From 199aacadd325981d9c517afc505fb1bb2b4420c8 Mon Sep 17 00:00:00 2001 From: _ <_@_> Date: Tue, 19 Jan 2021 19:10:33 -0600 Subject: [PATCH] :recycle: refactor --- bare_minimum_crypto/cpp/bmc_main.cpp | 7 ++- bare_minimum_crypto/cpp/signing_key.cpp | 18 +++++--- bare_minimum_crypto/cpp/signing_key.h | 59 ++++++++++++------------- 3 files changed, 46 insertions(+), 38 deletions(-) diff --git a/bare_minimum_crypto/cpp/bmc_main.cpp b/bare_minimum_crypto/cpp/bmc_main.cpp index ac4d022..3b2a37c 100644 --- a/bare_minimum_crypto/cpp/bmc_main.cpp +++ b/bare_minimum_crypto/cpp/bmc_main.cpp @@ -115,6 +115,9 @@ int test () { return 1; } + cerr << "crypto_sign_PUBLICKEYBYTES = " << crypto_sign_PUBLICKEYBYTES << endl; + cerr << "crypto_sign_SECRETKEYBYTES = " << crypto_sign_SECRETKEYBYTES << endl; + // We generate a root key and keep it somewhere safe // (offline, hopefully) @@ -179,7 +182,7 @@ int main (int argc, char ** argv) { string passphrase; cin >> passphrase; - auto key_opt = SigningKey::generate_human_key_file (file_path, passphrase); + auto key_opt = HumanKeyFile::generate (file_path, passphrase); if (! key_opt) { cerr << "Error. Key was not generated" << endl; return 1; @@ -189,7 +192,7 @@ int main (int argc, char ** argv) { else if (result.count ("generate-machine-key")) { const auto file_path = result ["generate-machine-key"].as (); - auto key_opt = SigningKey::generate_machine_key_file (file_path); + auto key_opt = MachineKeyFile::generate (file_path); if (! key_opt) { cerr << "Error. Key was not generated" << endl; return 1; diff --git a/bare_minimum_crypto/cpp/signing_key.cpp b/bare_minimum_crypto/cpp/signing_key.cpp index 8af7574..c052b82 100644 --- a/bare_minimum_crypto/cpp/signing_key.cpp +++ b/bare_minimum_crypto/cpp/signing_key.cpp @@ -106,7 +106,7 @@ namespace BareMinimumCrypto { // Passphrases should be mandatory for keys that can sign other keys. - optional SigningKey::generate_human_key_file (const string & file_path, const string & passphrase) + optional HumanKeyFile::generate (const string & file_path, const string & passphrase) { try_sodium_init (); @@ -133,10 +133,12 @@ namespace BareMinimumCrypto { // This generates a redundant key but that's fine. SigningKey key; - key.pk.resize (crypto_sign_PUBLICKEYBYTES); + //key.pk.resize (crypto_sign_PUBLICKEYBYTES); key.sk.resize (crypto_sign_SECRETKEYBYTES); - if (crypto_sign_seed_keypair (key.pk.data (), key.sk.data (), seed.data ()) != 0) { + vector pk; + pk.resize (crypto_sign_PUBLICKEYBYTES); + if (crypto_sign_seed_keypair (pk.data (), key.sk.data (), seed.data ()) != 0) { return nullopt; } @@ -145,7 +147,7 @@ namespace BareMinimumCrypto { HumanKeyFile key_on_disk { salt, Instant::now (), - key.pk, + key.pubkey (), machine_id, }; const auto msg = key_on_disk.to_msgpack (); @@ -157,7 +159,7 @@ namespace BareMinimumCrypto { return key; } - optional SigningKey::generate_machine_key_file (const string & file_path) + optional MachineKeyFile::generate (const string & file_path) { const SigningKey key; @@ -180,6 +182,7 @@ namespace BareMinimumCrypto { SigningKey::SigningKey () { try_sodium_init (); + vector pk; pk.resize (crypto_sign_PUBLICKEYBYTES); sk.resize (crypto_sign_SECRETKEYBYTES); @@ -187,12 +190,15 @@ namespace BareMinimumCrypto { } vector SigningKey::pubkey () const { + vector pk; + pk.resize (crypto_sign_PUBLICKEYBYTES); + crypto_sign_ed25519_sk_to_pk (pk.data (), sk.data ()); return pk; } vector SigningKey::pub_to_msgpack () const { const json j = { - {"key", json::binary (pk)}, + {"key", json::binary (pubkey ())}, }; return json::to_msgpack (j); } diff --git a/bare_minimum_crypto/cpp/signing_key.h b/bare_minimum_crypto/cpp/signing_key.h index 2cb805c..728be90 100644 --- a/bare_minimum_crypto/cpp/signing_key.h +++ b/bare_minimum_crypto/cpp/signing_key.h @@ -16,41 +16,11 @@ namespace BareMinimumCrypto { string get_machine_id (); - struct HumanKeyFile { - vector salt; - Instant time_created; - vector pubkey; - string machine_id; - - vector to_msgpack () const; - static optional try_from_msgpack (const json & msg); - }; - - struct MachineKeyFile { - vector secretkey; - Instant time_created; - string machine_id; - - vector to_msgpack () const; - static optional try_from_msgpack (const json & msg); - - vector pubkey () const; - }; - struct SigningKey { - vector pk; vector sk; SigningKey (); - // This doesn't fsync, so it's possible to lose the key due to a power outage - // or filesystem nonsense right after this function returns. - // It also doesn't do the rename trick. The caller may do that. - - static optional generate_human_key_file (const string & file_path, const string & passphrase); - - static optional generate_machine_key_file (const string & file_path); - static optional load_human_key_file (const string & file_path, const string & passphrase); vector pubkey () const; @@ -64,4 +34,33 @@ namespace BareMinimumCrypto { optional sign_key (const SigningKey & k, Instant now) const; optional sign_data (const vector & v, Instant now) const; }; + + struct HumanKeyFile { + vector salt; + Instant time_created; + vector pubkey; + string machine_id; + + // This doesn't fsync, so it's possible to lose the key due to a power outage + // or filesystem nonsense right after this function returns. + // It also doesn't do the rename trick. The caller may do that. + + static optional generate (const string & file_path, const string & passphrase); + + vector to_msgpack () const; + static optional try_from_msgpack (const json & msg); + }; + + struct MachineKeyFile { + vector secretkey; + Instant time_created; + string machine_id; + + static optional generate (const string & file_path); + + vector pubkey () const; + + vector to_msgpack () const; + static optional try_from_msgpack (const json & msg); + }; }