Support P256 network curve in API calls (#16)

This PR adds PrivateKey, PublicKey, and TrustedKey types for handling
host keys and CA keys. dnapi will always send both P256 and Ed25519 keys
with enrollment requests. From that point forward, dnapi will only
generate keys of the type used in prior requests.

dnapi does not attempt to "filter" trusted keys to only the curve
supported by Nebula. In other words, a P256 network requires P256 CAs
and host keys, but does not necessarily require P256 trusted keys.

Some code was moved into a keys sub-package in order to allow dnapitest
to import it, while still allowing the dnapi package to import
dnapitest. The bulk of this code is tested through a call to DoUpdate.

Author: johnmaguire

client.go

@@ -4,7 +4,9 @@ package dnapi
 import (
 	"bytes"
 	"context"
+	"crypto/ecdsa"
 	"crypto/ed25519"
+	"crypto/rand"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -14,9 +16,9 @@ import (
 	"sync/atomic"
 	"time"
 
+	"github.com/DefinedNet/dnapi/keys"
 	"github.com/DefinedNet/dnapi/message"
 	"github.com/sirupsen/logrus"
-	"github.com/slackhq/nebula/cert"
 )
 
 // Client communicates with the API server.
@@ -93,29 +95,43 @@ type EnrollMeta struct {
 // On success it returns the Nebula config generated by the server, a Nebula private key PEM to be inserted into the
 // config (see api.InsertConfigPrivateKey), credentials to be used in DNClient API requests, and a meta object
 // containing organization info.
-func (c *Client) Enroll(ctx context.Context, logger logrus.FieldLogger, code string) ([]byte, []byte, *Credentials, *EnrollMeta, error) {
+func (c *Client) Enroll(ctx context.Context, logger logrus.FieldLogger, code string) ([]byte, []byte, *keys.Credentials, *EnrollMeta, error) {
 	logger.WithFields(logrus.Fields{"server": c.dnServer}).Debug("Making enrollment request to API")
 
-	// Generate initial Ed25519 keypair for API communication
-	dhPubkeyPEM, dhPrivkeyPEM, edPubkey, edPrivkey, err := newKeys()
+	// Generate newKeys for the enrollment request
+	newKeys, err := keys.New()
+	if err != nil {
+		return nil, nil, nil, nil, err
+	}
+
+	hostEd25519PublicKeyPEM, err := newKeys.HostEd25519PublicKey.MarshalPEM()
+	if err != nil {
+		return nil, nil, nil, nil, err
+	}
+
+	hostP256PublicKeyPEM, err := newKeys.HostP256PublicKey.MarshalPEM()
 	if err != nil {
 		return nil, nil, nil, nil, err
 	}
 
 	// Make a request to the API with the enrollment code
 	jv, err := json.Marshal(message.EnrollRequest{
-		Code:      code,
-		DHPubkey:  dhPubkeyPEM,
-		EdPubkey:  cert.MarshalEd25519PublicKey(edPubkey),
-		Timestamp: time.Now(),
+		Code:               code,
+		NebulaPubkeyX25519: newKeys.NebulaX25519PublicKeyPEM,
+		HostPubkeyEd25519:  hostEd25519PublicKeyPEM,
+		NebulaPubkeyP256:   newKeys.NebulaP256PublicKeyPEM,
+		HostPubkeyP256:     hostP256PublicKeyPEM,
+		Timestamp:          time.Now(),
 	})
 	if err != nil {
 		return nil, nil, nil, nil, err
 	}
+
 	enrollURL, err := url.JoinPath(c.dnServer, message.EnrollEndpoint)
 	if err != nil {
 		return nil, nil, nil, nil, err
 	}
+
 	req, err := http.NewRequestWithContext(ctx, "POST", enrollURL, bytes.NewBuffer(jv))
 	if err != nil {
 		return nil, nil, nil, nil, err
@@ -157,22 +173,36 @@ func (c *Client) Enroll(ctx context.Context, logger logrus.FieldLogger, code str
 		OrganizationName: r.Data.Organization.Name,
 	}
 
