Check-in [211b96e714]
Not logged in

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Add new method for vault key exchange
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 211b96e714f107d787b164ba7677129b1b0e0828
User & Date: bernd 2019-06-05 22:15:40
Context
2019-06-06
16:10
Fix typo check-in: 44cc61b6df user: bernd tags: trunk
2019-06-05
22:15
Add new method for vault key exchange check-in: 211b96e714 user: bernd tags: trunk
2019-06-04
23:30
A threefish-based approach at vault key storage check-in: ae70f6a3f5 user: bernd tags: trunk
Changes
Hide Diffs Unified Diffs Show Whitespace Changes Patch

Changes to crypt.fs.

46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
...
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645

646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661

662
663
664
665
666
667
668
    $100      uvar keydump-buf  \ buffer for dumping keys
    state2#   uvar vkey \ maximum size for session key
    state2#   uvar voutkey \ for keydump
    keysize   uvar keygendh
    keysize   uvar vpk
    keysize   uvar vsk
    tf_ctx_256 uvar tf-key
    keysize   uvar tf-in
    keysize   uvar tf-out
    $10       uvar tf-hashout
    1 64s     uvar last-mykey
    cell      uvar keytmp-up
end-class keytmp-c

user-o keybuf \ storage for secure permanent keys
................................................................................
    gen>host "host" >delete +sig$ ;

\ Vault support code (generic and more compact)

\ principle: use Threefish_256.
\ block layout:
\ 1. 32 byte ephemeral key -> use for DHE.
\ 2. 16 byte IV, used for all blocks as tweak
\ 3. 16 byte hash, to check for success
\ 4. 32 byte each blocks, decrypted by DHE+tweak

: >vdhe ( addr -- )  sk@ drop swap tf-key tf_ctx_256-key ed-dh 2drop ;
: >viv  ( addr -- )  tf-key tf_ctx_256-tweak $10 move ;
: v-dec-loop ( addr u -- session-key u / 0 0 )
    over { chk } $10 /string  $C { mode }
    bounds U+DO
	tf-key I tf-out mode tf_decrypt_256
	c:0key tf-out keysize c:hash tf-hashout $10 c:hash@
	tf-hashout $10 chk over str= IF
	    tf-out keysize  unloop  EXIT  THEN

	0 to mode
    keysize +LOOP  0 0 ;
: v-dec$ ( addr u -- session-key u / 0 0 )
    over >vdhe keysize /string
    over >viv  $10 /string
    v-dec-loop ;

: vdhe ( -- )  vsk vpk ed-keypair  vpk keysize type ;
: viv  ( -- )  $10 rng$ 2dup type  tf-key tf_ctx_256-tweak swap move ;
: vsessionkey ( -- )
    keysize rng$ tf-in swap move
    c:0key tf-in keysize c:hash tf-hashout $10 2dup c:hash@ type ;
: v-enc-loop ( keylist -- )
    [:  drop vsk swap tf-key tf_ctx_256-key ed-dh 2drop
	tf-key tf-in tf-out $C tf_encrypt_256
	tf-out keysize type

    ;] $[]map ;
: v-enc-gen ( keylist -- )
    vdhe viv vsessionkey v-enc-loop ;
: v-enc$ ( keylist -- addr u )
    ['] v-enc-gen $tmp ;

\\\







<







 







|

|










>
|









|
|


|

>







46
47
48
49
50
51
52

53
54
55
56
57
58
59
...
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
    $100      uvar keydump-buf  \ buffer for dumping keys
    state2#   uvar vkey \ maximum size for session key
    state2#   uvar voutkey \ for keydump
    keysize   uvar keygendh
    keysize   uvar vpk
    keysize   uvar vsk
    tf_ctx_256 uvar tf-key

    keysize   uvar tf-out
    $10       uvar tf-hashout
    1 64s     uvar last-mykey
    cell      uvar keytmp-up
end-class keytmp-c

user-o keybuf \ storage for secure permanent keys
................................................................................
    gen>host "host" >delete +sig$ ;

