Johannes Bauer
78a8cd70c2
Disabled command line default timeout
...
The command line default timeout of 60 seconds always took precedence,
we removed it. Also added a debug statement that lets the user know how
long they will have to wait.
2021-06-27 13:29:43 +02:00
Johannes Bauer
37b239b179
Fixed issue with member access
...
This is kind of hacky, but it avoids the segfault at runtime. So,
preferrable. If we ever have more options, we need to properly generate
the argv[] array.
2021-06-27 12:32:44 +02:00
Johannes Bauer
af29d9cbf8
Preliminary file migration
...
Pretty raw and untested code which migrates data from v2 to v3,
introducing a new field in the process. This field is neither editable
as of now nor is it honored if it were set.
2021-06-27 00:28:00 +02:00
Johannes Bauer
b0909557ad
Refactoring of version code
...
We want to introduce a new feature (volumes with discard support) which
will cause file incompatibility. This means we need to prepare data
migration code. This prepares that change.
2021-06-26 23:34:26 +02:00
Johannes Bauer
5400e3716a
Documentation of usage
...
Added documentation of simple usage and also integration into initramfs.
2019-10-25 18:39:10 +02:00
Johannes Bauer
40a0871e03
Vault creation works
...
We can now generated a vaulted key database from the key database and
cleanse the original key data.
2019-10-25 17:18:09 +02:00
Johannes Bauer
6ac94dbd83
Integrate vault into build process
...
Right now it's still not used, but integrated into the build process
anyways.
2019-10-25 16:16:13 +02:00
Johannes Bauer
78104a8b87
Remove debugging and set default timeout
...
While timeout was announced in "client" help page, it wasn't effective.
Fixed. Also disable debugging.
2019-10-25 13:24:08 +02:00
Johannes Bauer
3478fa4555
Unlocking LUKS volumes works
...
First complete technical round-trip complete, can unlock the LUKS
volumes described in the server/client databases successfully.
2019-10-25 12:19:01 +02:00
Johannes Bauer
849e3a5949
Implemented finding of keyserver and unlocking of volumes
...
We'll now parse the response messages on the client side, abort after a
previously defined timeout and trigger the LUKS unlocking process, if
requested (although the latter isn't fully implemented yet).
2019-10-25 11:08:20 +02:00
Johannes Bauer
05e112065e
Implemented proper query response on server side
...
The server now checks the host database and responds correctly, but the
client still does not know how to get that response.
2019-10-25 10:21:29 +02:00
Johannes Bauer
2f36b56417
Can now receive UDP broadcasts
...
Still need to figure out how to receive UDP broadcast, but respond as
unicast. Not entirely sure yet.
2019-10-24 19:03:48 +02:00
Johannes Bauer
60b1b2bf39
Refactoring of server code
...
Consolidate server state into one struct, similar to our client
solution.
2019-10-24 17:04:49 +02:00
Johannes Bauer
4ee2739bac
Prettify Makefile
...
Have the dependent objects in alphabetical order.
2019-10-23 22:31:41 +02:00
Johannes Bauer
0e8e42d0ea
Client and server commnunication now works
...
We can send our little datagrams over and that works nicely. Need to
consolidate the PSK session establishment into one shared function.
2019-10-23 21:54:10 +02:00
Johannes Bauer
983217ffbd
Further work on the client code
...
Trying to get everything in shape, not looking too bad.
2019-10-23 21:13:50 +02:00
Johannes Bauer
425e2dcd66
Add client code back in
...
Client code basis back in, parsing of command line options as well.
Client does not do anything yet, though.
2019-10-23 20:13:25 +02:00
Johannes Bauer
9ea0a9695c
Fix bug with commandline parsing
...
For each parameter, all previous parameters were overwritten with
default values. Fixed.
2019-10-23 20:01:54 +02:00
Johannes Bauer
2143adc91f
Added detached thread handling code
...
Make it easier to create a detached thread, it's always the same and
error-checking is quite repetitive.
2019-10-23 19:47:26 +02:00
Johannes Bauer
3e5c7d541c
Implement actual lookup of luksrku entry
...
Now with a proper UUID the PSK is looked up from the key database.
2019-10-23 15:28:38 +02:00
Johannes Bauer
d70bd1f672
TLS-PSK connection is working in TLSv1.3
...
Apparently, I need to spell out "-ciphersuites
TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384" in the openssl
s_client command, or it simply will not work.
2019-10-23 14:28:42 +02:00
Johannes Bauer
969eae12c7
Started with server implementation
...
Running into issues with TLSv1.3-PSK. Connection establishment does not
work at the moment.
2019-10-23 13:18:51 +02:00
Johannes Bauer
667ff55af1
Integrate editor properly from command line
...
Now have a way to invoke the editor functionality from the command line
and also provisions to include the server and client parsers.
2019-10-23 11:34:40 +02:00
Johannes Bauer
ecbf3827ca
Integrate current state-of-affairs into luksrku
...
Now integrated into the official Makefile. All functionality is broken
(was for a while), but it's progress nevertheless.
2019-10-23 09:39:40 +02:00
Johannes Bauer
73ab437fc9
Include tags in released version number
...
We want the displayed version number to contain tags, so add it to the
Makefile option.
2019-10-19 15:06:39 +02:00
Johannes Bauer
363fc70f1c
Use pkg-config and have git-based version number
...
Use pkg-config to find OpenSSL headers and library. Use "git describe"
to determine current version.
2019-10-19 14:47:54 +02:00
Johannes Bauer
781b10c0c9
Assume system-wide installed OpenSSL v1.1
...
After Debian has pretty much migrated to v1.1, we now assume that
OpenSSL is preinstalled system-wide -- it's not experimental anymore.
Currently we assume it's preinstalled in /usr/local.
2018-01-16 18:59:50 +01:00
Johannes Bauer
8b892e3347
Update OpenSSL version and change sig algs
...
While the PSK cipher suites do not use any ECDHE/RSA signatures, in the
future someone may change the code. In that case, as a robustness
measure, already set the acceptable signature algorithms now.
Additionally upgrade to OpenSSL v1.1.0e and include the comment to
include X448 once it becomes available for TLS ECDHE (it's not yet,
unfortunately).
2017-03-07 21:40:21 +01:00
Johannes Bauer
8f2dabc053
Change to build against OpenSSL 1.1.0b
...
Critical CVE in 1.1.0a, upgrade immediately.
2016-09-27 21:18:25 +02:00
Johannes Bauer
f2f6d091e1
Have a fairly decent help page
...
Reused the help page generator from luksipc.
2016-09-24 11:16:58 +02:00
Johannes Bauer
2df69508aa
Initial import
2016-09-22 20:40:58 +02:00