feat: wip atkeys stuff

atsign-foundation · Oct 15, 2024 · d80994f · d80994f
1 parent 34efa1e
commit d80994f
Show file tree

Hide file tree

Showing 5 changed files with 328 additions and 13 deletions.
diff --git a/examples/desktop/repl/src/main.c b/examples/desktop/repl/src/main.c
@@ -217,4 +217,4 @@ static int start_repl_loop(atclient *atclient, repl_args *repl_args) {
   atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_INFO, "Exiting REPL loop...\n");
   ret = 0;
 exit: { return ret; }
-}
+}
diff --git a/packages/atclient/include/atclient/atkeys.h b/packages/atclient/include/atclient/atkeys.h
@@ -162,4 +162,8 @@ int atclient_atkeys_populate_from_path(atclient_atkeys *atkeys, const char *path
  */
 int atclient_atkeys_populate_from_string(atclient_atkeys *atkeys, const char *file_string);
 
+int atclient_atkeys_write_to_atkeys_file(atclient_atkeys *atkeys, atclient_atkeys_file *atkeys_file);
+
+int atclient_atkeys_write_to_path(atclient_atkeys *atkeys, const char *path);
+
 #endif
diff --git a/packages/atclient/include/atclient/atkeys_file.h b/packages/atclient/include/atclient/atkeys_file.h
@@ -63,6 +63,14 @@ int atclient_atkeys_file_from_path(atclient_atkeys_file *atkeys_file, const char
  */
 int atclient_atkeys_file_from_string(atclient_atkeys_file *atkeys_file, const char *file_string);
 
+/**
+ * @brief Write the struct to a file.
+ * 
+ * @param atkeys_file the struct to be written to the file, assumed to be NON-NULL and initialized with atclient_atkeys_file_init
+ * @param path  Example "$HOME/.atsign/keys/@alice_key.atKeys"
+ */
+int atclient_atkeys_file_write_to_path(atclient_atkeys_file *atkeys_file, const char *path);
+
 /**
  * @brief Free the struct of any memory that was allocated during its lifetime
  *

diff --git a/packages/atclient/src/atkeys.c b/packages/atclient/src/atkeys.c
@@ -1,4 +1,5 @@
 #include "atclient/atkeys.h"
+#include "atclient/atkeys_file.h"
 #include "atlogger/atlogger.h"
 #include <atchops/aes_ctr.h>
 #include <atchops/base64.h>
@@ -812,6 +813,197 @@ exit: {
 }
 }
 
