2021-03-09 22:24:35 +00:00
|
|
|
#include "identity.hpp"
|
2019-01-11 00:12:43 +00:00
|
|
|
|
2021-03-09 22:24:35 +00:00
|
|
|
#include <llarp/crypto/crypto.hpp>
|
|
|
|
#include <llarp/util/fs.hpp>
|
2020-01-27 21:30:41 +00:00
|
|
|
#include <sodium/crypto_sign_ed25519.h>
|
2019-01-11 00:12:43 +00:00
|
|
|
|
|
|
|
namespace llarp
|
|
|
|
{
|
|
|
|
namespace service
|
|
|
|
{
|
|
|
|
bool
|
|
|
|
Identity::BEncode(llarp_buffer_t* buf) const
|
|
|
|
{
|
2020-04-07 18:38:56 +00:00
|
|
|
if (!bencode_start_dict(buf))
|
2019-01-11 00:12:43 +00:00
|
|
|
return false;
|
2020-04-07 18:38:56 +00:00
|
|
|
if (!BEncodeWriteDictEntry("s", signkey, buf))
|
2019-01-11 00:12:43 +00:00
|
|
|
return false;
|
2020-04-07 18:38:56 +00:00
|
|
|
if (!BEncodeWriteDictInt("v", version, buf))
|
2019-01-11 00:12:43 +00:00
|
|
|
return false;
|
|
|
|
return bencode_end(buf);
|
|
|
|
}
|
|
|
|
|
|
|
|
bool
|
2019-02-01 01:58:06 +00:00
|
|
|
Identity::DecodeKey(const llarp_buffer_t& key, llarp_buffer_t* buf)
|
2019-01-11 00:12:43 +00:00
|
|
|
{
|
|
|
|
bool read = false;
|
2020-04-07 18:38:56 +00:00
|
|
|
if (!BEncodeMaybeReadDictEntry("s", signkey, read, key, buf))
|
2019-01-11 00:12:43 +00:00
|
|
|
return false;
|
2020-04-07 18:38:56 +00:00
|
|
|
if (!BEncodeMaybeReadDictInt("v", version, read, key, buf))
|
2019-01-11 00:12:43 +00:00
|
|
|
return false;
|
2020-09-29 13:26:45 +00:00
|
|
|
if (not read)
|
|
|
|
return bencode_discard(buf);
|
|
|
|
return true;
|
2019-01-11 00:12:43 +00:00
|
|
|
}
|
|
|
|
|
2020-09-28 15:15:07 +00:00
|
|
|
void
|
|
|
|
Identity::Clear()
|
|
|
|
{
|
|
|
|
signkey.Zero();
|
|
|
|
enckey.Zero();
|
|
|
|
pq.Zero();
|
|
|
|
derivedSignKey.Zero();
|
|
|
|
vanity.Zero();
|
|
|
|
}
|
|
|
|
|
2019-01-11 00:12:43 +00:00
|
|
|
void
|
2019-05-28 19:45:08 +00:00
|
|
|
Identity::RegenerateKeys()
|
2019-01-11 00:12:43 +00:00
|
|
|
{
|
2019-05-28 19:45:08 +00:00
|
|
|
auto crypto = CryptoManager::instance();
|
2019-01-11 00:12:43 +00:00
|
|
|
crypto->identity_keygen(signkey);
|
2020-02-03 22:20:56 +00:00
|
|
|
crypto->encryption_keygen(enckey);
|
|
|
|
pub.Update(seckey_topublic(signkey), seckey_topublic(enckey));
|
2019-01-11 00:12:43 +00:00
|
|
|
crypto->pqe_keygen(pq);
|
2020-04-07 18:38:56 +00:00
|
|
|
if (not crypto->derive_subkey_private(derivedSignKey, signkey, 1))
|
2020-01-28 21:55:36 +00:00
|
|
|
{
|
2020-09-28 15:15:07 +00:00
|
|
|
throw std::runtime_error("failed to derive subkey");
|
2020-01-28 21:55:36 +00:00
|
|
|
}
|
2019-01-11 00:12:43 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
bool
|
2020-04-07 18:38:56 +00:00
|
|
|
Identity::KeyExchange(
|
|
|
|
path_dh_func dh,
|
|
|
|
SharedSecret& result,
|
|
|
|
const ServiceInfo& other,
|
|
|
|
const KeyExchangeNonce& N) const
|
2019-01-11 00:12:43 +00:00
|
|
|
{
|
|
|
|
return dh(result, other.EncryptionPublicKey(), enckey, N);
|
|
|
|
}
|
|
|
|
|
|
|
|
bool
|
2019-05-28 19:45:08 +00:00
