mirror of
https://github.com/oxen-io/lokinet.git
synced 2024-11-19 09:25:28 +00:00
860c5efd47
The reason things weren't working here is because libsodium does something completely unintuitive and called the seed the "secret key" when it isn't, it's the seed. This adds a new PrivateKey class (alongside the existing SecretKey and PubKey) that holds just a private key value but no seed -- which we need to do because there is no way we can get a seed after calculating a derived keypair. With these changes, we now generate exactly the same keys and subkeys as Tor (and a new test case uses values generated in Tor to verify this). This is incomplete -- the subkey signing code is still not implemented; it has to be adapted to create a signature from a PrivateKey rather than a SecretKey which will probably requiring working around/reimplementing some of what libsodium does for creating a signature since it expects "secret keys" i.e. the seed.
67 lines
1.6 KiB
C++
67 lines
1.6 KiB
C++
#ifndef LLARP_SERVICE_IDENTITY_HPP
|
|
#define LLARP_SERVICE_IDENTITY_HPP
|
|
|
|
#include <config/key_manager.hpp>
|
|
#include <constants/proto.hpp>
|
|
#include <crypto/types.hpp>
|
|
#include <memory>
|
|
#include <service/info.hpp>
|
|
#include <service/intro_set.hpp>
|
|
#include <service/vanity.hpp>
|
|
#include <util/buffer.hpp>
|
|
|
|
#include <tuple>
|
|
|
|
namespace llarp
|
|
{
|
|
namespace service
|
|
{
|
|
// private keys
|
|
struct Identity
|
|
{
|
|
SecretKey enckey;
|
|
SecretKey signkey;
|
|
PrivateKey derivedSignKey;
|
|
PQKeyPair pq;
|
|
uint64_t version = LLARP_PROTO_VERSION;
|
|
VanityNonce vanity;
|
|
|
|
// public service info
|
|
ServiceInfo pub;
|
|
|
|
// regenerate secret keys
|
|
void
|
|
RegenerateKeys();
|
|
|
|
bool
|
|
BEncode(llarp_buffer_t* buf) const;
|
|
|
|
/// @param needBackup determines whether existing keys will be cycled
|
|
bool
|
|
EnsureKeys(const std::string& fpath, bool needBackup);
|
|
|
|
bool
|
|
KeyExchange(path_dh_func dh, SharedSecret& sharedkey,
|
|
const ServiceInfo& other, const KeyExchangeNonce& N) const;
|
|
|
|
bool
|
|
DecodeKey(const llarp_buffer_t& key, llarp_buffer_t* buf);
|
|
|
|
absl::optional< EncryptedIntroSet >
|
|
EncryptAndSignIntroSet(const IntroSet& i, llarp_time_t now) const;
|
|
|
|
bool
|
|
Sign(Signature& sig, const llarp_buffer_t& buf) const;
|
|
};
|
|
|
|
inline bool
|
|
operator==(const Identity& lhs, const Identity& rhs)
|
|
{
|
|
return std::tie(lhs.enckey, lhs.signkey, lhs.pq, lhs.version, lhs.vanity)
|
|
== std::tie(rhs.enckey, rhs.signkey, rhs.pq, rhs.version, rhs.vanity);
|
|
}
|
|
} // namespace service
|
|
} // namespace llarp
|
|
|
|
#endif
|