dedis · jbsv · Nov 16, 2024 · Nov 17, 2024 · Nov 18, 2024 · Nov 21, 2024
diff --git a/cmd/grpc/client/main.go b/cmd/grpc/client/main.go
@@ -2,6 +2,8 @@ package main
 
 import (
 	"context"
+	"crypto/tls"
+	"crypto/x509"
 	"encoding/binary"
 	"errors"
 	"flag"
@@ -117,11 +119,57 @@ func main() {
 	os.Exit(0)
 }
 
+func loadClientTLSCredentials(config *utils.Config) (credentials.TransportCredentials, error) {
+	// Load certificate of the CA who signed server's certificate
+	if config.Creds.CertificateFile == "" {
+		log.Println("No servers certificates file provided, using default")
+		config.Creds.CertificateFile = "/opt/apir/server-cert.pem"
+	}
+	log.Printf("Loading servers certificates from %s", config.Creds.CertificateFile)
+
+	pemServerCA, err := os.ReadFile(config.Creds.CertificateFile)
+	if err != nil {
+		return nil, xerrors.Errorf("failed to read server's certificate: %v", err)
+	}
+
+	certPool := x509.NewCertPool()
+	if !certPool.AppendCertsFromPEM(pemServerCA) {
+		return nil, xerrors.Errorf("failed to add server CA's certificate")
+	}
+
+	// Load client's certificate and private key
+	// Load certificate of the CA who signed server's certificate
+	if config.ClientCertFile == "" {
+		log.Println("No certificate file provided, using default")
+		config.ClientCertFile = "/opt/apir/client-cert.pem"
+	}
+	if config.ClientKeyFile == "" {
+		log.Println("No key file provided, using default")
+		config.ClientKeyFile = "/opt/apir/server-key.pem"
+	}
+
+	log.Printf("Loading client certificates from %s", config.ClientCertFile)
+	log.Printf("Loading client key from %s", config.ClientKeyFile)
+
+	clientCert, err := tls.LoadX509KeyPair(config.ClientCertFile, config.ClientKeyFile)
+	if err != nil {
+		log.Fatalf("failed to load X509 key pair: %v", err)
+	}
+
+	// Create the credentials and return it
+	tlsConfig := &tls.Config{
+		Certificates: []tls.Certificate{clientCert},
+		RootCAs:      certPool,
+	}
+
+	return credentials.NewTLS(tlsConfig), nil
+}
+
 func (lc *localClient) connectToServers() error {
-	// load servers certificates
-	creds, err := utils.LoadServersCertificates()
+	// load certificates
+	creds, err := loadClientTLSCredentials(lc.config)
 	if err != nil {
-		return xerrors.Errorf("could not load servers certificates: %v", err)
+		return xerrors.Errorf("could not load credentials: %v", err)
 	}
 
 	// connect to servers and store connections

diff --git a/cmd/grpc/client/manager/mod.go b/cmd/grpc/client/manager/mod.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/binary"
 	"fmt"
+	"google.golang.org/grpc/credentials"
 	"log"
 	"sync"
 	"time"
@@ -37,17 +38,13 @@ func (m *Manager) Connect() (Actor, error) {
 	servers := make([]server, len(m.config.Addresses))
 
 	// load servers certificates
-	creds, err := utils.LoadServersCertificates()
+	creds, err := credentials.NewClientTLSFromFile(m.config.Creds.CertificateFile, "")
 	if err != nil {
 		return Actor{}, xerrors.Errorf("failed to load servers certificates: %v", err)
 	}
 
 	for i, addr := range m.config.Addresses {
-		ctx, cancel := context.WithTimeout(context.Background(), time.Second*10)
-		defer cancel()
-
-		conn, err := grpc.DialContext(ctx, addr, grpc.WithTransportCredentials(creds),
-			grpc.WithBlock())
+		conn, err := grpc.NewClient(addr, grpc.WithTransportCredentials(creds), grpc.WithBlock())
 		if err != nil {
 			return Actor{}, xerrors.Errorf("failed to connect to %s: %v", addr, err)
 		}

diff --git a/cmd/grpc/client/web/mod.go b/cmd/grpc/client/web/mod.go
@@ -43,33 +43,43 @@ const keyNotFoundErr string = "no key with the given email id is found"
 var staticPointConfig = &utils.Config{
 	Servers: map[string]utils.Server{
 		"0": {
-			IP:   "128.179.33.63",
+			IP:   "srv1.keyd.org",
 			Port: 50050,
 		},
 		"1": {
-			IP:   "128.179.33.75",
+			IP:   "srv2.keyd.org",
 			Port: 50051,
 		},
 	},
 	Addresses: []string{
-		"128.179.33.63:50050", "128.179.33.75:50051",
+		"srv1.keyd.org:50050", "srv2.keyd.org:50051",
 	},
+	Creds: utils.Creds{
+		CertificateFile: "/opt/apir/server-cert.pem"},
+
+	ClientCertFile: "/opt/apir/client-cert.pem",
+	ClientKeyFile:  "/opt/apir/client-key.pem",
 }
 
 var staticComplexConfig = &utils.Config{
 	Servers: map[string]utils.Server{
 		"0": {
-			IP:   "128.179.33.63",
+			IP:   "srv1.keyd.org",
 			Port: 50040,
 		},
 		"1": {
-			IP:   "128.179.33.75",
+			IP:   "srv2.keyd.org",
 			Port: 50041,
 		},
 	},
 	Addresses: []string{
-		"128.179.33.63:50040", "128.179.33.75:50041",
+		"srv1.keyd.org:50040", "srv2.keyd.org:50041",
 	},
+	Creds: utils.Creds{
+		CertificateFile: "/opt/apir/server-cert.pem"},
+
+	ClientCertFile: "/opt/apir/client-cert.pem",
+	ClientKeyFile:  "/opt/apir/client-key.pem",
 }
 
 var grpcOpts = []grpc.CallOption{

diff --git a/cmd/grpc/server/main.go b/cmd/grpc/server/main.go
@@ -2,7 +2,6 @@ package main
 
 import (
 	"context"
-	"crypto/tls"
 	"flag"
 	"fmt"
 	"log"
@@ -91,6 +90,22 @@ func main() {
 	}
 	addr := config.Addresses[*sid]
 