|
|
|
Identity::Sign(Signature& sig, const llarp_buffer_t& buf) const
|
2019-01-11 00:12:43 +00:00
|
|
|
{
|
2019-05-28 19:45:08 +00:00
|
|
|
return CryptoManager::instance()->sign(sig, signkey, buf);
|
2019-01-11 00:12:43 +00:00
|
|
|
}
|
|
|
|
|
2020-09-22 19:04:31 +00:00
|
|
|
void
|
2020-09-23 11:05:37 +00:00
|
|
|
Identity::EnsureKeys(fs::path fname, bool needBackup)
|
2019-01-11 00:12:43 +00:00
|
|
|
{
|
2020-09-28 15:15:07 +00:00
|
|
|
// make sure we are empty
|
|
|
|
Clear();
|
|
|
|
|
2020-04-07 18:38:56 +00:00
|
|
|
std::array<byte_t, 4096> tmp;
|
2019-02-02 23:12:42 +00:00
|
|
|
llarp_buffer_t buf(tmp);
|
2019-12-06 18:21:14 +00:00
|
|
|
|
2020-09-22 19:04:31 +00:00
|
|
|
// this can throw
|
|
|
|
bool exists = fs::exists(fname);
|
2019-12-06 18:21:14 +00:00
|
|
|
|
2020-04-07 18:38:56 +00:00
|
|
|
if (exists and needBackup)
|
2019-12-06 18:21:14 +00:00
|
|
|
{
|
|
|
|
KeyManager::backupFileByMoving(fname);
|
|
|
|
exists = false;
|
|
|
|
}
|
|
|
|
|
2019-01-11 00:12:43 +00:00
|
|
|
// check for file
|
2020-04-07 18:38:56 +00:00
|
|
|
if (!exists)
|
2019-01-11 00:12:43 +00:00
|
|
|
{
|
|
|
|
// regen and encode
|
2019-05-28 19:45:08 +00:00
|
|
|
RegenerateKeys();
|
2020-04-07 18:38:56 +00:00
|
|
|
if (!BEncode(&buf))
|
2020-09-22 19:04:31 +00:00
|
|
|
throw std::length_error("failed to encode new identity");
|
2019-01-11 00:12:43 +00:00
|
|
|
// rewind
|
2020-04-07 18:38:56 +00:00
|
|
|
buf.sz = buf.cur - buf.base;
|
2019-01-11 00:12:43 +00:00
|
|
|
buf.cur = buf.base;
|
|
|
|
// write
|
2020-04-07 18:38:56 +00:00
|
|
|
auto optional_f = util::OpenFileStream<std::ofstream>(fname, std::ios::binary);
|
|
|
|
if (!optional_f)
|
2022-07-16 00:41:14 +00:00
|
|
|
throw std::runtime_error{fmt::format("can not open {}", fname)};
|
2020-05-20 19:46:08 +00:00
|
|
|
auto& f = *optional_f;
|
2020-04-07 18:38:56 +00:00
|
|
|
if (!f.is_open())
|
2022-07-16 00:41:14 +00:00
|
|
|
throw std::runtime_error{fmt::format("did not open {}", fname)};
|
2019-01-11 00:12:43 +00:00
|
|
|
f.write((char*)buf.cur, buf.sz);
|
|
|
|
}
|
2019-05-18 17:34:07 +00:00
|
|
|
|
2020-09-22 19:04:31 +00:00
|
|
|
if (not fs::is_regular_file(fname))
|
2019-05-18 17:34:07 +00:00
|
|
|
{
|
2022-07-16 00:41:14 +00:00
|
|
|
throw std::invalid_argument{fmt::format("{} is not a regular file", fname)};
|
2019-05-18 17:34:07 +00:00
|
|
|
}
|
|
|
|
|
2019-01-11 00:12:43 +00:00
|
|
|
// read file
|
|
|
|
std::ifstream inf(fname, std::ios::binary);
|
|
|
|
inf.seekg(0, std::ios::end);
|
|
|
|
size_t sz = inf.tellg();
|
|
|
|
inf.seekg(0, std::ios::beg);
|
|
|
|
|
2020-04-07 18:38:56 +00:00
|
|
|
if (sz > sizeof(tmp))
|
2020-09-22 19:04:31 +00:00
|
|
|
throw std::length_error("service identity too big");
|
2019-01-11 00:12:43 +00:00
|
|
|
// decode
|
|
|
|
inf.read((char*)buf.base, sz);
|
2020-04-07 18:38:56 +00:00
|
|
|
if (!bencode_decode_dict(*this, &buf))
|
2020-09-22 19:04:31 +00:00
