atm0s_reverse_proxy_protocol_ed25519/
lib.rs

1use ed25519_dalek::pkcs8::spki::der::pem::LineEnding;
2use ed25519_dalek::pkcs8::{DecodePrivateKey, EncodePrivateKey};
3use ed25519_dalek::SigningKey;
4use ed25519_dalek::{Signer, Verifier};
5use protocol::key::{AgentSigner, ClusterRequest, ClusterValidator};
6use rand::rngs::OsRng;
7use serde::{Deserialize, Serialize};
8
9#[derive(Debug, Serialize, Deserialize, PartialEq, Eq)]
10pub struct RegisterRequest {
11    pub pub_key: ed25519_dalek::VerifyingKey,
12    pub signature: ed25519_dalek::Signature,
13}
14
15impl ClusterRequest for RegisterRequest {
16    type Context = Vec<u8>;
17
18    fn context(&self) -> Self::Context {
19        self.pub_key.to_bytes().to_vec()
20    }
21}
22
23#[derive(Debug, Serialize, Deserialize, PartialEq, Eq)]
24pub struct RegisterResponse {
25    pub response: Result<String, String>,
26}
27
28pub struct AgentLocalKey {
29    sign_key: SigningKey,
30}
31
32impl AgentLocalKey {
33    pub fn random() -> Self {
34        let mut csprng = OsRng;
35        Self {
36            sign_key: SigningKey::generate(&mut csprng),
37        }
38    }
39
40    pub fn from_buf(buf: &[u8]) -> Option<Self> {
41        let buf: &[u8; 32] = buf.try_into().ok()?;
42        Some(Self {
43            sign_key: SigningKey::from_bytes(buf),
44        })
45    }
46
47    pub fn to_buf(&self) -> Vec<u8> {
48        self.sign_key.to_bytes().to_vec()
49    }
50
51    pub fn from_pem(buf: &str) -> Option<Self> {
52        let key = SigningKey::from_pkcs8_pem(buf).ok()?;
53        Some(Self { sign_key: key })
54    }
55
56    pub fn to_pem(&self) -> String {
57        let key = self.sign_key.to_pkcs8_pem(LineEnding::CRLF).expect("Should ok");
58        key.to_string()
59    }
60}
61
62impl AgentSigner<RegisterResponse> for AgentLocalKey {
63    fn sign_connect_req(&self) -> Vec<u8> {
64        let msg = self.sign_key.verifying_key().to_bytes();
65        let signature = self.sign_key.sign(&msg);
66
67        bincode::serialize(&RegisterRequest {
68            pub_key: self.sign_key.verifying_key(),
69            signature,
70        })
71        .expect("should serialize")
72        .to_vec()
73    }
74
75    fn validate_connect_res(&self, resp: &[u8]) -> anyhow::Result<RegisterResponse> {
76        Ok(bincode::deserialize(resp)?)
77    }
78}
79
80#[derive(Clone)]
81pub struct ClusterValidatorImpl {
82    root_domain: String,
83}
84
85impl ClusterValidatorImpl {
86    pub fn new(root_domain: String) -> Self {
87        Self { root_domain }
88    }
89}
90
91impl ClusterValidator<RegisterRequest> for ClusterValidatorImpl {
92    fn validate_connect_req(&self, req: &[u8]) -> anyhow::Result<RegisterRequest> {
93        let req: RegisterRequest = bincode::deserialize(req)?;
94        let msg = req.pub_key.to_bytes();
95        req.pub_key.verify(&msg, &req.signature)?;
96        Ok(req)
97    }
98
99    fn generate_domain(&self, req: &RegisterRequest) -> anyhow::Result<String> {
100        Ok(format!("{}.{}", convert_hex(&req.pub_key.to_bytes()[0..16]), self.root_domain))
101    }
102
103    fn sign_response_res(&self, m: &RegisterRequest, err: Option<String>) -> Vec<u8> {
104        if let Some(err) = err {
105            bincode::serialize(&RegisterResponse { response: Err(err) }).expect("should serialize").to_vec()
106        } else {
107            bincode::serialize(&RegisterResponse {
108                response: Ok(format!("{}.{}", convert_hex(&m.pub_key.to_bytes()[0..16]), self.root_domain)),
109            })
110            .expect("should serialize")
111            .to_vec()
112        }
113    }
114}
115
116fn convert_hex(buf: &[u8]) -> String {
117    let mut s = String::new();
118    for b in buf {
119        s.push_str(&format!("{:02x}", b));
120    }
121    s
122}