpAddrMask::new(peer_ip.network_address(), peer_ip.netmask());
peer.set_allowed_ips(vec![peer_ip_mask]);
wgapi.configure_peer(&peer)?;
wgapi.configure_peer_routing(&[peer.clone()])?;
// wgapi.configure_peer_routing(&peers)?;
tokio::spawn(async move { task_client.recv().await });
-56
View File
@@ -1,56 +0,0 @@
use std::net::IpAddr;
use base64::{engine::general_purpose, Engine as _};
use log::info;
// The wireguard UDP listener
pub const WG_ADDRESS: &str = "0.0.0.0";
// The private key of the listener
// Corresponding public key: "WM8s8bYegwMa0TJ+xIwhk+dImk2IpDUKslDBCZPizlE="
pub(crate) const PRIVATE_KEY: &str = "AEqXrLFT4qjYq3wmX0456iv94uM6nDj5ugp6Jedcflg=";
// The AllowedIPs for the connected peer, which is one a single IP and the same as the IP that the
// peer has configured on their side.
const ALLOWED_IPS: &str = "10.1.0.2";
fn decode_base64_key(base64_key: &str) -> [u8; 32] {
general_purpose::STANDARD
.decode(base64_key)
.unwrap()
.try_into()
.unwrap()
}
pub fn server_static_private_key() -> x25519_dalek::StaticSecret {
// TODO: this is a temporary solution for development
let static_private_bytes: [u8; 32] = decode_base64_key(PRIVATE_KEY);
let static_private = x25519_dalek::StaticSecret::from(static_private_bytes);
let static_public = x25519_dalek::PublicKey::from(&static_private);
info!(
"wg public key: {}",
general_purpose::STANDARD.encode(static_public)
);
static_private
}
pub fn peer_static_public_key() -> x25519_dalek::PublicKey {
// A single static public key is used during development
// Read from NYM_PEER_PUBLIC_KEY env variable
let peer = std::env::var("NYM_PEER_PUBLIC_KEY").expect("NYM_PEER_PUBLIC_KEY must be set");
let peer_static_public_bytes: [u8; 32] = decode_base64_key(&peer);
let peer_static_public = x25519_dalek::PublicKey::from(peer_static_public_bytes);
info!(
"Adding wg peer public key: {}",
general_purpose::STANDARD.encode(peer_static_public)
);
peer_static_public
}
pub fn peer_allowed_ips() -> ip_network::IpNetwork {
let key: IpAddr = ALLOWED_IPS.parse().unwrap();
let cidr = 32u8;
ip_network::IpNetwork::new_truncate(key, cidr).unwrap()
}
+348 -284
View File
File diff suppressed because it is too large Load Diff
+1 -1
View File
@@ -32,7 +32,7 @@ cw-multi-test = { workspace = true }
cw3-flex-multisig = { path = "../multisig/cw3-flex-multisig" }
cw4-group = { path = "../multisig/cw4-group" }
rand_chacha = "0.3"
rand_chacha = "0.2"
[[test]]
name = "coconut-test"
@@ -25,7 +25,7 @@ nym-vesting-contract = { path = "../vesting" }
nym-crypto = { path = "../../common/crypto", features = ["asymmetric", "rand"] }
# external dependencies
rand_chacha = "0.3"
rand_chacha = "0.2"
[[test]]
name = "mixnet-vesting-test"
+1 -1
View File
@@ -44,7 +44,7 @@ time = { version = "0.3", features = ["macros"] }
semver = { workspace = true, default-features = false }
[dev-dependencies]
rand_chacha = "0.3"
rand_chacha = "0.2"
nym-crypto = { path = "../../common/crypto", features = ["asymmetric", "rand"] }
[build-dependencies]
+1 -1
View File
@@ -33,7 +33,7 @@ cw-multi-test = { workspace = true }
nym-crypto = { path = "../../common/crypto", features = ["asymmetric", "rand"] }
nym-sphinx-addressing = { path = "../../common/nymsphinx/addressing" }
rand = "0.8.5"
rand_chacha = "0.3"
rand_chacha = "0.2"
rstest = "0.17.0"
[features]
@@ -31,7 +31,7 @@ vergen = { version = "=7.4.3", default-features = false, features = ["build", "g
anyhow = "1.0.40"
cw-multi-test = { workspace = true }
nym-crypto = { path = "../../common/crypto", features = ["asymmetric", "rand"] }
rand_chacha = "0.3"
rand_chacha = "0.2"
rstest = "0.17.0"
[features]
+3 -6
View File
@@ -27,15 +27,13 @@
- [Maintenance](nodes/maintenance.md)
- [Manual Node Upgrade](nodes/manual-upgrade.md)
- [Automatic Node Upgrade: Nymvisor Setup and Usage](nodes/nymvisor-upgrade.md)
- [Performance Monitoring & Testing](testing/performance.md)
<!--- [Node Setup](testing/node-setup.md)-->
- [Gateway Probe](testing/gateway-probe.md)
- [Performance Testing](testing/performance.md)
- [Node Setup](testing/node-setup.md)
- [Metrics Monitoring](testing/templates.md)
- [Prometheus & Grafana](testing/prometheus-grafana.md)
- [ExploreNYM scripts](testing/explorenym-scripts.md)
<!-- - [Run in a Docker](testing/docker-monitor.md) -->
# Troubleshooting
- [VPS Setup](troubleshooting/vps-isp.md)
@@ -58,7 +56,6 @@
- [Exit Gateway](legal/exit-gateway.md)
- [Community Counsel](legal/community-counsel.md)
- [ISP List](legal/isp-list.md)
- [Jurisdictions](legal/jurisdictions.md)
- [Switzerland](legal/swiss.md)
- [United States](legal/united-states.md)
@@ -1,8 +0,0 @@
**ISP**,**Locations**,**Public IPv6**,**Crypto Payments**,**Comments**,**Last Updated**
[Flokinet](https://flokinet.is),"Netherlands, Iceland, Romania,France","Yes, needs a ticket and custom setup","yes, including XMR","Very slow customer support","05/2024"
[BitLaunch](https://bitlaunch.io),"Canada, USA, UK","No","Yes","Expensive. Digial Ocean through BitLanch has IPv6","05/2024"
[Hostinger](https://hostinger.com),"France, Lithuania, India, USA, Brazil","Yes, out of the box","Yes","Crypto payments must be done per each server monthly or annually.","05/2024"
[Linode](https://linode.com),"USA, Canada, Japan, India, Indonesia, Sweden, Netherlands, Germany, Brazil, France, UK, Australia, Italy","Yes out of the box","No, only through [BitLAunch](https://bitlaunch.io)","IPv6 sometimes need to be re-added in Networking tab, no reboot needed","05/2024"
[Cherry Servers](https://www.cherryservers.com),"Lithuania, Netherlands, USA, Singapore","No","Yes","Issued IP doesnt match the location offered by the provider.","05/2024"
[Njalla](https://nja.la),"Sweden","Yes","Yes","Privacy vandguards! The biggest VPS 45 is 3 cores only, but it works better than many “larger” servers on the market.","05/2024"
[HostSailor](https://hostsailor.com),"USA","Yes, based on ticket","Yes","The IPv6 setup needs custom research and is not documented","05/2024"
1 **ISP** **Locations** **Public IPv6** **Crypto Payments** **Comments** **Last Updated**
2 [Flokinet](https://flokinet.is) Netherlands, Iceland, Romania,France Yes, needs a ticket and custom setup yes, including XMR Very slow customer support 05/2024
3 [BitLaunch](https://bitlaunch.io) Canada, USA, UK No Yes Expensive. Digial Ocean through BitLanch has IPv6 05/2024
4 [Hostinger](https://hostinger.com) France, Lithuania, India, USA, Brazil Yes, out of the box Yes Crypto payments must be done per each server monthly or annually. 05/2024
5 [Linode](https://linode.com) USA, Canada, Japan, India, Indonesia, Sweden, Netherlands, Germany, Brazil, France, UK, Australia, Italy Yes out of the box No, only through [BitLAunch](https://bitlaunch.io) IPv6 sometimes need to be re-added in Networking tab, no reboot needed 05/2024
6 [Cherry Servers](https://www.cherryservers.com) Lithuania, Netherlands, USA, Singapore No Yes Issued IP doesn’t match the location offered by the provider. 05/2024
7 [Njalla](https://nja.la) Sweden Yes Yes Privacy vandguards! The biggest VPS 45 is 3 cores only, but it works better than many “larger” servers on the market. 05/2024
8 [HostSailor](https://hostsailor.com) USA Yes, based on ticket Yes The IPv6 setup needs custom research and is not documented 05/2024
@@ -1,25 +0,0 @@
# Where to host your `nym-node`?
```admonish info
The entire content of this page is under [Creative Commons Attribution 4.0 International Public License](https://creativecommons.org/licenses/by/4.0/).
```
Inspired by a valuable resource, done by Tor community - [*Good Bad ISPs*](https://community.torproject.org/relay/community-resources/good-bad-isps/), LunarDAO squad initiated a table customised for Nym Exit Gateways operators.
This ISP list is fully managed by Nym operator community and it serves as a space to share their experience of running Exit Gateways on various Internet Service Providers (ISPs). The ISPs greatly differ in regards to services they offer as well as to their openess of hosting exit routing software.
Please share any experiences running a node like policies, complains, legal issues and solutions, discrepancy between offers and reality (bandwidth, IP range, locations) or anything regarding pricing or customer support.
If you came across any legal findings, please share them in our [list of jurisdictions](jurisdictions.md).
While we trust that Nym node operators are honest, we would like to ask everyone to do your own research.
```admonish caution title=""
To edit or add information to the ISP list, make changes to the csv file located [here](https://github.com/nymtech/nym/blob/develop/documentation/operators/src/data/isp-sheet.csv) and submit your edits as a pull request according to [this guide](add-content.md).
```
```admonish note title=""
As of now the list is quite short. When it grows, we can divide it according the localities of the listed ISPs.
```
<!--cmdrun python3 ../../../scripts/csv2md.py ../data/isp-sheet.csv -s 0 -->
+2 -2
View File
@@ -148,8 +148,8 @@ Options:
Specifies whether the wireguard service is enabled on this node [env: NYMNODE_WG_ENABLED=] [possible values: true, false]
--wireguard-bind-address <WIREGUARD_BIND_ADDRESS>
Socket address this node will use for binding its wireguard interface. default: `0.0.0.0:51822` [env: NYMNODE_WG_BIND_ADDRESS=]
--wireguard-private-network-ip <WIREGUARD_PRIVATE_NETWORK_IP>
Ip address of the private wireguard network. default: `10.1.0.0` [env: NYMNODE_WG_IP_NETWORK=]
--wireguard-private-gw-ip <WIREGUARD_PRIVATE_IP>
Private IP address of the wireguard gateway. default: `10.1.0.1` [env: NYMNODE_WG_IP=]
--wireguard-announced-port <WIREGUARD_ANNOUNCED_PORT>
Port announced to external clients wishing to connect to the wireguard interface. Useful in the instances where the node is behind a proxy [env: NYMNODE_WG_ANNOUNCED_PORT=]
--wireguard-private-network-prefix <WIREGUARD_PRIVATE_NETWORK_PREFIX>
@@ -10,9 +10,9 @@ A suboptimally configured VPS often results in a non-functional node. To follow
You will need to rent a VPS to run your node on. One key reason for this is that your node **must be able to send TCP data using both IPv4 and IPv6** (as other nodes you talk to may use either protocol).
