Skip to content

Commit

Permalink
feat(core,gen-cli): add utils to generate device bundle use it in gen…
Browse files Browse the repository at this point in the history
…-cli

this works for v2 configs for now as that's what is still used on
holoports as of now. even though that's about to change in the
short-term, it might come in handy to generate v2 configs to test the
tranisitioning to v3 configs.
  • Loading branch information
steveej committed Aug 21, 2024
1 parent cfa65d3 commit b37e7d7
Show file tree
Hide file tree
Showing 7 changed files with 95 additions and 6 deletions.
1 change: 1 addition & 0 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 4 additions & 0 deletions core/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,10 @@ serde = { workspace = true }
url = "2.1.0"
base36 = "=0.0.1"

tokio = { version = "1.12.0", features = [ "full" ] }
hc_seed_bundle = "0.2.3"
sodoken = "=0.0.11"

[dependencies.argon2min]
git = "https://github.com/Holo-Host/argon2min"
rev = "28e765e4369e19bc0126bb46acaacadf1303de22"
Expand Down
1 change: 1 addition & 0 deletions core/src/lib.rs
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
pub mod config;
pub mod public_key;
pub mod utils;

pub use config::{admin_keypair_from, Config};
25 changes: 25 additions & 0 deletions core/src/utils.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
/// Generate a new device bundle and lock it with the given passphrase.
pub fn generate_device_bundle(
passphrase: &str,
maybe_derivation_path: Option<u32>,
) -> Result<Box<[u8]>, failure::Error> {
let rt = tokio::runtime::Runtime::new()?;
let passphrase = sodoken::BufRead::from(passphrase.as_bytes());
rt.block_on(async move {
let master = hc_seed_bundle::UnlockedSeedBundle::new_random()
.await
.unwrap();

let derivation_path = maybe_derivation_path.unwrap_or(DEFAULT_DERIVATION_PATH_V2);

let device_bundle = master.derive(derivation_path).await.unwrap();
device_bundle
.lock()
.add_pwhash_cipher(passphrase)
.lock()
.await
})
.map_err(Into::into)
}

pub const DEFAULT_DERIVATION_PATH_V2: u32 = 3;
10 changes: 9 additions & 1 deletion core/tests/configuration.rs
Original file line number Diff line number Diff line change
Expand Up @@ -40,13 +40,21 @@ mod tests {
let revocation_pub_key = VerifyingKey::from_bytes(&rev_key_bytes).unwrap();
let holoport_id_bytes = holoport_id[0..32].try_into().unwrap();
let holoport_id = VerifyingKey::from_bytes(&holoport_id_bytes).unwrap();

let hpos_config = Config::new(
// email: String,
email.clone(),
// password: String,
password,
// registration_code: String,
registration_code,
// revocation_pub_key: VerifyingKey,
revocation_pub_key,
// derivation_path: String,
device_derivation_path.to_string(),
// device_bundle: String,
device_bundle_base64.clone(),
// device_pub_key: VerifyingKey,
holoport_id,
)
.unwrap();
Expand All @@ -64,7 +72,7 @@ mod tests {
settings,
} = hpos_config.0
{
assert_eq!(device_bundle, device_bundle_base64,);
assert_eq!(device_bundle, device_bundle_base64);
assert_eq!(device_derivation_path, device_derivation_path.to_string());
assert_eq!(revocation_pub_key, revocation_pub_key);
assert_eq!(holoport_id, holoport_id);
Expand Down
1 change: 1 addition & 0 deletions gen-cli/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,4 @@ serde = { workspace = true }
serde_json = { workspace = true }
sha2 = "0.8"
clap = { version = "4.5.16", features = ["derive"] }
base64 = { workspace = true }
59 changes: 54 additions & 5 deletions gen-cli/src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -39,14 +39,14 @@ struct ClapArgs {
value_name = "PATH",
help = "Derivation path of the seed"
)]
derivation_path: String,
derivation_path: Option<u32>,
#[arg(
long,
value_parser,
value_name = "STRING",
value_name = "NUMBER",
help = "HoloPort Device bundle"
)]
device_bundle: String,
device_bundle: Option<String>,
#[arg(
long,
value_parser,
Expand All @@ -56,6 +56,32 @@ struct ClapArgs {
seed_from: Option<String>,
}

// const USAGE: &str = "
// Usage: hpos-config-gen-cli --email EMAIL --password STRING --registration-code STRING [--derivation-path NUMBER] [--device-bundle STRING] [--seed-from PATH]
// hpos-config-gen-cli --help

// Creates HoloPortOS config file that contains seed and admin email/password.

// Options:
// --email EMAIL HoloPort admin email address
// --password STRING HoloPort admin password
// --registration-code CODE HoloPort admin password
// --derivation-path NUMBER Derivation path of the seed
// --device-bundle STRING Device Bundle
// --seed-from PATH Use SHA-512 hash of given file truncated to 256 bits as seed
// ";

// #[derive(Deserialize)]
// struct Args {
// flag_email: String,
// flag_password: String,
// flag_registration_code: String,
// flag_revocation_pub_key: VerifyingKey,
// flag_derivation_path: Option<u32>,
// flag_device_bundle: Option<String>,
// flag_seed_from: Option<PathBuf>,
// }

fn main() -> Result<(), Error> {
let args = ClapArgs::parse();

Expand All @@ -71,6 +97,22 @@ fn main() -> Result<(), Error> {
}
};

let derivation_path = if let Some(derivation_path) = args.derivation_path {
derivation_path
} else {
hpos_config_core::utils::DEFAULT_DERIVATION_PATH_V2
};

let device_bundle = if let Some(device_bundle) = args.device_bundle {
device_bundle
} else {
let passphrase = "pass";
let locked_device_bundle_encoded_bytes =
hpos_config_core::utils::generate_device_bundle(passphrase, Some(derivation_path))?;

base64::encode(&locked_device_bundle_encoded_bytes)
};

let secret_key = SigningKey::from_bytes(&seed);
let revocation_key = match &args.revocation_key {
None => VerifyingKey::from(&secret_key),
Expand All @@ -81,12 +123,19 @@ fn main() -> Result<(), Error> {
};

let (config, public_key) = Config::new(
// email: String,
args.email,
// password: String,
args.password,
// registration_code: String,
args.registration_code,
// revocation_pub_key: VerifyingKey,
revocation_key,
args.derivation_path,
args.device_bundle,
// derivation_path: String,
derivation_path.to_string(),
// device_bundle: String,
device_bundle,
// device_pub_key: VerifyingKey,
VerifyingKey::from(&secret_key),
)?;
eprintln!("{}", public_key::to_url(&public_key)?);
Expand Down

0 comments on commit b37e7d7

Please sign in to comment.