diff --git a/CMakeLists.txt b/CMakeLists.txt
index 9ae0fe8..acf436a 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -6,7 +6,7 @@ cmake_minimum_required(VERSION 3.16)
# If MAJOR is 0, and MINOR > 0, Version is BETA
project(ColumnLynx
- VERSION 0.3.0
+ VERSION 1.0.0
LANGUAGES CXX
)
diff --git a/README.md b/README.md
index 034a632..47da520 100644
--- a/README.md
+++ b/README.md
@@ -18,22 +18,71 @@ This simplicity-focused design approach allows us to make an efficient, low-over
## Configuration
-Configurating the server and client are are relatively easy. Currently (since the project is in alpha), the configuration files **must be in the same directory as the working directory**.
+Configurating the server and client are are relatively easy. Currently (since the project is in alpha), the configuration files **must be in your system-specific config location** (which can be overriden via a CLI argument or the **COLUMNLYNX_CONFIG_DIR** Environment Variable).
+
+The defaults depends on your system.
+
+For the server:
+- Linux: **/etc/columnlynx**
+- macOS: **/etc/columnlynx**
+- Windows: **C:\ProgramData\ColumnLynx**
+
+For the client:
+- Linux: **~/.config/columnlynx**
+- macOS: **~/Library/Application Support/columnlynx**
+- Windows: **C:\Users\USERNAME\AppData\Local\ColumnLynx**
+
+### Getting a keypair
+
+Release builds of the software force you to specify your own keypairs. That's why you need to generate a keypair with some other software that you can use.
+
+This guide will show a generation example with openssl:
+
+#### Generate a keypair:
+```bash
+openssl genpkey -algorithm ED25519 -out key.pem
+```
+
+#### Extract the **Private Key Seed**:
+```bash
+openssl pkey -in key.pem -outform DER | tail -c 32 | xxd -p -c 32
+# Output example: 9f3a2b6c0f8e4d1a7c3e9a4b5d2f8c6e1a9d0b7e3f4c2a8e6d5b1f0a3c4e
+```
+
+#### Extract the **Raw Public Key**:
+```bash
+openssl pkey -in key.pem -pubout -outform DER | tail -c 32 | xxd -p -c 32
+# Output example: 1c9d4f7a3b2e8a6d0f5c9b1e4d8a7f3c6e2b1a9d5f4c8e0a7b3d6c9f2e
+```
+
+You can then set these keys accordingly in the **server_config** and **client_config** files.
+
+### Creating the Tun Interface (Linux Server ONLY)
+
+In order for the VPN server to work, you need to create the Tun interface that the VPN will use.
+
+This is the set of commands to create one on Linux. Replace the example 10.10.0.1/24 IPv4 address with the FIRST IPv4 in the Network and Subnet Mask that you set in server_config.
+```bash
+sudo ip tuntap add dev lynx0 mode tun
+sudo ip addr add 10.10.0.1/24 dev lynx0
+sudo ip link set dev lynx0 mtu 1420
+sudo ip link set dev lynx0 up
+```
### Server
"**server_config**" is a file that contains the server configuration, **one variable per line**. These are the current configuration available variables:
-- **SERVER_PUBLIC_KEY** (Hex String): The public key to be used
-- **SERVER_PRIVATE_KEY** (Hex String): The private key to be used
+- **SERVER_PUBLIC_KEY** (Hex String): The public key to be used - Used for verification
+- **SERVER_PRIVATE_KEY** (Hex String): The private key seed to be used
- **NETWORK** (IPv4 Format): The network IPv4 to be used (Server Interface still needs to be configured manually)
- **SUBNET_MASK** (Integer): The subnet mask to be used (ensure proper length, it will not be checked)
**Example:**
```
-SERVER_PUBLIC_KEY=787B648046F10DDD0B77A6303BE42D859AA65C52F5708CC3C58EB5691F217C7B
