Georg/luksrku
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
98 Commits 3 Branches 4 Tags 284 KiB
bd929be9fa
Commit Graph

29 Commits

Author SHA1 Message Date
Johannes Bauer
47f7ca6c31 Fix numerous log format issues 
We had not declared function attributes that check the format syntax;
this led to a number of issues that remained undetected. Fixed.
 2021-06-26 22:48:33 +02:00
Johannes Bauer
9dc8164dcc Vaulted key database fully used 
Now all keys are encrypted when they're not in use to thwart cold-boot
attacks. Furthermore, all unlocking messages are sent in bulk to avoid
fragmentation and improve performance.
 2019-10-25 18:17:43 +02:00
Johannes Bauer
f01ec97d6b TLS-PSK now taken out of secure vault, but LUKS passphrases not 
LUKS passphrases still broken, they're copied over into the secure vault
but then not used (i.e., the zeroed-out originals are read).
 2019-10-25 18:02:51 +02:00
Johannes Bauer
17d1b9a52d Remove redundant files and add more info 
Show a more informative message when server's been successfully started
and remove unused files.
 2019-10-25 16:13:28 +02:00
Johannes Bauer
3478fa4555 Unlocking LUKS volumes works 
First complete technical round-trip complete, can unlock the LUKS
volumes described in the server/client databases successfully.
 2019-10-25 12:19:01 +02:00
Johannes Bauer
849e3a5949 Implemented finding of keyserver and unlocking of volumes 
We'll now parse the response messages on the client side, abort after a
previously defined timeout and trigger the LUKS unlocking process, if
requested (although the latter isn't fully implemented yet).
 2019-10-25 11:08:20 +02:00
Johannes Bauer
05e112065e Implemented proper query response on server side 
The server now checks the host database and responds correctly, but the
client still does not know how to get that response.
 2019-10-25 10:21:29 +02:00
Johannes Bauer
8c7c0e5870 Receiving broadcast messages and plausibility-checking 
Now we're receiving the client broadcasts on the server side and
checking if they match the magic number we're expecting.
 2019-10-25 09:33:20 +02:00
Johannes Bauer
2f36b56417 Can now receive UDP broadcasts 
Still need to figure out how to receive UDP broadcast, but respond as
unicast. Not entirely sure yet.
 2019-10-24 19:03:48 +02:00
Johannes Bauer
60b1b2bf39 Refactoring of server code 
Consolidate server state into one struct, similar to our client
solution.
 2019-10-24 17:04:49 +02:00
Johannes Bauer
36f9988fce Cleanup in server socket code 
This is ancient programming style. Bring it up to 2019.
 2019-10-23 22:13:36 +02:00
Johannes Bauer
6b5ed8f62c Remove unused code 
Old, now unused code removed entirely.
 2019-10-23 22:12:00 +02:00
Johannes Bauer
1f56e19361 Consolidated session establishment for client and server 
Essentially, they share most of the same code. Consolidate everything
into one function.
 2019-10-23 22:06:47 +02:00
Johannes Bauer
0e8e42d0ea Client and server commnunication now works 
We can send our little datagrams over and that works nicely. Need to
consolidate the PSK session establishment into one shared function.
 2019-10-23 21:54:10 +02:00
Johannes Bauer
983217ffbd Further work on the client code 
Trying to get everything in shape, not looking too bad.
 2019-10-23 21:13:50 +02:00
Johannes Bauer
425e2dcd66 Add client code back in 
Client code basis back in, parsing of command line options as well.
Client does not do anything yet, though.
 2019-10-23 20:13:25 +02:00
Johannes Bauer
9ea0a9695c Fix bug with commandline parsing 
For each parameter, all previous parameters were overwritten with
default values. Fixed.
 2019-10-23 20:01:54 +02:00
Johannes Bauer
2143adc91f Added detached thread handling code 
Make it easier to create a detached thread, it's always the same and
error-checking is quite repetitive.
 2019-10-23 19:47:26 +02:00
Johannes Bauer
603e63876f Server implementation seems to work 
Rudimentary functionality of server (not including responding to
announcements over UDP) is working now.
 2019-10-23 15:56:06 +02:00
Johannes Bauer
3e5c7d541c Implement actual lookup of luksrku entry 
Now with a proper UUID the PSK is looked up from the key database.
 2019-10-23 15:28:38 +02:00
Johannes Bauer
d70bd1f672 TLS-PSK connection is working in TLSv1.3 
Apparently, I need to spell out "-ciphersuites
TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384" in the openssl
s_client command, or it simply will not work.
 2019-10-23 14:28:42 +02:00
Johannes Bauer
969eae12c7 Started with server implementation 
Running into issues with TLSv1.3-PSK. Connection establishment does not
work at the moment.
 2019-10-23 13:18:51 +02:00
Johannes Bauer
667ff55af1 Integrate editor properly from command line 
Now have a way to invoke the editor functionality from the command line
and also provisions to include the server and client parsers.
 2019-10-23 11:34:40 +02:00
Johannes Bauer
aece35134e More debugging 
More debug output for password.
 2018-01-16 19:43:19 +01:00
Johannes Bauer
fd2e456076 Remove references to SSL and replace by TLS. 
We're using TLS, not SSL. Use the proper terminology.
 2017-03-07 21:48:00 +01:00
Johannes Bauer
6089d98721 Introduce --max-bcast-errs command line option 
This enables luksrku to terminate if a certain number of broadcast
attempts has failed (usually due to unavailable networking), therefore
enabling a second method of unlocking LUKS disks (e.g., by manually
entering the password on the console).
 2016-09-24 15:58:52 +02:00
Johannes Bauer
0d4d2220b2 Implemented unlock cnt and blacklist 
Can now unlock a specified number of hosts as specified on the command
line (e.g., if you want a luksrku client run indefinitely) and also used
the already implemented blacklisting functionality (i.e., if an
unlocking is unsuccessful, it is retried in 120 seconds, not
immediately, as not to spam servers with illegal credentials).
 2016-09-24 11:45:58 +02:00
Johannes Bauer
edb25da877 LICENSE added (GPLv3) 2016-09-22 20:47:43 +02:00
Johannes Bauer
2df69508aa Initial import 2016-09-22 20:40:58 +02:00