Index: crypt.fs ================================================================== --- crypt.fs +++ crypt.fs @@ -47,10 +47,14 @@ state2# uvar vkey \ maximum size for session key state2# uvar voutkey \ for keydump keysize uvar keygendh keysize uvar vpk keysize uvar vsk + tf_ctx_256 uvar tf-key + keysize uvar tf-in + keysize uvar tf-out + $10 uvar tf-hashout 1 64s uvar last-mykey cell uvar keytmp-up end-class keytmp-c user-o keybuf \ storage for secure permanent keys @@ -618,10 +622,50 @@ gen>host +sig$ ; : >delete ( addr u type u2 -- addr u ) "delete" >keyed-hash ; : gen-host-del ( addr u -- addr' u' ) gen>host "host" >delete +sig$ ; + +\ Vault support code (generic and more compact) + +\ principle: use Threefish_256. +\ block layout: +\ 1. 32 byte ephemeral key -> use for DHE. +\ 2. 16 byte IV, used for all blocks as tweak +\ 3. 16 byte hash, to check for success +\ 4. 32 byte each blocks, decrypted by DHE+tweak + +: >vdhe ( addr -- ) sk@ drop swap tf-key tf_ctx_256-key ed-dh 2drop ; +: >viv ( addr -- ) tf-key tf_ctx_256-tweak $10 move ; +: v-dec-loop ( addr u -- session-key u / 0 0 ) + over { chk } $10 /string $C { mode } + bounds U+DO + tf-key I tf-out mode tf_decrypt_256 + c:0key tf-out keysize c:hash tf-hashout $10 c:hash@ + tf-hashout $10 chk over str= IF + tf-out keysize unloop EXIT THEN + 0 to mode + keysize +LOOP 0 0 ; +: v-dec$ ( addr u -- session-key u / 0 0 ) + over >vdhe keysize /string + over >viv $10 /string + v-dec-loop ; + +: vdhe ( -- ) vsk vpk ed-keypair vpk keysize type ; +: viv ( -- ) $10 rng$ 2dup type tf-key tf_ctx_256-tweak swap move ; +: vsessionkey ( -- ) + keysize rng$ tf-in swap move + c:0key tf-in keysize c:hash tf-hashout $10 2dup c:hash@ type ; +: v-enc-loop ( keylist -- ) + [: drop vsk swap tf-key tf_ctx_256-key ed-dh 2drop + tf-key tf-in tf-out $C tf_encrypt_256 + tf-out keysize type + ;] $[]map ; +: v-enc-gen ( keylist -- ) + vdhe viv vsessionkey v-enc-loop ; +: v-enc$ ( keylist -- addr u ) + ['] v-enc-gen $tmp ; \\\ Local Variables: forth-local-words: (