Tor community created a very helpful table called [*Good Bad ISPs*](https://community.torproject.org/relay/community-resources/good-bad-isps/), you can use that one as a guideline for your choice of ISP for your VPS.
Tor community created a very helpful table called [*Good Bad ISPs*](https://community.torproject.org/relay/community-resources/good-bad-isps/), use that one as a guideline for your choice of ISP for your VPS.
**Update:** Nym community started an ISP table called [*Where to host your nym node?*](../legal/isp-list.md), check it out and add your findings!
Currently we run [performance testing](../testing/performance.md) events to find out the best optimization. Sphinx packet decryption is CPU-bound, so more fast cores the better throughput.
### `nym-node`
@@ -1,79 +0,0 @@
# Nym Gateway Probe
Nym Node operators running Gateway functionality are already familiar with the monitoring tool [Harbourmaster.nymtech.net](https://harbourmaster.nymtech.net). Under the hood of Nym Harbourmaster runs iterations of `nym-gateway-probe` doing various checks and displaying the results on the interface. Operators don't have to rely on the probe ran by Nym and wait for the data to refresh. With `nym-gateway-probe` everyone can check any Gateway's networking status from their own computer at any time. In one command the client queries data from:
- [`nym-api`](https://validator.nymtech.net/api/)
- [`explorer-api`](https://explorer.nymtech.net/api/)
- [`harbour-master`](https://harbourmaster.nymtech.net/)
## Preparation
We recommend to have install all [the prerequisites](../binaries/building-nym.md#prerequisites) needed to build `nym-node` from source including latest [Rust Toolchain](https://www.rust-lang.org/tools/install).
## Installation
`nym-gateway-probe` source code is in [`nym-vpn-client`](https://github.com/nymtech/nym-vpn-client) repository. The client needs to be build from source.
1. Clone the repository:
```sh
git clone https://github.com/nymtech/nym-vpn-client.git
```
2. Build `nym-gateway-probe`:
```sh
cd nym-vpn-client
cargo build --release -p nym-gateway-probe
```
## Running the client
```sh
./target/release/nym-gateway-probe --help
```
~~~admonish collapsible=true
```
Usage: nym-gateway-probe [OPTIONS]
Options:
-c, --config-env-file <CONFIG_ENV_FILE> Path pointing to an env file describing the network
-g, --gateway <GATEWAY>
-n, --no-log
-h, --help Print help
-V, --version Print version
```
~~~
To run the client, simply add a flag `--gateway` with a targeted gateway identity key.
```sh
./target/release/nym-gateway-probe --gateway <GATEWAY_IDENTITY_KEY>
```
For any `nym-node --mode exit-gateway` the aim is to have this outcome:
```sh
{
"gateway": "<GATEWAY_IDENTITY_KEY>",
"outcome": {
"as_entry": {
"can_connect": true,
"can_route": true
},
"as_exit": {
"can_connect": true,
"can_route_ip_v4": true,
"can_route_ip_external_v4": true,
"can_route_ip_v6": true,
"can_route_ip_external_v6": true
}
}
}
```
If you don't provide a `--gateway` flag it will pick a random one to test.
@@ -1,14 +1,10 @@
# Node Setup for Performance Testing Event
```admonish info
For the moment we paused Fast and Furious `perf` environment. Nym Mainnet environment will be used for future tests, please wait for further instructions.
```
To join the [Performance testing event]({{performance_testing_webpage}}) node operators need to do proceed with the following tasks:
1. **[Sign their node]({{performance_testing_webpage}}) into the testing environment**
2. **[Configure their node](#node-configuration) for the test**
3. (*Not mandatory*) [Setup metric monitoring system](performance.md#monitoring) to observe node performance at any time
3. (*Not mandatory*) [Setup metric monitoring system](templates.md) to observe node performance at any time
## Node Configuration
@@ -1,34 +1,8 @@
# Performance Monitoring & Testing
# Performance Testing
Nym Mixnet has been running on mainnet for quite some time. There is still work to be done in order for the network to meet its full potential - mass adoption of privacy through fully distributed Mixnet.
> To configure your node for a testing event, visit [node setup page](node-setup.md).
As developers we need to be constantly improving the software. Operators have as much important role, keep their nodes up to date, monitor their performance and share their feedback with the rest of the community and core developers.
Therefore [monitoring](#monitoring) and [testing](#testing) are essential pieces of our common work. We call out all Nym operators to join the efforts!
## Monitoring
There are multiple ways to monitor performance of nodes and the machines on which they run. For the purpose of maximal privacy and decentralisation of the data - preventing Nym Mixnet from any global adversary takeover - we created these pages as a source of mutual empowerment, a place where operators can share and learn new skills to **setup metrics monitors on their own infrastructure**.
### Guides to Setup Own Metrics
A list of different scripts, templates and guides for easier navigation:
* [`nym-gateway-probe`](gateway-probe.md) - a useful tool used under the hood of [harbourmaster.nymtech.net](https://harbourmaster.nymtech.net)
* [Prometheus and Grafana](prometheus-grafana.md) self-hosted setup
* [Nym-node CPU cron service](https://gist.github.com/tommyv1987/97e939a7adf491333d686a8eaa68d4bd) - an easy bash script by Nym core developer [@tommy1987](https://gist.github.com/tommyv1987), designed to monitor a CPU usage of your node, running locally
* Nym's script [`prom_targets.py`](https://github.com/nymtech/nym/blob/develop/scripts/prom_targets.py) - a useful python program to request data from API and can be run on its own or plugged to more sophisticated flows
### Collecting Testing Metrics
For the purpose of the performance testing Nym core developers plan to run instances of Prometheus and Grafana connected to Node explorer in the house. The network overall key insights we seek from these tests are primarily internal. We're focused on pinpointing bottlenecks, capacity loads, and monitoring cpu usage on the nodes' machines.
## Testing
```admonish info
For the moment we paused Fast and Furious `perf` environment. Nym Mainnet environment will be used for future tests, please wait for further instructions.
```
Nym Mixnet has been running on mainnet for quite some time. There is still work to be done in order for the network to meet its full potential - mass adoption of privacy through fully distributed Mixnet.
Nym asks its decentralised community of operators to join a series of performance testing events in order to **increase the overall quality of the Mixnet**. The main takeaways of such event are:
@@ -47,7 +21,7 @@ Visit [Fast and Furious web page]({{performance_testing_webpage}}) and [Nym Harb
* Nym runs a paralel network environment [validator.performance.nymte.ch]({{performance_validator}}) with a chain ID `perf`
* Operators of Nym Nodes join by following easy steps on [performance testing web page]({{performance_testing_webpage}}), including simplified node authentication signature (while keep running their nodes on the mainnet)
* Once signed in, operators will be asked to swap their binary for the modified version with metrics endpoint to be able to connect their own [monitoring system](#monitoring)
* Once signed in, operators will be asked to swap their binary for the modified version with metrics endpoint to be able to connect their own [monitoring system](templates.md)
* Core node data will be fed to a unique mixnet contract for the `perf` side chain
* Nym starts a new API and start packet transition in high load through these nodes in both settings
* Nym tracks packet flow using Prometheus and Grafana
@@ -57,5 +31,4 @@ Visit [Fast and Furious web page]({{performance_testing_webpage}}) and [Nym Harb
## More Information
* What happens after the test or what operators get for participating is shared up to date on the [performance testing web page]({{performance_testing_webpage}})
* Visit our guides to [setup metrics template](templates.md) and learn how to operate them in self-custodial way
@@ -16,8 +16,6 @@ Begin with the steps listed in [*Connectivity Test and Configuration*](../nodes/
2. Checkout your VPS dashboard and make sure your IPv6-public enabled.
3. If you are able to add IPv6 address `/64` range, do it.
**Update:** Nym community started an ISP table called [*Where to host your nym node?*](../legal/isp-list.md), check it out and add your findings!
![](../images/ipv6_64.png)
4. Search or ask your ISP for additional documentation related to IPv6 routing and ask them to provide you with `IPv6 IP address` and `IPv6 IP gateway address`
-59
View File
@@ -1,59 +0,0 @@
#!/usr/bin/python3
"""CLI to display .csv files as markdown"""
import argparse
import pandas as pd
import sys
import csv
def create_table(args):
"""Imports csv and creates a table"""
file = args.file
csv = pd.read_csv(file)
if args.sort != None:
csv = csv.sort_values(csv.columns[args.sort])
if args.table:
table = csv.to_markdown(tablefmt="grid", index=args.index)
else:
table = csv.to_markdown(index=args.index)
return table
def display_file(args):
"""Display csv file as a table"""
table = create_table(args)
print(table)
def panic(msg):
"""Error message print"""
print(f"error: {msg}", file=sys.stderr)
sys.exit(-1)
def parser_main():
"""Main function initializing ArgumentParser, storing arguments and executing commands."""
# Top level parser
parser = argparse.ArgumentParser(
prog='CSV2MD',
description='''Displays .csv files in markdown''',
epilog='''Code is power!'''
)
# Parser arguments
parser.add_argument("-V","--version", action="version", version='%(prog)s 1.1.0')
parser.add_argument("file", help="path/to/file.csv")
parser.add_argument("-t","--table", default=False, action="store_true", help="output with a tabulate option for terminal reading - does not render in mdbook")
parser.add_argument("-i","--index", default=False, action="store_true", help="output with an index column")
parser.add_argument("-s","--sort", type=int, help="supply with column index to sort your output accordingly (ascending way)")
parser.set_defaults(func=display_file)
args = parser.parse_args()
try:
args.func(args)
except AttributeError as e:
msg = f"{e}.\nPlease run with --help or read the error message in case your .csv file is corrupted."
