d8c84cc4d6
* wip * wip: wrap node's sphinx key with a manager * wip: choosing correct key for packet processing * further propagation of key rotation information * attaching key rotation information to reply surbs * added basic key rotation information to mixnet contract * wip: introducing cached queries for key rotation info from nym api * unified nym-api contract cache refreshing * finish packet decoding * multi api client + retrieving rotation id * rotating sphinx key files * logic for migrating config file * wip: putting new sphinx keys to self described endpoints * processing loop of KeyRotationController * fixed sphinx key loading * rotating bloomfilters * wired up KeyRotationController * flushing bloomfilters to disk and loading * most of nym-node changes * post rebase fixes * fixes due to backwards compatible hostkeys * split http state.rs file * dont use deprecated fields * fixed backwards compatible deserialisation of host information * split up node describe cache * added a dedicated CacheRefresher listener to perform full refresh outside the set interval * controlling announced sphinx keys within nym-api * retrieving rotation id when pulling topology * split nym-nodes http handlers * v2 nym-api endpoints to retrieve nodes with additional metadata information * bug fixes... * additional bugfixes and guards against stuck epoch * testnet manager: set first nym-api as the rewarder * fixed host information deserialisation * fixed panic during first key rotation * post rebase fixes * clippy * more guards against stuck epochs * added helper method to reset node's sphinx key * instantiate mixnet contract with custom key rotation validity * additional bugfixes and debugging nym-api deadlock * passing shutdown to nym apis client * remove dead test * post rebasing fixes * missing MixnetQueryClient variants * remove usage of deprecated methods in sdk example * fix: incorrect method signature * post rebasing fixes * attempt to retrieve key rotation id before doing any config migration work * ignore tests relying on networking behaviour * allow networking failures in certain tests
64 lines
2.2 KiB
Rust
64 lines
2.2 KiB
Rust
// Copyright 2020-2022 - Nym Technologies SA <contact@nymtech.net>
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
pub use nym_crypto::generic_array;
|
|
use nym_crypto::OutputSizeUser;
|
|
use nym_sphinx::params::GatewayIntegrityHmacAlgorithm;
|
|
|
|
pub use types::*;
|
|
|
|
pub mod authentication;
|
|
pub mod models;
|
|
pub mod registration;
|
|
pub mod shared_key;
|
|
pub mod types;
|
|
|
|
pub use shared_key::helpers::SymmetricKey;
|
|
pub use shared_key::legacy::{LegacySharedKeySize, LegacySharedKeys};
|
|
pub use shared_key::{
|
|
SharedGatewayKey, SharedKeyConversionError, SharedKeyUsageError, SharedSymmetricKey,
|
|
};
|
|
|
|
pub const CURRENT_PROTOCOL_VERSION: u8 = EMBEDDED_KEY_ROTATION_INFO_VERSION;
|
|
|
|
/// Defines the current version of the communication protocol between gateway and clients.
|
|
/// It has to be incremented for any breaking change.
|
|
// history:
|
|
// 1 - initial release
|
|
// 2 - changes to client credentials structure
|
|
// 3 - change to AES-GCM-SIV and non-zero IVs
|
|
// 4 - introduction of v2 authentication protocol to prevent reply attacks
|
|
// 5 - add key rotation information to the serialised mix packet
|
|
pub const INITIAL_PROTOCOL_VERSION: u8 = 1;
|
|
pub const CREDENTIAL_UPDATE_V2_PROTOCOL_VERSION: u8 = 2;
|
|
pub const AES_GCM_SIV_PROTOCOL_VERSION: u8 = 3;
|
|
pub const AUTHENTICATE_V2_PROTOCOL_VERSION: u8 = 4;
|
|
pub const EMBEDDED_KEY_ROTATION_INFO_VERSION: u8 = 5;
|
|
|
|
// TODO: could using `Mac` trait here for OutputSize backfire?
|
|
// Should hmac itself be exposed, imported and used instead?
|
|
pub type LegacyGatewayMacSize = <GatewayIntegrityHmacAlgorithm as OutputSizeUser>::OutputSize;
|
|
|
|
pub trait GatewayProtocolVersionExt {
|
|
fn supports_aes256_gcm_siv(&self) -> bool;
|
|
fn supports_authenticate_v2(&self) -> bool;
|
|
fn supports_key_rotation_packet(&self) -> bool;
|
|
}
|
|
|
|
impl GatewayProtocolVersionExt for Option<u8> {
|
|
fn supports_aes256_gcm_siv(&self) -> bool {
|
|
let Some(protocol) = *self else { return false };
|
|
protocol >= AES_GCM_SIV_PROTOCOL_VERSION
|
|
}
|
|
|
|
fn supports_authenticate_v2(&self) -> bool {
|
|
let Some(protocol) = *self else { return false };
|
|
protocol >= AUTHENTICATE_V2_PROTOCOL_VERSION
|
|
}
|
|
|
|
fn supports_key_rotation_packet(&self) -> bool {
|
|
let Some(protocol) = *self else { return false };
|
|
protocol >= EMBEDDED_KEY_ROTATION_INFO_VERSION
|
|
}
|
|
}
|