ptth/bare_minimum_crypto/cpp/bmc_main.cpp

107 lines
2.8 KiB
C++
Raw Normal View History

2021-01-17 15:11:21 +00:00
#include <chrono>
#include <iostream>
2021-01-17 15:11:21 +00:00
#include <optional>
#include <stdint.h>
#include <string>
#include <vector>
#include "cxxopts.hpp"
2021-01-17 15:11:21 +00:00
#include "json.hpp"
#include "expiring_signature.h"
#include "receiver.h"
2021-01-18 22:57:33 +00:00
#include "sender.h"
#include "signing_key.h"
#include "sodium_helpers.h"
#include "string_helpers.h"
2021-01-17 21:45:59 +00:00
#include "time_helpers.h"
using namespace std;
2021-01-17 15:11:21 +00:00
using nlohmann::json;
using namespace BareMinimumCrypto;
int test () {
if (test_base64 () != 0) {
return 1;
}
// We generate a root key and keep it somewhere safe
// (offline, hopefully)
2021-01-17 15:11:21 +00:00
SigningKey root_key;
cerr << "Root pub key " << base64_encode (root_key.pubkey ()) << endl;
2021-01-17 15:11:21 +00:00
2021-01-17 21:53:04 +00:00
if (test_time () != 0) {
2021-01-17 15:11:21 +00:00
return 1;
}
const auto now = Instant::now ();
2021-01-18 22:57:33 +00:00
// The sender generates a key
SigningKey sender_key;
cerr << "Sender key " << base64_encode (sender_key.pubkey ()) << endl;
2021-01-17 15:11:21 +00:00
2021-01-18 22:57:33 +00:00
// The root signs the sender key
const ExpiringSignature sender_cert = std::move (*root_key.sign_key (sender_key, now));
2021-01-17 15:11:21 +00:00
2021-01-18 22:57:33 +00:00
const auto sender = std::move (*Sender::create (sender_key, sender_cert));
2021-01-17 15:11:21 +00:00
2021-01-18 22:57:33 +00:00
// The sender signs some important data
const auto important_data = copy_to_bytes ("Nikolai, Anna, Ivan, Mikhail, Ivan, Nikolai, Anna. 7 4 1 4 3 5 7 4");
const auto signed_data = std::move (*sender.sign (important_data));
2021-01-18 22:57:33 +00:00
// The receiver verifies the data by the root public key,
// even though the receiver has never seen the sender-key.
2021-01-18 22:57:33 +00:00
auto verified_opt = Receiver::verify_cert_and_data (root_key.pubkey (), signed_data);
if (! verified_opt) {
cerr << "Receiver couldn't verify cert and data" << endl;
return 1;
2021-01-17 15:11:21 +00:00
}
const auto verified = std::move (*verified_opt);
if (verified != important_data) {
cerr << "Verified payload did not match expected payload" << endl;
return 1;
}
return 0;
}
int main (int argc, char ** argv) {
cxxopts::Options options ("BareMinimumCrypto", "Simple crypto things you might need.");
options.add_options ()
("generate-ca-key", "Generate a passphrase-protected certificate authority key", cxxopts::value <string> ())
("check-ca-key", "Read information from a CA key without decrypting it")
("test", "Run self-test")
("help", "Print usage")
;
auto result = options.parse (argc, argv);
if (result.count ("help")) {
cout << options.help () << endl;
}
else if (result.count ("generate-ca-key")) {
const auto file_path = result ["generate-ca-key"].as <string> ();
cout << "Type passphrase (it will be visible in the console)" << endl;
string passphrase;
cin >> passphrase;
auto key_opt = SigningKey::generate_to_file (file_path, passphrase);
if (! key_opt) {
cerr << "Error. Key was not generated" << endl;
return 1;
}
cout << "The pubkey is `" << base64_encode (key_opt->pubkey ()) << "`" << endl;
}
else if (result.count ("test")) {
if (test () != 0) {
return 1;
}
cerr << "All good." << endl;
}
return 0;
}