rodolphe/coffio
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
74 commits 1 branch 1 tag 7.2 MiB
Commit graph

74 commits

This branch
This branch
All branches
Author SHA1 Message Date
Rodolphe Bréard
0aac6402eb Change the randomly generated benchmark input 
The xz backdoor relied on obfuscated test files that contained malicious
code instead of a real test. Since then, test and benchmark input that
cannot be explained should be considered suspicious.

Out of laziness, the input for the xl test (05) was generated through
the `openssl rand -hex` command, which outputs random data as an
hexadecimal string. Although I generated it myself and know there is
nothing hidden in there, I cannot prove it to someone else. Therefore, I
chose to stop using random data for this test and changed it to a
readable "lorem ipsum" string of the same size, like the other tests.

For more information about the xz backdoor and the context in which this
commit take place, please read:
CVE-2024-3094
https://www.openwall.com/lists/oss-security/2024/03/29/4
https://gynvael.coldwind.pl/?lang=en&id=782
https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27
 2024-04-01 16:25:37 +02:00
Rodolphe Bréard
b41772c045 Document the reason for the AES-GCM noce size 2024-03-29 22:11:39 +01:00
Rodolphe Bréard
360917adb8 Add AES128-GCM to the benchmark 2024-03-24 14:38:03 +01:00
Rodolphe Bréard
747163f433 Check the size of the nonce 2024-03-24 12:17:29 +01:00
Rodolphe Bréard
ca86747862 Add support for AES128-GCM using HKDF-SHA256 to derive keys 2024-03-24 12:16:54 +01:00
Rodolphe Bréard
56db45cbad Add comments 2024-03-24 10:59:48 +01:00
Rodolphe Bréard
ae19a16531 Improve the context and IKM list APIs 2024-03-24 09:47:36 +01:00
Rodolphe Bréard
90c8a2aa87 API change: pass the data after the context 2024-03-24 09:25:27 +01:00
Rodolphe Bréard
c62029ee91 Add a benchmark 2024-03-23 19:23:14 +01:00
Rodolphe Bréard
16b2087627 Update cargo-deny 2024-03-23 11:41:45 +01:00
Rodolphe Bréard
e6f7167525 Move the EncryptedData struct to a dedicated module 2024-03-17 14:45:18 +01:00
Rodolphe Bréard
5803e2971d Remove the protection feature 2024-03-17 14:38:29 +01:00
Rodolphe Bréard
8cefe7c16b Move the scheme return fn type definitions to the scheme module 2024-03-17 14:35:26 +01:00
Rodolphe Bréard
b8539602f0 Move the context objects to a dedicated module 2024-03-17 14:31:01 +01:00
Rodolphe Bréard
749dc03f71 Replace the encrypt and decrypt function by the CipherBox struct 2024-03-17 14:23:03 +01:00
Rodolphe Bréard
47557fe350 Fix the features 2024-03-16 11:22:08 +01:00
Rodolphe Bréard
94b1809ffa Do not use expired IKMs 2024-03-16 10:29:06 +01:00
Rodolphe Bréard
66271877dc Return an error if the IKM list ID is invalid 2024-03-16 10:28:25 +01:00
Rodolphe Bréard
230f867502 Add tests for the IKM list 2024-03-16 10:27:03 +01:00
Rodolphe Bréard
bc3cfe71dc Add the IKM id and the nonce to the AAD 2024-03-11 14:55:08 +01:00
Rodolphe Bréard
bf98245b04 Improve the tests on ciphertext parsing 2024-03-11 10:52:15 +01:00
Rodolphe Bréard
232fdb6fb2 Add decryption tests 2024-03-11 10:44:08 +01:00
Rodolphe Bréard
ac5adcc4ed Add some ciphertext parsing test 2024-03-11 10:25:40 +01:00
Rodolphe Bréard
d922297e91 Use the DataContext type 2024-03-09 17:29:55 +01:00
Rodolphe Bréard
165b197a3a Add tests to the KDF 2024-03-09 16:27:23 +01:00
Rodolphe Bréard
cac466f5ed Use a NonZeroU64 since the periodicity cannot be zero 2024-03-09 16:26:21 +01:00
Rodolphe Bréard
61d38fb6d9 Rename the get_value method to get_ctx_elems 2024-03-09 16:09:34 +01:00
Rodolphe Bréard
35400b7278 Set a default key periodicity of 1 year 2024-03-09 12:40:28 +01:00
Rodolphe Bréard
e735198f6a Allow to set the key context periodicity 2024-03-09 11:50:27 +01:00
Rodolphe Bréard
9e3cfc2fd6 Use the time period instead of the timestamp 2024-03-09 11:49:40 +01:00
Rodolphe Bréard
4e40314c67 Reduce the default IKM duration to 10 years and document it 2024-03-02 14:55:57 +01:00
Rodolphe Bréard
bdfaf8adff Fix the features 2024-03-02 14:55:14 +01:00
Rodolphe Bréard
a13411f122 Remove the use in the error module 2024-03-02 14:54:24 +01:00
Rodolphe Bréard
5da1e3f5b6 Add a dedicated type for the key context 2024-03-02 14:53:38 +01:00
Rodolphe Bréard
a0bbd6bf00 Improve error display in tests 2024-03-02 11:05:56 +01:00
Rodolphe Bréard
423476c987 Refactor the IKM storage format 2024-03-02 11:00:59 +01:00
Rodolphe Bréard
349ed79b4c Update the readme 2024-02-25 23:05:22 +01:00
Rodolphe Bréard
15198f5286 Implement deref on the IKM list, mainly to allow iteration over IKMs 2024-02-25 18:14:13 +01:00
Rodolphe Bréard
395703dae4 Expose the IKM 2024-02-25 18:08:00 +01:00
Rodolphe Bréard
6ceb598c04 Allow to delete an IKM 2024-02-25 15:28:08 +01:00
Rodolphe Bréard
c6a3855847 Allow to revoke an IKM 2024-02-25 15:23:04 +01:00
Rodolphe Bréard
a1bf9e0bcc Move the scheme related primitives to dedicated modules 2024-02-25 14:19:56 +01:00
Rodolphe Bréard
382492e915 Remove comments that went too obvious after refactoring the parts they were commenting 2024-02-25 14:06:43 +01:00
Rodolphe Bréard
85d0ee7e31 Implement decryption 2024-02-25 13:40:19 +01:00
Rodolphe Bréard
9a60461266 Fix the test 2024-02-25 13:36:58 +01:00
Rodolphe Bréard
58df7fb221 Add a type alias for the scheme serialize type 2024-02-25 12:03:06 +01:00
Rodolphe Bréard
929d089e56 Add a type for the counter id 2024-02-25 11:57:04 +01:00
Rodolphe Bréard
524b2993de Add a type for the IKM id 2024-02-25 11:53:52 +01:00
Rodolphe Bréard
59c36b0ebe Rename the parsing errors using the module name 2024-02-25 11:46:08 +01:00
Rodolphe Bréard
16d4e19617 Parse the stored encrypted data 2024-02-25 11:41:30 +01:00