-SERVER_PRIVATE_KEY=778604245F57B847E63BD85DE8208FF1A127FB559895195928C3987E246B77B8787B648046F10DDD0B77A6303BE42D859AA65C52F5708CC3C58EB5691F217C7B
+SERVER_PUBLIC_KEY=1c9d4f7a3b2e8a6d0f5c9b1e4d8a7f3c6e2b1a9d5f4c8e0a7b3d6c9f2e
+SERVER_PRIVATE_KEY=9f3a2b6c0f8e4d1a7c3e9a4b5d2f8c6e1a9d0b7e3f4c2a8e6d5b1f0a3c4e
NETWORK=10.10.0.0
SUBNET_MASK=24
```
@@ -53,14 +102,14 @@ SUBNET_MASK=24
"**client_config**" is a file that contains the client configuration, **one variable per line**. These are the current configuration available variables:
-- **CLIENT_PUBLIC_KEY** (Hex String): The public key to be used
-- **CLIENT_PRIVATE_KEY** (Hex String): The private key to be used
+- **CLIENT_PUBLIC_KEY** (Hex String): The public key to be used - Used for verification
+- **CLIENT_PRIVATE_KEY** (Hex String): The private key seed to be used
**Example:**
```
-CLIENT_PUBLIC_KEY=8CC8BE1A9D24639D0492EF143E84E2BD4C757C9B3B687E7035173EBFCA8FEDDA
-CLIENT_PRIVATE_KEY=9B486A5B1509FA216F9EEFED85CACF2384E9D902A76CC979BFA143C18B869F5C8CC8BE1A9D24639D0492EF143E84E2BD4C757C9B3B687E7035173EBFCA8FEDDA
+CLIENT_PUBLIC_KEY=1c9d4f7a3b2e8a6d0f5c9b1e4d8a7f3c6e2b1a9d5f4c8e0a7b3d6c9f2e
+CLIENT_PRIVATE_KEY=9f3a2b6c0f8e4d1a7c3e9a4b5d2f8c6e1a9d0b7e3f4c2a8e6d5b1f0a3c4e
```
diff --git a/include/columnlynx/client/net/tcp/tcp_client.hpp b/include/columnlynx/client/net/tcp/tcp_client.hpp
index 6778ebd..0d6c6b4 100644
--- a/include/columnlynx/client/net/tcp/tcp_client.hpp
+++ b/include/columnlynx/client/net/tcp/tcp_client.hpp
@@ -14,6 +14,7 @@
#include
#include
#include
+#include
#include
#include
@@ -29,6 +30,7 @@ namespace ColumnLynx::Net::TCP {
std::shared_ptr> aesKey,
std::shared_ptr sessionIDRef,
bool insecureMode,
+ std::string& configPath,
std::shared_ptr tun = nullptr)
:
mResolver(ioContext),
@@ -42,10 +44,11 @@ namespace ColumnLynx::Net::TCP {
mHeartbeatTimer(mSocket.get_executor()),
mLastHeartbeatReceived(std::chrono::steady_clock::now()),
mLastHeartbeatSent(std::chrono::steady_clock::now()),
- mTun(tun)
+ mTun(tun),
+ mConfigDirPath(configPath)
{
// Preload the config map
- mRawClientConfig = Utils::getConfigMap("client_config");
+ mRawClientConfig = Utils::getConfigMap(configPath + "client_config");
auto itPubkey = mRawClientConfig.find("CLIENT_PUBLIC_KEY");
auto itPrivkey = mRawClientConfig.find("CLIENT_PRIVATE_KEY");
@@ -54,16 +57,22 @@ namespace ColumnLynx::Net::TCP {
Utils::log("Loading keypair from config file.");
PublicKey pk;
- PrivateKey sk;
+ PrivateSeed seed;
- std::copy_n(Utils::hexStringToBytes(itPrivkey->second).begin(), sk.size(), sk.begin()); // This is extremely stupid, but the C++ compiler has forced my hand (I would've just used to_array, but fucking asio decls)
+ std::copy_n(Utils::hexStringToBytes(itPrivkey->second).begin(), seed.size(), seed.begin()); // This is extremely stupid, but the C++ compiler has forced my hand (I would've just used to_array, but fucking asio decls)
std::copy_n(Utils::hexStringToBytes(itPubkey->second).begin(), pk.size(), pk.begin());
- mLibSodiumWrapper->setKeys(pk, sk);
+ if (!mLibSodiumWrapper->recomputeKeys(seed, pk)) {
+ throw std::runtime_error("Failed to recompute keypair from config file values!");
+ }
Utils::debug("Newly-Loaded Public Key: " + Utils::bytesToHexString(mLibSodiumWrapper->getPublicKey(), 32));
} else {
+ #if defined(DEBUG)
Utils::warn("No keypair found in config file! Using random key.");
+ #else
+ throw std::runtime_error("No keypair found in config file! Cannot start client without keys.");
