lokinet/llarp/crypto/types.cpp

#include "types.hpp"

#include <llarp/router_id.hpp>
#include <llarp/util/buffer.hpp>
#include <llarp/util/file.hpp>

#include <oxenc/hex.h>
#include <sodium/crypto_hash_sha512.h>
#include <sodium/crypto_scalarmult_ed25519.h>

namespace llarp
{
  bool
  PubKey::FromString(const std::string& str)
  {
    if (str.size() != 2 * size())
      return false;
    oxenc::from_hex(str.begin(), str.end(), begin());
    return true;
  }

  PubKey
  PubKey::from_string(const std::string& s)
  {
    PubKey p;
    oxenc::from_hex(s.begin(), s.end(), p.begin());
    return p;
  }

  std::string
  PubKey::ToString() const
  {
    return oxenc::to_hex(begin(), end());
  }

  PubKey::operator RouterID() const
  {
    return {as_array()};
  }

  PubKey&
  PubKey::operator=(const byte_t* ptr)
  {
    std::copy(ptr, ptr + SIZE, begin());
    return *this;
  }

  bool
  operator==(const PubKey& lhs, const PubKey& rhs)
  {
    return lhs.as_array() == rhs.as_array();
  }

  bool
  operator==(const PubKey& lhs, const RouterID& rhs)
  {
    return lhs.as_array() == rhs.as_array();
  }

  bool
  operator==(const RouterID& lhs, const PubKey& rhs)
  {
    return lhs.as_array() == rhs.as_array();
  }

  bool
  SecretKey::LoadFromFile(const fs::path& fname)
  {
    size_t sz;
    std::array<byte_t, 128> tmp;
    try
    {
      sz = util::file_to_buffer(fname, tmp.data(), tmp.size());
    }
    catch (const std::exception&)
    {
      return false;
    }

    if (sz == size())
    {
      // is raw buffer
      std::copy_n(tmp.begin(), sz, begin());
      return true;
    }

    llarp_buffer_t buf(tmp);
    return BDecode(&buf);
  }

  bool
  SecretKey::Recalculate()
  {
    PrivateKey key;
    PubKey pubkey;
    if (!toPrivate(key) || !key.toPublic(pubkey))
      return false;
    std::memcpy(data() + 32, pubkey.data(), 32);
    return true;
  }

  bool
  SecretKey::toPrivate(PrivateKey& key) const
  {
    // Ed25519 calculates a 512-bit hash from the seed; the first half (clamped)
    // is the private key; the second half is the hash that gets used in
    // signing.
    unsigned char h[crypto_hash_sha512_BYTES];
    if (crypto_hash_sha512(h, data(), 32) < 0)
      return false;
    h[0] &= 248;
    h[31] &= 63;
    h[31] |= 64;
    std::memcpy(key.data(), h, 64);
    return true;
  }

  bool
  PrivateKey::toPublic(PubKey& pubkey) const
  {
    return crypto_scalarmult_ed25519_base_noclamp(pubkey.data(), data()) != -1;
  }

  bool
  SecretKey::SaveToFile(const fs::path& fname) const
  {
    std::string tmp(128, 0);
    llarp_buffer_t buf(tmp);
    if (!bt_encode(&buf))
      return false;

    tmp.resize(buf.cur - buf.base);
    try
    {
      util::dump_file(fname, tmp);
    }
    catch (const std::exception&)
    {
      return false;
    }

