Improvements to Yggdrasil demo (#1114)

* Improvements to Yggdrasil demo

* Fix missing copyright

* Fix tie-break

cmd/dendrite-demo-yggdrasil/convert/25519.go

@@ -0,0 +1,53 @@
+// Copyright 2019 Google LLC
+//
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file or at
+// https://developers.google.com/open-source/licenses/bsd
+//
+// Original code from https://github.com/FiloSottile/age/blob/bbab440e198a4d67ba78591176c7853e62d29e04/internal/age/ssh.go
+
+package convert
+
+import (
+	"crypto/ed25519"
+	"crypto/sha512"
+	"math/big"
+
+	"golang.org/x/crypto/curve25519"
+)
+
+var curve25519P, _ = new(big.Int).SetString("57896044618658097711785492504343953926634992332820282019728792003956564819949", 10)
+
+func Ed25519PrivateKeyToCurve25519(pk ed25519.PrivateKey) []byte {
+	h := sha512.New()
+	_, _ = h.Write(pk.Seed())
+	out := h.Sum(nil)
+	return out[:curve25519.ScalarSize]
+}
+
+func Ed25519PublicKeyToCurve25519(pk ed25519.PublicKey) []byte {
+	// ed25519.PublicKey is a little endian representation of the y-coordinate,
+	// with the most significant bit set based on the sign of the x-coordinate.
+	bigEndianY := make([]byte, ed25519.PublicKeySize)
+	for i, b := range pk {
+		bigEndianY[ed25519.PublicKeySize-i-1] = b
+	}
+	bigEndianY[0] &= 0b0111_1111
+
+	// The Montgomery u-coordinate is derived through the bilinear map
+	//     u = (1 + y) / (1 - y)
+	// See https://blog.filippo.io/using-ed25519-keys-for-encryption.
+	y := new(big.Int).SetBytes(bigEndianY)
+	denom := big.NewInt(1)
+	denom.ModInverse(denom.Sub(denom, y), curve25519P) // 1 / (1 - y)
+	u := y.Mul(y.Add(y, big.NewInt(1)), denom)
+	u.Mod(u, curve25519P)
+
+	out := make([]byte, curve25519.PointSize)
+	uBytes := u.Bytes()
+	for i, b := range uBytes {
+		out[len(uBytes)-i-1] = b
+	}
+
+	return out
+}

cmd/dendrite-demo-yggdrasil/convert/25519_test.go

@@ -0,0 +1,51 @@
+// Copyright 2020 The Matrix.org Foundation C.I.C.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package convert
+
+import (
+	"bytes"
+	"crypto/ed25519"
+	"encoding/hex"
+	"testing"
+
+	"golang.org/x/crypto/curve25519"
+)
+
+func TestKeyConversion(t *testing.T) {
+	edPub, edPriv, err := ed25519.GenerateKey(nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Log("Signing public:", hex.EncodeToString(edPub))
+	t.Log("Signing private:", hex.EncodeToString(edPriv))
+
+	cuPriv := Ed25519PrivateKeyToCurve25519(edPriv)
+	t.Log("Encryption private:", hex.EncodeToString(cuPriv))
+
+	cuPub := Ed25519PublicKeyToCurve25519(edPub)
+	t.Log("Converted encryption public:", hex.EncodeToString(cuPub))
+
+	var realPub, realPriv [32]byte
+	copy(realPriv[:32], cuPriv[:32])
+	curve25519.ScalarBaseMult(&realPub, &realPriv)
+	t.Log("Scalar-multed encryption public:", hex.EncodeToString(realPub[:]))
+
+	if !bytes.Equal(realPriv[:], cuPriv[:]) {
+		t.Fatal("Private keys should be equal (this means the test is broken)")
+	}
+	if !bytes.Equal(realPub[:], cuPub[:]) {
+		t.Fatal("Public keys should be equal")
+	}
+}

cmd/dendrite-demo-yggdrasil/main.go

@@ -16,7 +16,9 @@ package main
 
 import (
 	"context"
+	"crypto/ed25519"
 	"crypto/tls"
+	"encoding/hex"
 	"flag"
 	"fmt"
 	"net"
@@ -25,6 +27,8 @@ import (
 	"time"
 
 	"github.com/matrix-org/dendrite/appservice"
+	"github.com/matrix-org/dendrite/cmd/dendrite-demo-yggdrasil/convert"
+	"github.com/matrix-org/dendrite/cmd/dendrite-demo-yggdrasil/signing"
 	"github.com/matrix-org/dendrite/cmd/dendrite-demo-yggdrasil/yggconn"
 	"github.com/matrix-org/dendrite/eduserver"
 	"github.com/matrix-org/dendrite/eduserver/cache"
@@ -35,7 +39,6 @@ import (
 	"github.com/matrix-org/dendrite/internal/setup"
 	"github.com/matrix-org/dendrite/publicroomsapi/storage"
 	"github.com/matrix-org/dendrite/roomserver"
-	"github.com/matrix-org/dendrite/serverkeyapi"
 	"github.com/matrix-org/gomatrixserverlib"
 
