From 382688d251bb99e8be9404c0744079eb1c14e2ba Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Tue, 3 Jan 2023 15:24:46 -0500 Subject: [PATCH] Generalize typestates, make verified valid because its more correct for Identity. --- controller/src/controller.rs | 8 ++--- controller/src/filedatabase.rs | 8 ++--- controller/src/postgresdatabase.rs | 10 +++--- crypto/src/lib.rs | 2 +- crypto/src/{verified.rs => typestate.rs} | 34 ++++++++----------- network-hypervisor/src/vl1/identity.rs | 14 ++++---- network-hypervisor/src/vl1/mod.rs | 2 +- network-hypervisor/src/vl1/node.rs | 25 +++++++------- network-hypervisor/src/vl1/peer.rs | 6 ++-- network-hypervisor/src/vl1/rootset.rs | 8 ++--- network-hypervisor/src/vl2/revocation.rs | 4 +-- network-hypervisor/src/vl2/switch.rs | 4 +-- .../src/vl2/v1/certificateofmembership.rs | 11 +++--- vl1-service/src/datadir.rs | 12 +++---- vl1-service/src/vl1service.rs | 8 ++--- 15 files changed, 76 insertions(+), 80 deletions(-) rename crypto/src/{verified.rs => typestate.rs} (68%) diff --git a/controller/src/controller.rs b/controller/src/controller.rs index 7f0bbb91d..32ef810d0 100644 --- a/controller/src/controller.rs +++ b/controller/src/controller.rs @@ -35,7 +35,7 @@ pub struct Controller { reaper: Reaper, runtime: tokio::runtime::Handle, database: Arc, - local_identity: Verified, + local_identity: Valid, /// Handler for MULTICAST_LIKE and MULTICAST_GATHER messages. multicast_authority: MulticastAuthority, @@ -256,7 +256,7 @@ impl Controller { /// reason is returned with None or an acceptance reason with a network configuration is returned. async fn authorize( self: &Arc, - source_identity: &Verified, + source_identity: &Valid, network_id: NetworkId, time_clock: i64, ) -> Result<(AuthenticationResult, Option), Box> { @@ -499,14 +499,14 @@ impl Controller { impl InnerProtocolLayer for Controller { #[inline(always)] - fn should_respond_to(&self, _: &Verified) -> bool { + fn should_respond_to(&self, _: &Valid) -> bool { // Controllers always have to establish sessions to process requests. We don't really know if // a member is relevant until we have looked up both the network and the member, since whether // or not to "learn" unknown members is a network level option. true } - fn has_trust_relationship(&self, id: &Verified) -> bool { + fn has_trust_relationship(&self, id: &Valid) -> bool { self.recently_authorized .read() .unwrap() diff --git a/controller/src/filedatabase.rs b/controller/src/filedatabase.rs index 2850064ba..ca1234d2e 100644 --- a/controller/src/filedatabase.rs +++ b/controller/src/filedatabase.rs @@ -5,7 +5,7 @@ use async_trait::async_trait; use notify::{RecursiveMode, Watcher}; use serde::de::DeserializeOwned; -use zerotier_network_hypervisor::vl1::{Address, Identity, Verified}; +use zerotier_network_hypervisor::vl1::{Address, Identity, Valid}; use zerotier_network_hypervisor::vl2::NetworkId; use zerotier_utils::reaper::Reaper; use zerotier_utils::tokio::fs; @@ -32,7 +32,7 @@ const EVENT_HANDLER_TASK_TIMEOUT: Duration = Duration::from_secs(10); /// is different from V1 so it'll need a converter to use with V1 FileDb controller data. pub struct FileDatabase { base_path: PathBuf, - local_identity: Verified, + local_identity: Valid, change_sender: Sender, tasks: Reaper, cache: Cache, @@ -251,11 +251,11 @@ impl Drop for FileDatabase { } impl VL1DataStorage for FileDatabase { - fn load_node_identity(&self) -> Option> { + fn load_node_identity(&self) -> Option> { load_node_identity(self.base_path.as_path()) } - fn save_node_identity(&self, id: &Verified) -> bool { + fn save_node_identity(&self, id: &Valid) -> bool { save_node_identity(self.base_path.as_path(), id) } } diff --git a/controller/src/postgresdatabase.rs b/controller/src/postgresdatabase.rs index 822ef8775..cc7198ed9 100644 --- a/controller/src/postgresdatabase.rs +++ b/controller/src/postgresdatabase.rs @@ -10,7 +10,7 @@ use tokio_postgres::types::Type; use tokio_postgres::{Client, Statement}; use zerotier_crypto::secure_eq; -use zerotier_crypto::verified::Verified; +use zerotier_crypto::typestate::Valid; use zerotier_network_hypervisor::vl1::{Address, Identity, InetAddress}; use zerotier_network_hypervisor::vl2::networkconfig::IpRoute; @@ -137,7 +137,7 @@ impl<'a> Drop for ConnectionHolder<'a> { pub struct PostgresDatabase { local_controller_id_str: String, - local_identity: Verified, + local_identity: Valid, connections: Mutex<(Vec>, Sender<()>)>, postgres_path: String, runtime: Handle, @@ -148,7 +148,7 @@ impl PostgresDatabase { runtime: Handle, postgres_path: String, num_connections: usize, - local_identity: Verified, + local_identity: Valid, ) -> Result, Error> { assert!(num_connections > 0); let (sender, _) = channel(4096); @@ -189,11 +189,11 @@ impl PostgresDatabase { } impl VL1DataStorage for PostgresDatabase { - fn load_node_identity(&self) -> Option> { + fn load_node_identity(&self) -> Option> { Some(self.local_identity.clone()) } - fn save_node_identity(&self, id: &Verified) -> bool { + fn save_node_identity(&self, id: &Valid) -> bool { panic!("local identity saving not supported by PostgresDatabase") } } diff --git a/crypto/src/lib.rs b/crypto/src/lib.rs index 7e28a999b..94ab7ff7f 100644 --- a/crypto/src/lib.rs +++ b/crypto/src/lib.rs @@ -8,7 +8,7 @@ pub mod poly1305; pub mod random; pub mod salsa; pub mod secret; -pub mod verified; +pub mod typestate; pub mod x25519; pub const ZEROES: [u8; 64] = [0_u8; 64]; diff --git a/crypto/src/verified.rs b/crypto/src/typestate.rs similarity index 68% rename from crypto/src/verified.rs rename to crypto/src/typestate.rs index 73cba50d8..f8aa47f4c 100644 --- a/crypto/src/verified.rs +++ b/crypto/src/typestate.rs @@ -4,31 +4,25 @@ use std::fmt::Debug; use std::hash::Hash; use std::ops::{Deref, DerefMut}; -/// A zero-overhead typestate indicating that a credential has been verified as valid. -/// -/// What this means is obviously specific to the credential. -/// -/// The purpose of this is to make code more self-documenting and make it harder to accidentally -/// use an unverified/unvalidated credential (or other security critical object) where a verified -/// one is required. +/// Typestate indicating that a credential or other object has been internally validated. #[repr(transparent)] -pub struct Verified(T); +pub struct Valid(T); -impl AsRef for Verified { +impl AsRef for Valid { #[inline(always)] fn as_ref(&self) -> &T { &self.0 } } -impl AsMut for Verified { +impl AsMut for Valid { #[inline(always)] fn as_mut(&mut self) -> &mut T { &mut self.0 } } -impl Deref for Verified { +impl Deref for Valid { type Target = T; #[inline(always)] @@ -37,14 +31,14 @@ impl Deref for Verified { } } -impl DerefMut for Verified { +impl DerefMut for Valid { #[inline(always)] fn deref_mut(&mut self) -> &mut Self::Target { &mut self.0 } } -impl Clone for Verified +impl Clone for Valid where T: Clone, { @@ -54,7 +48,7 @@ where } } -impl PartialEq for Verified +impl PartialEq for Valid where T: PartialEq, { @@ -64,9 +58,9 @@ where } } -impl Eq for Verified where T: Eq {} +impl Eq for Valid where T: Eq {} -impl Ord for Verified +impl Ord for Valid where T: Ord, { @@ -76,7 +70,7 @@ where } } -impl PartialOrd for Verified +impl PartialOrd for Valid where T: PartialOrd, { @@ -86,7 +80,7 @@ where } } -impl Hash for Verified +impl Hash for Valid where T: Hash, { @@ -96,7 +90,7 @@ where } } -impl Debug for Verified +impl Debug for Valid where T: Debug, { @@ -106,7 +100,7 @@ where } } -impl Verified { +impl Valid { /// Strip the Verified typestate off this object. #[inline(always)] pub fn unwrap(self) -> T { diff --git a/network-hypervisor/src/vl1/identity.rs b/network-hypervisor/src/vl1/identity.rs index c28033b2b..fa70071e9 100644 --- a/network-hypervisor/src/vl1/identity.rs +++ b/network-hypervisor/src/vl1/identity.rs @@ -9,11 +9,11 @@ use std::str::FromStr; use serde::{Deserialize, Deserializer, Serialize, Serializer}; -use zerotier_crypto::{hash::*, secure_eq}; use zerotier_crypto::p384::*; use zerotier_crypto::salsa::Salsa; use zerotier_crypto::secret::Secret; use zerotier_crypto::x25519::*; +use zerotier_crypto::{hash::*, secure_eq}; use zerotier_utils::arrayvec::ArrayVec; use zerotier_utils::buffer::Buffer; @@ -23,7 +23,7 @@ use zerotier_utils::{base64_decode_url_nopad, base64_encode_url_nopad, hex}; use crate::protocol::{ADDRESS_SIZE, ADDRESS_SIZE_STRING, IDENTITY_POW_THRESHOLD}; use crate::vl1::Address; -use crate::vl1::Verified; +use crate::vl1::Valid; /// Current maximum size for an identity signature. pub const IDENTITY_MAX_SIGNATURE_SIZE: usize = P384_ECDSA_SIGNATURE_SIZE + 1; @@ -166,7 +166,7 @@ impl Identity { const FLAG_INCLUDES_SECRETS: u8 = 0x80; /// Generate a new identity. - pub fn generate() -> Verified { + pub fn generate() -> Valid { // First generate an identity with just x25519 keys and derive its address. let mut sha = SHA512::new(); let ed25519 = Ed25519KeyPair::generate(); @@ -206,7 +206,7 @@ impl Identity { assert!(id.upgrade().is_ok()); assert!(id.p384.is_some() && id.secret.as_ref().unwrap().p384.is_some()); - Verified::assume_verified(id) + Valid::assume_verified(id) } /// Upgrade older x25519-only identities to hybrid identities with both x25519 and NIST P-384 curves. @@ -290,7 +290,7 @@ impl Identity { /// Locally check the validity of this identity. /// /// This is somewhat time consuming due to the memory-intensive work algorithm. - pub fn validate(self) -> Option> { + pub fn validate(self) -> Option> { if let Some(p384) = self.p384.as_ref() { let mut self_sign_buf: Vec = Vec::with_capacity( ADDRESS_SIZE + 4 + C25519_PUBLIC_KEY_SIZE + ED25519_PUBLIC_KEY_SIZE + P384_PUBLIC_KEY_SIZE + P384_PUBLIC_KEY_SIZE, @@ -321,7 +321,7 @@ impl Identity { zt_address_derivation_work_function(&mut digest); return if digest[0] < IDENTITY_POW_THRESHOLD && Address::from_bytes(&digest[59..64]).map_or(false, |a| a == self.address) { - Some(Verified::assume_verified(self)) + Some(Valid::assume_verified(self)) } else { None }; @@ -345,7 +345,7 @@ impl Identity { /// For new identities with P-384 keys a hybrid agreement is performed using both X25519 and NIST P-384 ECDH. /// The final key is derived as HMAC(x25519 secret, p-384 secret) to yield a FIPS-compliant key agreement with /// the X25519 secret being used as a "salt" as far as FIPS is concerned. - pub fn agree(&self, other: &Verified) -> Option> { + pub fn agree(&self, other: &Valid) -> Option> { if let Some(secret) = self.secret.as_ref() { let c25519_secret: Secret<64> = Secret(SHA512::hash(&secret.x25519.agree(&other.x25519).0)); diff --git a/network-hypervisor/src/vl1/mod.rs b/network-hypervisor/src/vl1/mod.rs index 4135866c5..5c7e71dc2 100644 --- a/network-hypervisor/src/vl1/mod.rs +++ b/network-hypervisor/src/vl1/mod.rs @@ -23,7 +23,7 @@ pub use path::Path; pub use peer::Peer; pub use rootset::{Root, RootSet}; -pub use zerotier_crypto::verified::Verified; +pub use zerotier_crypto::typestate::Valid; #[cfg(feature = "debug_events")] #[allow(unused_macros)] diff --git a/network-hypervisor/src/vl1/node.rs b/network-hypervisor/src/vl1/node.rs index 9d3ea869b..c2408f7fe 100644 --- a/network-hypervisor/src/vl1/node.rs +++ b/network-hypervisor/src/vl1/node.rs @@ -17,7 +17,7 @@ use crate::vl1::identity::Identity; use crate::vl1::path::{Path, PathServiceResult}; use crate::vl1::peer::Peer; use crate::vl1::rootset::RootSet; -use crate::vl1::Verified; +use crate::vl1::Valid; use zerotier_crypto::random; use zerotier_utils::error::InvalidParameterError; @@ -42,10 +42,10 @@ pub trait ApplicationLayer: Sync + Send { fn event(&self, event: Event); /// Load this node's identity from the data store. - fn load_node_identity(&self) -> Option>; + fn load_node_identity(&self) -> Option>; /// Save this node's identity to the data store, returning true on success. - fn save_node_identity(&self, id: &Verified) -> bool; + fn save_node_identity(&self, id: &Valid) -> bool; /// Get a pooled packet buffer for internal use. fn get_buffer(&self) -> PooledPacketBuffer; @@ -84,7 +84,7 @@ pub trait ApplicationLayer: Sync + Send { #[allow(unused_variables)] fn should_use_physical_path( &self, - id: &Verified, + id: &Valid, endpoint: &Endpoint, local_socket: Option<&Application::LocalSocket>, local_interface: Option<&Application::LocalInterface>, @@ -98,7 +98,7 @@ pub trait ApplicationLayer: Sync + Send { #[allow(unused_variables)] fn get_path_hints( &self, - id: &Verified, + id: &Valid, ) -> Option, Option)>> { None } @@ -133,7 +133,7 @@ pub trait InnerProtocolLayer: Sync + Send { /// Check if this node should respond to messages from a given peer at all. /// /// The default implementation always returns true. - fn should_respond_to(&self, id: &Verified) -> bool { + fn should_respond_to(&self, id: &Valid) -> bool { true } @@ -144,7 +144,7 @@ pub trait InnerProtocolLayer: Sync + Send { /// some privileged relationship like mutual membership in a network. /// /// The default implementation always returns true. - fn has_trust_relationship(&self, id: &Verified) -> bool { + fn has_trust_relationship(&self, id: &Valid) -> bool { true } @@ -207,7 +207,7 @@ pub trait InnerProtocolLayer: Sync + Send { struct RootInfo { /// Root sets to which we are a member. - sets: HashMap>, + sets: HashMap>, /// Root peers and their statically defined endpoints (from root sets). roots: HashMap, Vec>, @@ -251,7 +251,7 @@ pub struct Node { pub instance_id: [u8; 16], /// This node's identity and permanent keys. - pub identity: Verified, + pub identity: Valid, /// Interval latches for periodic background tasks. intervals: Mutex, @@ -352,7 +352,7 @@ impl Node { /// Add a new root set or update the existing root set if the new root set is newer and otherwise matches. #[inline] - pub fn add_update_root_set(&self, rs: Verified) -> bool { + pub fn add_update_root_set(&self, rs: Valid) -> bool { let mut roots = self.roots.write().unwrap(); if let Some(entry) = roots.sets.get_mut(&rs.name) { if rs.should_replace(entry) { @@ -468,8 +468,7 @@ impl Node { if let Some(peer) = peers.get(&m.identity.address) { new_roots.insert(peer.clone(), m.endpoints.as_ref().unwrap().iter().cloned().collect()); } else { - if let Some(peer) = Peer::new(&self.identity, Verified::assume_verified(m.identity.clone()), time_ticks) - { + if let Some(peer) = Peer::new(&self.identity, Valid::assume_verified(m.identity.clone()), time_ticks) { drop(peers); new_roots.insert( self.peers @@ -968,7 +967,7 @@ impl Node { /// This will only replace an existing root set with a newer one. It won't add a new root set, which must be /// done by an authorized user or administrator not just by a root. #[allow(unused)] - pub(crate) fn on_remote_update_root_set(&self, received_from: &Identity, rs: Verified) { + pub(crate) fn on_remote_update_root_set(&self, received_from: &Identity, rs: Valid) { let mut roots = self.roots.write().unwrap(); if let Some(entry) = roots.sets.get_mut(&rs.name) { if entry.members.iter().any(|m| m.identity.eq(received_from)) && rs.should_replace(entry) { diff --git a/network-hypervisor/src/vl1/peer.rs b/network-hypervisor/src/vl1/peer.rs index 32e912d0b..3178b213b 100644 --- a/network-hypervisor/src/vl1/peer.rs +++ b/network-hypervisor/src/vl1/peer.rs @@ -18,14 +18,14 @@ use crate::protocol::*; use crate::vl1::address::Address; use crate::vl1::debug_event; use crate::vl1::node::*; -use crate::vl1::Verified; +use crate::vl1::Valid; use crate::vl1::{Endpoint, Identity, Path}; use crate::{VERSION_MAJOR, VERSION_MINOR, VERSION_REVISION}; pub(crate) const SERVICE_INTERVAL_MS: i64 = 10000; pub struct Peer { - pub identity: Verified, + pub identity: Valid, v1_proto_static_secret: v1::SymmetricSecret, paths: Mutex>, @@ -62,7 +62,7 @@ impl Peer { /// /// This only returns None if this_node_identity does not have its secrets or if some /// fatal error occurs performing key agreement between the two identities. - pub(crate) fn new(this_node_identity: &Verified, id: Verified, time_ticks: i64) -> Option { + pub(crate) fn new(this_node_identity: &Valid, id: Valid, time_ticks: i64) -> Option { this_node_identity.agree(&id).map(|static_secret| -> Self { Self { identity: id, diff --git a/network-hypervisor/src/vl1/rootset.rs b/network-hypervisor/src/vl1/rootset.rs index 0647f2c37..56d60c0bb 100644 --- a/network-hypervisor/src/vl1/rootset.rs +++ b/network-hypervisor/src/vl1/rootset.rs @@ -6,7 +6,7 @@ use