Use enable credential flag for wireguard (#1375)

* Move enable cred flag in different config * Pass the enable cred flag to wireguard
nymtech · Oct 24, 2024 · d21ca28 · d21ca28
1 parent b5e0c7c
commit d21ca28
Show file tree

Hide file tree

Showing 10 changed files with 38 additions and 17 deletions.
diff --git a/nym-vpn-core/crates/nym-vpn-cli/src/main.rs b/nym-vpn-core/crates/nym-vpn-cli/src/main.rs
@@ -200,7 +200,6 @@ async fn run_vpn(args: commands::RunArgs, data_path: Option<PathBuf>) -> anyhow:
         disable_poisson_rate: args.wireguard_mode || args.disable_poisson_rate,
         disable_background_cover_traffic: args.wireguard_mode
             || args.disable_background_cover_traffic,
-        enable_credentials_mode: args.enable_credentials_mode,
         min_mixnode_performance: args.min_mixnode_performance,
         min_gateway_performance: args.min_gateway_mixnet_performance,
     };
@@ -217,6 +216,7 @@ async fn run_vpn(args: commands::RunArgs, data_path: Option<PathBuf>) -> anyhow:
 
     let tunnel_settings = TunnelSettings {
         tunnel_type,
+        enable_credentials_mode: args.enable_credentials_mode,
         mixnet_client_config: Some(mixnet_client_config),
         gateway_performance_options: GatewayPerformanceOptions::default(),
         mixnet_tunnel_options,

diff --git a/nym-vpn-core/crates/nym-vpn-lib/src/bandwidth_controller.rs b/nym-vpn-core/crates/nym-vpn-lib/src/bandwidth_controller.rs
@@ -129,19 +129,25 @@ impl<St: Storage> BandwidthController<St> {
 
     pub(crate) async fn get_initial_bandwidth(
         &self,
+        enable_credentials_mode: bool,
         ticketbook_type: TicketType,
         gateway_client: &GatewayClient,
         wg_gateway_client: &mut WgGatewayClient,
     ) -> Result<GatewayData>
     where
         <St as Storage>::StorageError: Send + Sync + 'static,
     {
-        let credential = self
-            .request_bandwidth(
-                ticketbook_type,
-                wg_gateway_client.auth_recipient().gateway().to_bytes(),
-            )
-            .await?;
+        let credential = if enable_credentials_mode {
+            let cred = self
+                .request_bandwidth(
+                    ticketbook_type,
+                    wg_gateway_client.auth_recipient().gateway().to_bytes(),
+                )
+                .await?;
+            Some(cred.data)
+        } else {
+            None
+        };
 
         // First we need to register with the gateway to setup keys and IP assignment
         tracing::info!("Registering with wireguard gateway");
@@ -155,7 +161,7 @@ impl<St: Storage> BandwidthController<St> {
                 source,
             })?;
         let wg_gateway_data = wg_gateway_client
-            .register_wireguard(gateway_host, Some(credential.data))
+            .register_wireguard(gateway_host, credential)
             .await
             .map_err(|source| Error::RegisterWireguard {
                 gateway_id: gateway_id.to_base58_string(),

diff --git a/nym-vpn-core/crates/nym-vpn-lib/src/lib.rs b/nym-vpn-core/crates/nym-vpn-lib/src/lib.rs
@@ -54,9 +54,6 @@ pub struct MixnetClientConfig {
     /// Disable constant rate background loop cover traffic
     pub disable_background_cover_traffic: bool,
 
-    /// Enable the credentials mode between the client and the entry gateway.
-    pub enable_credentials_mode: bool,
-
     /// The minimum performance of mixnodes to use.
     pub min_mixnode_performance: Option<u8>,
 

