Start defining a bunch of VL2 data and credential objects for controller.

controller/Cargo.toml

@@ -11,5 +11,6 @@ path = "src/main.rs"
 zerotier-crypto = { path = "../crypto" }
 zerotier-utils = { path = "../utils" }
 zerotier-network-hypervisor = { path = "../network-hypervisor" }
+zerotier-vl1-service = { path = "../vl1-service" }
 serde = { version = "^1", features = ["derive"], default-features = false }
 serde_json = { version = "^1", features = ["std"], default-features = false }

controller/src/lib.rs

@@ -1 +1,3 @@
+// (c) 2020-2022 ZeroTier, Inc. -- currently propritery pending actual release and licensing. See LICENSE.md.
+
 pub mod model;

controller/src/main.rs

@@ -1 +1,3 @@
+// (c) 2020-2022 ZeroTier, Inc. -- currently propritery pending actual release and licensing. See LICENSE.md.
+
 fn main() {}

network-hypervisor/src/vl1/identity.rs

@@ -21,6 +21,9 @@ use crate::error::{InvalidFormatError, InvalidParameterError};
 use crate::vl1::protocol::{ADDRESS_SIZE, ADDRESS_SIZE_STRING, IDENTITY_FINGERPRINT_SIZE, IDENTITY_POW_THRESHOLD};
 use crate::vl1::Address;
 
+/// Current maximum size for an identity signature.
+pub const MAX_SIGNATURE_SIZE: usize = P384_ECDSA_SIGNATURE_SIZE + 1;
+
 /// Secret keys associated with NIST P-384 public keys.
 #[derive(Clone)]
 pub struct IdentityP384Secret {

network-hypervisor/src/vl2/certificateofmembership.rs

@@ -0,0 +1,17 @@
+use crate::vl1::identity;
+use crate::vl1::Address;
+use crate::vl2::NetworkId;
+
+use serde::{Deserialize, Serialize};
+
+use zerotier_utils::arrayvec::ArrayVec;
+
+#[derive(Clone, Serialize, Deserialize, PartialEq, Eq)]
+pub struct CertificateOfMembership {
+    pub issued_to: Address,
+    //pub issued_to_fingerprint: [u8; 48],
+    pub network_id: NetworkId,
+    pub timestamp: i64,
+    pub max_delta: i64,
+    //pub signature: ArrayVec<u8, { identity::MAX_SIGNATURE_SIZE }>,
+}

network-hypervisor/src/vl2/certificateofownership.rs

@@ -0,0 +1,12 @@
+use crate::vl2::NetworkId;
+
+use serde::{Deserialize, Serialize};
+
+#[derive(Clone, Serialize, Deserialize, PartialEq, Eq)]
+pub struct CertificateOfOwnership {
+    pub network_id: NetworkId,
+    pub timestamp: i64,
+    pub flags: u64,
+    pub id: u32,
+    // TODO
+}

network-hypervisor/src/vl2/mod.rs

@@ -1,9 +1,19 @@
 // (c) 2020-2022 ZeroTier, Inc. -- currently propritery pending actual release and licensing. See LICENSE.md.
 
+mod certificateofmembership;
+mod certificateofownership;
 mod multicastgroup;
+mod networkconfig;
 mod networkid;
+mod rule;
 mod switch;
+mod tag;
 
+pub use certificateofmembership::CertificateOfMembership;
+pub use certificateofownership::CertificateOfOwnership;
 pub use multicastgroup::MulticastGroup;
+pub use networkconfig::NetworkConfig;
 pub use networkid::NetworkId;
+pub use rule::Rule;
 pub use switch::{Switch, SwitchInterface};
+pub use tag::Tag;

