♻️ refactor

main
_ 2021-01-19 19:10:33 -06:00
parent cc1c7c9229
commit 199aacadd3
3 changed files with 46 additions and 38 deletions

View File

@ -115,6 +115,9 @@ int test () {
return 1;
}
cerr << "crypto_sign_PUBLICKEYBYTES = " << crypto_sign_PUBLICKEYBYTES << endl;
cerr << "crypto_sign_SECRETKEYBYTES = " << crypto_sign_SECRETKEYBYTES << endl;
// We generate a root key and keep it somewhere safe
// (offline, hopefully)
@ -179,7 +182,7 @@ int main (int argc, char ** argv) {
string passphrase;
cin >> passphrase;
auto key_opt = SigningKey::generate_human_key_file (file_path, passphrase);
auto key_opt = HumanKeyFile::generate (file_path, passphrase);
if (! key_opt) {
cerr << "Error. Key was not generated" << endl;
return 1;
@ -189,7 +192,7 @@ int main (int argc, char ** argv) {
else if (result.count ("generate-machine-key")) {
const auto file_path = result ["generate-machine-key"].as <string> ();
auto key_opt = SigningKey::generate_machine_key_file (file_path);
auto key_opt = MachineKeyFile::generate (file_path);
if (! key_opt) {
cerr << "Error. Key was not generated" << endl;
return 1;

View File

@ -106,7 +106,7 @@ namespace BareMinimumCrypto {
// Passphrases should be mandatory for keys that can sign other keys.
optional <SigningKey> SigningKey::generate_human_key_file (const string & file_path, const string & passphrase)
optional <SigningKey> HumanKeyFile::generate (const string & file_path, const string & passphrase)
{
try_sodium_init ();
@ -133,10 +133,12 @@ namespace BareMinimumCrypto {
// This generates a redundant key but that's fine.
SigningKey key;
key.pk.resize (crypto_sign_PUBLICKEYBYTES);
//key.pk.resize (crypto_sign_PUBLICKEYBYTES);
key.sk.resize (crypto_sign_SECRETKEYBYTES);
if (crypto_sign_seed_keypair (key.pk.data (), key.sk.data (), seed.data ()) != 0) {
vector <uint8_t> pk;
pk.resize (crypto_sign_PUBLICKEYBYTES);
if (crypto_sign_seed_keypair (pk.data (), key.sk.data (), seed.data ()) != 0) {
return nullopt;
}
@ -145,7 +147,7 @@ namespace BareMinimumCrypto {
HumanKeyFile key_on_disk {
salt,
Instant::now (),
key.pk,
key.pubkey (),
machine_id,
};
const auto msg = key_on_disk.to_msgpack ();
@ -157,7 +159,7 @@ namespace BareMinimumCrypto {
return key;
}
optional <SigningKey> SigningKey::generate_machine_key_file (const string & file_path)
optional <SigningKey> MachineKeyFile::generate (const string & file_path)
{
const SigningKey key;
@ -180,6 +182,7 @@ namespace BareMinimumCrypto {
SigningKey::SigningKey () {
try_sodium_init ();
vector <uint8_t> pk;
pk.resize (crypto_sign_PUBLICKEYBYTES);
sk.resize (crypto_sign_SECRETKEYBYTES);
@ -187,12 +190,15 @@ namespace BareMinimumCrypto {
}
vector <uint8_t> SigningKey::pubkey () const {
vector <uint8_t> pk;
pk.resize (crypto_sign_PUBLICKEYBYTES);
crypto_sign_ed25519_sk_to_pk (pk.data (), sk.data ());
return pk;
}
vector <uint8_t> SigningKey::pub_to_msgpack () const {
const json j = {
{"key", json::binary (pk)},
{"key", json::binary (pubkey ())},
};
return json::to_msgpack (j);
}

View File

@ -16,41 +16,11 @@ namespace BareMinimumCrypto {
string get_machine_id ();
struct HumanKeyFile {
vector <uint8_t> salt;
Instant time_created;
vector <uint8_t> pubkey;
string machine_id;
vector <uint8_t> to_msgpack () const;
static optional <HumanKeyFile> try_from_msgpack (const json & msg);
};
struct MachineKeyFile {
vector <uint8_t> secretkey;
Instant time_created;
string machine_id;
vector <uint8_t> to_msgpack () const;
static optional <MachineKeyFile> try_from_msgpack (const json & msg);
vector <uint8_t> pubkey () const;
};
struct SigningKey {
vector <uint8_t> pk;
vector <uint8_t> sk;
SigningKey ();
// This doesn't fsync, so it's possible to lose the key due to a power outage
// or filesystem nonsense right after this function returns.
// It also doesn't do the rename trick. The caller may do that.
static optional <SigningKey> generate_human_key_file (const string & file_path, const string & passphrase);
static optional <SigningKey> generate_machine_key_file (const string & file_path);
static optional <SigningKey> load_human_key_file (const string & file_path, const string & passphrase);
vector <uint8_t> pubkey () const;
@ -64,4 +34,33 @@ namespace BareMinimumCrypto {
optional <ExpiringSignature> sign_key (const SigningKey & k, Instant now) const;
optional <ExpiringSignature> sign_data (const vector <uint8_t> & v, Instant now) const;
};
struct HumanKeyFile {
vector <uint8_t> salt;
Instant time_created;
vector <uint8_t> pubkey;
string machine_id;
// This doesn't fsync, so it's possible to lose the key due to a power outage
// or filesystem nonsense right after this function returns.
// It also doesn't do the rename trick. The caller may do that.
static optional <SigningKey> generate (const string & file_path, const string & passphrase);
vector <uint8_t> to_msgpack () const;
static optional <HumanKeyFile> try_from_msgpack (const json & msg);
};
struct MachineKeyFile {
vector <uint8_t> secretkey;
Instant time_created;
string machine_id;
static optional <SigningKey> generate (const string & file_path);
vector <uint8_t> pubkey () const;
vector <uint8_t> to_msgpack () const;
static optional <MachineKeyFile> try_from_msgpack (const json & msg);
};
}