lokinet/llarp/config/key_manager.hpp

#pragma once

#include <atomic>
#include "config.hpp"
#include <llarp/crypto/types.hpp>
#include <llarp/router_contact.hpp>

namespace llarp
{
  /// KeyManager manages the cryptographic keys stored on disk for the local
  /// node. This includes private keys as well as the self-signed router contact
  /// file (e.g. "self.signed").
  ///
  /// Keys are either read from disk if they exist and are valid (see below) or
  /// are generated and written to disk.
  ///
  /// In addition, the KeyManager detects when the keys obsolete (e.g. as a
  /// result of a software upgrade) and backs up existing keys before writing
  /// out new ones.
  struct KeyManager
  {
    /// Utility function to backup a file by moving it. Attempts to find a new
    /// filename based on the original that doesn't exist, then moves it. The
    /// pattern used is originalFile.N.bak where N is the lowest integer
    /// matching a filename that doesn't exist.
    ///
    /// @param filepath is the name of the original file to backup.
    /// @return true if the file could be moved or didn't exist, false otherwise
    static bool
    backupFileByMoving(const fs::path& filepath);

    /// Constructor
    KeyManager();

    /// Initializes keys using the provided config, loading from disk
    ///
    /// NOTE: Must be called prior to obtaining any keys.
    /// NOTE: blocks on I/O
    ///
    /// @param config should be a prepared config object
    /// @param genIfAbsent determines whether or not we will create files if they
    ///        do not exist.
    /// @param isSNode
    /// @return true on success, false otherwise
    bool
    initialize(const llarp::Config& config, bool genIfAbsent, bool isSNode);

    /// Obtain the self-signed RouterContact
    ///
    /// @param rc (out) will be modified to contian the RouterContact
    /// @return true on success, false otherwise
    bool
    getRouterContact(llarp::RouterContact& rc) const;

    /// Return whether or not we need to backup keys as we load them
    bool
    needBackup() const
    {
      return m_needBackup;
    }

    llarp::SecretKey identityKey;
    llarp::SecretKey encryptionKey;
    llarp::SecretKey transportKey;

    fs::path m_rcPath;
    fs::path m_idKeyPath;
    fs::path m_encKeyPath;
    fs::path m_transportKeyPath;

   private:
    std::atomic_bool m_initialized;
    std::atomic_bool m_needBackup;

    /// Backup each key file (by copying, e.g. foo -> foo.bak)
    bool
    backupKeyFilesByMoving() const;

    /// Load the key at a given filepath or create it
    ///
    /// @param keygen is a function that will generate the key if needed
    static bool
    loadOrCreateKey(
        fs::path filepath,
        llarp::SecretKey& key,
        std::function<void(llarp::SecretKey& key)> keygen);
  };