diff --git a/nym-vpn-core/crates/nym-vpn-lib/src/mixnet/connect.rs b/nym-vpn-core/crates/nym-vpn-lib/src/mixnet/connect.rs
@@ -35,7 +35,6 @@ fn apply_mixnet_client_config(
     let MixnetClientConfig {
         disable_poisson_rate,
         disable_background_cover_traffic,
-        enable_credentials_mode: _enable_credentials_mode,
         min_mixnode_performance,
         min_gateway_performance,
     } = mixnet_client_config;
@@ -77,6 +76,7 @@ pub(crate) async fn setup_mixnet_client(
     mixnet_client_key_storage_path: &Option<PathBuf>,
     mut task_client: nym_task::TaskClient,
     mixnet_client_config: MixnetClientConfig,
+    enable_credentials_mode: bool,
 ) -> Result<SharedMixnetClient, MixnetError> {
     let mut debug_config = nym_client_core::config::DebugConfig::default();
     apply_mixnet_client_config(&mixnet_client_config, &mut debug_config);
@@ -111,7 +111,7 @@ pub(crate) async fn setup_mixnet_client(
             .network_details(NymNetworkDetails::new_from_env())
             .debug_config(debug_config)
             .custom_shutdown(task_client)
-            .credentials_mode(mixnet_client_config.enable_credentials_mode)
+            .credentials_mode(enable_credentials_mode)
             .build()
             .map_err(MixnetError::FailedToBuildMixnetClient)?
             .connect_to_mixnet()
@@ -125,7 +125,7 @@ pub(crate) async fn setup_mixnet_client(
             .network_details(NymNetworkDetails::new_from_env())
             .debug_config(debug_config)
             .custom_shutdown(task_client)
-            .credentials_mode(mixnet_client_config.enable_credentials_mode)
+            .credentials_mode(enable_credentials_mode)
             .build()
             .map_err(MixnetError::FailedToBuildMixnetClient)?
             .connect_to_mixnet()

diff --git a/nym-vpn-core/crates/nym-vpn-lib/src/platform/mod.rs b/nym-vpn-core/crates/nym-vpn-lib/src/platform/mod.rs
@@ -361,6 +361,7 @@ async fn start_state_machine(config: VPNConfig) -> Result<StateMachineHandle, Vp
 
     let tunnel_settings = TunnelSettings {
         tunnel_type,
+        enable_credentials_mode: false,
         mixnet_tunnel_options: MixnetTunnelOptions::default(),
         gateway_performance_options: GatewayPerformanceOptions::default(),
         mixnet_client_config: None,

diff --git a/nym-vpn-core/crates/nym-vpn-lib/src/tunnel_state_machine/mod.rs b/nym-vpn-core/crates/nym-vpn-lib/src/tunnel_state_machine/mod.rs
@@ -73,6 +73,9 @@ pub struct TunnelSettings {
     /// Type of tunnel.
     pub tunnel_type: TunnelType,
 
+    /// Enable the credentials mode between the client and the gateways.
+    pub enable_credentials_mode: bool,
+
     /// Mixnet tunnel options.
     pub mixnet_tunnel_options: MixnetTunnelOptions,
 
@@ -128,6 +131,7 @@ impl Default for TunnelSettings {
     fn default() -> Self {
         Self {
             tunnel_type: TunnelType::Wireguard,
+            enable_credentials_mode: false,
             mixnet_tunnel_options: MixnetTunnelOptions::default(),
             mixnet_client_config: None,
             gateway_performance_options: GatewayPerformanceOptions::default(),

diff --git a/nym-vpn-core/crates/nym-vpn-lib/src/tunnel_state_machine/states/connecting_state.rs b/nym-vpn-core/crates/nym-vpn-lib/src/tunnel_state_machine/states/connecting_state.rs
@@ -78,6 +78,7 @@ impl ConnectingState {
             gateway_config,
             mixnet_client_config: shared_state.tunnel_settings.mixnet_client_config.clone(),
             tunnel_type: shared_state.tunnel_settings.tunnel_type,
+            enable_credentials_mode: shared_state.tunnel_settings.enable_credentials_mode,
             entry_point: shared_state.tunnel_settings.entry_point.clone(),
             exit_point: shared_state.tunnel_settings.exit_point.clone(),
             user_agent: None, // todo: provide user-agent
@@ -237,7 +238,7 @@ impl ConnectingState {
         shared_state: &mut SharedState,
     ) -> Result<(TunnelConnectionData, AnyTunnelHandle)> {
         let connected_tunnel = connected_mixnet
-            .connect_wireguard_tunnel()
+            .connect_wireguard_tunnel(shared_state.tunnel_settings.enable_credentials_mode)
             .await
             .map_err(Error::ConnectWireguardTunnel)?;
 

