lokinet/llarp/crypto/types.cpp

#include <crypto/types.hpp>

#include <util/buffer.hpp>

#include <fstream>
#include <util/fs.hpp>

#include <iterator>

#include <sodium/crypto_sign.h>
#include <sodium/crypto_sign_ed25519.h>
#include <sodium/crypto_scalarmult_ed25519.h>

namespace llarp
{
  bool
  PubKey::FromString(const std::string& str)
  {
    return HexDecode(str.c_str(), begin(), size());
  }

  std::string
  PubKey::ToString() const
  {
    char buf[(PUBKEYSIZE + 1) * 2] = {0};
    return HexEncode(*this, buf);
  }

  bool
  SecretKey::LoadFromFile(const fs::path& fname)
  {
    std::ifstream f(fname.string(), std::ios::in | std::ios::binary);
    if (!f.is_open())
    {
      return false;
    }

    f.seekg(0, std::ios::end);
    const size_t sz = f.tellg();
    f.seekg(0, std::ios::beg);

    if (sz == size())
    {
      // is raw buffer
      std::copy_n(std::istreambuf_iterator<char>(f), sz, begin());
      return true;
    }
    std::array<byte_t, 128> tmp;
    llarp_buffer_t buf(tmp);
    if (sz > sizeof(tmp))
    {
      return false;
    }
    f.read(reinterpret_cast<char*>(tmp.data()), sz);
    return BDecode(&buf);
  }

  bool
  SecretKey::Recalculate()
  {
    PrivateKey key;
    PubKey pubkey;
    if (!toPrivate(key) || !key.toPublic(pubkey))
      return false;
    std::memcpy(data() + 32, pubkey.data(), 32);
    return true;
  }

  bool
  SecretKey::toPrivate(PrivateKey& key) const
  {
    // Ed25519 calculates a 512-bit hash from the seed; the first half (clamped)
    // is the private key; the second half is the hash that gets used in
    // signing.
    unsigned char h[crypto_hash_sha512_BYTES];
    if (crypto_hash_sha512(h, data(), 32) < 0)
      return false;
    h[0] &= 248;
    h[31] &= 63;
    h[31] |= 64;
    std::memcpy(key.data(), h, 64);
    return true;
  }

  bool
  PrivateKey::toPublic(PubKey& pubkey) const
  {
    return crypto_scalarmult_ed25519_base_noclamp(pubkey.data(), data()) != -1;
  }

  bool
  SecretKey::SaveToFile(const fs::path& fname) const
  {
    std::array<byte_t, 128> tmp;
    llarp_buffer_t buf(tmp);
    if (!BEncode(&buf))
    {
      return false;
    }
    auto optional_f = llarp::util::OpenFileStream<std::ofstream>(fname, std::ios::binary);
    if (!optional_f)
      return false;
    auto& f = *optional_f;
    if (!f.is_open())
      return false;
    f.write((char*)buf.base, buf.cur - buf.base);
    return f.good();
  }

  bool
  IdentitySecret::LoadFromFile(const fs::path& fname)
  {
    auto optional = util::OpenFileStream<std::ifstream>(fname, std::ios::binary | std::ios::in);
    if (!optional)
      return false;
    auto& f = *optional;
    f.seekg(0, std::ios::end);
    const size_t sz = f.tellg();
    f.seekg(0, std::ios::beg);
    if (sz != 32)
    {
      llarp::LogError("service node seed size invalid: ", sz, " != 32");
      return false;
    }
    std::copy_n(std::istreambuf_iterator<char>(f), sz, begin());
    return true;
  }

  byte_t*
  Signature::Lo()
  {
    return data();
  }

  const byte_t*
  Signature::Lo() const
  {
    return data();
  }

  byte_t*
  Signature::Hi()
  {
    return data() + 32;
  }

  const byte_t*
  Signature::Hi() const
  {
    return data() + 32;
  }
}  // namespace llarp
Split crypto.hpp into 3 different files 2019-01-13 16:30:07 +00:00			`#include <crypto/types.hpp>`

			`#include <util/buffer.hpp>`

			`#include <fstream>`
finish up issue 17 2019-06-24 16:26:15 +00:00			`#include <util/fs.hpp>`

