From ab4be3424b35822c06ce38f771c39351615412cf Mon Sep 17 00:00:00 2001 From: "Tristan B. Kildaire" Date: Wed, 9 Jan 2019 11:42:07 +0200 Subject: [PATCH 1/4] Spelling fixes for peer.go --- src/yggdrasil/peer.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/yggdrasil/peer.go b/src/yggdrasil/peer.go index 333561e5..fd045419 100644 --- a/src/yggdrasil/peer.go +++ b/src/yggdrasil/peer.go @@ -14,7 +14,7 @@ import ( ) // The peers struct represents peers with an active connection. -// Incomping packets are passed to the corresponding peer, which handles them somehow. +// Incoming packets are passed to the corresponding peer, which handles them somehow. // In most cases, this involves passing the packet to the handler for outgoing traffic to another peer. // In other cases, it's link protocol traffic used to build the spanning tree, in which case this checks signatures and passes the message along to the switch. type peers struct { @@ -97,7 +97,7 @@ type peer struct { close func() // Called when a peer is removed, to close the underlying connection, or via admin api } -// Creates a new peer with the specified box, sig, and linkShared keys, using the lowest unocupied port number. +// Creates a new peer with the specified box, sig, and linkShared keys, using the lowest unoccupied port number. func (ps *peers) newPeer(box *crypto.BoxPubKey, sig *crypto.SigPubKey, linkShared *crypto.BoxSharedKey, endpoint string) *peer { now := time.Now() p := peer{box: *box, @@ -342,7 +342,7 @@ func (p *peer) handleSwitchMsg(packet []byte) { } // This generates the bytes that we sign or check the signature of for a switchMsg. -// It begins with the next node's key, followed by the root and the timetsamp, followed by coords being advertised to the next node. +// It begins with the next node's key, followed by the root and the timestamp, followed by coords being advertised to the next node. func getBytesForSig(next *crypto.SigPubKey, msg *switchMsg) []byte { var loc switchLocator for _, hop := range msg.Hops { From 345979b502fdc45e1007ef12ecf34a80c573427c Mon Sep 17 00:00:00 2001 From: "Tristan B. Kildaire" Date: Wed, 9 Jan 2019 11:44:45 +0200 Subject: [PATCH 2/4] Spelling fixes for search.go --- src/yggdrasil/search.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/yggdrasil/search.go b/src/yggdrasil/search.go index c85b719c..756ad278 100644 --- a/src/yggdrasil/search.go +++ b/src/yggdrasil/search.go @@ -30,7 +30,7 @@ const search_MAX_SEARCH_SIZE = 16 const search_RETRY_TIME = time.Second // Information about an ongoing search. -// Includes the targed NodeID, the bitmask to match it to an IP, and the list of nodes to visit / already visited. +// Includes the target NodeID, the bitmask to match it to an IP, and the list of nodes to visit / already visited. type searchInfo struct { dest crypto.NodeID mask crypto.NodeID From 08a71af2d82883649c2f210cb1720f0251fe17a7 Mon Sep 17 00:00:00 2001 From: "Tristan B. Kildaire" Date: Wed, 9 Jan 2019 11:49:12 +0200 Subject: [PATCH 3/4] Spelling fixes for switch.go --- src/yggdrasil/switch.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/yggdrasil/switch.go b/src/yggdrasil/switch.go index 3c1dae61..2b0d5d37 100644 --- a/src/yggdrasil/switch.go +++ b/src/yggdrasil/switch.go @@ -4,7 +4,7 @@ package yggdrasil // It routes packets based on distance on the spanning tree // In general, this is *not* equivalent to routing on the tree // It falls back to the tree in the worst case, but it can take shortcuts too -// This is the part that makse routing reasonably efficient on scale-free graphs +// This is the part that makes routing reasonably efficient on scale-free graphs // TODO document/comment everything in a lot more detail From 88cf6b768446e5b4f21fd3f5ea546d230deb3cd7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Christian=20Gr=C3=BCnhage?