From b0b6c5672ceaceb19aeda2d90aa1c6ee9498275e Mon Sep 17 00:00:00 2001
From: _ <_@_>
Date: Tue, 19 Jan 2021 17:59:49 -0600
Subject: [PATCH] update: improve CA key format

- Save with 0400 perms so PTTH won't accidentally serve them
- Save D-Bus machine ID if possible to detect when keys accidentally change machines
- Add random schema version
---
 bare_minimum_crypto/cpp/signing_key.cpp | 26 ++++++++++++++++++++++++-
 bare_minimum_crypto/cpp/signing_key.h   |  3 +++
 bare_minimum_crypto/schemas.md          |  3 +++
 bare_minimum_crypto/todo.md             |  1 +
 4 files changed, 32 insertions(+), 1 deletion(-)
 create mode 100644 bare_minimum_crypto/schemas.md

diff --git a/bare_minimum_crypto/cpp/signing_key.cpp b/bare_minimum_crypto/cpp/signing_key.cpp
index 112d9b2..809849a 100644
--- a/bare_minimum_crypto/cpp/signing_key.cpp
+++ b/bare_minimum_crypto/cpp/signing_key.cpp
@@ -1,5 +1,6 @@
 #include "signing_key.h"
 
+#include <filesystem>
 #include <fstream>
 
 #include "json.hpp"
@@ -8,12 +9,28 @@
 
 namespace BareMinimumCrypto {
 	using nlohmann::json;
+	namespace fs = std::filesystem;
+	
+	string get_machine_id () {
+		ifstream f;
+		f.open ("/etc/machine-id", ifstream::binary);
+		string machine_id;
+		if (! f.is_open ()) {
+			return machine_id;
+		}
+		
+		f >> machine_id;
+		return machine_id;
+	}
 	
 	vector <uint8_t> SigningKeyFile::to_msgpack () const {
 		const auto j = json {
+			// Breaking changes should generate a new Base32 schema.
+			{"schema", "3T6XF5DZ"},
 			{"salt", json::binary (salt)},
 			{"time_created", time_created.x},
 			{"pubkey", json::binary (pubkey)},
+			{"machine_id", machine_id},
 		};
 		return json::to_msgpack (j);
 	}
@@ -55,10 +72,13 @@ namespace BareMinimumCrypto {
 			return nullopt;
 		}
 		
+		const auto machine_id = get_machine_id ();
+		
 		SigningKeyFile key_on_disk {
 			salt,
 			Instant::now (),
-			key.pk
+			key.pk,
+			machine_id,
 		};
 		const auto msg = key_on_disk.to_msgpack ();
 		
@@ -67,6 +87,10 @@ namespace BareMinimumCrypto {
 		if (! f.is_open ()) {
 			return nullopt;
 		}
+		fs::permissions (file_path,
+			fs::perms::owner_read,
+			fs::perm_options::replace
+		);
 		
 		f.write ((const char *)msg.data (), msg.size ());
 		f.close ();
diff --git a/bare_minimum_crypto/cpp/signing_key.h b/bare_minimum_crypto/cpp/signing_key.h
index bf987d5..98102bc 100644
--- a/bare_minimum_crypto/cpp/signing_key.h
+++ b/bare_minimum_crypto/cpp/signing_key.h
@@ -11,10 +11,13 @@
 namespace BareMinimumCrypto {
 	using namespace std;
 	
+	string get_machine_id ();
+	
 	struct SigningKeyFile {
 		vector <uint8_t> salt;
 		Instant time_created;
 		vector <uint8_t> pubkey;
+		string machine_id;
 		
 		vector <uint8_t> to_msgpack () const;
 		static optional <SigningKeyFile> try_from_msgpack (const vector <uint8_t> & msg);
diff --git a/bare_minimum_crypto/schemas.md b/bare_minimum_crypto/schemas.md
new file mode 100644
index 0000000..9062970
--- /dev/null
+++ b/bare_minimum_crypto/schemas.md
@@ -0,0 +1,3 @@
+- 3T6XF5DZ
+
+3T6XF5DZ is a secret key protected by a passphrase.
diff --git a/bare_minimum_crypto/todo.md b/bare_minimum_crypto/todo.md
index 9cc3769..d8e9ad0 100644
--- a/bare_minimum_crypto/todo.md
+++ b/bare_minimum_crypto/todo.md
@@ -1 +1,2 @@
 - Use libsodium's secure memory when handling keys / seeds / passphrases
+- Test on Windows (machine_id won't work)