 	"github.com/sirupsen/logrus"
@@ -61,7 +64,13 @@ func createFederationClient(
 ) *gomatrixserverlib.FederationClient {
 	yggdialer := func(_, address string) (net.Conn, error) {
 		tokens := strings.Split(address, ":")
-		return n.Dial("curve25519", tokens[0])
+		raw, err := hex.DecodeString(tokens[0])
+		if err != nil {
+			return nil, fmt.Errorf("hex.DecodeString: %w", err)
+		}
+		converted := convert.Ed25519PublicKeyToCurve25519(ed25519.PublicKey(raw))
+		convhex := hex.EncodeToString(converted)
+		return n.Dial("curve25519", convhex)
 	}
 	yggdialerctx := func(ctx context.Context, network, address string) (net.Conn, error) {
 		return yggdialer(network, address)
@@ -102,9 +111,9 @@ func main() {
 
 	cfg := &config.Dendrite{}
 	cfg.SetDefaults()
-	cfg.Matrix.ServerName = gomatrixserverlib.ServerName(ygg.EncryptionPublicKey())
+	cfg.Matrix.ServerName = gomatrixserverlib.ServerName(ygg.DerivedServerName())
 	cfg.Matrix.PrivateKey = ygg.SigningPrivateKey()
-	cfg.Matrix.KeyID = gomatrixserverlib.KeyID("ed25519:auto")
+	cfg.Matrix.KeyID = gomatrixserverlib.KeyID(signing.KeyID)
 	cfg.Kafka.UseNaffka = true
 	cfg.Kafka.Topics.OutputRoomEvent = "roomserverOutput"
 	cfg.Kafka.Topics.OutputClientData = "clientapiOutput"
@@ -130,9 +139,7 @@ func main() {
 	deviceDB := base.CreateDeviceDB()
 	federation := createFederationClient(base, ygg)
 
-	serverKeyAPI := serverkeyapi.NewInternalAPI(
-		base.Cfg, federation, base.Caches,
-	)
+	serverKeyAPI := &signing.YggdrasilKeys{}
 	keyRing := serverKeyAPI.KeyRing()
 
 	rsComponent := roomserver.NewInternalAPI(
@@ -170,7 +177,7 @@ func main() {
 		EDUInternalAPI:      eduInputAPI,
 		FederationSenderAPI: fsAPI,
 		RoomserverAPI:       rsAPI,
-		ServerKeyAPI:        serverKeyAPI,
+		//ServerKeyAPI:        serverKeyAPI,
 
 		PublicRoomsDB: publicRoomsDB,
 	}
@@ -185,7 +192,7 @@ func main() {
 	)
 
 	go func() {
-		logrus.Info("Listening on ", ygg.EncryptionPublicKey())
+		logrus.Info("Listening on ", ygg.DerivedServerName())
 		logrus.Fatal(httpServer.Serve(ygg))
 	}()
 	go func() {

cmd/dendrite-demo-yggdrasil/signing/fetcher.go

@@ -0,0 +1,69 @@
+// Copyright 2020 The Matrix.org Foundation C.I.C.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package signing
+
+import (
+	"context"
+	"encoding/hex"
+	"fmt"
+	"time"
+
+	"github.com/matrix-org/gomatrixserverlib"
+)
+
+const KeyID = "ed25519:dendrite-demo-yggdrasil"
+
+type YggdrasilKeys struct {
+}
+
+func (f *YggdrasilKeys) KeyRing() *gomatrixserverlib.KeyRing {
+	return &gomatrixserverlib.KeyRing{
+		KeyDatabase: f,
+	}
+}
+
+func (f *YggdrasilKeys) FetchKeys(
+	ctx context.Context,
+	requests map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.Timestamp,
+) (map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult, error) {
+	res := make(map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult)
+	for req := range requests {
+		if req.KeyID != KeyID {
+			return nil, fmt.Errorf("FetchKeys: cannot fetch key with ID %s, should be %s", req.KeyID, KeyID)
+		}
+
+		hexkey, err := hex.DecodeString(string(req.ServerName))
+		if err != nil {
+			return nil, fmt.Errorf("FetchKeys: can't decode server name %q: %w", req.ServerName, err)
+		}
+
+		res[req] = gomatrixserverlib.PublicKeyLookupResult{
+			VerifyKey: gomatrixserverlib.VerifyKey{
+				Key: hexkey,
+			},
+			ExpiredTS:    gomatrixserverlib.PublicKeyNotExpired,
+			ValidUntilTS: gomatrixserverlib.AsTimestamp(time.Now().Add(24 * time.Hour * 365)),
+		}
+	}
+	return res, nil
+}
+
+func (f *YggdrasilKeys) FetcherName() string {
+	return "YggdrasilKeys"
+}
+
+func (f *YggdrasilKeys) StoreKeys(ctx context.Context, results map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult) error {
+	return nil
+}