= Date: Tue, 15 Jan 2019 02:28:27 +0100 Subject: [PATCH 4/4] add ansible key generator --- contrib/ansible/genkeys.go | 123 +++++++++++++++++++++++++++++++++++++ 1 file changed, 123 insertions(+) create mode 100644 contrib/ansible/genkeys.go diff --git a/contrib/ansible/genkeys.go b/contrib/ansible/genkeys.go new file mode 100644 index 00000000..15785754 --- /dev/null +++ b/contrib/ansible/genkeys.go @@ -0,0 +1,123 @@ +/* + +This file generates crypto keys for [ansible-yggdrasil](https://github.com/jcgruenhage/ansible-yggdrasil/) + +*/ +package main + +import ( + "encoding/hex" + "flag" + "fmt" + "net" + "os" + + "github.com/yggdrasil-network/yggdrasil-go/src/address" + "github.com/yggdrasil-network/yggdrasil-go/src/crypto" +) + +var numHosts = flag.Int("hosts", 1, "number of host vars to generate") +var keyTries = flag.Int("tries", 1000, "number of tries before taking the best keys") + +type keySet struct { + priv []byte + pub []byte + id []byte + ip string +} + +func main() { + flag.Parse() + + if *numHosts > *keyTries { + println("Can't generate less keys than hosts.") + return + } + + var encryptionKeys []keySet + for i := 0; i < *numHosts + 1; i++ { + encryptionKeys = append(encryptionKeys, newBoxKey()) + } + encryptionKeys = sortKeySetArray(encryptionKeys) + for i := 0; i < *keyTries - *numHosts - 1; i++ { + encryptionKeys[0] = newBoxKey(); + encryptionKeys = bubbleUpTo(encryptionKeys, 0) + } + + var signatureKeys []keySet + for i := 0; i < *numHosts + 1; i++ { + signatureKeys = append(signatureKeys, newSigKey()) + } + signatureKeys = sortKeySetArray(signatureKeys) + for i := 0; i < *keyTries - *numHosts - 1; i++ { + signatureKeys[0] = newSigKey(); + signatureKeys = bubbleUpTo(signatureKeys, 0) + } + + os.MkdirAll("ansible/host_vars", 0755) + + for i := 1; i <= *numHosts; i++ { + os.MkdirAll(fmt.Sprintf("ansible/host_vars/%x", i), 0755) + file, err := os.Create(fmt.Sprintf("ansible/host_vars/%x/vars", i)) + if err != nil { + return + } + defer file.Close() + file.WriteString(fmt.Sprintf("yggdrasil_encryption_public_key: %v\n", hex.EncodeToString(encryptionKeys[i].pub))) + file.WriteString("yggdrasil_encryption_private_key: \"{{ vault_yggdrasil_encryption_private_key }}\"\n") + file.WriteString(fmt.Sprintf("yggdrasil_signing_public_key: %v\n", hex.EncodeToString(signatureKeys[i].pub))) + file.WriteString("yggdrasil_signing_public_key: \"{{ vault_yggdrasil_signing_private_key }}\"\n") + file.WriteString(fmt.Sprintf("ansible_host: %v\n", encryptionKeys[i].ip)) + + file, err = os.Create(fmt.Sprintf("ansible/host_vars/%x/vault", i)) + if err != nil { + return + } + defer file.Close() + file.WriteString(fmt.Sprintf("vault_yggdrasil_encryption_private_key: %v\n", hex.EncodeToString(encryptionKeys[i].priv))) + file.WriteString(fmt.Sprintf("vault_yggdrasil_signing_private_key: %v\n", hex.EncodeToString(signatureKeys[i].priv))) + } +} + +func newBoxKey() keySet { + pub, priv := crypto.NewBoxKeys() + id := crypto.GetNodeID(pub) + ip := net.IP(address.AddrForNodeID(id)[:]).String() + return keySet{priv[:], pub[:], id[:], ip} +} + +func newSigKey() keySet { + pub, priv := crypto.NewSigKeys() + id := crypto.GetTreeID(pub) + return keySet{priv[:], pub[:], id[:], ""} +} + +func isBetter(oldID, newID []byte) bool { + for idx := range oldID { + if newID[idx] > oldID[idx] { + return true + } + if newID[idx] < oldID[idx] { + return false + } + } + return false +} + +func sortKeySetArray(sets []keySet) []keySet { + for i := 0; i < len(sets); i++ { + sets = bubbleUpTo(sets, i) + } + return sets +} + +func bubbleUpTo(sets []keySet, num int) []keySet { + for i := 0; i < len(sets) - num - 1; i++ { + if isBetter(sets[i + 1].id, sets[i].id) { + var tmp = sets[i] + sets[i] = sets[i + 1] + sets[i + 1] = tmp + } + } + return sets +}