Archives
/
lokinet
mirror of https://github.com/oxen-io/lokinet
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

add check for identity key validity

Browse Source
pull/931/head
Jeff Becker 5 years ago
parent 5868a25fcc
commit 098915bb8e
No known key found for this signature in database
GPG Key ID: F357B3B42F6F9B05
6 changed files with 61 additions and 10 deletions
Show Stats Download Patch File Download Diff File

3
llarp/crypto/crypto.hpp
Unescape Escape View File

@ -87,6 +87,9 @@ namespace llarp
/// post quantum encrypt (buffer, sharedkey_dst, pub)
virtual bool
pqe_encrypt(PQCipherBlock &, SharedSecret &, const PQPubKey &) = 0;
virtual bool
check_identity_privkey(const SecretKey &) = 0;
};
inline Crypto::~Crypto() = default;

13
llarp/crypto/crypto_libsodium.cpp
Unescape Escape View File

@ -214,6 +214,19 @@ namespace llarp
(void)sk_pk;
}
bool
CryptoLibSodium::check_identity_privkey(const llarp::SecretKey &keys)
{
AlignedBuffer< crypto_sign_SEEDBYTES > seed;
llarp::PubKey pk;
llarp::SecretKey sk;
if(crypto_sign_ed25519_sk_to_seed(seed.data(), keys.data()) == -1)
return false;
if(crypto_sign_seed_keypair(pk.data(), sk.data(), seed.data()) == -1)
return false;
return keys.toPublic() == pk && sk == keys;
}
void
CryptoLibSodium::encryption_keygen(llarp::SecretKey &keys)
{

3
llarp/crypto/crypto_libsodium.hpp
Unescape Escape View File

@ -79,6 +79,9 @@ namespace llarp
/// post quantum encrypt (buffer, sharedkey_dst, pub)
bool
pqe_encrypt(PQCipherBlock &, SharedSecret &, const PQPubKey &) override;
bool
check_identity_privkey(const SecretKey &) override;
};
} // namespace sodium

6
llarp/crypto/crypto_noop.hpp
Unescape Escape View File

@ -180,6 +180,12 @@ namespace llarp
std::copy_n(secret.begin(), SharedSecret::SIZE, block.begin());
return true;
}
bool
check_identity_privkey(const SecretKey &) override
{
return true;
}
};
} // namespace llarp

44
llarp/router/router.cpp
Unescape Escape View File

@ -258,7 +258,7 @@ namespace llarp
CURL *curl = curl_easy_init();
if(curl)
{
CURLcode res;
bool ret = false;
std::stringstream ss;
ss << "http://" << lokidRPCAddr << "/json_rpc";
const auto url = ss.str();
@ -283,10 +283,8 @@ namespace llarp
do
{
resp.clear();
std::this_thread::sleep_for(std::chrono::milliseconds(100));
LogInfo("Getting Identity Keys from lokid...");
res = curl_easy_perform(curl);
if(res == CURLE_OK)
if(curl_easy_perform(curl) == CURLE_OK)
{
try
{
@ -301,10 +299,28 @@ namespace llarp
continue;
const auto k =
(*itr)["service_node_ed25519_privkey"].get< std::string >();
if(k.empty())
continue;
if(k.size() != (_identity.size() * 2))
{
if(k.empty())
{
LogError("lokid gave no identity key");
}
else
{
LogError("lokid gave invalid identity key");
}
return false;
}
if(not HexDecode(k.c_str(), _identity.data(), _identity.size()))
continue;
if(CryptoManager::instance()->check_identity_privkey(_identity))
{
ret = true;
}
else
{
LogError("lokid gave bogus identity key");
}
}
catch(nlohmann::json::exception &ex)
{
@ -313,13 +329,21 @@ namespace llarp
}
else
{
LogError("failed to get identity Keys");
LogError("failed to get identity keys");
}
if(ret)
{
LogInfo("Got Identity Keys from lokid: ", RouterID(pubkey()));
break;
}
else
{
std::this_thread::sleep_for(std::chrono::milliseconds(100));
}
} while(res != CURLE_OK);
} while(true);
curl_easy_cleanup(curl);
curl_slist_free_all(list);
LogInfo("Got Identity Keys from lokid");
return true;
return ret;
}
else
{

2
test/crypto/mock_crypto.hpp
Unescape Escape View File

@ -69,6 +69,8 @@ namespace llarp
MOCK_METHOD3(pqe_encrypt,
bool(PQCipherBlock &, SharedSecret &, const PQPubKey &));
MOCK_METHOD1(check_identity_privkey, bool(const SecretKey&));
};
} // namespace test
} // namespace llarp

Write Preview
Loading…
Cancel
Save