Handle link transport key in KeyManager

5 years ago · 521ef9b5bb
parent a0699ad229
commit 521ef9b5bb
12 changed files with 74 additions and 116 deletions
--- a/llarp/config/key_manager.cpp
+++ b/llarp/config/key_manager.cpp
@ -74,40 +74,34 @@ namespace llarp
      return false;

    // TODO: transport key (currently done in LinkLayer)
-
+    auto transportKeygen = [](llarp::SecretKey& key)
+    {
+      key.Zero();
+      CryptoManager::instance()->encryption_keygen(key);
+    };
+    if (not loadOrCreateKey(m_transportKeyPath, m_transportKey, transportKeygen))
+      return false;

    m_initialized = true;
    return true;
  }

-  bool
-  KeyManager::getIdentityKey(llarp::SecretKey &key) const
+  const llarp::SecretKey&
+  KeyManager::getIdentityKey() const
  {
-    if (! m_initialized)
-      return false;
-
-    key = m_idKey;
-    return true;
+    return m_idKey;
  }

-  bool
-  KeyManager::getEncryptionKey(llarp::SecretKey &key) const
+  const llarp::SecretKey&
+  KeyManager::getEncryptionKey() const
  {
-    if (! m_initialized)
-      return false;
-
-    key = m_encKey;
-    return true;
+    return m_encKey;
  }

-  bool
-  KeyManager::getTransportKey(llarp::SecretKey &key) const
+  const llarp::SecretKey&
+  KeyManager::getTransportKey() const
  {
-    if (! m_initialized)
-      return false;
-
-    key = m_transportKey;
-    return true;
+    return m_transportKey;
  }

  bool
--- a/llarp/config/key_manager.hpp
+++ b/llarp/config/key_manager.hpp
@ -38,24 +38,21 @@ namespace llarp

    /// Obtain the identity key (e.g. ~/.lokinet/identity.private)
    ///
-    /// @param key (out) will be modified to contain the identity key
-    /// @return true on success, false otherwise
-    bool
-    getIdentityKey(llarp::SecretKey &key) const;
+    /// @return a reference to the identity key
+    const llarp::SecretKey&
+    getIdentityKey() const;

    /// Obtain the encryption key (e.g. ~/.lokinet/encryption.private)
    ///
-    /// @param key (out) will be modified to contain the encryption key
-    /// @return true on success, false otherwise
-    bool
-    getEncryptionKey(llarp::SecretKey &key) const;
+    /// @return a reference to the encryption key
+    const llarp::SecretKey&
+    getEncryptionKey() const;

    /// Obtain the transport key (e.g. ~/.lokinet/transport.private)
    ///
-    /// @param key (out) will be modified to contain the transport key
-    /// @return true on success, false otherwise
-    bool
-    getTransportKey(llarp::SecretKey &key) const;
+    /// @return a reference to the transport key
+    const llarp::SecretKey&
+    getTransportKey() const;

    /// Obtain the self-signed RouterContact
    ///
--- a/llarp/iwp/iwp.cpp
+++ b/llarp/iwp/iwp.cpp
@ -1,5 +1,6 @@
 #include <iwp/iwp.hpp>
 #include <iwp/linklayer.hpp>
+#include <memory>
 #include <router/abstractrouter.hpp>
 #include <util/meta/memfn.hpp>

@ -8,25 +9,25 @@ namespace llarp
  namespace iwp
  {
    LinkLayer_ptr
-    NewInboundLink(const SecretKey& routerEncSecret, GetRCFunc getrc,
+    NewInboundLink(std::shared_ptr<KeyManager> keyManager, GetRCFunc getrc,
                   LinkMessageHandler h, SignBufferFunc sign,
                   SessionEstablishedHandler est,
                   SessionRenegotiateHandler reneg, TimeoutHandler timeout,
                   SessionClosedHandler closed, PumpDoneHandler pumpDone)
    {
-      return std::make_shared< LinkLayer >(routerEncSecret, getrc, h, sign, est,
+      return std::make_shared< LinkLayer >(keyManager, getrc, h, sign, est,
                                           reneg, timeout, closed, pumpDone,
                                           true);
    }

