Reorganize priv key file loading a bit and hook KeyManager into Router

5 years ago · e8e2e21fa2
parent 7084dae79a
commit e8e2e21fa2
5 changed files with 124 additions and 29 deletions
--- a/llarp/config/key_manager.cpp
+++ b/llarp/config/key_manager.cpp
@ -1,20 +1,28 @@
 #include <config/key_manager.hpp>

+#include <system_error>
 #include <util/logging/logger.hpp>
+#include "config/config.hpp"
+#include "crypto/crypto.hpp"
+#include "crypto/types.hpp"

 namespace llarp
 {
-  KeyManager::KeyManager(const llarp::Config& config)
-    : m_rcPath(config.router.ourRcFile())
-    , m_idKeyPath(config.router.identKeyfile())
-    , m_encKeyPath(config.router.encryptionKeyfile())
-    , m_transportKeyPath(config.router.transportKeyfile())
+  KeyManager::KeyManager()
+    : m_initialized(false)
  {
  }

  bool
-  KeyManager::initializeFromDisk(bool genIfAbsent)
+  KeyManager::initializeFromDisk(const llarp::Config& config, bool genIfAbsent)
  {
+    if (m_initialized)
+      return false;
+
+    m_rcPath = config.router.ourRcFile();
+    m_idKeyPath = config.router.identKeyfile();
+    m_encKeyPath = config.router.encryptionKeyfile();
+    m_transportKeyPath = config.router.transportKeyfile();

    RouterContact rc;
    if (!rc.Read(m_rcPath.c_str()))
@ -36,36 +44,70 @@ namespace llarp
          return false;
        }

-        // TODO: generate files
+
+        // load identity key or create if needed
+        auto identityKeygen = [](llarp::SecretKey& key)
+        {
+          // TODO: handle generating from service node seed
+          llarp::CryptoManager::instance()->identity_keygen(key);
+        };
+        if (not loadOrCreateKey(m_idKeyPath, m_idKey, identityKeygen))
+          return false;
+
+        // load encryption key
+        auto encryptionKeygen = [](llarp::SecretKey& key)
+        {
+          llarp::CryptoManager::instance()->encryption_keygen(key);
+        };
+        if (not loadOrCreateKey(m_encKeyPath, m_encKey, encryptionKeygen))
+          return false;
+
+        // TODO: transport key (currently done in LinkLayer)
+
      }
    }

-    // TODO: load files
-
+    m_initialized = true;
    return true;
  }

  bool
  KeyManager::getIdentityKey(llarp::SecretKey &key) const
  {
+    if (! m_initialized)
+      return false;
+
+    key = m_idKey;
    return true;
  }

  bool
  KeyManager::getEncryptionKey(llarp::SecretKey &key) const
  {
+    if (! m_initialized)
+      return false;
+
+    key = m_encKey;
    return true;
  }

  bool
  KeyManager::getTransportKey(llarp::SecretKey &key) const
  {
+    if (! m_initialized)
+      return false;
+
+    key = m_transportKey;
    return true;
  }

  bool
  KeyManager::getRouterContact(llarp::RouterContact& rc) const
  {
+    if (! m_initialized)
+      return false;
+
+    rc = m_rc;
    return true;
  }

@ -110,6 +152,37 @@ namespace llarp
        return false;
      }
    }
+
+    return true;
+  }
+
+  bool
+  KeyManager::loadOrCreateKey(
+      const std::string& filepath,
+      llarp::SecretKey key,
+      std::function<void(llarp::SecretKey&  key)> keygen)
+  {
+    fs::path path(filepath);
+    std::error_code ec;
+    if (! fs::exists(path, ec))
+    {
+      if (ec)
+      {
+        LogError("Error checking key", filepath, ec.message());
+        return false;
+      }
+
+      LogInfo("Generating new key", filepath);
+      keygen(key);
+
+      if (! key.SaveToFile(filepath.c_str()))
+      {
+        LogError("Failed to save new key");
+        return false;
+      }
+    }
+
+    return key.LoadFromFile(filepath.c_str());
  }

 }  // namespace llarp
--- a/llarp/config/key_manager.hpp
+++ b/llarp/config/key_manager.hpp
@ -1,6 +1,7 @@
 #ifndef LLARP_KEY_MANAGER_HPP
 #define LLARP_KEY_MANAGER_HPP

+#include <atomic>
 #include <config/config.hpp>
 #include <crypto/types.hpp>
 #include <router_contact.hpp>
@ -21,20 +22,19 @@ namespace llarp
  struct KeyManager {

