2021-01-17 15:11:21 +00:00
|
|
|
#include <chrono>
|
2021-01-17 00:44:11 +00:00
|
|
|
#include <iostream>
|
2021-01-17 15:11:21 +00:00
|
|
|
#include <optional>
|
2021-01-17 00:44:11 +00:00
|
|
|
#include <stdint.h>
|
|
|
|
#include <string>
|
|
|
|
#include <vector>
|
|
|
|
|
|
|
|
#include <sodium.h>
|
|
|
|
|
2021-01-17 23:03:32 +00:00
|
|
|
#include "cpp-base64/base64.h"
|
2021-01-17 15:11:21 +00:00
|
|
|
#include "json.hpp"
|
2021-01-17 00:44:11 +00:00
|
|
|
|
2021-01-17 21:36:56 +00:00
|
|
|
#include "string_helpers.h"
|
2021-01-17 21:45:59 +00:00
|
|
|
#include "time_helpers.h"
|
2021-01-17 21:36:56 +00:00
|
|
|
|
2021-01-17 00:44:11 +00:00
|
|
|
using namespace std;
|
2021-01-17 15:11:21 +00:00
|
|
|
using nlohmann::json;
|
2021-01-17 00:44:11 +00:00
|
|
|
|
2021-01-17 21:36:56 +00:00
|
|
|
using namespace BareMinimumCrypto;
|
2021-01-17 15:52:38 +00:00
|
|
|
|
2021-01-17 15:11:21 +00:00
|
|
|
struct ExpiringSignature {
|
|
|
|
string cert_s;
|
|
|
|
vector <uint8_t> sig;
|
|
|
|
|
|
|
|
// C++ nonsense
|
|
|
|
bool operator == (const ExpiringSignature & o) const {
|
|
|
|
return
|
|
|
|
cert_s == o.cert_s &&
|
|
|
|
sig == o.sig
|
|
|
|
;
|
|
|
|
}
|
|
|
|
|
|
|
|
bool operator != (const ExpiringSignature & o) const {
|
|
|
|
return ! (*this == o);
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
void try_sodium_init () {
|
|
|
|
if (sodium_init () < 0) {
|
|
|
|
throw std::runtime_error ("Can't initialize libsodium");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-01-17 23:03:32 +00:00
|
|
|
bool is_pubkey_length (const vector <uint8_t> & v) {
|
|
|
|
return v.size () == crypto_sign_PUBLICKEYBYTES;
|
|
|
|
}
|
2021-01-17 15:52:38 +00:00
|
|
|
|
2021-01-17 23:03:32 +00:00
|
|
|
optional <vector <uint8_t>> try_verify_signed_data (
|
2021-01-17 15:52:38 +00:00
|
|
|
const ExpiringSignature & sig,
|
2021-01-17 23:03:32 +00:00
|
|
|
const vector <uint8_t> & pubkey,
|
2021-01-17 23:31:28 +00:00
|
|
|
Instant now
|
2021-01-17 15:52:38 +00:00
|
|
|
) {
|
|
|
|
try_sodium_init ();
|
|
|
|
|
2021-01-17 23:03:32 +00:00
|
|
|
if (! is_pubkey_length (pubkey)) {
|
2021-01-17 15:52:38 +00:00
|
|
|
return nullopt;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (crypto_sign_verify_detached (
|
|
|
|
sig.sig.data (),
|
|
|
|
(const uint8_t *)sig.cert_s.data (),
|
|
|
|
sig.cert_s.size (),
|
|
|
|
pubkey.data ()
|
|
|
|
) != 0) {
|
|
|
|
return nullopt;
|
|
|
|
}
|
|
|
|
|
|
|
|
const json j = json::parse (sig.cert_s);
|
|
|
|
|
2021-01-17 23:31:28 +00:00
|
|
|
const TimeRange tr {
|
|
|
|
j ["not_before"],
|
|
|
|
j ["not_after"]
|
|
|
|
};
|
2021-01-17 15:52:38 +00:00
|
|
|
|
2021-01-17 23:31:28 +00:00
|
|
|
if (! tr.contains (now)) {
|
2021-01-17 15:52:38 +00:00
|
|
|
return nullopt;
|
|
|
|
}
|
|
|
|
|
|
|
|
const string payload_b64 = j ["payload_b64"];
|
2021-01-17 23:03:32 +00:00
|
|
|
const auto payload = std::move (*BareMinimumCrypto::base64_decode (payload_b64));
|
2021-01-17 15:52:38 +00:00
|
|
|
|
2021-01-17 23:03:32 +00:00
|
|
|
return payload;
|
2021-01-17 15:52:38 +00:00
|
|
|
}
|
|
|
|
|
2021-01-17 23:03:32 +00:00
|
|
|
optional <vector <uint8_t>> verify_signed_data (
|
2021-01-17 15:52:38 +00:00
|
|
|
const ExpiringSignature & sig,
|
2021-01-17 23:03:32 +00:00
|
|
|
const vector <uint8_t> & pubkey,
|
2021-01-17 23:31:28 +00:00
|
|
|
Instant now
|
2021-01-17 15:52:38 +00:00
|
|
|
) {
|
|
|
|
try {
|
2021-01-17 23:03:32 +00:00
|
|
|
return try_verify_signed_data (sig, pubkey, now);
|
2021-01-17 15:52:38 +00:00
|
|
|
}
|
|
|
|
catch (json::exception &) {
|
|
|
|