diff --git a/nym-vpn-core/crates/nym-vpn-lib/src/tunnel_state_machine/tunnel/mod.rs b/nym-vpn-core/crates/nym-vpn-lib/src/tunnel_state_machine/tunnel/mod.rs
@@ -67,14 +67,19 @@ impl ConnectedMixnet {
     /// Creates a tunnel over WireGuard.
     pub async fn connect_wireguard_tunnel(
         self,
+        enable_credentials_mode: bool,
     ) -> Result<wireguard::connected_tunnel::ConnectedTunnel> {
         let connector = wireguard::connector::Connector::new(
             self.task_manager,
             self.mixnet_client,
             self.gateway_directory_client,
         );
         connector
-            .connect(self.selected_gateways, self.data_path)
+            .connect(
+                enable_credentials_mode,
+                self.selected_gateways,
+                self.data_path,
+            )
             .await
     }
 }
@@ -84,6 +89,7 @@ pub struct MixnetConnectOptions {
     pub gateway_config: nym_gateway_directory::Config,
     pub mixnet_client_config: Option<MixnetClientConfig>,
     pub tunnel_type: TunnelType,
+    pub enable_credentials_mode: bool,
     pub entry_point: Box<EntryPoint>,
     pub exit_point: Box<ExitPoint>,
     pub user_agent: Option<UserAgent>,
@@ -125,6 +131,7 @@ pub async fn connect_mixnet(options: MixnetConnectOptions) -> Result<ConnectedMi
             &options.data_path,
             task_manager.subscribe_named("mixnet_client_main"),
             mixnet_client_config,
+            options.enable_credentials_mode,
         ),
     )
     .await

diff --git a/nym-vpn-core/crates/nym-vpn-lib/src/tunnel_state_machine/tunnel/wireguard/connector.rs b/nym-vpn-core/crates/nym-vpn-lib/src/tunnel_state_machine/tunnel/wireguard/connector.rs
@@ -43,6 +43,7 @@ impl Connector {
 
     pub async fn connect(
         self,
+        enable_credentials_mode: bool,
         selected_gateways: SelectedGateways,
         data_path: Option<PathBuf>,
     ) -> Result<ConnectedTunnel> {
@@ -77,13 +78,15 @@ impl Connector {
             )?;
             let entry = bw
                 .get_initial_bandwidth(
+                    enable_credentials_mode,
                     TicketType::V1WireguardEntry,
                     &self.gateway_directory_client,
                     &mut wg_entry_gateway_client,
                 )
                 .await?;
             let exit = bw
                 .get_initial_bandwidth(
+                    enable_credentials_mode,
                     TicketType::V1WireguardExit,
                     &self.gateway_directory_client,
                     &mut wg_exit_gateway_client,
@@ -103,13 +106,15 @@ impl Connector {
             )?;
             let entry = bw
                 .get_initial_bandwidth(
+                    enable_credentials_mode,
                     TicketType::V1WireguardEntry,
                     &self.gateway_directory_client,
                     &mut wg_entry_gateway_client,
                 )
                 .await?;
             let exit = bw
                 .get_initial_bandwidth(
+                    enable_credentials_mode,
                     TicketType::V1WireguardExit,
                     &self.gateway_directory_client,
                     &mut wg_exit_gateway_client,

diff --git a/nym-vpn-core/crates/nym-vpnd/src/service/vpn_service.rs b/nym-vpn-core/crates/nym-vpnd/src/service/vpn_service.rs
@@ -671,7 +671,6 @@ where
         let mixnet_client_config = MixnetClientConfig {
             disable_poisson_rate: options.disable_poisson_rate,
             disable_background_cover_traffic: options.disable_background_cover_traffic,
-            enable_credentials_mode: options.enable_credentials_mode,
             min_mixnode_performance: options
                 .min_mixnode_performance
                 .map(|p| p.round_to_integer()),
@@ -693,6 +692,7 @@ where
 
         let tunnel_settings = TunnelSettings {
             tunnel_type,
+            enable_credentials_mode: options.enable_credentials_mode,
             mixnet_tunnel_options: MixnetTunnelOptions::default(),
             gateway_performance_options: gateway_options,
             mixnet_client_config: Some(mixnet_client_config),