\ Vault support code (generic and more compact)

\ principle: use Threefish_256.
\ block layout:
\ 1. 32 byte ephemeral key -> use for DHE.
\ 2. 16 byte IV, used for all blocks as incrementing tweak
\ 3. 16 byte hash, to check for success
\ 4. 32 byte each blocks, decrypted by DHE+tweak in ECB mode

: >vdhe ( addr -- )  sk@ drop swap tf-key tf_ctx_256-key ed-dh 2drop ;
: >viv  ( addr -- )  tf-key tf_ctx_256-tweak $10 move ;
: v-dec-loop ( addr u -- session-key u / 0 0 )
    over { chk } $10 /string  $C { mode }
    bounds U+DO
	tf-key I tf-out mode tf_decrypt_256
	c:0key tf-out keysize c:hash tf-hashout $10 c:hash@
	tf-hashout $10 chk over str= IF
	    tf-out keysize  unloop  EXIT  THEN
	tf-key tf_tweak256++
	4 to mode
    keysize +LOOP  0 0 ;
: v-dec$ ( addr u -- session-key u / 0 0 )
    over >vdhe keysize /string
    over >viv  $10 /string
    v-dec-loop ;

: vdhe ( -- )  vsk vpk ed-keypair  vpk keysize type ;
: viv  ( -- )  $10 rng$ 2dup type  tf-key tf_ctx_256-tweak swap move ;
: vsessionkey ( -- )
    keysize rng$ vkey state# move-rep
    c:0key vkey keysize c:hash tf-hashout $10 2dup c:hash@ type ;
: v-enc-loop ( keylist -- )
    [:  drop vsk swap tf-key tf_ctx_256-key ed-dh 2drop
	tf-key vkey tf-out $C tf_encrypt_256
	tf-out keysize type
	tf-key tf_tweak256++
    ;] $[]map ;
: v-enc-gen ( keylist -- )
    vdhe viv vsessionkey v-enc-loop ;
: v-enc$ ( keylist -- addr u )
    ['] v-enc-gen $tmp ;

\\\

Changes to debugging.fs.

78
79
80
81
82
83
84

85
86
87
88

89
90
91
92
93
94
95
debug: quicksig( \ quick check for sigs
debug: slurp( \ debug slurp&spit
debug: wallet( \ debug wallet stuff
debug: qr( \ qr code stuff
debug: deprecated( \ deprecated stuff
debug: unhandled( \ unhandled commands
debug: syncfile( \ synchronous file operations


-db profile( \ don't profile by default )
+db ipv6( \ ipv6 should be on by default )
+db ipv4( \ ipv4 should be on by default )

+db syncfile( \ disable async file operations for now )

\ key debugging task

: toggle ( addr -- )  dup @ 0= swap ! ;

0 Value debug-task







>




>







78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
debug: quicksig( \ quick check for sigs
debug: slurp( \ debug slurp&spit
debug: wallet( \ debug wallet stuff
debug: qr( \ qr code stuff
debug: deprecated( \ deprecated stuff
debug: unhandled( \ unhandled commands
debug: syncfile( \ synchronous file operations
debug: newvault( \ new style vault keys

-db profile( \ don't profile by default )
+db ipv6( \ ipv6 should be on by default )
+db ipv4( \ ipv4 should be on by default )
-db newvault( \ new vault disabled for now )
+db syncfile( \ disable async file operations for now )

\ key debugging task

: toggle ( addr -- )  dup @ 0= swap ! ;

0 Value debug-task

Changes to ed25519-donnalib.fs.