+ #endif
}
}
@@ -109,5 +118,6 @@ namespace ColumnLynx::Net::TCP {
Protocol::TunConfig mTunConfig;
std::shared_ptr mTun = nullptr;
std::unordered_map mRawClientConfig;
+ std::string mConfigDirPath;
};
}
\ No newline at end of file
diff --git a/include/columnlynx/common/libsodium_wrapper.hpp b/include/columnlynx/common/libsodium_wrapper.hpp
index 0685151..a736539 100644
--- a/include/columnlynx/common/libsodium_wrapper.hpp
+++ b/include/columnlynx/common/libsodium_wrapper.hpp
@@ -17,6 +17,7 @@
namespace ColumnLynx {
using PublicKey = std::array; // Ed25519
using PrivateKey = std::array; // Ed25519
+ using PrivateSeed = std::array; // 32 bytes
using Signature = std::array; // 64 bytes
using SymmetricKey = std::array; // 32 bytes
using Nonce = std::array; // 12 bytes
@@ -53,6 +54,9 @@ namespace ColumnLynx::Utils {
}
}
+ // Recompute the keypair from a given private seed; Will return false on failure
+ bool recomputeKeys(PrivateSeed privateSeed, PublicKey storedPubKey);
+
// Helper section
// Generates a random 256-bit (32-byte) array
diff --git a/include/columnlynx/common/net/virtual_interface.hpp b/include/columnlynx/common/net/virtual_interface.hpp
index f393fcf..f207b1f 100644
--- a/include/columnlynx/common/net/virtual_interface.hpp
+++ b/include/columnlynx/common/net/virtual_interface.hpp
@@ -46,7 +46,7 @@ namespace ColumnLynx::Net {
bool configureIP(uint32_t clientIP, uint32_t serverIP,
uint8_t prefixLen, uint16_t mtu);
-
+
void resetIP();
std::vector readPacket();
diff --git a/include/columnlynx/common/utils.hpp b/include/columnlynx/common/utils.hpp
index 97014fa..7fd6467 100644
--- a/include/columnlynx/common/utils.hpp
+++ b/include/columnlynx/common/utils.hpp
@@ -44,7 +44,7 @@ namespace ColumnLynx::Utils {
std::string getVersion();
unsigned short serverPort();
unsigned char protocolVersion();
- std::vector getWhitelistedKeys();
+ std::vector getWhitelistedKeys(std::string basePath);
// Raw byte to hex string conversion helper
std::string bytesToHexString(const uint8_t* bytes, size_t length);
diff --git a/include/columnlynx/server/net/tcp/tcp_connection.hpp b/include/columnlynx/server/net/tcp/tcp_connection.hpp
index 3a45b7b..754008e 100644
--- a/include/columnlynx/server/net/tcp/tcp_connection.hpp
+++ b/include/columnlynx/server/net/tcp/tcp_connection.hpp
@@ -28,9 +28,10 @@ namespace ColumnLynx::Net::TCP {
asio::ip::tcp::socket socket,
std::shared_ptr sodiumWrapper,
std::unordered_map* serverConfig,
+ std::string configDirPath,
std::function onDisconnect)
{
- auto conn = pointer(new TCPConnection(std::move(socket), sodiumWrapper, serverConfig));
+ auto conn = pointer(new TCPConnection(std::move(socket), sodiumWrapper, serverConfig, configDirPath));
conn->mOnDisconnect = std::move(onDisconnect);
return conn;
}
@@ -50,14 +51,15 @@ namespace ColumnLynx::Net::TCP {
std::array getAESKey() const;
private:
- TCPConnection(asio::ip::tcp::socket socket, std::shared_ptr sodiumWrapper, std::unordered_map* serverConfig)
+ TCPConnection(asio::ip::tcp::socket socket, std::shared_ptr sodiumWrapper, std::unordered_map* serverConfig, std::string configDirPath)
:
mHandler(std::make_shared(std::move(socket))),
mLibSodiumWrapper(sodiumWrapper),
mRawServerConfig(serverConfig),
mHeartbeatTimer(mHandler->socket().get_executor()),
mLastHeartbeatReceived(std::chrono::steady_clock::now()),
- mLastHeartbeatSent(std::chrono::steady_clock::now())
+ mLastHeartbeatSent(std::chrono::steady_clock::now()),
