From 30d3f6e176a7588a7aec58e53c0973e6f95a88d8 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Fri, 16 Sep 2022 18:44:14 -0400 Subject: [PATCH] Start defining a bunch of VL2 data and credential objects for controller. --- controller/Cargo.toml | 1 + controller/src/lib.rs | 2 + controller/src/main.rs | 2 + network-hypervisor/src/vl1/identity.rs | 3 + .../src/vl2/certificateofmembership.rs | 17 +++ .../src/vl2/certificateofownership.rs | 12 ++ network-hypervisor/src/vl2/mod.rs | 10 ++ network-hypervisor/src/vl2/networkconfig.rs | 119 ++++++++++++++++++ network-hypervisor/src/vl2/rule.rs | 4 + network-hypervisor/src/vl2/tag.rs | 18 +++ 10 files changed, 188 insertions(+) create mode 100644 network-hypervisor/src/vl2/certificateofmembership.rs create mode 100644 network-hypervisor/src/vl2/certificateofownership.rs create mode 100644 network-hypervisor/src/vl2/networkconfig.rs create mode 100644 network-hypervisor/src/vl2/rule.rs create mode 100644 network-hypervisor/src/vl2/tag.rs diff --git a/controller/Cargo.toml b/controller/Cargo.toml index 4da7ac66f..ce5613ddf 100644 --- a/controller/Cargo.toml +++ b/controller/Cargo.toml @@ -11,5 +11,6 @@ path = "src/main.rs" zerotier-crypto = { path = "../crypto" } zerotier-utils = { path = "../utils" } zerotier-network-hypervisor = { path = "../network-hypervisor" } +zerotier-vl1-service = { path = "../vl1-service" } serde = { version = "^1", features = ["derive"], default-features = false } serde_json = { version = "^1", features = ["std"], default-features = false } diff --git a/controller/src/lib.rs b/controller/src/lib.rs index 65880be0e..7c69b1e28 100644 --- a/controller/src/lib.rs +++ b/controller/src/lib.rs @@ -1 +1,3 @@ +// (c) 2020-2022 ZeroTier, Inc. -- currently propritery pending actual release and licensing. See LICENSE.md. + pub mod model; diff --git a/controller/src/main.rs b/controller/src/main.rs index f328e4d9d..cde385cba 100644 --- a/controller/src/main.rs +++ b/controller/src/main.rs @@ -1 +1,3 @@ +// (c) 2020-2022 ZeroTier, Inc. -- currently propritery pending actual release and licensing. See LICENSE.md. + fn main() {} diff --git a/network-hypervisor/src/vl1/identity.rs b/network-hypervisor/src/vl1/identity.rs index 5c532611a..5a6b0abf3 100644 --- a/network-hypervisor/src/vl1/identity.rs +++ b/network-hypervisor/src/vl1/identity.rs @@ -21,6 +21,9 @@ use crate::error::{InvalidFormatError, InvalidParameterError}; use crate::vl1::protocol::{ADDRESS_SIZE, ADDRESS_SIZE_STRING, IDENTITY_FINGERPRINT_SIZE, IDENTITY_POW_THRESHOLD}; use crate::vl1::Address; +/// Current maximum size for an identity signature. +pub const MAX_SIGNATURE_SIZE: usize = P384_ECDSA_SIGNATURE_SIZE + 1; + /// Secret keys associated with NIST P-384 public keys. #[derive(Clone)] pub struct IdentityP384Secret { diff --git a/network-hypervisor/src/vl2/certificateofmembership.rs b/network-hypervisor/src/vl2/certificateofmembership.rs new file mode 100644 index 000000000..a3f6465dd --- /dev/null +++ b/network-hypervisor/src/vl2/certificateofmembership.rs @@ -0,0 +1,17 @@ +use crate::vl1::identity; +use crate::vl1::Address; +use crate::vl2::NetworkId; + +use serde::{Deserialize, Serialize}; + +use