69 lines
1.5 KiB
C++
69 lines
1.5 KiB
C++
|
#include "signing_key.h"
|
||
|
|
||
|
#include "json.hpp"
|
||
|
|
||
|
#include "sodium_helpers.h"
|
||
|
|
||
|
namespace BareMinimumCrypto {
|
||
|
using nlohmann::json;
|
||
|
|
||
|
SigningKey::SigningKey () {
|
||
|
try_sodium_init ();
|
||
|
|
||
|
pk.resize (crypto_sign_PUBLICKEYBYTES);
|
||
|
sk.resize (crypto_sign_SECRETKEYBYTES);
|
||
|
|
||
|
crypto_sign_keypair (pk.data (), sk.data ());
|
||
|
}
|
||
|
|
||
|
vector <uint8_t> SigningKey::pubkey () const {
|
||
|
return pk;
|
||
|
}
|
||
|
|
||
|
vector <uint8_t> SigningKey::pub_to_msgpack () const {
|
||
|
const json j = {
|
||
|
{"key", json::binary (pk)},
|
||
|
};
|
||
|
return json::to_msgpack (j);
|
||
|
}
|
||
|
|
||
|
optional <ExpiringSignature> SigningKey::sign (
|
||
|
const vector <uint8_t> & payload,
|
||
|
TimeRange tr
|
||
|
) const {
|
||
|
try_sodium_init ();
|
||
|
|
||
|
if (tr.duration () > about_1_year) {
|
||
|
return nullopt;
|
||
|
}
|
||
|
|
||
|
const json j {
|
||
|
{"not_before", tr.not_before},
|
||
|
{"not_after", tr.not_after},
|
||
|
{"payload", json::binary (payload)},
|
||
|
};
|
||
|
|
||
|
const auto cert = json::to_msgpack (j);
|
||
|
|
||
|
vector <uint8_t> sig;
|
||
|
sig.resize (crypto_sign_BYTES);
|
||
|
|
||
|
crypto_sign_detached (sig.data (), nullptr, cert.data (), cert.size (), sk.data ());
|
||
|
|
||
|
return ExpiringSignature {
|
||
|
cert,
|
||
|
sig,
|
||
|
};
|
||
|
}
|
||
|
|
||
|
optional <ExpiringSignature> SigningKey::sign_key (const SigningKey & k, Instant now) const
|
||
|
{
|
||
|
return sign (k.pub_to_msgpack (), TimeRange::from_start_and_dur (now, about_3_months));
|
||
|
}
|
||
|
|
||
|
optional <ExpiringSignature> SigningKey::sign_data (const vector <uint8_t> & v, Instant now) const
|
||
|
{
|
||
|
return sign (v, TimeRange::from_start_and_dur (now, about_1_week));
|
||
|
}
|
||
|
}
|