mirror of
https://github.com/netbirdio/netbird.git
synced 2024-12-28 17:48:50 +01:00
5de4acf2fe
This PR aims to integrate Rosenpass with NetBird. It adds a manager for Rosenpass that starts a Rosenpass server and handles the managed peers. It uses the cunicu/go-rosenpass implementation. Rosenpass will then negotiate a pre-shared key every 2 minutes and apply it to the wireguard connection. The Feature can be enabled by setting a flag during the netbird up --enable-rosenpass command. If two peers are both support and have the Rosenpass feature enabled they will create a post-quantum secure connection. If one of the peers or both don't have this feature enabled or are running an older version that does not have this feature yet, the NetBird client will fall back to a plain Wireguard connection without pre-shared keys for those connections (keeping Rosenpass negotiation for the rest). Additionally, this PR includes an update of all Github Actions workflows to use go version 1.21.0 as this is a requirement for the integration. --------- Co-authored-by: braginini <bangvalo@gmail.com> Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
74 lines
2.1 KiB
Protocol Buffer
74 lines
2.1 KiB
Protocol Buffer
syntax = "proto3";
|
|
|
|
import "google/protobuf/descriptor.proto";
|
|
|
|
option go_package = "/proto";
|
|
|
|
package signalexchange;
|
|
|
|
service SignalExchange {
|
|
// Synchronously connect to the Signal Exchange service offering connection candidates and waiting for connection candidates from the other party (remote peer)
|
|
rpc Send(EncryptedMessage) returns (EncryptedMessage) {}
|
|
// Connect to the Signal Exchange service offering connection candidates and maintain a channel for receiving candidates from the other party (remote peer)
|
|
rpc ConnectStream(stream EncryptedMessage) returns (stream EncryptedMessage) {}
|
|
}
|
|
|
|
// Used for sending through signal.
|
|
// The body of this message is the Body message encrypted with the Wireguard private key and the remote Peer key
|
|
message EncryptedMessage {
|
|
|
|
// Wireguard public key
|
|
string key = 2;
|
|
|
|
// Wireguard public key of the remote peer to connect to
|
|
string remoteKey = 3;
|
|
|
|
// encrypted message Body
|
|
bytes body = 4;
|
|
}
|
|
|
|
// A decrypted representation of the EncryptedMessage. Used locally before/after encryption
|
|
message Message {
|
|
// WireGuard public key
|
|
string key = 2;
|
|
|
|
// WireGuard public key of the remote peer to connect to
|
|
string remoteKey = 3;
|
|
|
|
Body body = 4;
|
|
}
|
|
|
|
// Actual body of the message that can contain credentials (type OFFER/ANSWER) or connection Candidate
|
|
// This part will be encrypted
|
|
message Body {
|
|
// Message type
|
|
enum Type {
|
|
OFFER = 0;
|
|
ANSWER = 1;
|
|
CANDIDATE = 2;
|
|
MODE = 4;
|
|
}
|
|
Type type = 1;
|
|
string payload = 2;
|
|
// wgListenPort is an actual WireGuard listen port
|
|
uint32 wgListenPort = 3;
|
|
string netBirdVersion = 4;
|
|
Mode mode = 5;
|
|
|
|
// featuresSupported list of supported features by the client of this protocol
|
|
repeated uint32 featuresSupported = 6;
|
|
|
|
// RosenpassConfig is a Rosenpass config of the remote peer our peer tries to connect to
|
|
RosenpassConfig rosenpassConfig = 7;
|
|
}
|
|
|
|
// Mode indicates a connection mode
|
|
message Mode {
|
|
optional bool direct = 1;
|
|
}
|
|
|
|
message RosenpassConfig {
|
|
bytes rosenpassPubKey = 1;
|
|
// rosenpassServerAddr is an IP:port of the rosenpass service
|
|
string rosenpassServerAddr = 2;
|
|
} |