Split crypto.hpp into 3 different files 2019-01-13 16:30:07 +00:00			`#include <iterator>`

initial dht key blinding 2020-01-27 21:30:41 +00:00			`#include <sodium/crypto_sign.h>`
			`#include <sodium/crypto_sign_ed25519.h>`
does not work 2020-01-28 21:55:36 +00:00			`#include <sodium/crypto_scalarmult_ed25519.h>`
initial dht key blinding 2020-01-27 21:30:41 +00:00
Split crypto.hpp into 3 different files 2019-01-13 16:30:07 +00:00			`namespace llarp`
			`{`
			`bool`
			`PubKey::FromString(const std::string& str)`
			`{`
			`return HexDecode(str.c_str(), begin(), size());`
			`}`

			`std::string`
			`PubKey::ToString() const`
			`{`
			`char buf[(PUBKEYSIZE + 1) * 2] = {0};`
			`return HexEncode(*this, buf);`
			`}`

			`bool`
remove some string conversions entirely 2020-05-27 03:42:01 +00:00			`SecretKey::LoadFromFile(const fs::path& fname)`
Split crypto.hpp into 3 different files 2019-01-13 16:30:07 +00:00			`{`
remove some string conversions entirely 2020-05-27 03:42:01 +00:00			`std::ifstream f(fname.string(), std::ios::in \| std::ios::binary);`
The Great Wall of Blame This commit reflects changes to clang-format rules. Unfortunately, these rule changes create a massive change to the codebase, which causes an apparent rewrite of git history. Git blame's --ignore-rev flag can be used to ignore this commit when attempting to `git blame` some code. 2020-04-07 18:38:56 +00:00			`if (!f.is_open())`
Split crypto.hpp into 3 different files 2019-01-13 16:30:07 +00:00			`{`
			`return false;`
			`}`
Add tests for crypto/types 2019-01-15 00:42:50 +00:00
Split crypto.hpp into 3 different files 2019-01-13 16:30:07 +00:00			`f.seekg(0, std::ios::end);`
Add tests for crypto/types 2019-01-15 00:42:50 +00:00			`const size_t sz = f.tellg();`
Split crypto.hpp into 3 different files 2019-01-13 16:30:07 +00:00			`f.seekg(0, std::ios::beg);`
Add tests for crypto/types 2019-01-15 00:42:50 +00:00
The Great Wall of Blame This commit reflects changes to clang-format rules. Unfortunately, these rule changes create a massive change to the codebase, which causes an apparent rewrite of git history. Git blame's --ignore-rev flag can be used to ignore this commit when attempting to `git blame` some code. 2020-04-07 18:38:56 +00:00			`if (sz == size())`
Split crypto.hpp into 3 different files 2019-01-13 16:30:07 +00:00			`{`
			`// is raw buffer`
The Great Wall of Blame This commit reflects changes to clang-format rules. Unfortunately, these rule changes create a massive change to the codebase, which causes an apparent rewrite of git history. Git blame's --ignore-rev flag can be used to ignore this commit when attempting to `git blame` some code. 2020-04-07 18:38:56 +00:00			`std::copy_n(std::istreambuf_iterator<char>(f), sz, begin());`
Split crypto.hpp into 3 different files 2019-01-13 16:30:07 +00:00			`return true;`
			`}`
The Great Wall of Blame This commit reflects changes to clang-format rules. Unfortunately, these rule changes create a massive change to the codebase, which causes an apparent rewrite of git history. Git blame's --ignore-rev flag can be used to ignore this commit when attempting to `git blame` some code. 2020-04-07 18:38:56 +00:00			`std::array<byte_t, 128> tmp;`
Create CopyableBuffer type 2019-02-02 23:12:42 +00:00			`llarp_buffer_t buf(tmp);`
The Great Wall of Blame This commit reflects changes to clang-format rules. Unfortunately, these rule changes create a massive change to the codebase, which causes an apparent rewrite of git history. Git blame's --ignore-rev flag can be used to ignore this commit when attempting to `git blame` some code. 2020-04-07 18:38:56 +00:00			`if (sz > sizeof(tmp))`
Split crypto.hpp into 3 different files 2019-01-13 16:30:07 +00:00			`{`
			`return false;`
			`}`
The Great Wall of Blame This commit reflects changes to clang-format rules. Unfortunately, these rule changes create a massive change to the codebase, which causes an apparent rewrite of git history. Git blame's --ignore-rev flag can be used to ignore this commit when attempting to `git blame` some code. 2020-04-07 18:38:56 +00:00			`f.read(reinterpret_cast<char*>(tmp.data()), sz);`
Split crypto.hpp into 3 different files 2019-01-13 16:30:07 +00:00			`return BDecode(&buf);`
			`}`

