|
|
|
@ -21,8 +21,7 @@ curl_RecvIdentKey(char *ptr, size_t, size_t nmemb, void *userdata)
|
|
|
|
|
|
|
|
|
|
namespace llarp
|
|
|
|
|
{
|
|
|
|
|
KeyManager::KeyManager()
|
|
|
|
|
: m_initialized(false)
|
|
|
|
|
KeyManager::KeyManager() : m_initialized(false), m_needBackup(false)
|
|
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
@ -42,7 +41,6 @@ namespace llarp
|
|
|
|
|
m_lokidRPCUser = config.lokid.lokidRPCUser;
|
|
|
|
|
m_lokidRPCPassword = config.lokid.lokidRPCPassword;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
RouterContact rc;
|
|
|
|
|
bool exists = rc.Read(m_rcPath.c_str());
|
|
|
|
|
if(not exists and not genIfAbsent)
|
|
|
|
@ -51,10 +49,14 @@ namespace llarp
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// we need to back up keys if our self.signed doesn't appear to have a
|
|
|
|
|
// valid signature
|
|
|
|
|
m_needBackup = (not rc.VerifySignature());
|
|
|
|
|
|
|
|
|
|
// if our RC file can't be verified, assume it is out of date (e.g. uses
|
|
|
|
|
// older encryption) and needs to be regenerated. before doing so, backup
|
|
|
|
|
// files that will be overwritten
|
|
|
|
|
if (exists and not rc.VerifySignature())
|
|
|
|
|
if(exists and m_needBackup)
|
|
|
|
|
{
|
|
|
|
|
if(!genIfAbsent)
|
|
|
|
|
{
|
|
|
|
@ -68,7 +70,8 @@ namespace llarp
|
|
|
|
|
|
|
|
|
|
if(!backupKeyFilesByMoving())
|
|
|
|
|
{
|
|
|
|
|
LogError("Could not mv some key files, please ensure key files"
|
|
|
|
|
LogError(
|
|
|
|
|
"Could not mv some key files, please ensure key files"
|
|
|
|
|
" are backed up if needed and remove");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
@ -78,12 +81,11 @@ namespace llarp
|
|
|
|
|
if(not m_usingLokid)
|
|
|
|
|
{
|
|
|
|
|
// load identity key or create if needed
|
|
|
|
|
auto identityKeygen = [](llarp::SecretKey& key)
|
|
|
|
|
{
|
|
|
|
|
auto identityKeygen = [](llarp::SecretKey& key) {
|
|
|
|
|
// TODO: handle generating from service node seed
|
|
|
|
|
llarp::CryptoManager::instance()->identity_keygen(key);
|
|
|
|
|
};
|
|
|
|
|
if (not loadOrCreateKey(m_idKeyPath, m_idKey, identityKeygen))
|
|
|
|
|
if(not loadOrCreateKey(m_idKeyPath, identityKey, identityKeygen))
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
@ -93,46 +95,26 @@ namespace llarp
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// load encryption key
|
|
|
|
|
auto encryptionKeygen = [](llarp::SecretKey& key)
|
|
|
|
|
{
|
|
|
|
|
auto encryptionKeygen = [](llarp::SecretKey& key) {
|
|
|
|
|
llarp::CryptoManager::instance()->encryption_keygen(key);
|
|
|
|
|
};
|
|
|
|
|
if (not loadOrCreateKey(m_encKeyPath, m_encKey, encryptionKeygen))
|
|
|
|
|
if(not loadOrCreateKey(m_encKeyPath, encryptionKey, encryptionKeygen))
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
// TODO: transport key (currently done in LinkLayer)
|
|
|
|
|
auto transportKeygen = [](llarp::SecretKey& key)
|
|
|
|
|
{
|
|
|
|
|
auto transportKeygen = [](llarp::SecretKey& key) {
|
|
|
|
|
key.Zero();
|
|
|
|
|
CryptoManager::instance()->encryption_keygen(key);
|
|
|
|
|
};
|
|
|
|
|
if (not loadOrCreateKey(m_transportKeyPath, m_transportKey, transportKeygen))
|
|
|
|
|
if(not loadOrCreateKey(m_transportKeyPath, transportKey, transportKeygen))
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
m_initialized = true;
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const llarp::SecretKey&
|
|
|
|
|
KeyManager::getIdentityKey() const
|
|
|
|
|
{
|
|
|
|
|
return m_idKey;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const llarp::SecretKey&
|
|
|
|
|
KeyManager::getEncryptionKey() const
|
|
|
|
|
{
|
|
|
|
|
