feat: don't use hardcoded key anymore

Signed-off-by: Martichou <m@rtin.fyi>
Martichou · Mar 2, 2024 · f36316d · f36316d
1 parent 2eaf7a3
commit f36316d
Show file tree

Hide file tree

Showing 6 changed files with 68 additions and 21 deletions.
diff --git a/core_lib/Cargo.lock b/core_lib/Cargo.lock
diff --git a/core_lib/Cargo.toml b/core_lib/Cargo.toml
@@ -1,4 +1,5 @@
-[package]
+
+package]
 name = "rqs_lib"
 version = "0.2.2"
 edition = "2021"
@@ -25,6 +26,7 @@ libaes = "0.7"
 log = "0.4"
 mdns-sd = { git = "https://github.com/Martichou/mdns-sd", branch = "unsolicited" }
 mime_guess = "2.0.4"
+num-bigint = "0.4.4"
 once_cell = "1.0"
 open = "5.0"
 p256 = { version = "0.13", features = ["ecdh"] }

diff --git a/core_lib/src/hdl/ble.rs b/core_lib/src/hdl/ble.rs
@@ -59,14 +59,13 @@ impl BleListener {
                             let _ = service_data;
                             let now = SystemTime::now();
 
-                            debug!("BLEA HERE: {:?}", service_data);
-
                             // Don't spam, max once per 15s
                             if now.duration_since(last_alert)? <= Duration::from_secs(15) {
                                 continue;
                             }
 
                             debug!("{INNER_NAME}: A device is sharing nearby");
+                            trace!("{INNER_NAME}: {:?}", service_data);
                             self.sender.send(())?;
                             last_alert = now;
                         },

diff --git a/core_lib/src/hdl/inbound.rs b/core_lib/src/hdl/inbound.rs
@@ -2,6 +2,7 @@ use std::fs::File;
 use std::os::unix::fs::FileExt;
 
 use anyhow::anyhow;
+use bytes::Bytes;
 use hmac::{Hmac, Mac};
 use libaes::{Cipher, AES_256_KEY_LEN};
 use p256::ecdh::diffie_hellman;
@@ -32,8 +33,8 @@ use crate::securemessage::{
 };
 use crate::sharing_nearby::{paired_key_result_frame, text_metadata};
 use crate::utils::{
-    gen_ecdsa_keypair, gen_random, get_download_dir, hkdf_extract_expand, stream_read_exact,
-    to_four_digit_string, DeviceType, RemoteDeviceInfo,
+    encode_point, gen_ecdsa_keypair, gen_random, get_download_dir, hkdf_extract_expand,
+    stream_read_exact, to_four_digit_string, DeviceType, RemoteDeviceInfo,
 };
 use crate::{location_nearby_connections, sharing_nearby};
 
@@ -314,14 +315,16 @@ impl InboundRequest {
         let (secret_key, public_key) = gen_ecdsa_keypair();
 
         let encoded_point = public_key.to_encoded_point(false);
-        let x = encoded_point.x().unwrap().to_vec();
-        let y = encoded_point.y().unwrap().to_vec();
+        let x = encoded_point.x().unwrap();
+        let y = encoded_point.y().unwrap();
 
         let pkey = GenericPublicKey {
             r#type: PublicKeyType::EcP256.into(),
-            ec_p256_public_key: Some(EcP256PublicKey { x, y }),
-            dh2048_public_key: None,
-            rsa2048_public_key: None,
+            ec_p256_public_key: Some(EcP256PublicKey {
+                x: encode_point(Bytes::from(x.to_vec()))?,
+                y: encode_point(Bytes::from(y.to_vec()))?,
+            }),
+            ..Default::default()
         };
 
         let server_init = Ukey2ServerInit {

diff --git a/core_lib/src/utils.rs b/core_lib/src/utils.rs
@@ -4,12 +4,13 @@ use std::path::{Path, PathBuf};
 use anyhow::anyhow;
 use base64::engine::general_purpose::URL_SAFE_NO_PAD;
 use base64::Engine;
+use bytes::Bytes;
 use get_if_addrs::get_if_addrs;
 use hkdf::Hkdf;
+use num_bigint::{BigUint, ToBigInt};
 use p256::{PublicKey, SecretKey};
-use rand::{Rng, RngCore};
+use rand::{thread_rng, Rng, RngCore};
 use serde::{Deserialize, Serialize};
-use sha2::digest::generic_array::GenericArray;
 use sha2::Sha256;
 use tokio::io::AsyncReadExt;
 use tokio::net::TcpStream;
@@ -130,20 +131,20 @@ pub async fn stream_read_exact(
 }
 
 pub fn gen_ecdsa_keypair() -> (SecretKey, PublicKey) {
-    // TODO - not sure why, but when using a random generator, 90% of the keys
-    // generated won't works with android (the error doesn't make sense as it's u8):
-    // Cannot parse public key: Point encoding must use only non-negative integers
-    // So for now, use a hardcoded key that for some reason works.
-    let ga = GenericArray::from_slice(&[
-        105, 205, 243, 134, 222, 182, 205, 89, 155, 24, 188, 47, 119, 109, 222, 245, 25, 52, 8,
-        195, 162, 68, 9, 241, 138, 225, 80, 106, 111, 224, 254, 32,
-    ]);
-    let secret_key = SecretKey::from_bytes(ga).unwrap();
+    let secret_key = SecretKey::random(&mut thread_rng());
     let public_key = secret_key.public_key();
 
     (secret_key, public_key)
 }
 
+pub fn encode_point(unsigned: Bytes) -> Result<Vec<u8>, anyhow::Error> {
+    let big_int = BigUint::from_bytes_be(&unsigned)
+        .to_bigint()
+        .ok_or_else(|| anyhow!("Failed to convert to bigint"))?;
+
+    Ok(big_int.to_signed_bytes_be())
+}
+
 pub fn hkdf_extract_expand(
     salt: &[u8],
     input: &[u8],

diff --git a/frontend/src-tauri/Cargo.lock b/frontend/src-tauri/Cargo.lock