    return true;
  }
}  // namespace llarp
standardize include format and pragma once All #ifndef guards on headers have been removed, I think, in favor of #pragma once Headers are now included as `#include "filename"` if the included file resides in the same directory as the file including it, or any subdirectory therein. Otherwise they are included as `#include <project/top/dir/relative/path/filename>` The above does not include system/os headers. 2021-03-09 22:24:35 +00:00			`#include "types.hpp"`
Split crypto.hpp into 3 different files 2019-01-13 16:30:07 +00:00
RC refactor layout - Local and Remote RC's now implemented with discrete functionalities and uses 2023-10-31 20:49:01 +00:00			`#include <llarp/router_id.hpp>`
standardize include format and pragma once All #ifndef guards on headers have been removed, I think, in favor of #pragma once Headers are now included as `#include "filename"` if the included file resides in the same directory as the file including it, or any subdirectory therein. Otherwise they are included as `#include <project/top/dir/relative/path/filename>` The above does not include system/os headers. 2021-03-09 22:24:35 +00:00			`#include <llarp/util/buffer.hpp>`
Add binary file slurp/dump utility functions We have basically this same bit of code in tons of places; consolidate it into llarp::util::slurp_file/llarp::util::dump_file. Also renames all the extra junk that crept into llarp/util/fs.hpp out of there into llarp/util/file.hpp instead. 2022-10-05 18:05:25 +00:00			`#include <llarp/util/file.hpp>`
Clang format include sorting + CMake - includes are now sorted in consistent, logical order; first step in an attempt to fix the tomfoolery (no relation to Tom) brought in by include-what-you-use - shuffled around some cmake linking to simplify dependency graph - superfluous files removed 2023-10-24 13:18:03 +00:00
Crank oxen-mq to (1.2.)11; switch to oxen-encoding - Update oxen-mq submodule to latest stable - Add oxen-encoding submodule - Convert all oxenmq encoding usage to oxenc - Modernize cmake handling of oxenmq/oxenc 2022-02-17 18:44:31 +00:00			`#include <oxenc/hex.h>`
Clang format include sorting + CMake - includes are now sorted in consistent, logical order; first step in an attempt to fix the tomfoolery (no relation to Tom) brought in by include-what-you-use - shuffled around some cmake linking to simplify dependency graph - superfluous files removed 2023-10-24 13:18:03 +00:00			`#include <sodium/crypto_hash_sha512.h>`
			`#include <sodium/crypto_scalarmult_ed25519.h>`
nodedb refactor * bump zmq static dep * lokimq -> oxenmq * llarp_nodedb -> llarp::NodeDB * remove all crufty api parts of NodeDB * make NodeDB rc selection api not suck * make path builder api not suck * propagate all above changes so that unit tests work and it all compiles 2021-02-02 14:35:40 +00:00
Split crypto.hpp into 3 different files 2019-01-13 16:30:07 +00:00			`namespace llarp`
			`{`
			`bool`
			`PubKey::FromString(const std::string& str)`
			`{`
Use lokimq's hex/base32z encoding/decoding 2020-06-29 21:46:25 +00:00			`if (str.size() != 2 * size())`
			`return false;`
Crank oxen-mq to (1.2.)11; switch to oxen-encoding - Update oxen-mq submodule to latest stable - Add oxen-encoding submodule - Convert all oxenmq encoding usage to oxenc - Modernize cmake handling of oxenmq/oxenc 2022-02-17 18:44:31 +00:00			`oxenc::from_hex(str.begin(), str.end(), begin());`
Use lokimq's hex/base32z encoding/decoding 2020-06-29 21:46:25 +00:00			`return true;`
Split crypto.hpp into 3 different files 2019-01-13 16:30:07 +00:00			`}`

Message method implementation continued - tons of surrounding stupid refactoring required 2023-09-29 21:00:13 +00:00			`PubKey`
			`PubKey::from_string(const std::string& s)`
			`{`
			`PubKey p;`
			`oxenc::from_hex(s.begin(), s.end(), p.begin());`
			`return p;`
			`}`

Split crypto.hpp into 3 different files 2019-01-13 16:30:07 +00:00			`std::string`
			`PubKey::ToString() const`
			`{`
Crank oxen-mq to (1.2.)11; switch to oxen-encoding - Update oxen-mq submodule to latest stable - Add oxen-encoding submodule - Convert all oxenmq encoding usage to oxenc - Modernize cmake handling of oxenmq/oxenc 2022-02-17 18:44:31 +00:00			`return oxenc::to_hex(begin(), end());`
Split crypto.hpp into 3 different files 2019-01-13 16:30:07 +00:00			`}`

RC refactor layout - Local and Remote RC's now implemented with discrete functionalities and uses 2023-10-31 20:49:01 +00:00			`PubKey::operator RouterID() const`
			`{`
			`return {as_array()};`
			`}`