initial dht key blinding 2020-01-27 21:30:41 +00:00			`bool`
			`SecretKey::Recalculate()`
			`{`
Fix Recalculate() Recalculate did what should have been the right thing but wasn't because of libsodium's mislabelling the "seed" as the secret key. 2020-01-30 16:38:39 +00:00			`PrivateKey key;`
			`PubKey pubkey;`
The Great Wall of Blame This commit reflects changes to clang-format rules. Unfortunately, these rule changes create a massive change to the codebase, which causes an apparent rewrite of git history. Git blame's --ignore-rev flag can be used to ignore this commit when attempting to `git blame` some code. 2020-04-07 18:38:56 +00:00			`if (!toPrivate(key) \|\| !key.toPublic(pubkey))`
Fix Recalculate() Recalculate did what should have been the right thing but wasn't because of libsodium's mislabelling the "seed" as the secret key. 2020-01-30 16:38:39 +00:00			`return false;`
			`std::memcpy(data() + 32, pubkey.data(), 32);`
			`return true;`
initial dht key blinding 2020-01-27 21:30:41 +00:00			`}`

Derived key fixes The reason things weren't working here is because libsodium does something completely unintuitive and called the seed the "secret key" when it isn't, it's the seed. This adds a new PrivateKey class (alongside the existing SecretKey and PubKey) that holds just a private key value but no seed -- which we need to do because there is no way we can get a seed after calculating a derived keypair. With these changes, we now generate exactly the same keys and subkeys as Tor (and a new test case uses values generated in Tor to verify this). This is incomplete -- the subkey signing code is still not implemented; it has to be adapted to create a signature from a PrivateKey rather than a SecretKey which will probably requiring working around/reimplementing some of what libsodium does for creating a signature since it expects "secret keys" i.e. the seed. 2020-01-30 16:34:05 +00:00			`bool`
			`SecretKey::toPrivate(PrivateKey& key) const`
			`{`
make format 😠 🤮 2020-01-31 21:05:50 +00:00			`// Ed25519 calculates a 512-bit hash from the seed; the first half (clamped)`
			`// is the private key; the second half is the hash that gets used in`
			`// signing.`
Derived key fixes The reason things weren't working here is because libsodium does something completely unintuitive and called the seed the "secret key" when it isn't, it's the seed. This adds a new PrivateKey class (alongside the existing SecretKey and PubKey) that holds just a private key value but no seed -- which we need to do because there is no way we can get a seed after calculating a derived keypair. With these changes, we now generate exactly the same keys and subkeys as Tor (and a new test case uses values generated in Tor to verify this). This is incomplete -- the subkey signing code is still not implemented; it has to be adapted to create a signature from a PrivateKey rather than a SecretKey which will probably requiring working around/reimplementing some of what libsodium does for creating a signature since it expects "secret keys" i.e. the seed. 2020-01-30 16:34:05 +00:00			`unsigned char h[crypto_hash_sha512_BYTES];`
The Great Wall of Blame This commit reflects changes to clang-format rules. Unfortunately, these rule changes create a massive change to the codebase, which causes an apparent rewrite of git history. Git blame's --ignore-rev flag can be used to ignore this commit when attempting to `git blame` some code. 2020-04-07 18:38:56 +00:00			`if (crypto_hash_sha512(h, data(), 32) < 0)`
Derived key fixes The reason things weren't working here is because libsodium does something completely unintuitive and called the seed the "secret key" when it isn't, it's the seed. This adds a new PrivateKey class (alongside the existing SecretKey and PubKey) that holds just a private key value but no seed -- which we need to do because there is no way we can get a seed after calculating a derived keypair. With these changes, we now generate exactly the same keys and subkeys as Tor (and a new test case uses values generated in Tor to verify this). This is incomplete -- the subkey signing code is still not implemented; it has to be adapted to create a signature from a PrivateKey rather than a SecretKey which will probably requiring working around/reimplementing some of what libsodium does for creating a signature since it expects "secret keys" i.e. the seed. 2020-01-30 16:34:05 +00:00			`return false;`
			`h[0] &= 248;`
			`h[31] &= 63;`
			`h[31] \|= 64;`
Use hash instead of random for signing hash data This makes PrivateKey store both the key followed by the hash. For PrivateKeys based on SecretKeys this just means the second half of the SHA-512 of the seed, and makes a PrivateKey constructed from a SecretKey give an identical signature to signing directly with sodium. For derived keys we use a ShortHash of the root key's signing hash concatenated with the publicly known hash value, so that our derived key signing hash will be different from the root signing hash and also different for different derivation parameters. This also changed one of the asserts in crypto_noop, but upon closer inspection the copying of the secret key into the signature seems really wrong, so just changed them to fill with 0s. 2020-01-31 20:38:08 +00:00			`std::memcpy(key.data(), h, 64);`
Derived key fixes The reason things weren't working here is because libsodium does something completely unintuitive and called the seed the "secret key" when it isn't, it's the seed. This adds a new PrivateKey class (alongside the existing SecretKey and PubKey) that holds just a private key value but no seed -- which we need to do because there is no way we can get a seed after calculating a derived keypair. With these changes, we now generate exactly the same keys and subkeys as Tor (and a new test case uses values generated in Tor to verify this). This is incomplete -- the subkey signing code is still not implemented; it has to be adapted to create a signature from a PrivateKey rather than a SecretKey which will probably requiring working around/reimplementing some of what libsodium does for creating a signature since it expects "secret keys" i.e. the seed. 2020-01-30 16:34:05 +00:00			`return true;`
			`}`

