network keying

2023-06-23 21:12:48 -04:00
parent bc6421acf7
commit acebcb7947
14 changed files with 119 additions and 21 deletions
--- a/veilid-server/src/cmdline.rs
+++ b/veilid-server/src/cmdline.rs
@@ -152,6 +152,11 @@ fn do_clap_matches(default_config_path: &OsStr) -> Result<clap::ArgMatches, clap
                .long("panic")
                .help("panic on ctrl-c instead of graceful shutdown"),
        )
+        .arg(
+            Arg::new("network-key")
+                .long("network-key")
+                .help("password override to use for network isolation"),
+        )
        ;

    #[cfg(feature = "rt-tokio")]
@@ -258,6 +263,9 @@ pub fn process_command_line() -> EyreResult<(Settings, ArgMatches)> {
    if matches.occurrences_of("new-password") != 0 {
        settingsrw.core.protected_store.new_device_encryption_key_password = Some(matches.value_of("new-password").unwrap().to_owned());
    }
+    if matches.occurrences_of("network-key") != 0 {
+        settingsrw.core.network.network_key_password = Some(matches.value_of("new-password").unwrap().to_owned());
+    }

    if matches.occurrences_of("dump-txt-record") != 0 {
        // Turn off terminal logging so we can be interactive
--- a/veilid-server/src/settings.rs
+++ b/veilid-server/src/settings.rs
@@ -69,6 +69,7 @@ core:
        client_whitelist_timeout_ms: 300000 
        reverse_connection_receipt_time_ms: 5000 
        hole_punch_receipt_time_ms: 5000 
+        network_key_password: null
        routing_table:
            node_id: null
            node_id_secret: null
@@ -582,6 +583,7 @@ pub struct Network {
    pub client_whitelist_timeout_ms: u32,
    pub reverse_connection_receipt_time_ms: u32,
    pub hole_punch_receipt_time_ms: u32,
+    pub network_key_password: Option<String>,
    pub routing_table: RoutingTable,
    pub rpc: Rpc,
    pub dht: Dht,
@@ -994,6 +996,7 @@ impl Settings {
        set_config_value!(inner.core.network.client_whitelist_timeout_ms, value);
        set_config_value!(inner.core.network.reverse_connection_receipt_time_ms, value);
        set_config_value!(inner.core.network.hole_punch_receipt_time_ms, value);
+        set_config_value!(inner.core.network.network_key_password, value);
        set_config_value!(inner.core.network.routing_table.node_id, value);
        set_config_value!(inner.core.network.routing_table.node_id_secret, value);
        set_config_value!(inner.core.network.routing_table.bootstrap, value);
@@ -1174,6 +1177,9 @@ impl Settings {
                "network.hole_punch_receipt_time_ms" => {
                    Ok(Box::new(inner.core.network.hole_punch_receipt_time_ms))
                }
+                "network.network_key_password" => {
+                    Ok(Box::new(inner.core.network.network_key_password.clone()))
+                }
                "network.routing_table.node_id" => Ok(Box::new(
                    inner
                        .core
@@ -1575,6 +1581,7 @@ mod tests {
        assert_eq!(s.core.network.client_whitelist_timeout_ms, 300_000u32);
        assert_eq!(s.core.network.reverse_connection_receipt_time_ms, 5_000u32);
        assert_eq!(s.core.network.hole_punch_receipt_time_ms, 5_000u32);
+        assert_eq!(s.core.network.network_key_password, None);
        assert_eq!(s.core.network.routing_table.node_id, None);
        assert_eq!(s.core.network.routing_table.node_id_secret, None);
        //