			`PubKey&`
			`PubKey::operator=(const byte_t* ptr)`
			`{`
			`std::copy(ptr, ptr + SIZE, begin());`
			`return *this;`
			`}`

			`bool`
			`operator==(const PubKey& lhs, const PubKey& rhs)`
			`{`
			`return lhs.as_array() == rhs.as_array();`
			`}`

			`bool`
			`operator==(const PubKey& lhs, const RouterID& rhs)`
			`{`
			`return lhs.as_array() == rhs.as_array();`
			`}`

			`bool`
			`operator==(const RouterID& lhs, const PubKey& rhs)`
			`{`
			`return lhs.as_array() == rhs.as_array();`
			`}`

Split crypto.hpp into 3 different files 2019-01-13 16:30:07 +00:00			`bool`
remove some string conversions entirely 2020-05-27 03:42:01 +00:00			`SecretKey::LoadFromFile(const fs::path& fname)`
Split crypto.hpp into 3 different files 2019-01-13 16:30:07 +00:00			`{`
Add binary file slurp/dump utility functions We have basically this same bit of code in tons of places; consolidate it into llarp::util::slurp_file/llarp::util::dump_file. Also renames all the extra junk that crept into llarp/util/fs.hpp out of there into llarp/util/file.hpp instead. 2022-10-05 18:05:25 +00:00			`size_t sz;`
			`std::array<byte_t, 128> tmp;`
			`try`
			`{`
RC refactor layout - Local and Remote RC's now implemented with discrete functionalities and uses 2023-10-31 20:49:01 +00:00			`sz = util::file_to_buffer(fname, tmp.data(), tmp.size());`
Add binary file slurp/dump utility functions We have basically this same bit of code in tons of places; consolidate it into llarp::util::slurp_file/llarp::util::dump_file. Also renames all the extra junk that crept into llarp/util/fs.hpp out of there into llarp/util/file.hpp instead. 2022-10-05 18:05:25 +00:00			`}`
			`catch (const std::exception&)`
Split crypto.hpp into 3 different files 2019-01-13 16:30:07 +00:00			`{`
			`return false;`
			`}`
Add tests for crypto/types 2019-01-15 00:42:50 +00:00
The Great Wall of Blame This commit reflects changes to clang-format rules. Unfortunately, these rule changes create a massive change to the codebase, which causes an apparent rewrite of git history. Git blame's --ignore-rev flag can be used to ignore this commit when attempting to `git blame` some code. 2020-04-07 18:38:56 +00:00			`if (sz == size())`
Split crypto.hpp into 3 different files 2019-01-13 16:30:07 +00:00			`{`
			`// is raw buffer`
Add binary file slurp/dump utility functions We have basically this same bit of code in tons of places; consolidate it into llarp::util::slurp_file/llarp::util::dump_file. Also renames all the extra junk that crept into llarp/util/fs.hpp out of there into llarp/util/file.hpp instead. 2022-10-05 18:05:25 +00:00			`std::copy_n(tmp.begin(), sz, begin());`
Split crypto.hpp into 3 different files 2019-01-13 16:30:07 +00:00			`return true;`
			`}`
Add binary file slurp/dump utility functions We have basically this same bit of code in tons of places; consolidate it into llarp::util::slurp_file/llarp::util::dump_file. Also renames all the extra junk that crept into llarp/util/fs.hpp out of there into llarp/util/file.hpp instead. 2022-10-05 18:05:25 +00:00
Create CopyableBuffer type 2019-02-02 23:12:42 +00:00			`llarp_buffer_t buf(tmp);`
Split crypto.hpp into 3 different files 2019-01-13 16:30:07 +00:00			`return BDecode(&buf);`
			`}`

