Commit graph

76 commits

Author SHA1 Message Date
Rodolphe Bréard
cba3c3946b Remove a nightly feature 2024-04-07 10:39:06 +02:00
Rodolphe Bréard
de9d4777aa Add some basic documentation 2024-04-05 00:17:01 +02:00
Rodolphe Bréard
0aac6402eb Change the randomly generated benchmark input
The xz backdoor relied on obfuscated test files that contained malicious
code instead of a real test. Since then, test and benchmark input that
cannot be explained should be considered suspicious.

Out of laziness, the input for the xl test (05) was generated through
the `openssl rand -hex` command, which outputs random data as an
hexadecimal string. Although I generated it myself and know there is
nothing hidden in there, I cannot prove it to someone else. Therefore, I
chose to stop using random data for this test and changed it to a
readable "lorem ipsum" string of the same size, like the other tests.

For more information about the xz backdoor and the context in which this
commit take place, please read:
CVE-2024-3094
https://www.openwall.com/lists/oss-security/2024/03/29/4
https://gynvael.coldwind.pl/?lang=en&id=782
https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27
2024-04-01 16:25:37 +02:00
Rodolphe Bréard
b41772c045 Document the reason for the AES-GCM noce size 2024-03-29 22:11:39 +01:00
Rodolphe Bréard
360917adb8 Add AES128-GCM to the benchmark 2024-03-24 14:38:03 +01:00
Rodolphe Bréard
747163f433 Check the size of the nonce 2024-03-24 12:17:29 +01:00
Rodolphe Bréard
ca86747862 Add support for AES128-GCM using HKDF-SHA256 to derive keys 2024-03-24 12:16:54 +01:00
Rodolphe Bréard
56db45cbad Add comments 2024-03-24 10:59:48 +01:00
Rodolphe Bréard
ae19a16531 Improve the context and IKM list APIs 2024-03-24 09:47:36 +01:00
Rodolphe Bréard
90c8a2aa87 API change: pass the data after the context 2024-03-24 09:25:27 +01:00
Rodolphe Bréard
c62029ee91 Add a benchmark 2024-03-23 19:23:14 +01:00
Rodolphe Bréard
16b2087627 Update cargo-deny 2024-03-23 11:41:45 +01:00
Rodolphe Bréard
e6f7167525 Move the EncryptedData struct to a dedicated module 2024-03-17 14:45:18 +01:00
Rodolphe Bréard
5803e2971d Remove the protection feature 2024-03-17 14:38:29 +01:00
Rodolphe Bréard
8cefe7c16b Move the scheme return fn type definitions to the scheme module 2024-03-17 14:35:26 +01:00
Rodolphe Bréard
b8539602f0 Move the context objects to a dedicated module 2024-03-17 14:31:01 +01:00
Rodolphe Bréard
749dc03f71 Replace the encrypt and decrypt function by the CipherBox struct 2024-03-17 14:23:03 +01:00
Rodolphe Bréard
47557fe350 Fix the features 2024-03-16 11:22:08 +01:00
Rodolphe Bréard
94b1809ffa Do not use expired IKMs 2024-03-16 10:29:06 +01:00
Rodolphe Bréard
66271877dc Return an error if the IKM list ID is invalid 2024-03-16 10:28:25 +01:00
Rodolphe Bréard
230f867502 Add tests for the IKM list 2024-03-16 10:27:03 +01:00
Rodolphe Bréard
bc3cfe71dc Add the IKM id and the nonce to the AAD 2024-03-11 14:55:08 +01:00
Rodolphe Bréard
bf98245b04 Improve the tests on ciphertext parsing 2024-03-11 10:52:15 +01:00
Rodolphe Bréard
232fdb6fb2 Add decryption tests 2024-03-11 10:44:08 +01:00
Rodolphe Bréard
ac5adcc4ed Add some ciphertext parsing test 2024-03-11 10:25:40 +01:00
Rodolphe Bréard
d922297e91 Use the DataContext type 2024-03-09 17:29:55 +01:00
Rodolphe Bréard
165b197a3a Add tests to the KDF 2024-03-09 16:27:23 +01:00
Rodolphe Bréard
cac466f5ed Use a NonZeroU64 since the periodicity cannot be zero 2024-03-09 16:26:21 +01:00
Rodolphe Bréard
61d38fb6d9 Rename the get_value method to get_ctx_elems 2024-03-09 16:09:34 +01:00
Rodolphe Bréard
35400b7278 Set a default key periodicity of 1 year 2024-03-09 12:40:28 +01:00
Rodolphe Bréard
e735198f6a Allow to set the key context periodicity 2024-03-09 11:50:27 +01:00
Rodolphe Bréard
9e3cfc2fd6 Use the time period instead of the timestamp 2024-03-09 11:49:40 +01:00
Rodolphe Bréard
4e40314c67 Reduce the default IKM duration to 10 years and document it 2024-03-02 14:55:57 +01:00
Rodolphe Bréard
bdfaf8adff Fix the features 2024-03-02 14:55:14 +01:00
Rodolphe Bréard
a13411f122 Remove the use in the error module 2024-03-02 14:54:24 +01:00
Rodolphe Bréard
5da1e3f5b6 Add a dedicated type for the key context 2024-03-02 14:53:38 +01:00
Rodolphe Bréard
a0bbd6bf00 Improve error display in tests 2024-03-02 11:05:56 +01:00
Rodolphe Bréard
423476c987 Refactor the IKM storage format 2024-03-02 11:00:59 +01:00
Rodolphe Bréard
349ed79b4c Update the readme 2024-02-25 23:05:22 +01:00
Rodolphe Bréard
15198f5286 Implement deref on the IKM list, mainly to allow iteration over IKMs 2024-02-25 18:14:13 +01:00
Rodolphe Bréard
395703dae4 Expose the IKM 2024-02-25 18:08:00 +01:00
Rodolphe Bréard
6ceb598c04 Allow to delete an IKM 2024-02-25 15:28:08 +01:00
Rodolphe Bréard
c6a3855847 Allow to revoke an IKM 2024-02-25 15:23:04 +01:00
Rodolphe Bréard
a1bf9e0bcc Move the scheme related primitives to dedicated modules 2024-02-25 14:19:56 +01:00
Rodolphe Bréard
382492e915 Remove comments that went too obvious after refactoring the parts they were commenting 2024-02-25 14:06:43 +01:00
Rodolphe Bréard
85d0ee7e31 Implement decryption 2024-02-25 13:40:19 +01:00
Rodolphe Bréard
9a60461266 Fix the test 2024-02-25 13:36:58 +01:00
Rodolphe Bréard
58df7fb221 Add a type alias for the scheme serialize type 2024-02-25 12:03:06 +01:00
Rodolphe Bréard
929d089e56 Add a type for the counter id 2024-02-25 11:57:04 +01:00
Rodolphe Bréard
524b2993de Add a type for the IKM id 2024-02-25 11:53:52 +01:00