Skip to content

Commit

Permalink
feat(core,gen-cli): add utils to generate device bundle use it in gen…
Browse files Browse the repository at this point in the history
…-cli

this works for v2 configs for now as that's what is still used on
holoports as of now. even though that's about to change in the
short-term, it might come in handy to generate v2 configs to test the
tranisitioning to v3 configs.
  • Loading branch information
steveej committed Aug 21, 2024
1 parent 1b50b0d commit c50c6d1
Show file tree
Hide file tree
Showing 7 changed files with 69 additions and 11 deletions.
1 change: 1 addition & 0 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 4 additions & 0 deletions core/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,10 @@ serde = { workspace = true }
url = "2.1.0"
base36 = "=0.0.1"

tokio = { version = "1.12.0", features = [ "full" ] }
hc_seed_bundle = "0.2.3"
sodoken = "=0.0.11"

[dependencies.argon2min]
git = "https://github.com/Holo-Host/argon2min"
rev = "28e765e4369e19bc0126bb46acaacadf1303de22"
Expand Down
1 change: 1 addition & 0 deletions core/src/lib.rs
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
pub mod config;
pub mod public_key;
pub mod utils;

pub use config::{admin_keypair_from, Config};
25 changes: 25 additions & 0 deletions core/src/utils.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
/// Generate a new device bundle and lock it with the given passphrase.
pub fn generate_device_bundle(
passphrase: &str,
maybe_derivation_path: Option<u32>,
) -> Result<Box<[u8]>, failure::Error> {
let rt = tokio::runtime::Runtime::new()?;
let passphrase = sodoken::BufRead::from(passphrase.as_bytes());
rt.block_on(async move {
let master = hc_seed_bundle::UnlockedSeedBundle::new_random()
.await
.unwrap();

let derivation_path = maybe_derivation_path.unwrap_or(DEFAULT_DERIVATION_PATH_V2);

let device_bundle = master.derive(derivation_path).await.unwrap();
device_bundle
.lock()
.add_pwhash_cipher(passphrase)
.lock()
.await
})
.map_err(Into::into)
}

pub const DEFAULT_DERIVATION_PATH_V2: u32 = 3;
11 changes: 8 additions & 3 deletions core/tests/configuration.rs
Original file line number Diff line number Diff line change
Expand Up @@ -40,13 +40,18 @@ mod tests {
let revocation_pub_key = VerifyingKey::from_bytes(&rev_key_bytes).unwrap();
let holoport_id_bytes = holoport_id[0..32].try_into().unwrap();
let holoport_id = VerifyingKey::from_bytes(&holoport_id_bytes).unwrap();
let hpos_config = Config::new(
let hpos_config = Config::new_v2(
// email: String,
email.clone(),
// password: String,
password,
// registration_code: String,
registration_code,
revocation_pub_key,
// derivation_path: String,
device_derivation_path.to_string(),
device_bundle_base64.clone(),
// device_bundle: String,
device_bundle_base64,
// device_pub_key: VerifyingKey,
holoport_id,
)
.unwrap();
Expand Down
1 change: 1 addition & 0 deletions gen-cli/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -17,3 +17,4 @@ rand = "0.8.5"
serde = { workspace = true }
serde_json = { workspace = true }
sha2 = "0.8"
base64 = { workspace = true }
37 changes: 29 additions & 8 deletions gen-cli/src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ use sha2::{Digest, Sha512Trunc256};
use std::{env, fs::File, io, path::PathBuf};

const USAGE: &str = "
Usage: hpos-config-gen-cli --email EMAIL --password STRING --registration-code STRING --derivation-path STRING --device-bundle STRING [--seed-from PATH]
Usage: hpos-config-gen-cli --email EMAIL --password STRING --registration-code STRING [--derivation-path NUMBER] [--device-bundle STRING] [--seed-from PATH]
hpos-config-gen-cli --help
Creates HoloPortOS config file that contains seed and admin email/password.
Expand All @@ -18,7 +18,7 @@ Options:
--email EMAIL HoloPort admin email address
--password STRING HoloPort admin password
--registration-code CODE HoloPort admin password
--derivation-path STRING Derivation path of the seed
--derivation-path NUMBER Derivation path of the seed
--device-bundle STRING Device Bundle
--seed-from PATH Use SHA-512 hash of given file truncated to 256 bits as seed
";
Expand All @@ -29,8 +29,8 @@ struct Args {
flag_password: String,
flag_registration_code: String,
flag_revocation_pub_key: VerifyingKey,
flag_derivation_path: String,
flag_device_bundle: String,
flag_derivation_path: Option<u32>,
flag_device_bundle: Option<String>,
flag_seed_from: Option<PathBuf>,
}

Expand All @@ -51,15 +51,36 @@ fn main() -> Result<(), Error> {
}
};

let derivation_path = if let Some(derivation_path) = args.flag_derivation_path {
derivation_path
} else {
hpos_config_core::utils::DEFAULT_DERIVATION_PATH_V2
};

let device_bundle = if let Some(device_bundle) = args.flag_device_bundle {
device_bundle
} else {
let passphrase = "pass";
let locked_device_bundle_encoded_bytes =
hpos_config_core::utils::generate_device_bundle(passphrase, Some(derivation_path))?;

base64::encode(&locked_device_bundle_encoded_bytes)
};

let secret_key = SigningKey::from_bytes(&seed);

let (config, public_key) = Config::new(
let (config, public_key) = Config::new_v2(
// email: String,
args.flag_email,
// password: String,
args.flag_password,
// registration_code: String,
args.flag_registration_code,
args.flag_revocation_pub_key,
args.flag_derivation_path,
args.flag_device_bundle,
// derivation_path: String,
derivation_path.to_string(),
// device_bundle: String,
device_bundle,
// device_pub_key: VerifyingKey,
VerifyingKey::from(&secret_key),
)?;
eprintln!("{}", public_key::to_url(&public_key)?);
Expand Down

0 comments on commit c50c6d1

Please sign in to comment.