29
30
31
32
33
34
35

36
37
38
39
40
41
42
43
44
45
46
47
\c }

c-function raw>sc25519 expand_raw256_modm a a -- void ( sc char[32] -- )
c-function nb>sc25519 expand256_modm a a n -- void ( sc char[64] n -- )
c-function sc25519>32b contract256_modm a a -- void ( char[32] sc -- )
c-function sc25519* mul256_modm a a a -- void ( r x y -- )
c-function sc25519+ add256_modm a a a -- void ( r x y -- )


c-function ge25519*base ge25519_scalarmult_base a a -- void ( ger x -- )
c-function ge25519-pack ge25519_pack a a -- void ( r ger -- )
c-function ge25519+ ge25519_add a a a -- void ( a a a -- )
c-function ge25519-unpack- ge25519_unpack_negative_vartime a a -- n ( r p -- flag )
c-function ge25519*+ ge25519_double_scalarmult_vartime a a a a -- void ( r p s1 s2 -- )
c-function ge25519*v ge25519_scalarmult_vartime a a a -- void ( r p s -- )
c-function ge25519* ge25519_scalarmult a a a -- void ( r p s -- )
c-function 32b= str32eq a a -- n ( addr1 addr2 -- flag )
c-variable ge25519-basepoint ge25519_basepoint ( --  addr )
c-value ge25519 sizeof(ge25519) -- u
\ c-variable ge25519-niels*[] ge25519_niels_sliding_multiples ( -- addr )







>












29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
\c }

c-function raw>sc25519 expand_raw256_modm a a -- void ( sc char[32] -- )
c-function nb>sc25519 expand256_modm a a n -- void ( sc char[64] n -- )
c-function sc25519>32b contract256_modm a a -- void ( char[32] sc -- )
c-function sc25519* mul256_modm a a a -- void ( r x y -- )
c-function sc25519+ add256_modm a a a -- void ( r x y -- )
c-function sc25519/ invert256_modm a a -- void ( recip s -- )

c-function ge25519*base ge25519_scalarmult_base a a -- void ( ger x -- )
c-function ge25519-pack ge25519_pack a a -- void ( r ger -- )
c-function ge25519+ ge25519_add a a a -- void ( a a a -- )
c-function ge25519-unpack- ge25519_unpack_negative_vartime a a -- n ( r p -- flag )
c-function ge25519*+ ge25519_double_scalarmult_vartime a a a a -- void ( r p s1 s2 -- )
c-function ge25519*v ge25519_scalarmult_vartime a a a -- void ( r p s -- )
c-function ge25519* ge25519_scalarmult a a a -- void ( r p s -- )
c-function 32b= str32eq a a -- n ( addr1 addr2 -- flag )
c-variable ge25519-basepoint ge25519_basepoint ( --  addr )
c-value ge25519 sizeof(ge25519) -- u
\ c-variable ge25519-niels*[] ge25519_niels_sliding_multiples ( -- addr )

Changes to n2o.fs.

202
203
204
205
206
207
208





209
210
211
212
213
214
215
    \U keysearch|searchkey 85string1 .. 85stringn
    \G keysearch: search for keys prefixed with base85 strings,
    \G keysearch: and import them into the key chain
    ?get-me init-client
    keys>search search-keys insert-keys save-pubkeys
    ?cr keylist ;






: perm ( -- )
    \U perm @user1 .. @usern permissions ..
    \G perm: Change or set permissions. permission starts with
    \G perm: + for adding permissions
    \G perm: - for taking away permissions
    \G perm: = sets defaults, add or subtract permissions afterwards
    \G perm: no prefix for setting permissions exactly







>
>
>
>
>







202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
    \U keysearch|searchkey 85string1 .. 85stringn
    \G keysearch: search for keys prefixed with base85 strings,
    \G keysearch: and import them into the key chain
    ?get-me init-client
    keys>search search-keys insert-keys save-pubkeys
    ?cr keylist ;

: whoami ( -- )
    \U whoami
    \G whoami: print your own key
    ?get-me pk@ key>o ..key-list ;

: perm ( -- )
    \U perm @user1 .. @usern permissions ..
    \G perm: Change or set permissions. permission starts with
    \G perm: + for adding permissions
    \G perm: - for taking away permissions
    \G perm: = sets defaults, add or subtract permissions afterwards
    \G perm: no prefix for setting permissions exactly

Changes to threefishlib.fs.