return nullopt;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-01-17 23:03:32 +00:00
|
|
|
optional <vector <uint8_t>> verify_cert_and_data (
|
|
|
|
const ExpiringSignature & signed_cert,
|
|
|
|
const ExpiringSignature & signed_data,
|
|
|
|
const vector <uint8_t> & root_pubkey,
|
2021-01-17 23:31:28 +00:00
|
|
|
Instant now
|
2021-01-17 23:03:32 +00:00
|
|
|
) {
|
|
|
|
auto subkey_opt = verify_signed_data (signed_cert, root_pubkey, now);
|
|
|
|
if (! subkey_opt) {
|
|
|
|
return nullopt;
|
|
|
|
}
|
|
|
|
const auto subkey = std::move (*subkey_opt);
|
|
|
|
|
|
|
|
return verify_signed_data (signed_data, subkey, now);
|
|
|
|
}
|
|
|
|
|
|
|
|
optional <vector <uint8_t>> verify_cert_and_data (
|
|
|
|
const ExpiringSignature & signed_cert,
|
|
|
|
const ExpiringSignature & signed_data,
|
|
|
|
const vector <uint8_t> & root_pubkey
|
|
|
|
) {
|
2021-01-17 23:31:28 +00:00
|
|
|
return verify_cert_and_data (signed_cert, signed_data, root_pubkey, Instant::now ());
|
2021-01-17 23:03:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
optional <vector <uint8_t>> verify_signed_data (
|
|
|
|
const ExpiringSignature & sig,
|
|
|
|
const vector <uint8_t> & pubkey
|
|
|
|
) {
|
2021-01-17 23:31:28 +00:00
|
|
|
return verify_signed_data (sig, pubkey, Instant::now ());
|
2021-01-17 23:03:32 +00:00
|
|
|
}
|
|
|
|
|
2021-01-17 15:11:21 +00:00
|
|
|
class SigningKey {
|
2021-01-17 00:44:11 +00:00
|
|
|
vector <uint8_t> pk;
|
|
|
|
vector <uint8_t> sk;
|
|
|
|
|
2021-01-17 15:11:21 +00:00
|
|
|
public:
|
|
|
|
SigningKey () {
|
|
|
|
try_sodium_init ();
|
|
|
|
|
|
|
|
pk.resize (crypto_sign_PUBLICKEYBYTES);
|
|
|
|
sk.resize (crypto_sign_SECRETKEYBYTES);
|
|
|
|
|
|
|
|
crypto_sign_keypair (pk.data (), sk.data ());
|
|
|
|
}
|
|
|
|
|
|
|
|
vector <uint8_t> pubkey () const {
|
|
|
|
return pk;
|
|
|
|
}
|
|
|
|
|
|
|
|
string pub_to_base64 () const {
|
2021-01-17 21:36:56 +00:00
|
|
|
return base64_encode (pk);
|
2021-01-17 15:11:21 +00:00
|
|
|
}
|
|
|
|
|
2021-01-17 21:36:56 +00:00
|
|
|
optional <ExpiringSignature> sign_base64 (
|
2021-01-17 23:03:32 +00:00
|
|
|
const string & payload_b64,
|
2021-01-17 23:31:28 +00:00
|
|
|
TimeRange tr
|
2021-01-17 15:11:21 +00:00
|
|
|
) const {
|
|
|
|
try_sodium_init ();
|
|
|
|
|
2021-01-17 23:31:28 +00:00
|
|
|
if (tr.duration () > about_1_year) {
|
2021-01-17 21:36:56 +00:00
|
|
|
return nullopt;
|
|
|
|
}
|
|
|
|
|
2021-01-17 15:11:21 +00:00
|
|
|
const json j {
|
2021-01-17 23:31:28 +00:00
|
|
|
{"not_before", tr.not_before},
|
|
|
|
{"not_after", tr.not_after},
|
2021-01-17 21:36:56 +00:00
|
|
|
{"payload_b64", payload_b64},
|
2021-01-17 15:11:21 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
const auto cert_s = j.dump ();
|
|
|
|
|
|
|
|
vector <uint8_t> sig;
|
|
|
|
sig.resize (crypto_sign_BYTES);
|
|
|
|
|
|
|
|
crypto_sign_detached (sig.data (), nullptr, (const uint8_t *)cert_s.data (), cert_s.size (), sk.data ());
|
|
|
|
|
|
|
|
return ExpiringSignature {
|
|
|
|
cert_s,
|
|
|
|
sig,
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
2021-01-17 23:31:28 +00:00
|
|
|
optional <ExpiringSignature> sign_key (const SigningKey & k, Instant now) const
|
2021-01-17 15:11:21 +00:00
|
|
|
{
|
2021-01-17 23:31:28 +00:00
|
|
|
return sign_base64 (k.pub_to_base64 (), TimeRange::from_start_and_dur (now, about_3_months));
|
2021-01-17 21:36:56 +00:00
|
|
|
}
|
|
|
|
|
2021-01-17 23:31:28 +00:00
|
|
|
optional <ExpiringSignature> sign_data (const vector <uint8_t> & v, Instant now) const
|
2021-01-17 21:36:56 +00:00
|
|
|
{
|
2021-01-17 23:31:28 +00:00
|
|
|
