This repository has been archived by the owner on Sep 5, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 26
/
identity.go
94 lines (75 loc) · 2.5 KB
/
identity.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
package relaydaemon
import (
"bytes"
"fmt"
"os"
"github.com/libp2p/go-libp2p/core/crypto"
"github.com/libp2p/go-libp2p/core/pnet"
"golang.org/x/crypto/salsa20"
"golang.org/x/crypto/sha3"
)
// LoadIdentity reads a private key from the given path and, if it does not
// exist, generates a new one.
func LoadIdentity(idPath string) (crypto.PrivKey, error) {
if _, err := os.Stat(idPath); err == nil {
return ReadIdentity(idPath)
} else if os.IsNotExist(err) {
fmt.Printf("Generating peer identity in %s\n", idPath)
return GenerateIdentity(idPath)
} else {
return nil, err
}
}
// ReadIdentity reads a private key from the given path.
func ReadIdentity(path string) (crypto.PrivKey, error) {
bytes, err := os.ReadFile(path)
if err != nil {
return nil, err
}
return crypto.UnmarshalPrivateKey(bytes)
}
// GenerateIdentity writes a new random private key to the given path.
func GenerateIdentity(path string) (crypto.PrivKey, error) {
privk, _, err := crypto.GenerateKeyPair(crypto.Ed25519, 0)
if err != nil {
return nil, err
}
bytes, err := crypto.MarshalPrivateKey(privk)
if err != nil {
return nil, err
}
err = os.WriteFile(path, bytes, 0400)
return privk, err
}
// PNet fingerprint section is taken from github.com/ipfs/kubo/core/node/libp2p/pnet.go
// since the functions in that package were not exported.
// https://github.com/ipfs/kubo/blob/255e64e49e837afce534555f3451e2cffe9f0dcb/core/node/libp2p/pnet.go#L74
type PNetFingerprint []byte
// PNetFingerprint returns the given swarm key's fingerprint.
func pnetFingerprint(psk pnet.PSK) []byte {
var pskArr [32]byte
copy(pskArr[:], psk)
enc := make([]byte, 64)
zeros := make([]byte, 64)
out := make([]byte, 16)
// We encrypt data first so we don't feed PSK to hash function.
// Salsa20 function is not reversible thus increasing our security margin.
salsa20.XORKeyStream(enc, zeros, []byte("finprint"), &pskArr)
// Then do Shake-128 hash to reduce its length.
// This way if for some reason Shake is broken and Salsa20 preimage is possible,
// attacker has only half of the bytes necessary to recreate psk.
sha3.ShakeSum128(out, enc)
return out
}
// LoadSwarmKey loads a swarm key at the given filepath and decodes it as a PSKv1.
func LoadSwarmKey(path string) (pnet.PSK, PNetFingerprint, error) {
pskBytes, err := os.ReadFile(path)
if err != nil || pskBytes == nil {
return nil, nil, err
}
psk, err := pnet.DecodeV1PSK(bytes.NewReader(pskBytes))
if err != nil {
return nil, nil, err
}
return psk, pnetFingerprint(psk), nil
}