+int atclient_atkeys_write_to_atkeys_file(atclient_atkeys *atkeys, atclient_atkeys_file *atkeys_file) {
+  int ret = 1;
+
+  /*
+   * 1. Validate arguments
+   */
+  if (atkeys == NULL) {
+    ret = 1;
+    atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "atkeys is NULL\n");
+    return ret;
+  }
+
+  // mandatory field that constitutes an atSign's atkeys
+  if (!atclient_atkeys_is_encrypt_private_key_base64_initialized(atkeys)) {
+    ret = 1;
+    atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "encrypt private key is not initialized\n");
+    return ret;
+  }
+
+  // mandatory field that constitutes an atSign's atkeys
+  if (!atclient_atkeys_is_encrypt_public_key_base64_initialized(atkeys)) {
+    ret = 1;
+    atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "encrypt public key is not initialized\n");
+    return ret;
+  }
+
+  // mandatory field that constitutes an atSign's atkeys
+  if (!atclient_atkeys_is_pkam_private_key_base64_initialized(atkeys)) {
+    ret = 1;
+    atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "pkam private key is not initialized\n");
+    return ret;
+  }
+
+  // mandatory field that constitutes an atSign's atkeys
+  if (!atclient_atkeys_is_pkam_public_key_base64_initialized(atkeys)) {
+    ret = 1;
+    atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "pkam public key is not initialized\n");
+    return ret;
+  }
+
+  // mandatory field that constitutes an atSign's atkeys
+  if (!atclient_atkeys_is_self_encryption_key_base64_initialized(atkeys)) {
+    ret = 1;
+    atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "self encryption key is not initialized\n");
+    return ret;
+  }
+
+  if (atkeys_file == NULL) {
+    ret = 1;
+    atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "atkeys_file is NULL\n");
+    return ret;
+  }
+
+  /*
+   * 2. Variables
+   */
+  const size_t iv_size = ATCHOPS_IV_BUFFER_SIZE;
+  unsigned char iv[iv_size];
+
+  const size_t self_encryption_key_size = ATCHOPS_AES_256 / 8;
+  unsigned char self_encryption_key[self_encryption_key_size];
+
+  const size_t rsa_key_encrypted_size = atchops_base64_encoded_size(
+      strlen(atkeys->pkam_private_key_base64)); // use private key as the largest buffer size
+  unsigned char rsa_key_encrypted[rsa_key_encrypted_size];
+  size_t rsa_key_encrypted_len = 0;
+
+  /*
+   * 3. Prepare self encryption key for use
+   */
+  if ((ret = atchops_base64_decode((unsigned char *)atkeys->self_encryption_key_base64,
+                                   strlen(atkeys->self_encryption_key_base64), self_encryption_key,
+                                   self_encryption_key_size, NULL)) != 0) {
+    atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "base64 decode self encryption key: %d\n", ret);
+    goto exit;
+  }
+
+  /*
+   * 4. Encrypt and write to atkeys file
+   */
+
+  // 4a. pkam public key
+  memset(iv, 0, sizeof(unsigned char) * iv_size); // Use legacy IV
+  memset(rsa_key_encrypted, 0, sizeof(unsigned char) * rsa_key_encrypted_size);
+  if ((ret = atchops_aes_ctr_encrypt(self_encryption_key, ATCHOPS_AES_256, iv,
+                                     (unsigned char *)atkeys->pkam_public_key_base64,
+                                     strlen(atkeys->pkam_public_key_base64), rsa_key_encrypted, rsa_key_encrypted_size,
+                                     &rsa_key_encrypted_len)) != 0) {
+    atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "encrypt pkam public key: %d\n", ret);
+    goto exit;
+  }
+
+  if ((ret = atclient_atkeys_file_set_aes_pkam_public_key_str(atkeys_file, (const char *)rsa_key_encrypted,
+                                                              rsa_key_encrypted_len)) != 0) {
+    atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "set aes pkam public key str: %d\n", ret);
+    goto exit;
+  }
+
+  // 4b. pkam private key
+  memset(iv, 0, sizeof(unsigned char) * iv_size); // Use legacy IV
+  memset(rsa_key_encrypted, 0, sizeof(unsigned char) * rsa_key_encrypted_size);
+  if ((ret = atchops_aes_ctr_encrypt(self_encryption_key, ATCHOPS_AES_256, iv,
+                                     (unsigned char *)atkeys->pkam_private_key_base64,
+                                     strlen(atkeys->pkam_private_key_base64), rsa_key_encrypted, rsa_key_encrypted_size,
+                                     &rsa_key_encrypted_len)) != 0) {
+    atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "encrypt pkam private key: %d\n", ret);
+    goto exit;
+  }
+
+  if ((ret = atclient_atkeys_file_set_aes_pkam_private_key_str(atkeys_file, (const char *)rsa_key_encrypted,
+                                                               rsa_key_encrypted_len)) != 0) {
+    atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "set aes pkam private key str: %d\n", ret);
+    goto exit;
+  }
+
+  // 4c. encrypt public key
+  memset(iv, 0, sizeof(unsigned char) * iv_size); // Use legacy IV
+  memset(rsa_key_encrypted, 0, sizeof(unsigned char) * rsa_key_encrypted_size);
+  if ((ret = atchops_aes_ctr_encrypt(self_encryption_key, ATCHOPS_AES_256, iv,
+                                     (unsigned char *)atkeys->encrypt_public_key_base64,
+                                     strlen(atkeys->encrypt_public_key_base64), rsa_key_encrypted,
+                                     rsa_key_encrypted_size, &rsa_key_encrypted_len)) != 0) {
+    atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "encrypt encrypt public key: %d\n", ret);
+    goto exit;
+  }
+
+  if ((ret = atclient_atkeys_file_set_aes_encrypt_public_key_str(atkeys_file, (const char *)rsa_key_encrypted,
+                                                                 rsa_key_encrypted_len)) != 0) {
+    atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "set aes encrypt public key str: %d\n", ret);
+    goto exit;
+  }
+
+  // 4d. encrypt private key
+  memset(iv, 0, sizeof(unsigned char) * iv_size); // Use legacy IV
+  memset(rsa_key_encrypted, 0, sizeof(unsigned char) * rsa_key_encrypted_size);
+  if ((ret = atchops_aes_ctr_encrypt(self_encryption_key, ATCHOPS_AES_256, iv,
+                                     (unsigned char *)atkeys->encrypt_private_key_base64,
+                                     strlen(atkeys->encrypt_private_key_base64), rsa_key_encrypted,
+                                     rsa_key_encrypted_size, &rsa_key_encrypted_len)) != 0) {
+    atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "encrypt encrypt private key: %d\n", ret);
+    goto exit;
+  }
+
+  if ((ret = atclient_atkeys_file_set_aes_encrypt_private_key_str(atkeys_file, (const char *)rsa_key_encrypted,
+                                                                  rsa_key_encrypted_len)) != 0) {
+    atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "set aes encrypt private key str: %d\n", ret);
+    goto exit;
+  }
+
+  // 4e. self encryption key
+  if ((ret = atclient_atkeys_file_set_self_encryption_key_str(atkeys_file, atkeys->self_encryption_key_base64)) != 0) {
+    atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "set self encryption key str: %d\n", ret);
+    goto exit;
+  }
+
+  // 4f. enrollment id (optional)
+  if (atclient_atkeys_is_enrollment_id_initialized(atkeys)) {
+    if ((ret = atclient_atkeys_file_set_enrollment_id_str(atkeys_file, atkeys->enrollment_id)) != 0) {
+      atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "set enrollment id str: %d\n", ret);
+      goto exit;
+    }
+  }
+
+  ret = 0;
+
+exit: { return ret; }
+}
+
+int atclient_atkeys_write_to_path(atclient_atkeys *atkeys, const char *path) {
+  int ret = 1;
+
+  atclient_atkeys_file atkeys_file;
+  atclient_atkeys_file_init(&atkeys_file);
+
+  if ((ret = atclient_atkeys_write_to_atkeys_file(atkeys, &atkeys_file)) != 0) {
+    atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "atclient_atkeys_write_to_atkeys_file: %d\n", ret);
+    goto exit;
+  }
+
+  if ((ret = atclient_atkeys_file_write_to_path(&atkeys_file, path)) != 0) {
+    atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "atclient_atkeys_file_to_path: %d\n", ret);
+    goto exit;
+  }
+
+  ret = 0;
+exit: {
+  atclient_atkeys_file_free(&atkeys_file);
+  return ret;
+}
+}
+
 static bool is_pkam_public_key_base64_initialized(atclient_atkeys *atkeys) {
   return atkeys->_initialized_fields[ATCLIENT_ATKEYS_PKAM_PUBLIC_KEY_INDEX] &
          ATCLIENT_ATKEYS_PKAM_PUBLIC_KEY_INITIALIZED;