ptth/bare_minimum_crypto/cpp/bmc_main.cpp

#include <chrono>
#include <iostream>
#include <optional>
#include <stdint.h>
#include <string>
#include <vector>

#include "cxxopts.hpp"
#include "json.hpp"

#include "expiring_signature.h"
#include "receiver.h"
#include "sender.h"
#include "signing_key.h"
#include "sodium_helpers.h"
#include "string_helpers.h"
#include "time_helpers.h"

using namespace std;
using nlohmann::json;
using namespace BareMinimumCrypto;

int test () {
	if (test_base64 () != 0) {
		return 1;
	}
	
	// We generate a root key and keep it somewhere safe
	// (offline, hopefully)
	
	SigningKey root_key;
	cerr << "Root pub key " << base64_encode (root_key.pubkey ()) << endl;
	
	if (test_time () != 0) {
		return 1;
	}
	
	const auto now = Instant::now ();
	
	// The sender generates a key
	SigningKey sender_key;
	cerr << "Sender key " << base64_encode (sender_key.pubkey ()) << endl;
	
	// The root signs the sender key
	const ExpiringSignature sender_cert = std::move (*root_key.sign_key (sender_key, now));
	
	const auto sender = std::move (*Sender::create (sender_key, sender_cert));
	
	// The sender signs some important data
	const auto important_data = copy_to_bytes ("Nikolai, Anna, Ivan, Mikhail, Ivan, Nikolai, Anna. 7 4 1 4 3 5 7 4");
	const auto signed_data = std::move (*sender.sign (important_data));
	
	// The receiver verifies the data by the root public key,
	// even though the receiver has never seen the sender-key.
	
	auto verified_opt = Receiver::verify_cert_and_data (root_key.pubkey (), signed_data);
	if (! verified_opt) {
		cerr << "Receiver couldn't verify cert and data" << endl;
		return 1;
	}
	const auto verified = std::move (*verified_opt);
	
	if (verified != important_data) {
		cerr << "Verified payload did not match expected payload" << endl;
		return 1;
	}
	
	return 0;
}

int main (int argc, char ** argv) {
	cxxopts::Options options ("BareMinimumCrypto", "Simple crypto things you might need.");
	options.add_options ()
		("generate-ca-key", "Generate a passphrase-protected certificate authority key", cxxopts::value <string> ())
		("check-ca-key", "Read information from a CA key without decrypting it")
		("test", "Run self-test")
		("help", "Print usage")
	;
	
	auto result = options.parse (argc, argv);
	
	if (result.count ("help")) {
		cout << options.help () << endl;
	}
	else if (result.count ("generate-ca-key")) {
		const auto file_path = result ["generate-ca-key"].as <string> ();
		cout << "Type passphrase (it will be visible in the console)" << endl;
		string passphrase;
		cin >> passphrase;
		
		auto key_opt = SigningKey::generate_to_file (file_path, passphrase);
		if (! key_opt) {
			cerr << "Error. Key was not generated" << endl;
			return 1;
		}
		cout << "The pubkey is `" << base64_encode (key_opt->pubkey ()) << "`" << endl;
	}
	else if (result.count ("test")) {
		if (test () != 0) {
			return 1;
		}
		
		cerr << "All good." << endl;
	}
	return 0;
}
:construction: wip 2021-01-17 15:11:21 +00:00			`#include <chrono>`
:construction: wip: making some examples / demos for easy ways to use libsodium 2021-01-17 00:44:11 +00:00			`#include <iostream>`
:construction: wip 2021-01-17 15:11:21 +00:00			`#include <optional>`
:construction: wip: making some examples / demos for easy ways to use libsodium 2021-01-17 00:44:11 +00:00			`#include <stdint.h>`
			`#include <string>`
			`#include <vector>`

:heavy_plus_sign: update: add keygen for root keys 2021-01-19 22:52:02 +00:00			`#include "cxxopts.hpp"`
:construction: wip 2021-01-17 15:11:21 +00:00			`#include "json.hpp"`
:construction: wip: making some examples / demos for easy ways to use libsodium 2021-01-17 00:44:11 +00:00
update: establishing the receiver role clearly 2021-01-18 00:00:45 +00:00			`#include "expiring_signature.h"`
			`#include "receiver.h"`
update: working on sender role 2021-01-18 22:57:33 +00:00			`#include "sender.h"`
			`#include "signing_key.h"`
update: establishing the receiver role clearly 2021-01-18 00:00:45 +00:00			`#include "sodium_helpers.h"`
:recycle: refactor: splitting out util functions 2021-01-17 21:36:56 +00:00			`#include "string_helpers.h"`
:recycle: refactor 2021-01-17 21:45:59 +00:00			`#include "time_helpers.h"`
:recycle: refactor: splitting out util functions 2021-01-17 21:36:56 +00:00
:construction: wip: making some examples / demos for easy ways to use libsodium 2021-01-17 00:44:11 +00:00			`using namespace std;`
:construction: wip 2021-01-17 15:11:21 +00:00			`using nlohmann::json;`
:recycle: refactor: splitting out util functions 2021-01-17 21:36:56 +00:00			`using namespace BareMinimumCrypto;`
update: so I don't like this base64 lib anymore. It has no error handling. 2021-01-17 15:52:38 +00:00
:heavy_plus_sign: update: add keygen for root keys 2021-01-19 22:52:02 +00:00			`int test () {`
			`if (test_base64 () != 0) {`
:construction: wip: considering passphrase-protected keys 2021-01-19 02:41:05 +00:00			`return 1;`
			`}`

