diff --git a/backup/backup.go b/backup/backup.go index 464cc713ac95d3bff6c4aa9f7d32d07f4d5530b0..2d8b55e8a3ba388892aad7bcd8b274182c6fddce 100644 --- a/backup/backup.go +++ b/backup/backup.go @@ -21,7 +21,7 @@ import ( jww "github.com/spf13/jwalterweatherman" "gitlab.com/elixxir/crypto/backup" "gitlab.com/elixxir/crypto/fastRNG" - "gitlab.com/xx_network/crypto/signature/rsa" + "gitlab.com/elixxir/crypto/rsa" ) // Error messages. @@ -69,8 +69,8 @@ type Session interface { GetTransmissionSalt() []byte GetReceptionID() *id.ID GetReceptionSalt() []byte - GetReceptionRSA() *rsa.PrivateKey - GetTransmissionRSA() *rsa.PrivateKey + GetReceptionRSA() rsa.PrivateKey + GetTransmissionRSA() rsa.PrivateKey GetTransmissionRegistrationValidationSignature() []byte GetReceptionRegistrationValidationSignature() []byte GetRegistrationTimestamp() time.Time @@ -286,7 +286,7 @@ func (b *Backup) assembleBackup() backup.Backup { // Get transmission identity bu.TransmissionIdentity = backup.TransmissionIdentity{ - RSASigningPrivateKey: b.session.GetTransmissionRSA(), + RSASigningPrivateKey: b.session.GetTransmissionRSA().GetOldRSA(), RegistrarSignature: b.session.GetTransmissionRegistrationValidationSignature(), Salt: b.session.GetTransmissionSalt(), ComputedID: b.session.GetTransmissionID(), @@ -294,7 +294,7 @@ func (b *Backup) assembleBackup() backup.Backup { // Get reception identity bu.ReceptionIdentity = backup.ReceptionIdentity{ - RSASigningPrivateKey: b.session.GetReceptionRSA(), + RSASigningPrivateKey: b.session.GetReceptionRSA().GetOldRSA(), RegistrarSignature: b.session.GetReceptionRegistrationValidationSignature(), Salt: b.session.GetReceptionSalt(), ComputedID: b.session.GetReceptionID(), diff --git a/backup/backup_test.go b/backup/backup_test.go index cc501ffcc930313af1174d8c3d5eb3edbfb9454f..b3179f58ee4c7eac4f9f1342338e2b29d4f35090 100644 --- a/backup/backup_test.go +++ b/backup/backup_test.go @@ -279,13 +279,13 @@ func TestBackup_AddJson(t *testing.T) { RegistrationCode: s.regCode, RegistrationTimestamp: s.registrationTimestamp.UnixNano(), TransmissionIdentity: backup.TransmissionIdentity{ - RSASigningPrivateKey: s.transmissionRSA, + RSASigningPrivateKey: s.transmissionRSA.GetOldRSA(), RegistrarSignature: s.transmissionRegistrationValidationSignature, Salt: s.transmissionSalt, ComputedID: s.transmissionID, }, ReceptionIdentity: backup.ReceptionIdentity{ - RSASigningPrivateKey: s.receptionRSA, + RSASigningPrivateKey: s.receptionRSA.GetOldRSA(), RegistrarSignature: s.receptionRegistrationValidationSignature, Salt: s.receptionSalt, ComputedID: s.receptionID, @@ -318,13 +318,13 @@ func TestBackup_AddJson_badJson(t *testing.T) { RegistrationCode: s.regCode, RegistrationTimestamp: s.registrationTimestamp.UnixNano(), TransmissionIdentity: backup.TransmissionIdentity{ - RSASigningPrivateKey: s.transmissionRSA, + RSASigningPrivateKey: s.transmissionRSA.GetOldRSA(), RegistrarSignature: s.transmissionRegistrationValidationSignature, Salt: s.transmissionSalt, ComputedID: s.transmissionID, }, ReceptionIdentity: backup.ReceptionIdentity{ - RSASigningPrivateKey: s.receptionRSA, + RSASigningPrivateKey: s.receptionRSA.GetOldRSA(), RegistrarSignature: s.receptionRegistrationValidationSignature, Salt: s.receptionSalt, ComputedID: s.receptionID, @@ -358,13 +358,13 @@ func TestBackup_assembleBackup(t *testing.T) { RegistrationCode: s.regCode, RegistrationTimestamp: s.registrationTimestamp.UnixNano(), TransmissionIdentity: backup.TransmissionIdentity{ - RSASigningPrivateKey: s.transmissionRSA, + RSASigningPrivateKey: s.transmissionRSA.GetOldRSA(), RegistrarSignature: s.transmissionRegistrationValidationSignature, Salt: s.transmissionSalt, ComputedID: s.transmissionID, }, ReceptionIdentity: backup.ReceptionIdentity{ - RSASigningPrivateKey: s.receptionRSA, + RSASigningPrivateKey: s.receptionRSA.GetOldRSA(), RegistrarSignature: s.receptionRegistrationValidationSignature, Salt: s.receptionSalt, ComputedID: s.receptionID, diff --git a/backup/utils_test.go b/backup/utils_test.go index beecea4a4c9c94fcd21acc78ced939ef919ab143..7d6be439de9bd3cea6100f9dc08b29746340822e 100644 --- a/backup/utils_test.go +++ b/backup/utils_test.go @@ -12,9 +12,9 @@ import ( "time" "gitlab.com/elixxir/crypto/cyclic" + "gitlab.com/elixxir/crypto/rsa" "gitlab.com/elixxir/primitives/fact" "gitlab.com/xx_network/crypto/large" - "gitlab.com/xx_network/crypto/signature/rsa" "gitlab.com/xx_network/primitives/id" ) @@ -48,16 +48,17 @@ type mockSession struct { transmissionSalt []byte receptionID *id.ID receptionSalt []byte - receptionRSA *rsa.PrivateKey - transmissionRSA *rsa.PrivateKey + receptionRSA rsa.PrivateKey + transmissionRSA rsa.PrivateKey transmissionRegistrationValidationSignature []byte receptionRegistrationValidationSignature []byte registrationTimestamp time.Time } func newMockSession(t testing.TB) *mockSession { - receptionRSA, _ := rsa.LoadPrivateKeyFromPem([]byte(privKey)) - transmissionRSA, _ := rsa.LoadPrivateKeyFromPem([]byte(privKey)) + sch := rsa.GetScheme() + receptionRSA, _ := sch.UnmarshalPrivateKeyPEM([]byte(privKey)) + transmissionRSA, _ := sch.UnmarshalPrivateKeyPEM([]byte(privKey)) return &mockSession{ regCode: "regCode", @@ -73,13 +74,13 @@ func newMockSession(t testing.TB) *mockSession { } } -func (m mockSession) GetRegCode() (string, error) { return m.regCode, nil } -func (m mockSession) GetTransmissionID() *id.ID { return m.transmissionID } -func (m mockSession) GetTransmissionSalt() []byte { return m.transmissionSalt } -func (m mockSession) GetReceptionID() *id.ID { return m.receptionID } -func (m mockSession) GetReceptionSalt() []byte { return m.receptionSalt } -func (m mockSession) GetReceptionRSA() *rsa.PrivateKey { return m.receptionRSA } -func (m mockSession) GetTransmissionRSA() *rsa.PrivateKey { return m.transmissionRSA } +func (m mockSession) GetRegCode() (string, error) { return m.regCode, nil } +func (m mockSession) GetTransmissionID() *id.ID { return m.transmissionID } +func (m mockSession) GetTransmissionSalt() []byte { return m.transmissionSalt } +func (m mockSession) GetReceptionID() *id.ID { return m.receptionID } +func (m mockSession) GetReceptionSalt() []byte { return m.receptionSalt } +func (m mockSession) GetReceptionRSA() rsa.PrivateKey { return m.receptionRSA } +func (m mockSession) GetTransmissionRSA() rsa.PrivateKey { return m.transmissionRSA } func (m mockSession) GetTransmissionRegistrationValidationSignature() []byte { return m.transmissionRegistrationValidationSignature } diff --git a/cmix/nodes/interfaces.go b/cmix/nodes/interfaces.go index 469137c4412d47a09d1865e15b071aef649ddd80..9292306937f2c9d863ee071ff52f9713b479cbd4 100644 --- a/cmix/nodes/interfaces.go +++ b/cmix/nodes/interfaces.go @@ -13,9 +13,9 @@ import ( pb "gitlab.com/elixxir/comms/mixmessages" "gitlab.com/elixxir/comms/network" "gitlab.com/elixxir/crypto/cyclic" + "gitlab.com/elixxir/crypto/rsa" "gitlab.com/elixxir/primitives/format" "gitlab.com/xx_network/comms/connect" - "gitlab.com/xx_network/crypto/signature/rsa" "gitlab.com/xx_network/primitives/id" "time" ) @@ -84,7 +84,7 @@ type session interface { IsPrecanned() bool GetCmixGroup() *cyclic.Group GetKV() *versioned.KV - GetTransmissionRSA() *rsa.PrivateKey + GetTransmissionRSA() rsa.PrivateKey GetRegistrationTimestamp() time.Time GetTransmissionSalt() []byte GetTransmissionRegistrationValidationSignature() []byte diff --git a/cmix/nodes/verifyNodeSig.go b/cmix/nodes/publicOpts.go similarity index 57% rename from cmix/nodes/verifyNodeSig.go rename to cmix/nodes/publicOpts.go index 55ae44c551fceffc76c170ee213d3e7b7db3dc8b..4a1c10a69b9538e8ee9639a85e31ee6189ceea29 100644 --- a/cmix/nodes/verifyNodeSig.go +++ b/cmix/nodes/publicOpts.go @@ -10,15 +10,23 @@ package nodes import ( - "crypto" "github.com/pkg/errors" + "gitlab.com/elixxir/crypto/hash" "gitlab.com/xx_network/crypto/tls" + "io" - "gitlab.com/xx_network/crypto/signature/rsa" + "gitlab.com/elixxir/crypto/rsa" ) -func verifyNodeSignature(certContents string, hash crypto.Hash, - hashed []byte, sig []byte, opts *rsa.Options) error { +func useSHA() bool { + return false +} + +func verifyNodeSignature(certContents string, hashed []byte, sig []byte) error { + + opts := rsa.NewDefaultPSSOptions() + + sch := rsa.GetScheme() // Load nodes certificate gatewayCert, err := tls.LoadCertificate(certContents) @@ -27,11 +35,22 @@ func verifyNodeSignature(certContents string, hash crypto.Hash, } // Extract public key - nodePubKey, err := tls.ExtractPublicKey(gatewayCert) + nodePubKeyOld, err := tls.ExtractPublicKey(gatewayCert) if err != nil { return errors.Errorf("Unable to load node's public key: %v", err) } + nodePubKey := sch.ConvertPublic(&nodePubKeyOld.PublicKey) + + // Verify the response signature + return nodePubKey.VerifyPSS(opts.Hash, hashed, sig, opts) +} + +func signRegistrationRequest(rng io.Reader, hashed []byte, privateKey rsa.PrivateKey) ([]byte, error) { + + opts := rsa.NewDefaultPSSOptions() + opts.Hash = hash.CMixHash + // Verify the response signature - return rsa.Verify(nodePubKey, hash, hashed, sig, opts) + return privateKey.SignPSS(rng, opts.Hash, hashed, opts) } diff --git a/cmix/nodes/publicOpts_js.go b/cmix/nodes/publicOpts_js.go new file mode 100644 index 0000000000000000000000000000000000000000..1bb4f447b0147b1b45be616b206fa060f4412133 --- /dev/null +++ b/cmix/nodes/publicOpts_js.go @@ -0,0 +1,52 @@ +//////////////////////////////////////////////////////////////////////////////// +// Copyright © 2022 xx foundation // +// // +// Use of this source code is governed by a license that can be found in the // +// LICENSE file. // +//////////////////////////////////////////////////////////////////////////////// + +//go:build js && wasm + +package nodes + +import ( + "gitlab.com/xx_network/crypto/signature/rsa" +) + +func useSHA() bool { + return true +} + +func verifyNodeSignature(certContents string, hashed []byte, sig []byte) error { + + opts := rsa.NewDefaultPSSOptions() + opts.Hash = crypto.SHA256 + + sch := rsa.GetScheme() + + // Load nodes certificate + gatewayCert, err := tls.LoadCertificate(certContents) + if err != nil { + return errors.Errorf("Unable to load nodes's certificate: %+v", err) + } + + // Extract public key + nodePubKeyOld, err := tls.ExtractPublicKey(gatewayCert) + if err != nil { + return errors.Errorf("Unable to load node's public key: %v", err) + } + + nodePubKey := sch.ConvertPublic(&nodePubKeyOld.PublicKey) + + // Verify the response signature + return nodePubKey.VerifyPSS(opts.Hash, hashed, sig, opts) +} + +func signRegistrationRequest(rng io.Reader, hashed []byte, privateKey rsa.PrivateKey) ([]byte, error) { + + opts := rsa.NewDefaultPSSOptions() + opts.Hash = crypto.SHA256 + + // Verify the response signature + return privateKey.SignPSS(rng, opts.Hash, hashed, opts) +} diff --git a/cmix/nodes/register_test.go b/cmix/nodes/register_test.go index 0ebbdd4171f8a80b99b312071c030c748289f060..1a14f984ac23d3ee4a9c0775b52b08708b195887 100644 --- a/cmix/nodes/register_test.go +++ b/cmix/nodes/register_test.go @@ -11,8 +11,8 @@ import ( "gitlab.com/elixxir/client/v4/stoppable" "gitlab.com/elixxir/comms/network" "gitlab.com/elixxir/crypto/fastRNG" + "gitlab.com/elixxir/crypto/rsa" "gitlab.com/xx_network/crypto/csprng" - "gitlab.com/xx_network/crypto/signature/rsa" "gitlab.com/xx_network/primitives/id" "gitlab.com/xx_network/primitives/ndf" "testing" @@ -21,6 +21,8 @@ import ( // Unit test for registerWithNode func TestRegisterWithNode(t *testing.T) { + sch := rsa.GetScheme() + // Generate a stoppable stop := stoppable.NewSingle("test") defer stop.Quit() @@ -30,7 +32,7 @@ func TestRegisterWithNode(t *testing.T) { defer stream.Close() /// Load private key - privKeyRsa, err := rsa.LoadPrivateKeyFromPem([]byte(privKey)) + privKeyRsa, err := sch.UnmarshalPrivateKeyPEM([]byte(privKey)) if err != nil { t.Fatalf("Failed to load private Key: %v", err) } diff --git a/cmix/nodes/request.go b/cmix/nodes/request.go index fe2d620c2b6590edf45c807ccca7bc1886b9ef20..12830d5954235ca21cd694cae10f17224183e4cb 100644 --- a/cmix/nodes/request.go +++ b/cmix/nodes/request.go @@ -26,7 +26,6 @@ import ( "gitlab.com/xx_network/comms/messages" "gitlab.com/xx_network/crypto/chacha" "gitlab.com/xx_network/crypto/csprng" - "gitlab.com/xx_network/crypto/signature/rsa" "gitlab.com/xx_network/primitives/id" "gitlab.com/xx_network/primitives/netTime" ) @@ -108,7 +107,7 @@ func makeSignedKeyRequest(s session, rng io.Reader, gwId *id.ID, dhPub *cyclic.Int) (*pb.SignedClientKeyRequest, error) { // Reconstruct client confirmation message - userPubKeyRSA := rsa.CreatePublicKeyPem(s.GetTransmissionRSA().GetPublic()) + userPubKeyRSA := s.GetTransmissionRSA().Public().MarshalPem() confirmation := &pb.ClientRegistrationConfirmation{ RSAPubKey: string(userPubKeyRSA), Timestamp: s.GetRegistrationTimestamp().UnixNano(), @@ -138,13 +137,10 @@ func makeSignedKeyRequest(s session, rng io.Reader, } // Sign DH public key - opts := rsa.NewDefaultOptions() - opts.Hash = hash.CMixHash - h := opts.Hash.New() + h := hash.CMixHash.New() h.Write(serializedMessage) data := h.Sum(nil) - clientSig, err := rsa.Sign(rng, s.GetTransmissionRSA(), opts.Hash, - data, opts) + clientSig, err := signRegistrationRequest(rng, data, s.GetTransmissionRSA()) if err != nil { return nil, err } @@ -154,6 +150,7 @@ func makeSignedKeyRequest(s session, rng io.Reader, ClientKeyRequest: serializedMessage, ClientKeyRequestSignature: &messages.RSASignature{Signature: clientSig}, Target: gwId.Bytes(), + UseSHA: useSHA(), } return signedRequest, nil @@ -164,10 +161,7 @@ func makeSignedKeyRequest(s session, rng io.Reader, func processRequestResponse(signedKeyResponse *pb.SignedKeyResponse, ngw network.NodeGateway, grp *cyclic.Group, dhPrivKey *cyclic.Int) (*cyclic.Int, []byte, uint64, error) { - // Define hashing algorithm - opts := rsa.NewDefaultOptions() - opts.Hash = hash.CMixHash - h := opts.Hash.New() + h := hash.CMixHash.New() // Hash the response h.Reset() @@ -175,8 +169,8 @@ func processRequestResponse(signedKeyResponse *pb.SignedKeyResponse, hashedResponse := h.Sum(nil) // Verify the response signature - err := verifyNodeSignature(ngw.Gateway.TlsCertificate, opts.Hash, hashedResponse, - signedKeyResponse.KeyResponseSignedByGateway.Signature, opts) + err := verifyNodeSignature(ngw.Gateway.TlsCertificate, hashedResponse, + signedKeyResponse.KeyResponseSignedByGateway.Signature) if err != nil { return nil, nil, 0, errors.Errorf("Could not verify nodes's signature: %v", err) @@ -207,7 +201,7 @@ func processRequestResponse(signedKeyResponse *pb.SignedKeyResponse, jww.TRACE.Printf("[ClientKeyHMAC] EncryptedClientKeyHMAC: %+v", keyResponse.EncryptedClientKeyHMAC) if !registration.VerifyClientHMAC(sessionKey.Bytes(), - keyResponse.EncryptedClientKey, opts.Hash.New, + keyResponse.EncryptedClientKey, hash.CMixHash.New, keyResponse.EncryptedClientKeyHMAC) { return nil, nil, 0, errors.New("Failed to verify client HMAC") } diff --git a/cmix/nodes/utils_test.go b/cmix/nodes/utils_test.go index 68fb6ccde10ad75ac6a2b2ea4e52fe0a6d5b3122..22ff7db930a69f74fa5b923c43044ff0dfb3ca95 100644 --- a/cmix/nodes/utils_test.go +++ b/cmix/nodes/utils_test.go @@ -19,12 +19,12 @@ import ( "gitlab.com/elixxir/crypto/fastRNG" "gitlab.com/elixxir/crypto/hash" "gitlab.com/elixxir/crypto/registration" + "gitlab.com/elixxir/crypto/rsa" "gitlab.com/xx_network/comms/connect" "gitlab.com/xx_network/comms/messages" "gitlab.com/xx_network/crypto/chacha" "gitlab.com/xx_network/crypto/csprng" "gitlab.com/xx_network/crypto/large" - "gitlab.com/xx_network/crypto/signature/rsa" "gitlab.com/xx_network/crypto/xx" "gitlab.com/xx_network/primitives/id" "gitlab.com/xx_network/primitives/ndf" @@ -157,7 +157,7 @@ func (m mockSender) GetHostParams() connect.HostParams { type mockSession struct { isPrecanned bool - privKey *rsa.PrivateKey + privKey rsa.PrivateKey timeStamp time.Time salt []byte transmissionSig []byte @@ -179,7 +179,7 @@ func (m mockSession) IsPrecanned() bool { return m.isPrecanned } -func (m mockSession) GetTransmissionRSA() *rsa.PrivateKey { +func (m mockSession) GetTransmissionRSA() rsa.PrivateKey { return m.privKey } @@ -201,7 +201,7 @@ func (m mockSession) GetTransmissionRegistrationValidationSignature() []byte { // Mock client comms object adhering to RegisterNodeCommsInterface for testing. type MockClientComms struct { - rsaPrivKey *rsa.PrivateKey + rsaPrivKey rsa.PrivateKey dhPrivKey *cyclic.Int rand csprng.Source grp *cyclic.Group @@ -235,20 +235,22 @@ func (m *MockClientComms) SendRequestClientKeyMessage(_ *connect.Host, } // Define hashing algorithm - opts := rsa.NewDefaultOptions() + opts := rsa.NewDefaultPSSOptions() opts.Hash = hash.CMixHash h := opts.Hash.New() + sch := rsa.GetScheme() + // Extract RSA pubkey clientRsaPub := clientTransmissionConfirmation.RSAPubKey // Assemble client public key into rsa.PublicKey - userPublicKey, err := rsa.LoadPublicKeyFromPem([]byte(clientRsaPub)) + userPublicKey, err := sch.UnmarshalPublicKeyPEM([]byte(clientRsaPub)) if err != nil { m.t.Fatalf("Failed to load public key: %+v", err) } // Parse user ID - userId, err := xx.NewID(userPublicKey, msg.GetSalt(), id.User) + userId, err := xx.NewID(userPublicKey.GetOldRSA(), msg.GetSalt(), id.User) if err != nil { m.t.Fatalf("Failed to generate user id: %+v", err) } @@ -298,7 +300,7 @@ func (m *MockClientComms) SendRequestClientKeyMessage(_ *connect.Host, hashed := h.Sum(nil) // Sign the nonce - signed, err := rsa.Sign(m.rand, m.rsaPrivKey, opts.Hash, hashed, opts) + signed, err := m.rsaPrivKey.SignPSS(m.rand, opts.Hash, hashed, opts) if err != nil { m.t.Fatalf("Failed to sign a request (as mock gateway): %+v", err) } diff --git a/cmix/nodes/verifyNodeSig_js.go b/cmix/nodes/verifyNodeSig_js.go deleted file mode 100644 index 6bc339bd38273160ce8a13515225c944d2d7f3a8..0000000000000000000000000000000000000000 --- a/cmix/nodes/verifyNodeSig_js.go +++ /dev/null @@ -1,23 +0,0 @@ -//////////////////////////////////////////////////////////////////////////////// -// Copyright © 2022 xx foundation // -// // -// Use of this source code is governed by a license that can be found in the // -// LICENSE file. // -//////////////////////////////////////////////////////////////////////////////// - -//go:build js && wasm - -package nodes - -import ( - "crypto" - - jww "github.com/spf13/jwalterweatherman" - "gitlab.com/xx_network/crypto/signature/rsa" -) - -func verifyNodeSignature(pub string, hash crypto.Hash, - hashed []byte, sig []byte, opts *rsa.Options) error { - jww.WARN.Printf("node signature checking disabled for wasm") - return nil -} diff --git a/connect/authenticated.go b/connect/authenticated.go index 628d22bf1203ec21f8847100e3d66e6c9d2238ca..f679c4852191491dbaad72a71c542c46b0617f3e 100644 --- a/connect/authenticated.go +++ b/connect/authenticated.go @@ -19,7 +19,7 @@ import ( "gitlab.com/elixxir/client/v4/xxdk" "gitlab.com/elixxir/crypto/contact" "gitlab.com/elixxir/crypto/fastRNG" - "gitlab.com/xx_network/crypto/signature/rsa" + "gitlab.com/elixxir/crypto/rsa" "gitlab.com/xx_network/primitives/id" "gitlab.com/xx_network/primitives/netTime" ) @@ -79,7 +79,7 @@ func ConnectWithAuthentication(recipient contact.Contact, user *xxdk.E2e, // the server. This will wait until the round it sends on completes or a // timeout occurs. func connectWithAuthentication(conn Connection, timeStart time.Time, - recipient contact.Contact, salt []byte, myRsaPrivKey *rsa.PrivateKey, + recipient contact.Contact, salt []byte, myRsaPrivKey rsa.PrivateKey, rng *fastRNG.StreamGenerator, net cmix.Client, p xxdk.E2EParams) (AuthenticatedConnection, error) { // Construct message to prove your identity to the server diff --git a/connect/authenticated_test.go b/connect/authenticated_test.go index 21162751083d3faa878590b1d369a4c57a9465df..c7dd52b093cd65393f2f87d64dbb232beaa1aa6e 100644 --- a/connect/authenticated_test.go +++ b/connect/authenticated_test.go @@ -16,8 +16,8 @@ import ( "gitlab.com/elixxir/crypto/contact" "gitlab.com/elixxir/crypto/diffieHellman" "gitlab.com/elixxir/crypto/fastRNG" + "gitlab.com/elixxir/crypto/rsa" "gitlab.com/xx_network/crypto/csprng" - "gitlab.com/xx_network/crypto/signature/rsa" "gitlab.com/xx_network/crypto/xx" "gitlab.com/xx_network/primitives/id" ) @@ -42,14 +42,16 @@ func TestConnectWithAuthentication(t *testing.T) { salt := make([]byte, 32) copy(salt, "salt") - myRsaPrivKey, err := rsa.LoadPrivateKeyFromPem(getPrivKey()) + sch := rsa.GetScheme() + + myRsaPrivKey, err := sch.UnmarshalPrivateKeyPEM(getPrivKey()) if err != nil { t.Fatalf("Failed to load private key: %v", err) } // Construct client ID the proper way as server will need to verify it // using the xx.NewID function call - myId, err := xx.NewID(myRsaPrivKey.GetPublic(), salt, id.User) + myId, err := xx.NewID(myRsaPrivKey.Public().GetOldRSA(), salt, id.User) if err != nil { t.Fatalf("Failed to generate client's id: %+v", err) } diff --git a/connect/client.go b/connect/client.go index 49e47f4414ab214ed018b821bea5870c06e467d7..a5f206f637723a4f91e31fce06975e2e2d351cc7 100644 --- a/connect/client.go +++ b/connect/client.go @@ -12,13 +12,13 @@ import ( "github.com/pkg/errors" "gitlab.com/elixxir/client/v4/e2e/ratchet/partner" "gitlab.com/elixxir/crypto/fastRNG" - "gitlab.com/xx_network/crypto/signature/rsa" + "gitlab.com/elixxir/crypto/rsa" ) // buildClientAuthRequest is a helper function which constructs a marshalled // IdentityAuthentication message. func buildClientAuthRequest(newPartner partner.Manager, - rng *fastRNG.StreamGenerator, rsaPrivKey *rsa.PrivateKey, + rng *fastRNG.StreamGenerator, rsaPrivKey rsa.PrivateKey, salt []byte) ([]byte, error) { // Create signature @@ -28,7 +28,7 @@ func buildClientAuthRequest(newPartner partner.Manager, signature, err := sign(stream, rsaPrivKey, connectionFp) // Construct message - pemEncodedRsaPubKey := rsa.CreatePublicKeyPem(rsaPrivKey.GetPublic()) + pemEncodedRsaPubKey := rsaPrivKey.Public().MarshalPem() iar := &IdentityAuthentication{ Signature: signature, RsaPubKey: pemEncodedRsaPubKey, diff --git a/connect/crypto.go b/connect/crypto.go index 61714203fb05c659a65ee2517196cc4f583dc080..9420d8167a7bf840e846e9f6c49d4984a9f64783 100644 --- a/connect/crypto.go +++ b/connect/crypto.go @@ -9,35 +9,34 @@ package connect import ( "github.com/pkg/errors" - "gitlab.com/xx_network/crypto/signature/rsa" + "gitlab.com/elixxir/crypto/rsa" "gitlab.com/xx_network/crypto/xx" "gitlab.com/xx_network/primitives/id" "io" ) // Sign creates a signature authenticating an identity for a connection. -func sign(rng io.Reader, rsaPrivKey *rsa.PrivateKey, +func sign(rng io.Reader, rsaPrivKey rsa.PrivateKey, connectionFp []byte) ([]byte, error) { // The connection fingerprint (hashed) will be used as a nonce - opts := rsa.NewDefaultOptions() + opts := rsa.NewDefaultPSSOptions() h := opts.Hash.New() h.Write(connectionFp) nonce := h.Sum(nil) // Sign the connection fingerprint - return rsa.Sign(rng, rsaPrivKey, - opts.Hash, nonce, opts) + return rsaPrivKey.SignPSS(rng, opts.Hash, nonce, opts) } // Verify takes a signature for an authentication attempt // and verifies the information. -func verify(partnerId *id.ID, partnerPubKey *rsa.PublicKey, +func verify(partnerId *id.ID, partnerPubKey rsa.PublicKey, signature, connectionFp, salt []byte) error { // Verify the partner's known ID against the information passed // along the wire - partnerWireId, err := xx.NewID(partnerPubKey, salt, id.User) + partnerWireId, err := xx.NewID(partnerPubKey.GetOldRSA(), salt, id.User) if err != nil { return err } @@ -47,13 +46,13 @@ func verify(partnerId *id.ID, partnerPubKey *rsa.PublicKey, } // Hash the connection fingerprint - opts := rsa.NewDefaultOptions() + opts := rsa.NewDefaultPSSOptions() h := opts.Hash.New() h.Write(connectionFp) nonce := h.Sum(nil) // Verify the signature - err = rsa.Verify(partnerPubKey, opts.Hash, nonce, signature, opts) + err = partnerPubKey.VerifyPSS(opts.Hash, nonce, signature, opts) if err != nil { return err } diff --git a/connect/crypto_test.go b/connect/crypto_test.go index 0cec007eb478ab853a180e01213f41ac65256585..18493f2f476f609ad2d541b9472ab1f79b8b1e29 100644 --- a/connect/crypto_test.go +++ b/connect/crypto_test.go @@ -11,7 +11,7 @@ import ( "bytes" "testing" - "gitlab.com/xx_network/crypto/signature/rsa" + "gitlab.com/elixxir/crypto/rsa" "gitlab.com/xx_network/crypto/xx" "gitlab.com/xx_network/primitives/id" ) @@ -57,7 +57,9 @@ func TestSignVerify_Consistency(t *testing.T) { // use insecure seeded rng to reproduce key notRand := &CountingReader{count: uint8(0)} - privKey, err := rsa.GenerateKey(notRand, 