♻️ refactor

main
_ 2021-01-19 19:10:33 -06:00
parent cc1c7c9229
commit 199aacadd3
3 changed files with 46 additions and 38 deletions

View File

@ -115,6 +115,9 @@ int test () {
return 1; return 1;
} }
cerr << "crypto_sign_PUBLICKEYBYTES = " << crypto_sign_PUBLICKEYBYTES << endl;
cerr << "crypto_sign_SECRETKEYBYTES = " << crypto_sign_SECRETKEYBYTES << endl;
// We generate a root key and keep it somewhere safe // We generate a root key and keep it somewhere safe
// (offline, hopefully) // (offline, hopefully)
@ -179,7 +182,7 @@ int main (int argc, char ** argv) {
string passphrase; string passphrase;
cin >> passphrase; cin >> passphrase;
auto key_opt = SigningKey::generate_human_key_file (file_path, passphrase); auto key_opt = HumanKeyFile::generate (file_path, passphrase);
if (! key_opt) { if (! key_opt) {
cerr << "Error. Key was not generated" << endl; cerr << "Error. Key was not generated" << endl;
return 1; return 1;
@ -189,7 +192,7 @@ int main (int argc, char ** argv) {
else if (result.count ("generate-machine-key")) { else if (result.count ("generate-machine-key")) {
const auto file_path = result ["generate-machine-key"].as <string> (); const auto file_path = result ["generate-machine-key"].as <string> ();
auto key_opt = SigningKey::generate_machine_key_file (file_path); auto key_opt = MachineKeyFile::generate (file_path);
if (! key_opt) { if (! key_opt) {
cerr << "Error. Key was not generated" << endl; cerr << "Error. Key was not generated" << endl;
return 1; return 1;

View File

@ -106,7 +106,7 @@ namespace BareMinimumCrypto {
// Passphrases should be mandatory for keys that can sign other keys. // Passphrases should be mandatory for keys that can sign other keys.
optional <SigningKey> SigningKey::generate_human_key_file (const string & file_path, const string & passphrase) optional <SigningKey> HumanKeyFile::generate (const string & file_path, const string & passphrase)
{ {
try_sodium_init (); try_sodium_init ();
@ -133,10 +133,12 @@ namespace BareMinimumCrypto {
// This generates a redundant key but that's fine. // This generates a redundant key but that's fine.
SigningKey key; SigningKey key;
key.pk.resize (crypto_sign_PUBLICKEYBYTES); //key.pk.resize (crypto_sign_PUBLICKEYBYTES);
key.sk.resize (crypto_sign_SECRETKEYBYTES); key.sk.resize (crypto_sign_SECRETKEYBYTES);
if (crypto_sign_seed_keypair (key.pk.data (), key.sk.data (), seed.data ()) != 0) { vector <uint8_t> pk;
pk.resize (crypto_sign_PUBLICKEYBYTES);
if (crypto_sign_seed_keypair (pk.data (), key.sk.data (), seed.data ()) != 0) {
return nullopt; return nullopt;
} }
@ -145,7 +147,7 @@ namespace BareMinimumCrypto {
HumanKeyFile key_on_disk { HumanKeyFile key_on_disk {
salt, salt,
Instant::now (), Instant::now (),
key.pk, key.pubkey (),
machine_id, machine_id,
}; };
const auto msg = key_on_disk.to_msgpack (); const auto msg = key_on_disk.to_msgpack ();
@ -157,7 +159,7 @@ namespace BareMinimumCrypto {
return key; return key;
} }
optional <SigningKey> SigningKey::generate_machine_key_file (const string & file_path) optional <SigningKey> MachineKeyFile::generate (const string & file_path)
{ {
const SigningKey key; const SigningKey key;
@ -180,6 +182,7 @@ namespace BareMinimumCrypto {
SigningKey::SigningKey () { SigningKey::SigningKey () {
try_sodium_init (); try_sodium_init ();
vector <uint8_t> pk;
pk.resize (crypto_sign_PUBLICKEYBYTES); pk.resize (crypto_sign_PUBLICKEYBYTES);
sk.resize (crypto_sign_SECRETKEYBYTES); sk.resize (crypto_sign_SECRETKEYBYTES);
@ -187,12 +190,15 @@ namespace BareMinimumCrypto {
} }
vector <uint8_t> SigningKey::pubkey () const { vector <uint8_t> SigningKey::pubkey () const {
vector <uint8_t> pk;
pk.resize (crypto_sign_PUBLICKEYBYTES);
crypto_sign_ed25519_sk_to_pk (pk.data (), sk.data ());
return pk; return pk;
} }
vector <uint8_t> SigningKey::pub_to_msgpack () const { vector <uint8_t> SigningKey::pub_to_msgpack () const {
const json j = { const json j = {
{"key", json::binary (pk)}, {"key", json::binary (pubkey ())},
}; };
return json::to_msgpack (j); return json::to_msgpack (j);
} }

View File

@ -16,41 +16,11 @@ namespace BareMinimumCrypto {
string get_machine_id (); string get_machine_id ();
struct HumanKeyFile {
vector <uint8_t> salt;
Instant time_created;
vector <uint8_t> pubkey;
string machine_id;
vector <uint8_t> to_msgpack () const;
static optional <HumanKeyFile> try_from_msgpack (const json & msg);
};
struct MachineKeyFile {
vector <uint8_t> secretkey;
Instant time_created;
string machine_id;
vector <uint8_t> to_msgpack () const;
static optional <MachineKeyFile> try_from_msgpack (const json & msg);
vector <uint8_t> pubkey () const;
};
struct SigningKey { struct SigningKey {
vector <uint8_t> pk;
vector <uint8_t> sk; vector <uint8_t> sk;
SigningKey (); SigningKey ();
// This doesn't fsync, so it's possible to lose the key due to a power outage
// or filesystem nonsense right after this function returns.
// It also doesn't do the rename trick. The caller may do that.
static optional <SigningKey> generate_human_key_file (const string & file_path, const string & passphrase);
static optional <SigningKey> generate_machine_key_file (const string & file_path);
static optional <SigningKey> load_human_key_file (const string & file_path, const string & passphrase); static optional <SigningKey> load_human_key_file (const string & file_path, const string & passphrase);
vector <uint8_t> pubkey () const; vector <uint8_t> pubkey () const;
@ -64,4 +34,33 @@ namespace BareMinimumCrypto {
optional <ExpiringSignature> sign_key (const SigningKey & k, Instant now) const; optional <ExpiringSignature> sign_key (const SigningKey & k, Instant now) const;
optional <ExpiringSignature> sign_data (const vector <uint8_t> & v, Instant now) const; optional <ExpiringSignature> sign_data (const vector <uint8_t> & v, Instant now) const;
}; };
struct HumanKeyFile {
vector <uint8_t> salt;
Instant time_created;
vector <uint8_t> pubkey;
string machine_id;
// This doesn't fsync, so it's possible to lose the key due to a power outage
// or filesystem nonsense right after this function returns.
// It also doesn't do the rename trick. The caller may do that.
static optional <SigningKey> generate (const string & file_path, const string & passphrase);
vector <uint8_t> to_msgpack () const;
static optional <HumanKeyFile> try_from_msgpack (const json & msg);
};
struct MachineKeyFile {
vector <uint8_t> secretkey;
Instant time_created;
string machine_id;
static optional <SigningKey> generate (const string & file_path);
vector <uint8_t> pubkey () const;
vector <uint8_t> to_msgpack () const;
static optional <MachineKeyFile> try_from_msgpack (const json & msg);
};
} }