Archives
/
lokinet
mirror of https://github.com/oxen-io/lokinet
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ubuntu/noble
ubuntu/mantic
quic-wip
dev
dev-next
opensuse/tumbleweed
ubuntu/lunar
ubuntu/kinetic
ubuntu/jammy
ubuntu/focal
ubuntu/bionic
debian/buster
debian/bullseye
debian/bookworm
debian/sid
fedora/36
fedora/37
stable
makepkg
fedora/35
ubuntu/impish
fedora/34
centos/8
ubuntu/hirsute
ubuntu/groovy
v0.9.11
v0.9.10
v0.9.9
v0.9.8
v0.9.7
v0.9.6
v0.9.5
v0.9.4
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.5
v0.8.4
v0.8.3
v0.8.2
v0.8.1
v0.8.1-rc3
v0.8.1-rc2
v0.8.1-rc1
v0.7.1
v0.7.0
v0.7.0-rc3
v0.7.0-rc2
v0.7.0-rc1
v0.6.4
v0.6.2
v0.6.1
v0.6.0
v0.6.0-rc2
v0.6.0-rc1
v0.5.2
v0.5.0
v0.4.2½
v0.4.2
v0.4.1
v0.4.0-release
0.4.0-release
v0.4.0
v0.4.0-rc3
v0.4.0-rc2
v0.3.1
0.3.0-neuro1
v0.2.3-rc1
v0.2.2
v0.2.1
v0.1.0
v0.0.3
0.2.3-neuro0
0.6.1
rm
v0.0.1
v0.0.2
v0.3.0
v0.4.3
v0.5.1
v0.6.3
v0.7
v0.8.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ebd2142114'
${ noResults }
lokinet/llarp/service/identity.cpp

189 lines
5.1 KiB
C++
Raw Blame History

#include <service/identity.hpp>
#include <crypto/crypto.hpp>
#include <util/fs.hpp>
#include <sodium/crypto_sign_ed25519.h>
namespace llarp
{
namespace service
{
bool
Identity::BEncode(llarp_buffer_t* buf) const
{
if (!bencode_start_dict(buf))
return false;
if (!BEncodeWriteDictEntry("e", enckey, buf))
return false;
if (!BEncodeWriteDictEntry("q", pq, buf))
return false;
if (!BEncodeWriteDictEntry("s", signkey, buf))
return false;
if (!BEncodeWriteDictInt("v", version, buf))
return false;
if (!BEncodeWriteDictEntry("x", vanity, buf))
return false;
return bencode_end(buf);
}
bool
Identity::DecodeKey(const llarp_buffer_t& key, llarp_buffer_t* buf)
{
bool read = false;
if (!BEncodeMaybeReadDictEntry("e", enckey, read, key, buf))
return false;
if (key == "q")
{
llarp_buffer_t str;
if (!bencode_read_string(buf, &str))
return false;
if (str.sz == 3200 || str.sz == 2818)
{
pq = str.base;
return true;
}
return false;
}
if (!BEncodeMaybeReadDictEntry("s", signkey, read, key, buf))
return false;
if (!BEncodeMaybeReadDictInt("v", version, read, key, buf))
return false;
if (!BEncodeMaybeReadDictEntry("x", vanity, read, key, buf))
return false;
return read;
}
void
Identity::RegenerateKeys()
{
auto crypto = CryptoManager::instance();
crypto->identity_keygen(signkey);
crypto->encryption_keygen(enckey);
pub.Update(seckey_topublic(signkey), seckey_topublic(enckey));
crypto->pqe_keygen(pq);
if (not crypto->derive_subkey_private(derivedSignKey, signkey, 1))
{
LogError("failed to generate derived key");
}
}
bool
Identity::KeyExchange(
path_dh_func dh,
SharedSecret& result,
const ServiceInfo& other,
const KeyExchangeNonce& N) const
{
return dh(result, other.EncryptionPublicKey(), enckey, N);
}
bool
Identity::Sign(Signature& sig, const llarp_buffer_t& buf) const
{
return CryptoManager::instance()->sign(sig, signkey, buf);
}
bool
Identity::EnsureKeys(const std::string& fname, bool needBackup)
{
std::array<byte_t, 4096> tmp;
llarp_buffer_t buf(tmp);
std::error_code ec;
bool exists = fs::exists(fname, ec);
if (ec)
{
LogError("Could not query file status for ", fname, ": ", ec.message());
return false;
}
if (exists and needBackup)
{
KeyManager::backupFileByMoving(fname);
exists = false;
}
// check for file
if (!exists)
{
// regen and encode
RegenerateKeys();
if (!BEncode(&buf))
return false;
// rewind
buf.sz = buf.cur - buf.base;
buf.cur = buf.base;
// write
auto optional_f = util::OpenFileStream<std::ofstream>(fname, std::ios::binary);
if (!optional_f)
return false;
auto& f = *optional_f;
if (!f.is_open())
return false;
f.write((char*)buf.cur, buf.sz);
}
if (!fs::is_regular_file(fname))
{
LogError("keyfile ", fname, " is not a regular file");
return false;
}
// read file
std::ifstream inf(fname, std::ios::binary);
inf.seekg(0, std::ios::end);
size_t sz = inf.tellg();
inf.seekg(0, std::ios::beg);
if (sz > sizeof(tmp))
return false;
// decode
inf.read((char*)buf.base, sz);
if (!bencode_decode_dict(*this, &buf))
return false;
std::optional<VanityNonce> van;
if (!vanity.IsZero())
van = vanity;
// update pubkeys
pub.Update(seckey_topublic(signkey), seckey_topublic(enckey), van);
auto crypto = CryptoManager::instance();
return crypto->derive_subkey_private(derivedSignKey, signkey, 1);
}
std::optional<EncryptedIntroSet>
Identity::EncryptAndSignIntroSet(const IntroSet& other_i, llarp_time_t now) const
{
EncryptedIntroSet encrypted;
if (other_i.I.size() == 0)
return {};
IntroSet i(other_i);
encrypted.nounce.Randomize();
// set timestamp
// TODO: round to nearest 1000 ms
i.T = now;
encrypted.signedAt = now;
// set service info
i.A = pub;
// set public encryption key
i.K = pq_keypair_to_public(pq);
std::array<byte_t, MAX_INTROSET_SIZE> tmp;
llarp_buffer_t buf(tmp);
if (not i.BEncode(&buf))
return {};
// rewind and resize buffer
buf.sz = buf.cur - buf.base;
buf.cur = buf.base;
const SharedSecret k(i.A.Addr());
CryptoManager::instance()->xchacha20(buf, k, encrypted.nounce);
encrypted.introsetPayload.resize(buf.sz);
std::copy_n(buf.base, buf.sz, encrypted.introsetPayload.data());
if (not encrypted.Sign(derivedSignKey))
return {};
return encrypted;
}
} // namespace service
} // namespace llarp
Reference in New Issue View Git Blame Copy Permalink