Commit cee5b70b authored by bernd's avatar bernd

locked memory for secrets

parent deae0ca6
......@@ -21,23 +21,23 @@ UValue test# 0 to test#
: test-keys ( -- ) \ yes, use these keys *only* for testing!
\ revoke: 58AB8F52F46E73EFAB068F6337F371E14DD589BF0894D2F0AF51AE7EBB858A68
x" A91158F2C560ACCDFEFC05104B922E49C9DD022D0163921DAE08E6C2148A7BEBC83C71FCB345D24400D866C7FD32092C2D1EC056FD17B9537037590BD021EEBF" key:new
x" B2578B8766DB3A60F1F4F36B276924FDA6E7F559F629716BC78D95DB1CD8D400" ke-sk $! +seckey
x" B2578B8766DB3A60F1F4F36B276924FDA6E7F559F629716BC78D95DB1CD8D400" ke-sk sec! +seckey
"test" ke-nick $! $1367B086A24E6B10. d>64 ke-first 64! 0 ke-type !
\ revoke: 5843E2DC055E1F8BE14570A37B0F81146040A2CEE1D6C01B97C3BB801CDED864
x" 69D86C471E5FEED89478FB4260C898B6F69026BA4E78A9D815B53EB33CA9013A8E753EC381881FAAFFA66CD9DD47D3F2C0867E1A2B48067CA2188DF400C11074" key:new
x" 5905350A6B4B5DE29C2CA4562BB105EF570713CE648E38F6FBBB6D076D141B0A" ke-sk $! +seckey
x" 5905350A6B4B5DE29C2CA4562BB105EF570713CE648E38F6FBBB6D076D141B0A" ke-sk sec! +seckey
"anonymous" ke-nick $! $1367B086A255C9C2. d>64 ke-first 64! 0 ke-type !
\ revoke: 38A6FB42FF41A690A108DCA460CC0D15AE3C1C23FFFA9E92583FFD9FB16AD276
x" 7A0FFD3D31ED822D683D685EA5689C91CB170B54A82F0E53554D34584F90DB017750513CDC1F1DC7F8F61214ED4BC801CF70C3D5FC90F716F2363038ACEE58BD" key:new
x" AAB952DD5D1850F1B468EEF84F72552148070C3F499600FE362934970329FE04" ke-sk $! +seckey
x" AAB952DD5D1850F1B468EEF84F72552148070C3F499600FE362934970329FE04" ke-sk sec! +seckey
"alice" ke-nick $! $1367B086A25CEF70. d>64 ke-first 64! 1 ke-type !
\ revoke: D82AF4AE7CD3DA7316CE6F26BC5792F4F5E6B36B4C14F7D60C49B421AE1D5468
x" 1A20176C79D26402811945CFC241116BAFB52DD033492044DB5CFEECCA21E6E49F350B40A28D83B618361167D13B51A4EFCE919C7BB6BDCC570D9B7031A0428E" key:new
x" 6B65577985D851753ACFFFFB00360C70C267420132204A17F4468D9CACDB010F" ke-sk $! +seckey
x" 6B65577985D851753ACFFFFB00360C70C267420132204A17F4468D9CACDB010F" ke-sk sec! +seckey
"bob" ke-nick $! $1367B086A26436A9. d>64 ke-first 64! 1 ke-type !
\ revoke: 7821DA41AFBB8F7356E2EB7059BE70321D7ADCDAD8C504998627CBB9366AB752
x" 9483FBBB98A5BFE792206519FB2BAF9EE21FE863ABE981AB1C209123D40E1969EA7C68162DF5340142524D6BE3E407B065824D1E3582E6209CA03876F406EBCA" key:new
x" 693D7EF6BF0E0CEFB0654EB95AB7C729B8799F850CAB24B1211116ED72EA3602" ke-sk $! +seckey
x" 693D7EF6BF0E0CEFB0654EB95AB7C729B8799F850CAB24B1211116ED72EA3602" ke-sk sec! +seckey
"eve" ke-nick $! $1367B086A26B4E42. d>64 ke-first 64! 1 ke-type !
;
......
......@@ -55,7 +55,8 @@ end-class edbuf-c
: init-ed25519
edbuf @ IF task-id @ up@ = ?EXIT THEN
edbuf-c new edbuf ! up@ task-id ! ;
[: edbuf-c new edbuf ! ;] crypto-a with-allocater
up@ task-id ! ;
init-ed25519
......