-	trustedKeys, err := Ed25519PublicKeysFromPEM(r.Data.TrustedKeys)
+	// Determine the private keys to save based on the network curve type
+	var privkeyPEM []byte
+	var privkey keys.PrivateKey
+	switch r.Data.Network.Curve {
+	case message.NetworkCurve25519:
+		privkeyPEM = newKeys.NebulaX25519PrivateKeyPEM
+		privkey = newKeys.HostEd25519PrivateKey
+	case message.NetworkCurveP256:
+		privkeyPEM = newKeys.NebulaP256PrivateKeyPEM
+		privkey = newKeys.HostP256PrivateKey
+	default:
+		return nil, nil, nil, nil, &APIError{e: fmt.Errorf("unsupported curve type: %s", r.Data.Network.Curve), ReqID: reqID}
+	}
+
+	trustedKeys, err := keys.TrustedKeysFromPEM(r.Data.TrustedKeys)
 	if err != nil {
 		return nil, nil, nil, nil, &APIError{e: fmt.Errorf("failed to load trusted keys from bundle: %s", err), ReqID: reqID}
 	}
 
-	creds := &Credentials{
+	creds := &keys.Credentials{
 		HostID:      r.Data.HostID,
-		PrivateKey:  edPrivkey,
+		PrivateKey:  privkey,
 		Counter:     r.Data.Counter,
 		TrustedKeys: trustedKeys,
 	}
-	return r.Data.Config, dhPrivkeyPEM, creds, meta, nil
+	return r.Data.Config, privkeyPEM, creds, meta, nil
 }
 
 // CheckForUpdate sends a signed message to the DNClient API to learn if there is a new configuration available.
-func (c *Client) CheckForUpdate(ctx context.Context, creds Credentials) (bool, error) {
+func (c *Client) CheckForUpdate(ctx context.Context, creds keys.Credentials) (bool, error) {
 	respBody, err := c.postDNClient(ctx, message.CheckForUpdate, nil, creds.HostID, creds.Counter, creds.PrivateKey)
 	if err != nil {
 		return false, fmt.Errorf("failed to post message to dnclient api: %w", err)
@@ -187,7 +217,7 @@ func (c *Client) CheckForUpdate(ctx context.Context, creds Credentials) (bool, e
 
 // LongPollWait sends a signed message to a DNClient API endpoint that will block, returning only
 // if there is an action the client should take before the timeout (config updates, debug commands)
-func (c *Client) LongPollWait(ctx context.Context, creds Credentials, supportedActions []string) (*message.LongPollWaitResponse, error) {
+func (c *Client) LongPollWait(ctx context.Context, creds keys.Credentials, supportedActions []string) (*message.LongPollWaitResponse, error) {
 	value, err := json.Marshal(message.LongPollWaitRequest{
 		SupportedActions: supportedActions,
 	})
@@ -207,30 +237,54 @@ func (c *Client) LongPollWait(ctx context.Context, creds Credentials, supportedA
 	return &result.Data, nil
 }
 
-// DoUpdate sends a signed message to the DNClient API to fetch the new configuration update. During this call a new
-// DH X25519 keypair is generated for the new Nebula certificate as well as a new Ed25519 keypair for DNClient API
-// communication. On success it returns the new config, a Nebula private key PEM to be inserted into the config (see
-// api.InsertConfigPrivateKey) and new DNClient API credentials.
-func (c *Client) DoUpdate(ctx context.Context, creds Credentials) ([]byte, []byte, *Credentials, error) {
+// DoUpdate sends a signed message to the DNClient API to fetch the new configuration update. During this call new keys
+// are generated both for Nebula and DNClient API communication. If the API response is successful, the new configuration
+// is returned along with the new Nebula private key PEM and new DNClient API credentials.
+//
+// See dnapi.InsertConfigPrivateKey for how to insert the new Nebula private key into the configuration.
+func (c *Client) DoUpdate(ctx context.Context, creds keys.Credentials) ([]byte, []byte, *keys.Credentials, error) {
 	// Rotate keys
-	dhPubkeyPEM, dhPrivkeyPEM, edPubkey, edPrivkey, err := newKeys()
+	var nebulaPrivkeyPEM []byte     // ECDH
+	var hostPrivkey keys.PrivateKey // ECDSA
+
+	newKeys, err := keys.New()
 	if err != nil {
-		return nil, nil, nil, err
+		return nil, nil, nil, fmt.Errorf("failed to generate new keys: %s", err)
 	}
 