    LinkLayer_ptr
-    NewOutboundLink(const SecretKey& routerEncSecret, GetRCFunc getrc,
+    NewOutboundLink(std::shared_ptr<KeyManager> keyManager, GetRCFunc getrc,
                    LinkMessageHandler h, SignBufferFunc sign,
                    SessionEstablishedHandler est,
                    SessionRenegotiateHandler reneg, TimeoutHandler timeout,
                    SessionClosedHandler closed, PumpDoneHandler pumpDone)
    {
-      return std::make_shared< LinkLayer >(routerEncSecret, getrc, h, sign, est,
+      return std::make_shared< LinkLayer >(keyManager, getrc, h, sign, est,
                                           reneg, timeout, closed, pumpDone,
                                           false);
    }
--- a/llarp/iwp/iwp.hpp
+++ b/llarp/iwp/iwp.hpp
@ -4,19 +4,20 @@
 #include <link/server.hpp>
 #include <iwp/linklayer.hpp>
 #include <memory>
+#include <config/key_manager.hpp>

 namespace llarp
 {
  namespace iwp
  {
    LinkLayer_ptr
-    NewInboundLink(const SecretKey& routerEncSecret, GetRCFunc getrc,
+    NewInboundLink(std::shared_ptr<KeyManager> keyManager, GetRCFunc getrc,
                   LinkMessageHandler h, SignBufferFunc sign,
                   SessionEstablishedHandler est,
                   SessionRenegotiateHandler reneg, TimeoutHandler timeout,
                   SessionClosedHandler closed, PumpDoneHandler pumpDone);
    LinkLayer_ptr
-    NewOutboundLink(const SecretKey& routerEncSecret, GetRCFunc getrc,
+    NewOutboundLink(std::shared_ptr<KeyManager> keyManager, GetRCFunc getrc,
                    LinkMessageHandler h, SignBufferFunc sign,
                    SessionEstablishedHandler est,
                    SessionRenegotiateHandler reneg, TimeoutHandler timeout,
--- a/llarp/iwp/linklayer.cpp
+++ b/llarp/iwp/linklayer.cpp
@ -1,18 +1,20 @@
 #include <iwp/linklayer.hpp>
 #include <iwp/session.hpp>
+#include <config/key_manager.hpp>
+#include <memory>
 #include <unordered_set>

 namespace llarp
 {
  namespace iwp
  {
-    LinkLayer::LinkLayer(const SecretKey& routerEncSecret, GetRCFunc getrc,
+    LinkLayer::LinkLayer(std::shared_ptr<KeyManager> keyManager, GetRCFunc getrc,
                         LinkMessageHandler h, SignBufferFunc sign,
                         SessionEstablishedHandler est,
                         SessionRenegotiateHandler reneg,
                         TimeoutHandler timeout, SessionClosedHandler closed,
                         PumpDoneHandler pumpDone, bool allowInbound)
-        : ILinkLayer(routerEncSecret, getrc, h, sign, est, reneg, timeout,
+        : ILinkLayer(keyManager, getrc, h, sign, est, reneg, timeout,
                     closed, pumpDone)
        , permitInbound{allowInbound}
    {
@ -54,14 +56,6 @@ namespace llarp
      return "iwp";
    }

-    bool
-    LinkLayer::KeyGen(SecretKey& k)
-    {
-      k.Zero();
-      CryptoManager::instance()->encryption_keygen(k);
-      return !k.IsZero();
-    }
-
    uint16_t
    LinkLayer::Rank() const
    {
--- a/llarp/iwp/linklayer.hpp
+++ b/llarp/iwp/linklayer.hpp
@ -7,6 +7,9 @@
 #include <crypto/types.hpp>
 #include <link/server.hpp>
 #include <util/thread/thread_pool.hpp>
+#include <config/key_manager.hpp>
+
+#include <memory>

 namespace llarp
 {
@ -14,7 +17,7 @@ namespace llarp
  {
    struct LinkLayer final : public ILinkLayer
    {
-      LinkLayer(const SecretKey &routerEncSecret, GetRCFunc getrc,
+      LinkLayer(std::shared_ptr<KeyManager> keyManager, GetRCFunc getrc,
                LinkMessageHandler h, SignBufferFunc sign,
                SessionEstablishedHandler est, SessionRenegotiateHandler reneg,
                TimeoutHandler timeout, SessionClosedHandler closed,
@ -29,9 +32,6 @@ namespace llarp
      void
      Pump() override;

-      bool
-      KeyGen(SecretKey &k) override;
-
      const char *
      Name() const override;

--- a/llarp/link/factory.hpp
+++ b/llarp/link/factory.hpp
@ -1,7 +1,9 @@
 #ifndef LLARP_LINK_FACTORY_HPP
 #define LLARP_LINK_FACTORY_HPP
 #include <util/string_view.hpp>
+#include <config/key_manager.hpp>
 #include <functional>
+#include <memory>

 #include <link/server.hpp>

@ -20,7 +22,7 @@ namespace llarp
    };

    using Factory = std::function< LinkLayer_ptr(
-        const SecretKey&, GetRCFunc, LinkMessageHandler, SignBufferFunc,
+        std::shared_ptr<KeyManager>, GetRCFunc, LinkMessageHandler, SignBufferFunc,
        SessionEstablishedHandler, SessionRenegotiateHandler, TimeoutHandler,
        SessionClosedHandler, PumpDoneHandler) >;