panic(msg)
if __name__ == '__main__':
parser_main()
+2 -2
View File
@@ -4,7 +4,7 @@
[package]
name = "nym-gateway"
license = "GPL-3.0"
version = "1.1.36"
version = "1.1.37"
authors = [
"Dave Hrycyszyn <futurechimp@users.noreply.github.com>",
"Jędrzej Stuczyński <andrew@nymtech.net>",
@@ -30,7 +30,7 @@ humantime-serde = { workspace = true }
ipnetwork = "0.16"
log = { workspace = true }
once_cell = "1.7.2"
rand = { workspace = true }
rand = "0.7"
serde = { workspace = true, features = ["derive"] }
serde_json = { workspace = true }
sqlx = { workspace = true, features = [
+1 -1
View File
@@ -15,7 +15,7 @@ bs58 = { workspace = true }
futures = { workspace = true }
generic-array = { workspace = true, features = ["serde"] }
log = { workspace = true }
rand = { workspace = true }
rand = { version = "0.7.3", features = ["wasm-bindgen"] }
serde = { workspace = true, features = ["derive"] }
serde_json = { workspace = true }
thiserror = { workspace = true }
@@ -82,10 +82,8 @@ impl SharedKeys {
)
}
};
let mac = compute_keyed_hmac::<GatewayIntegrityHmacAlgorithm>(
self.mac_key().as_slice(),
&encrypted_data,
);
let mac =
compute_keyed_hmac::<GatewayIntegrityHmacAlgorithm>(self.mac_key(), &encrypted_data);
mac.into_bytes().into_iter().chain(encrypted_data).collect()
}
@@ -104,7 +102,7 @@ impl SharedKeys {
let message_bytes = &enc_data[mac_size..];
if !recompute_keyed_hmac_and_verify_tag::<GatewayIntegrityHmacAlgorithm>(
self.mac_key().as_slice(),
self.mac_key(),
message_bytes,
mac_tag,
) {
+1 -1
View File
@@ -421,7 +421,7 @@ impl BinaryResponse {
let message_bytes = &raw_req[mac_size..];
if !recompute_keyed_hmac_and_verify_tag::<GatewayIntegrityHmacAlgorithm>(
shared_keys.mac_key().as_slice(),
shared_keys.mac_key(),
message_bytes,
mac_tag,
) {
+2 -2
View File
@@ -84,13 +84,13 @@ fn try_upgrade_v1_1_29_config(id: &str) -> Result<bool, GatewayError> {
}
fn try_upgrade_v1_1_31_config(id: &str) -> Result<bool, GatewayError> {
// explicitly load it as v1.1.30 (which is incompatible with the current, i.e. 1.1.31+)
// explicitly load it as v1.1.35 (which is incompatible with the current, i.e. 1.1.36+)
let Ok(old_config) = ConfigV1_1_31::read_from_default_path(id) else {
// if we failed to load it, there might have been nothing to upgrade
// or maybe it was an even older file. in either way. just ignore it and carry on with our day
return Ok(false);
};
info!("It seems the gateway is using <= v1.1.30 config template.");
info!("It seems the gateway is using <= v1.1.35 config template.");
info!("It is going to get updated to the current specification.");
let updated: Config = old_config.into();
+2 -45
View File
@@ -11,7 +11,7 @@ use nym_config::{
must_get_home, read_config_from_toml_file, save_formatted_config_to_file, NymConfigTemplate,
DEFAULT_CONFIG_DIR, DEFAULT_CONFIG_FILENAME, DEFAULT_DATA_DIR, NYM_DIR,
};
use nym_network_defaults::{mainnet, DEFAULT_NYM_NODE_HTTP_PORT, WG_PORT};
use nym_network_defaults::{mainnet, DEFAULT_NYM_NODE_HTTP_PORT};
use serde::{Deserialize, Serialize};
use std::io;
use std::net::{IpAddr, Ipv4Addr, SocketAddr};
@@ -20,7 +20,7 @@ use std::time::Duration;
use url::Url;
use zeroize::{Zeroize, ZeroizeOnDrop};
pub use crate::config::persistence::paths::{GatewayPaths, WireguardPaths};
pub use crate::config::persistence::paths::GatewayPaths;
pub mod old_config_v1_1_20;
pub mod old_config_v1_1_28;
@@ -85,10 +85,6 @@ pub struct Config {
pub gateway: Gateway,
// currently not really used for anything useful
#[serde(default)]
pub wireguard: Wireguard,
pub storage_paths: GatewayPaths,
pub network_requester: NetworkRequester,
@@ -121,7 +117,6 @@ impl Config {
},
http: Default::default(),
gateway: default_gateway,
wireguard: Default::default(),
storage_paths: GatewayPaths::new_default(id.as_ref()),
network_requester: Default::default(),
ip_packet_router: Default::default(),
@@ -135,7 +130,6 @@ impl Config {
host: impl Into<Host>,
http: impl Into<Http>,
gateway: impl Into<Gateway>,
wireguard: impl Into<Wireguard>,
storage_paths: impl Into<GatewayPaths>,
network_requester: impl Into<NetworkRequester>,
ip_packet_router: impl Into<IpPacketRouter>,
@@ -147,7 +141,6 @@ impl Config {
host: host.into(),
http: http.into(),
gateway: gateway.into(),
wireguard: wireguard.into(),
storage_paths: storage_paths.into(),
network_requester: network_requester.into(),
ip_packet_router: ip_packet_router.into(),
@@ -262,8 +255,6 @@ impl Config {
let http_port = self.http.bind_address.port();
self.http.bind_address = SocketAddr::new(listening_address, http_port);
let wg_port = self.wireguard.bind_address.port();
self.wireguard.bind_address = SocketAddr::new(listening_address, wg_port);
self
}
@@ -347,40 +338,6 @@ impl Default for Http {
}
}
#[derive(Debug, Deserialize, PartialEq, Serialize)]
#[serde(deny_unknown_fields)]
pub struct Wireguard {
/// Specifies whether the wireguard service is enabled on this node.
pub enabled: bool,
/// Socket address this node will use for binding its wireguard interface.
/// default: `0.0.0.0:51822`
pub bind_address: SocketAddr,
/// Port announced to external clients wishing to connect to the wireguard interface.
/// Useful in the instances where the node is behind a proxy.
pub announced_port: u16,
/// The prefix denoting the maximum number of the clients that can be connected via Wireguard.
/// The maximum value for IPv4 is 32 and for IPv6 is 128
pub private_network_prefix: u8,
/// Paths for wireguard keys, client registries, etc.
pub storage_paths: WireguardPaths,
}
impl Default for Wireguard {
fn default() -> Self {
Wireguard {
enabled: false,
bind_address: SocketAddr::new(IpAddr::V4(Ipv4Addr::UNSPECIFIED), WG_PORT),
announced_port: WG_PORT,
private_network_prefix: 16,
storage_paths: WireguardPaths {},
}
}
}
// we only really care about the mnemonic being zeroized
#[derive(Debug, Deserialize, PartialEq, Eq, Serialize, Zeroize, ZeroizeOnDrop)]
pub struct Gateway {
+3 -13
View File
@@ -1,8 +1,6 @@
// Copyright 2020-2023 - Nym Technologies SA <contact@nymtech.net>
// SPDX-License-Identifier: GPL-3.0-only
use crate::config::persistence::paths::{GatewayPaths, WireguardPaths};
use nym_bin_common::logging::LoggingSettings;
use nym_config::{
must_get_home, read_config_from_toml_file, DEFAULT_CONFIG_DIR, DEFAULT_CONFIG_FILENAME, NYM_DIR,
};
@@ -14,8 +12,9 @@ use std::path::{Path, PathBuf};
use std::time::Duration;
use url::Url;
use super::persistence::paths::KeysPaths;
use super::{Config, Debug, Gateway, Host, Http, NetworkRequester, Wireguard};
use super::{Host, Http};
use crate::config::persistence::paths::KeysPaths;
use crate::config::{Config, Debug, Gateway, GatewayPaths, LoggingSettings, NetworkRequester};
const DEFAULT_GATEWAYS_DIR: &str = "gateways";
@@ -125,15 +124,6 @@ impl From<ConfigV1_1_31> for Config {
nyxd_urls: value.gateway.nyxd_urls,
cosmos_mnemonic: value.gateway.cosmos_mnemonic,
},
wireguard: Wireguard {
enabled: value.wireguard.enabled,
bind_address: value.wireguard.bind_address,
announced_port: value.wireguard.announced_port,
private_network_prefix: Default::default(),
storage_paths: WireguardPaths {
// no fields (yet)
},
},
storage_paths: GatewayPaths {
keys: KeysPaths {
private_identity_key_file: value.storage_paths.keys.private_identity_key_file,
-12
View File
@@ -169,15 +169,3 @@ impl KeysPaths {
&self.public_sphinx_key_file
}
}
#[derive(Debug, Clone, Deserialize, PartialEq, Eq, Serialize)]
#[serde(deny_unknown_fields)]
pub struct WireguardPaths {
// pub keys:
}
impl WireguardPaths {
pub fn new_empty() -> Self {
WireguardPaths {}
}
}
+22
View File
@@ -63,6 +63,17 @@ pub enum GatewayError {
source: io::Error,
},
#[error(
"failed to load config file for wireguard (gateway-id: '{id}') using path '{}'. detailed message: {source}",
path.display()
)]
WireguardConfigLoadFailure {
id: String,
path: PathBuf,
#[source]
source: io::Error,
},
#[error(
"failed to save config file for id {id} using path '{}'. detailed message: {source}", path.display()
)]
@@ -167,6 +178,17 @@ pub enum GatewayError {
#[cfg(all(feature = "wireguard", target_os = "linux"))]
#[error("failed to remove wireguard interface: {0}")]
WireguardInterfaceError(#[from] defguard_wireguard_rs::error::WireguardInterfaceError),
#[cfg(all(feature = "wireguard", target_os = "linux"))]
#[error("wireguard not set")]
WireguardNotSet,
#[cfg(all(feature = "wireguard", target_os = "linux"))]
#[error("failed to catch an interrupt: {source}")]
StdError {
#[source]
source: Box<dyn std::error::Error + Send + Sync>,
},
}
impl From<ClientCoreError> for GatewayError {
+8 -34
View File
@@ -4,7 +4,6 @@
use crate::config::Config;
use crate::error::GatewayError;
use crate::helpers::load_public_key;
use ipnetwork::IpNetwork;
use log::{debug, error, warn};
use nym_bin_common::bin_info_owned;
use nym_crypto::asymmetric::{encryption, identity};
@@ -12,30 +11,19 @@ use nym_network_requester::RequestFilter;
use nym_node_http_api::api::api_requests;
use nym_node_http_api::api::api_requests::v1::network_requester::exit_policy::models::UsedExitPolicy;
use nym_node_http_api::api::api_requests::SignedHostInformation;
use nym_node_http_api::router::WireguardAppState;
use nym_node_http_api::NymNodeHttpError;
use nym_sphinx::addressing::clients::Recipient;
use nym_task::TaskClient;
use nym_wireguard_types::registration::GatewayClientRegistry;
use std::net::{IpAddr, Ipv4Addr};
use nym_wireguard_types::WireguardGatewayData;
use std::sync::Arc;
fn load_gateway_details(
config: &Config,
) -> Result<api_requests::v1::gateway::models::Gateway, GatewayError> {
let wireguard = if config.wireguard.enabled {
Some(api_requests::v1::gateway::models::Wireguard {
port: config.wireguard.announced_port,
public_key: "placeholder key value".to_string(),
})
} else {
None
};
Ok(api_requests::v1::gateway::models::Gateway {
enforces_zk_nyms: config.gateway.only_coconut_credentials,
client_interfaces: api_requests::v1::gateway::models::ClientInterfaces {
wireguard,
wireguard: None,
mixnet_websockets: Some(api_requests::v1::gateway::models::WebSockets {
ws_port: config.gateway.clients_port,
wss_port: config.gateway.clients_wss_port,
@@ -154,7 +142,7 @@ pub(crate) struct HttpApiBuilder<'a> {
// TODO: this should be a wg specific key and not re-used sphinx
sphinx_keypair: Arc<encryption::KeyPair>,
client_registry: Option<Arc<GatewayClientRegistry>>,
wireguard_data: Option<Arc<WireguardGatewayData>>,
}
impl<'a> HttpApiBuilder<'a> {
@@ -170,7 +158,7 @@ impl<'a> HttpApiBuilder<'a> {
exit_policy: None,
identity_keypair,
sphinx_keypair,
client_registry: None,
wireguard_data: None,
}
}
@@ -235,11 +223,11 @@ impl<'a> HttpApiBuilder<'a> {
}
#[must_use]
pub(crate) fn with_wireguard_client_registry(
pub(crate) fn with_wireguard_data(
mut self,
client_registry: Arc<GatewayClientRegistry>,
wireguard_data: Option<Arc<WireguardGatewayData>>,
) -> Self {
self.client_registry = Some(client_registry);
self.wireguard_data = wireguard_data;
self
}
@@ -281,22 +269,8 @@ impl<'a> HttpApiBuilder<'a> {
)?);
}
let wireguard_private_network = IpNetwork::new(
IpAddr::from(Ipv4Addr::new(10, 1, 0, 0)),
self.gateway_config.wireguard.private_network_prefix,
)?;
let wg_state = self.client_registry.and_then(|client_registry| {
WireguardAppState::new(
client_registry,
Default::default(),
self.gateway_config.wireguard.bind_address.port(),
wireguard_private_network,
)
.ok()
});
let bind_address = self.gateway_config.http.bind_address;
let router = nym_node_http_api::NymNodeRouter::new(config, None, wg_state);
let router = nym_node_http_api::NymNodeRouter::new(config, None, None);
tokio::spawn(async move {
let server = match router.build_server(&bind_address).await {
+23 -15
View File
@@ -16,7 +16,6 @@ use crate::node::client_handling::websocket::connection_handler::coconut::Coconu
use crate::node::helpers::{initialise_main_storage, load_network_requester_config};
use crate::node::mixnet_handling::receiver::connection_handler::ConnectionHandler;
use crate::node::statistics::collector::GatewayStatisticsCollector;
use dashmap::DashMap;
use futures::channel::{mpsc, oneshot};
use log::*;
use nym_crypto::asymmetric::{encryption, identity};
@@ -28,7 +27,7 @@ use nym_task::{TaskClient, TaskHandle, TaskManager};
use nym_types::gateway::GatewayNodeDetailsResponse;
use nym_validator_client::nyxd::{Coin, CosmWasmClient};
use nym_validator_client::{nyxd, DirectSigningHttpRpcNyxdClient};
use nym_wireguard_types::registration::GatewayClientRegistry;
use nym_wireguard_types::WireguardGatewayData;
use rand::seq::SliceRandom;
use rand::thread_rng;
use std::net::SocketAddr;
@@ -126,9 +125,10 @@ pub struct Gateway<St = PersistentStorage> {
/// x25519 keypair used for Diffie-Hellman. Currently only used for sphinx key derivation.