			`bool`
			`PrivateKey::toPublic(PubKey& pubkey) const`
			`{`
			`return crypto_scalarmult_ed25519_base_noclamp(pubkey.data(), data()) != -1;`
			`}`

Split crypto.hpp into 3 different files 2019-01-13 16:30:07 +00:00			`bool`
remove some string conversions entirely 2020-05-27 03:42:01 +00:00			`SecretKey::SaveToFile(const fs::path& fname) const`
Split crypto.hpp into 3 different files 2019-01-13 16:30:07 +00:00			`{`
The Great Wall of Blame This commit reflects changes to clang-format rules. Unfortunately, these rule changes create a massive change to the codebase, which causes an apparent rewrite of git history. Git blame's --ignore-rev flag can be used to ignore this commit when attempting to `git blame` some code. 2020-04-07 18:38:56 +00:00			`std::array<byte_t, 128> tmp;`
Create CopyableBuffer type 2019-02-02 23:12:42 +00:00			`llarp_buffer_t buf(tmp);`
The Great Wall of Blame This commit reflects changes to clang-format rules. Unfortunately, these rule changes create a massive change to the codebase, which causes an apparent rewrite of git history. Git blame's --ignore-rev flag can be used to ignore this commit when attempting to `git blame` some code. 2020-04-07 18:38:56 +00:00			`if (!BEncode(&buf))`
Split crypto.hpp into 3 different files 2019-01-13 16:30:07 +00:00			`{`
			`return false;`
			`}`
remove some string conversions entirely 2020-05-27 03:42:01 +00:00			`auto optional_f = llarp::util::OpenFileStream<std::ofstream>(fname, std::ios::binary);`
The Great Wall of Blame This commit reflects changes to clang-format rules. Unfortunately, these rule changes create a massive change to the codebase, which causes an apparent rewrite of git history. Git blame's --ignore-rev flag can be used to ignore this commit when attempting to `git blame` some code. 2020-04-07 18:38:56 +00:00			`if (!optional_f)`
finish up issue 17 2019-06-24 16:26:15 +00:00			`return false;`
Don't use std::optional::value() because f u macos This replaces all use of std::optional's `opt.value()` with `opt` because macOS is great and the ghost of Steve Jobs says that actually supporting std::optional's value() method is not for chumps before macOS 10.14. So don't use it because Apple is great. Pretty much all of our use of it actually is done better with operator anyway (since operator* doesn't do a check that the optional has a value). Also replaced most of the `has_value()` calls with direct bool context, except for one in the config section which looked really confusing at a glance without a has_value(). 2020-05-20 19:46:08 +00:00			`auto& f = *optional_f;`
The Great Wall of Blame This commit reflects changes to clang-format rules. Unfortunately, these rule changes create a massive change to the codebase, which causes an apparent rewrite of git history. Git blame's --ignore-rev flag can be used to ignore this commit when attempting to `git blame` some code. 2020-04-07 18:38:56 +00:00			`if (!f.is_open())`
Split crypto.hpp into 3 different files 2019-01-13 16:30:07 +00:00			`return false;`
			`f.write((char*)buf.base, buf.cur - buf.base);`
reset errno and make unit tests pass 2019-06-24 17:36:25 +00:00			`return f.good();`
Split crypto.hpp into 3 different files 2019-01-13 16:30:07 +00:00			`}`