network-hypervisor/src/vl2/networkconfig.rs

@@ -0,0 +1,119 @@
+// (c) 2020-2022 ZeroTier, Inc. -- currently propritery pending actual release and licensing. See LICENSE.md.
+
+use std::collections::HashMap;
+
+use serde::{Deserialize, Serialize};
+
+use crate::vl1::{Address, InetAddress};
+use crate::vl2::certificateofmembership::CertificateOfMembership;
+use crate::vl2::certificateofownership::CertificateOfOwnership;
+use crate::vl2::rule::Rule;
+use crate::vl2::tag::Tag;
+
+#[allow(unused)]
+pub mod dictionary_fields {
+    pub mod network_config {
+        pub const VERSION: &'static str = "v";
+        pub const NETWORK_ID: &'static str = "nwid";
+        pub const TIMESTAMP: &'static str = "ts";
+        pub const REVISION: &'static str = "r";
+        pub const ISSUED_TO: &'static str = "id";
+        pub const FLAGS: &'static str = "f";
+        pub const MULTICAST_LIMIT: &'static str = "ml";
+        pub const TYPE: &'static str = "t";
+        pub const NAME: &'static str = "n";
+        pub const MOTD: &'static str = "motd";
+        pub const MTU: &'static str = "mtu";
+        pub const MAX_DELTA: &'static str = "ctmd";
+        pub const CERTIFICATE_OF_MEMBERSHIP: &'static str = "C";
+        pub const ROUTES: &'static str = "RT";
+        pub const STATIC_IPS: &'static str = "I";
+        pub const RULES: &'static str = "R";
+        pub const TAGS: &'static str = "TAG";
+        pub const CERTIFICATES_OF_OWNERSHIP: &'static str = "COO";
+        pub const DNS: &'static str = "DNS";
+        pub const NODE_INFO: &'static str = "NI";
+        pub const CENTRAL_URL: &'static str = "ssoce";
+        pub const SSO_ENABLED: &'static str = "ssoe";
+        pub const SSO_VERSION: &'static str = "ssov";
+        pub const SSO_AUTHENTICATION_URL: &'static str = "aurl";
+        pub const SSO_AUTHENTICATION_EXPIRY_TIME: &'static str = "aexpt";
+        pub const SSO_ISSUER_URL: &'static str = "iurl";
+        pub const SSO_NONCE: &'static str = "sson";
+        pub const SSO_STATE: &'static str = "ssos";
+        pub const SSO_CLIENT_ID: &'static str = "ssocid";
+    }
+
+    pub mod sso_auth_info {
+        pub const VERSION: &'static str = "aV";
+        pub const AUTHENTICATION_URL: &'static str = "aU";
+        pub const ISSUER_URL: &'static str = "iU";
+        pub const CENTRAL_URL: &'static str = "aCU";
+        pub const NONCE: &'static str = "aN";
+        pub const STATE: &'static str = "aS";
+        pub const CLIENT_ID: &'static str = "aCID";
+    }
+}
+
+/// Network configuration object sent to nodes by network controllers.
+#[derive(Clone, Serialize, Deserialize, PartialEq, Eq)]
+pub struct NetworkConfig {
+    pub id: u64,
+    pub name: String,
+    pub motd: String,
+    pub issued_to: Address,
+    pub private: bool,
+
+    pub timestamp: i64,
+    pub max_delta: i64,
+    pub revision: u64,
+
+    pub mtu: u32,
+    pub multicast_limit: u32,
+    pub routes: Vec<IpRoute>,
+    pub static_ips: Vec<InetAddress>,
+    pub rules: Vec<Rule>,
+    pub dns: Vec<Nameserver>,
+
+    pub certificate_of_membership: CertificateOfMembership,
+    pub certificates_of_ownership: Vec<CertificateOfOwnership>,
+    pub tags: Vec<Tag>,
+
+    pub node_info: HashMap<Address, NodeInfo>,
+
+    pub central_url: String,
+
+    pub sso_enabled: bool,
+    pub sso_version: u32,
+    pub sso_authentication_url: String,
+    pub sso_authentication_expiry_time: i64,
+    pub sso_issuer_url: String,
+    pub sso_nonce: String,
+    pub sso_state: String,
+    pub sso_client_id: String,
+}
+
+/// Information about nodes on the network that can be included in a network config.
+#[derive(Clone, Serialize, Deserialize, PartialEq, Eq)]
+pub struct NodeInfo {
+    pub flags: u64,
+    pub ip: Option<InetAddress>,
+    pub name: Option<String>,
+    pub services: HashMap<String, Option<String>>,
+}
+
+/// Statically pushed L3 IP routes included with a network configuration.
+#[derive(Clone, Serialize, Deserialize, PartialEq, Eq)]
+pub struct IpRoute {
+    pub target: InetAddress,
+    pub via: Option<InetAddress>,
+    pub flags: u16,
+    pub metric: u16,
+}
+
+/// ZeroTier-pushed DNS nameserver configuration.
+#[derive(Clone, Serialize, Deserialize, PartialEq, Eq)]
+pub struct Nameserver {
+    pub ip: InetAddress,
+    pub domain: String,
+}

network-hypervisor/src/vl2/rule.rs

@@ -0,0 +1,4 @@
+use serde::{Deserialize, Serialize};
+
+#[derive(Clone, Serialize, Deserialize, PartialEq, Eq)]
+pub enum Rule {}

network-hypervisor/src/vl2/tag.rs

@@ -0,0 +1,18 @@
+use crate::vl1::identity;
+use crate::vl1::Address;
+use crate::vl2::NetworkId;
+
+use serde::{Deserialize, Serialize};
+
+use zerotier_utils::arrayvec::ArrayVec;
+
+#[derive(Clone, Serialize, Deserialize, PartialEq, Eq)]
+pub struct Tag {
+    pub id: u32,
+    pub value: u32,
+    pub network_id: NetworkId,
+    pub timestamp: i64,
+    pub issued_to: Address,
+    pub signed_by: Address,
+    //pub signature: ArrayVec<u8, { identity::MAX_SIGNATURE_SIZE }>,
+}