initial dht key blinding 2020-01-27 21:30:41 +00:00			`bool`
			`SecretKey::Recalculate()`
			`{`
Fix Recalculate() Recalculate did what should have been the right thing but wasn't because of libsodium's mislabelling the "seed" as the secret key. 2020-01-30 16:38:39 +00:00			`PrivateKey key;`
			`PubKey pubkey;`
The Great Wall of Blame This commit reflects changes to clang-format rules. Unfortunately, these rule changes create a massive change to the codebase, which causes an apparent rewrite of git history. Git blame's --ignore-rev flag can be used to ignore this commit when attempting to `git blame` some code. 2020-04-07 18:38:56 +00:00			`if (!toPrivate(key) \|\| !key.toPublic(pubkey))`
Fix Recalculate() Recalculate did what should have been the right thing but wasn't because of libsodium's mislabelling the "seed" as the secret key. 2020-01-30 16:38:39 +00:00			`return false;`
			`std::memcpy(data() + 32, pubkey.data(), 32);`
			`return true;`
initial dht key blinding 2020-01-27 21:30:41 +00:00			`}`

Derived key fixes The reason things weren't working here is because libsodium does something completely unintuitive and called the seed the "secret key" when it isn't, it's the seed. This adds a new PrivateKey class (alongside the existing SecretKey and PubKey) that holds just a private key value but no seed -- which we need to do because there is no way we can get a seed after calculating a derived keypair. With these changes, we now generate exactly the same keys and subkeys as Tor (and a new test case uses values generated in Tor to verify this). This is incomplete -- the subkey signing code is still not implemented; it has to be adapted to create a signature from a PrivateKey rather than a SecretKey which will probably requiring working around/reimplementing some of what libsodium does for creating a signature since it expects "secret keys" i.e. the seed. 2020-01-30 16:34:05 +00:00			`bool`
			`SecretKey::toPrivate(PrivateKey& key) const`
			`{`
make format 😠 🤮 2020-01-31 21:05:50 +00:00			`// Ed25519 calculates a 512-bit hash from the seed; the first half (clamped)`
			`// is the private key; the second half is the hash that gets used in`
			`// signing.`
Derived key fixes The reason things weren't working here is because libsodium does something completely unintuitive and called the seed the "secret key" when it isn't, it's the seed. This adds a new PrivateKey class (alongside the existing SecretKey and PubKey) that holds just a private key value but no seed -- which we need to do because there is no way we can get a seed after calculating a derived keypair. With these changes, we now generate exactly the same keys and subkeys as Tor (and a new test case uses values generated in Tor to verify this). This is incomplete -- the subkey signing code is still not implemented; it has to be adapted to create a signature from a PrivateKey rather than a SecretKey which will probably requiring working around/reimplementing some of what libsodium does for creating a signature since it expects "secret keys" i.e. the seed. 2020-01-30 16:34:05 +00:00			`unsigned char h[crypto_hash_sha512_BYTES];`
The Great Wall of Blame This commit reflects changes to clang-format rules. Unfortunately, these rule changes create a massive change to the codebase, which causes an apparent rewrite of git history. Git blame's --ignore-rev flag can be used to ignore this commit when attempting to `git blame` some code. 2020-04-07 18:38:56 +00:00			`if (crypto_hash_sha512(h, data(), 32) < 0)`
Derived key fixes The reason things weren't working here is because libsodium does something completely unintuitive and called the seed the "secret key" when it isn't, it's the seed. This adds a new PrivateKey class (alongside the existing SecretKey and PubKey) that holds just a private key value but no seed -- which we need to do because there is no way we can get a seed after calculating a derived keypair. With these changes, we now generate exactly the same keys and subkeys as Tor (and a new test case uses values generated in Tor to verify this). This is incomplete -- the subkey signing code is still not implemented; it has to be adapted to create a signature from a PrivateKey rather than a SecretKey which will probably requiring working around/reimplementing some of what libsodium does for creating a signature since it expects "secret keys" i.e. the seed. 2020-01-30 16:34:05 +00:00			`return false;`
			`h[0] &= 248;`
			`h[31] &= 63;`
			`h[31] \|= 64;`
Use hash instead of random for signing hash data This makes PrivateKey store both the key followed by the hash. For PrivateKeys based on SecretKeys this just means the second half of the SHA-512 of the seed, and makes a PrivateKey constructed from a SecretKey give an identical signature to signing directly with sodium. For derived keys we use a ShortHash of the root key's signing hash concatenated with the publicly known hash value, so that our derived key signing hash will be different from the root signing hash and also different for different derivation parameters. This also changed one of the asserts in crypto_noop, but upon closer inspection the copying of the secret key into the signature seems really wrong, so just changed them to fill with 0s. 2020-01-31 20:38:08 +00:00			`std::memcpy(key.data(), h, 64);`
Derived key fixes The reason things weren't working here is because libsodium does something completely unintuitive and called the seed the "secret key" when it isn't, it's the seed. This adds a new PrivateKey class (alongside the existing SecretKey and PubKey) that holds just a private key value but no seed -- which we need to do because there is no way we can get a seed after calculating a derived keypair. With these changes, we now generate exactly the same keys and subkeys as Tor (and a new test case uses values generated in Tor to verify this). This is incomplete -- the subkey signing code is still not implemented; it has to be adapted to create a signature from a PrivateKey rather than a SecretKey which will probably requiring working around/reimplementing some of what libsodium does for creating a signature since it expects "secret keys" i.e. the seed. 2020-01-30 16:34:05 +00:00			`return true;`
			`}`