-	updateKeys := message.DoUpdateRequest{
-		EdPubkeyPEM: cert.MarshalEd25519PublicKey(edPubkey),
-		DHPubkeyPEM: dhPubkeyPEM,
-		Nonce:       nonce(),
+	msg := message.DoUpdateRequest{
+		Nonce: nonce(),
+	}
+
+	// Set the correct keypair based on the current private key type
+	switch creds.PrivateKey.Unwrap().(type) {
+	case ed25519.PrivateKey:
+		hostPubkeyPEM, err := newKeys.HostEd25519PublicKey.MarshalPEM()
+		if err != nil {
+			return nil, nil, nil, fmt.Errorf("failed to marshal Ed25519 public key: %s", err)
+		}
+		hostPrivkey = newKeys.HostEd25519PrivateKey
+		nebulaPrivkeyPEM = newKeys.NebulaX25519PrivateKeyPEM
+		msg.HostPubkeyEd25519 = hostPubkeyPEM
+		msg.NebulaPubkeyX25519 = newKeys.NebulaX25519PublicKeyPEM
+	case *ecdsa.PrivateKey:
+		hostPubkeyPEM, err := newKeys.HostP256PublicKey.MarshalPEM()
+		if err != nil {
+			return nil, nil, nil, fmt.Errorf("failed to marshal P256 public key: %s", err)
+		}
+		hostPrivkey = newKeys.HostP256PrivateKey
+		nebulaPrivkeyPEM = newKeys.NebulaP256PrivateKeyPEM
+		msg.HostPubkeyP256 = hostPubkeyPEM
+		msg.NebulaPubkeyP256 = newKeys.NebulaP256PublicKeyPEM
 	}
 
-	updateKeysBlob, err := json.Marshal(updateKeys)
+	blob, err := json.Marshal(msg)
 	if err != nil {
 		return nil, nil, nil, fmt.Errorf("failed to marshal DNClient message: %s", err)
 	}
 
 	// Make API call
-	resp, err := c.postDNClient(ctx, message.DoUpdate, updateKeysBlob, creds.HostID, creds.Counter, creds.PrivateKey)
+	resp, err := c.postDNClient(ctx, message.DoUpdate, blob, creds.HostID, creds.Counter, creds.PrivateKey)
 	if err != nil {
 		return nil, nil, nil, fmt.Errorf("failed to make API call to Defined Networking: %w", err)
 	}
@@ -243,7 +297,7 @@ func (c *Client) DoUpdate(ctx context.Context, creds Credentials) ([]byte, []byt
 	// Verify the signature
 	valid := false
 	for _, caPubkey := range creds.TrustedKeys {
-		if ed25519.Verify(caPubkey, resultWrapper.Data.Message, resultWrapper.Data.Signature) {
+		if caPubkey.Verify(resultWrapper.Data.Message, resultWrapper.Data.Signature) {
 			valid = true
 			break
 		}
@@ -260,31 +314,31 @@ func (c *Client) DoUpdate(ctx context.Context, creds Credentials) ([]byte, []byt
 	}
 
 	// Verify the nonce
-	if !bytes.Equal(result.Nonce, updateKeys.Nonce) {
-		return nil, nil, nil, fmt.Errorf("nonce mismatch between request (%s) and response (%s)", updateKeys.Nonce, result.Nonce)
+	if !bytes.Equal(result.Nonce, msg.Nonce) {
+		return nil, nil, nil, fmt.Errorf("nonce mismatch between request (%s) and response (%s)", msg.Nonce, result.Nonce)
 	}
 