add initial identity key seed stuff add more kubernetes stuff make shared library installed if built 2019-01-21 15:45:18 +00:00			`bool`
remove some string conversions entirely 2020-05-27 03:42:01 +00:00			`IdentitySecret::LoadFromFile(const fs::path& fname)`
add initial identity key seed stuff add more kubernetes stuff make shared library installed if built 2019-01-21 15:45:18 +00:00			`{`
remove some string conversions entirely 2020-05-27 03:42:01 +00:00			`auto optional = util::OpenFileStream<std::ifstream>(fname, std::ios::binary \| std::ios::in);`
The Great Wall of Blame This commit reflects changes to clang-format rules. Unfortunately, these rule changes create a massive change to the codebase, which causes an apparent rewrite of git history. Git blame's --ignore-rev flag can be used to ignore this commit when attempting to `git blame` some code. 2020-04-07 18:38:56 +00:00			`if (!optional)`
add initial identity key seed stuff add more kubernetes stuff make shared library installed if built 2019-01-21 15:45:18 +00:00			`return false;`
Don't use std::optional::value() because f u macos This replaces all use of std::optional's `opt.value()` with `opt` because macOS is great and the ghost of Steve Jobs says that actually supporting std::optional's value() method is not for chumps before macOS 10.14. So don't use it because Apple is great. Pretty much all of our use of it actually is done better with operator anyway (since operator* doesn't do a check that the optional has a value). Also replaced most of the `has_value()` calls with direct bool context, except for one in the config section which looked really confusing at a glance without a has_value(). 2020-05-20 19:46:08 +00:00			`auto& f = *optional;`
add initial identity key seed stuff add more kubernetes stuff make shared library installed if built 2019-01-21 15:45:18 +00:00			`f.seekg(0, std::ios::end);`
			`const size_t sz = f.tellg();`
			`f.seekg(0, std::ios::beg);`
The Great Wall of Blame This commit reflects changes to clang-format rules. Unfortunately, these rule changes create a massive change to the codebase, which causes an apparent rewrite of git history. Git blame's --ignore-rev flag can be used to ignore this commit when attempting to `git blame` some code. 2020-04-07 18:38:56 +00:00			`if (sz != 32)`
add initial identity key seed stuff add more kubernetes stuff make shared library installed if built 2019-01-21 15:45:18 +00:00			`{`
			`llarp::LogError("service node seed size invalid: ", sz, " != 32");`
			`return false;`
			`}`
The Great Wall of Blame This commit reflects changes to clang-format rules. Unfortunately, these rule changes create a massive change to the codebase, which causes an apparent rewrite of git history. Git blame's --ignore-rev flag can be used to ignore this commit when attempting to `git blame` some code. 2020-04-07 18:38:56 +00:00			`std::copy_n(std::istreambuf_iterator<char>(f), sz, begin());`
add initial identity key seed stuff add more kubernetes stuff make shared library installed if built 2019-01-21 15:45:18 +00:00			`return true;`
			`}`

change signature scheme and fucking hope that the rest of the code doesn't fug itself over ;~; 2019-03-20 14:51:10 +00:00			`byte_t*`
initial dht key blinding 2020-01-27 21:30:41 +00:00			`Signature::Lo()`
change signature scheme and fucking hope that the rest of the code doesn't fug itself over ;~; 2019-03-20 14:51:10 +00:00			`{`
			`return data();`
			`}`

			`const byte_t*`
initial dht key blinding 2020-01-27 21:30:41 +00:00			`Signature::Lo() const`
change signature scheme and fucking hope that the rest of the code doesn't fug itself over ;~; 2019-03-20 14:51:10 +00:00			`{`
			`return data();`
			`}`

			`byte_t*`
initial dht key blinding 2020-01-27 21:30:41 +00:00			`Signature::Hi()`
change signature scheme and fucking hope that the rest of the code doesn't fug itself over ;~; 2019-03-20 14:51:10 +00:00			`{`
			`return data() + 32;`
			`}`

			`const byte_t*`
initial dht key blinding 2020-01-27 21:30:41 +00:00			`Signature::Hi() const`
change signature scheme and fucking hope that the rest of the code doesn't fug itself over ;~; 2019-03-20 14:51:10 +00:00			`{`
			`return data() + 32;`
			`}`
Split crypto.hpp into 3 different files 2019-01-13 16:30:07 +00:00			`} // namespace llarp`