}  // namespace llarp
standardize include format and pragma once All #ifndef guards on headers have been removed, I think, in favor of #pragma once Headers are now included as `#include "filename"` if the included file resides in the same directory as the file including it, or any subdirectory therein. Otherwise they are included as `#include <project/top/dir/relative/path/filename>` The above does not include system/os headers. 2021-03-09 22:24:35 +00:00			`#pragma once`
Stub out KeyManager class 2019-11-22 03:57:41 +00:00
Reorganize priv key file loading a bit and hook KeyManager into Router 2019-11-26 19:42:41 +00:00			`#include <atomic>`
standardize include format and pragma once All #ifndef guards on headers have been removed, I think, in favor of #pragma once Headers are now included as `#include "filename"` if the included file resides in the same directory as the file including it, or any subdirectory therein. Otherwise they are included as `#include <project/top/dir/relative/path/filename>` The above does not include system/os headers. 2021-03-09 22:24:35 +00:00			`#include "config.hpp"`
			`#include <llarp/crypto/types.hpp>`
			`#include <llarp/router_contact.hpp>`
Stub out KeyManager class 2019-11-22 03:57:41 +00:00
			`namespace llarp`
			`{`
Make format 2019-12-06 17:13:09 +00:00			`/// KeyManager manages the cryptographic keys stored on disk for the local`
			`/// node. This includes private keys as well as the self-signed router contact`
			`/// file (e.g. "self.signed").`
Stub out KeyManager class 2019-11-22 03:57:41 +00:00			`///`
Make format 2019-12-06 17:13:09 +00:00			`/// Keys are either read from disk if they exist and are valid (see below) or`
			`/// are generated and written to disk.`
			`///`
			`/// In addition, the KeyManager detects when the keys obsolete (e.g. as a`
			`/// result of a software upgrade) and backs up existing keys before writing`
			`/// out new ones.`
			`struct KeyManager`
			`{`
Backup SNApp keys when migrating to new ed25519 crypto 2019-12-06 18:21:14 +00:00			`/// Utility function to backup a file by moving it. Attempts to find a new`
			`/// filename based on the original that doesn't exist, then moves it. The`
			`/// pattern used is originalFile.N.bak where N is the lowest integer`
			`/// matching a filename that doesn't exist.`
			`///`
			`/// @param filepath is the name of the original file to backup.`
			`/// @return true if the file could be moved or didn't exist, false otherwise`
			`static bool`
Prefer fs::path over std::string @ KeyManager 2020-04-01 23:11:04 +00:00			`backupFileByMoving(const fs::path& filepath);`
Backup SNApp keys when migrating to new ed25519 crypto 2019-12-06 18:21:14 +00:00
Stub out KeyManager class 2019-11-22 03:57:41 +00:00			`/// Constructor`
Reorganize priv key file loading a bit and hook KeyManager into Router 2019-11-26 19:42:41 +00:00			`KeyManager();`
Stub out KeyManager class 2019-11-22 03:57:41 +00:00
initial working code 2020-05-20 11:41:42 +00:00			`/// Initializes keys using the provided config, loading from disk`
Stub out KeyManager class 2019-11-22 03:57:41 +00:00			`///`
			`/// NOTE: Must be called prior to obtaining any keys.`
Move lokid key API request to KeyManager 2019-12-03 19:32:19 +00:00			`/// NOTE: blocks on I/O`
Stub out KeyManager class 2019-11-22 03:57:41 +00:00			`///`
Reorganize priv key file loading a bit and hook KeyManager into Router 2019-11-26 19:42:41 +00:00			`/// @param config should be a prepared config object`
Testing: explicitly initialize variable 2020-05-18 17:17:25 +00:00			`/// @param genIfAbsent determines whether or not we will create files if they`
Stub out KeyManager class 2019-11-22 03:57:41 +00:00			`/// do not exist.`
Rename isRouter -> isSNode The isRouter wording was quite confusing, especially in a call such as: router->Configure(config, opts.isRouter, nodedb) 2021-03-23 19:00:46 +00:00			`/// @param isSNode`
Stub out KeyManager class 2019-11-22 03:57:41 +00:00			`/// @return true on success, false otherwise`
			`bool`
Rename isRouter -> isSNode The isRouter wording was quite confusing, especially in a call such as: router->Configure(config, opts.isRouter, nodedb) 2021-03-23 19:00:46 +00:00			`initialize(const llarp::Config& config, bool genIfAbsent, bool isSNode);`
Stub out KeyManager class 2019-11-22 03:57:41 +00:00
			`/// Obtain the self-signed RouterContact`
			`///`
			`/// @param rc (out) will be modified to contian the RouterContact`
			`/// @return true on success, false otherwise`
			`bool`
			`getRouterContact(llarp::RouterContact& rc) const;`

Backup SNApp keys when migrating to new ed25519 crypto 2019-12-06 18:21:14 +00:00			`/// Return whether or not we need to backup keys as we load them`
			`bool`
			`needBackup() const`
			`{`
			`return m_needBackup;`
			`}`

Avoid trivial getters/setters in KeyManager 2019-12-06 17:31:19 +00:00			`llarp::SecretKey identityKey;`
			`llarp::SecretKey encryptionKey;`
			`llarp::SecretKey transportKey;`

Prefer fs::path over std::string @ KeyManager 2020-04-01 23:11:04 +00:00			`fs::path m_rcPath;`
			`fs::path m_idKeyPath;`
			`fs::path m_encKeyPath;`
			`fs::path m_transportKeyPath;`
Let KeyManager assemble key filenames 2020-06-04 18:38:35 +00:00
			`private:`
Reorganize priv key file loading a bit and hook KeyManager into Router 2019-11-26 19:42:41 +00:00			`std::atomic_bool m_initialized;`
Backup SNApp keys when migrating to new ed25519 crypto 2019-12-06 18:21:14 +00:00			`std::atomic_bool m_needBackup;`
Reorganize priv key file loading a bit and hook KeyManager into Router 2019-11-26 19:42:41 +00:00
Implement code to move old key files out of the way 2019-11-22 23:11:59 +00:00			`/// Backup each key file (by copying, e.g. foo -> foo.bak)`
			`bool`
			`backupKeyFilesByMoving() const;`
Reorganize priv key file loading a bit and hook KeyManager into Router 2019-11-26 19:42:41 +00:00
			`/// Load the key at a given filepath or create it`
			`///`
			`/// @param keygen is a function that will generate the key if needed`
			`static bool`
Re-apply clang-format rules after rebasing 2020-04-07 20:41:11 +00:00			`loadOrCreateKey(`
key manager should throw on failures 2020-10-30 19:51:22 +00:00			`fs::path filepath,`
Re-apply clang-format rules after rebasing 2020-04-07 20:41:11 +00:00			`llarp::SecretKey& key,`
			`std::function<void(llarp::SecretKey& key)> keygen);`
Stub out KeyManager class 2019-11-22 03:57:41 +00:00			`};`

			`} // namespace llarp`