+ mConfigDirPath(configDirPath)
{}
// Start the heartbeat routine
@@ -77,5 +79,6 @@ namespace ColumnLynx::Net::TCP {
std::chrono::steady_clock::time_point mLastHeartbeatSent;
int mMissedHeartbeats = 0;
std::string mRemoteIP; // Cached remote IP to avoid calling remote_endpoint() on closed sockets
+ std::string mConfigDirPath;
};
}
\ No newline at end of file
diff --git a/include/columnlynx/server/net/tcp/tcp_server.hpp b/include/columnlynx/server/net/tcp/tcp_server.hpp
index 9ff6b5e..02b175b 100644
--- a/include/columnlynx/server/net/tcp/tcp_server.hpp
+++ b/include/columnlynx/server/net/tcp/tcp_server.hpp
@@ -25,14 +25,17 @@ namespace ColumnLynx::Net::TCP {
TCPServer(asio::io_context& ioContext,
uint16_t port,
std::shared_ptr sodiumWrapper,
- std::shared_ptr hostRunning, bool ipv4Only = false)
+ std::shared_ptr hostRunning,
+ std::string& configPath,
+ bool ipv4Only = false)
: mIoContext(ioContext),
mAcceptor(ioContext),
mSodiumWrapper(sodiumWrapper),
- mHostRunning(hostRunning)
+ mHostRunning(hostRunning),
+ mConfigDirPath(configPath)
{
// Preload the config map
- mRawServerConfig = Utils::getConfigMap("server_config", {"NETWORK", "SUBNET_MASK"});
+ mRawServerConfig = Utils::getConfigMap(configPath + "server_config", {"NETWORK", "SUBNET_MASK"});
asio::error_code ec_open, ec_v6only, ec_bind;
@@ -84,6 +87,7 @@ namespace ColumnLynx::Net::TCP {
std::shared_ptr mSodiumWrapper;
std::shared_ptr mHostRunning;
std::unordered_map mRawServerConfig;
+ std::string mConfigDirPath;
};
}
\ No newline at end of file
diff --git a/src/client/main.cpp b/src/client/main.cpp
index f700ec9..5146872 100644
--- a/src/client/main.cpp
+++ b/src/client/main.cpp
@@ -12,6 +12,10 @@
#include
#include
+#if defined(__WIN32__)
+#include
+#endif
+
using asio::ip::tcp;
using namespace ColumnLynx::Utils;
using namespace ColumnLynx::Net;
@@ -48,9 +52,17 @@ int main(int argc, char** argv) {
#else
("i,interface", "Override used interface", cxxopts::value()->default_value("lynx0"))
#endif
- ("allow-selfsigned", "Allow self-signed certificates", cxxopts::value()->default_value("false"));
+ ("ignore-whitelist", "Ignore if server is not in whitelisted_keys", cxxopts::value()->default_value("false"))
+#if defined(__WIN32__)
+/* Get config dir in LOCALAPPDATA\ColumnLynx\ */
+ ("config-dir", "Override config dir path", cxxopts::value()->default_value(std::string((std::getenv("LOCALAPPDATA") ? std::getenv("LOCALAPPDATA") : "C:\\ProgramData")) + "\\ColumnLynx\\"));
+#elif defined(__APPLE__)
+ ("config-dir", "Override config dir path", cxxopts::value()->default_value(std::string((std::getenv("HOME") ? std::getenv("HOME") : "")) + "/Library/Application Support/ColumnLynx/"));
+#else
+ ("config-dir", "Override config dir path", cxxopts::value()->default_value(std::string((std::getenv("SUDO_USER") ? "/home/" + std::string(std::getenv("SUDO_USER")) : (std::getenv("HOME") ? std::getenv("HOME") : ""))) + "/.config/columnlynx/"));
+#endif
- bool insecureMode = options.parse(argc, argv).count("allow-selfsigned") > 0;
+ bool insecureMode = options.parse(argc, argv).count("ignore-whitelist") > 0;
auto optionsObj = options.parse(argc, argv);
if (optionsObj.count("help")) {
@@ -72,6 +84,21 @@ int main(int argc, char** argv) {
//WintunInitialize();
#endif
+ // Get the config path, ENV > CLI > /etc/columnlynx
+ std::string configPath = optionsObj["config-dir"].as();
+ const char* envConfigPath = std::getenv("COLUMNLYNX_CONFIG_DIR");
+ if (envConfigPath != nullptr) {