return sign_base64 (base64_encode (v), TimeRange::from_start_and_dur (now, about_1_week));
|
2021-01-17 15:11:21 +00:00
|
|
|
}
|
|
|
|
};
|
|
|
|
|
2021-01-17 23:03:32 +00:00
|
|
|
|
|
|
|
|
2021-01-17 21:36:56 +00:00
|
|
|
int happy_path () {
|
|
|
|
// We generate a root key and keep it somewhere safe
|
|
|
|
// (offline, hopefully)
|
2021-01-17 15:11:21 +00:00
|
|
|
SigningKey root_key;
|
|
|
|
cerr << "Root pub key " << root_key.pub_to_base64 () << endl;
|
|
|
|
|
2021-01-17 21:53:04 +00:00
|
|
|
if (test_time () != 0) {
|
2021-01-17 15:11:21 +00:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2021-01-17 21:36:56 +00:00
|
|
|
// The server generates a signing key
|
2021-01-17 15:11:21 +00:00
|
|
|
SigningKey signing_key;
|
|
|
|
cerr << "Signing key " << signing_key.pub_to_base64 () << endl;
|
|
|
|
|
2021-01-17 23:31:28 +00:00
|
|
|
const auto now = Instant::now ();
|
2021-01-17 21:36:56 +00:00
|
|
|
|
|
|
|
// That signing key signs some important data
|
|
|
|
const auto important_data = copy_to_bytes ("Nikolai, Anna, Ivan, Mikhail, Ivan, Nikolai, Anna. 7 4 1 4 3 5 7 4");
|
|
|
|
const ExpiringSignature signed_data = std::move (*signing_key.sign_data (important_data, now));
|
|
|
|
|
|
|
|
// The server signs our temporary signing key
|
2021-01-17 15:11:21 +00:00
|
|
|
const ExpiringSignature cert = std::move (*root_key.sign_key (signing_key, now));
|
|
|
|
|
|
|
|
{
|
|
|
|
// Check that a different time results in a different cert
|
|
|
|
const auto cert_2 = std::move (*root_key.sign_key (signing_key, now));
|
2021-01-17 23:31:28 +00:00
|
|
|
const auto cert_3 = std::move (*root_key.sign_key (signing_key, Instant {now.x + 1}));
|
2021-01-17 15:11:21 +00:00
|
|
|
|
|
|
|
if (cert != cert_2) {
|
|
|
|
cerr << "Certs should have been identical" << endl;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (cert == cert_3) {
|
|
|
|
cerr << "Certs should have been different" << endl;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (cert == cert_3) {
|
|
|
|
cerr << "Signatures should have been different" << endl;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
{
|
|
|
|
cerr << "Cert:" << endl;
|
|
|
|
cerr << cert.cert_s << endl;
|
2021-01-17 21:36:56 +00:00
|
|
|
cerr << base64_encode (cert.sig) << endl;
|
2021-01-17 15:11:21 +00:00
|
|
|
}
|
|
|
|
|
2021-01-17 23:03:32 +00:00
|
|
|
// The receiver verifies the data by the root public key,
|
|
|
|
// even though the receiver has never seen the sub-key.
|
2021-01-17 15:11:21 +00:00
|
|
|
|
2021-01-17 23:03:32 +00:00
|
|
|
const auto root_pubkey = root_key.pubkey ();
|
|
|
|
auto verified_opt = verify_cert_and_data (cert, signed_data, root_pubkey);
|
|
|
|
if (! verified_opt) {
|
|
|
|
cerr << "Receiver couldn't verify cert and data" << endl;
|
|
|
|
return 1;
|
2021-01-17 15:11:21 +00:00
|
|
|
}
|
2021-01-17 23:03:32 +00:00
|
|
|
const auto verified = std::move (*verified_opt);
|
2021-01-17 00:44:11 +00:00
|
|
|
|
2021-01-17 23:03:32 +00:00
|
|
|
if (verified != important_data) {
|
|
|
|
cerr << "Verified payload did not match expected payload" << endl;
|
|
|
|
return 1;
|
2021-01-17 21:36:56 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
int main () {
|
2021-01-17 21:58:35 +00:00
|
|
|
if (test_base64 () != 0) {
|
2021-01-17 21:36:56 +00:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (happy_path () != 0) {
|
|
|
|
return 1;
|
2021-01-17 15:52:38 +00:00
|
|
|
}
|
2021-01-17 00:44:11 +00:00
|
|
|
|
2021-01-17 21:36:56 +00:00
|
|
|
cerr << "All good." << endl;
|
2021-01-17 00:44:11 +00:00
|
|
|
return 0;
|
|
|
|
}
|