♻️ refactor

bare_minimum_crypto/cpp/bmc_main.cpp

@@ -115,6 +115,9 @@ int test () {
 		return 1;
 	}
 	
+	cerr << "crypto_sign_PUBLICKEYBYTES = " << crypto_sign_PUBLICKEYBYTES << endl;
+	cerr << "crypto_sign_SECRETKEYBYTES = " << crypto_sign_SECRETKEYBYTES << endl;
+	
 	// We generate a root key and keep it somewhere safe
 	// (offline, hopefully)
 	
@@ -179,7 +182,7 @@ int main (int argc, char ** argv) {
 		string passphrase;
 		cin >> passphrase;
 		
-		auto key_opt = SigningKey::generate_human_key_file (file_path, passphrase);
+		auto key_opt = HumanKeyFile::generate (file_path, passphrase);
 		if (! key_opt) {
 			cerr << "Error. Key was not generated" << endl;
 			return 1;
@@ -189,7 +192,7 @@ int main (int argc, char ** argv) {
 	else if (result.count ("generate-machine-key")) {
 		const auto file_path = result ["generate-machine-key"].as <string> ();
 		
-		auto key_opt = SigningKey::generate_machine_key_file (file_path);
+		auto key_opt = MachineKeyFile::generate (file_path);
 		if (! key_opt) {
 			cerr << "Error. Key was not generated" << endl;
 			return 1;

bare_minimum_crypto/cpp/signing_key.cpp

@@ -106,7 +106,7 @@ namespace BareMinimumCrypto {
 	
 	// Passphrases should be mandatory for keys that can sign other keys.
 	
-	optional <SigningKey> SigningKey::generate_human_key_file (const string & file_path, const string & passphrase) 
+	optional <SigningKey> HumanKeyFile::generate (const string & file_path, const string & passphrase) 
 	{
 		try_sodium_init ();
 		
@@ -133,10 +133,12 @@ namespace BareMinimumCrypto {
 		
 		// This generates a redundant key but that's fine.
 		SigningKey key;
-		key.pk.resize (crypto_sign_PUBLICKEYBYTES);
+		//key.pk.resize (crypto_sign_PUBLICKEYBYTES);
 		key.sk.resize (crypto_sign_SECRETKEYBYTES);
 		
-		if (crypto_sign_seed_keypair (key.pk.data (), key.sk.data (), seed.data ()) != 0) {
+		vector <uint8_t> pk;
+		pk.resize (crypto_sign_PUBLICKEYBYTES);
+		if (crypto_sign_seed_keypair (pk.data (), key.sk.data (), seed.data ()) != 0) {
 			return nullopt;
 		}
 		
@@ -145,7 +147,7 @@ namespace BareMinimumCrypto {
 		HumanKeyFile key_on_disk {
 			salt,
 			Instant::now (),
-			key.pk,
+			key.pubkey (),
 			machine_id,
 		};
 		const auto msg = key_on_disk.to_msgpack ();
@@ -157,7 +159,7 @@ namespace BareMinimumCrypto {
 		return key;
 	}
 	
-	optional <SigningKey> SigningKey::generate_machine_key_file (const string & file_path)
+	optional <SigningKey> MachineKeyFile::generate (const string & file_path)
 	{
 		const SigningKey key;
 		
@@ -180,6 +182,7 @@ namespace BareMinimumCrypto {
 	SigningKey::SigningKey () {
 		try_sodium_init ();
 		
+		vector <uint8_t> pk;
 		pk.resize (crypto_sign_PUBLICKEYBYTES);
 		sk.resize (crypto_sign_SECRETKEYBYTES);
 		
@@ -187,12 +190,15 @@ namespace BareMinimumCrypto {
 	}
 	
 	vector <uint8_t> SigningKey::pubkey () const {
+		vector <uint8_t> pk;
+		pk.resize (crypto_sign_PUBLICKEYBYTES);
+		crypto_sign_ed25519_sk_to_pk (pk.data (), sk.data ());
 		return pk;
 	}
 	
 	vector <uint8_t> SigningKey::pub_to_msgpack () const {
 		const json j = {
-			{"key", json::binary (pk)},
+			{"key", json::binary (pubkey ())},
 		};
 		return json::to_msgpack (j);
 	}

bare_minimum_crypto/cpp/signing_key.h

@@ -16,41 +16,11 @@ namespace BareMinimumCrypto {
 	
 	string get_machine_id ();
 	
-	struct HumanKeyFile {
-		vector <uint8_t> salt;
-		Instant time_created;
-		vector <uint8_t> pubkey;
-		string machine_id;
-		
-		vector <uint8_t> to_msgpack () const;
-		static optional <HumanKeyFile> try_from_msgpack (const json & msg);
-	};
-	
-	struct MachineKeyFile {
-		vector <uint8_t> secretkey;
-		Instant time_created;
-		string machine_id;
-		
-		vector <uint8_t> to_msgpack () const;
-		static optional <MachineKeyFile> try_from_msgpack (const json & msg);
-		
-		vector <uint8_t> pubkey () const;
-	};
-	
 	struct SigningKey {
-		vector <uint8_t> pk;
 		vector <uint8_t> sk;
 		
 		SigningKey ();
 		
-		// This doesn't fsync, so it's possible to lose the key due to a power outage
-		// or filesystem nonsense right after this function returns.
-		// It also doesn't do the rename trick. The caller may do that.
-		
-		static optional <SigningKey> generate_human_key_file (const string & file_path, const string & passphrase);
-		
-		static optional <SigningKey> generate_machine_key_file (const string & file_path);
-		
 		static optional <SigningKey> load_human_key_file (const string & file_path, const string & passphrase);
 		
 		vector <uint8_t> pubkey () const;
@@ -64,4 +34,33 @@ namespace BareMinimumCrypto {
 		optional <ExpiringSignature> sign_key (const SigningKey & k, Instant now) const;
 		optional <ExpiringSignature> sign_data (const vector <uint8_t> & v, Instant now) const;
 	};
+	
+	struct HumanKeyFile {
+		vector <uint8_t> salt;
+		Instant time_created;
+		vector <uint8_t> pubkey;
+		string machine_id;
+		
+		// This doesn't fsync, so it's possible to lose the key due to a power outage
+		// or filesystem nonsense right after this function returns.
+		// It also doesn't do the rename trick. The caller may do that.
+		
+		static optional <SigningKey> generate (const string & file_path, const string & passphrase);
+		
+		vector <uint8_t> to_msgpack () const;
+		static optional <HumanKeyFile> try_from_msgpack (const json & msg);
+	};
+	
+	struct MachineKeyFile {
+		vector <uint8_t> secretkey;
+		Instant time_created;
+		string machine_id;
+		
+		static optional <SigningKey> generate (const string & file_path);
+		
+		vector <uint8_t> pubkey () const;
+		
+		vector <uint8_t> to_msgpack () const;
+		static optional <MachineKeyFile> try_from_msgpack (const json & msg);
+	};
 }