:heavy_plus_sign: update: add keygen for root keys 2021-01-19 22:52:02 +00:00			`// We generate a root key and keep it somewhere safe`
			`// (offline, hopefully)`
:construction: wip: considering passphrase-protected keys 2021-01-19 02:41:05 +00:00
:construction: wip 2021-01-17 15:11:21 +00:00			`SigningKey root_key;`
:heavy_minus_sign: update: remove un-needed base64 in more places 2021-01-18 22:23:38 +00:00			`cerr << "Root pub key " << base64_encode (root_key.pubkey ()) << endl;`
:construction: wip 2021-01-17 15:11:21 +00:00
:recycle: refactor 2021-01-17 21:53:04 +00:00			`if (test_time () != 0) {`
:construction: wip 2021-01-17 15:11:21 +00:00			`return 1;`
			`}`

:recycle: refactor: Extract Instant struct 2021-01-17 23:31:28 +00:00			`const auto now = Instant::now ();`
:recycle: refactor: splitting out util functions 2021-01-17 21:36:56 +00:00
update: working on sender role 2021-01-18 22:57:33 +00:00			`// The sender generates a key`
			`SigningKey sender_key;`
			`cerr << "Sender key " << base64_encode (sender_key.pubkey ()) << endl;`
:construction: wip 2021-01-17 15:11:21 +00:00
update: working on sender role 2021-01-18 22:57:33 +00:00			`// The root signs the sender key`
			`const ExpiringSignature sender_cert = std::move (*root_key.sign_key (sender_key, now));`
:construction: wip 2021-01-17 15:11:21 +00:00
update: working on sender role 2021-01-18 22:57:33 +00:00			`const auto sender = std::move (*Sender::create (sender_key, sender_cert));`
:construction: wip 2021-01-17 15:11:21 +00:00
update: working on sender role 2021-01-18 22:57:33 +00:00			`// The sender signs some important data`
			`const auto important_data = copy_to_bytes ("Nikolai, Anna, Ivan, Mikhail, Ivan, Nikolai, Anna. 7 4 1 4 3 5 7 4");`
			`const auto signed_data = std::move (*sender.sign (important_data));`
:construction: wip: working on serialization 2021-01-18 01:17:06 +00:00
update: working on sender role 2021-01-18 22:57:33 +00:00			`// The receiver verifies the data by the root public key,`
			`// even though the receiver has never seen the sender-key.`
:construction: wip: working on serialization 2021-01-18 01:17:06 +00:00
update: working on sender role 2021-01-18 22:57:33 +00:00			`auto verified_opt = Receiver::verify_cert_and_data (root_key.pubkey (), signed_data);`
:recycle: refactor: extract verify_cert_and_data 2021-01-17 23:03:32 +00:00			`if (! verified_opt) {`
			`cerr << "Receiver couldn't verify cert and data" << endl;`
			`return 1;`
:construction: wip 2021-01-17 15:11:21 +00:00			`}`
:recycle: refactor: extract verify_cert_and_data 2021-01-17 23:03:32 +00:00			`const auto verified = std::move (*verified_opt);`
:construction: wip: making some examples / demos for easy ways to use libsodium 2021-01-17 00:44:11 +00:00
:recycle: refactor: extract verify_cert_and_data 2021-01-17 23:03:32 +00:00			`if (verified != important_data) {`
			`cerr << "Verified payload did not match expected payload" << endl;`
			`return 1;`
:recycle: refactor: splitting out util functions 2021-01-17 21:36:56 +00:00			`}`

			`return 0;`
			`}`

:heavy_plus_sign: update: add keygen for root keys 2021-01-19 22:52:02 +00:00			`int main (int argc, char ** argv) {`
			`cxxopts::Options options ("BareMinimumCrypto", "Simple crypto things you might need.");`
			`options.add_options ()`
			`("generate-ca-key", "Generate a passphrase-protected certificate authority key", cxxopts::value <string> ())`
			`("check-ca-key", "Read information from a CA key without decrypting it")`
			`("test", "Run self-test")`
			`("help", "Print usage")`
			`;`

			`auto result = options.parse (argc, argv);`

			`if (result.count ("help")) {`
			`cout << options.help () << endl;`
:recycle: refactor: splitting out util functions 2021-01-17 21:36:56 +00:00			`}`
:heavy_plus_sign: update: add keygen for root keys 2021-01-19 22:52:02 +00:00			`else if (result.count ("generate-ca-key")) {`
			`const auto file_path = result ["generate-ca-key"].as <string> ();`
			`cout << "Type passphrase (it will be visible in the console)" << endl;`
			`string passphrase;`
			`cin >> passphrase;`

			`auto key_opt = SigningKey::generate_to_file (file_path, passphrase);`
			`if (! key_opt) {`
			`cerr << "Error. Key was not generated" << endl;`
			`return 1;`
			`}`
			cout << "The pubkey is `" << base64_encode (key_opt->pubkey ()) << "`" << endl;
			`}`
			`else if (result.count ("test")) {`
			`if (test () != 0) {`
			`return 1;`
			`}`

			`cerr << "All good." << endl;`
update: so I don't like this base64 lib anymore. It has no error handling. 2021-01-17 15:52:38 +00:00			`}`
:construction: wip: making some examples / demos for easy ways to use libsodium 2021-01-17 00:44:11 +00:00			`return 0;`
			`}`