return m_encKey;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const llarp::SecretKey&
|
|
|
|
|
KeyManager::getTransportKey() const
|
|
|
|
|
{
|
|
|
|
|
return m_transportKey;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool
|
|
|
|
|
KeyManager::backupKeyFilesByMoving() const
|
|
|
|
|
KeyManager::backupFileByMoving(const std::string& filepath)
|
|
|
|
|
{
|
|
|
|
|
auto findFreeBackupFilename = [](const fs::path& filepath) {
|
|
|
|
|
for(int i = 0; i < 9; i++)
|
|
|
|
@ -147,27 +129,19 @@ namespace llarp
|
|
|
|
|
return fs::path();
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
std::vector<std::string> files = {
|
|
|
|
|
m_rcPath,
|
|
|
|
|
m_idKeyPath,
|
|
|
|
|
m_encKeyPath,
|
|
|
|
|
m_transportKeyPath
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
for (auto& filepath : files)
|
|
|
|
|
{
|
|
|
|
|
std::error_code ec;
|
|
|
|
|
bool exists = fs::exists(filepath, ec);
|
|
|
|
|
if(ec)
|
|
|
|
|
{
|
|
|
|
|
LogError("Could not determine status of file ", filepath, ": ", ec.message());
|
|
|
|
|
LogError("Could not determine status of file ", filepath, ": ",
|
|
|
|
|
ec.message());
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(not exists)
|
|
|
|
|
{
|
|
|
|
|
LogInfo("File ", filepath, " doesn't exist; no backup needed");
|
|
|
|
|
continue;
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fs::path newFilepath = findFreeBackupFilename(filepath);
|
|
|
|
@ -177,13 +151,29 @@ namespace llarp
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
LogInfo("Backing up (moving) key file ", filepath, " to ", newFilepath, "...");
|
|
|
|
|
LogInfo("Backing up (moving) key file ", filepath, " to ", newFilepath,
|
|
|
|
|
"...");
|
|
|
|
|
|
|
|
|
|
fs::rename(filepath, newFilepath, ec);
|
|
|
|
|
if (ec) {
|
|
|
|
|
if(ec)
|
|
|
|
|
{
|
|
|
|
|
LogError("Failed to move key file ", ec.message());
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool
|
|
|
|
|
KeyManager::backupKeyFilesByMoving() const
|
|
|
|
|
{
|
|
|
|
|
std::vector< std::string > files = {m_rcPath, m_idKeyPath, m_encKeyPath,
|
|
|
|
|
m_transportKeyPath};
|
|
|
|
|
|
|
|
|
|
for(auto& filepath : files)
|
|
|
|
|
{
|
|
|
|
|
if(not backupFileByMoving(filepath))
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
@ -191,8 +181,7 @@ namespace llarp
|
|
|
|
|
|
|
|
|
|
bool
|
|
|
|
|
KeyManager::loadOrCreateKey(
|
|
|
|
|
const std::string& filepath,
|
|
|
|
|
llarp::SecretKey& key,
|
|
|
|
|
const std::string& filepath, llarp::SecretKey& key,
|
|
|
|
|
std::function< void(llarp::SecretKey& key) > keygen)
|
|
|
|
|
{
|
|
|
|
|
fs::path path(filepath);
|
|
|
|
@ -266,7 +255,7 @@ namespace llarp
|
|
|
|
|
continue;
|
|
|
|
|
const auto k =
|
|
|
|
|
(*itr)["service_node_ed25519_privkey"].get< std::string >();
|
|
|
|
|
if(k.size() != (m_idKey.size() * 2))
|
|
|
|
|
if(k.size() != (identityKey.size() * 2))
|
|
|
|
|
{
|
|
|
|
|
if(k.empty())
|
|
|
|
|
{
|
|
|
|
@ -278,9 +267,9 @@ namespace llarp
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
if(not HexDecode(k.c_str(), m_idKey.data(), m_idKey.size()))
|
|
|
|
|
if(not HexDecode(k.c_str(), identityKey.data(), identityKey.size()))
|
|
|
|
|
continue;
|
|
|
|
|
if(CryptoManager::instance()->check_identity_privkey(m_idKey))
|
|
|
|
|
if(CryptoManager::instance()->check_identity_privkey(identityKey))
|
|
|
|
|
{
|
|
|
|
|
ret = true;
|
|
|
|
|
}
|
|
|
|
@ -300,7 +289,8 @@ namespace llarp
|
|
|
|
|
}
|
|
|
|
|
if(ret)
|
|
|
|
|
{
|
|
|
|
|
LogInfo("Got Identity Keys from lokid: ", RouterID(seckey_topublic(m_idKey)));
|
|
|
|
|
LogInfo("Got Identity Keys from lokid: ",
|
|
|
|
|
RouterID(seckey_topublic(identityKey)));
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|