cmd/dendrite-demo-yggdrasil/yggconn/node.go

@@ -24,6 +24,8 @@ import (
 	"os"
 	"sync"
 
+	"github.com/matrix-org/dendrite/cmd/dendrite-demo-yggdrasil/convert"
+
 	"github.com/libp2p/go-yamux"
 	yggdrasiladmin "github.com/yggdrasil-network/yggdrasil-go/src/admin"
 	yggdrasilconfig "github.com/yggdrasil-network/yggdrasil-go/src/config"
@@ -56,8 +58,6 @@ func Setup(instanceName, instancePeer string) (*Node, error) {
 		log:       gologme.New(os.Stdout, "YGG ", log.Flags()),
 		incoming:  make(chan *yamux.Stream),
 	}
-	n.config.AdminListen = fmt.Sprintf("unix://./%s-yggdrasil.sock", instanceName)
-	n.config.MulticastInterfaces = []string{".*"}
 
 	yggfile := fmt.Sprintf("%s-yggdrasil.conf", instanceName)
 	if _, err := os.Stat(yggfile); !os.IsNotExist(err) {
@@ -69,6 +69,11 @@ func Setup(instanceName, instancePeer string) (*Node, error) {
 			panic(err)
 		}
 	} else {
+		n.config.AdminListen = fmt.Sprintf("unix://./%s-yggdrasil.sock", instanceName)
+		n.config.MulticastInterfaces = []string{".*"}
+		n.config.EncryptionPrivateKey = hex.EncodeToString(n.EncryptionPrivateKey())
+		n.config.EncryptionPublicKey = hex.EncodeToString(n.EncryptionPublicKey())
+
 		j, err := json.MarshalIndent(n.config, "", "  ")
 		if err != nil {
 			panic(err)
@@ -119,8 +124,23 @@ func Setup(instanceName, instancePeer string) (*Node, error) {
 	return n, nil
 }
 
-func (n *Node) EncryptionPublicKey() string {
-	return n.core.EncryptionPublicKey()
+func (n *Node) DerivedServerName() string {
+	return hex.EncodeToString(n.SigningPublicKey())
+}
+
+func (n *Node) EncryptionPublicKey() []byte {
+	edkey := n.SigningPublicKey()
+	return convert.Ed25519PublicKeyToCurve25519(edkey)
+}
+
+func (n *Node) EncryptionPrivateKey() []byte {
+	edkey := n.SigningPrivateKey()
+	return convert.Ed25519PrivateKeyToCurve25519(edkey)
+}
+
+func (n *Node) SigningPublicKey() ed25519.PublicKey {
+	pubBytes, _ := hex.DecodeString(n.config.SigningPublicKey)
+	return ed25519.PublicKey(pubBytes)
 }
 
 func (n *Node) SigningPrivateKey() ed25519.PrivateKey {

cmd/dendrite-demo-yggdrasil/yggconn/session.go

@@ -40,10 +40,10 @@ func (n *Node) listenFromYgg() {
 			return
 		}
 		var session *yamux.Session
-		if strings.Compare(n.EncryptionPublicKey(), conn.RemoteAddr().String()) < 0 {
-			session, err = yamux.Client(conn, n.yamuxConfig())
-		} else {
+		if strings.Compare(conn.RemoteAddr().String(), n.DerivedServerName()) < 0 {
 			session, err = yamux.Server(conn, n.yamuxConfig())
+		} else {
+			session, err = yamux.Client(conn, n.yamuxConfig())
 		}
 		if err != nil {
 			return
@@ -96,7 +96,7 @@ func (n *Node) DialContext(ctx context.Context, network, address string) (net.Co
 			n.log.Println("n.dialer.DialContext:", err)
 			return nil, err
 		}
-		if strings.Compare(n.EncryptionPublicKey(), address) < 0 {
+		if strings.Compare(address, n.DerivedServerName()) > 0 {
 			session, err = yamux.Client(conn, n.yamuxConfig())
 		} else {
 			session, err = yamux.Server(conn, n.yamuxConfig())