Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | A threefish-based approach at vault key storage |
|---|---|
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
ae70f6a3f5689108fb28b4eddc6b955f |
| User & Date: | bernd 2019-06-04 23:30:43.013 |
Context
|
2019-06-05
| ||
| 22:15 | Add new method for vault key exchange check-in: 211b96e714 user: bernd tags: trunk | |
|
2019-06-04
| ||
| 23:30 | A threefish-based approach at vault key storage check-in: ae70f6a3f5 user: bernd tags: trunk | |
| 00:42 | Scale down check-in: 45f34d2267 user: bernd tags: trunk | |
Changes
Changes to crypt.fs.
| ︙ | ︙ | |||
45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
$100 uvar vaultkey \ buffers for vault
$100 uvar keydump-buf \ buffer for dumping keys
state2# uvar vkey \ maximum size for session key
state2# uvar voutkey \ for keydump
keysize uvar keygendh
keysize uvar vpk
keysize uvar vsk
1 64s uvar last-mykey
cell uvar keytmp-up
end-class keytmp-c
user-o keybuf \ storage for secure permanent keys
object uclass keybuf
| > > > > | 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 |
$100 uvar vaultkey \ buffers for vault
$100 uvar keydump-buf \ buffer for dumping keys
state2# uvar vkey \ maximum size for session key
state2# uvar voutkey \ for keydump
keysize uvar keygendh
keysize uvar vpk
keysize uvar vsk
tf_ctx_256 uvar tf-key
keysize uvar tf-in
keysize uvar tf-out
$10 uvar tf-hashout
1 64s uvar last-mykey
cell uvar keytmp-up
end-class keytmp-c
user-o keybuf \ storage for secure permanent keys
object uclass keybuf
|
| ︙ | ︙ | |||
616 617 618 619 620 621 622 623 624 625 626 627 628 629 |
: +sig$ ( addr u -- hostaddr host-u ) [: type .sig ;] $tmp ;
: gen-host ( addr u -- addr' u' )
gen>host +sig$ ;
: >delete ( addr u type u2 -- addr u )
"delete" >keyed-hash ;
: gen-host-del ( addr u -- addr' u' )
gen>host "host" >delete +sig$ ;
\\\
Local Variables:
forth-local-words:
(
(("event:") definition-starter (font-lock-keyword-face . 1)
"[ \t\n]" t name (font-lock-function-name-face . 3))
| > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 |
: +sig$ ( addr u -- hostaddr host-u ) [: type .sig ;] $tmp ;
: gen-host ( addr u -- addr' u' )
gen>host +sig$ ;
: >delete ( addr u type u2 -- addr u )
"delete" >keyed-hash ;
: gen-host-del ( addr u -- addr' u' )
gen>host "host" >delete +sig$ ;
\ Vault support code (generic and more compact)
\ principle: use Threefish_256.
\ block layout:
\ 1. 32 byte ephemeral key -> use for DHE.
\ 2. 16 byte IV, used for all blocks as tweak
\ 3. 16 byte hash, to check for success
\ 4. 32 byte each blocks, decrypted by DHE+tweak
: >vdhe ( addr -- ) sk@ drop swap tf-key tf_ctx_256-key ed-dh 2drop ;
: >viv ( addr -- ) tf-key tf_ctx_256-tweak $10 move ;
: v-dec-loop ( addr u -- session-key u / 0 0 )
over { chk } $10 /string $C { mode }
bounds U+DO
tf-key I tf-out mode tf_decrypt_256
c:0key tf-out keysize c:hash tf-hashout $10 c:hash@
tf-hashout $10 chk over str= IF
tf-out keysize unloop EXIT THEN
0 to mode
keysize +LOOP 0 0 ;
: v-dec$ ( addr u -- session-key u / 0 0 )
over >vdhe keysize /string
over >viv $10 /string
v-dec-loop ;
: vdhe ( -- ) vsk vpk ed-keypair vpk keysize type ;
: viv ( -- ) $10 rng$ 2dup type tf-key tf_ctx_256-tweak swap move ;
: vsessionkey ( -- )
keysize rng$ tf-in swap move
c:0key tf-in keysize c:hash tf-hashout $10 2dup c:hash@ type ;
: v-enc-loop ( keylist -- )
[: drop vsk swap tf-key tf_ctx_256-key ed-dh 2drop
tf-key tf-in tf-out $C tf_encrypt_256
tf-out keysize type
;] $[]map ;
: v-enc-gen ( keylist -- )
vdhe viv vsessionkey v-enc-loop ;
: v-enc$ ( keylist -- addr u )
['] v-enc-gen $tmp ;
\\\
Local Variables:
forth-local-words:
(
(("event:") definition-starter (font-lock-keyword-face . 1)
"[ \t\n]" t name (font-lock-function-name-face . 3))
|
| ︙ | ︙ |