rodolphe/coffio
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
82 commits 1 branch 1 tag 7.2 MiB
Commit graph

82 commits

This branch
This branch
All branches
Author SHA1 Message Date
Rodolphe Bréard
fd7dccddea Allow to compare errors 2024-04-07 12:21:23 +02:00
Rodolphe Bréard
5dec70af92 Rename the CipherBox as Coffio 2024-04-07 11:48:33 +02:00
Rodolphe Bréard
71647c31c5 Allow to spefify not_before and not_after when generating a custom IKM 2024-04-07 11:32:03 +02:00
Rodolphe Bréard
c22756a2c0 Hide the InputKeyMaterial properties and add accessors 2024-04-07 11:20:01 +02:00
Rodolphe Bréard
d47f68944a Rename created_at and expire_at as not_before and not_after 2024-04-07 11:12:23 +02:00
Rodolphe Bréard
3690351c13 Use the DOI Foundation links 2024-04-07 11:01:46 +02:00
Rodolphe Bréard
cba3c3946b Remove a nightly feature 2024-04-07 10:39:06 +02:00
Rodolphe Bréard
de9d4777aa Add some basic documentation 2024-04-05 00:17:01 +02:00
Rodolphe Bréard
0aac6402eb Change the randomly generated benchmark input 
The xz backdoor relied on obfuscated test files that contained malicious
code instead of a real test. Since then, test and benchmark input that
cannot be explained should be considered suspicious.

Out of laziness, the input for the xl test (05) was generated through
the `openssl rand -hex` command, which outputs random data as an
hexadecimal string. Although I generated it myself and know there is
nothing hidden in there, I cannot prove it to someone else. Therefore, I
chose to stop using random data for this test and changed it to a
readable "lorem ipsum" string of the same size, like the other tests.

For more information about the xz backdoor and the context in which this
commit take place, please read:
CVE-2024-3094
https://www.openwall.com/lists/oss-security/2024/03/29/4
https://gynvael.coldwind.pl/?lang=en&id=782
https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27
 2024-04-01 16:25:37 +02:00
Rodolphe Bréard
b41772c045 Document the reason for the AES-GCM noce size 2024-03-29 22:11:39 +01:00
Rodolphe Bréard
360917adb8 Add AES128-GCM to the benchmark 2024-03-24 14:38:03 +01:00
Rodolphe Bréard
747163f433 Check the size of the nonce 2024-03-24 12:17:29 +01:00
Rodolphe Bréard
ca86747862 Add support for AES128-GCM using HKDF-SHA256 to derive keys 2024-03-24 12:16:54 +01:00
Rodolphe Bréard
56db45cbad Add comments 2024-03-24 10:59:48 +01:00
Rodolphe Bréard
ae19a16531 Improve the context and IKM list APIs 2024-03-24 09:47:36 +01:00
Rodolphe Bréard
90c8a2aa87 API change: pass the data after the context 2024-03-24 09:25:27 +01:00
Rodolphe Bréard
c62029ee91 Add a benchmark 2024-03-23 19:23:14 +01:00
Rodolphe Bréard
16b2087627 Update cargo-deny 2024-03-23 11:41:45 +01:00
Rodolphe Bréard
e6f7167525 Move the EncryptedData struct to a dedicated module 2024-03-17 14:45:18 +01:00
Rodolphe Bréard
5803e2971d Remove the protection feature 2024-03-17 14:38:29 +01:00
Rodolphe Bréard
8cefe7c16b Move the scheme return fn type definitions to the scheme module 2024-03-17 14:35:26 +01:00
Rodolphe Bréard
b8539602f0 Move the context objects to a dedicated module 2024-03-17 14:31:01 +01:00
Rodolphe Bréard
749dc03f71 Replace the encrypt and decrypt function by the CipherBox struct 2024-03-17 14:23:03 +01:00
Rodolphe Bréard
47557fe350 Fix the features 2024-03-16 11:22:08 +01:00
Rodolphe Bréard
94b1809ffa Do not use expired IKMs 2024-03-16 10:29:06 +01:00
Rodolphe Bréard
66271877dc Return an error if the IKM list ID is invalid 2024-03-16 10:28:25 +01:00
Rodolphe Bréard
230f867502 Add tests for the IKM list 2024-03-16 10:27:03 +01:00
Rodolphe Bréard
bc3cfe71dc Add the IKM id and the nonce to the AAD 2024-03-11 14:55:08 +01:00
Rodolphe Bréard
bf98245b04 Improve the tests on ciphertext parsing 2024-03-11 10:52:15 +01:00
Rodolphe Bréard
232fdb6fb2 Add decryption tests 2024-03-11 10:44:08 +01:00
Rodolphe Bréard
ac5adcc4ed Add some ciphertext parsing test 2024-03-11 10:25:40 +01:00
Rodolphe Bréard
d922297e91 Use the DataContext type 2024-03-09 17:29:55 +01:00
Rodolphe Bréard
165b197a3a Add tests to the KDF 2024-03-09 16:27:23 +01:00
Rodolphe Bréard
cac466f5ed Use a NonZeroU64 since the periodicity cannot be zero 2024-03-09 16:26:21 +01:00
Rodolphe Bréard
61d38fb6d9 Rename the get_value method to get_ctx_elems 2024-03-09 16:09:34 +01:00
Rodolphe Bréard
35400b7278 Set a default key periodicity of 1 year 2024-03-09 12:40:28 +01:00
Rodolphe Bréard
e735198f6a Allow to set the key context periodicity 2024-03-09 11:50:27 +01:00
Rodolphe Bréard
9e3cfc2fd6 Use the time period instead of the timestamp 2024-03-09 11:49:40 +01:00
Rodolphe Bréard
4e40314c67 Reduce the default IKM duration to 10 years and document it 2024-03-02 14:55:57 +01:00
Rodolphe Bréard
bdfaf8adff Fix the features 2024-03-02 14:55:14 +01:00
Rodolphe Bréard
a13411f122 Remove the use in the error module 2024-03-02 14:54:24 +01:00
Rodolphe Bréard
5da1e3f5b6 Add a dedicated type for the key context 2024-03-02 14:53:38 +01:00
Rodolphe Bréard
a0bbd6bf00 Improve error display in tests 2024-03-02 11:05:56 +01:00
Rodolphe Bréard
423476c987 Refactor the IKM storage format 2024-03-02 11:00:59 +01:00
Rodolphe Bréard
349ed79b4c Update the readme 2024-02-25 23:05:22 +01:00
Rodolphe Bréard
15198f5286 Implement deref on the IKM list, mainly to allow iteration over IKMs 2024-02-25 18:14:13 +01:00
Rodolphe Bréard
395703dae4 Expose the IKM 2024-02-25 18:08:00 +01:00
Rodolphe Bréard
6ceb598c04 Allow to delete an IKM 2024-02-25 15:28:08 +01:00
Rodolphe Bréard
c6a3855847 Allow to revoke an IKM 2024-02-25 15:23:04 +01:00
Rodolphe Bréard
a1bf9e0bcc Move the scheme related primitives to dedicated modules 2024-02-25 14:19:56 +01:00