    /// Constructor
-    ///
-    /// @param config should be a prepared config object
-    KeyManager(const llarp::Config& config);
+    KeyManager();

    /// Initializes from disk. This reads enough from disk to understand the current
    /// state of the stored keys.
    ///
    /// NOTE: Must be called prior to obtaining any keys.
    ///
+    /// @param config should be a prepared config object
    /// @param genIfAbsent determines whether or not we will create files if they
    ///        do not exist.
    /// @return true on success, false otherwise
    bool
-    initializeFromDisk(bool genIfAbsent);
+    initializeFromDisk(const llarp::Config& config, bool genIfAbsent);

    /// Obtain the identity key (e.g. ~/.lokinet/identity.private)
    ///
@ -70,10 +70,25 @@ namespace llarp
    std::string m_idKeyPath;
    std::string m_encKeyPath;
    std::string m_transportKeyPath;
+    std::atomic_bool m_initialized;
+
+    llarp::RouterContact m_rc;
+    llarp::SecretKey m_idKey;
+    llarp::SecretKey m_encKey;
+    llarp::SecretKey m_transportKey;

    /// Backup each key file (by copying, e.g. foo -> foo.bak)
    bool
    backupKeyFilesByMoving() const;
+
+    /// Load the key at a given filepath or create it
+    ///
+    /// @param keygen is a function that will generate the key if needed
+    static bool
+    loadOrCreateKey(
+        const std::string& filepath,
+        llarp::SecretKey key,
+        std::function<void(llarp::SecretKey& key)> keygen);
  };

 }  // namespace llarp
--- a/llarp/router/router.cpp
+++ b/llarp/router/router.cpp
@ -229,18 +229,21 @@ namespace llarp
  bool
  Router::EnsureIdentity()
  {
-    if(!EnsureEncryptionKey())
+
+    // TODO: handle loading SN identity instead
+    if (not m_keyManager.getIdentityKey(_identity))
      return false;
-    if(usingSNSeed)
-      return llarp_loadServiceNodeIdentityKey(ident_keyfile, _identity);

-    return llarp_findOrCreateIdentity(ident_keyfile, _identity);
-  }
+    if (not m_keyManager.getEncryptionKey(_encryption))
+      return false;

-  bool
-  Router::EnsureEncryptionKey()
-  {
-    return llarp_findOrCreateEncryption(encryption_keyfile, _encryption);
+    if(usingSNSeed)
+    {
+      LogError("FIXME: load identity key from SNode seed");
+      return false;
+    }
+
+    return true;
  }

  bool
@ -259,6 +262,10 @@ namespace llarp

    if(!InitOutboundLinks())
      return false;
+
+    if (not m_keyManager.initializeFromDisk(*conf, true))
+      return false;
+
    return EnsureIdentity();
  }

--- a/llarp/router/router.hpp
+++ b/llarp/router/router.hpp
@ -3,6 +3,7 @@

 #include <router/abstractrouter.hpp>

+#include <config/key_manager.hpp>
 #include <constants/link_layer.hpp>
 #include <crypto/types.hpp>
 #include <ev/ev.h>
@ -45,13 +46,6 @@ namespace llarp
  struct Config;
 }  // namespace llarp

-bool
-llarp_findOrCreateEncryption(const fs::path &fpath,
-                             llarp::SecretKey &encryption);
-
-bool
-llarp_findOrCreateIdentity(const fs::path &path, llarp::SecretKey &secretkey);
-
 bool
 llarp_loadServiceNodeIdentityKey(const fs::path &fpath,
                                 llarp::SecretKey &secretkey);
@ -470,6 +464,8 @@ namespace llarp

    llarp_time_t m_LastStatsReport = 0;

+    llarp::KeyManager m_keyManager;
+
    bool
    ShouldReportStats(llarp_time_t now) const;

--- a/test/test_llarp_router.cpp
+++ b/test/test_llarp_router.cpp
@ -13,6 +13,9 @@
 using namespace ::llarp;
 using namespace ::testing;

+/*
+ * TODO: reimplement
+ *
 using FindOrCreateFunc = std::function< bool(const fs::path &, SecretKey &) >;

 struct FindOrCreate : public test::LlarpTest<>,
@ -89,3 +92,4 @@ FindOrCreateFunc findOrCreateFunc[] = {llarp_findOrCreateEncryption,

 INSTANTIATE_TEST_CASE_P(TestRouter, FindOrCreate,
                        ::testing::ValuesIn(findOrCreateFunc), );
+*/