Rodolphe Bréard
d47f68944a
Rename created_at and expire_at as not_before and not_after
2024-04-07 11:12:23 +02:00
Rodolphe Bréard
3690351c13
Use the DOI Foundation links
2024-04-07 11:01:46 +02:00
Rodolphe Bréard
cba3c3946b
Remove a nightly feature
2024-04-07 10:39:06 +02:00
Rodolphe Bréard
de9d4777aa
Add some basic documentation
2024-04-05 00:17:01 +02:00
Rodolphe Bréard
0aac6402eb
Change the randomly generated benchmark input
...
The xz backdoor relied on obfuscated test files that contained malicious
code instead of a real test. Since then, test and benchmark input that
cannot be explained should be considered suspicious.
Out of laziness, the input for the xl test (05) was generated through
the `openssl rand -hex` command, which outputs random data as an
hexadecimal string. Although I generated it myself and know there is
nothing hidden in there, I cannot prove it to someone else. Therefore, I
chose to stop using random data for this test and changed it to a
readable "lorem ipsum" string of the same size, like the other tests.
For more information about the xz backdoor and the context in which this
commit take place, please read:
CVE-2024-3094
https://www.openwall.com/lists/oss-security/2024/03/29/4
https://gynvael.coldwind.pl/?lang=en&id=782
https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27
2024-04-01 16:25:37 +02:00
Rodolphe Bréard
b41772c045
Document the reason for the AES-GCM noce size
2024-03-29 22:11:39 +01:00
Rodolphe Bréard
360917adb8
Add AES128-GCM to the benchmark
2024-03-24 14:38:03 +01:00
Rodolphe Bréard
747163f433
Check the size of the nonce
2024-03-24 12:17:29 +01:00
Rodolphe Bréard
ca86747862
Add support for AES128-GCM using HKDF-SHA256 to derive keys
2024-03-24 12:16:54 +01:00
Rodolphe Bréard
56db45cbad
Add comments
2024-03-24 10:59:48 +01:00
Rodolphe Bréard
ae19a16531
Improve the context and IKM list APIs
2024-03-24 09:47:36 +01:00
Rodolphe Bréard
90c8a2aa87
API change: pass the data after the context
2024-03-24 09:25:27 +01:00
Rodolphe Bréard
c62029ee91
Add a benchmark
2024-03-23 19:23:14 +01:00
Rodolphe Bréard
16b2087627
Update cargo-deny
2024-03-23 11:41:45 +01:00
Rodolphe Bréard
e6f7167525
Move the EncryptedData struct to a dedicated module
2024-03-17 14:45:18 +01:00
Rodolphe Bréard
5803e2971d
Remove the protection feature
2024-03-17 14:38:29 +01:00
Rodolphe Bréard
8cefe7c16b
Move the scheme return fn type definitions to the scheme module
2024-03-17 14:35:26 +01:00
Rodolphe Bréard
b8539602f0
Move the context objects to a dedicated module
2024-03-17 14:31:01 +01:00
Rodolphe Bréard
749dc03f71
Replace the encrypt and decrypt function by the CipherBox struct
2024-03-17 14:23:03 +01:00
Rodolphe Bréard
47557fe350
Fix the features
2024-03-16 11:22:08 +01:00
Rodolphe Bréard
94b1809ffa
Do not use expired IKMs
2024-03-16 10:29:06 +01:00
Rodolphe Bréard
66271877dc
Return an error if the IKM list ID is invalid
2024-03-16 10:28:25 +01:00
Rodolphe Bréard
230f867502
Add tests for the IKM list
2024-03-16 10:27:03 +01:00
Rodolphe Bréard
bc3cfe71dc
Add the IKM id and the nonce to the AAD
2024-03-11 14:55:08 +01:00
Rodolphe Bréard
bf98245b04
Improve the tests on ciphertext parsing
2024-03-11 10:52:15 +01:00
Rodolphe Bréard
232fdb6fb2
Add decryption tests
2024-03-11 10:44:08 +01:00
Rodolphe Bréard
ac5adcc4ed
Add some ciphertext parsing test
2024-03-11 10:25:40 +01:00
Rodolphe Bréard
d922297e91
Use the DataContext type
2024-03-09 17:29:55 +01:00
Rodolphe Bréard
165b197a3a
Add tests to the KDF
2024-03-09 16:27:23 +01:00
Rodolphe Bréard
cac466f5ed
Use a NonZeroU64 since the periodicity cannot be zero
2024-03-09 16:26:21 +01:00
Rodolphe Bréard
61d38fb6d9
Rename the get_value method to get_ctx_elems
2024-03-09 16:09:34 +01:00
Rodolphe Bréard
35400b7278
Set a default key periodicity of 1 year
2024-03-09 12:40:28 +01:00
Rodolphe Bréard
e735198f6a
Allow to set the key context periodicity
2024-03-09 11:50:27 +01:00
Rodolphe Bréard
9e3cfc2fd6
Use the time period instead of the timestamp
2024-03-09 11:49:40 +01:00
Rodolphe Bréard
4e40314c67
Reduce the default IKM duration to 10 years and document it
2024-03-02 14:55:57 +01:00
Rodolphe Bréard
bdfaf8adff
Fix the features
2024-03-02 14:55:14 +01:00
Rodolphe Bréard
a13411f122
Remove the use in the error module
2024-03-02 14:54:24 +01:00
Rodolphe Bréard
5da1e3f5b6
Add a dedicated type for the key context
2024-03-02 14:53:38 +01:00
Rodolphe Bréard
a0bbd6bf00
Improve error display in tests
2024-03-02 11:05:56 +01:00
Rodolphe Bréard
423476c987
Refactor the IKM storage format
2024-03-02 11:00:59 +01:00
Rodolphe Bréard
349ed79b4c
Update the readme
2024-02-25 23:05:22 +01:00
Rodolphe Bréard
15198f5286
Implement deref on the IKM list, mainly to allow iteration over IKMs
2024-02-25 18:14:13 +01:00
Rodolphe Bréard
395703dae4
Expose the IKM
2024-02-25 18:08:00 +01:00
Rodolphe Bréard
6ceb598c04
Allow to delete an IKM
2024-02-25 15:28:08 +01:00
Rodolphe Bréard
c6a3855847
Allow to revoke an IKM
2024-02-25 15:23:04 +01:00
Rodolphe Bréard
a1bf9e0bcc
Move the scheme related primitives to dedicated modules
2024-02-25 14:19:56 +01:00
Rodolphe Bréard
382492e915
Remove comments that went too obvious after refactoring the parts they were commenting
2024-02-25 14:06:43 +01:00
Rodolphe Bréard
85d0ee7e31
Implement decryption
2024-02-25 13:40:19 +01:00
Rodolphe Bréard
9a60461266
Fix the test
2024-02-25 13:36:58 +01:00
Rodolphe Bréard
58df7fb221
Add a type alias for the scheme serialize type
2024-02-25 12:03:06 +01:00