2021-01-18 22:57:33 +00:00
|
|
|
#pragma once
|
|
|
|
|
|
|
|
#include <optional>
|
|
|
|
#include <stdint.h>
|
2021-01-19 22:52:02 +00:00
|
|
|
#include <string>
|
2021-01-18 22:57:33 +00:00
|
|
|
#include <vector>
|
|
|
|
|
2021-01-20 01:01:27 +00:00
|
|
|
#include "json.hpp"
|
|
|
|
|
2021-01-18 22:57:33 +00:00
|
|
|
#include "expiring_signature.h"
|
|
|
|
#include "time_helpers.h"
|
|
|
|
|
|
|
|
namespace BareMinimumCrypto {
|
|
|
|
using namespace std;
|
2021-01-20 01:01:27 +00:00
|
|
|
using nlohmann::json;
|
2021-01-18 22:57:33 +00:00
|
|
|
|
2021-01-19 23:59:49 +00:00
|
|
|
string get_machine_id ();
|
2021-01-20 02:58:24 +00:00
|
|
|
string get_passphrase_from_user ();
|
|
|
|
optional <json> try_load_msgpack_file (const string & file_path);
|
2021-01-19 23:59:49 +00:00
|
|
|
|
2021-01-20 01:10:33 +00:00
|
|
|
struct SigningKey {
|
2021-01-20 01:31:41 +00:00
|
|
|
Bytes sk;
|
2021-01-20 01:10:33 +00:00
|
|
|
|
|
|
|
SigningKey ();
|
|
|
|
|
2021-01-20 01:31:41 +00:00
|
|
|
Bytes pubkey () const;
|
|
|
|
Bytes pub_to_msgpack () const;
|
2021-01-20 01:10:33 +00:00
|
|
|
|
|
|
|
optional <ExpiringSignature> sign (
|
2021-01-20 01:31:41 +00:00
|
|
|
const Bytes & payload,
|
2021-01-20 01:10:33 +00:00
|
|
|
TimeRange tr
|
|
|
|
) const;
|
|
|
|
|
|
|
|
optional <ExpiringSignature> sign_key (const SigningKey & k, Instant now) const;
|
2021-01-20 01:31:41 +00:00
|
|
|
optional <ExpiringSignature> sign_data (const Bytes & v, Instant now) const;
|
2021-01-20 01:10:33 +00:00
|
|
|
};
|
|
|
|
|
2021-01-20 01:01:27 +00:00
|
|
|
struct HumanKeyFile {
|
2021-01-20 01:31:41 +00:00
|
|
|
Bytes salt;
|
2021-01-19 23:01:17 +00:00
|
|
|
Instant time_created;
|
2021-01-20 01:31:41 +00:00
|
|
|
Bytes pubkey;
|
2021-01-19 23:59:49 +00:00
|
|
|
string machine_id;
|
2021-01-19 23:01:17 +00:00
|
|
|
|
2021-01-20 01:10:33 +00:00
|
|
|
// This doesn't fsync, so it's possible to lose the key due to a power outage
|
|
|
|
// or filesystem nonsense right after this function returns.
|
|
|
|
// It also doesn't do the rename trick. The caller may do that.
|
|
|
|
|
|
|
|
static optional <SigningKey> generate (const string & file_path, const string & passphrase);
|
|
|
|
|
2021-01-20 02:58:24 +00:00
|
|
|
static optional <SigningKey> load (const string & file_path, const string & passphrase);
|
|
|
|
|
|
|
|
static optional <SigningKey> unlock_key (const Bytes & salt, const string & passphrase);
|
|
|
|
|
2021-01-20 01:31:41 +00:00
|
|
|
Bytes to_msgpack () const;
|
2021-01-20 01:01:27 +00:00
|
|
|
static optional <HumanKeyFile> try_from_msgpack (const json & msg);
|
|
|
|
};
|
|
|
|
|
|
|
|
struct MachineKeyFile {
|
2021-01-20 01:31:41 +00:00
|
|
|
Bytes secretkey;
|
2021-01-20 01:01:27 +00:00
|
|
|
Instant time_created;
|
|
|
|
string machine_id;
|
|
|
|
|
2021-01-20 01:10:33 +00:00
|
|
|
static optional <SigningKey> generate (const string & file_path);
|
2021-01-19 02:41:05 +00:00
|
|
|
|
2021-01-20 01:31:41 +00:00
|
|
|
Bytes pubkey () const;
|
2021-01-18 22:57:33 +00:00
|
|
|
|
2021-01-20 01:31:41 +00:00
|
|
|
Bytes to_msgpack () const;
|
2021-01-20 01:10:33 +00:00
|
|
|
static optional <MachineKeyFile> try_from_msgpack (const json & msg);
|
2021-01-18 22:57:33 +00:00
|
|
|
};
|
|
|
|
}
|