|
|
|
throw std::length_error("could not decode service identity");
|
2019-01-11 00:12:43 +00:00
|
|
|
|
2020-09-28 15:15:07 +00:00
|
|
|
auto crypto = CryptoManager::instance();
|
|
|
|
|
|
|
|
// ensure that the encryption key is set
|
|
|
|
if (enckey.IsZero())
|
|
|
|
crypto->encryption_keygen(enckey);
|
|
|
|
|
|
|
|
// also ensure the ntru key is set
|
|
|
|
if (pq.IsZero())
|
|
|
|
crypto->pqe_keygen(pq);
|
|
|
|
|
2020-05-20 19:46:08 +00:00
|
|
|
std::optional<VanityNonce> van;
|
2020-04-07 18:38:56 +00:00
|
|
|
if (!vanity.IsZero())
|
2019-01-11 00:12:43 +00:00
|
|
|
van = vanity;
|
|
|
|
// update pubkeys
|
2020-02-03 22:20:56 +00:00
|
|
|
pub.Update(seckey_topublic(signkey), seckey_topublic(enckey), van);
|
2020-09-22 19:04:31 +00:00
|
|
|
if (not crypto->derive_subkey_private(derivedSignKey, signkey, 1))
|
|
|
|
{
|
|
|
|
throw std::runtime_error("failed to derive subkey");
|
|
|
|
}
|
2019-01-11 00:12:43 +00:00
|
|
|
}
|
|
|
|
|
2020-05-01 19:51:15 +00:00
|
|
|
std::optional<EncryptedIntroSet>
|
2020-04-07 18:38:56 +00:00
|
|
|
Identity::EncryptAndSignIntroSet(const IntroSet& other_i, llarp_time_t now) const
|
2019-01-11 00:12:43 +00:00
|
|
|
{
|
2020-01-27 21:30:41 +00:00
|
|
|
EncryptedIntroSet encrypted;
|
|
|
|
|
2021-04-14 15:07:06 +00:00
|
|
|
if (other_i.intros.empty())
|
|
|
|
return std::nullopt;
|
|
|
|
IntroSet i{other_i};
|
2020-01-27 21:30:41 +00:00
|
|
|
encrypted.nounce.Randomize();
|
2019-01-11 00:12:43 +00:00
|
|
|
// set timestamp
|
|
|
|
// TODO: round to nearest 1000 ms
|
2021-04-14 15:07:06 +00:00
|
|
|
i.timestampSignedAt = now;
|
2020-01-27 21:30:41 +00:00
|
|
|
encrypted.signedAt = now;
|
2019-01-11 00:12:43 +00:00
|
|
|
// set service info
|
2021-04-14 15:07:06 +00:00
|
|
|
i.addressKeys = pub;
|
2019-01-11 00:12:43 +00:00
|
|
|
// set public encryption key
|
2021-04-14 15:07:06 +00:00
|
|
|
i.sntrupKey = pq_keypair_to_public(pq);
|
2020-04-07 18:38:56 +00:00
|
|
|
std::array<byte_t, MAX_INTROSET_SIZE> tmp;
|
2021-04-14 15:07:06 +00:00
|
|
|
llarp_buffer_t buf{tmp};
|
2020-04-07 18:38:56 +00:00
|
|
|
if (not i.BEncode(&buf))
|
2021-04-14 15:07:06 +00:00
|
|
|
return std::nullopt;
|
2019-01-11 00:12:43 +00:00
|
|
|
// rewind and resize buffer
|
2020-04-07 18:38:56 +00:00
|
|
|
buf.sz = buf.cur - buf.base;
|
2019-01-11 00:12:43 +00:00
|
|
|
buf.cur = buf.base;
|
2021-04-14 15:07:06 +00:00
|
|
|
const SharedSecret k{i.addressKeys.Addr()};
|
2020-01-27 21:30:41 +00:00
|
|
|
CryptoManager::instance()->xchacha20(buf, k, encrypted.nounce);
|
2021-04-14 15:07:06 +00:00
|
|
|
encrypted.introsetPayload = buf.copy();
|
|
|
|
|
2020-04-07 18:38:56 +00:00
|
|
|
if (not encrypted.Sign(derivedSignKey))
|
2021-04-14 15:07:06 +00:00
|
|
|
return std::nullopt;
|
2020-01-27 21:30:41 +00:00
|
|
|
return encrypted;
|
2019-01-11 00:12:43 +00:00
|
|
|
}
|
|
|
|
} // namespace service
|
|
|
|
} // namespace llarp
|