std::io::Write; use crate::vl1::identity::{Identity, IDENTITY_MAX_SIGNATURE_SIZE}; use crate::vl1::Endpoint; -use zerotier_crypto::verified::Verified; +use zerotier_crypto::typestate::Valid; use zerotier_utils::arrayvec::ArrayVec; use zerotier_utils::buffer::Buffer; use zerotier_utils::marshalable::{Marshalable, UnmarshalError}; @@ -91,7 +91,7 @@ impl RootSet { } /// Get the ZeroTier default root set, which contains roots run by ZeroTier Inc. - pub fn zerotier_default() -> Verified { + pub fn zerotier_default() -> Valid { let mut cursor = 0; let rs = include_bytes!("../../default-rootset/root.zerotier.com.bin"); //let rs = include_bytes!("../../default-rootset/test-root.bin"); @@ -107,7 +107,7 @@ impl RootSet { } /// Verify signatures present in this root cluster definition. - pub fn verify(self) -> Option> { + pub fn verify(self) -> Option> { if self.members.is_empty() { return None; } @@ -119,7 +119,7 @@ impl RootSet { } } - return Some(Verified::assume_verified(self)); + return Some(Valid::assume_verified(self)); } /// Add a member to this definition, replacing any current entry with this address. diff --git a/network-hypervisor/src/vl2/revocation.rs b/network-hypervisor/src/vl2/revocation.rs index 484de1f6b..21c7595f9 100644 --- a/network-hypervisor/src/vl2/revocation.rs +++ b/network-hypervisor/src/vl2/revocation.rs @@ -1,6 +1,6 @@ use std::io::Write; -use zerotier_crypto::verified::Verified; +use zerotier_crypto::typestate::Valid; use zerotier_utils::arrayvec::ArrayVec; use serde::{Deserialize, Serialize}; @@ -26,7 +26,7 @@ impl Revocation { threshold: i64, target: Address, issued_to: Address, - signer: &Verified, + signer: &Valid, fast_propagate: bool, ) -> Option { let mut r = Self { diff --git a/network-hypervisor/src/vl2/switch.rs b/network-hypervisor/src/vl2/switch.rs index 6f103ddaa..8b66ee4c2 100644 --- a/network-hypervisor/src/vl2/switch.rs +++ b/network-hypervisor/src/vl2/switch.rs @@ -11,11 +11,11 @@ pub struct Switch {} #[allow(unused_variables)] impl InnerProtocolLayer for Switch { - fn should_respond_to(&self, id: &zerotier_crypto::verified::Verified) -> bool { + fn should_respond_to(&self, id: &zerotier_crypto::typestate::Valid) -> bool { true } - fn has_trust_relationship(&self, id: &zerotier_crypto::verified::Verified) -> bool { + fn has_trust_relationship(&self, id: &zerotier_crypto::typestate::Valid) -> bool { true } diff --git a/network-hypervisor/src/vl2/v1/certificateofmembership.rs b/network-hypervisor/src/vl2/v1/certificateofmembership.rs index 7c0261088..36aa705cb 100644 --- a/network-hypervisor/src/vl2/v1/certificateofmembership.rs +++ b/network-hypervisor/src/vl2/v1/certificateofmembership.rs @@ -8,7 +8,7 @@ use serde::{Deserialize, Serialize}; use zerotier_crypto::hash::SHA384; use zerotier_crypto::secure_eq; -use zerotier_crypto::verified::Verified; +use zerotier_crypto::typestate::Valid; use zerotier_utils::arrayvec::ArrayVec; use zerotier_utils::blob::Blob; use zerotier_utils::error::InvalidParameterError; @@ -171,10 +171,13 @@ impl CertificateOfMembership { } /// Verify this certificate of membership. - pub fn verify(self, issuer: &Identity, expect_issued_to: &Identity) -> Option> { - if secure_eq(&Self::v1_proto_issued_to_fingerprint(expect_issued_to), &self.issued_to_fingerprint.as_bytes()[..32]) { + pub