+	// run server with TLS
+	if config.Creds.CertificateFile == "" {
+		log.Println("No certificate file provided, using default")
+		config.Creds.CertificateFile = "/opt/apir/server-cert.pem"
+	}
+	if config.Creds.KeyFile == "" {
+		log.Println("No key file provided, using default")
+		config.Creds.KeyFile = "/opt/apir/server-key.pem"
+	}
+	log.Printf("Loading server certificates from %s", config.Creds.CertificateFile)
+	log.Printf("Loading server key from %s", config.Creds.KeyFile)
+	creds, err := credentials.NewServerTLSFromFile(config.Creds.CertificateFile, config.Creds.KeyFile)
+	if err != nil {
+		log.Fatalf("failed to load servers certificates: %v", err)
+	}
+
 	// load the db
 	var db *database.DB
 	var dbBytes *database.Bytes
@@ -120,29 +135,20 @@ func main() {
 	// GC after db creation
 	runtime.GC()
 
-	// run server with TLS
-	cfg := &tls.Config{
-		Certificates: []tls.Certificate{utils.ServerCertificates[*sid]},
-		ClientAuth:   tls.NoClientCert,
-	}
-	lis, err := net.Listen("tcp", addr)
-	if err != nil {
-		log.Fatalf("failed to listen: %v", err)
-	}
 	rpcServer := grpc.NewServer(
 		grpc.MaxRecvMsgSize(1024*1024*1024),
 		grpc.MaxSendMsgSize(1024*1024*1024),
-		grpc.Creds(credentials.NewTLS(cfg)),
+		grpc.Creds(creds),
 	)
 
 	// select correct server
 	var s server.Server
 	switch *scheme {
 	case "pointPIR", "pointVPIR":
 		if *cores != -1 && *experiment {
-			s = server.NewPIR(dbBytes, *cores)
+			s = server.NewPIRTwo(dbBytes, *cores)
 		} else {
-			s = server.NewPIR(dbBytes)
+			s = server.NewPIRTwo(dbBytes)
 		}
 	case "complexPIR":
 		if *cores != -1 && *experiment {
@@ -176,6 +182,11 @@ func main() {
 	signal.Notify(sigCh, os.Interrupt, syscall.SIGTERM)
 	errCh := make(chan error, 1)
 
+	lis, err := net.Listen("tcp", addr)
+	if err != nil {
+		log.Fatalf("failed to listen: %v", err)
+	}
+
 	go func() {
 		log.Println("gRPC server started at", lis.Addr())
 		if err := rpcServer.Serve(lis); err != nil {

diff --git a/go.mod b/go.mod
@@ -1,39 +1,36 @@
 module github.com/si-co/vpir-code
 
-go 1.17
+go 1.23
 
 require (
-	github.com/AlecAivazis/survey/v2 v2.3.2
-	github.com/BurntSushi/toml v0.3.1
-	github.com/cloudflare/circl v1.3.7
+	github.com/AlecAivazis/survey/v2 v2.3.7
+	github.com/BurntSushi/toml v1.4.0
+	github.com/cloudflare/circl v1.5.0
 	github.com/dkales/dpf-go v0.0.0-20210304170054-6eae87348848
-	github.com/golang/protobuf v1.5.3
 	github.com/lukechampine/fastxor v0.0.0-20210322201628-b664bed5a5cc
 	github.com/nikirill/go-crypto v0.0.0-20210204153324-694bf46cc691
-	github.com/stretchr/testify v1.7.1
-	golang.org/x/crypto v0.21.0
-	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1
-	google.golang.org/grpc v1.56.3
-	google.golang.org/protobuf v1.33.0
-	lukechampine.com/blake3 v1.1.7
-	lukechampine.com/uint128 v1.2.0
+	github.com/stretchr/testify v1.10.0
+	golang.org/x/crypto v0.29.0
+	golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da
+	google.golang.org/grpc v1.68.0
+	google.golang.org/protobuf v1.35.2
+	lukechampine.com/blake3 v1.3.0
+	lukechampine.com/uint128 v1.3.0
 )
 
 require (
 	github.com/bwesterb/go-ristretto v1.2.3 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
-	github.com/klauspost/cpuid/v2 v2.0.9 // indirect
-	github.com/kr/text v0.2.0 // indirect
-	github.com/mattn/go-colorable v0.1.2 // indirect
-	github.com/mattn/go-isatty v0.0.8 // indirect
-	github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b // indirect
+	github.com/klauspost/cpuid/v2 v2.2.9 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	golang.org/x/net v0.23.0 // indirect
-	golang.org/x/sys v0.18.0 // indirect
-	golang.org/x/term v0.18.0 // indirect
-	golang.org/x/text v0.14.0 // indirect
-	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
-	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
-	gopkg.in/yaml.v3 v3.0.0 // indirect
+	golang.org/x/net v0.31.0 // indirect
+	golang.org/x/sys v0.27.0 // indirect
+	golang.org/x/term v0.26.0 // indirect
+	golang.org/x/text v0.20.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 )