+ configPath = std::string(envConfigPath);
+ }
+
+ if (configPath.back() != '/' && configPath.back() != '\\') {
+ #if defined(__WIN32__)
+ configPath += "\\";
+ #else
+ configPath += "/";
+ #endif
+ }
+
std::shared_ptr tun = std::make_shared(optionsObj["interface"].as());
log("Using virtual interface: " + tun->getName());
@@ -84,7 +111,7 @@ int main(int argc, char** argv) {
std::shared_ptr sessionID = std::make_shared(0);
asio::io_context io;
- auto client = std::make_shared(io, host, port, sodiumWrapper, aesKey, sessionID, insecureMode, tun);
+ auto client = std::make_shared(io, host, port, sodiumWrapper, aesKey, sessionID, insecureMode, configPath, tun);
auto udpClient = std::make_shared(io, host, port, aesKey, sessionID, tun);
client->start();
diff --git a/src/client/net/tcp/tcp_client.cpp b/src/client/net/tcp/tcp_client.cpp
index 75e78df..4af0653 100644
--- a/src/client/net/tcp/tcp_client.cpp
+++ b/src/client/net/tcp/tcp_client.cpp
@@ -150,11 +150,12 @@ namespace ColumnLynx::Net::TCP {
void TCPClient::mHandleMessage(ServerMessageType type, const std::string& data) {
switch (type) {
case ServerMessageType::HANDSHAKE_IDENTIFY: {
- Utils::log("Received server identity: " + data);
std::memcpy(mServerPublicKey, data.data(), std::min(data.size(), sizeof(mServerPublicKey)));
+ std::string hexServerPub = Utils::bytesToHexString(mServerPublicKey, 32);
+ Utils::log("Received server identity. Public Key: " + hexServerPub);
// Verify pubkey against whitelisted_keys
- std::vector whitelistedKeys = Utils::getWhitelistedKeys();
+ std::vector whitelistedKeys = Utils::getWhitelistedKeys(mConfigDirPath);
if (std::find(whitelistedKeys.begin(), whitelistedKeys.end(), Utils::bytesToHexString(mServerPublicKey, 32)) == whitelistedKeys.end()) { // Key verification is handled in later steps of the handshake
if (!mInsecureMode) {
Utils::error("Server public key not in whitelisted_keys. Terminating connection.");
diff --git a/src/common/libsodium_wrapper.cpp b/src/common/libsodium_wrapper.cpp
index 8d7a8c0..c71a29d 100644
--- a/src/common/libsodium_wrapper.cpp
+++ b/src/common/libsodium_wrapper.cpp
@@ -41,4 +41,27 @@ namespace ColumnLynx::Utils {
randombytes_buf(randbytes.data(), randbytes.size());
return randbytes;
}
+
+ bool LibSodiumWrapper::recomputeKeys(PrivateSeed privateSeed, PublicKey storedPubKey) {
+ int res = crypto_sign_seed_keypair(mPublicKey.data(), mPrivateKey.data(), privateSeed.data());
+
+ if (res != 0) {
+ return false;
+ }
+
+ // Convert to Curve25519 keys for encryption
+ res = crypto_sign_ed25519_pk_to_curve25519(mXPublicKey.data(), mPublicKey.data());
+ res = crypto_sign_ed25519_sk_to_curve25519(mXPrivateKey.data(), mPrivateKey.data());
+
+ if (res != 0) {
+ return false;
+ }
+
+ // Compare to stored for verification
+ if (sodium_memcmp(mPublicKey.data(), storedPubKey.data(), crypto_sign_PUBLICKEYBYTES) != 0) {
+ return false;
+ }
+
+ return true;
+ }
}
\ No newline at end of file
diff --git a/src/common/utils.cpp b/src/common/utils.cpp
index ebf6612..f735502 100644
--- a/src/common/utils.cpp
+++ b/src/common/utils.cpp
@@ -49,7 +49,7 @@ namespace ColumnLynx::Utils {
}
std::string getVersion() {
- return "b0.3";
+ return "1.0.0";
}
unsigned short serverPort() {
@@ -101,14 +101,19 @@ namespace ColumnLynx::Utils {
return bytes;
}
- std::vector getWhitelistedKeys() {
+ std::vector getWhitelistedKeys(std::string basePath) {
// Currently re-reads the file every time, should be fine.