sphinx_keypair: Arc<encryption::KeyPair>,
storage: St,
client_registry: Arc<GatewayClientRegistry>,
wireguard_data: Option<Arc<WireguardGatewayData>>,
run_http_server: bool,
task_client: Option<TaskClient>,
@@ -149,7 +149,7 @@ impl<St> Gateway<St> {
config,
network_requester_opts,
ip_packet_router_opts,
client_registry: Arc::new(DashMap::new()),
wireguard_data: None,
run_http_server: true,
task_client: None,
})
@@ -170,7 +170,7 @@ impl<St> Gateway<St> {
identity_keypair,
sphinx_keypair,
storage,
client_registry: Arc::new(DashMap::new()),
wireguard_data: None,
run_http_server: true,
task_client: None,
}
@@ -184,12 +184,14 @@ impl<St> Gateway<St> {
self.task_client = Some(task_client)
}
pub fn set_wireguard_client_registry(&mut self, client_registry: Arc<GatewayClientRegistry>) {
pub fn set_wireguard_data(&mut self, wireguard_data: Arc<WireguardGatewayData>) {
// sanity check:
if Arc::strong_count(&self.client_registry) != 1 {
panic!("the client registry is already being used elsewhere")
if let Some(wg_data) = self.wireguard_data.as_ref() {
if Arc::strong_count(wg_data) != 1 {
panic!("the client registry is already being used elsewhere")
}
}
self.client_registry = client_registry
self.wireguard_data = Some(wireguard_data)
}
pub async fn node_details(&self) -> Result<GatewayNodeDetailsResponse, GatewayError> {
@@ -230,7 +232,11 @@ impl<St> Gateway<St> {
&self,
shutdown: TaskClient,
) -> Result<defguard_wireguard_rs::WGApi, Box<dyn std::error::Error + Send + Sync>> {
nym_wireguard::start_wireguard(shutdown, Arc::clone(&self.client_registry)).await
if let Some(wireguard_data) = self.wireguard_data.as_ref() {
nym_wireguard::start_wireguard(shutdown, Arc::clone(wireguard_data)).await
} else {
Err(Box::new(GatewayError::WireguardNotSet))
}
}
#[cfg(all(feature = "wireguard", not(target_os = "linux")))]
@@ -555,7 +561,7 @@ impl<St> Gateway<St> {
self.identity_keypair.as_ref(),
self.sphinx_keypair.clone(),
)
.with_wireguard_client_registry(self.client_registry.clone())
.with_wireguard_data(self.wireguard_data.clone())
.with_maybe_network_requester(self.network_requester_opts.as_ref().map(|o| &o.config))
.with_maybe_network_request_filter(nr_request_filter)
.with_maybe_ip_packet_router(self.ip_packet_router_opts.as_ref().map(|o| &o.config))
@@ -565,7 +571,10 @@ impl<St> Gateway<St> {
// Once this is a bit more mature, make this a commandline flag instead of a compile time
// flag
#[cfg(all(feature = "wireguard", target_os = "linux"))]
let wg_api = self.start_wireguard(shutdown.fork("wireguard")).await.ok();
let wg_api = self
.start_wireguard(shutdown.fork("wireguard"))
.await
.map_err(|source| GatewayError::StdError { source })?;
#[cfg(all(feature = "wireguard", not(target_os = "linux")))]
self.start_wireguard(shutdown.fork("wireguard")).await;
@@ -577,9 +586,8 @@ impl<St> Gateway<St> {
return Err(GatewayError::ShutdownFailure { source });
}
#[cfg(all(feature = "wireguard", target_os = "linux"))]
if let Some(wg_api) = wg_api {
defguard_wireguard_rs::WireguardInterfaceApi::remove_interface(&wg_api)?;
}
defguard_wireguard_rs::WireguardInterfaceApi::remove_interface(&wg_api)?;
Ok(())
}
}
+1 -1
View File
@@ -28,7 +28,7 @@ futures = { workspace = true }
humantime-serde = { workspace = true }
lazy_static = "1.4"
log = { workspace = true }
rand = { workspace = true }
rand = "0.7.3"
serde = { workspace = true, features = ["derive"] }
serde_json = { workspace = true }
sysinfo = "0.27.7"
+9 -9
View File
@@ -141,8 +141,8 @@ mod tests {
use nym_sphinx_params::packet_sizes::PacketSize;
use nym_sphinx_params::PacketType;
use nym_sphinx_types::{
test_utils, Delay as SphinxDelay, Destination, DestinationAddressBytes, Node,
NodeAddressBytes, DESTINATION_ADDRESS_LENGTH, IDENTIFIER_LENGTH, NODE_ADDRESS_LENGTH,
crypto, Delay as SphinxDelay, Destination, DestinationAddressBytes, Node, NodeAddressBytes,
DESTINATION_ADDRESS_LENGTH, IDENTIFIER_LENGTH, NODE_ADDRESS_LENGTH,
};
#[derive(Default)]
@@ -166,17 +166,17 @@ mod tests {
}
fn make_valid_sphinx_packet(size: PacketSize) -> NymPacket {
let (_, node1_pk) = test_utils::fixtures::keygen();
let (_, node1_pk) = crypto::keygen();
let node1 = Node::new(
NodeAddressBytes::from_bytes([5u8; NODE_ADDRESS_LENGTH]),
node1_pk,
);
let (_, node2_pk) = test_utils::fixtures::keygen();
let (_, node2_pk) = crypto::keygen();
let node2 = Node::new(
NodeAddressBytes::from_bytes([4u8; NODE_ADDRESS_LENGTH]),
node2_pk,
);
let (_, node3_pk) = test_utils::fixtures::keygen();
let (_, node3_pk) = crypto::keygen();
let node3 = Node::new(
NodeAddressBytes::from_bytes([2u8; NODE_ADDRESS_LENGTH]),
node3_pk,
@@ -197,23 +197,23 @@ mod tests {
}
fn make_valid_outfox_packet(size: PacketSize) -> NymPacket {
let (_, node1_pk) = test_utils::fixtures::keygen();
let (_, node1_pk) = crypto::keygen();
let node1 = Node::new(
NodeAddressBytes::from_bytes([5u8; NODE_ADDRESS_LENGTH]),
node1_pk,
);
let (_, node2_pk) = test_utils::fixtures::keygen();
let (_, node2_pk) = crypto::keygen();
let node2 = Node::new(
NodeAddressBytes::from_bytes([4u8; NODE_ADDRESS_LENGTH]),
node2_pk,
);
let (_, node3_pk) = test_utils::fixtures::keygen();
let (_, node3_pk) = crypto::keygen();
let node3 = Node::new(
NodeAddressBytes::from_bytes([2u8; NODE_ADDRESS_LENGTH]),
node3_pk,
);
let (_, node4_pk) = test_utils::fixtures::keygen();
let (_, node4_pk) = crypto::keygen();
let node4 = Node::new(
NodeAddressBytes::from_bytes([2u8; NODE_ADDRESS_LENGTH]),
node4_pk,
+3 -1
View File
@@ -29,7 +29,8 @@ humantime-serde = { workspace = true }
k256 = { version = "*", features = ["ecdsa-core"] } # needed for the Verifier trait; pull whatever version is used by other dependencies
log = { workspace = true }
pin-project = "1.0"
rand = { workspace = true }
rand = "0.8.5"
rand-07 = { package = "rand", version = "0.7.3" } # required for compatibility
reqwest = { workspace = true, features = ["json"] }
rocket = { version = "0.5.0", features = ["json"] }
rocket_cors = { version = "0.6.0" }
@@ -124,5 +125,6 @@ tempfile = "3.3.0"
cw3 = { workspace = true }
cw-utils = { workspace = true }
rand_chacha = "0.3"
rand_chacha_02 = { package = "rand_chacha", version = "0.2" }
sha2 = "0.9"
+12 -2
View File
@@ -27,6 +27,11 @@ pub fn test_rng(seed: [u8; 32]) -> ChaCha20Rng {
ChaCha20Rng::from_seed(seed)
}
pub fn test_rng_07(seed: [u8; 32]) -> rand_chacha_02::ChaCha20Rng {
use rand_chacha_02::rand_core::SeedableRng;
rand_chacha_02::ChaCha20Rng::from_seed(seed)
}
pub fn pseudorandom_account(rng: &mut ChaCha20Rng) -> AccountId {
let mut dummy_account_key_hash = [0u8; 32];
rng.fill_bytes(&mut dummy_account_key_hash);
@@ -37,8 +42,13 @@ pub fn dealer_fixture(mut rng: &mut ChaCha20Rng, id: NodeIndex) -> DealerDetails
// we might possibly need that private key later on
let keypair = DkgKeyPair::new(dkg::params(), &mut rng);
// lol, instantiate rng with an rng due to incompatibility, but even though it looks dodgy AF,
// it's 100% deterministic
let mut secondary_seed = [0u8; 32];
rng.fill_bytes(&mut secondary_seed);
let addr = pseudorandom_account(rng);
let identity_keypair = identity::KeyPair::new(&mut rng);
let identity_keypair = identity::KeyPair::new(&mut test_rng_07(secondary_seed));
let bte_public_key_with_proof = bs58::encode(&keypair.public_key().to_bytes()).into_string();
let port = 8080 + id;
@@ -146,7 +156,7 @@ impl TestingDkgControllerBuilder {
let mut secondary_seed = [0u8; 32];
rng.fill_bytes(&mut secondary_seed);
let identity_keypair = identity::KeyPair::new(&mut test_rng(secondary_seed));
let identity_keypair = identity::KeyPair::new(&mut test_rng_07(secondary_seed));
DealerDetails {
address: Addr::unchecked(address.as_ref()),
+3 -3
View File
@@ -49,8 +49,8 @@ use nym_validator_client::nyxd::Coin;
use nym_validator_client::nyxd::{
AccountId, Algorithm, Event, EventAttribute, ExecTxResult, Fee, Hash, TxResponse,
};
use rand::rngs::OsRng;
use rand::RngCore;
use rand_07::rngs::OsRng;
use rand_07::RngCore;
use rocket::http::Status;
use rocket::local::asynchronous::Client;
use std::collections::{BTreeMap, HashMap};
@@ -1336,7 +1336,7 @@ struct TestFixture {
impl TestFixture {
async fn new() -> Self {
let mut rng = crate::coconut::tests::fixtures::test_rng([69u8; 32]);
let mut rng = crate::coconut::tests::fixtures::test_rng_07([69u8; 32]);
let params = Parameters::new(4).unwrap();
let coconut_keypair = nym_coconut::ttp_keygen(&params, 1, 1).unwrap().remove(0);
let identity = identity::KeyPair::new(&mut rng);
+1 -1
View File
@@ -8,7 +8,7 @@ use nym_sphinx::{
acknowledgements::AckKey, addressing::clients::Recipient, preparer::MessagePreparer,
};
use nym_topology::NymTopology;
use rand::rngs::OsRng;
use rand_07::rngs::OsRng;
use std::time::Duration;
const DEFAULT_AVERAGE_PACKET_DELAY: Duration = Duration::from_millis(200);
+1 -1
View File
@@ -73,7 +73,7 @@ impl<'a> NetworkMonitorBuilder<'a> {
// TODO: those keys change constant throughout the whole execution of the monitor.