--- a/llarp/link/server.cpp
+++ b/llarp/link/server.cpp
@ -1,6 +1,8 @@
 #include <link/server.hpp>
 #include <ev/ev.hpp>
 #include <crypto/crypto.hpp>
+#include <config/key_manager.hpp>
+#include <memory>
 #include <util/fs.hpp>
 #include <utility>

@ -8,7 +10,7 @@ namespace llarp
 {
  static constexpr size_t MaxSessionsPerKey = 16;

-  ILinkLayer::ILinkLayer(const SecretKey& routerEncSecret, GetRCFunc getrc,
+  ILinkLayer::ILinkLayer(std::shared_ptr<KeyManager> keyManager, GetRCFunc getrc,
                         LinkMessageHandler handler, SignBufferFunc signbuf,
                         SessionEstablishedHandler establishedSession,
                         SessionRenegotiateHandler reneg,
@ -22,7 +24,8 @@ namespace llarp
      , SessionClosed(std::move(closed))
      , SessionRenegotiate(std::move(reneg))
      , PumpDone(std::move(pumpDone))
-      , m_RouterEncSecret(routerEncSecret)
+      , m_RouterEncSecret(keyManager->getEncryptionKey())
+      , m_SecretKey(keyManager->getTransportKey())
  {
  }

@ -406,35 +409,6 @@ namespace llarp
    return m_SecretKey;
  }

-  bool
-  ILinkLayer::GenEphemeralKeys()
-  {
-    return KeyGen(m_SecretKey);
-  }
-
-  bool
-  ILinkLayer::EnsureKeys(const char* f)
-  {
-    fs::path fpath(f);
-    llarp::SecretKey keys;
-    std::error_code ec;
-    if(!fs::exists(fpath, ec))
-    {
-      if(!KeyGen(m_SecretKey))
-        return false;
-      // generated new keys
-      if(!BEncodeWriteFile< decltype(keys), 128 >(f, m_SecretKey))
-        return false;
-    }
-    // load keys
-    if(!BDecodeReadFile(f, m_SecretKey))
-    {
-      llarp::LogError("Failed to load keyfile ", f);
-      return false;
-    }
-    return true;
-  }
-
  bool
  ILinkLayer::PutSession(const std::shared_ptr< ILinkSession >& s)
  {
--- a/llarp/link/server.hpp
+++ b/llarp/link/server.hpp
@ -9,6 +9,7 @@
 #include <util/status.hpp>
 #include <util/thread/logic.hpp>
 #include <util/thread/threading.hpp>
+#include <config/key_manager.hpp>

 #include <list>
 #include <memory>
@ -51,7 +52,7 @@ namespace llarp

  struct ILinkLayer
  {
-    ILinkLayer(const SecretKey& routerEncSecret, GetRCFunc getrc,
+    ILinkLayer(std::shared_ptr<KeyManager> keyManager, GetRCFunc getrc,
               LinkMessageHandler handler, SignBufferFunc signFunc,
               SessionEstablishedHandler sessionEstablish,
               SessionRenegotiateHandler renegotiate, TimeoutHandler timeout,
@ -142,9 +143,6 @@ namespace llarp
    virtual uint16_t
    Rank() const = 0;

-    virtual bool
-    KeyGen(SecretKey&) = 0;
-
    const byte_t*
    TransportPubKey() const;

@ -167,12 +165,6 @@ namespace llarp
      return false;
    }

-    bool
-    EnsureKeys(const char* fpath);
-
-    bool
-    GenEphemeralKeys();
-
    virtual bool
    MapAddr(const RouterID& pk, ILinkSession* s);

@ -187,6 +179,7 @@ namespace llarp
    SessionClosedHandler SessionClosed;
    SessionRenegotiateHandler SessionRenegotiate;
    PumpDoneHandler PumpDone;
+    std::shared_ptr<KeyManager> keyManager;

    std::shared_ptr< Logic >
    logic()
--- a/llarp/router/router.cpp
+++ b/llarp/router/router.cpp
@ -1,3 +1,4 @@
+#include <memory>
 #include <router/router.hpp>

 #include <config/config.hpp>
@ -61,6 +62,8 @@ namespace llarp
      , inbound_link_msg_parser(this)
      , _hiddenServiceContext(this)
  {
+    m_keyManager = std::make_shared<KeyManager>();
+
    // set rational defaults
    this->ip4addr.sin_family = AF_INET;
    this->ip4addr.sin_port   = htons(1090);
@ -199,10 +202,13 @@ namespace llarp
  {