 	// Verify the counter
 	if result.Counter <= creds.Counter {
 		return nil, nil, nil, fmt.Errorf("counter in request (%d) should be less than counter in response (%d)", creds.Counter, result.Counter)
 	}
 
-	trustedKeys, err := Ed25519PublicKeysFromPEM(result.TrustedKeys)
+	trustedKeys, err := keys.TrustedKeysFromPEM(result.TrustedKeys)
 	if err != nil {
 		return nil, nil, nil, fmt.Errorf("failed to load trusted keys from bundle: %s", err)
 	}
 
-	newCreds := &Credentials{
+	newCreds := &keys.Credentials{
 		HostID:      creds.HostID,
 		Counter:     result.Counter,
-		PrivateKey:  edPrivkey,
+		PrivateKey:  hostPrivkey,
 		TrustedKeys: trustedKeys,
 	}
 
-	return result.Config, dhPrivkeyPEM, newCreds, nil
+	return result.Config, nebulaPrivkeyPEM, newCreds, nil
 }
 
-func (c *Client) CommandResponse(ctx context.Context, creds Credentials, responseToken string, response any) error {
+func (c *Client) CommandResponse(ctx context.Context, creds keys.Credentials, responseToken string, response any) error {
 	value, err := json.Marshal(message.CommandResponseRequest{
 		ResponseToken: responseToken,
 		Response:      response,
@@ -297,7 +351,7 @@ func (c *Client) CommandResponse(ctx context.Context, creds Credentials, respons
 	return err
 }
 
-func (c *Client) StreamCommandResponse(ctx context.Context, creds Credentials, responseToken string) (*StreamController, error) {
+func (c *Client) StreamCommandResponse(ctx context.Context, creds keys.Credentials, responseToken string) (*StreamController, error) {
 	value, err := json.Marshal(message.CommandResponseRequest{
 		ResponseToken: responseToken,
 	})
@@ -310,7 +364,7 @@ func (c *Client) StreamCommandResponse(ctx context.Context, creds Credentials, r
 
 // streamingPostDNClient wraps and signs the given dnclientRequestWrapper message, and makes a streaming API call.
 // On success, it returns a StreamController to interact with the request. On error, the error is returned.
-func (c *Client) streamingPostDNClient(ctx context.Context, reqType string, value []byte, hostID string, counter uint, privkey ed25519.PrivateKey) (*StreamController, error) {
+func (c *Client) streamingPostDNClient(ctx context.Context, reqType string, value []byte, hostID string, counter uint, privkey keys.PrivateKey) (*StreamController, error) {
 	pr, pw := io.Pipe()
 
 	postBody, err := SignRequestV1(reqType, value, hostID, counter, privkey)
@@ -368,7 +422,7 @@ func (c *Client) streamingPostDNClient(ctx context.Context, reqType string, valu
 
 // postDNClient wraps and signs the given dnclientRequestWrapper message, and makes the API call.
 // On success, it returns the response message body. On error, the error is returned.
-func (c *Client) postDNClient(ctx context.Context, reqType string, value []byte, hostID string, counter uint, privkey ed25519.PrivateKey) ([]byte, error) {
+func (c *Client) postDNClient(ctx context.Context, reqType string, value []byte, hostID string, counter uint, privkey keys.PrivateKey) ([]byte, error) {
 	postBody, err := SignRequestV1(reqType, value, hostID, counter, privkey)
 	if err != nil {
 		return nil, err
@@ -472,3 +526,11 @@ func (t *uaTransport) RoundTrip(req *http.Request) (*http.Response, error) {
 	req.Header.Set("User-Agent", t.useragent)
 	return t.T.RoundTrip(req)
 }
+
+func nonce() []byte {
+	nonce := make([]byte, 16)
+	if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
+		panic(err)
+	}
+	return nonce
+}