zerotier_utils::arrayvec::ArrayVec; + +#[derive(Clone, Serialize, Deserialize, PartialEq, Eq)] +pub struct CertificateOfMembership { + pub issued_to: Address, + //pub issued_to_fingerprint: [u8; 48], + pub network_id: NetworkId, + pub timestamp: i64, + pub max_delta: i64, + //pub signature: ArrayVec, +} diff --git a/network-hypervisor/src/vl2/certificateofownership.rs b/network-hypervisor/src/vl2/certificateofownership.rs new file mode 100644 index 000000000..d0aeb0501 --- /dev/null +++ b/network-hypervisor/src/vl2/certificateofownership.rs @@ -0,0 +1,12 @@ +use crate::vl2::NetworkId; + +use serde::{Deserialize, Serialize}; + +#[derive(Clone, Serialize, Deserialize, PartialEq, Eq)] +pub struct CertificateOfOwnership { + pub network_id: NetworkId, + pub timestamp: i64, + pub flags: u64, + pub id: u32, + // TODO +} diff --git a/network-hypervisor/src/vl2/mod.rs b/network-hypervisor/src/vl2/mod.rs index 6a4f1f248..3e35a9322 100644 --- a/network-hypervisor/src/vl2/mod.rs +++ b/network-hypervisor/src/vl2/mod.rs @@ -1,9 +1,19 @@ // (c) 2020-2022 ZeroTier, Inc. -- currently propritery pending actual release and licensing. See LICENSE.md. +mod certificateofmembership; +mod certificateofownership; mod multicastgroup; +mod networkconfig; mod networkid; +mod rule; mod switch; +mod tag; +pub use certificateofmembership::CertificateOfMembership; +pub use certificateofownership::CertificateOfOwnership; pub use multicastgroup::MulticastGroup; +pub use networkconfig::NetworkConfig; pub use networkid::NetworkId; +pub use rule::Rule; pub use switch::{Switch, SwitchInterface}; +pub use tag::Tag; diff --git a/network-hypervisor/src/vl2/networkconfig.rs b/network-hypervisor/src/vl2/networkconfig.rs new file mode 100644 index 000000000..2b3c10fc4 --- /dev/null +++ b/network-hypervisor/src/vl2/networkconfig.rs @@ -0,0 +1,119 @@ +// (c) 2020-2022 ZeroTier, Inc. -- currently propritery pending actual release and licensing. See LICENSE.md. + +use std::collections::HashMap; + +use serde::{Deserialize, Serialize}; + +use crate::vl1::{Address, InetAddress}; +use crate::vl2::certificateofmembership::CertificateOfMembership; +use crate::vl2::certificateofownership::CertificateOfOwnership; +use crate::vl2::rule::Rule; +use crate::vl2::tag::Tag; + +#[allow(unused)] +pub mod dictionary_fields { + pub mod network_config { + pub const VERSION: &'static str = "v"; + pub const NETWORK_ID: &'static str = "nwid"; + pub const TIMESTAMP: &'static str = "ts"; + pub const REVISION: &'static str = "r"; + pub const ISSUED_TO: &'static str = "id"; + pub const FLAGS: &'static str = "f"; + pub const MULTICAST_LIMIT: &'static str = "ml"; + pub const TYPE: &'static str = "t"; + pub const NAME: &'static str = "n"; + pub const MOTD: &'static str = "motd"; + pub const MTU: &'static str = "mtu"; + pub const MAX_DELTA: &'static str = "ctmd"; + pub const CERTIFICATE_OF_MEMBERSHIP: &'static str = "C"; + pub const ROUTES: &'static str = "RT"; + pub const STATIC_IPS: &'static str = "I"; + pub const RULES: &'static str = "R"; + pub const TAGS: &'static str = "TAG"; + pub const CERTIFICATES_OF_OWNERSHIP: &'static str = "COO"; + pub const DNS: &'static str = "DNS"; + pub const NODE_INFO: &'static str = "NI"; + pub const CENTRAL_URL: &'static str = "ssoce"; + pub const SSO_ENABLED: &'static str = "ssoe"; + pub const SSO_VERSION: &'static str = "ssov"; + pub const SSO_AUTHENTICATION_URL: &'static str = "aurl"; + pub const SSO_AUTHENTICATION_EXPIRY_TIME: &'static str = "aexpt"; + pub const SSO_ISSUER_URL: &'static str = "iurl"; + pub const SSO_NONCE: &'static str = "sson"; + pub const SSO_STATE: &'static str = "ssos"; + pub const SSO_CLIENT_ID: &'static str = "ssocid"; + } + + pub mod sso_auth_info { + pub const VERSION: &'static str = "aV"; + pub const AUTHENTICATION_URL: &'static str = "aU"; + pub const ISSUER_URL: &'static str = "iU"; + pub const CENTRAL_URL: &'static str = "aCU"; + pub const NONCE: &'static str = "aN"; + pub const STATE: &'static str = "aS"; + pub const CLIENT_ID: &'static str = "aCID"; + } +} + +/// Network configuration object sent to nodes by network controllers. +#[derive(Clone, Serialize, Deserialize, PartialEq, Eq)] +pub struct NetworkConfig { + pub id: u64, + pub name: String, + pub motd: String, + pub issued_to: Address, + pub private: bool, + + pub timestamp: i64, + pub max_delta: i64, + pub revision: u64, + + pub mtu: u32, + pub multicast_limit: u32, + pub routes: Vec, + pub static_ips: Vec, + pub rules: Vec, + pub dns: Vec, + + pub certificate_of_membership: CertificateOfMembership, + pub certificates_of_ownership: Vec, + pub tags: Vec, + + pub node_info: HashMap, + + pub central_url: String, + + pub sso_enabled: bool, + pub sso_version: u32, + pub sso_authentication_url: String, + pub sso_authentication_expiry_time: i64, + pub sso_issuer_url: String, + pub sso_nonce: String, + pub sso_state: String, + pub sso_client_id: String, +} + +/// Information about nodes on the network that can be included in a network config. +#[derive(Clone, Serialize, Deserialize, PartialEq, Eq)] +pub struct NodeInfo { + pub flags: u64, + pub ip: Option, + pub name: Option, + pub services: HashMap>, +} + +/// Statically pushed L3 IP routes included with a network configuration. +#[derive(Clone, Serialize, Deserialize, PartialEq, Eq)] +pub struct IpRoute { + pub target: InetAddress, + pub via: Option, + pub flags: u16, + pub metric: u16, +} + +/// ZeroTier-pushed DNS nameserver configuration. +#[derive(Clone, Serialize, Deserialize, PartialEq, Eq)] +pub struct Nameserver { + pub ip: InetAddress, + pub domain: String, +} diff --git a/network-hypervisor/src/vl2/rule.rs b/network-hypervisor/src/vl2/rule.rs new file mode 100644 index 000000000..c5b83bf8b --- /dev/null +++ b/network-hypervisor/src/vl2/rule.rs @@ -0,0 +1,4 @@ +use serde::{Deserialize, Serialize}; + +#[derive(Clone, Serialize, Deserialize, PartialEq, Eq)] +pub enum Rule {} diff --git a/network-hypervisor/src/vl2/tag.rs b/network-hypervisor/src/vl2/tag.rs new file mode 100644 index 000000000..80e9cd2de --- /dev/null +++ b/network-hypervisor/src/vl2/tag.rs @@ -0,0 +1,18 @@ +use crate::vl1::identity; +use crate::vl1::Address; +use crate::vl2::NetworkId; + +use serde::{Deserialize, Serialize}; + +use zerotier_utils::arrayvec::ArrayVec; + +#[derive(Clone, Serialize, Deserialize, PartialEq, Eq)] +pub struct Tag { + pub id: u32, + pub value: u32, + pub network_id: NetworkId, + pub timestamp: i64, + pub issued_to: Address, + pub signed_by: Address, + //pub signature: ArrayVec, +}