    // TODO: handle loading SN identity instead
-    if (not m_keyManager.getIdentityKey(_identity))
+    _identity = m_keyManager->getIdentityKey();
+    _encryption = m_keyManager->getEncryptionKey();
+
+    if (_identity.IsZero())
      return false;

-    if (not m_keyManager.getEncryptionKey(_encryption))
+    if (_encryption.IsZero())
      return false;

    if(usingSNSeed)
@ -231,7 +237,7 @@ namespace llarp
    if(!InitOutboundLinks())
      return false;

-    if (not m_keyManager.initializeFromDisk(*conf, true))
+    if (not m_keyManager->initializeFromDisk(*conf, true))
      return false;

    return EnsureIdentity();
@ -509,7 +515,7 @@ namespace llarp
      }

      auto server = inboundLinkFactory(
-          encryption(), util::memFn(&AbstractRouter::rc, this),
+          m_keyManager, util::memFn(&AbstractRouter::rc, this),
          util::memFn(&AbstractRouter::HandleRecvLinkMessageBuffer, this),
          util::memFn(&AbstractRouter::Sign, this),
          util::memFn(&IOutboundSessionMaker::OnSessionEstablished,
@ -518,13 +524,8 @@ namespace llarp
          util::memFn(&IOutboundSessionMaker::OnConnectTimeout,
                      &_outboundSessionMaker),
          util::memFn(&AbstractRouter::SessionClosed, this),
-          util::memFn(&AbstractRouter::PumpLL, this));
-
-      if(!server->EnsureKeys(transport_keyfile.string().c_str()))
-      {
-        llarp::LogError("failed to ensure keyfile ", transport_keyfile);
-        return false;
-      }
+          util::memFn(&AbstractRouter::PumpLL, this)
+          );

      const auto &key = std::get< LinksConfig::Interface >(serverConfig);
      int af          = std::get< LinksConfig::AddressFamily >(serverConfig);
@ -1139,7 +1140,7 @@ namespace llarp
      return false;
    }
    auto link =
-        factory(encryption(), util::memFn(&AbstractRouter::rc, this),
+        factory(m_keyManager, util::memFn(&AbstractRouter::rc, this),
                util::memFn(&AbstractRouter::HandleRecvLinkMessageBuffer, this),
                util::memFn(&AbstractRouter::Sign, this),
                util::memFn(&IOutboundSessionMaker::OnSessionEstablished,
@ -1148,15 +1149,11 @@ namespace llarp
                util::memFn(&IOutboundSessionMaker::OnConnectTimeout,
                            &_outboundSessionMaker),
                util::memFn(&AbstractRouter::SessionClosed, this),
-                util::memFn(&AbstractRouter::PumpLL, this));
+                util::memFn(&AbstractRouter::PumpLL, this)
+                );

    if(!link)
      return false;
-    if(!link->EnsureKeys(transport_keyfile.string().c_str()))
-    {
-      LogError("failed to load ", transport_keyfile);
-      return false;
-    }

    const auto afs = {AF_INET, AF_INET6};

--- a/llarp/router/router.hpp
+++ b/llarp/router/router.hpp
@ -464,7 +464,7 @@ namespace llarp

    llarp_time_t m_LastStatsReport = 0;

-    llarp::KeyManager m_keyManager;
+    std::shared_ptr<llarp::KeyManager> m_keyManager;

    bool
    ShouldReportStats(llarp_time_t now) const;
--- a/test/link/test_llarp_link.cpp
+++ b/test/link/test_llarp_link.cpp
@ -93,7 +93,7 @@ struct LinkLayerTest : public test::LlarpTest< llarp::sodium::CryptoLibSodium >
        return false;
      if(!link->Configure(loop, localLoopBack(), AF_INET, port))
        return false;
-      if(!link->GenEphemeralKeys())
+      // if(!link->GenEphemeralKeys()) TODO: reimplement GenEphemeralKeys
        return false;
      rc.addrs.emplace_back();
      if(!link->GetOurAddressInfo(rc.addrs[0]))
@ -188,6 +188,9 @@ TEST_F(LinkLayerTest, TestIWP)
 #ifdef WIN32
    GTEST_SKIP();
 #else
+    /*
+     * TODO: use KeyManager
+     *
    auto sendDiscardMessage = [](ILinkSession* s, auto callback) -> bool {
    // send discard message in reply to complete unit test
      std::vector< byte_t> tmp(32);
@ -291,5 +294,7 @@ TEST_F(LinkLayerTest, TestIWP)
  ASSERT_TRUE(Alice.IsGucci());
  ASSERT_TRUE(Bob.IsGucci());
  ASSERT_TRUE(success);
+  */
+    ASSERT_TRUE(false); // FIXME, see above
 #endif
 };