1024) + sch := rsa.GetScheme() + + privKey, err := sch.Generate(notRand, 1024) if err != nil { t.Fatalf("SignVerify error: "+ "Could not generate key: %v", err.Error()) @@ -73,12 +75,12 @@ func TestSignVerify_Consistency(t *testing.T) { salt := make([]byte, 32) copy(salt, "salt") - partnerId, err := xx.NewID(privKey.GetPublic(), salt, id.User) + partnerId, err := xx.NewID(privKey.Public().GetOldRSA(), salt, id.User) if err != nil { t.Fatalf("NewId error: %v", err) } - err = verify(partnerId, privKey.GetPublic(), signature, connFp, salt) + err = verify(partnerId, privKey.Public(), signature, connFp, salt) if err != nil { t.Fatalf("Verify error: %v", err) } diff --git a/connect/server.go b/connect/server.go index 84981f7ea25587b0bdb5dc84def9eaff2156cb2a..cf71b41e6b5bf2f1cf5c397c11acbbc1e3aa4229 100644 --- a/connect/server.go +++ b/connect/server.go @@ -11,7 +11,7 @@ import ( "github.com/golang/protobuf/proto" jww "github.com/spf13/jwalterweatherman" "gitlab.com/elixxir/client/v4/e2e/receive" - "gitlab.com/xx_network/crypto/signature/rsa" + "gitlab.com/elixxir/crypto/rsa" "gitlab.com/xx_network/primitives/id" ) @@ -64,8 +64,10 @@ func (a serverListener) Hear(item receive.Message) { newPartner := a.conn.GetPartner() connectionFp := newPartner.ConnectionFingerprint().Bytes() + sch := rsa.GetScheme() + // Process the PEM encoded public key to an rsa.PublicKey object - partnerPubKey, err := rsa.LoadPublicKeyFromPem(iar.RsaPubKey) + partnerPubKey, err := sch.UnmarshalPublicKeyPEM(iar.RsaPubKey) if err != nil { a.handleAuthConfirmationErr(err, item.Sender) } diff --git a/fileTransfer/connect/utils_test.go b/fileTransfer/connect/utils_test.go index a6d101db7b0f6683780b8ca621b78135508df32a..dad4999cda72c07bb0b6f19072b1a51d38d3b879 100644 --- a/fileTransfer/connect/utils_test.go +++ b/fileTransfer/connect/utils_test.go @@ -32,13 +32,13 @@ import ( "gitlab.com/elixxir/crypto/cyclic" cryptoE2e "gitlab.com/elixxir/crypto/e2e" "gitlab.com/elixxir/crypto/fastRNG" + "gitlab.com/elixxir/crypto/rsa" "gitlab.com/elixxir/ekv" "gitlab.com/elixxir/primitives/format" "gitlab.com/elixxir/primitives/version" "gitlab.com/xx_network/comms/connect" "gitlab.com/xx_network/crypto/csprng" "gitlab.com/xx_network/crypto/large" - "gitlab.com/xx_network/crypto/signature/rsa" "gitlab.com/xx_network/primitives/id" "gitlab.com/xx_network/primitives/id/ephemeral" "gitlab.com/xx_network/primitives/ndf" @@ -352,8 +352,8 @@ func (m *mockStorage) GetTransmissionID() *id.ID { func (m *mockStorage) GetTransmissionSalt() []byte { panic("implement me") } func (m *mockStorage) GetReceptionID() *id.ID { panic("implement me") } func (m *mockStorage) GetReceptionSalt() []byte { panic("implement me") } -func (m *mockStorage) GetReceptionRSA() *rsa.PrivateKey { panic("implement me") } -func (m *mockStorage) GetTransmissionRSA() *rsa.PrivateKey { panic("implement me") } +func (m *mockStorage) GetReceptionRSA() rsa.PrivateKey { panic("implement me") } +func (m *mockStorage) GetTransmissionRSA() rsa.PrivateKey { panic("implement me") } func (m *mockStorage) IsPrecanned() bool { panic("implement me") } func (m *mockStorage) SetUsername(string) error { panic("implement me") } func (m *mockStorage) GetUsername() (string, error) { panic("implement me") } diff --git a/fileTransfer/e2e/utils_test.go b/fileTransfer/e2e/utils_test.go index efa4cc07e3a39f41dbdbe9d50b537326b527c1c3..ceb87f3409fed45138984193a73edb285e7369e0 100644 --- a/fileTransfer/e2e/utils_test.go +++ b/fileTransfer/e2e/utils_test.go @@ -33,13 +33,13 @@ import ( "gitlab.com/elixxir/crypto/cyclic" cryptoE2e "gitlab.com/elixxir/crypto/e2e" "gitlab.com/elixxir/crypto/fastRNG" + "gitlab.com/elixxir/crypto/rsa" "gitlab.com/elixxir/ekv" "gitlab.com/elixxir/primitives/format" "gitlab.com/elixxir/primitives/version" "gitlab.com/xx_network/comms/connect" "gitlab.com/xx_network/crypto/csprng" "gitlab.com/xx_network/crypto/large" - "gitlab.com/xx_network/crypto/signature/rsa" "gitlab.com/xx_network/primitives/id" "gitlab.com/xx_network/primitives/id/ephemeral" "gitlab.com/xx_network/primitives/ndf" @@ -377,8 +377,8 @@ func (m *mockStorage) GetTransmissionID() *id.ID { func (m *mockStorage) GetTransmissionSalt() []byte { panic("implement me") } func (m *mockStorage) GetReceptionID() *id.ID { panic("implement me") } func (m *mockStorage) GetReceptionSalt() []byte { panic("implement me") } -func (m *mockStorage) GetReceptionRSA() *rsa.PrivateKey { panic("implement me") } -func (m *mockStorage) GetTransmissionRSA() *rsa.PrivateKey { panic("implement me") } +func (m *mockStorage) GetReceptionRSA() rsa.PrivateKey { panic("implement me") } +func (m *mockStorage) GetTransmissionRSA() rsa.PrivateKey { panic("implement me") } func (m *mockStorage) IsPrecanned() bool { panic("implement me") } func (m *mockStorage) SetUsername(string) error { panic("implement me") } func (m *mockStorage) GetUsername() (string, error) { panic("implement me") } diff --git a/fileTransfer/groupChat/utils_test.go b/fileTransfer/groupChat/utils_test.go index 063a14c4ed268496eb3479833e8560124e2ba16b..bf2d3c83816326e15e35f823b9234e1db0ec999e 100644 --- a/fileTransfer/groupChat/utils_test.go +++ b/fileTransfer/groupChat/utils_test.go @@ -29,13 +29,13 @@ import ( "gitlab.com/elixxir/crypto/cyclic" "gitlab.com/elixxir/crypto/fastRNG" "gitlab.com/elixxir/crypto/group" + "gitlab.com/elixxir/crypto/rsa" "gitlab.com/elixxir/ekv" "gitlab.com/elixxir/primitives/format" "gitlab.com/elixxir/primitives/version" "gitlab.com/xx_network/comms/connect" "gitlab.com/xx_network/crypto/csprng" "gitlab.com/xx_network/crypto/large" - "gitlab.com/xx_network/crypto/signature/rsa" "gitlab.com/xx_network/primitives/id" "gitlab.com/xx_network/primitives/id/ephemeral" "gitlab.com/xx_network/primitives/ndf" @@ -314,8 +314,8 @@ func (m *mockStorage) GetTransmissionID() *id.ID { func (m *mockStorage) GetTransmissionSalt() []byte { panic("implement me") } func (m *mockStorage) GetReceptionID() *id.ID { panic("implement me") } func (m *mockStorage) GetReceptionSalt() []byte { panic("implement me") } -func (m *mockStorage) GetReceptionRSA() *rsa.PrivateKey { panic("implement me") } -func (m *mockStorage) GetTransmissionRSA() *rsa.PrivateKey { panic("implement me") } +func (m *mockStorage) GetReceptionRSA() rsa.PrivateKey { panic("implement me") } +func (m *mockStorage) GetTransmissionRSA() rsa.PrivateKey { panic("implement me") } func (m *mockStorage) IsPrecanned() bool { panic("implement me") } func (m *mockStorage) SetUsername(string) error { panic("implement me") } func (m *mockStorage) GetUsername() (string, error) { panic("implement me") } diff --git a/fileTransfer/utils_test.go b/fileTransfer/utils_test.go index e7d71cb92ed63b695858a0bb636dc57583e6101f..9c1c2f700871dcfe366fb8b79c4274efb2427654 100644 --- a/fileTransfer/utils_test.go +++ b/fileTransfer/utils_test.go @@ -32,13 +32,13 @@ import ( "gitlab.com/elixxir/comms/network" "gitlab.com/elixxir/crypto/cyclic" "gitlab.com/elixxir/crypto/fastRNG" + "gitlab.com/elixxir/crypto/rsa" "gitlab.com/elixxir/ekv" "gitlab.com/elixxir/primitives/format" "gitlab.com/elixxir/primitives/version" "gitlab.com/xx_network/comms/connect" "gitlab.com/xx_network/crypto/csprng" "gitlab.com/xx_network/crypto/large" - "gitlab.com/xx_network/crypto/signature/rsa" "gitlab.com/xx_network/primitives/id" "gitlab.com/xx_network/primitives/id/ephemeral" "gitlab.com/xx_network/primitives/ndf" @@ -326,8 +326,8 @@ func (m *mockStorage) GetTransmissionID() *id.ID { func (m *mockStorage) GetTransmissionSalt() []byte { panic("implement me") } func (m *mockStorage) GetReceptionID() *id.ID { panic("implement me") } func (m *mockStorage) GetReceptionSalt() []byte { panic("implement me") } -func (m *mockStorage) GetReceptionRSA() *rsa.PrivateKey { panic("implement me") } -func (m *mockStorage) GetTransmissionRSA() *rsa.PrivateKey { panic("implement me") } +func (m *mockStorage) GetReceptionRSA() rsa.PrivateKey { panic("implement me") } +func (m *mockStorage) GetTransmissionRSA() rsa.PrivateKey { panic("implement me") } func (m *mockStorage) IsPrecanned() bool { panic("implement me") } func (m *mockStorage) SetUsername(string) error { panic("implement me") } func (m *mockStorage) GetUsername() (string, error) { panic("implement me") } diff --git a/go.mod b/go.mod index c7eea03933739948b7698df558373ab8515ec97f..bef1fd0bf5e7762fcd70d971a0e2af5d70092680 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/stretchr/testify v1.8.0 gitlab.com/elixxir/bloomfilter v0.0.0-20211222005329-7d931ceead6f gitlab.com/elixxir/comms v0.0.4-0.20230109184457-e10f20295430 - gitlab.com/elixxir/crypto v0.0.7-0.20230109182503-bd51c95bdcb3 + gitlab.com/elixxir/crypto v0.0.7-0.20230109203157-b204428f48f2 gitlab.com/elixxir/ekv v0.2.1 gitlab.com/elixxir/primitives v0.0.3-0.20221214192222-988b44a6958a gitlab.com/xx_network/comms v0.0.4-0.20230109184153-4cb43814fa1d diff --git a/go.sum b/go.sum index 2572110c7e64d3bb20e182d60d4ef83d673c50c7..45c3b74a9414e380657b9cbb83ae41ac6d09e0a5 100644 --- a/go.sum +++ b/go.sum @@ -497,6 +497,8 @@ gitlab.com/elixxir/comms v0.0.4-0.20230109184457-e10f20295430 h1:OydFdoBbLz5iFzC gitlab.com/elixxir/comms v0.0.4-0.20230109184457-e10f20295430/go.mod h1:aFnxDpIxEEFHdAa2dEeydzo00u/IAcfrqPSEnmeffbY= gitlab.com/elixxir/crypto v0.0.7-0.20230109182503-bd51c95bdcb3 h1:5au07K9R4K4RMRTGqdB+EB1hzAezcXuxxblZx17geDc= gitlab.com/elixxir/crypto v0.0.7-0.20230109182503-bd51c95bdcb3/go.mod h1:7whUm4bnEdEoiVfMnu3TbHgvlrz0Ywp/Tekqg2Wl7vw= +gitlab.com/elixxir/crypto v0.0.7-0.20230109203157-b204428f48f2 h1:JxwNkpRQy8v6cXduMw2C1fKIpcZNHQCyC3CD2V7+efQ= +gitlab.com/elixxir/crypto v0.0.7-0.20230109203157-b204428f48f2/go.mod h1:7whUm4bnEdEoiVfMnu3TbHgvlrz0Ywp/Tekqg2Wl7vw= gitlab.com/elixxir/ekv v0.2.1 h1:dtwbt6KmAXG2Tik5d60iDz2fLhoFBgWwST03p7T+9Is= gitlab.com/elixxir/ekv v0.2.1/go.mod h1:USLD7xeDnuZEavygdrgzNEwZXeLQJK/w1a+htpN+JEU= gitlab.com/elixxir/primitives v0.0.3-0.20221214192222-988b44a6958a h1:F17FfEjS+/uDI/TTYQD21S5JvNZ9+p9bieau2nyLCzo= diff --git a/groupChat/session_test.go b/groupChat/session_test.go index c5be891017f24d9fb3557b1cb2bb48129e182cd7..b3a5ce529ff5e1023990c33a9460fb44f0c15d34 100644 --- a/groupChat/session_test.go +++ b/groupChat/session_test.go @@ -12,9 +12,9 @@ import ( "gitlab.com/elixxir/client/v4/storage/user" "gitlab.com/elixxir/client/v4/storage/versioned" "gitlab.com/elixxir/crypto/cyclic" + "gitlab.com/elixxir/crypto/rsa" "gitlab.com/elixxir/ekv" "gitlab.com/elixxir/primitives/version" - "gitlab.com/xx_network/crypto/signature/rsa" "gitlab.com/xx_network/primitives/id" "gitlab.com/xx_network/primitives/ndf" "time" @@ -120,12 +120,12 @@ func (m mockSession) GetReceptionSalt() []byte { panic("implement me") } -func (m mockSession) GetReceptionRSA() *rsa.PrivateKey { +func (m mockSession) GetReceptionRSA() rsa.PrivateKey { //TODO implement me panic("implement me") } -func (m mockSession) GetTransmissionRSA() *rsa.PrivateKey { +func (m mockSession) GetTransmissionRSA() rsa.PrivateKey { //TODO implement me panic("implement me") } diff --git a/registration/register.go b/registration/register.go index 56986c809660edcf23fadf0947afa2f8aa5fc485..0fbe6b240afef04165e5b44277f6e3faab8f1875 100644 --- a/registration/register.go +++ b/registration/register.go @@ -12,11 +12,11 @@ import ( "github.com/pkg/errors" pb "gitlab.com/elixxir/comms/mixmessages" "gitlab.com/elixxir/crypto/registration" + "gitlab.com/elixxir/crypto/rsa" "gitlab.com/xx_network/comms/connect" - "gitlab.com/xx_network/crypto/signature/rsa" ) -func (perm *Registration) Register(transmissionPublicKey, receptionPublicKey *rsa.PublicKey, +func (perm *Registration) Register(transmissionPublicKey, receptionPublicKey rsa.PublicKey, registrationCode string) (transmissionSig []byte, receptionSig []byte, regTimestamp int64, err error) { return register(perm.comms, perm.host, transmissionPublicKey, receptionPublicKey, registrationCode) } @@ -29,13 +29,13 @@ type registrationMessageSender interface { //register registers the user with optional registration code // Returns an error if registration fails. func register(comms registrationMessageSender, host *connect.Host, - transmissionPublicKey, receptionPublicKey *rsa.PublicKey, + transmissionPublicKey, receptionPublicKey rsa.PublicKey, registrationCode string) ( transmissionSig []byte, receptionSig []byte, regTimestamp int64, err error) { // Send the message - transmissionPem := string(rsa.CreatePublicKeyPem(transmissionPublicKey)) - receptionPem := string(rsa.CreatePublicKeyPem(receptionPublicKey)) + transmissionPem := string(transmissionPublicKey.MarshalPem()) + receptionPem := string(receptionPublicKey.MarshalPem()) response, err := comms. SendRegistrationMessage(host, &pb.ClientRegistration{ diff --git a/registration/register_test.go b/registration/register_test.go index 8cec2bfb92f215640de1206141d473a47eea9601..5e789a5ee0c4b689d02dfe9d3539373c0efd4122 100644 --- a/registration/register_test.go +++ b/registration/register_test.go @@ -14,9 +14,9 @@ import ( pb "gitlab.com/elixxir/comms/mixmessages" "gitlab.com/elixxir/comms/testkeys" "gitlab.com/elixxir/crypto/registration" + "gitlab.com/elixxir/crypto/rsa" "gitlab.com/xx_network/comms/connect" "gitlab.com/xx_network/comms/messages" - "gitlab.com/xx_network/crypto/signature/rsa" "gitlab.com/xx_network/primitives/id" "gitlab.com/xx_network/primitives/utils" "testing" @@ -27,7 +27,8 @@ var expectedSignatureOne = []byte{7, 15, 58, 201, 193, 112, 205, 247, 7, 200, 21 var expectedSignatureTwo = []byte{97, 206, 133, 26, 212, 226, 126, 58, 99, 225, 29, 219, 143, 47, 86, 153, 2, 43, 151, 157, 37, 150, 30, 81, 206, 141, 255, 164, 203, 254, 173, 35, 77, 150, 7, 208, 79, 82, 39, 163, 81, 230, 188, 149, 161, 54, 113, 241, 80, 97, 198, 225, 93, 130, 169, 46, 76, 115, 202, 101, 219, 201, 233, 60, 85, 181, 153, 153, 192, 56, 41, 119, 7, 211, 202, 245, 95, 150, 186, 162, 48, 77, 15, 192, 15, 196, 29, 68, 169, 212, 47, 46, 115, 242, 171, 86, 57, 170, 127, 23, 166, 36, 42, 174, 70, 73, 65, 255, 254, 199, 16, 165, 57, 77, 91, 145, 132, 180, 211, 123, 210, 161, 7, 114, 180, 130, 242, 52, 27, 211, 138, 163, 38, 233, 122, 102, 172, 217, 40, 99, 203, 255, 239, 147, 20, 249, 52, 109, 45, 106, 16, 41, 221, 45, 29, 125, 197, 42, 80, 167, 165, 82, 10, 54, 19, 114, 240, 127, 212, 126, 86, 125, 35, 142, 130, 172, 144, 7, 238, 215, 29, 105, 70, 171, 217, 161, 214, 26, 30, 201, 119, 191, 77, 81, 86, 118, 15, 180, 185, 20, 220, 236, 183, 67, 242, 255, 93, 16, 1, 31, 177, 211, 189, 231, 125, 83, 213, 65, 3, 209, 186, 70, 76, 51, 109, 153, 24, 81, 200, 57, 43, 8, 91, 24, 64, 118, 108, 237, 8, 204, 206, 95, 215, 72, 160, 42, 214, 133, 140, 86, 206, 0, 152, 139, 67, 234} func NewMockRegSender(key, cert []byte) (*MockRegistrationSender, error) { - privKey, err := rsa.LoadPrivateKeyFromPem(key) + sch := rsa.GetScheme() + privKey, err := sch.UnmarshalPrivateKeyPEM(key) if err != nil { return nil, err } @@ -60,7 +61,7 @@ type MockRegistrationSender struct { reg *pb.ClientRegistration // param passed to SendRegistrationMessage host *connect.Host - privKey *rsa.PrivateKey + privKey rsa.PrivateKey prngOne *CountingReader prngTwo *CountingReader @@ -72,13 +73,13 @@ type MockRegistrationSender struct { } func (s *MockRegistrationSender) SendRegistrationMessage(host *connect.Host, message *pb.ClientRegistration) (*pb.SignedClientRegistrationConfirmations, error) { - transSig, err := registration.SignWithTimestamp(s.prngOne, s.privKey, + transSig, err := registration.SignWithTimestamp(s.prngOne, s.privKey.GetOldRSA(), s.mockTS.UnixNano(), message.ClientTransmissionRSAPubKey) if err != nil { return nil, errors.Errorf("Failed to sign transmission: %v", err) } - receptionSig, err := registration.SignWithTimestamp(s.prngTwo, s.privKey, + receptionSig, err := registration.SignWithTimestamp(s.prngTwo, s.privKey.GetOldRSA(), s.mockTS.UnixNano(), message.ClientReceptionRSAPubKey) if err != nil { return nil, errors.Errorf("Failed to sign reception: %v", err) @@ -129,6 +130,8 @@ func (s *MockRegistrationSender) GetHost(*id.ID) (*connect.Host, bool) { // Shows that registration gets RPCs with the correct parameters func TestRegisterWithPermissioning(t *testing.T) { + sch := rsa.GetScheme() + certData, err := utils.ReadFile(testkeys.GetNodeCertPath()) if err != nil { t.Fatalf("Could not load certificate: %v", err) @@ -139,7 +142,7 @@ func TestRegisterWithPermissioning(t *testing.T) { t.Fatalf("Could not load private key: %v", err) } - key, err := rsa.LoadPrivateKeyFromPem(keyData) + key, err := sch.UnmarshalPrivateKeyPEM(keyData) if err != nil { t.Fatalf("Could not load public key") } @@ -150,7 +153,7 @@ func TestRegisterWithPermissioning(t *testing.T) { } regCode := "flooble doodle" - sig1, sig2, regTimestamp, err := register(sender, sender.getHost, key.GetPublic(), key.GetPublic(), regCode) + sig1, sig2, regTimestamp, err := register(sender, sender.getHost, key.Public(), key.Public(), regCode) if err != nil { t.Error(err) } @@ -178,6 +181,7 @@ func TestRegisterWithPermissioning(t *testing.T) { // Shows that returning an error from the registration server results in an // error from register func TestRegisterWithPermissioning_ResponseErr(t *testing.T) { + sch := rsa.GetScheme() certData, err := utils.ReadFile(testkeys.GetNodeCertPath()) if err != nil { t.Fatalf("Could not load certificate: %v", err) @@ -188,7 +192,7 @@ func TestRegisterWithPermissioning_ResponseErr(t *testing.T) { t.Fatalf("Could not load private key: %v", err) } - key, err := rsa.LoadPrivateKeyFromPem(keyData) + key, err := sch.UnmarshalPrivateKeyPEM(keyData) if err != nil { t.Fatalf("Could not load public key") } @@ -199,7 +203,7 @@ func TestRegisterWithPermissioning_ResponseErr(t *testing.T) { } sender.errInReply = "failure occurred on registration" - _, _, _, err = register(sender, nil, key.GetPublic(), key.GetPublic(), "") + _, _, _, err = register(sender, nil, key.Public(), key.Public(), "") if err == nil { t.Error("no error if registration fails on registration") } @@ -208,6 +212,8 @@ func TestRegisterWithPermissioning_ResponseErr(t *testing.T) { // Shows that returning an error from the RPC (e.g. context deadline exceeded) // results in an error from register func TestRegisterWithPermissioning_ConnectionErr(t *testing.T) { + sch := rsa.GetScheme() + certData, err := utils.ReadFile(testkeys.GetNodeCertPath()) if err != nil { t.Fatalf("Could not load certificate: %v", err) @@ -218,7 +224,7 @@ func TestRegisterWithPermissioning_ConnectionErr(t *testing.T) { t.Fatalf("Could not load private key: %v", err) } - key, err := rsa.LoadPrivateKeyFromPem(keyData) + key, err := sch.UnmarshalPrivateKeyPEM(keyData) if err != nil { t.Fatalf("Could not load public key") } @@ -228,7 +234,7 @@ func TestRegisterWithPermissioning_ConnectionErr(t *testing.T) { t.Fatalf("Failed to create mock sender: %v", err) } sender.errSendRegistration = errors.New("connection problem") - _, _, _, err = register(sender, nil, key.GetPublic(), key.GetPublic(), "") + _, _, _, err = register(sender, nil, key.Public(), key.Public(), "") if err == nil { t.Error("no error if e.g. context deadline exceeded") } diff --git a/storage/session.go b/storage/session.go index 8e98ebb4a8ed69050f6ac75a0a70eddfd8a99e24..df641ad2906a9279cfd061ee0c658221f876e71f 100644 --- a/storage/session.go +++ b/storage/session.go @@ -26,9 +26,9 @@ import ( "gitlab.com/elixxir/client/v4/storage/user" "gitlab.com/elixxir/client/v4/storage/versioned" "gitlab.com/elixxir/crypto/cyclic" + "gitlab.com/elixxir/crypto/rsa" "gitlab.com/elixxir/ekv" "gitlab.com/elixxir/primitives/version" - "gitlab.com/xx_network/crypto/signature/rsa" "gitlab.com/xx_network/primitives/id" "gitlab.com/xx_network/primitives/ndf" ) @@ -59,8 +59,8 @@ type Session interface { GetTransmissionSalt() []byte GetReceptionID() *id.ID GetReceptionSalt() []byte - GetReceptionRSA() *rsa.PrivateKey - GetTransmissionRSA() *rsa.PrivateKey + GetReceptionRSA() rsa.PrivateKey + GetTransmissionRSA() rsa.PrivateKey IsPrecanned() bool SetUsername(username string) error GetUsername() (string, error) @@ -230,8 +230,8 @@ func InitTestingSession(i interface{}) Session { default: jww.FATAL.Panicf("InitTestingSession is restricted to testing only. Got %T", i) } - - privKey, _ := rsa.LoadPrivateKeyFromPem([]byte("-----BEGIN PRIVATE KEY-----\nMIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQC7Dkb6VXFn4cdp\nU0xh6ji0nTDQUyT9DSNW9I3jVwBrWfqMc4ymJuonMZbuqK+cY2l+suS2eugevWZr\ntzujFPBRFp9O14Jl3fFLfvtjZvkrKbUMHDHFehascwzrp3tXNryiRMmCNQV55TfI\nTVCv8CLE0t1ibiyOGM9ZWYB2OjXt59j76lPARYww5qwC46vS6+3Cn2Yt9zkcrGes\nkWEFa2VttHqF910TP+DZk2R5C7koAh6wZYK6NQ4S83YQurdHAT51LKGrbGehFKXq\n6/OAXCU1JLi3kW2PovTb6MZuvxEiRmVAONsOcXKu7zWCmFjuZZwfRt2RhnpcSgzf\nrarmsGM0LZh6JY3MGJ9YdPcVGSz+Vs2E4zWbNW+ZQoqlcGeMKgsIiQ670g0xSjYI\nCqldpt79gaET9PZsoXKEmKUaj6pq1d4qXDk7s63HRQazwVLGBdJQK8qX41eCdR8V\nMKbrCaOkzD5zgnEu0jBBAwdMtcigkMIk1GRv91j7HmqwryOBHryLi6NWBY3tjb4S\no9AppDQB41SH3SwNenAbNO1CXeUqN0hHX6I1bE7OlbjqI7tXdrTllHAJTyVVjenP\nel2ApMXp+LVRdDbKtwBiuM6+n+z0I7YYerxN1gfvpYgcXm4uye8dfwotZj6H2J/u\nSALsU2v9UHBzprdrLSZk2YpozJb+CQIDAQABAoICAARjDFUYpeU6zVNyCauOM7BA\ns4FfQdHReg+zApTfWHosDQ04NIc9CGbM6e5E9IFlb3byORzyevkllf5WuMZVWmF8\nd1YBBeTftKYBn2Gwa42Ql9dl3eD0wQ1gUWBBeEoOVZQ0qskr9ynpr0o6TfciWZ5m\nF50UWmUmvc4ppDKhoNwogNU/pKEwwF3xOv2CW2hB8jyLQnk3gBZlELViX3UiFKni\n/rCfoYYvDFXt+ABCvx/qFNAsQUmerurQ3Ob9igjXRaC34D7F9xQ3CMEesYJEJvc9\nGjvr5DbnKnjx152HS56TKhK8gp6vGHJz17xtWECXD3dIUS/1iG8bqXuhdg2c+2aW\nm3MFpa5jgpAawUWc7c32UnqbKKf+HI7/x8J1yqJyNeU5SySyYSB5qtwTShYzlBW/\nyCYD41edeJcmIp693nUcXzU+UAdtpt0hkXS59WSWlTrB/huWXy6kYXLNocNk9L7g\niyx0cOmkuxREMHAvK0fovXdVyflQtJYC7OjJxkzj2rWO+QtHaOySXUyinkuTb5ev\nxNhs+ROWI/HAIE9buMqXQIpHx6MSgdKOL6P6AEbBan4RAktkYA6y5EtH/7x+9V5E\nQTIz4LrtI6abaKb4GUlZkEsc8pxrkNwCqOAE/aqEMNh91Na1TOj3f0/a6ckGYxYH\npyrvwfP2Ouu6e5FhDcCBAoIBAQDcN8mK99jtrH3q3Q8vZAWFXHsOrVvnJXyHLz9V\n1Rx/7TnMUxvDX1PIVxhuJ/tmHtxrNIXOlps80FCZXGgxfET/YFrbf4H/BaMNJZNP\nag1wBV5VQSnTPdTR+Ijice+/ak37S2NKHt8+ut6yoZjD7sf28qiO8bzNua/OYHkk\nV+RkRkk68Uk2tFMluQOSyEjdsrDNGbESvT+R1Eotupr0Vy/9JRY/TFMc4MwJwOoy\ns7wYr9SUCq/cYn7FIOBTI+PRaTx1WtpfkaErDc5O+nLLEp1yOrfktl4LhU/r61i7\nfdtafUACTKrXG2qxTd3w++mHwTwVl2MwhiMZfxvKDkx0L2gxAoIBAQDZcxKwyZOy\ns6Aw7igw1ftLny/dpjPaG0p6myaNpeJISjTOU7HKwLXmlTGLKAbeRFJpOHTTs63y\ngcmcuE+vGCpdBHQkaCev8cve1urpJRcxurura6+bYaENO6ua5VzF9BQlDYve0YwY\nlbJiRKmEWEAyULjbIebZW41Z4UqVG3MQI750PRWPW4WJ2kDhksFXN1gwSnaM46KR\nPmVA0SL+RCPcAp/VkImCv0eqv9exsglY0K/QiJfLy3zZ8QvAn0wYgZ3AvH3lr9rJ\nT7pg9WDb+OkfeEQ7INubqSthhaqCLd4zwbMRlpyvg1cMSq0zRvrFpwVlSY85lW4F\ng/tgjJ99W9VZAoIBAH3OYRVDAmrFYCoMn+AzA/RsIOEBqL8kaz/Pfh9K4D01CQ/x\naqryiqqpFwvXS4fLmaClIMwkvgq/90ulvuCGXeSG52D+NwW58qxQCxgTPhoA9yM9\nVueXKz3I/mpfLNftox8sskxl1qO/nfnu15cXkqVBe4ouD+53ZjhAZPSeQZwHi05h\nCbJ20gl66M+yG+6LZvXE96P8+ZQV80qskFmGdaPozAzdTZ3xzp7D1wegJpTz3j20\n3ULKAiIb5guZNU0tEZz5ikeOqsQt3u6/pVTeDZR0dxnyFUf/oOjmSorSG75WT3sA\n0ZiR0SH5mhFR2Nf1TJ4JHmFaQDMQqo+EG6lEbAECggEAA7kGnuQ0lSCiI3RQV9Wy\nAa9uAFtyE8/XzJWPaWlnoFk04jtoldIKyzHOsVU0GOYOiyKeTWmMFtTGANre8l51\nizYiTuVBmK+JD/2Z8/fgl8dcoyiqzvwy56kX3QUEO5dcKO48cMohneIiNbB7PnrM\nTpA3OfkwnJQGrX0/66GWrLYP8qmBDv1AIgYMilAa40VdSyZbNTpIdDgfP6bU9Ily\nG7gnyF47HHPt5Cx4ouArbMvV1rof7ytCrfCEhP21Lc46Ryxy81W5ZyzoQfSxfdKb\nGyDR+jkryVRyG69QJf5nCXfNewWbFR4ohVtZ78DNVkjvvLYvr4qxYYLK8PI3YMwL\nsQKCAQB9lo7JadzKVio+C18EfNikOzoriQOaIYowNaaGDw3/9KwIhRsKgoTs+K5O\ngt/gUoPRGd3M2z4hn5j4wgeuFi7HC1MdMWwvgat93h7R1YxiyaOoCTxH1klbB/3K\n4fskdQRxuM8McUebebrp0qT5E0xs2l+ABmt30Dtd3iRrQ5BBjnRc4V//sQiwS1aC\nYi5eNYCQ96BSAEo1dxJh5RI/QxF2HEPUuoPM8iXrIJhyg9TEEpbrEJcxeagWk02y\nOMEoUbWbX07OzFVvu+aJaN/GlgiogMQhb6IiNTyMlryFUleF+9OBA8xGHqGWA6nR\nOaRA5ZbdE7g7vxKRV36jT3wvD7W+\n-----END PRIVATE KEY-----\n")) + sch := rsa.GetScheme() + privKey, _ := sch.UnmarshalPrivateKeyPEM([]byte("-----BEGIN PRIVATE