Archives
/
lokinet
mirror of https://github.com/oxen-io/lokinet
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ubuntu/noble
ubuntu/mantic
quic-wip
dev
dev-next
opensuse/tumbleweed
ubuntu/lunar
ubuntu/kinetic
ubuntu/jammy
ubuntu/focal
ubuntu/bionic
debian/buster
debian/bullseye
debian/bookworm
debian/sid
fedora/36
fedora/37
stable
makepkg
fedora/35
ubuntu/impish
fedora/34
centos/8
ubuntu/hirsute
ubuntu/groovy
v0.9.11
v0.9.10
v0.9.9
v0.9.8
v0.9.7
v0.9.6
v0.9.5
v0.9.4
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.5
v0.8.4
v0.8.3
v0.8.2
v0.8.1
v0.8.1-rc3
v0.8.1-rc2
v0.8.1-rc1
v0.7.1
v0.7.0
v0.7.0-rc3
v0.7.0-rc2
v0.7.0-rc1
v0.6.4
v0.6.2
v0.6.1
v0.6.0
v0.6.0-rc2
v0.6.0-rc1
v0.5.2
v0.5.0
v0.4.2½
v0.4.2
v0.4.1
v0.4.0-release
0.4.0-release
v0.4.0
v0.4.0-rc3
v0.4.0-rc2
v0.3.1
0.3.0-neuro1
v0.2.3-rc1
v0.2.2
v0.2.1
v0.1.0
v0.0.3
0.2.3-neuro0
0.6.1
rm
v0.0.1
v0.0.2
v0.3.0
v0.4.3
v0.5.1
v0.6.3
v0.7
v0.8.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a4bd7806b3'
${ noResults }
lokinet/llarp/service/identity.cpp

192 lines
4.3 KiB
C++
Raw Blame History

#include "identity.hpp"
#include <llarp/crypto/crypto.hpp>
namespace llarp::service
{
std::string
Identity::bt_encode() const
{
oxenc::bt_dict_producer btdp;
btdp.append("s", signkey.ToView());
btdp.append("v", version);
return std::move(btdp).str();
}
void
Identity::bt_decode(std::string buf)
{
try
{
oxenc::bt_dict_consumer btdc{buf};
signkey.from_string(btdc.require<std::string>("s"));
version = btdc.require<uint64_t>("v");
}
catch (...)
{
log::warning(logcat, "Identity failed to parse bt-encoded contents!");
throw;
}
}
bool
Identity::decode_key(const llarp_buffer_t& key, llarp_buffer_t* buf)
{
bool read = false;
if (!BEncodeMaybeReadDictEntry("s", signkey, read, key, buf))
return false;
if (!BEncodeMaybeReadDictInt("v", version, read, key, buf))
return false;
if (not read)
return bencode_discard(buf);
return true;
}
void
Identity::Clear()
{
signkey.Zero();
enckey.Zero();
pq.Zero();
derivedSignKey.Zero();
vanity.Zero();
}
void
Identity::RegenerateKeys()
{
crypto::identity_keygen(signkey);
crypto::encryption_keygen(enckey);
pub.Update(seckey_to_pubkey(signkey), seckey_to_pubkey(enckey));
crypto::pqe_keygen(pq);
if (not crypto::derive_subkey_private(derivedSignKey, signkey, 1))
{
throw std::runtime_error("failed to derive subkey");
}
}
bool
Identity::KeyExchange(
path_dh_func dh,
SharedSecret& result,
const ServiceInfo& other,
const KeyExchangeNonce& N) const
{
return dh(result, other.EncryptionPublicKey(), enckey, N);
}
bool
Identity::Sign(Signature& sig, uint8_t* buf, size_t size) const
{
return crypto::sign(sig, signkey, buf, size);
}
void
Identity::EnsureKeys(fs::path fname, bool needBackup)
{
// make sure we are empty
Clear();
std::string buf;
// this can throw
bool exists = fs::exists(fname);
if (exists and needBackup)
{
KeyManager::copy_backup_keyfile(fname);
exists = false;
}
// check for file
if (!exists)
{
// regen and encode
RegenerateKeys();
buf = bt_encode();
// write
try
{
util::buffer_to_file(fname, buf.data(), buf.size());
}
catch (const std::exception& e)
{
throw std::runtime_error{fmt::format("failed to write {}: {}", fname, e.what())};
}
return;
}
if (not fs::is_regular_file(fname))
{
throw std::invalid_argument{fmt::format("{} is not a regular file", fname)};
}
// read file
try
{
util::file_to_buffer(fname, buf.data(), buf.size());
}
catch (const std::length_error&)
{
throw std::length_error{"service identity too big"};
}
// (don't catch io error exceptions)
bt_decode(buf);
// ensure that the encryption key is set
if (enckey.IsZero())
crypto::encryption_keygen(enckey);
// also ensure the ntru key is set
if (pq.IsZero())
crypto::pqe_keygen(pq);
std::optional<VanityNonce> van;
if (!vanity.IsZero())
van = vanity;
// update pubkeys
pub.Update(seckey_to_pubkey(signkey), seckey_to_pubkey(enckey), van);
if (not crypto::derive_subkey_private(derivedSignKey, signkey, 1))
{
throw std::runtime_error("failed to derive subkey");
}
}
std::optional<EncryptedIntroSet>
Identity::encrypt_and_sign_introset(const IntroSet& other_i, llarp_time_t now) const
{
EncryptedIntroSet encrypted;
if (other_i.intros.empty())
return std::nullopt;
IntroSet i{other_i};
encrypted.nonce.Randomize();
// set timestamp
// TODO: round to nearest 1000 ms
i.time_signed = now;
encrypted.signedAt = now;
// set service info
i.address_keys = pub;
// set public encryption key
i.sntru_pubkey = pq_keypair_to_pubkey(pq);
auto bte = i.bt_encode();
const SharedSecret k{i.address_keys.Addr()};
crypto::xchacha20(reinterpret_cast<uint8_t*>(bte.data()), bte.size(), k, encrypted.nonce);
std::memcpy(encrypted.introsetPayload.data(), bte.data(), bte.size());
if (not encrypted.Sign(derivedSignKey))
return std::nullopt;
return encrypted;
}
} // namespace llarp::service
Reference in New Issue View Git Blame Copy Permalink