Make initial crypto work with guile goblins

Racket Goblins used to send the the key and signature in a racket specific format across the wire, this worked well when it was just racket goblins <-> racket goblins. However now we need a less implementation specific approach to allow for other implementations. This now uses the sexp format which is native to gcrypt. It includes converters to and from these gcrypt sexps when sending and receiving on the wire in CapTP. Note: There are more changes to crypto to do, at the very least around handoffs.
3 years ago · fd84c21a93
2 changed files with 55 additions and 6 deletions
--- a/goblins/ocapn/captp.rkt
+++ b/goblins/ocapn/captp.rkt
@ -38,6 +38,7 @@
         "structs-urls.rkt"
         (submod "structs-urls.rkt" marshall)
         "define-recordable-struct.rkt"
+         "crypto-converters.rkt"

         syrup

@ -1394,12 +1395,12 @@
          ;; TODO: Shouldn't the netlayer actually interpret this message
          ;;   before it gets here?  Ie, at this stage, we're already
          ;;   "confident" this is from the right location
-          [(mtp:op:start-session (and remote-encoded-pubkey
-                                      (list 'eddsa 'public 'ed25519 _))
+          [(mtp:op:start-session remote-encoded-pubkey
                                 (? ocapn-machine? claimed-remote-location)
                                 remote-location-sig)
+           (pk 'got-to-start-session)
           (define remote-handoff-pubkey
-             (datum->pk-key remote-encoded-pubkey 'rkt-public))
+             (datum->pk-key (gcrypt->racket/public-key remote-encoded-pubkey) 'rkt-public))
           ;; TODO: I guess we didn't know by the time this was opened
           ;;   what the remote location was going to be... that's part of the reason
           ;;   for the start-session message...
@ -1411,7 +1412,7 @@
           (unless (pk-verify remote-handoff-pubkey
                              (syrup-encode (record* 'my-location claimed-remote-location)
                                            #:marshallers marshallers)
-                              remote-location-sig)
+                              (gcrypt->racket/signature remote-location-sig))
             (error "Location not signed by handoff key"))

           ;; TODO: Now we need to do the dial back and verify that
@ -1484,9 +1485,9 @@

      ;; Now we'll need to send our side of the start-session and get the
      ;; other side... which will be handled by the ^setup-completer above
-      (send-to-remote (mtp:op:start-session handoff-pubkey
+      (send-to-remote (mtp:op:start-session (racket->gcrypt/public-key handoff-pubkey)
                                            our-location
-                                            our-location-sig))
+                                            (racket->gcrypt/signature our-location-sig)))
      
      ;; Return the meta-bootstrap-vow, which will be completed as above
      meta-bootstrap-vow]
--- a/goblins/ocapn/crypto-converters.rkt
+++ b/goblins/ocapn/crypto-converters.rkt
@ -0,0 +1,48 @@
+#lang racket
+
+;;; Copyright 2022 Jessica Tallon
+;;;
+;;; Licensed under the Apache License, Version 2.0 (the "License");
+;;; you may not use this file except in compliance with the License.
+;;; You may obtain a copy of the License at
+;;;
+;;;    http://www.apache.org/licenses/LICENSE-2.0
+;;;
+;;; Unless required by applicable law or agreed to in writing, software
+;;; distributed under the License is distributed on an "AS IS" BASIS,
+;;; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+;;; See the License for the specific language governing permissions and
+;;; limitations under the License.
+
+(provide racket->gcrypt/public-key
+         gcrypt->racket/public-key
+
+         racket->gcrypt/signature
+         gcrypt->racket/signature)
+
+(require racket/match)
+
+(define (racket->gcrypt/public-key public-key)
+  (match public-key
+    [(list 'eddsa 'public 'ed25519 data)
+     `(public-key (ecc (curve Ed25519) (flags eddsa) (q ,data)))]
+    [_ (error "Don't know how to encode key: ~a" public-key)]))
+
+(define (gcrypt->racket/public-key public-key)
+  (match public-key
+    [`(public-key (ecc (curve Ed25519) (flags eddsa) (q ,data)))
+     `(eddsa public ed25519 ,data)]))
+
+(define (racket->gcrypt/signature signature)
+  (let ((r (subbytes signature 0 32))
+        (s (subbytes signature 32)))
+    `(sig-val (eddsa (r ,r) (s ,s)))))
+
+(define (gcrypt->racket/signature signature)
+  (match signature
+    [`(sig-val (eddsa (r ,r) (s ,s)))
+     (bytes-append r
+                   (make-bytes (- 32 (bytes-length r)) 0)
+                   s
+                   (make-bytes (- 32 (bytes-length s)) 0))]
+    [_ (error "No matching signature: ~a" signature)]))