Georg/luksrku
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
96 Commits 3 Branches 4 Tags 284 KiB
265dd0582a
Commit Graph

10 Commits

Author SHA1 Message Date
Johannes Bauer
265dd0582a Modify keying in vault 
We currently derive the dkey from the source key at every open or close
(decrypt or encrypt) operation. However, we want to keep the time that
the internal data is exposed (decrypted) as short as possible. While the
vault is open, there's no problem keeping a copy of the dkey around
(because the data is decrypted anyways, therefore it isn't important).
So we change things around and, at the expense of doubling the time that
decryption takes, we make encryption extremely fast. We do this by
computing the next (rekeyed) key at the start of the decryption routine
(but before the data has been decrypted) and keep the dkey stored in the
vault structure for direct access on the next encryption run.
 2019-10-26 12:55:25 +02:00
Johannes Bauer
8681e49561 Slight refactoring of vault code 
We want to keep the dkey in the vault structure as long as it's open
(because only the open operation should take long, the close operation
should be really fast).
 2019-10-26 10:33:36 +02:00
Johannes Bauer
40a0871e03 Vault creation works 
We can now generated a vaulted key database from the key database and
cleanse the original key data.
 2019-10-25 17:18:09 +02:00
Johannes Bauer
0bf0759c9c Make vault threadsafe 
We might have multiple processes accessing the vault and need to always
keep a proper reference count.
 2019-10-25 16:30:46 +02:00
Johannes Bauer
54063ec025 Remove duplicate "now" function 
We also have this functionality in util, no need to copy it.
 2019-10-25 16:21:37 +02:00
Johannes Bauer
6ac94dbd83 Integrate vault into build process 
Right now it's still not used, but integrated into the build process
anyways.
 2019-10-25 16:16:13 +02:00
Johannes Bauer
52dee3bad0 More tests to show key changes 
Demonstrating that a new key is chosen on every close operation.
 2019-10-19 11:32:32 +02:00
Johannes Bauer
d8208fbab5 Make vault iteration count adaptible to hardware 
We want to specify a real time for key derivation and let it figure out
by itself how many iterations it needs.
 2019-10-19 11:29:39 +02:00
Johannes Bauer
1312bce9af Add license header to vault files 
Since this was just work-in-progress, I had forgotten to include license
header text.
 2019-10-19 11:10:03 +02:00
Johannes Bauer
aa9fa3e995 Started working on a coldboot-resistant "vault" implementation 
When not needed, encrypt the keys in-memory with a large pre-key so that
forensic acquisition of data using coldboot becomes infeasible. Not used
yet internally.
 2019-10-19 11:07:55 +02:00