aboutsummaryrefslogtreecommitdiff
path: root/shard/lib/keys.ex
blob: f98deba133a6fd739357b177a540213038268130 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
defmodule Shard.Keys do
  @moduledoc"""
    Module for saving private keys.
  """

  use Agent
  require Logger

  @key_db [Application.get_env(:shard, :data_path), "key_db"] |> Path.join |> String.to_atom

  def start_link(_) do
    Agent.start_link(__MODULE__, :init, [], name: __MODULE__)
  end

  def init() do
    :dets.start
    {:ok, @key_db} = :dets.open_file(@key_db, [type: :set])
    for [pk, _] <- :dets.match(@key_db, {:'$1', :'$2'}) do
      Shard.Manifest.start %SApp.Identity.Manifest{pk: pk}
    end
    nil
  end

  defp gen_keypair(suffix, n \\ 0) do
    %{public: pk, secret: sk} = :enacl.sign_keypair
    if rem(n, 10000) == 0 do
      Logger.info "#{n}... expected #{:math.pow(256, byte_size(suffix))}"
    end
    if check_suffix(pk, suffix) do
      {pk, sk}
    else
      gen_keypair(suffix, n+1)
    end
  end

  defp check_suffix(pk, suffix) do
    :binary.longest_common_suffix([pk, suffix]) == byte_size(suffix)
  end

  def get_any_identity() do
    Agent.get(__MODULE__, fn _ ->
      case list_identities() do
        [x|_] -> x
        [] -> new_identity()
      end
    end)
  end

  @doc"""
  Generate a new keypair for a user identity, and start an Identity Shard for it.
  """
  def new_identity() do
    {pk, sk} = gen_keypair(Application.get_env(:shard, :identity_suffix))
    Logger.info "New identity: #{pk|>Base.encode16}"
    :dets.insert @key_db, {pk, sk}
    Shard.Manifest.start %SApp.Identity.Manifest{pk: pk}
    pk
  end

  @doc"""
  List the public keys of all identities for which we have a secret key
  """
  def list_identities() do
    for [pk, _sk] <- :dets.match(@key_db, {:"$1", :"$2"}), do: pk
  end

  @doc"""
    Lookup the secret key for a pk and sign a message with it.

    Returns the input value alongside its signature.

    Answer is {:ok, signed} if it worked, or :not_found if we didn't find the key.
  """
  def sign(pk, bin) do
    case :dets.lookup @key_db, pk do
      [{^pk, sk}] ->
        {:ok, :enacl.sign(bin, sk)}
      _ -> {:error, :not_found}
    end
  end

  @doc"""
    Checks the signature appended to a signed message corresponds to a public key.

    If correct, returns {:ok, original_message}
  """
  def open(pk, signed) do
    if valid_identity_pk? pk do
      :enacl.sign_open(signed, pk)
    else
      {:error, :invalid_pk_suffix}
    end
  end

  def have_sk?(pk) do
    case :dets.lookup @key_db, pk do
      [{^pk, _sk}] -> true
      _ -> false
    end
  end

  def get_sk(pk) do
    case :dets.lookup @key_db, pk do
      [{^pk, sk}] -> sk
      _ -> nil
    end
  end

  @doc"""
    Lookup the secret key for a pk and generate a detached signature for a message.

    The original message is not returned.

    Answer is {:ok, signature} if it worked, or :not_found if we didn't find the key.
    
  """
  def sign_detached(pk, bin) do
    case :dets.lookup @key_db, pk do
      [{^pk, sk}] ->
        {:ok, :enacl.sign_detached(bin, sk)}
      _ -> {:error, :not_found}
    end
  end

  @doc"""
    Verify a detached signature for a message

    Returns :ok if the signature was correct.
  """
  def verify(pk, bin, sign) do
    if valid_identity_pk? pk do
      case :enacl.sign_verify_detached(sign, bin, pk)  do
        {:ok, _} -> :ok
        err -> err
      end
    else
      {:error, :invalid_pk_suffix}
    end
  end

  @doc"""
    Check if a public key is a valid identity pk. Requirement: have the correct suffix.
  """
  def valid_identity_pk?(pk) do
    check_suffix(pk, Application.get_env(:shard, :identity_suffix))
  end

  def pk_display(pk) do
    pk
    |> binary_part(0, 4)
    |> Base.encode16
    |> String.downcase
  end
end