// Advantage of it is that you don't need to reload the server binary after adding/removing keys. Disadvantage is re-reading the file every time.
// I might redo this part.
std::vector out;
- std::ifstream file("whitelisted_keys"); // TODO: This is hardcoded for now, make dynamic
+ std::ifstream file(basePath + "whitelisted_keys");
+ if (!file.is_open()) {
+ warn("Failed to open whitelisted_keys file at path: " + basePath + "whitelisted_keys");
+ return out;
+ }
+
std::string line;
while (std::getline(file, line)) {
@@ -123,6 +128,10 @@ namespace ColumnLynx::Utils {
std::vector readLines;
std::ifstream file(path);
+ if (!file.is_open()) {
+ throw std::runtime_error("Failed to open config file at path: " + path);
+ }
+
std::string line;
while (std::getline(file, line)) {
diff --git a/src/common/virtual_interface.cpp b/src/common/virtual_interface.cpp
index 9db549c..4e7f0d8 100644
--- a/src/common/virtual_interface.cpp
+++ b/src/common/virtual_interface.cpp
@@ -72,7 +72,7 @@ namespace ColumnLynx::Net {
if (ioctl(mFd, TUNSETIFF, &ifr) < 0) {
close(mFd);
- throw std::runtime_error("TUNSETIFF failed: " + std::string(strerror(errno)));
+ throw std::runtime_error("TUNSETIFF failed (try running with sudo): " + std::string(strerror(errno)));
}
#elif defined(__APPLE__)
@@ -96,7 +96,7 @@ namespace ColumnLynx::Net {
if (connect(mFd, (struct sockaddr*)&sc, sizeof(sc)) < 0) {
if (errno == EPERM)
- throw std::runtime_error("connect(AF_SYS_CONTROL) failed: Insufficient permissions (try running as root)");
+ throw std::runtime_error("connect(AF_SYS_CONTROL) failed: Insufficient permissions (try running with sudo)");
throw std::runtime_error("connect(AF_SYS_CONTROL) failed: " + std::string(strerror(errno)));
}
@@ -326,6 +326,13 @@ namespace ColumnLynx::Net {
mIfName.c_str()
);
system(cmd);
+
+ // Wipe old routes
+ //snprintf(cmd, sizeof(cmd),
+ // "route -n delete -net %s",
+ // mIfName.c_str()
+ //);
+ //system(cmd);
#elif defined(_WIN32)
char cmd[512];
// Remove any persistent routes associated with this interface
@@ -406,6 +413,12 @@ namespace ColumnLynx::Net {
mIfName.c_str(), ipStr.c_str(), peerStr.c_str(), mtu, prefixStr.c_str());
system(cmd);
+ // Host bits are auto-normalized by the kernel on macOS, so we don't need to worry about them not being zeroed out.
