|
|
|
#ifndef LLARP_KEY_MANAGER_HPP
|
|
|
|
#define LLARP_KEY_MANAGER_HPP
|
|
|
|
|
|
|
|
#include <atomic>
|
|
|
|
#include <config/config.hpp>
|
|
|
|
#include <crypto/types.hpp>
|
|
|
|
#include <router_contact.hpp>
|
|
|
|
|
|
|
|
namespace llarp
|
|
|
|
{
|
|
|
|
|
|
|
|
/// KeyManager manages the cryptographic keys stored on disk for the local node.
|
|
|
|
/// This includes private keys as well as the self-signed router contact file
|
|
|
|
/// (e.g. "self.signed").
|
|
|
|
///
|
|
|
|
/// Keys are either read from disk if they exist and are valid (see below) or are
|
|
|
|
/// generated and written to disk.
|
|
|
|
///
|
|
|
|
/// In addition, the KeyManager detects when the keys obsolete (e.g. as a result
|
|
|
|
/// of a software upgrade) and backs up existing keys before writing out new ones.
|
|
|
|
|
|
|
|
struct KeyManager {
|
|
|
|
|
|
|
|
/// Constructor
|
|
|
|
KeyManager();
|
|
|
|
|
|
|
|
/// Initializes from disk. This reads enough from disk to understand the current
|
|
|
|
/// state of the stored keys.
|
|
|
|
///
|
|
|
|
/// NOTE: Must be called prior to obtaining any keys.
|
|
|
|
///
|
|
|
|
/// @param config should be a prepared config object
|
|
|
|
/// @param genIfAbsent determines whether or not we will create files if they
|
|
|
|
/// do not exist.
|
|
|
|
/// @return true on success, false otherwise
|
|
|
|
bool
|
|
|
|
initializeFromDisk(const llarp::Config& config, bool genIfAbsent);
|
|
|
|
|
|
|
|
/// Obtain the identity key (e.g. ~/.lokinet/identity.private)
|
|
|
|
///
|
|
|
|
/// @param key (out) will be modified to contain the identity key
|
|
|
|
/// @return true on success, false otherwise
|
|
|
|
bool
|
|
|
|
getIdentityKey(llarp::SecretKey &key) const;
|
|
|
|
|
|
|
|
/// Obtain the encryption key (e.g. ~/.lokinet/encryption.private)
|
|
|
|
///
|
|
|
|
/// @param key (out) will be modified to contain the encryption key
|
|
|
|
/// @return true on success, false otherwise
|
|
|
|
bool
|
|
|
|
getEncryptionKey(llarp::SecretKey &key) const;
|
|
|
|
|
|
|
|
/// Obtain the transport key (e.g. ~/.lokinet/transport.private)
|
|
|
|
///
|
|
|
|
/// @param key (out) will be modified to contain the transport key
|
|
|
|
/// @return true on success, false otherwise
|
|
|
|
bool
|
|
|
|
getTransportKey(llarp::SecretKey &key) const;
|
|
|
|
|
|
|
|
/// Obtain the self-signed RouterContact
|
|
|
|
///
|
|
|
|
/// @param rc (out) will be modified to contian the RouterContact
|
|
|
|
/// @return true on success, false otherwise
|
|
|
|
bool
|
|
|
|
getRouterContact(llarp::RouterContact& rc) const;
|
|
|
|
|
|
|
|
private:
|
|
|
|
|
|
|
|
std::string m_rcPath;
|
|
|
|
std::string m_idKeyPath;
|
|
|
|
std::string m_encKeyPath;
|
|
|
|
std::string m_transportKeyPath;
|
|
|
|
std::atomic_bool m_initialized;
|
|
|
|
|
|
|
|
llarp::RouterContact m_rc;
|
|
|
|
llarp::SecretKey m_idKey;
|
|
|
|
llarp::SecretKey m_encKey;
|
|
|
|
llarp::SecretKey m_transportKey;
|
|
|
|
|
|
|
|
/// Backup each key file (by copying, e.g. foo -> foo.bak)
|
|
|
|
bool
|
|
|
|
backupKeyFilesByMoving() const;
|
|
|
|
|
|
|
|
/// Load the key at a given filepath or create it
|
|
|
|
///
|
|
|
|
/// @param keygen is a function that will generate the key if needed
|
|
|
|
static bool
|
|
|
|
loadOrCreateKey(
|
|
|
|
const std::string& filepath,
|
|
|
|
llarp::SecretKey key,
|
|
|
|
std::function<void(llarp::SecretKey& key)> keygen);
|
|
|
|
};
|
|
|
|
|
|
|
|
} // namespace llarp
|
|
|
|
|
|
|
|
#endif
|