// and on top of that, they are used with ALL the gateways -> presumably this should change
// in the future
let mut rng = rand::rngs::OsRng;
let mut rng = rand_07::rngs::OsRng;
let identity_keypair = Arc::new(identity::KeyPair::new(&mut rng));
let encryption_keypair = Arc::new(encryption::KeyPair::new(&mut rng));
@@ -14,7 +14,7 @@ use nym_sphinx::addressing::clients::Recipient;
use nym_sphinx::forwarding::packet::MixPacket;
use nym_sphinx::params::{PacketSize, PacketType};
use nym_topology::{gateway, mix};
use rand::{rngs::ThreadRng, seq::SliceRandom, thread_rng, Rng};
use rand_07::{rngs::ThreadRng, seq::SliceRandom, thread_rng, Rng};
use std::collections::{HashMap, HashSet};
use std::fmt::{self, Display, Formatter};
+2 -1
View File
@@ -9,6 +9,7 @@ use crate::support::config::{
use anyhow::{Context, Result};
use nym_crypto::asymmetric::identity;
use rand::rngs::OsRng;
use rand_07::rngs::OsRng as OsRng07;
use std::{fs, io};
// TODO: once we upgrade ed25519 library, we could use the same rand library and use proper
@@ -19,7 +20,7 @@ fn init_identity_keys(config: &config::NymApiPaths) -> Result<()> {
&config.public_identity_key_file,
);
let mut rng = OsRng;
let mut rng = OsRng07;
let keypair = identity::KeyPair::new(&mut rng);
nym_pemstore::store_keypair(&keypair, &keypaths)
.context("failed to store identity keys of the nym api")?;
+220 -390
View File
File diff suppressed because it is too large Load Diff
+3 -12
View File
@@ -30,24 +30,15 @@ itertools = "0.10.5"
log = { version = "0.4", features = ["serde"] }
pretty_env_logger = "0.4.0"
rand = "0.8"
reqwest = { version = "0.11.22", features = ["json", "socks"] }
rand-07 = { package = "rand", version = "0.7.3" }
reqwest = { version = "0.12.4", features = ["json", "socks"] }
rust-embed = { version = "6.4.2", features = ["include-exclude"] }
serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0"
serde_repr = "0.1"
tap = "1.0.1"
# 07.07.23: JS: I changed the version from ^1.2.2 to fix up indirect import of web-sys
tauri = { version = "1.4.1", features = [
"clipboard-write-text",
"macos-private-api",
"notification-all",
"shell-open",
"system-tray",
"updater",
"window-close",
"window-minimize",
"window-start-dragging",
] }
tauri = { version = "1.4.1", features = ["clipboard-write-text", "macos-private-api", "notification-all", "shell-open", "system-tray", "updater", "window-close", "window-minimize", "window-start-dragging"] }
#tendermint-rpc = "0.23.0"
thiserror = "1.0"
time = { version = "0.3.17", features = ["local-offset"] }
@@ -20,7 +20,7 @@ use nym_config::{
};
use nym_crypto::asymmetric::identity;
use nym_socks5_client_core::config::Config as Socks5CoreConfig;
use rand::rngs::OsRng;
use rand_07::rngs::OsRng;
use serde::{Deserialize, Serialize};
use std::path::{Path, PathBuf};
use std::{fs, io};
@@ -214,7 +214,7 @@ pub async fn init_socks5_config(provider_address: String, chosen_gateway_id: Str
let gateway_setup = if !already_init {
let selection_spec =
GatewaySelectionSpecification::new(Some(chosen_gateway_id), None, false);
let mut rng = rand::thread_rng();
let mut rng = rand_07::thread_rng();
let available_gateways =
current_gateways(&mut rng, &config.core.base.client.nym_api_urls).await?;
GatewaySetup::New {
@@ -87,7 +87,7 @@ async fn select_gateway_by_latency(gateways: Vec<GatewayBondAnnotated>) -> Resul
.filter_map(|g| g.gateway_bond.try_into().ok())
.collect();
let mut rng = rand::rngs::OsRng;
let mut rng = rand_07::rngs::OsRng;
let selected_gateway = nym_client_core::init::helpers::choose_gateway_by_latency(
&mut rng,
&gateways_as_nodes,
+4 -1
View File
@@ -22,7 +22,7 @@ colored = "2"
clap = { workspace = true, features = ["cargo", "env"] }
humantime-serde = { workspace = true }
ipnetwork = "0.16.0"
rand = { workspace = true }
rand = "0.7.3"
serde = { workspace = true, features = ["derive"] }
serde_json.workspace = true
thiserror.workspace = true
@@ -60,3 +60,6 @@ nym-ip-packet-router = { path = "../service-providers/ip-packet-router" }
[build-dependencies]
# temporary bonding information v1 (to grab and parse nym-mixnode and nym-gateway package versions)
cargo_metadata = "0.18.1"
[features]
wireguard = ["nym-gateway/wireguard"]
+1 -1
View File
@@ -23,7 +23,7 @@ utoipa-swagger-ui = { workspace = true, features = ["axum"] }
colored = "2"
ipnetwork = "0.16"
rand = { workspace = true }
rand = "0.7.3"
# Wireguard:
fastrand = "2"
@@ -10,7 +10,6 @@ use crate::router::types::RequestError;
use axum::extract::{Path, Query, State};
use axum::http::StatusCode;
use axum::Json;
use nym_crypto::asymmetric::encryption::PublicKey;
use nym_node_requests::api::v1::gateway::client_interfaces::wireguard::models::{
ClientMessage, ClientRegistrationResponse, GatewayClient, InitMessage, Nonce, PeerPublicKey,
};
@@ -31,7 +30,10 @@ async fn process_final_message(
}
};
if client.verify(&state.private_key, preshared_nonce).is_ok() {
if client
.verify(&state.keypair.private_key(), preshared_nonce)
.is_ok()
{
state.registration_in_progress.remove(&client.pub_key());
state.client_registry.insert(client.pub_key(), client);
@@ -86,8 +88,7 @@ pub(crate) async fn register_client(
match payload {
ClientMessage::Initial(init) => {
let remote_public = PublicKey::from_bytes(init.pub_key().as_bytes())
.map_err(|_| RequestError::new_status(StatusCode::BAD_REQUEST))?;
let remote_public = init.pub_key().inner();
let nonce = process_init_message(init, state).await;
let mut private_ip_ref = state
.free_private_network_ips
@@ -101,7 +102,7 @@ pub(crate) async fn register_client(
// mark it as used, even though it's not final
*private_ip_ref = false;
let gateway_data = GatewayClient::new(
&state.private_key,
&state.keypair.private_key(),
remote_public,
*private_ip_ref.key(),
nonce,
@@ -8,11 +8,11 @@ use crate::error::NymNodeHttpError;
use axum::routing::{get, post};
use axum::Router;
use ipnetwork::IpNetwork;
use nym_crypto::asymmetric::encryption::PrivateKey;
use nym_crypto::asymmetric::x25519::KeyPair;
use nym_node_requests::routes::api::v1::gateway::client_interfaces::wireguard;
use nym_wireguard::setup;
use nym_wireguard_types::registration::PrivateIPs;
use nym_wireguard_types::registration::{GatewayClientRegistry, PendingRegistrations};
use nym_wireguard_types::WireguardGatewayData;
use std::sync::Arc;
pub(crate) mod client_registry;
@@ -27,17 +27,15 @@ pub struct WireguardAppState {
impl WireguardAppState {
pub fn new(
client_registry: Arc<GatewayClientRegistry>,
wireguard_gateway_data: &WireguardGatewayData,
registration_in_progress: Arc<PendingRegistrations>,
binding_port: u16,
private_ip_network: IpNetwork,
) -> Result<Self, NymNodeHttpError> {
Ok(WireguardAppState {
inner: Some(WireguardAppStateInner {
private_key: Arc::new(PrivateKey::from_bytes(
setup::server_static_private_key().as_ref(),
)?),
client_registry,
keypair: wireguard_gateway_data.keypair().clone(),
client_registry: wireguard_gateway_data.client_registry().clone(),
registration_in_progress,
binding_port,
free_private_network_ips: Arc::new(
@@ -83,7 +81,7 @@ macro_rules! get_state {
#[derive(Clone)]
pub(crate) struct WireguardAppStateInner {
private_key: Arc<PrivateKey>,
keypair: Arc<KeyPair>,
client_registry: Arc<GatewayClientRegistry>,
registration_in_progress: Arc<PendingRegistrations>,
binding_port: u16,
@@ -168,7 +166,7 @@ mod test {
let state = WireguardAppState {
inner: Some(WireguardAppStateInner {
client_registry: Arc::clone(&client_registry),
private_key: Arc::new(gateway_private_key),
keypair: Arc::new(gateway_private_key),
registration_in_progress: Arc::clone(&registration_in_progress),
binding_port: 8080,
free_private_network_ips,
+1 -1
View File
@@ -36,7 +36,7 @@ nym-bin-common = { path = "../../common/bin-common", features = ["bin_info_schem
[dev-dependencies]
tokio = { workspace = true, features = ["full"] }
rand_chacha = "0.3"
rand_chacha = "0.2"
nym-crypto = { path = "../../common/crypto", features = ["rand"] }
+3 -10
View File
@@ -18,8 +18,8 @@ use nym_mixnode::MixnodeError;
use nym_network_requester::{CustomGatewayDetails, GatewayDetails};
use nym_node::config;
use nym_node::config::mixnode::DEFAULT_VERLOC_PORT;
use nym_node::config::Config;
use nym_node::config::{default_config_filepath, ConfigBuilder, NodeMode};
use nym_node::config::{Config, DEFAULT_WIREGUARD_NETWORK_IP};
use nym_node::error::{EntryGatewayError, ExitGatewayError, NymNodeError};
use nym_node_http_api::api::api_requests::v1::node::models::NodeDescription;
use rand::rngs::OsRng;
@@ -400,15 +400,6 @@ async fn migrate_gateway(mut args: Args) -> Result<(), NymNodeError> {
},
..config::MixnodeConfig::new_default()
}))
.with_wireguard(args.wireguard.override_config_section(config::Wireguard {
enabled: cfg.wireguard.enabled,
bind_address: cfg.wireguard.bind_address,
private_network_ip: DEFAULT_WIREGUARD_NETWORK_IP,
announced_port: cfg.wireguard.announced_port,
private_network_prefix: cfg.wireguard.private_network_prefix,
// this is fine as currently the paths stored inside gateway itself are empty
storage_paths: config::persistence::WireguardPaths::new(&data_dir),
}))
.with_entry_gateway(args.entry_gateway.override_config_section(
config::EntryGatewayConfig {
storage_paths: config::persistence::EntryGatewayPaths::new(&data_dir),
@@ -606,6 +597,8 @@ async fn migrate_gateway(mut args: Args) -> Result<(), NymNodeError> {
.await?;
}
crate::node::WireguardData::initialise(&config.wireguard)?;
save_node_description(
&config.storage_paths.description,
&NodeDescription::default(),
+6 -6
View File
@@ -253,13 +253,13 @@ pub(crate) struct WireguardArgs {
)]
pub(crate) wireguard_bind_address: Option<SocketAddr>,
/// Ip address of the private wireguard network.
