Merge pull request #1080 from majestrate/fix-kdf-2020-02-03

don't derive x25519 key from ed25519 key

llarp/service/identity.cpp

@@ -59,8 +59,8 @@ namespace llarp
     {
       auto crypto = CryptoManager::instance();
       crypto->identity_keygen(signkey);
-      crypto_sign_ed25519_sk_to_curve25519(enckey.data(), signkey.data());
-      pub.Update(seckey_topublic(signkey));
+      crypto->encryption_keygen(enckey);
+      pub.Update(seckey_topublic(signkey), seckey_topublic(enckey));
       crypto->pqe_keygen(pq);
       if(not crypto->derive_subkey_private(derivedSignKey, signkey, 1))
       {
@@ -146,8 +146,7 @@ namespace llarp
       if(!vanity.IsZero())
         van = vanity;
       // update pubkeys
-      pub.Update(seckey_topublic(signkey), van);
-      crypto_sign_ed25519_sk_to_curve25519(enckey.data(), signkey.data());
+      pub.Update(seckey_topublic(signkey), seckey_topublic(enckey), van);
       auto crypto = CryptoManager::instance();
       return crypto->derive_subkey_private(derivedSignKey, signkey, 1);
     }

llarp/service/info.cpp

@@ -21,11 +21,11 @@ namespace llarp
     }
 
     bool
-    ServiceInfo::Update(const byte_t* pubkey, const OptNonce& nonce)
+    ServiceInfo::Update(const byte_t* sign, const byte_t* enc,
+                        const OptNonce& nonce)
     {
-      signkey = pubkey;
-      if(crypto_sign_ed25519_pk_to_curve25519(enckey.data(), pubkey) == -1)
-        return false;
+      signkey = sign;
+      enckey  = enc;
       if(nonce)
       {
         vanity = nonce.value();

llarp/service/info.hpp

@@ -45,7 +45,8 @@ namespace llarp
       }
 
       bool
-      Update(const byte_t* pubkey, const OptNonce& nonce = OptNonce());
+      Update(const byte_t* sign, const byte_t* enc,
+             const OptNonce& nonce = OptNonce());
 
       bool
       operator==(const ServiceInfo& other) const

test/service/test_llarp_service_identity.cpp

@@ -22,31 +22,6 @@ struct HiddenServiceTest : public test::LlarpTest<>
   service::Identity ident;
 };
 
-TEST_F(HiddenServiceTest, TestGenerateIntroSet)
-{
-  service::Address addr;
-  ASSERT_TRUE(ident.pub.CalculateAddress(addr.as_array()));
-  service::IntroSet I;
-  auto now = time_now_ms();
-  I.T      = now;
-  while(I.I.size() < 10)
-  {
-    service::Introduction intro;
-    intro.expiresAt = now + (path::default_lifetime / 2);
-    intro.router.Randomize();
-    intro.pathID.Randomize();
-    I.I.emplace_back(std::move(intro));
-  }
-
-  using ::testing::Matcher;
-  EXPECT_CALL(m_crypto, sign(I.Z, Matcher<const SecretKey &>(_), _)).WillOnce(Return(true));
-  EXPECT_CALL(m_crypto, verify(_, _, I.Z)).WillOnce(Return(true));
-  EXPECT_CALL(m_crypto, xchacha20(_, _, _)).WillOnce(Return(true));
-  const auto maybe = ident.EncryptAndSignIntroSet(I, now);
-  ASSERT_TRUE(maybe.has_value());
-  ASSERT_TRUE(maybe->Verify(now));
-}
-
 TEST_F(HiddenServiceTest, TestAddressToFromString)
 {
   auto str = ident.pub.Addr().ToString();
@@ -81,6 +56,9 @@ TEST_F(ServiceIdentityTest, EnsureKeys)
   EXPECT_CALL(m_crypto, derive_subkey_private(_, _, _, _))
       .WillRepeatedly(Return(true));
 
+  EXPECT_CALL(m_crypto, encryption_keygen(_))
+      .WillOnce(WithArg< 0 >(FillArg< SecretKey >(0x01)));
+
   EXPECT_CALL(m_crypto, identity_keygen(_))
       .WillOnce(WithArg< 0 >(FillArg< SecretKey >(0x02)));