30
31
32
33
34
35
36








37
38
39
40
41
42
43
..
49
50
51
52
53
54
55


\c   int flags=flags1;
\c   while(n>=64) {
\c     tf_decrypt_512(ctx, c, c, flags);
\c     flags=flags2; c+=8; n-=64;
\c     ctx->tweak[1] += !++(ctx->tweak[0]);
\c   }
\c }








\ -------===< structs >===--------
\ tf_ctx_256
begin-structure tf_ctx_256
    drop 0 40 +field tf_ctx_256-key
    drop 40 24 +field tf_ctx_256-tweak
    drop 64 end-structure
\ tf_ctx
................................................................................
\ ------===< functions >===-------
c-function tf_encrypt tf_encrypt_512 a a a n -- void
c-function tf_decrypt tf_decrypt_512 a a a n -- void
c-function tf_encrypt_256 tf_encrypt_256 a a a n -- void
c-function tf_decrypt_256 tf_decrypt_256 a a a n -- void
c-function tf_encrypt_loop tf_encrypt_loop a a n n n -- void
c-function tf_decrypt_loop tf_decrypt_loop a a n n n -- void









>
>
>
>
>
>
>
>







 







>
>
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
..
57
58
59
60
61
62
63
64
65
\c   int flags=flags1;
\c   while(n>=64) {
\c     tf_decrypt_512(ctx, c, c, flags);
\c     flags=flags2; c+=8; n-=64;
\c     ctx->tweak[1] += !++(ctx->tweak[0]);
\c   }
\c }
\c void tf_tweak256_pp(struct tf_ctx_256 *ctx)
\c {
\c   ctx->tweak[1] += !++(ctx->tweak[0]);
\c }
\c void tf_tweak512_pp(struct tf_ctx_512 *ctx)
\c {
\c   ctx->tweak[1] += !++(ctx->tweak[0]);
\c }
\ -------===< structs >===--------
\ tf_ctx_256
begin-structure tf_ctx_256
    drop 0 40 +field tf_ctx_256-key
    drop 40 24 +field tf_ctx_256-tweak
    drop 64 end-structure
\ tf_ctx
................................................................................
\ ------===< functions >===-------
c-function tf_encrypt tf_encrypt_512 a a a n -- void
c-function tf_decrypt tf_decrypt_512 a a a n -- void
c-function tf_encrypt_256 tf_encrypt_256 a a a n -- void
c-function tf_decrypt_256 tf_decrypt_256 a a a n -- void
c-function tf_encrypt_loop tf_encrypt_loop a a n n n -- void
c-function tf_decrypt_loop tf_decrypt_loop a a n n n -- void
c-function tf_tweak256++ tf_tweak256_pp a -- void
c-function tf_tweak512++ tf_tweak512_pp a -- void

Changes to vault.fs.

87
88
89
90
91
92
93
94


95
96
97
98
99
100
101
...
125
126
127
128
129
130
131


132
133
134
135
136
137
138
...
149
150
151
152
153
154
155


156
157
158
159
160
161
162
163
+net2o: vault-auth ( $:auth -- )
    \g block authentication, 64 byte block
    c-state @ 7 <> !!no-data!!
    \ otherwise would expose some data
    $> v-kstate c:key> v-kstate $40 str= 0= !!vault-auth!!
    write-decrypt \ write a chunk out
    4 c-state xor! ; \ step back to allow fault-file




vault-table $save
' context-table is gen-table

also }scope

$80 Constant min-align#
................................................................................
    vkey( ." vkey key: " vkey state# 85type forth:cr )
    enc-mode @ dup ulit, vault-crypt 8 rshift $FF and >crypt
    [: [: drop vsk swap keygendh ed-dh 2>r
	vkey vaultkey $10 + enc-mode @ $FF and $20 - move
	vaultkey enc-mode @ $FF and 2r> encrypt$
	vaultkey enc-mode @ $FF and forth:type ;] $[]map ;] $tmp
    $, vault-keys 0 >crypt ;