/// default: `10.1.0.0`
/// Private IP address of the wireguard gateway.
/// default: `10.1.0.1`
#[clap(
long,
env = NYMNODE_WG_IP_NETWORK_ARG,
env = NYMNODE_WG_IP_ARG,
)]
pub(crate) wireguard_private_network_ip: Option<IpAddr>,
pub(crate) wireguard_private_ip: Option<IpAddr>,
/// Port announced to external clients wishing to connect to the wireguard interface.
/// Useful in the instances where the node is behind a proxy.
@@ -300,8 +300,8 @@ impl WireguardArgs {
section.announced_port = announced_port
}
if let Some(private_network_ip) = self.wireguard_private_network_ip {
section.private_network_ip = private_network_ip
if let Some(private_ip) = self.wireguard_private_ip {
section.private_ip = private_ip
}
if let Some(private_network_prefix) = self.wireguard_private_network_prefix {
+16
View File
@@ -13,6 +13,8 @@ use serde::{Deserialize, Serialize};
use std::path::Path;
use url::Url;
use super::LocalWireguardOpts;
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(deny_unknown_fields)]
pub struct ExitGatewayConfig {
@@ -136,6 +138,7 @@ pub struct EphemeralConfig {
pub gateway: nym_gateway::config::Config,
pub nr_opts: LocalNetworkRequesterOpts,
pub ipr_opts: LocalIpPacketRouterOpts,
pub wg_opts: LocalWireguardOpts,
}
fn base_client_config(config: &Config) -> nym_client_core_config_types::Client {
@@ -241,6 +244,18 @@ pub fn ephemeral_exit_gateway_config(
let ipr_enabled = config.exit_gateway.ip_packet_router.debug.enabled;
let nr_enabled = config.exit_gateway.network_requester.debug.enabled;
let wg_opts = LocalWireguardOpts {
config: super::Wireguard {
enabled: config.wireguard.enabled,
bind_address: config.wireguard.bind_address,
private_ip: config.wireguard.private_ip,
announced_port: config.wireguard.announced_port,
private_network_prefix: config.wireguard.private_network_prefix,
storage_paths: config.wireguard.storage_paths.clone(),
},
custom_mixnet_path: None,
};
let mut gateway = ephemeral_gateway_config(config, mnemonic)?;
gateway.ip_packet_router.enabled = ipr_enabled;
gateway.network_requester.enabled = nr_enabled;
@@ -253,6 +268,7 @@ pub fn ephemeral_exit_gateway_config(
Ok(EphemeralConfig {
nr_opts,
ipr_opts,
wg_opts,
gateway,
})
}
-9
View File
@@ -57,19 +57,10 @@ pub fn ephemeral_gateway_config(
cosmos_mnemonic: mnemonic.clone(),
};
let wireguard = nym_gateway::config::Wireguard {
enabled: config.wireguard.enabled,
bind_address: config.wireguard.bind_address,
announced_port: config.wireguard.announced_port,
private_network_prefix: config.wireguard.private_network_prefix,
storage_paths: nym_gateway::config::WireguardPaths::new_empty(),
};
Ok(nym_gateway::config::Config::externally_loaded(
host,
http,
gateway,
wireguard,
nym_gateway::config::GatewayPaths::new_empty(),
nym_gateway::config::NetworkRequester { enabled: false },
nym_gateway::config::IpPacketRouter { enabled: false },
+23 -5
View File
@@ -40,7 +40,7 @@ pub use crate::config::mixnode::MixnodeConfig;
const DEFAULT_NYMNODES_DIR: &str = "nym-nodes";
pub const DEFAULT_WIREGUARD_PORT: u16 = WG_PORT;
pub const DEFAULT_WIREGUARD_NETWORK_IP: IpAddr = IpAddr::V4(Ipv4Addr::new(10, 1, 0, 0));
pub const DEFAULT_WIREGUARD_IP: IpAddr = IpAddr::V4(Ipv4Addr::new(10, 1, 0, 1));
pub const DEFAULT_WIREGUARD_PREFIX: u8 = 16;
pub const DEFAULT_HTTP_PORT: u16 = DEFAULT_NYM_NODE_HTTP_PORT;
pub const DEFAULT_MIXNET_PORT: u16 = DEFAULT_MIX_LISTENING_PORT;
@@ -500,9 +500,9 @@ pub struct Wireguard {
/// default: `0.0.0.0:51822`
pub bind_address: SocketAddr,
/// Ip address of the private wireguard network.
/// default: `10.1.0.0`
pub private_network_ip: IpAddr,
/// Private IP address of the wireguard gateway.
/// default: `10.1.0.1`
pub private_ip: IpAddr,
/// Port announced to external clients wishing to connect to the wireguard interface.
/// Useful in the instances where the node is behind a proxy.
@@ -524,10 +524,28 @@ impl Wireguard {
IpAddr::V4(Ipv4Addr::UNSPECIFIED),
DEFAULT_WIREGUARD_PORT,
),
private_network_ip: DEFAULT_WIREGUARD_NETWORK_IP,
private_ip: DEFAULT_WIREGUARD_IP,
announced_port: DEFAULT_WIREGUARD_PORT,
private_network_prefix: DEFAULT_WIREGUARD_PREFIX,
storage_paths: persistence::WireguardPaths::new(data_dir),
}
}
}
impl Into<nym_wireguard_types::Config> for Wireguard {
fn into(self) -> nym_wireguard_types::Config {
nym_wireguard_types::Config {
bind_address: self.bind_address,
private_ip: self.private_ip,
announced_port: self.announced_port,
private_network_prefix: self.private_network_prefix,
}
}
}
#[derive(Debug, Clone)]
pub struct LocalWireguardOpts {
pub config: Wireguard,
pub custom_mixnet_path: Option<PathBuf>,
}
+19 -3
View File
@@ -43,6 +43,10 @@ pub const DEFAULT_IPR_ACK_KEY_FILENAME: &str = "aes128ctr_ipr_ack";
pub const DEFAULT_IPR_REPLY_SURB_DB_FILENAME: &str = "ipr_persistent_reply_store.sqlite";
pub const DEFAULT_IPR_GATEWAYS_DB_FILENAME: &str = "ipr_gateways_info_store.sqlite";
// Wireguard
pub const DEFAULT_X25519_WG_DH_KEY_FILENAME: &str = "x25519_wg_dh";
pub const DEFAULT_X25519_WG_PUBLIC_DH_KEY_FILENAME: &str = "x25519_wg_dh.pub";
#[derive(Debug, Clone, Deserialize, PartialEq, Eq, Serialize)]
#[serde(deny_unknown_fields)]
pub struct NymNodePaths {
@@ -366,11 +370,23 @@ impl ExitGatewayPaths {
#[derive(Debug, Clone, Deserialize, PartialEq, Eq, Serialize)]
#[serde(deny_unknown_fields)]
pub struct WireguardPaths {
// pub keys:
pub private_diffie_hellman_key_file: PathBuf,
pub public_diffie_hellman_key_file: PathBuf,
}
impl WireguardPaths {
pub fn new<P: AsRef<Path>>(_data_dir: P) -> Self {
WireguardPaths {}
pub fn new<P: AsRef<Path>>(data_dir: P) -> Self {
let data_dir = data_dir.as_ref();
WireguardPaths {
private_diffie_hellman_key_file: data_dir.join(DEFAULT_X25519_WG_DH_KEY_FILENAME),
public_diffie_hellman_key_file: data_dir.join(DEFAULT_X25519_WG_PUBLIC_DH_KEY_FILENAME),
}
}
pub fn x25519_wireguard_storage_paths(&self) -> nym_pemstore::KeyPairPath {
nym_pemstore::KeyPairPath::new(
&self.private_diffie_hellman_key_file,
&self.public_diffie_hellman_key_file,
)
}
}
+8 -5
View File
@@ -115,9 +115,9 @@ enabled = {{ wireguard.enabled }}
# default: `0.0.0.0:51822`
bind_address = '{{ wireguard.bind_address }}'
# Ip address of the private wireguard network.
# default: `10.1.0.0`
private_network_ip = '{{ wireguard.private_network_ip }}'
