support encryption (#60)

easytier/src/common/config.rs

@@ -6,6 +6,8 @@ use std::{
 use anyhow::Context;
 use serde::{Deserialize, Serialize};
 
+use crate::tunnel::generate_digest_from_str;
+
 #[auto_impl::auto_impl(Box, &)]
 pub trait ConfigLoader: Send + Sync {
     fn get_id(&self) -> uuid::Uuid;
@@ -52,17 +54,49 @@ pub trait ConfigLoader: Send + Sync {
     fn dump(&self) -> String;
 }
 
-#[derive(Debug, Clone, Deserialize, Serialize, PartialEq)]
+pub type NetworkSecretDigest = [u8; 32];
+
+#[derive(Debug, Clone, Deserialize, Serialize, Default)]
 pub struct NetworkIdentity {
     pub network_name: String,
-    pub network_secret: String,
+    pub network_secret: Option<String>,
+    #[serde(skip)]
+    pub network_secret_digest: Option<NetworkSecretDigest>,
+}
+
+impl PartialEq for NetworkIdentity {
+    fn eq(&self, other: &Self) -> bool {
+        if self.network_name != other.network_name {
+            return false;
+        }
+
+        if self.network_secret.is_some()
+            && other.network_secret.is_some()
+            && self.network_secret != other.network_secret
+        {
+            return false;
+        }
+
+        if self.network_secret_digest.is_some()
+            && other.network_secret_digest.is_some()
+            && self.network_secret_digest != other.network_secret_digest
+        {
+            return false;
+        }
+
+        return true;
+    }
 }
 
 impl NetworkIdentity {
     pub fn new(network_name: String, network_secret: String) -> Self {
+        let mut network_secret_digest = [0u8; 32];
+        generate_digest_from_str(&network_name, &network_secret, &mut network_secret_digest);
+
         NetworkIdentity {
             network_name,
-            network_secret,
+            network_secret: Some(network_secret),
+            network_secret_digest: Some(network_secret_digest),
         }
     }
 
@@ -106,6 +140,8 @@ pub struct VpnPortalConfig {
 pub struct Flags {
     #[derivative(Default(value = "\"tcp\".to_string()"))]
     pub default_protocol: String,
+    #[derivative(Default(value = "true"))]
+    pub enable_encryption: bool,
 }
 
 #[derive(Debug, Clone, Deserialize, Serialize, PartialEq)]

easytier/src/common/error.rs

@@ -47,6 +47,9 @@ pub enum Error {
 
     #[error("message decode error: {0}")]
     MessageDecodeError(String),
+
+    #[error("secret key error: {0}")]
+    SecretKeyError(String),
 }
 
 pub type Result<T> = result::Result<T, Error>;

easytier/src/common/global_ctx.rs

@@ -1,4 +1,8 @@
-use std::sync::{Arc, Mutex};
+use std::collections::hash_map::DefaultHasher;
+use std::{
+    hash::Hasher,
+    sync::{Arc, Mutex},
+};
 
 use crate::rpc::PeerConnInfo;
 use crossbeam::atomic::AtomicCell;
@@ -203,6 +207,23 @@ impl GlobalCtx {
     pub fn get_flags(&self) -> Flags {
         self.config.get_flags()
     }
+
+    pub fn get_128_key(&self) -> [u8; 16] {
+        let mut key = [0u8; 16];
+        let secret = self
+            .config
+            .get_network_identity()
+            .network_secret
+            .unwrap_or_default();
+        // fill key according to network secret
+        let mut hasher = DefaultHasher::new();
+        hasher.write(secret.as_bytes());
+        key[0..8].copy_from_slice(&hasher.finish().to_be_bytes());
+        hasher.write(&key[0..8]);
+        key[8..16].copy_from_slice(&hasher.finish().to_be_bytes());
+        hasher.write(&key[0..16]);
+        key
+    }
 }
 
 #[cfg(test)]