-
Notifications
You must be signed in to change notification settings - Fork 29
/
ed25519_action.go
86 lines (69 loc) · 2.01 KB
/
ed25519_action.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
// Copyright (c) 2021, R.I. Pienaar and the Choria Project contributors
//
// SPDX-License-Identifier: Apache-2.0
package provision
import (
"context"
"encoding/hex"
"fmt"
"os"
"path/filepath"
"github.com/choria-io/go-choria/choria"
"github.com/choria-io/go-choria/inter"
"github.com/choria-io/go-choria/providers/agent/mcorpc"
)
type ED25519Request struct {
Token string `json:"token"`
Nonce string `json:"nonce"`
}
type ED25519Reply struct {
PublicKey string `json:"public_key"`
Directory string `json:"directory"`
Signature string `json:"signature"`
}
func ed25519Action(ctx context.Context, req *mcorpc.Request, reply *mcorpc.Reply, agent *mcorpc.Agent, conn inter.ConnectorInfo) {
mu.Lock()
defer mu.Unlock()
if !agent.Choria.ProvisionMode() {
abort("Cannot reconfigure a server that is not in provisioning mode", reply)
return
}
if agent.Config.ConfigFile == "" {
abort("Cannot determine where to store secure data, no configure file given", reply)
return
}
args := ED25519Request{}
if !mcorpc.ParseRequestData(&args, req, reply) {
return
}
if !checkToken(args.Token, reply) {
return
}
secureDir, err := filepath.Abs(filepath.Dir(agent.Config.ConfigFile))
if err != nil {
abort(fmt.Sprintf("could not determine absolute path to config directory: %s", err), reply)
return
}
keyFile := filepath.Join(secureDir, "server.seed")
agent.Log.Infof("Creating a new ED25519 key in %s", secureDir)
pubK, priK, err := choria.Ed25519KeyPair()
if err != nil {
abort(fmt.Sprintf("Could not create keypair: %s", err), reply)
return
}
err = os.WriteFile(keyFile, []byte(hex.EncodeToString(priK.Seed())), 0600)
if err != nil {
abort(fmt.Sprintf("Could not write key %s: %s", keyFile, err), reply)
return
}
sig, err := choria.Ed25519Sign(priK, []byte(args.Nonce))
if err != nil {
abort(fmt.Sprintf("Could not sign the nonce: %s", err), reply)
return
}
reply.Data = &ED25519Reply{
PublicKey: hex.EncodeToString(pubK),
Signature: hex.EncodeToString(sig),
Directory: secureDir,
}
}