Georg/luksrku
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
110 Commits 3 Branches 4 Tags 284 KiB
204f85c93f
Commit Graph

32 Commits

Author SHA1 Message Date
Johannes Bauer
204f85c93f Release v0.04 
Have been using this for long enough to consider it stable, releasing it
as v0.04.
 2021-09-17 21:50:53 +02:00
Johannes Bauer
78a8cd70c2 Disabled command line default timeout 
The command line default timeout of 60 seconds always took precedence,
we removed it. Also added a debug statement that lets the user know how
long they will have to wait.
 2021-06-27 13:29:43 +02:00
Johannes Bauer
37b239b179 Fixed issue with member access 
This is kind of hacky, but it avoids the segfault at runtime. So,
preferrable. If we ever have more options, we need to properly generate
the argv[] array.
 2021-06-27 12:32:44 +02:00
Johannes Bauer
af29d9cbf8 Preliminary file migration 
Pretty raw and untested code which migrates data from v2 to v3,
introducing a new field in the process. This field is neither editable
as of now nor is it honored if it were set.
 2021-06-27 00:28:00 +02:00
Johannes Bauer
b0909557ad Refactoring of version code 
We want to introduce a new feature (volumes with discard support) which
will cause file incompatibility.  This means we need to prepare data
migration code. This prepares that change.
 2021-06-26 23:34:26 +02:00
Johannes Bauer
5400e3716a Documentation of usage 
Added documentation of simple usage and also integration into initramfs.
 2019-10-25 18:39:10 +02:00
Johannes Bauer
40a0871e03 Vault creation works 
We can now generated a vaulted key database from the key database and
cleanse the original key data.
 2019-10-25 17:18:09 +02:00
Johannes Bauer
6ac94dbd83 Integrate vault into build process 
Right now it's still not used, but integrated into the build process
anyways.
 2019-10-25 16:16:13 +02:00
Johannes Bauer
78104a8b87 Remove debugging and set default timeout 
While timeout was announced in "client" help page, it wasn't effective.
Fixed. Also disable debugging.
 2019-10-25 13:24:08 +02:00
Johannes Bauer
3478fa4555 Unlocking LUKS volumes works 
First complete technical round-trip complete, can unlock the LUKS
volumes described in the server/client databases successfully.
 2019-10-25 12:19:01 +02:00
Johannes Bauer
849e3a5949 Implemented finding of keyserver and unlocking of volumes 
We'll now parse the response messages on the client side, abort after a
previously defined timeout and trigger the LUKS unlocking process, if
requested (although the latter isn't fully implemented yet).
 2019-10-25 11:08:20 +02:00
Johannes Bauer
05e112065e Implemented proper query response on server side 
The server now checks the host database and responds correctly, but the
client still does not know how to get that response.
 2019-10-25 10:21:29 +02:00
Johannes Bauer
2f36b56417 Can now receive UDP broadcasts 
Still need to figure out how to receive UDP broadcast, but respond as
unicast. Not entirely sure yet.
 2019-10-24 19:03:48 +02:00
Johannes Bauer
60b1b2bf39 Refactoring of server code 
Consolidate server state into one struct, similar to our client
solution.
 2019-10-24 17:04:49 +02:00
Johannes Bauer
4ee2739bac Prettify Makefile 
Have the dependent objects in alphabetical order.
 2019-10-23 22:31:41 +02:00
Johannes Bauer
0e8e42d0ea Client and server commnunication now works 
We can send our little datagrams over and that works nicely. Need to
consolidate the PSK session establishment into one shared function.
 2019-10-23 21:54:10 +02:00
Johannes Bauer
983217ffbd Further work on the client code 
Trying to get everything in shape, not looking too bad.
 2019-10-23 21:13:50 +02:00
Johannes Bauer
425e2dcd66 Add client code back in 
Client code basis back in, parsing of command line options as well.
Client does not do anything yet, though.
 2019-10-23 20:13:25 +02:00
Johannes Bauer
9ea0a9695c Fix bug with commandline parsing 
For each parameter, all previous parameters were overwritten with
default values. Fixed.
 2019-10-23 20:01:54 +02:00
Johannes Bauer
2143adc91f Added detached thread handling code 
Make it easier to create a detached thread, it's always the same and
error-checking is quite repetitive.
 2019-10-23 19:47:26 +02:00
Johannes Bauer
3e5c7d541c Implement actual lookup of luksrku entry 
Now with a proper UUID the PSK is looked up from the key database.
 2019-10-23 15:28:38 +02:00
Johannes Bauer
d70bd1f672 TLS-PSK connection is working in TLSv1.3 
Apparently, I need to spell out "-ciphersuites
TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384" in the openssl
s_client command, or it simply will not work.
 2019-10-23 14:28:42 +02:00
Johannes Bauer
969eae12c7 Started with server implementation 
Running into issues with TLSv1.3-PSK. Connection establishment does not
work at the moment.
 2019-10-23 13:18:51 +02:00
Johannes Bauer
667ff55af1 Integrate editor properly from command line 
Now have a way to invoke the editor functionality from the command line
and also provisions to include the server and client parsers.
 2019-10-23 11:34:40 +02:00
Johannes Bauer
ecbf3827ca Integrate current state-of-affairs into luksrku 
Now integrated into the official Makefile. All functionality is broken
(was for a while), but it's progress nevertheless.
 2019-10-23 09:39:40 +02:00
Johannes Bauer
73ab437fc9 Include tags in released version number 
We want the displayed version number to contain tags, so add it to the
Makefile option.
 2019-10-19 15:06:39 +02:00
Johannes Bauer
363fc70f1c Use pkg-config and have git-based version number 
Use pkg-config to find OpenSSL headers and library. Use "git describe"
to determine current version.
 2019-10-19 14:47:54 +02:00
Johannes Bauer
781b10c0c9 Assume system-wide installed OpenSSL v1.1 
After Debian has pretty much migrated to v1.1, we now assume that
OpenSSL is preinstalled system-wide -- it's not experimental anymore.
Currently we assume it's preinstalled in /usr/local.
 2018-01-16 18:59:50 +01:00
Johannes Bauer
8b892e3347 Update OpenSSL version and change sig algs 
While the PSK cipher suites do not use any ECDHE/RSA signatures, in the
future someone may change the code. In that case, as a robustness
measure, already set the acceptable signature algorithms now.
Additionally upgrade to OpenSSL v1.1.0e and include the comment to
include X448 once it becomes available for TLS ECDHE (it's not yet,
unfortunately).
 2017-03-07 21:40:21 +01:00
Johannes Bauer
8f2dabc053 Change to build against OpenSSL 1.1.0b 
Critical CVE in 1.1.0a, upgrade immediately.
 2016-09-27 21:18:25 +02:00
Johannes Bauer
f2f6d091e1 Have a fairly decent help page 
Reused the help page generator from luksipc.
 2016-09-24 11:16:58 +02:00
Johannes Bauer
2df69508aa Initial import 2016-09-22 20:40:58 +02:00