fn verify(self, issuer: &Identity, expect_issued_to: &Identity) -> Option> { + if secure_eq( + &Self::v1_proto_issued_to_fingerprint(expect_issued_to), + &self.issued_to_fingerprint.as_bytes()[..32], + ) { if issuer.verify(&self.v1_proto_get_qualifier_bytes(), self.signature.as_bytes()) { - return Some(Verified::assume_verified(self)); + return Some(Valid::assume_verified(self)); } } return None; diff --git a/vl1-service/src/datadir.rs b/vl1-service/src/datadir.rs index 553767f69..6bce2a160 100644 --- a/vl1-service/src/datadir.rs +++ b/vl1-service/src/datadir.rs @@ -8,7 +8,7 @@ use serde::de::DeserializeOwned; use serde::Serialize; use zerotier_crypto::random::next_u32_secure; -use zerotier_network_hypervisor::vl1::{Identity, Verified}; +use zerotier_network_hypervisor::vl1::{Identity, Valid}; use zerotier_utils::io::{fs_restrict_permissions, read_limit, DEFAULT_FILE_IO_READ_LIMIT}; use zerotier_utils::json::to_json_pretty; @@ -22,7 +22,7 @@ pub const CONFIG_FILENAME: &'static str = "local.conf"; const AUTH_TOKEN_DEFAULT_LENGTH: usize = 48; const AUTH_TOKEN_POSSIBLE_CHARS: &'static str = "0123456789abcdefghijklmnopqrstuvwxyz"; -pub fn load_node_identity(base_path: &Path) -> Option> { +pub fn load_node_identity(base_path: &Path) -> Option> { let id_data = read_limit(base_path.join(IDENTITY_SECRET_FILENAME), 4096); if id_data.is_err() { return None; @@ -31,10 +31,10 @@ pub fn load_node_identity(base_path: &Path) -> Option> { if id_data.is_err() { return None; } - Some(Verified::assume_verified(id_data.unwrap())) + Some(Valid::assume_verified(id_data.unwrap())) } -pub fn save_node_identity(base_path: &Path, id: &Verified) -> bool { +pub fn save_node_identity(base_path: &Path, id: &Valid) -> bool { assert!(id.secret.is_some()); let id_secret_str = id.to_secret_string(); let id_public_str = id.to_string(); @@ -53,11 +53,11 @@ pub struct DataDir VL1DataStorage for DataDir { - fn load_node_identity(&self) -> Option> { + fn load_node_identity(&self) -> Option> { load_node_identity(self.base_path.as_path()) } - fn save_node_identity(&self, id: &Verified) -> bool { + fn save_node_identity(&self, id: &Valid) -> bool { save_node_identity(self.base_path.as_path(), id) } } diff --git a/vl1-service/src/vl1service.rs b/vl1-service/src/vl1service.rs index 0c3c2e693..e6ed37682 100644 --- a/vl1-service/src/vl1service.rs +++ b/vl1-service/src/vl1service.rs @@ -22,8 +22,8 @@ const UPDATE_UDP_BINDINGS_EVERY_SECS: usize = 10; /// Trait to implement to provide storage for VL1-related state information. pub trait VL1DataStorage: Sync + Send { - fn load_node_identity(&self) -> Option>; - fn save_node_identity(&self, id: &Verified) -> bool; + fn load_node_identity(&self) -> Option>; + fn save_node_identity(&self, id: &Valid) -> bool; } /// VL1 service that connects to the physical network and hosts an inner protocol like ZeroTier VL2. @@ -218,12 +218,12 @@ impl ApplicationLayer for VL1Servi } #[inline] - fn load_node_identity(&self) -> Option> { + fn load_node_identity(&self) -> Option> { self.vl1_data_storage.load_node_identity() } #[inline] - fn save_node_identity(&self, id: &Verified) -> bool { + fn save_node_identity(&self, id: &Valid) -> bool { self.vl1_data_storage.save_node_identity(id) }