1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
use crate::{
KeyExchangeCompleted, SecureChannelDecryptor, SecureChannelKeyExchanger, SecureChannelListener,
SecureChannelNewKeyExchanger, SecureChannelVault,
};
use ockam_core::compat::{rand::random, vec::Vec};
use ockam_core::{Address, Result, Route};
use ockam_node::Context;
use serde::{Deserialize, Serialize};
use tracing::{debug, info};
#[derive(Serialize, Deserialize, Clone, PartialEq, Eq, Debug)]
pub struct SecureChannelInfo {
worker_address: Address,
auth_hash: [u8; 32],
}
impl SecureChannelInfo {
pub fn address(&self) -> Address {
self.worker_address.clone()
}
pub fn auth_hash(&self) -> [u8; 32] {
self.auth_hash
}
}
pub struct SecureChannel;
impl SecureChannel {
#[cfg(all(feature = "software_vault", feature = "noise_xx"))]
pub async fn create_listener<A: Into<Address>, V: SecureChannelVault>(
ctx: &Context,
address: A,
vault: &V,
) -> Result<()> {
use ockam_key_exchange_xx::XXNewKeyExchanger;
let new_key_exchanger = XXNewKeyExchanger::new(vault.async_try_clone().await?);
Self::create_listener_extended(
ctx,
address,
new_key_exchanger,
vault.async_try_clone().await?,
)
.await
}
pub async fn create_listener_extended<
A: Into<Address>,
N: SecureChannelNewKeyExchanger,
V: SecureChannelVault,
>(
ctx: &Context,
address: A,
new_key_exchanger: N,
vault: V,
) -> Result<()> {
let address = address.into();
let channel_listener = SecureChannelListener::new(new_key_exchanger, vault);
info!("Starting SecureChannel listener at {}", &address);
ctx.start_worker(address, channel_listener).await?;
Ok(())
}
#[cfg(all(feature = "software_vault", feature = "noise_xx"))]
pub async fn create<V: SecureChannelVault>(
ctx: &Context,
route: impl Into<Route>,
vault: &V,
) -> Result<SecureChannelInfo> {
use ockam_key_exchange_core::NewKeyExchanger;
use ockam_key_exchange_xx::XXNewKeyExchanger;
let new_key_exchanger = XXNewKeyExchanger::new(vault.async_try_clone().await?);
Self::create_extended(
ctx,
route,
None,
new_key_exchanger.initiator().await?,
vault.async_try_clone().await?,
)
.await
}
pub async fn create_extended(
ctx: &Context,
route: impl Into<Route>,
custom_payload: Option<Vec<u8>>,
key_exchanger: impl SecureChannelKeyExchanger,
vault: impl SecureChannelVault,
) -> Result<SecureChannelInfo> {
let address_remote: Address = random();
debug!(
"Starting SecureChannel initiator at remote: {}",
&address_remote
);
let route = route.into();
let callback_address: Address = random();
let decryptor = SecureChannelDecryptor::new_initiator(
key_exchanger,
Some(callback_address.clone()),
route,
custom_payload,
vault.async_try_clone().await?,
)
.await?;
let mut child_ctx = ctx.new_detached(callback_address).await?;
ctx.start_worker(address_remote.clone(), decryptor).await?;
let resp = child_ctx
.receive_timeout::<KeyExchangeCompleted>(120)
.await?
.take()
.body();
let info = SecureChannelInfo {
worker_address: resp.address().clone(),
auth_hash: resp.auth_hash(),
};
Ok(info)
}
}