+ snprintf(cmd, sizeof(cmd),
+ "route -n add -net %s/%d -interface %s",
+ ipStr.c_str(), prefixLen, mIfName.c_str());
+ system(cmd);
+
Utils::log("Executed command: " + std::string(cmd));
return true;
diff --git a/src/server/main.cpp b/src/server/main.cpp
index 3c3194e..efd59e5 100644
--- a/src/server/main.cpp
+++ b/src/server/main.cpp
@@ -16,6 +16,10 @@
#include
#include
+#if defined(__WIN32__)
+#include
+#endif
+
using asio::ip::tcp;
using namespace ColumnLynx::Utils;
using namespace ColumnLynx::Net::TCP;
@@ -37,7 +41,12 @@ int main(int argc, char** argv) {
#else
("i,interface", "Override used interface", cxxopts::value()->default_value("lynx0"))
#endif
- ("config", "Override config file path", cxxopts::value()->default_value("./server_config"));
+#if defined(__WIN32__)
+/* Get config dir in LOCALAPPDATA\ColumnLynx\ */
+ ("config-dir", "Override config dir path", cxxopts::value()->default_value("C:\\ProgramData\\ColumnLynx\\"));
+#else
+ ("config-dir", "Override config dir path", cxxopts::value()->default_value("/etc/columnlynx"));
+#endif
PanicHandler::init();
@@ -60,7 +69,22 @@ int main(int argc, char** argv) {
//WintunInitialize();
#endif
- std::unordered_map config = Utils::getConfigMap(optionsObj["config"].as());
+ // Get the config path, ENV > CLI > /etc/columnlynx
+ std::string configPath = optionsObj["config-dir"].as();
+ const char* envConfigPath = std::getenv("COLUMNLYNX_CONFIG_DIR");
+ if (envConfigPath != nullptr) {
+ configPath = std::string(envConfigPath);
+ }
+
+ if (configPath.back() != '/' && configPath.back() != '\\') {
+ #if defined(__WIN32__)
+ configPath += "\\";
+ #else
+ configPath += "/";
+ #endif
+ }
+
+ std::unordered_map config = Utils::getConfigMap(configPath + "server_config");
std::shared_ptr tun = std::make_shared(optionsObj["interface"].as());
log("Using virtual interface: " + tun->getName());
@@ -75,14 +99,20 @@ int main(int argc, char** argv) {
log("Loading keypair from config file.");
PublicKey pk;
- PrivateKey sk;
+ PrivateSeed seed;
- std::copy_n(Utils::hexStringToBytes(itPrivkey->second).begin(), sk.size(), sk.begin());
+ std::copy_n(Utils::hexStringToBytes(itPrivkey->second).begin(), seed.size(), seed.begin());
std::copy_n(Utils::hexStringToBytes(itPubkey->second).begin(), pk.size(), pk.begin());
- sodiumWrapper->setKeys(pk, sk);
+ if (!sodiumWrapper->recomputeKeys(seed, pk)) {
+ throw std::runtime_error("Failed to recompute keypair from config file values!");
+ }
} else {
+ #if defined(DEBUG)
warn("No keypair found in config file! Using random key.");
+ #else
+ throw std::runtime_error("No keypair found in config file! Cannot start server without keys.");
+ #endif
}
log("Server public key: " + bytesToHexString(sodiumWrapper->getPublicKey(), crypto_sign_PUBLICKEYBYTES));
@@ -91,7 +121,7 @@ int main(int argc, char** argv) {
asio::io_context io;
- auto server = std::make_shared(io, serverPort(), sodiumWrapper, hostRunning, ipv4Only);
+ auto server = std::make_shared(io, serverPort(), sodiumWrapper, hostRunning, configPath, ipv4Only);
auto udpServer = std::make_shared(io, serverPort(), hostRunning, ipv4Only, tun);
asio::signal_set signals(io, SIGINT, SIGTERM);
diff --git a/src/server/net/tcp/tcp_connection.cpp b/src/server/net/tcp/tcp_connection.cpp
index ffbfbb7..578d649 100644
--- a/src/server/net/tcp/tcp_connection.cpp
+++ b/src/server/net/tcp/tcp_connection.cpp
@@ -145,7 +145,7 @@ namespace ColumnLynx::Net::TCP {
Utils::debug("Key attempted connect: " + Utils::bytesToHexString(signPk.data(), signPk.size()));
- std::vector whitelistedKeys = Utils::getWhitelistedKeys();
+ std::vector whitelistedKeys = Utils::getWhitelistedKeys(mConfigDirPath);
if (std::find(whitelistedKeys.begin(), whitelistedKeys.end(), Utils::bytesToHexString(signPk.data(), signPk.size())) == whitelistedKeys.end()) {
Utils::warn("Non-whitelisted client attempted to connect, terminating. Client IP: " + reqAddr);
diff --git a/src/server/net/tcp/tcp_server.cpp b/src/server/net/tcp/tcp_server.cpp
index 05735a9..1798ea3 100644
--- a/src/server/net/tcp/tcp_server.cpp
+++ b/src/server/net/tcp/tcp_server.cpp
@@ -36,6 +36,7 @@ namespace ColumnLynx::Net::TCP {
std::move(socket),
mSodiumWrapper,
&mRawServerConfig,
+ mConfigDirPath,
[this](std::shared_ptr c) {
mClients.erase(c);
Utils::log("Client removed.");