# Private IP address of the wireguard gateway.
# default: `10.1.0.1`
private_ip = '{{ wireguard.private_ip }}'
# Port announced to external clients wishing to connect to the wireguard interface.
# Useful in the instances where the node is behind a proxy.
@@ -127,9 +127,12 @@ announced_port = {{ wireguard.announced_port }}
# The maximum value for IPv4 is 32 and for IPv6 is 128
private_network_prefix = {{ wireguard.private_network_prefix }}
# Paths for wireguard keys, client registries, etc.
[wireguard.storage_paths]
# currently empty
# Path to file containing wireguard x25519 diffie hellman private key.
private_diffie_hellman_key_file = '{{ wireguard.storage_paths.private_diffie_hellman_key_file }}'
# Path to file containing wireguard x25519 diffie hellman public key.
public_diffie_hellman_key_file = '{{ wireguard.storage_paths.public_diffie_hellman_key_file }}'
##### mixnode mode nym-node config options #####
+1 -1
View File
@@ -40,7 +40,7 @@ pub mod vars {
// wireguard:
pub const NYMNODE_WG_ENABLED_ARG: &str = "NYMNODE_WG_ENABLED";
pub const NYMNODE_WG_BIND_ADDRESS_ARG: &str = "NYMNODE_WG_BIND_ADDRESS";
pub const NYMNODE_WG_IP_NETWORK_ARG: &str = "NYMNODE_WG_IP_NETWORK";
pub const NYMNODE_WG_IP_ARG: &str = "NYMNODE_WG_IP";
pub const NYMNODE_WG_ANNOUNCED_PORT_ARG: &str = "NYMNODE_WG_ANNOUNCED_PORT";
pub const NYMNODE_WG_PRIVATE_NETWORK_PREFIX_ARG: &str = "NYMNODE_WG_PRIVATE_NETWORK_PREFIX";
+7
View File
@@ -34,6 +34,7 @@ pub(crate) struct DisplayDetails {
pub(crate) ed25519_identity_key: String,
pub(crate) x25519_sphinx_key: String,
pub(crate) x25519_noise_key: String,
pub(crate) x25519_wireguard_key: String,
pub(crate) exit_network_requester_address: String,
pub(crate) exit_ip_packet_router_address: String,
@@ -139,6 +140,12 @@ pub(crate) fn load_x25519_noise_keypair(
Ok(load_keypair(paths, "x25519-noise")?)
}
pub(crate) fn load_x25519_wireguard_keypair(
paths: KeyPairPath,
) -> Result<x25519::KeyPair, NymNodeError> {
Ok(load_keypair(paths, "x25519-wireguard")?)
}
pub(crate) fn load_x25519_sphinx_public_key<P: AsRef<Path>>(
path: P,
) -> Result<x25519::PublicKey, NymNodeError> {
+69 -10
View File
@@ -20,7 +20,9 @@ use nym_network_requester::{
use nym_node::config::entry_gateway::ephemeral_entry_gateway_config;
use nym_node::config::exit_gateway::ephemeral_exit_gateway_config;
use nym_node::config::mixnode::ephemeral_mixnode_config;
use nym_node::config::{Config, EntryGatewayConfig, ExitGatewayConfig, MixnodeConfig, NodeMode};
use nym_node::config::{
Config, EntryGatewayConfig, ExitGatewayConfig, MixnodeConfig, NodeMode, Wireguard,
};
use nym_node::error::{EntryGatewayError, ExitGatewayError, MixnodeError, NymNodeError};
use nym_node_http_api::api::api_requests;
use nym_node_http_api::api::api_requests::v1::node::models::NodeDescription;
@@ -31,7 +33,7 @@ use nym_node_http_api::{NymNodeHTTPServer, NymNodeRouter};
use nym_sphinx_acknowledgements::AckKey;
use nym_sphinx_addressing::Recipient;
use nym_task::{TaskClient, TaskManager};
use nym_wireguard_types::registration::GatewayClientRegistry;
use nym_wireguard_types::WireguardGatewayData;
use rand::rngs::OsRng;
use rand::{CryptoRng, RngCore};
use std::path::Path;
@@ -39,6 +41,8 @@ use std::sync::Arc;
use tracing::{debug, error, info, trace};
use zeroize::Zeroizing;
use self::helpers::load_x25519_wireguard_keypair;
pub mod bonding_information;
pub mod description;
pub mod helpers;
@@ -63,7 +67,7 @@ impl MixnodeData {
pub struct EntryGatewayData {
mnemonic: Zeroizing<bip39::Mnemonic>,
client_storage: nym_gateway::node::PersistentStorage,
client_registry: Arc<GatewayClientRegistry>,
wireguard_data: WireguardGatewayData,
}
impl EntryGatewayData {
@@ -81,7 +85,10 @@ impl EntryGatewayData {
Ok(())
}
async fn new(config: &EntryGatewayConfig) -> Result<EntryGatewayData, EntryGatewayError> {
async fn new(
config: &EntryGatewayConfig,
wireguard_data: WireguardGatewayData,
) -> Result<EntryGatewayData, EntryGatewayError> {
Ok(EntryGatewayData {
mnemonic: config.storage_paths.load_mnemonic_from_file()?,
client_storage: nym_gateway::node::PersistentStorage::init(
@@ -90,7 +97,7 @@ impl EntryGatewayData {
)
.await
.map_err(nym_gateway::GatewayError::from)?,
client_registry: Arc::new(Default::default()),
wireguard_data: wireguard_data.clone(),
})
}
}
@@ -244,6 +251,33 @@ impl ExitGatewayData {
}
}
pub struct WireguardData {
x25519_wireguard_keys: Arc<x25519::KeyPair>,
}
impl WireguardData {
pub(crate) fn new(config: &Wireguard) -> Result<Self, NymNodeError> {
Ok(WireguardData {
x25519_wireguard_keys: Arc::new(load_x25519_wireguard_keypair(
config.storage_paths.x25519_wireguard_storage_paths(),
)?),
})
}
pub(crate) fn initialise(config: &Wireguard) -> Result<(), ExitGatewayError> {
let mut rng = OsRng;
let x25519_keys = x25519::KeyPair::new(&mut rng);
store_keypair(
&x25519_keys,
config.storage_paths.x25519_wireguard_storage_paths(),
"wg-x25519-dh",
)?;
Ok(())
}
}
pub(crate) struct NymNode {
config: Config,
description: NodeDescription,
@@ -259,6 +293,8 @@ pub(crate) struct NymNode {
#[allow(dead_code)]
exit_gateway: ExitGatewayData,
wireguard: WireguardData,
ed25519_identity_keys: Arc<ed25519::KeyPair>,
x25519_sphinx_keys: Arc<x25519::KeyPair>,
@@ -314,10 +350,18 @@ impl NymNode {
ExitGatewayData::initialise(&config.exit_gateway, *ed25519_identity_keys.public_key())
.await?;
// wireguard initialisation
WireguardData::initialise(&config.wireguard)?;
config.save()
}
pub(crate) async fn new(config: Config) -> Result<Self, NymNodeError> {
let wireguard_data = WireguardData::new(&config.wireguard)?;
let wireguard_gateway_data = WireguardGatewayData::new(
config.wireguard.clone().into(),
wireguard_data.x25519_wireguard_keys.clone(),
);
Ok(NymNode {
ed25519_identity_keys: Arc::new(load_ed25519_identity_keypair(
config.storage_paths.keys.ed25519_identity_storage_paths(),
@@ -331,8 +375,10 @@ impl NymNode {
description: load_node_description(&config.storage_paths.description)?,
verloc_stats: Default::default(),
mixnode: MixnodeData::new(&config.mixnode)?,
entry_gateway: EntryGatewayData::new(&config.entry_gateway).await?,
entry_gateway: EntryGatewayData::new(&config.entry_gateway, wireguard_gateway_data)
.await?,
exit_gateway: ExitGatewayData::new(&config.exit_gateway)?,
wireguard: wireguard_data,
config,
})
}
@@ -353,6 +399,10 @@ impl NymNode {
)
}
fn x25519_wireguard_key(&self) -> &x25519::PublicKey {
self.wireguard.x25519_wireguard_keys.public_key()
}
pub(crate) fn display_details(&self) -> DisplayDetails {
DisplayDetails {
current_mode: self.config.mode,
@@ -360,6 +410,7 @@ impl NymNode {
ed25519_identity_key: self.ed25519_identity_key().to_base58_string(),
x25519_sphinx_key: self.x25519_sphinx_key().to_base58_string(),
x25519_noise_key: self.x25519_noise_key().to_base58_string(),
x25519_wireguard_key: self.x25519_wireguard_key().to_base58_string(),
exit_network_requester_address: self.exit_network_requester_address().to_string(),
exit_ip_packet_router_address: self.exit_ip_packet_router_address().to_string(),
}
@@ -409,6 +460,10 @@ impl NymNode {
let config =
ephemeral_entry_gateway_config(self.config.clone(), &self.entry_gateway.mnemonic)?;
let wireguard_data = Arc::new(WireguardGatewayData::new(
self.config.wireguard.clone().into(),
self.wireguard.x25519_wireguard_keys.clone(),
));
let mut entry_gateway = Gateway::new_loaded(
config,
None,
@@ -419,7 +474,7 @@ impl NymNode {
);
entry_gateway.disable_http_server();
entry_gateway.set_task_client(task_client);
entry_gateway.set_wireguard_client_registry(self.entry_gateway.client_registry.clone());
entry_gateway.set_wireguard_data(wireguard_data);
tokio::spawn(async move {
if let Err(err) = entry_gateway.run().await {
@@ -434,6 +489,10 @@ impl NymNode {
let config =
ephemeral_exit_gateway_config(self.config.clone(), &self.entry_gateway.mnemonic)?;
let wireguard_data = Arc::new(WireguardGatewayData::new(
self.config.wireguard.clone().into(),
self.wireguard.x25519_wireguard_keys.clone(),
));
let mut exit_gateway = Gateway::new_loaded(
config.gateway,
@@ -445,7 +504,7 @@ impl NymNode {
);
exit_gateway.disable_http_server();
exit_gateway.set_task_client(task_client);
exit_gateway.set_wireguard_client_registry(self.entry_gateway.client_registry.clone());
exit_gateway.set_wireguard_data(wireguard_data);
tokio::spawn(async move {
if let Err(err) = exit_gateway.run().await {
@@ -517,12 +576,12 @@ impl NymNode {
};
let wireguard_private_network = IpNetwork::new(
self.config.wireguard.private_network_ip,
self.config.wireguard.private_ip,
self.config.wireguard.private_network_prefix,
)?;
let wg_state = WireguardAppState::new(
self.entry_gateway.client_registry.clone(),
&self.entry_gateway.wireguard_data,
Default::default(),
self.config.wireguard.bind_address.port(),
wireguard_private_network,
+3 -3
View File
@@ -14,12 +14,12 @@ rayon = "1.5.1"
blake3 = "1.3"
zeroize = "1.5"
chacha20 = { version = "0.9.0", features = ["std"] }
x25519-dalek = { version = "2.0.0", features = ["static_secrets"]}
curve25519-dalek = "3.2"
chacha20poly1305 = "0.10.1"
getrandom = { workspace = true, features = ["js"] }
thiserror = { workspace = true }
sphinx-packet = "0.2.0"
rand = { workspace = true }
sphinx-packet = "0.1.0"
rand = "0.7.3"
log = "0.4"
[dev-dependencies]
+16 -18
View File
@@ -59,7 +59,9 @@ use chacha20poly1305::ChaCha20Poly1305;
use chacha20poly1305::KeyInit;
use chacha20poly1305::Tag;
use x25519_dalek::{PublicKey, SharedSecret, StaticSecret};
use curve25519_dalek::constants::ED25519_BASEPOINT_TABLE;
use curve25519_dalek::montgomery::MontgomeryPoint;
use curve25519_dalek::scalar::Scalar;
use std::ops::Range;
use std::u8;
@@ -220,12 +222,10 @@ impl MixStageParameters {
user_secret_key: &[u8],
node_pub_key: &[u8],
destination: &[u8; 32],
) -> Result<SharedSecret, OutfoxError> {
) -> Result<MontgomeryPoint, OutfoxError> {
let routing_data = destination;
let node_pub_key_bytes: [u8; 32] = node_pub_key.try_into()?;
let mix_public_key = PublicKey::from(node_pub_key_bytes);
let user_secret_key_bytes: [u8; 32] = user_secret_key.try_into()?;
let user_secret_key = StaticSecret::from(user_secret_key_bytes);
let mix_public_key = MontgomeryPoint(node_pub_key.try_into()?);
let user_secret_key = Scalar::from_bytes_mod_order(user_secret_key.try_into()?);
if buffer.len() != self.incoming_packet_length() {
return Err(OutfoxError::LenMismatch {
@@ -241,14 +241,14 @@ impl MixStageParameters {
});
}
let user_public_key = PublicKey::from(&user_secret_key);
let shared_key = user_secret_key.diffie_hellman(&mix_public_key);
let user_public_key = (&ED25519_BASEPOINT_TABLE * &user_secret_key).to_montgomery();
let shared_key = user_secret_key * mix_public_key;
// Copy rounting data into buffer
buffer[self.routing_data_range()].copy_from_slice(routing_data);
// Perform the AEAD
let header_aead_key = ChaCha20Poly1305::new_from_slice(&shared_key.to_bytes())?;
let header_aead_key = ChaCha20Poly1305::new_from_slice(&shared_key.0[..])?;
let nonce = [0u8; 12];
let tag = header_aead_key
@@ -259,10 +259,10 @@ impl MixStageParameters {
buffer[self.tag_range()].copy_from_slice(&tag[..]);
// Copy own public key into buffer
buffer[self.pub_element_range()].copy_from_slice(&user_public_key.to_bytes());
buffer[self.pub_element_range()].copy_from_slice(&user_public_key.0[..]);
// Do a round of LION on the payload
lion_transform_encrypt(&mut buffer[self.payload_range()], &shared_key.to_bytes())?;
lion_transform_encrypt(&mut buffer[self.payload_range()], &shared_key.0)?;
Ok(shared_key)
}
@@ -274,8 +274,7 @@ impl MixStageParameters {
) -> Result<Vec<u8>, OutfoxError> {
// Check the length of the incoming buffer is correct.