			`bool`
			`PrivateKey::toPublic(PubKey& pubkey) const`
			`{`
			`return crypto_scalarmult_ed25519_base_noclamp(pubkey.data(), data()) != -1;`
			`}`

Split crypto.hpp into 3 different files 2019-01-13 16:30:07 +00:00			`bool`
remove some string conversions entirely 2020-05-27 03:42:01 +00:00			`SecretKey::SaveToFile(const fs::path& fname) const`
Split crypto.hpp into 3 different files 2019-01-13 16:30:07 +00:00			`{`
Add binary file slurp/dump utility functions We have basically this same bit of code in tons of places; consolidate it into llarp::util::slurp_file/llarp::util::dump_file. Also renames all the extra junk that crept into llarp/util/fs.hpp out of there into llarp/util/file.hpp instead. 2022-10-05 18:05:25 +00:00			`std::string tmp(128, 0);`
Create CopyableBuffer type 2019-02-02 23:12:42 +00:00			`llarp_buffer_t buf(tmp);`
More message refactoring - routing messages and surrounding code - shim code in place for iteration and optimization after deciding what to do with buffer, string handling, and subsequent function calls 2023-08-31 16:28:02 +00:00			`if (!bt_encode(&buf))`
Split crypto.hpp into 3 different files 2019-01-13 16:30:07 +00:00			`return false;`
Add binary file slurp/dump utility functions We have basically this same bit of code in tons of places; consolidate it into llarp::util::slurp_file/llarp::util::dump_file. Also renames all the extra junk that crept into llarp/util/fs.hpp out of there into llarp/util/file.hpp instead. 2022-10-05 18:05:25 +00:00
			`tmp.resize(buf.cur - buf.base);`
			`try`
			`{`
			`util::dump_file(fname, tmp);`
Split crypto.hpp into 3 different files 2019-01-13 16:30:07 +00:00			`}`
Add binary file slurp/dump utility functions We have basically this same bit of code in tons of places; consolidate it into llarp::util::slurp_file/llarp::util::dump_file. Also renames all the extra junk that crept into llarp/util/fs.hpp out of there into llarp/util/file.hpp instead. 2022-10-05 18:05:25 +00:00			`catch (const std::exception&)`
			`{`
Split crypto.hpp into 3 different files 2019-01-13 16:30:07 +00:00			`return false;`
Add binary file slurp/dump utility functions We have basically this same bit of code in tons of places; consolidate it into llarp::util::slurp_file/llarp::util::dump_file. Also renames all the extra junk that crept into llarp/util/fs.hpp out of there into llarp/util/file.hpp instead. 2022-10-05 18:05:25 +00:00			`}`
Split crypto.hpp into 3 different files 2019-01-13 16:30:07 +00:00
add initial identity key seed stuff add more kubernetes stuff make shared library installed if built 2019-01-21 15:45:18 +00:00			`return true;`
			`}`
Split crypto.hpp into 3 different files 2019-01-13 16:30:07 +00:00			`} // namespace llarp`