: vfile-in ( -- )
    enc-filename $@ enc-file $slurp-file ;
: vfile-pad ( -- )
    enc-file $@len dup >r vault-aligned enc-file $!len
    enc-file $@ r> /string dup enc-padding ! erase ;
: vfile-enc ( -- )
    vkey( ." vkey file: " vkey state# 85type forth:cr )
................................................................................
    0 >crypt
    vkey( ." vkey sig: " vkey state# 85type forth:cr )
    2dup vkey state# encrypt$ $, vault-sig ;

: encfile-rest ( key-list -- ) >vault >r
    code-buf$ cmdreset init-reply
    pk@ key| r@ $+[]! \ encrypt for ourself


    "v2o" 4cc, vdhe, r> vkeys, vfile, vsig,
    s" .v2o" enc-filename $+!
    enc-filename $@ [: >r cmd$ $@ r> write-file throw ;] new-file
    code0-buf dispose n:o> ;

: encrypt-file ( filename u key-list -- )
    >r enc-filename $! vfile-in r> encfile-rest ;








|
>
>







 







>
>







 







>
>
|







87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
...
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
...
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
+net2o: vault-auth ( $:auth -- )
    \g block authentication, 64 byte block
    c-state @ 7 <> !!no-data!!
    \ otherwise would expose some data
    $> v-kstate c:key> v-kstate $40 str= 0= !!vault-auth!!
    write-decrypt \ write a chunk out
    4 c-state xor! ; \ step back to allow fault-file
+net2o: vault-dhe-keys ( $:dhe+keys -- )  c-state @ !!inv-order!!
    $> v-dec$ 2dup d0= !!unknown-key!!  v-key state# move-rep
    3 c-state or! ;

vault-table $save
' context-table is gen-table

also }scope

$80 Constant min-align#
................................................................................
    vkey( ." vkey key: " vkey state# 85type forth:cr )
    enc-mode @ dup ulit, vault-crypt 8 rshift $FF and >crypt
    [: [: drop vsk swap keygendh ed-dh 2>r
	    vkey vaultkey $10 + enc-mode @ $FF and $20 - move
	    vaultkey enc-mode @ $FF and 2r> encrypt$
	    vaultkey enc-mode @ $FF and forth:type ;] $[]map ;] $tmp
    $, vault-keys 0 >crypt ;
: vdhe-keys, ( key-list -- )
    v-enc$ $, vault-dhe-keys  0 >crypt ;
: vfile-in ( -- )
    enc-filename $@ enc-file $slurp-file ;
: vfile-pad ( -- )
    enc-file $@len dup >r vault-aligned enc-file $!len
    enc-file $@ r> /string dup enc-padding ! erase ;
: vfile-enc ( -- )
    vkey( ." vkey file: " vkey state# 85type forth:cr )
................................................................................
    0 >crypt
    vkey( ." vkey sig: " vkey state# 85type forth:cr )
    2dup vkey state# encrypt$ $, vault-sig ;

: encfile-rest ( key-list -- ) >vault >r
    code-buf$ cmdreset init-reply
    pk@ key| r@ $+[]! \ encrypt for ourself
    "v2o" 4cc,
    newvault( r> vdhe-keys, )else( vdhe, r> vkeys, )
    vfile, vsig,
    s" .v2o" enc-filename $+!
    enc-filename $@ [: >r cmd$ $@ r> write-file throw ;] new-file
    code0-buf dispose n:o> ;

: encrypt-file ( filename u key-list -- )
    >r enc-filename $! vfile-in r> encfile-rest ;