let mix_secret_key_bytes: [u8; 32] = mix_secret_key.try_into()?;
let mix_secret_key = StaticSecret::from(mix_secret_key_bytes);
let mix_secret_key = Scalar::from_bytes_mod_order(mix_secret_key.try_into()?);
if buffer.len() != self.incoming_packet_length() {
return Err(OutfoxError::LenMismatch {
@@ -285,12 +284,11 @@ impl MixStageParameters {
}
// Derive the shared key for this packet
let user_public_key_bytes: [u8; 32] = buffer[self.pub_element_range()].try_into()?;
let user_public_key = PublicKey::from(user_public_key_bytes);
let shared_key = mix_secret_key.diffie_hellman(&user_public_key);
let user_public_key = MontgomeryPoint(buffer[self.pub_element_range()].try_into()?);
let shared_key = mix_secret_key * user_public_key;
// Compute the AEAD and check the Tag, if wrong return Err
let header_aead_key = ChaCha20Poly1305::new_from_slice(&shared_key.to_bytes())?;
let header_aead_key = ChaCha20Poly1305::new_from_slice(&shared_key.0[..])?;
let nonce = [0; 12];
let tag_bytes = buffer[self.tag_range()].to_vec();
@@ -307,7 +305,7 @@ impl MixStageParameters {
let routing_data = buffer[self.routing_data_range()].to_vec();
// Do a round of LION on the payload
lion_transform_decrypt(&mut buffer[self.payload_range()], &shared_key.to_bytes())?;
lion_transform_decrypt(&mut buffer[self.payload_range()], &shared_key.0)?;
Ok(routing_data)
}
+15 -13
View File
@@ -9,6 +9,8 @@ mod tests {
repeat_with(|| fastrand::u8(..)).take(n).collect()
}
use curve25519_dalek::constants::ED25519_BASEPOINT_TABLE;
use curve25519_dalek::scalar::Scalar;
use nym_outfox::packet::OutfoxPacket;
use sphinx_packet::constants::NODE_ADDRESS_LENGTH;
use sphinx_packet::crypto::PublicKey;
@@ -19,7 +21,6 @@ mod tests {
use nym_outfox::format::*;
use nym_outfox::lion::*;
use x25519_dalek::StaticSecret;
#[test]
fn test_encode_decode() {
@@ -29,10 +30,11 @@ mod tests {
payload_length_bytes: 1024, // 1kb
};
let user_secret: [u8; 32] = randombytes(32).try_into().unwrap();
let mix_secret: [u8; 32] = randombytes(32).try_into().unwrap();
let mix_secret_key = StaticSecret::from(mix_secret);
let mix_public_key = PublicKey::from(&mix_secret_key);
let user_secret = randombytes(32);
let mix_secret = randombytes(32);
let mix_secret_scalar =
Scalar::from_bytes_mod_order(mix_secret.clone().try_into().unwrap());
let mix_public_key = (&ED25519_BASEPOINT_TABLE * &mix_secret_scalar).to_montgomery();
let routing = [0; 32];
let destination = [0; 32];
@@ -85,23 +87,23 @@ mod tests {
#[test]
fn test_packet_params_short() {
let (node1_pk, node1_pub) = sphinx_packet::test_utils::fixtures::keygen();
let (node1_pk, node1_pub) = sphinx_packet::crypto::keygen();
let node1 = Node::new(
NodeAddressBytes::from_bytes([0u8; NODE_ADDRESS_LENGTH]),
node1_pub,
);
let (node2_pk, node2_pub) = sphinx_packet::test_utils::fixtures::keygen();
let (node2_pk, node2_pub) = sphinx_packet::crypto::keygen();
let node2 = Node::new(
NodeAddressBytes::from_bytes([1u8; NODE_ADDRESS_LENGTH]),
node2_pub,
);
let (node3_pk, node3_pub) = sphinx_packet::test_utils::fixtures::keygen();
let (node3_pk, node3_pub) = sphinx_packet::crypto::keygen();
let node3 = Node::new(
NodeAddressBytes::from_bytes([2u8; NODE_ADDRESS_LENGTH]),
node3_pub,
);
let (gateway_pk, gateway_pub) = sphinx_packet::test_utils::fixtures::keygen();
let (gateway_pk, gateway_pub) = sphinx_packet::crypto::keygen();
let gateway = Node::new(
NodeAddressBytes::from_bytes([3u8; NODE_ADDRESS_LENGTH]),
gateway_pub,
@@ -141,23 +143,23 @@ mod tests {
#[test]
fn test_packet_params_long() {
let (node1_pk, node1_pub) = sphinx_packet::test_utils::fixtures::keygen();
let (node1_pk, node1_pub) = sphinx_packet::crypto::keygen();
let node1 = Node::new(
NodeAddressBytes::from_bytes([0u8; NODE_ADDRESS_LENGTH]),
node1_pub,
);
let (node2_pk, node2_pub) = sphinx_packet::test_utils::fixtures::keygen();
let (node2_pk, node2_pub) = sphinx_packet::crypto::keygen();
let node2 = Node::new(
NodeAddressBytes::from_bytes([1u8; NODE_ADDRESS_LENGTH]),
node2_pub,
);
let (node3_pk, node3_pub) = sphinx_packet::test_utils::fixtures::keygen();
let (node3_pk, node3_pub) = sphinx_packet::crypto::keygen();
let node3 = Node::new(
NodeAddressBytes::from_bytes([2u8; NODE_ADDRESS_LENGTH]),
node3_pub,
);
let (gateway_pk, gateway_pub) = sphinx_packet::test_utils::fixtures::keygen();
let (gateway_pk, gateway_pub) = sphinx_packet::crypto::keygen();
let gateway = Node::new(
NodeAddressBytes::from_bytes([3u8; NODE_ADDRESS_LENGTH]),
gateway_pub,
+198 -381
View File
File diff suppressed because it is too large Load Diff
+1 -1
View File
@@ -64,7 +64,7 @@ nym-store-cipher = { path = "../../common/store-cipher", features = ["json"] }
[dev-dependencies]
nym-crypto = { path = "../../common/crypto", features = ["rand"] }
rand_chacha = "0.3"
rand_chacha = "0.2"
tempfile = "3.3.0"
ts-rs = "7.0.0"
+4
View File
@@ -1,4 +1,5 @@
use nym_contracts_common::signing::SigningAlgorithm;
use nym_crypto::asymmetric::identity;
use nym_crypto::asymmetric::identity::Ed25519RecoveryError;
use nym_types::error::TypesError;
use nym_validator_client::nym_api::error::NymAPIError;
@@ -149,6 +150,9 @@ pub enum BackendError {
#[error(transparent)]
Ed25519Recovery(#[from] Ed25519RecoveryError),
#[error("failed to verify ed25519 signature: {0}")]
Ed25519SignatureError(#[from] identity::SignatureError),
#[error("This command ({name}) has been removed. Please try to use {alternative} instead.")]
RemovedCommand { name: String, alternative: String },
}
+1 -1
View File
@@ -26,7 +26,7 @@ nym-socks5-client-core = { path = "../../../common/socks5-client-core", default-
serde = { workspace = true }
tokio = { workspace = true, features = ["sync", "time"] }
log = "0.4.17"
rand = { workspace = true }
rand = "0.7.3"
safer-ffi = { version = "0.1.4" }
+1 -1
View File
@@ -32,7 +32,7 @@ http = "0.2.9"
futures = { workspace = true }
log = { workspace = true }
rand = { workspace = true }
rand = { version = "0.7.3" }
tap = "1.0.1"
thiserror = { workspace = true }
url = { workspace = true }
@@ -28,7 +28,7 @@ ipnetwork = "0.20.0"
log = { workspace = true }
pretty_env_logger = "0.4.0"
publicsuffix = "2.2.3"
rand = { workspace = true }
rand = "0.7.3"
regex = "1.8.4"
reqwest = { workspace = true, features = ["json"] }
serde = { workspace = true, features = ["derive"] }

Some files were not shown because too many files have changed in this diff Show More