KEY-----\nMIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQC7Dkb6VXFn4cdp\nU0xh6ji0nTDQUyT9DSNW9I3jVwBrWfqMc4ymJuonMZbuqK+cY2l+suS2eugevWZr\ntzujFPBRFp9O14Jl3fFLfvtjZvkrKbUMHDHFehascwzrp3tXNryiRMmCNQV55TfI\nTVCv8CLE0t1ibiyOGM9ZWYB2OjXt59j76lPARYww5qwC46vS6+3Cn2Yt9zkcrGes\nkWEFa2VttHqF910TP+DZk2R5C7koAh6wZYK6NQ4S83YQurdHAT51LKGrbGehFKXq\n6/OAXCU1JLi3kW2PovTb6MZuvxEiRmVAONsOcXKu7zWCmFjuZZwfRt2RhnpcSgzf\nrarmsGM0LZh6JY3MGJ9YdPcVGSz+Vs2E4zWbNW+ZQoqlcGeMKgsIiQ670g0xSjYI\nCqldpt79gaET9PZsoXKEmKUaj6pq1d4qXDk7s63HRQazwVLGBdJQK8qX41eCdR8V\nMKbrCaOkzD5zgnEu0jBBAwdMtcigkMIk1GRv91j7HmqwryOBHryLi6NWBY3tjb4S\no9AppDQB41SH3SwNenAbNO1CXeUqN0hHX6I1bE7OlbjqI7tXdrTllHAJTyVVjenP\nel2ApMXp+LVRdDbKtwBiuM6+n+z0I7YYerxN1gfvpYgcXm4uye8dfwotZj6H2J/u\nSALsU2v9UHBzprdrLSZk2YpozJb+CQIDAQABAoICAARjDFUYpeU6zVNyCauOM7BA\ns4FfQdHReg+zApTfWHosDQ04NIc9CGbM6e5E9IFlb3byORzyevkllf5WuMZVWmF8\nd1YBBeTftKYBn2Gwa42Ql9dl3eD0wQ1gUWBBeEoOVZQ0qskr9ynpr0o6TfciWZ5m\nF50UWmUmvc4ppDKhoNwogNU/pKEwwF3xOv2CW2hB8jyLQnk3gBZlELViX3UiFKni\n/rCfoYYvDFXt+ABCvx/qFNAsQUmerurQ3Ob9igjXRaC34D7F9xQ3CMEesYJEJvc9\nGjvr5DbnKnjx152HS56TKhK8gp6vGHJz17xtWECXD3dIUS/1iG8bqXuhdg2c+2aW\nm3MFpa5jgpAawUWc7c32UnqbKKf+HI7/x8J1yqJyNeU5SySyYSB5qtwTShYzlBW/\nyCYD41edeJcmIp693nUcXzU+UAdtpt0hkXS59WSWlTrB/huWXy6kYXLNocNk9L7g\niyx0cOmkuxREMHAvK0fovXdVyflQtJYC7OjJxkzj2rWO+QtHaOySXUyinkuTb5ev\nxNhs+ROWI/HAIE9buMqXQIpHx6MSgdKOL6P6AEbBan4RAktkYA6y5EtH/7x+9V5E\nQTIz4LrtI6abaKb4GUlZkEsc8pxrkNwCqOAE/aqEMNh91Na1TOj3f0/a6ckGYxYH\npyrvwfP2Ouu6e5FhDcCBAoIBAQDcN8mK99jtrH3q3Q8vZAWFXHsOrVvnJXyHLz9V\n1Rx/7TnMUxvDX1PIVxhuJ/tmHtxrNIXOlps80FCZXGgxfET/YFrbf4H/BaMNJZNP\nag1wBV5VQSnTPdTR+Ijice+/ak37S2NKHt8+ut6yoZjD7sf28qiO8bzNua/OYHkk\nV+RkRkk68Uk2tFMluQOSyEjdsrDNGbESvT+R1Eotupr0Vy/9JRY/TFMc4MwJwOoy\ns7wYr9SUCq/cYn7FIOBTI+PRaTx1WtpfkaErDc5O+nLLEp1yOrfktl4LhU/r61i7\nfdtafUACTKrXG2qxTd3w++mHwTwVl2MwhiMZfxvKDkx0L2gxAoIBAQDZcxKwyZOy\ns6Aw7igw1ftLny/dpjPaG0p6myaNpeJISjTOU7HKwLXmlTGLKAbeRFJpOHTTs63y\ngcmcuE+vGCpdBHQkaCev8cve1urpJRcxurura6+bYaENO6ua5VzF9BQlDYve0YwY\nlbJiRKmEWEAyULjbIebZW41Z4UqVG3MQI750PRWPW4WJ2kDhksFXN1gwSnaM46KR\nPmVA0SL+RCPcAp/VkImCv0eqv9exsglY0K/QiJfLy3zZ8QvAn0wYgZ3AvH3lr9rJ\nT7pg9WDb+OkfeEQ7INubqSthhaqCLd4zwbMRlpyvg1cMSq0zRvrFpwVlSY85lW4F\ng/tgjJ99W9VZAoIBAH3OYRVDAmrFYCoMn+AzA/RsIOEBqL8kaz/Pfh9K4D01CQ/x\naqryiqqpFwvXS4fLmaClIMwkvgq/90ulvuCGXeSG52D+NwW58qxQCxgTPhoA9yM9\nVueXKz3I/mpfLNftox8sskxl1qO/nfnu15cXkqVBe4ouD+53ZjhAZPSeQZwHi05h\nCbJ20gl66M+yG+6LZvXE96P8+ZQV80qskFmGdaPozAzdTZ3xzp7D1wegJpTz3j20\n3ULKAiIb5guZNU0tEZz5ikeOqsQt3u6/pVTeDZR0dxnyFUf/oOjmSorSG75WT3sA\n0ZiR0SH5mhFR2Nf1TJ4JHmFaQDMQqo+EG6lEbAECggEAA7kGnuQ0lSCiI3RQV9Wy\nAa9uAFtyE8/XzJWPaWlnoFk04jtoldIKyzHOsVU0GOYOiyKeTWmMFtTGANre8l51\nizYiTuVBmK+JD/2Z8/fgl8dcoyiqzvwy56kX3QUEO5dcKO48cMohneIiNbB7PnrM\nTpA3OfkwnJQGrX0/66GWrLYP8qmBDv1AIgYMilAa40VdSyZbNTpIdDgfP6bU9Ily\nG7gnyF47HHPt5Cx4ouArbMvV1rof7ytCrfCEhP21Lc46Ryxy81W5ZyzoQfSxfdKb\nGyDR+jkryVRyG69QJf5nCXfNewWbFR4ohVtZ78DNVkjvvLYvr4qxYYLK8PI3YMwL\nsQKCAQB9lo7JadzKVio+C18EfNikOzoriQOaIYowNaaGDw3/9KwIhRsKgoTs+K5O\ngt/gUoPRGd3M2z4hn5j4wgeuFi7HC1MdMWwvgat93h7R1YxiyaOoCTxH1klbB/3K\n4fskdQRxuM8McUebebrp0qT5E0xs2l+ABmt30Dtd3iRrQ5BBjnRc4V//sQiwS1aC\nYi5eNYCQ96BSAEo1dxJh5RI/QxF2HEPUuoPM8iXrIJhyg9TEEpbrEJcxeagWk02y\nOMEoUbWbX07OzFVvu+aJaN/GlgiogMQhb6IiNTyMlryFUleF+9OBA8xGHqGWA6nR\nOaRA5ZbdE7g7vxKRV36jT3wvD7W+\n-----END PRIVATE KEY-----\n")) kv := versioned.NewKV(ekv.MakeMemstore()) s := &session{kv: kv} uid := id.NewIdFromString("zezima", id.User, i) diff --git a/storage/user/cryptographic.go b/storage/user/cryptographic.go index f65ca13abf18dfbddc6af24d941cb051a53b64b2..d84938c5210481844c7b4dff75a568075adfbf25 100644 --- a/storage/user/cryptographic.go +++ b/storage/user/cryptographic.go @@ -16,7 +16,8 @@ import ( "gitlab.com/elixxir/client/v4/storage/utility" "gitlab.com/elixxir/client/v4/storage/versioned" "gitlab.com/elixxir/crypto/cyclic" - "gitlab.com/xx_network/crypto/signature/rsa" + "gitlab.com/elixxir/crypto/rsa" + oldRsa "gitlab.com/xx_network/crypto/signature/rsa" "gitlab.com/xx_network/primitives/id" "gitlab.com/xx_network/primitives/netTime" ) @@ -28,10 +29,10 @@ const cryptographicIdentityKey = "cryptographicIdentity" type CryptographicIdentity struct { transmissionID *id.ID transmissionSalt []byte - transmissionRsaKey *rsa.PrivateKey + transmissionRsaKey rsa.PrivateKey receptionID *id.ID receptionSalt []byte - receptionRsaKey *rsa.PrivateKey + receptionRsaKey rsa.PrivateKey isPrecanned bool e2eDhPrivateKey *cyclic.Int e2eDhPublicKey *cyclic.Int @@ -40,20 +41,20 @@ type CryptographicIdentity struct { type ciDisk struct { TransmissionID *id.ID TransmissionSalt []byte - TransmissionRsaKey *rsa.PrivateKey + TransmissionRsaKey *oldRsa.PrivateKey ReceptionID *id.ID ReceptionSalt []byte - ReceptionRsaKey *rsa.PrivateKey + ReceptionRsaKey *oldRsa.PrivateKey IsPrecanned bool } type ciDiskV1 struct { TransmissionID *id.ID TransmissionSalt []byte - TransmissionRsaKey *rsa.PrivateKey + TransmissionRsaKey *oldRsa.PrivateKey ReceptionID *id.ID ReceptionSalt []byte - ReceptionRsaKey *rsa.PrivateKey + ReceptionRsaKey *oldRsa.PrivateKey IsPrecanned bool E2eDhPrivateKey []byte E2eDhPublicKey []byte @@ -61,7 +62,7 @@ type ciDiskV1 struct { func newCryptographicIdentity(transmissionID, receptionID *id.ID, transmissionSalt, receptionSalt []byte, - transmissionRsa, receptionRsa *rsa.PrivateKey, + transmissionRsa, receptionRsa rsa.PrivateKey, isPrecanned bool, e2eDhPrivateKey, e2eDhPublicKey *cyclic.Int, kv *versioned.KV) *CryptographicIdentity { @@ -103,9 +104,11 @@ func loadOriginalCryptographicIdentity(kv *versioned.KV) (*CryptographicIdentity return nil, err } + sch := rsa.GetScheme() + result.isPrecanned = decodable.IsPrecanned - result.receptionRsaKey = decodable.ReceptionRsaKey - result.transmissionRsaKey = decodable.TransmissionRsaKey + result.receptionRsaKey = sch.Convert(&decodable.ReceptionRsaKey.PrivateKey) + result.transmissionRsaKey = sch.Convert(&decodable.TransmissionRsaKey.PrivateKey) result.transmissionSalt = decodable.TransmissionSalt result.transmissionID = decodable.TransmissionID result.receptionID = decodable.ReceptionID @@ -135,9 +138,11 @@ func loadCryptographicIdentity(kv *versioned.KV) (*CryptographicIdentity, error) return nil, err } + sch := rsa.GetScheme() + result.isPrecanned = decodable.IsPrecanned - result.receptionRsaKey = decodable.ReceptionRsaKey - result.transmissionRsaKey = decodable.TransmissionRsaKey + result.receptionRsaKey = sch.Convert(&decodable.ReceptionRsaKey.PrivateKey) + result.transmissionRsaKey = sch.Convert(&decodable.TransmissionRsaKey.PrivateKey) result.transmissionSalt = decodable.TransmissionSalt result.transmissionID = decodable.TransmissionID result.receptionID = decodable.ReceptionID @@ -196,10 +201,10 @@ func (ci *CryptographicIdentity) save(kv *versioned.KV) error { encodable := &ciDiskV1{ TransmissionID: ci.transmissionID, TransmissionSalt: ci.transmissionSalt, - TransmissionRsaKey: ci.transmissionRsaKey, + TransmissionRsaKey: &oldRsa.PrivateKey{PrivateKey: *ci.transmissionRsaKey.GetGoRSA()}, ReceptionID: ci.receptionID, ReceptionSalt: ci.receptionSalt, - ReceptionRsaKey: ci.receptionRsaKey, + ReceptionRsaKey: &oldRsa.PrivateKey{PrivateKey: *ci.receptionRsaKey.GetGoRSA()}, IsPrecanned: ci.isPrecanned, E2eDhPrivateKey: dhPriv, E2eDhPublicKey: dhPub, @@ -235,11 +240,11 @@ func (ci *CryptographicIdentity) GetReceptionSalt() []byte { return ci.receptionSalt } -func (ci *CryptographicIdentity) GetReceptionRSA() *rsa.PrivateKey { +func (ci *CryptographicIdentity) GetReceptionRSA() rsa.PrivateKey { return ci.receptionRsaKey } -func (ci *CryptographicIdentity) GetTransmissionRSA() *rsa.PrivateKey { +func (ci *CryptographicIdentity) GetTransmissionRSA() rsa.PrivateKey { return ci.transmissionRsaKey } diff --git a/storage/user/cryptographic_test.go b/storage/user/cryptographic_test.go index 90d7df378d027c9df4b2f9a1b2bd7de238f66a12..7996f702cd711c65cde9040e16b244d59a9b5cfe 100644 --- a/storage/user/cryptographic_test.go +++ b/storage/user/cryptographic_test.go @@ -13,9 +13,9 @@ import ( "gitlab.com/elixxir/client/v4/storage/versioned" "gitlab.com/elixxir/crypto/cyclic" "gitlab.com/elixxir/crypto/diffieHellman" + "gitlab.com/elixxir/crypto/rsa" "gitlab.com/elixxir/ekv" "gitlab.com/xx_network/crypto/large" - "gitlab.com/xx_network/crypto/signature/rsa" "gitlab.com/xx_network/primitives/id" "testing" ) @@ -32,8 +32,13 @@ func TestNewCryptographicIdentity(t *testing.T) { diffieHellman.DefaultPrivateKeyLength, grp, prng) dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp) - _ = newCryptographicIdentity(uid, uid, salt, salt, &rsa.PrivateKey{}, - &rsa.PrivateKey{}, false, dhPrivKey, dhPubKey, kv) + sch := rsa.GetScheme() + + transmission, _ := sch.Generate(prng, 64) + reception, _ := sch.Generate(prng, 64) + + _ = newCryptographicIdentity(uid, uid, salt, salt, transmission, + reception, false, dhPrivKey, dhPubKey, kv) _, err := kv.Get(cryptographicIdentityKey, currentCryptographicIdentityVersion) if err != nil { @@ -53,8 +58,13 @@ func TestLoadCryptographicIdentity(t *testing.T) { diffieHellman.DefaultPrivateKeyLength, grp, prng) dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp) - ci := newCryptographicIdentity(uid, uid, salt, salt, &rsa.PrivateKey{}, - &rsa.PrivateKey{}, false, dhPrivKey, dhPubKey, kv) + sch := rsa.GetScheme() + + transmission, _ := sch.Generate(prng, 64) + reception, _ := sch.Generate(prng, 64) + + ci := newCryptographicIdentity(uid, uid, salt, salt, transmission, + reception, false, dhPrivKey, dhPubKey, kv) err := ci.save(kv) if err != nil { @@ -72,19 +82,22 @@ func TestLoadCryptographicIdentity(t *testing.T) { // Happy path for GetReceptionRSA function func TestCryptographicIdentity_GetReceptionRSA(t *testing.T) { + + sch := rsa.GetScheme() + prng := rand.Reader + kv := versioned.NewKV(ekv.MakeMemstore()) uid := id.NewIdFromString("zezima", id.User, t) - pk1, err := rsa.GenerateKey(rand.Reader, 64) + pk1, err := sch.Generate(prng, 64) if err != nil { t.Errorf("Failed to generate pk1") } - pk2, err := rsa.GenerateKey(rand.Reader, 64) + pk2, err := sch.Generate(prng, 64) if err != nil { t.Errorf("Failed to generate pk2") } salt := []byte("salt") - prng := rand.Reader grp := cyclic.NewGroup(large.NewInt(173), large.NewInt(2)) dhPrivKey := diffieHellman.GeneratePrivateKey( diffieHellman.DefaultPrivateKeyLength, grp, prng) @@ -92,26 +105,28 @@ func TestCryptographicIdentity_GetReceptionRSA(t *testing.T) { ci := newCryptographicIdentity( uid, uid, salt, salt, pk1, pk2, false, dhPrivKey, dhPubKey, kv) - if ci.GetReceptionRSA().D != pk2.D { + if ci.GetReceptionRSA().GetD().Cmp(pk2.GetD()) != 0 { t.Errorf("Did not receive expected RSA key. Expected: %+v, Received: %+v", pk2, ci.GetReceptionRSA()) } } // Happy path for GetTransmissionRSA function func TestCryptographicIdentity_GetTransmissionRSA(t *testing.T) { + sch := rsa.GetScheme() + prng := rand.Reader + kv := versioned.NewKV(ekv.MakeMemstore()) uid := id.NewIdFromString("zezima", id.User, t) - pk1, err := rsa.GenerateKey(rand.Reader, 64) + pk1, err := sch.Generate(prng, 64) if err != nil { t.Errorf("Failed to generate pk1") } - pk2, err := rsa.GenerateKey(rand.Reader, 64) + pk2, err := sch.Generate(prng, 64) if err != nil { t.Errorf("Failed to generate pk2") } salt := []byte("salt") - prng := rand.Reader grp := cyclic.NewGroup(large.NewInt(173), large.NewInt(2)) dhPrivKey := diffieHellman.GeneratePrivateKey( diffieHellman.DefaultPrivateKeyLength, grp, prng) @@ -119,26 +134,31 @@ func TestCryptographicIdentity_GetTransmissionRSA(t *testing.T) { ci := newCryptographicIdentity( uid, uid, salt, salt, pk1, pk2, false, dhPrivKey, dhPubKey, kv) - if ci.GetTransmissionRSA().D != pk1.D { + if ci.GetTransmissionRSA().GetD().Cmp(pk1.GetD()) != 0 { t.Errorf("Did not receive expected RSA key. Expected: %+v, Received: %+v", pk1, ci.GetTransmissionRSA()) } } // Happy path for GetSalt function func TestCryptographicIdentity_GetTransmissionSalt(t *testing.T) { + sch := rsa.GetScheme() + prng := rand.Reader + + transmission, _ := sch.Generate(prng, 64) + reception, _ := sch.Generate(prng, 64) + kv := versioned.NewKV(ekv.MakeMemstore()) uid := id.NewIdFromString("zezima", id.User, t) ts := []byte("transmission salt") rs := []byte("reception salt") - prng := rand.Reader grp := cyclic.NewGroup(large.NewInt(173), large.NewInt(2)) dhPrivKey := diffieHellman.GeneratePrivateKey( diffieHellman.DefaultPrivateKeyLength, grp, prng) dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp) - ci := newCryptographicIdentity(uid, uid, ts, rs, &rsa.PrivateKey{}, - &rsa.PrivateKey{}, false, dhPrivKey, dhPubKey, kv) + ci := newCryptographicIdentity(uid, uid, ts, rs, transmission, + reception, false, dhPrivKey, dhPubKey, kv) if bytes.Compare(ci.GetTransmissionSalt(), ts) != 0 { t.Errorf("Did not get expected salt. Expected: %+v, Received: %+v", ts, ci.GetTransmissionSalt()) } @@ -146,19 +166,24 @@ func TestCryptographicIdentity_GetTransmissionSalt(t *testing.T) { // Happy path for GetSalt function func TestCryptographicIdentity_GetReceptionSalt(t *testing.T) { + sch := rsa.GetScheme() + prng := rand.Reader + + transmission, _ := sch.Generate(prng, 64) + reception, _ := sch.Generate(prng, 64) + kv := versioned.NewKV(ekv.MakeMemstore()) uid := id.NewIdFromString("zezima", id.User, t) ts := []byte("transmission salt") rs := []byte("reception salt") - prng := rand.Reader grp := cyclic.NewGroup(large.NewInt(173), large.NewInt(2)) dhPrivKey := diffieHellman.GeneratePrivateKey( diffieHellman.DefaultPrivateKeyLength, grp, prng) dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp) - ci := newCryptographicIdentity(uid, uid, ts, rs, &rsa.PrivateKey{}, - &rsa.PrivateKey{}, false, dhPrivKey, dhPubKey, kv) + ci := newCryptographicIdentity(uid, uid, ts, rs, transmission, + reception, false, dhPrivKey, dhPubKey, kv) if bytes.Compare(ci.GetReceptionSalt(), rs) != 0 { t.Errorf("Did not get expected salt. Expected: %+v, Received: %+v", rs, ci.GetReceptionSalt()) } @@ -166,18 +191,23 @@ func TestCryptographicIdentity_GetReceptionSalt(t *testing.T) { // Happy path for GetUserID function func TestCryptographicIdentity_GetTransmissionID(t *testing.T) { + sch := rsa.GetScheme() + prng := rand.Reader + + transmission, _ := sch.Generate(prng, 64) + reception, _ := sch.Generate(prng, 64) + kv := versioned.NewKV(ekv.MakeMemstore()) rid := id.NewIdFromString("zezima", id.User, t) tid := id.NewIdFromString("jakexx360", id.User, t) salt := []byte("salt") - prng := rand.Reader grp := cyclic.NewGroup(large.NewInt(173), large.NewInt(2)) dhPrivKey := diffieHellman.GeneratePrivateKey( diffieHellman.DefaultPrivateKeyLength, grp, prng) dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp) - ci := newCryptographicIdentity(tid, rid, salt, salt, &rsa.PrivateKey{}, &rsa.PrivateKey{}, false, dhPrivKey, dhPubKey, kv) + ci := newCryptographicIdentity(tid, rid, salt, salt, transmission, reception, false, dhPrivKey, dhPubKey, kv) if !ci.GetTransmissionID().Cmp(tid) { t.Errorf("Did not receive expected user ID. Expected: %+v, Received: %+v", tid, ci.GetTransmissionID()) } @@ -185,18 +215,23 @@ func TestCryptographicIdentity_GetTransmissionID(t *testing.T) { // Happy path for GetUserID function func TestCryptographicIdentity_GetReceptionID(t *testing.T) { + sch := rsa.GetScheme() + prng := rand.Reader + + transmission, _ := sch.Generate(prng, 64) + reception, _ := sch.Generate(prng, 64) + kv := versioned.NewKV(ekv.MakeMemstore()) rid := id.NewIdFromString("zezima", id.User, t) tid := id.NewIdFromString("jakexx360", id.User, t) salt := []byte("salt") - prng := rand.Reader grp := cyclic.NewGroup(large.NewInt(173), large.NewInt(2)) dhPrivKey := diffieHellman.GeneratePrivateKey( diffieHellman.DefaultPrivateKeyLength, grp, prng) dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp) - ci := newCryptographicIdentity(tid, rid, salt, salt, &rsa.PrivateKey{}, &rsa.PrivateKey{}, false, dhPrivKey, dhPubKey, kv) + ci := newCryptographicIdentity(tid, rid, salt, salt, transmission, reception, false, dhPrivKey, dhPubKey, kv) if !ci.GetReceptionID().Cmp(rid) { t.Errorf("Did not receive expected user ID. Expected: %+v, Received: %+v", rid, ci.GetReceptionID()) } @@ -204,17 +239,22 @@ func TestCryptographicIdentity_GetReceptionID(t *testing.T) { // Happy path for IsPrecanned functions func TestCryptographicIdentity_IsPrecanned(t *testing.T) { + sch := rsa.GetScheme() + prng := rand.Reader + + transmission, _ := sch.Generate(prng, 64) + reception, _ := sch.Generate(prng, 64) + kv := versioned.NewKV(ekv.MakeMemstore()) uid := id.NewIdFromString("zezima", id.User, t) salt := []byte("salt") - prng := rand.Reader grp := cyclic.NewGroup(large.NewInt(173), large.NewInt(2)) dhPrivKey := diffieHellman.GeneratePrivateKey( diffieHellman.DefaultPrivateKeyLength, grp, prng) dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp) - ci := newCryptographicIdentity(uid, uid, salt, salt, &rsa.PrivateKey{}, &rsa.PrivateKey{}, true, dhPrivKey, dhPubKey, kv) + ci := newCryptographicIdentity(uid, uid, salt, salt, transmission, reception, true, dhPrivKey, dhPubKey, kv) if !ci.IsPrecanned() { t.Error("I really don't know how this could happen") } diff --git a/storage/user/info.go b/storage/user/info.go index a16b4b754a625c386f0dc569f911188b22e742a7..dcbc0dee933dd60c9c1753b681a3ef1c60fca34e 100644 --- a/storage/user/info.go +++ b/storage/user/info.go @@ -10,7 +10,7 @@ package user import ( "gitlab.com/elixxir/crypto/backup" "gitlab.com/elixxir/crypto/cyclic" - "gitlab.com/xx_network/crypto/signature/rsa" + "gitlab.com/elixxir/crypto/rsa" "gitlab.com/xx_network/primitives/id" ) @@ -18,10 +18,10 @@ type Proto struct { //General Identity TransmissionID *id.ID TransmissionSalt []byte - TransmissionRSA *rsa.PrivateKey + TransmissionRSA rsa.PrivateKey ReceptionID *id.ID ReceptionSalt []byte - ReceptionRSA *rsa.PrivateKey + ReceptionRSA rsa.PrivateKey Precanned bool // Timestamp in which user has registered with the network RegistrationTimestamp int64 @@ -40,10 +40,10 @@ type Info struct { //General Identity TransmissionID *id.ID TransmissionSalt []byte - TransmissionRSA *rsa.PrivateKey + TransmissionRSA rsa.PrivateKey ReceptionID *id.ID ReceptionSalt []byte - ReceptionRSA *rsa.PrivateKey + ReceptionRSA rsa.PrivateKey Precanned bool // Timestamp in which user has registered with the network RegistrationTimestamp int64 @@ -69,13 +69,14 @@ func NewUserFromProto(proto *Proto) Info { } func NewUserFromBackup(backup *backup.Backup) Info { + sch := rsa.GetScheme() return Info{ TransmissionID: backup.TransmissionIdentity.ComputedID, TransmissionSalt: backup.TransmissionIdentity.Salt, - TransmissionRSA: backup.TransmissionIdentity.RSASigningPrivateKey, + TransmissionRSA: sch.Convert(&backup.TransmissionIdentity.RSASigningPrivateKey.PrivateKey), ReceptionID: backup.ReceptionIdentity.ComputedID, ReceptionSalt: backup.ReceptionIdentity.Salt, - ReceptionRSA: backup.ReceptionIdentity.RSASigningPrivateKey, + ReceptionRSA: sch.Convert(&backup.ReceptionIdentity.RSASigningPrivateKey.PrivateKey), Precanned: false, RegistrationTimestamp: backup.RegistrationTimestamp, E2eDhPrivateKey: backup.ReceptionIdentity.DHPrivateKey, diff --git a/storage/user/registation_test.go b/storage/user/registation_test.go index 3d9efddf514f729408bf5e9a29096ae11cfd027b..fea4ecb8feca9abc4f97fb166fb606c2de4c603a 100644 --- a/storage/user/registation_test.go +++ b/storage/user/registation_test.go @@ -13,9 +13,9 @@ import ( "gitlab.com/elixxir/client/v4/storage/versioned" "gitlab.com/elixxir/crypto/cyclic" "gitlab.com/elixxir/crypto/diffieHellman" + "gitlab.com/elixxir/crypto/rsa" "gitlab.com/elixxir/ekv" "gitlab.com/xx_network/crypto/large" - "gitlab.com/xx_network/crypto/signature/rsa" "gitlab.com/xx_network/primitives/id" "gitlab.com/xx_network/primitives/netTime" "math/rand" @@ -25,6 +25,8 @@ import ( // Test User GetRegistrationValidationSignature function func TestUser_GetRegistrationValidationSignature(t *testing.T) { + sch := rsa.GetScheme() + kv := versioned.NewKV(ekv.MakeMemstore()) uid := id.NewIdFromString("test", id.User, t) salt := []byte("salt") @@ -35,8 +37,11 @@ func TestUser_GetRegistrationValidationSignature(t *testing.T) { diffieHellman.DefaultPrivateKeyLength, grp, prng) dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp) - u, err := NewUser(kv, uid, uid, salt, salt, &rsa.PrivateKey{}, - &rsa.PrivateKey{}, false, dhPrivKey, dhPubKey) + transmission, _ := sch.Generate(prng, 64) + reception, _ := sch.Generate(prng, 64) + + u, err := NewUser(kv, uid, uid, salt, salt, transmission, + reception, false, dhPrivKey, dhPubKey) if err != nil || u == nil { t.Errorf("Failed to create new user: %+v", err) } @@ -68,6 +73,8 @@ func TestUser_GetRegistrationValidationSignature(t *testing.T) { // Test SetRegistrationValidationSignature setter func TestUser_SetRegistrationValidationSignature(t *testing.T) { + sch := rsa.GetScheme() + kv := versioned.NewKV(ekv.MakeMemstore()) uid := id.NewIdFromString("test", id.User, t) salt := []byte("salt") @@ -78,8 +85,11 @@ func TestUser_SetRegistrationValidationSignature(t *testing.T) { diffieHellman.DefaultPrivateKeyLength, grp, prng) dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp) - u, err := NewUser(kv, uid, uid, salt, salt, &rsa.PrivateKey{}, - &rsa.PrivateKey{}, false, dhPrivKey, dhPubKey) + transmission, _ := sch.Generate(prng, 64) + reception, _ := sch.Generate(prng, 64) + + u, err := NewUser(kv, uid, uid, salt, salt, transmission, + reception, false, dhPrivKey, dhPubKey) if err != nil || u == nil { t.Errorf("Failed to create new user: %+v", err) } @@ -119,6 +129,8 @@ func TestUser_SetRegistrationValidationSignature(t *testing.T) { // Test loading registrationValidationSignature from the KV store func TestUser_loadRegistrationValidationSignature(t *testing.T) { + sch := rsa.GetScheme() + kv := versioned.NewKV(ekv.MakeMemstore()) uid := id.NewIdFromString("test", id.User, t) salt := []byte("salt") @@ -129,8 +141,11 @@ func TestUser_loadRegistrationValidationSignature(t *testing.T) { diffieHellman.DefaultPrivateKeyLength, grp, prng) dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp) - u, err := NewUser(kv, uid, uid, salt, salt, &rsa.PrivateKey{}, - &rsa.PrivateKey{}, false, dhPrivKey, dhPubKey) + transmission, _ := sch.Generate(prng, 64) + reception, _ := sch.Generate(prng, 64) + + u, err := NewUser(kv, uid, uid, salt, salt, transmission, + reception, false, dhPrivKey, dhPubKey) if err != nil || u == nil { t.Errorf("Failed to create new user: %+v", err) } @@ -170,6 +185,8 @@ func TestUser_loadRegistrationValidationSignature(t *testing.T) { // Test User's getter/setter functions for TimeStamp func TestUser_GetRegistrationTimestamp(t *testing.T) { + sch := rsa.GetScheme() + kv := versioned.NewKV(ekv.MakeMemstore()) uid := id.NewIdFromString("test", id.User, t) salt := []byte("salt") @@ -180,8 +197,11 @@ func TestUser_GetRegistrationTimestamp(t *testing.T) { diffieHellman.DefaultPrivateKeyLength, grp, prng) dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp) - u, err := NewUser(kv, uid, uid, salt, salt, &rsa.PrivateKey{}, - &rsa.PrivateKey{}, false, dhPrivKey, dhPubKey) + transmission, _ := sch.Generate(prng, 64) + reception, _ := sch.Generate(prng, 64) + + u, err := NewUser(kv, uid, uid, salt, salt, transmission, + reception, false, dhPrivKey, dhPubKey) if err != nil || u == nil { t.Errorf("Failed to create new user: %+v", err) } @@ -227,6 +247,8 @@ func TestUser_GetRegistrationTimestamp(t *testing.T) { // Test loading registrationTimestamp from the KV store func TestUser_loadRegistrationTimestamp(t *testing.T) { + sch := rsa.GetScheme() + kv := versioned.NewKV(ekv.MakeMemstore()) uid := id.NewIdFromString("test", id.User, t) salt := []byte("salt") @@ -237,8 +259,11 @@ func TestUser_loadRegistrationTimestamp(t *testing.T) { diffieHellman.DefaultPrivateKeyLength, grp, prng) dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp) - u, err := NewUser(kv, uid, uid, salt, salt, &rsa.PrivateKey{}, - &rsa.PrivateKey{}, false, dhPrivKey, dhPubKey) + transmission, _ := sch.Generate(prng, 64) + reception, _ := sch.Generate(prng, 64) + + u, err := NewUser(kv, uid, uid, salt, salt, transmission, + reception, false, dhPrivKey, dhPubKey) if err != nil || u == nil { t.Errorf("Failed to create new user: %+v", err) } diff --git a/storage/user/user.go b/storage/user/user.go index 984af7fee0cec1a0406b72d98e38b8ef06757911..d26e29781c9d9f1851c0c30024fd4f4cf54c7484 100644 --- a/storage/user/user.go +++ b/storage/user/user.go @@ -11,7 +11,7 @@ import ( "github.com/pkg/errors" "gitlab.com/elixxir/client/v4/storage/versioned" "gitlab.com/elixxir/crypto/cyclic" - "gitlab.com/xx_network/crypto/signature/rsa" + "gitlab.com/elixxir/crypto/rsa" "gitlab.com/xx_network/primitives/id" "sync" "time" @@ -34,7 +34,7 @@ type User struct { // builds a new user. func NewUser(kv *versioned.KV, transmissionID, receptionID *id.ID, transmissionSalt, - receptionSalt []byte, transmissionRsa, receptionRsa *rsa.PrivateKey, isPrecanned bool, + receptionSalt []byte, transmissionRsa, receptionRsa rsa.PrivateKey, isPrecanned bool, e2eDhPrivateKey, e2eDhPublicKey *cyclic.Int) (*User, error) { ci := newCryptographicIdentity(transmissionID, receptionID, transmissionSalt, diff --git a/storage/user/user_test.go b/storage/user/user_test.go index c8b97b9e30d304a323803d025645739bb76a6e7e..8a2169be9db7afb2e9d3e92839ce9099da5c44a4 100644 --- a/storage/user/user_test.go +++ b/storage/user/user_test.go @@ -11,9 +11,9 @@ import ( "gitlab.com/elixxir/client/v4/storage/versioned" "gitlab.com/elixxir/crypto/cyclic" "gitlab.com/elixxir/crypto/diffieHellman" + "gitlab.com/elixxir/crypto/rsa" "gitlab.com/elixxir/ekv" "gitlab.com/xx_network/crypto/large" - "gitlab.com/xx_network/crypto/signature/rsa" "gitlab.com/xx_network/primitives/id" "math/rand" "testing" @@ -21,6 +21,8 @@ import ( // Test loading user from a KV store func TestLoadUser(t *testing.T) { + sch := rsa.GetScheme() + kv := versioned.NewKV(ekv.MakeMemstore()) _, err := LoadUser(kv) @@ -37,8 +39,11 @@ func TestLoadUser(t *testing.T) { diffieHellman.DefaultPrivateKeyLength, grp, prng) dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp) - ci := newCryptographicIdentity(uid, uid, salt, salt, &rsa.PrivateKey{}, - &rsa.PrivateKey{}, false, dhPrivKey, dhPubKey, kv) + transmission, _ := sch.Generate(prng, 64) + reception, _ := sch.Generate(prng, 64) + + ci := newCryptographicIdentity(uid, uid, salt, salt, transmission, + reception, false, dhPrivKey, dhPubKey, kv) err = ci.save(kv) if err != nil { t.Errorf("Failed to save ci to kv: %+v", err) @@ -52,6 +57,8 @@ func TestLoadUser(t *testing.T) { // Test NewUser function func TestNewUser(t *testing.T) { + sch := rsa.GetScheme() + kv := versioned.NewKV(ekv.MakeMemstore()) uid := id.NewIdFromString("test", id.User, t) salt := []byte("salt") @@ -62,8 +69,11 @@ func TestNewUser(t *testing.T) { diffieHellman.DefaultPrivateKeyLength, grp, prng) dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp) - u, err := NewUser(kv, uid, uid, salt, salt, &rsa.PrivateKey{}, - &rsa.PrivateKey{}, false, dhPrivKey, dhPubKey) + transmission, _ := sch.Generate(prng, 64) + reception, _ := sch.Generate(prng, 64) + + u, err := NewUser(kv, uid, uid, salt, salt, transmission, + reception, false, dhPrivKey, dhPubKey) if err != nil || u == nil { t.Errorf("Failed to create new user: %+v", err) } diff --git a/storage/user/username_test.go b/storage/user/username_test.go index 34d617359e8ed7e463fa454ce0ea54867983a749..01ea538815a9bca6aa5b5a02f3547140c705a277 100644 --- a/storage/user/username_test.go +++ b/storage/user/username_test.go @@ -11,9 +11,9 @@ import ( "gitlab.com/elixxir/client/v4/storage/versioned" "gitlab.com/elixxir/crypto/cyclic" "gitlab.com/elixxir/crypto/diffieHellman" + "gitlab.com/elixxir/crypto/rsa" "gitlab.com/elixxir/ekv" "gitlab.com/xx_network/crypto/large" - "gitlab.com/xx_network/crypto/signature/rsa" "gitlab.com/xx_network/primitives/id" "gitlab.com/xx_network/primitives/netTime" "math/rand" @@ -22,6 +22,8 @@ import ( // Test normal function and errors for User's SetUsername function func TestUser_SetUsername(t *testing.T) { + sch := rsa.GetScheme() + kv := versioned.NewKV(ekv.MakeMemstore()) tid := id.NewIdFromString("trans", id.User, t) rid := id.NewIdFromString("recv", id.User, t) @@ -34,8 +36,11 @@ func TestUser_SetUsername(t *testing.T) { diffieHellman.DefaultPrivateKeyLength, grp, prng) dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp) - u, err := NewUser(kv, tid, rid, tsalt, rsalt, &rsa.PrivateKey{}, - &rsa.PrivateKey{}, false, dhPrivKey, dhPubKey) + transmission, _ := sch.Generate(prng, 64) + reception, _ := sch.Generate(prng, 64) + + u, err := NewUser(kv, tid, rid, tsalt, rsalt, transmission, + reception, false, dhPrivKey, dhPubKey) if err != nil || u == nil { t.Errorf("Failed to create new user: %+v", err) } @@ -64,6 +69,8 @@ func TestUser_SetUsername(t *testing.T) { // Test functionality of User's GetUsername function func TestUser_GetUsername(t *testing.T) { + sch := rsa.GetScheme() + kv := versioned.NewKV(ekv.MakeMemstore()) tid := id.NewIdFromString("trans", id.User, t) rid := id.NewIdFromString("recv", id.User, t) @@ -76,8 +83,11 @@ func TestUser_GetUsername(t *testing.T) { diffieHellman.DefaultPrivateKeyLength, grp, prng) dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp) - u, err := NewUser(kv, tid, rid, tsalt, rsalt, &rsa.PrivateKey{}, - &rsa.PrivateKey{}, false, dhPrivKey, dhPubKey) + transmission, _ := sch.Generate(prng, 64) + reception, _ := sch.Generate(prng, 64) + + u, err := NewUser(kv, tid, rid, tsalt, rsalt, transmission, + reception, false, dhPrivKey, dhPubKey) if err != nil || u == nil { t.Errorf("Failed to create new user: %+v", err) } @@ -100,6 +110,8 @@ func TestUser_GetUsername(t *testing.T) { // Test the loadUsername helper function func TestUser_loadUsername(t *testing.T) { + sch := rsa.GetScheme() + kv := versioned.NewKV(ekv.MakeMemstore()) tid := id.NewIdFromString("trans", id.User, t) rid := id.NewIdFromString("recv", id.User, t) @@ -112,8 +124,11 @@ func TestUser_loadUsername(t *testing.T) { diffieHellman.DefaultPrivateKeyLength, grp, prng) dhPubKey := diffieHellman.GeneratePublicKey(dhPrivKey, grp) - u, err := NewUser(kv, tid, rid, tsalt, rsalt, &rsa.PrivateKey{}, - &rsa.PrivateKey{}, false, dhPrivKey, dhPubKey) + transmission, _ := sch.Generate(prng, 64) + reception, _ := sch.Generate(prng, 64) + + u, err := NewUser(kv, tid, rid, tsalt, rsalt, transmission, + reception, false, dhPrivKey, dhPubKey) if err != nil || u == nil { t.Errorf("Failed to create new user: %+v", err) } diff --git a/ud/addFact.go b/ud/addFact.go index 069a4f4251800b92d12751a45cdaa24dbd73008b..ed80c480da2cb3dc33b988367067fcac35a7b3d7 100644 --- a/ud/addFact.go +++ b/ud/addFact.go @@ -14,7 +14,6 @@ import ( "gitlab.com/elixxir/crypto/factID" "gitlab.com/elixxir/crypto/hash" "gitlab.com/elixxir/primitives/fact" - "gitlab.com/xx_network/crypto/signature/rsa" "gitlab.com/xx_network/primitives/id" ) @@ -53,7 +52,7 @@ func (m *Manager) addFact(inFact fact.Fact, myId *id.ID, } stream := m.getRng().GetStream() defer stream.Close() - fSig, err := rsa.Sign(stream, privKey, hash.CMixHash, fHash, nil) + fSig, err := privKey.SignPSS(stream, hash.CMixHash, fHash, nil) if err != nil { return "", err } diff --git a/ud/channelIDTracking_test.go b/ud/channelIDTracking_test.go index 7a3c6c1cb564b6c59e1544a49efd61605a129479..a0ae578436648f5b0bcdad5dff159b817ea2f25e 100644 --- a/ud/channelIDTracking_test.go +++ b/ud/channelIDTracking_test.go @@ -8,9 +8,9 @@ import ( "github.com/stretchr/testify/require" + "gitlab.com/elixxir/crypto/rsa" "gitlab.com/xx_network/comms/connect" "gitlab.com/xx_network/crypto/csprng" - "gitlab.com/xx_network/crypto/signature/rsa" "gitlab.com/xx_network/primitives/id" "gitlab.com/elixxir/client/v4/event" @@ -79,7 +79,8 @@ func TestChannelIDTracking(t *testing.T) { // comms AddHost stream := rngGen.GetStream() - privKey, err := rsa.GenerateKey(stream, 1024) + sch := rsa.GetScheme() + privKey, err := sch.Generate(stream, 1024) require.NoError(t, err) tnm := newTestNetworkManager(t) @@ -123,7 +124,7 @@ func TestChannelIDTracking(t *testing.T) { rsaPrivKey, err := m.user.GetReceptionIdentity().GetRSAPrivateKey() require.NoError(t, err) - comms.SetUserRSAPubKey(rsaPrivKey.GetPublic()) + comms.SetUserRSAPubKey(rsaPrivKey.Public()) comms.SetUDEd25519PrivateKey(&udPrivKey) comms.SetUsername(username) diff --git a/ud/mockComms_test.go b/ud/mockComms_test.go index b77efc11a502e72036b343708e993ede522f46ba..fbd571b46d9b85b43d37e0ba2e5d1e99f4e85a4a 100644 --- a/ud/mockComms_test.go +++ b/ud/mockComms_test.go @@ -11,9 +11,9 @@ import ( "crypto/ed25519" "time" + "gitlab.com/elixxir/crypto/rsa" "gitlab.com/xx_network/comms/connect" "gitlab.com/xx_network/comms/messages" - "gitlab.com/xx_network/crypto/signature/rsa" "gitlab.com/xx_network/primitives/id" pb "gitlab.com/elixxir/comms/mixmessages" @@ -22,7 +22,7 @@ import ( type mockComms struct { udHost *connect.Host - userRsaPub *rsa.PublicKey + userRsaPub rsa.PublicKey userEd25519PubKey []byte udPrivKey *ed25519.PrivateKey username string @@ -66,7 +66,7 @@ func (m *mockComms) SetUDEd25519PrivateKey(key *ed25519.PrivateKey) { m.udPrivKey = key } -func (m *mockComms) SetUserRSAPubKey(userRsaPub *rsa.PublicKey) { +func (m *mockComms) SetUserRSAPubKey(userRsaPub rsa.PublicKey) { m.userRsaPub = userRsaPub } diff --git a/ud/mockE2e_test.go b/ud/mockE2e_test.go index 99b03bf625fe3e0b968d68ebf704efd52abda502..390338a448130037fa8460722ed993cedb38d817 100644 --- a/ud/mockE2e_test.go +++ b/ud/mockE2e_test.go @@ -24,8 +24,8 @@ import ( "gitlab.com/elixxir/crypto/cyclic" cryptoE2e "gitlab.com/elixxir/crypto/e2e" "gitlab.com/elixxir/crypto/fastRNG" + "gitlab.com/elixxir/crypto/rsa" "gitlab.com/xx_network/crypto/csprng" - "gitlab.com/xx_network/crypto/signature/rsa" "gitlab.com/xx_network/primitives/id" "testing" "time" @@ -43,7 +43,7 @@ type mockE2e struct { network cmix.Client mockStore mockStorage t testing.TB - key *rsa.PrivateKey + key rsa.PrivateKey } func (m mockE2e) GetBackupContainer() *xxdk.Container { @@ -61,7 +61,7 @@ func (m mockE2e) GetReceptionIdentity() xxdk.ReceptionIdentity { return xxdk.ReceptionIdentity{ ID: id.NewIdFromString("test", id.User, m.t), - RSAPrivatePem: rsa.CreatePrivateKeyPem(m.key), + RSAPrivatePem: m.key.MarshalPem(), Salt: []byte("test"), DHKeyPrivate: dhPrivKey, E2eGrp: grp, diff --git a/ud/mockStore_test.go b/ud/mockStore_test.go index c86276a77587b69729ed450050690fe0bf58ae64..f2fb390adcd7dfb3a3ec672c9fb0cb7bbf47f441 100644 --- a/ud/mockStore_test.go +++ b/ud/mockStore_test.go @@ -12,9 +12,9 @@ import ( "gitlab.com/elixxir/client/v4/storage/user" "gitlab.com/elixxir/client/v4/storage/versioned" "gitlab.com/elixxir/crypto/cyclic" + "gitlab.com/elixxir/crypto/rsa" "gitlab.com/elixxir/ekv" "gitlab.com/elixxir/primitives/version" - "gitlab.com/xx_network/crypto/signature/rsa" "gitlab.com/xx_network/primitives/id" "gitlab.com/xx_network/primitives/ndf" "time" @@ -106,12 +106,12 @@ func (m mockStorage) GetReceptionSalt() []byte { panic("implement me") } -func (m mockStorage) GetReceptionRSA() *rsa.PrivateKey { +func (m mockStorage) GetReceptionRSA() rsa.PrivateKey { //TODO implement me panic("implement me") } -func (m mockStorage) GetTransmissionRSA() *rsa.PrivateKey { +func (m mockStorage) GetTransmissionRSA() rsa.PrivateKey { //TODO implement me panic("implement me") } diff --git a/ud/register.go b/ud/register.go index 0cf1f7ba80fe6e1507873db227d9c83f054da68d..f9e76eb8518292eb3169ba601e8088db2fab5cf1 100644 --- a/ud/register.go +++ b/ud/register.go @@ -16,7 +16,6 @@ import ( "gitlab.com/elixxir/crypto/hash" "gitlab.com/elixxir/primitives/fact" "gitlab.com/xx_network/crypto/csprng" - "gitlab.com/xx_network/crypto/signature/rsa" ) // register initiates registration with user discovery given a specified @@ -43,7 +42,7 @@ func (m *Manager) register(username string, networkSignature []byte, // Construct the user registration message msg := &pb.UDBUserRegistration{ PermissioningSignature: networkSignature, - RSAPublicPem: string(rsa.CreatePublicKeyPem(privKey.GetPublic())), + RSAPublicPem: string(privKey.Public().MarshalPem()), IdentityRegistration: &pb.Identity{ Username: username, DhPubKey: dhKeyPub.Bytes(), @@ -55,7 +54,7 @@ func (m *Manager) register(username string, networkSignature []byte, // Sign the identity data and add to user registration message identityDigest := msg.IdentityRegistration.Digest() - msg.IdentitySignature, err = rsa.Sign(rng, privKey, + msg.IdentitySignature, err = privKey.SignPSS(rng, hash.CMixHash, identityDigest, nil) if err != nil { return errors.Errorf("Failed to sign user's IdentityRegistration: %+v", err) @@ -69,7 +68,7 @@ func (m *Manager) register(username string, networkSignature []byte, // Hash and sign fact hashedFact := factID.Fingerprint(usernameFact) - signedFact, err := rsa.Sign(rng, privKey, hash.CMixHash, hashedFact, nil) + signedFact, err := privKey.SignPSS(rng, hash.CMixHash, hashedFact, nil) if err != nil { return errors.Errorf("Failed to sign fact: %v", err) } diff --git a/ud/remove.go b/ud/remove.go index e2a719c70f6e0d40659dbf0b6dbbedb3b327632d..d2dbb6c6157a918e0b051e6fbcd0d505c63f5653 100644 --- a/ud/remove.go +++ b/ud/remove.go @@ -14,9 +14,9 @@ import ( "gitlab.com/elixxir/comms/mixmessages" "gitlab.com/elixxir/crypto/factID" "gitlab.com/elixxir/crypto/hash" + "gitlab.com/elixxir/crypto/rsa" "gitlab.com/elixxir/primitives/fact" "gitlab.com/xx_network/comms/connect" - "gitlab.com/xx_network/crypto/signature/rsa" "gitlab.com/xx_network/primitives/id" ) @@ -58,7 +58,7 @@ func (m *Manager) removeFact(f fact.Fact, } stream := m.getRng().GetStream() defer stream.Close() - fSig, err := rsa.Sign(stream, privKey, hash.CMixHash, fHash, nil) + fSig, err := privKey.SignPSS(stream, hash.CMixHash, fHash, nil) if err != nil { return err } @@ -99,7 +99,7 @@ func (m *Manager) PermanentDeleteAccount(f fact.Fact) error { } // permanentDeleteAccount is a helper function for PermanentDeleteAccount. -func (m *Manager) permanentDeleteAccount(f fact.Fact, myId *id.ID, privateKey *rsa.PrivateKey, +func (m *Manager) permanentDeleteAccount(f fact.Fact, myId *id.ID, privateKey rsa.PrivateKey, rFC removeUserComms, udHost *connect.Host) error { // Construct the message to send @@ -115,7 +115,7 @@ func (m *Manager) permanentDeleteAccount(f fact.Fact, myId *id.ID, privateKey *r // Sign our inFact for putting into the request stream := m.getRng().GetStream() defer stream.Close() - fsig, err := rsa.Sign(stream, privateKey, hash.CMixHash, fHash, nil) + fsig, err := privateKey.SignPSS(stream, hash.CMixHash, fHash, nil) if err != nil { return err } diff --git a/ud/utils_test.go b/ud/utils_test.go index 1ffce2b8452bea4d086c23c7b3a2f832d91d8512..9152dbec17fcbc50965a5b2829e57e6aec1ac9c8 100644 --- a/ud/utils_test.go +++ b/ud/utils_test.go @@ -20,10 +20,10 @@ import ( "gitlab.com/elixxir/crypto/contact" "gitlab.com/elixxir/crypto/cyclic" "gitlab.com/elixxir/crypto/fastRNG" + "gitlab.com/elixxir/crypto/rsa" "gitlab.com/elixxir/ekv" "gitlab.com/xx_network/crypto/csprng" "gitlab.com/xx_network/crypto/large" - "gitlab.com/xx_network/crypto/signature/rsa" "io" "math/rand" "testing" @@ -42,9 +42,11 @@ func newTestManager(t *testing.T) (*Manager, *testNetworkManager) { t.Fatalf("Failed to initialize store %v", err) } + sch := rsa.GetScheme() + rngGen := fastRNG.NewStreamGenerator(1000, 10, csprng.NewSystemRNG) stream := rngGen.GetStream() - privKey, err := rsa.GenerateKey(stream, 1024) + privKey, err := sch.Generate(stream, 1024) stream.Close() // Create our Manager object @@ -155,7 +157,7 @@ func getGroup() *cyclic.Group { type mockUser struct { testing *testing.T - key *rsa.PrivateKey + key rsa.PrivateKey } func (m mockUser) PortableUserInfo() user.Info { diff --git a/xxdk/cmix.go b/xxdk/cmix.go index b81ea31c8ebdef8e0ee4a15ec1d0f2cce508a90a..26f51d277ced788ce6e02959a5371df10f53db2f 100644 --- a/xxdk/cmix.go +++ b/xxdk/cmix.go @@ -29,7 +29,6 @@ import ( "gitlab.com/xx_network/comms/connect" "gitlab.com/xx_network/crypto/csprng" "gitlab.com/xx_network/crypto/large" - "gitlab.com/xx_network/crypto/signature/rsa" "gitlab.com/xx_network/primitives/id" "gitlab.com/xx_network/primitives/ndf" "gitlab.com/xx_network/primitives/region" @@ -253,8 +252,8 @@ func (c *Cmix) initComms() error { // get the user from session transmissionIdentity := c.GetTransmissionIdentity() privKey := transmissionIdentity.RSAPrivatePem - pubPEM := rsa.CreatePublicKeyPem(privKey.GetPublic()) - privPEM := rsa.CreatePrivateKeyPem(privKey) + pubPEM := privKey.Public().MarshalPem() + privPEM := privKey.MarshalPem() // start comms c.comms, err = client.NewClientComms(transmissionIdentity.ID, diff --git a/xxdk/e2e.go b/xxdk/e2e.go index fd2b95f589b3a3476e2a0017304867850af37ba6..37354667d1ffd0db32cb08a0ac432c4a6c03acff 100644 --- a/xxdk/e2e.go +++ b/xxdk/e2e.go @@ -121,7 +121,7 @@ func login(net *Cmix, callbacks AuthCallbacks, identity ReceptionIdentity, if err != nil { return nil, err } - generatedId, err := xx.NewID(privatePem.GetPublic(), identity.Salt, id.User) + generatedId, err := xx.NewID(privatePem.Public().GetOldRSA(), identity.Salt, id.User) if err != nil { return nil, err } diff --git a/xxdk/identity.go b/xxdk/identity.go index 867b8646986e5d4d9b95783ec341508c4ad1bdf4..7deee60c71cae0ab9b9ce50947b0ff80712c567a 100644 --- a/xxdk/identity.go +++ b/xxdk/identity.go @@ -16,7 +16,7 @@ import ( "gitlab.com/elixxir/crypto/contact" "gitlab.com/elixxir/crypto/cyclic" "gitlab.com/elixxir/crypto/diffieHellman" - "gitlab.com/xx_network/crypto/signature/rsa" + "gitlab.com/elixxir/crypto/rsa" "gitlab.com/xx_network/crypto/xx" "gitlab.com/xx_network/primitives/id" "gitlab.com/xx_network/primitives/netTime" @@ -82,8 +82,9 @@ func (r ReceptionIdentity) GetDHKeyPrivate() (*cyclic.Int, error) { } // GetRSAPrivateKey returns the RSAPrivatePem. -func (r ReceptionIdentity) GetRSAPrivateKey() (*rsa.PrivateKey, error) { - return rsa.LoadPrivateKeyFromPem(r.RSAPrivatePem) +func (r ReceptionIdentity) GetRSAPrivateKey() (rsa.PrivateKey, error) { + sch := rsa.GetScheme() + return sch.UnmarshalPrivateKeyPEM(r.RSAPrivatePem) } // GetGroup returns the cyclic.Group. @@ -99,8 +100,10 @@ func MakeReceptionIdentity(net *Cmix) (ReceptionIdentity, error) { defer rng.Close() grp := net.GetStorage().GetE2EGroup() + sch := rsa.GetScheme() + // Make RSA Key - rsaKey, err := rsa.GenerateKey(rng, rsa.DefaultRSABitLen) + rsaKey, err := sch.GenerateDefault(rng) if err != nil { return ReceptionIdentity{}, err } @@ -113,7 +116,7 @@ func MakeReceptionIdentity(net *Cmix) (ReceptionIdentity, error) { privKey := diffieHellman.GeneratePrivateKey(len(grp.GetPBytes()), grp, rng) // make the ID - newId, err := xx.NewID(rsaKey.GetPublic(), salt, id.User) + newId, err := xx.NewID(rsaKey.Public().GetOldRSA(), salt, id.User) if err != nil { return ReceptionIdentity{}, err } @@ -129,7 +132,7 @@ func MakeReceptionIdentity(net *Cmix) (ReceptionIdentity, error) { } // Create the identity object - rsaPem := rsa.CreatePrivateKeyPem(rsaKey) + rsaPem := rsaKey.MarshalPem() I := ReceptionIdentity{ ID: newId, RSAPrivatePem: rsaPem, @@ -185,7 +188,7 @@ func (r ReceptionIdentity) GetContact() contact.Contact { // buildReceptionIdentity creates a new ReceptionIdentity from the given // user.Info. func buildReceptionIdentity(receptionId *id.ID, receptionSalt []byte, - receptionRsa *rsa.PrivateKey, e2eGrp *cyclic.Group, dHPrivkey *cyclic.Int) ( + receptionRsa rsa.PrivateKey, e2eGrp *cyclic.Group, dHPrivkey *cyclic.Int) ( ReceptionIdentity, error) { saltCopy := make([]byte, len(receptionSalt)) copy(saltCopy, receptionSalt) @@ -201,7 +204,7 @@ func buildReceptionIdentity(receptionId *id.ID, receptionSalt []byte, return ReceptionIdentity{ ID: receptionId.DeepCopy(), - RSAPrivatePem: rsa.CreatePrivateKeyPem(receptionRsa), + RSAPrivatePem: receptionRsa.MarshalPem(), Salt: saltCopy, DHKeyPrivate: privKey, E2eGrp: grp, @@ -212,7 +215,7 @@ func buildReceptionIdentity(receptionId *id.ID, receptionSalt []byte, // network via a specific Cmix object. type TransmissionIdentity struct { ID *id.ID - RSAPrivatePem *rsa.PrivateKey + RSAPrivatePem rsa.PrivateKey Salt []byte // Timestamp of when the user has registered with the network diff --git a/xxdk/notifications.go b/xxdk/notifications.go index f5a9ce96b3cb34765aad2dd2311f0bfec59ded95..cff96b1de704bae9bed5f2fbb7fd1432f4e98bcf 100644 --- a/xxdk/notifications.go +++ b/xxdk/notifications.go @@ -12,7 +12,6 @@ import ( jww "github.com/spf13/jwalterweatherman" "gitlab.com/elixxir/comms/mixmessages" "gitlab.com/elixxir/crypto/hash" - "gitlab.com/xx_network/crypto/signature/rsa" "gitlab.com/xx_network/primitives/id" "gitlab.com/xx_network/primitives/id/ephemeral" ) @@ -35,7 +34,7 @@ func (m *E2e) RegisterForNotifications(token string) error { } privKey := m.GetStorage().GetTransmissionRSA() - pubPEM := rsa.CreatePublicKeyPem(privKey.GetPublic()) + pubPEM := privKey.Public().MarshalPem() regSig := m.GetStorage().GetTransmissionRegistrationValidationSignature() regTS := m.GetStorage().GetRegistrationTimestamp() @@ -105,8 +104,7 @@ func (m *E2e) getIidAndSig() ([]byte, []byte, error) { } stream := m.GetRng().GetStream() - sig, err := rsa.Sign(stream, - m.GetStorage().GetTransmissionRSA(), + sig, err := m.GetStorage().GetTransmissionRSA().SignPSS(stream, hash.CMixHash, h.Sum(nil), nil) if err != nil { return nil, nil, errors.WithMessage(err, diff --git a/xxdk/permissioning.go b/xxdk/permissioning.go index 55a62dbabd9dc19ee391f0acd91984b7d78173ed..46df9bd8dc91a12a4ff99ad89c378548a2356b05 100644 --- a/xxdk/permissioning.go +++ b/xxdk/permissioning.go @@ -17,8 +17,8 @@ import ( // registerWithPermissioning returns an error if registration fails. func (c *Cmix) registerWithPermissioning() error { // Get the users public key - transmissionPubKey := c.storage.GetTransmissionRSA().GetPublic() - receptionPubKey := c.storage.GetReceptionRSA().GetPublic() + transmissionPubKey := c.storage.GetTransmissionRSA().Public() + receptionPubKey := c.storage.GetReceptionRSA().Public() // Load the registration code regCode, err := c.storage.GetRegCode() diff --git a/xxdk/user.go b/xxdk/user.go index cac845864c7836b742a391bc2785f3d20c36d986..aaeee9ead0054c132fb166b63fe77ea7bb28a2ad 100644 --- a/xxdk/user.go +++ b/xxdk/user.go @@ -21,8 +21,8 @@ import ( "gitlab.com/elixxir/client/v4/storage/user" "gitlab.com/elixxir/crypto/cyclic" "gitlab.com/elixxir/crypto/fastRNG" + "gitlab.com/elixxir/crypto/rsa" "gitlab.com/xx_network/crypto/csprng" - "gitlab.com/xx_network/crypto/signature/rsa" "gitlab.com/xx_network/crypto/xx" "gitlab.com/xx_network/primitives/id" ) @@ -35,19 +35,19 @@ const ( // createNewUser generates an identity for cMix. func createNewUser(rng *fastRNG.StreamGenerator, e2eGroup *cyclic.Group) user.Info { // CMIX Keygen - var transmissionRsaKey, receptionRsaKey *rsa.PrivateKey + var transmissionRsaKey, receptionRsaKey rsa.PrivateKey var transmissionSalt, receptionSalt []byte e2eKeyBytes, transmissionSalt, receptionSalt, transmissionRsaKey, receptionRsaKey := createKeys(rng, e2eGroup) - transmissionID, err := xx.NewID(transmissionRsaKey.GetPublic(), + transmissionID, err := xx.NewID(transmissionRsaKey.Public().GetOldRSA(), transmissionSalt, id.User) if err != nil { jww.FATAL.Panicf(err.Error()) } - receptionID, err := xx.NewID(receptionRsaKey.GetPublic(), + receptionID, err := xx.NewID(receptionRsaKey.Public().GetOldRSA(), receptionSalt, id.User) if err != nil { jww.FATAL.Panicf(err.Error()) @@ -69,7 +69,8 @@ func createNewUser(rng *fastRNG.StreamGenerator, e2eGroup *cyclic.Group) user.In func createKeys(rng *fastRNG.StreamGenerator, e2e *cyclic.Group) ( e2eKeyBytes, transmissionSalt, receptionSalt []byte, - transmissionRsaKey, receptionRsaKey *rsa.PrivateKey) { + transmissionRsaKey, receptionRsaKey rsa.PrivateKey) { + sch := rsa.GetScheme() wg := sync.WaitGroup{} wg.Add(3) @@ -94,7 +95,7 @@ func createKeys(rng *fastRNG.StreamGenerator, e2e *cyclic.Group) ( defer wg.Done() var err error stream := rng.GetStream() - transmissionRsaKey, err = rsa.GenerateKey(stream, rsa.DefaultRSABitLen) + transmissionRsaKey, err = sch.GenerateDefault(stream) if err != nil { jww.FATAL.Panicf(err.Error()) } @@ -110,7 +111,7 @@ func createKeys(rng *fastRNG.StreamGenerator, e2e *cyclic.Group) ( defer wg.Done() var err error stream := rng.GetStream() - receptionRsaKey, err = rsa.GenerateKey(stream, rsa.DefaultRSABitLen) + receptionRsaKey, err = sch.GenerateDefault(stream) if err != nil { jww.FATAL.Panicf(err.Error()) } @@ -137,8 +138,10 @@ func createNewVanityUser(rng csprng.Source, e2eKey := diffieHellman.GeneratePrivateKey(keyLen, e2e, rng) + sch := rsa.GetScheme() + // RSA Keygen (4096 bit defaults) - transmissionRsaKey, err := rsa.GenerateKey(rng, rsa.DefaultRSABitLen) + transmissionRsaKey, err := sch.GenerateDefault(rng) if err != nil { jww.FATAL.Panicf(err.Error()) } @@ -152,13 +155,13 @@ func createNewVanityUser(rng csprng.Source, if n != SaltSize { jww.FATAL.Panicf("transmissionSalt size too small: %d", n) } - transmissionID, err := xx.NewID(transmissionRsaKey.GetPublic(), + transmissionID, err := xx.NewID(transmissionRsaKey.Public().GetOldRSA(), transmissionSalt, id.User) if err != nil { jww.FATAL.Panicf(err.Error()) } - receptionRsaKey, err := rsa.GenerateKey(rng, rsa.DefaultRSABitLen) + receptionRsaKey, err := sch.GenerateDefault(rng) if err != nil { jww.FATAL.Panicf(err.Error()) } @@ -212,7 +215,7 @@ func createNewVanityUser(rng csprng.Source, n) } rID, err := xx.NewID( - receptionRsaKey.GetPublic(), + receptionRsaKey.Public().GetOldRSA(), rSalt, id.User) if err != nil { jww.FATAL.Panicf(err.Error()) @@ -262,8 +265,10 @@ func createPrecannedUser(precannedID uint, rng csprng.Source, grp *cyclic.Group) binary.BigEndian.PutUint64(userID[:], uint64(precannedID)) userID.SetType(id.User) + sch := rsa.GetScheme() + // NOTE: not used... RSA Keygen (4096 bit defaults) - rsaKey, err := rsa.GenerateKey(rng, rsa.DefaultRSABitLen) + rsaKey, err := sch.GenerateDefault(rng) if err != nil { jww.FATAL.Panicf(err.Error()) }