Commit graph

92 commits

Author SHA1 Message Date
Rodolphe Bréard
8162fadf19 Hide schemes behind features 2024-04-20 11:48:58 +02:00
Rodolphe Bréard
76ef9a6820 Enforce line wrapping 2024-04-20 11:43:53 +02:00
Rodolphe Bréard
a5a917cfe2 Add a few assert 2024-04-07 22:46:14 +02:00
Rodolphe Bréard
1ebbef58e2 Add missing ? 2024-04-07 22:39:39 +02:00
Rodolphe Bréard
ba5c5d7dd0 Return the IKM id when adding, revoking or deleting an IKM 2024-04-07 22:32:55 +02:00
Rodolphe Bréard
67f1c247cc Have .delete_ikm() return an error if the requested id is not found 2024-04-07 22:23:25 +02:00
Rodolphe Bréard
af2c83f934 Set DEFAULT_SCHEME public 2024-04-07 22:17:01 +02:00
Rodolphe Bréard
51d543a064 Add more documentation 2024-04-07 22:10:40 +02:00
Rodolphe Bréard
a6a7e31459 Add documentation for the KeyContext 2024-04-07 17:41:41 +02:00
Rodolphe Bréard
224171c6d5 Allow to encrypt at a specific timestamp 2024-04-07 12:22:04 +02:00
Rodolphe Bréard
fd7dccddea Allow to compare errors 2024-04-07 12:21:23 +02:00
Rodolphe Bréard
5dec70af92 Rename the CipherBox as Coffio 2024-04-07 11:48:33 +02:00
Rodolphe Bréard
71647c31c5 Allow to spefify not_before and not_after when generating a custom IKM 2024-04-07 11:32:03 +02:00
Rodolphe Bréard
c22756a2c0 Hide the InputKeyMaterial properties and add accessors 2024-04-07 11:20:01 +02:00
Rodolphe Bréard
d47f68944a Rename created_at and expire_at as not_before and not_after 2024-04-07 11:12:23 +02:00
Rodolphe Bréard
3690351c13 Use the DOI Foundation links 2024-04-07 11:01:46 +02:00
Rodolphe Bréard
cba3c3946b Remove a nightly feature 2024-04-07 10:39:06 +02:00
Rodolphe Bréard
de9d4777aa Add some basic documentation 2024-04-05 00:17:01 +02:00
Rodolphe Bréard
0aac6402eb Change the randomly generated benchmark input
The xz backdoor relied on obfuscated test files that contained malicious
code instead of a real test. Since then, test and benchmark input that
cannot be explained should be considered suspicious.

Out of laziness, the input for the xl test (05) was generated through
the `openssl rand -hex` command, which outputs random data as an
hexadecimal string. Although I generated it myself and know there is
nothing hidden in there, I cannot prove it to someone else. Therefore, I
chose to stop using random data for this test and changed it to a
readable "lorem ipsum" string of the same size, like the other tests.

For more information about the xz backdoor and the context in which this
commit take place, please read:
CVE-2024-3094
https://www.openwall.com/lists/oss-security/2024/03/29/4
https://gynvael.coldwind.pl/?lang=en&id=782
https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27
2024-04-01 16:25:37 +02:00
Rodolphe Bréard
b41772c045 Document the reason for the AES-GCM noce size 2024-03-29 22:11:39 +01:00
Rodolphe Bréard
360917adb8 Add AES128-GCM to the benchmark 2024-03-24 14:38:03 +01:00
Rodolphe Bréard
747163f433 Check the size of the nonce 2024-03-24 12:17:29 +01:00
Rodolphe Bréard
ca86747862 Add support for AES128-GCM using HKDF-SHA256 to derive keys 2024-03-24 12:16:54 +01:00
Rodolphe Bréard
56db45cbad Add comments 2024-03-24 10:59:48 +01:00
Rodolphe Bréard
ae19a16531 Improve the context and IKM list APIs 2024-03-24 09:47:36 +01:00
Rodolphe Bréard
90c8a2aa87 API change: pass the data after the context 2024-03-24 09:25:27 +01:00
Rodolphe Bréard
c62029ee91 Add a benchmark 2024-03-23 19:23:14 +01:00
Rodolphe Bréard
16b2087627 Update cargo-deny 2024-03-23 11:41:45 +01:00
Rodolphe Bréard
e6f7167525 Move the EncryptedData struct to a dedicated module 2024-03-17 14:45:18 +01:00
Rodolphe Bréard
5803e2971d Remove the protection feature 2024-03-17 14:38:29 +01:00
Rodolphe Bréard
8cefe7c16b Move the scheme return fn type definitions to the scheme module 2024-03-17 14:35:26 +01:00
Rodolphe Bréard
b8539602f0 Move the context objects to a dedicated module 2024-03-17 14:31:01 +01:00
Rodolphe Bréard
749dc03f71 Replace the encrypt and decrypt function by the CipherBox struct 2024-03-17 14:23:03 +01:00
Rodolphe Bréard
47557fe350 Fix the features 2024-03-16 11:22:08 +01:00
Rodolphe Bréard
94b1809ffa Do not use expired IKMs 2024-03-16 10:29:06 +01:00
Rodolphe Bréard
66271877dc Return an error if the IKM list ID is invalid 2024-03-16 10:28:25 +01:00
Rodolphe Bréard
230f867502 Add tests for the IKM list 2024-03-16 10:27:03 +01:00
Rodolphe Bréard
bc3cfe71dc Add the IKM id and the nonce to the AAD 2024-03-11 14:55:08 +01:00
Rodolphe Bréard
bf98245b04 Improve the tests on ciphertext parsing 2024-03-11 10:52:15 +01:00
Rodolphe Bréard
232fdb6fb2 Add decryption tests 2024-03-11 10:44:08 +01:00
Rodolphe Bréard
ac5adcc4ed Add some ciphertext parsing test 2024-03-11 10:25:40 +01:00
Rodolphe Bréard
d922297e91 Use the DataContext type 2024-03-09 17:29:55 +01:00
Rodolphe Bréard
165b197a3a Add tests to the KDF 2024-03-09 16:27:23 +01:00
Rodolphe Bréard
cac466f5ed Use a NonZeroU64 since the periodicity cannot be zero 2024-03-09 16:26:21 +01:00
Rodolphe Bréard
61d38fb6d9 Rename the get_value method to get_ctx_elems 2024-03-09 16:09:34 +01:00
Rodolphe Bréard
35400b7278 Set a default key periodicity of 1 year 2024-03-09 12:40:28 +01:00
Rodolphe Bréard
e735198f6a Allow to set the key context periodicity 2024-03-09 11:50:27 +01:00
Rodolphe Bréard
9e3cfc2fd6 Use the time period instead of the timestamp 2024-03-09 11:49:40 +01:00
Rodolphe Bréard
4e40314c67 Reduce the default IKM duration to 10 years and document it 2024-03-02 14:55:57 +01:00
Rodolphe Bréard
bdfaf8adff Fix the features 2024-03-02 14:55:14 +01:00