\ crypto region based allocation
\ Copyright (C) 2014 Bernd Paysan
\ This program is free software: you can redistribute it and/or modify
\ it under the terms of the GNU Affero General Public License as published by
\ the Free Software Foundation, either version 3 of the License, or
\ (at your option) any later version.
\ This program is distributed in the hope that it will be useful,
\ but WITHOUT ANY WARRANTY; without even the implied warranty of
\ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
\ GNU Affero General Public License for more details.
\ You should have received a copy of the GNU Affero General Public License
\ along with this program. If not, see <http://www.gnu.org/licenses/>.
2Variable kregion \ current region pointer + remainder
Variable kfree32' \ free list for 32 bytes keys
Variable kfree64' \ free list for 64 bytes keys
$4000 Constant /kregion
: kalloc ( len -- addr ) >r
\G allocate a len byte block of non-swappable stuff
r@ /kregion u> !!kr-size!!
kregion 2@ dup r@ u< IF
2drop /kregion alloc+lock /kregion 2dup kregion 2! THEN
over swap r> safe/string kregion 2! ;
: kalloc32 ( -- addr )
kfree32' @ ?dup-if dup @ kfree32' ! dup off exit then
32 kalloc ;
: kfree32 ( addr -- )
dup 32 erase kfree32' @ over ! kfree32' ! ;
: kalloc64 ( -- addr )
kfree64' @ ?dup-if dup @ kfree64' ! dup off exit then
64 kalloc ;
: kfree64 ( addr -- )
dup 64 erase kfree64' @ over ! kfree64' ! ;
: kalloc32? ( addr -- addr' )
dup @ IF @ EXIT THEN drop kalloc32 ;
: kalloc64? ( addr -- addr' )
dup @ IF @ EXIT THEN drop kalloc64 ;
: sec! ( addr1 u1 addr2 -- )
>r case
32 of r@ kalloc32? dup r@ ! 32 move endof
64 of r@ kalloc64? dup r@ ! 64 move endof
nip endcase rdrop ;
storage class end-class crypto-alloc
:noname ( len -- addr ) kalloc ; crypto-alloc to :allocate
\ we never free these classes, they are per-task temporary storages
crypto-alloc ' new static-a with-allocater Constant crypto-a
......@@ -75,7 +75,8 @@ crypto class
end-class keccak
: keccak-init crypto-o @ IF keccak-up @ next-task = ?EXIT THEN
keccak new crypto-o ! next-task keccak-up ! keccak-state to @keccak ;
[: keccak new crypto-o ! ;] crypto-a with-allocater
next-task keccak-up ! keccak-state to @keccak ;
: keccak-free crypto-o @ ?dup-IF .dispose THEN
0 to @keccak crypto-o off ;
......@@ -146,6 +147,4 @@ keccak-init
:noname keccak-checksums keccak#cks keccak> keccak-checksums $10 + 64@ ; to c:cookie ( -- x )
\G obtain a different 64 bit checksum part
static-a to allocater
keccak new Constant keccak-o
dynamic-a to allocater
keccak ' new static-a with-allocater Constant keccak-o
......@@ -50,7 +50,7 @@ end-class keybuf-c
: init-keybuf ( -- )
keybuf @ ?EXIT \ we have only one global keybuf
keybuf-c >osize @ alloc+lock keybuf ! ;
keybuf-c >osize @ kalloc keybuf ! ;
init-keybuf
......
......@@ -35,6 +35,22 @@ require mkdir.fs
THEN
REPEAT drop nip r> swap - ;
\ Keys are passwords and private keys (self-keyed, i.e. private*public key)
$100 Constant keypack#
0 Value pw-level# \ pw-level# 0 is lowest
\ !!TODO!! we need a way to tell how much we can trust keys
\ passwords need a pw-level (because they are guessable)
\ secrets don't, they aren't. We can quickly decrypt all
\ secret-based stuff, without bothering with slowdowns.
\ So secrets should use normal string decrypt
keypack# mykey-salt# + $10 + Constant keypack-all#
keypack-all# buffer: keypack
keypack-all# buffer: keypack-d
\ hashed key data base
cmd-class class
......@@ -46,6 +62,7 @@ cmd-class class
field: ke-type
64field: ke-first
64field: ke-last
64field: ke-offset \ offset in key file
end-class key-entry
key-entry >dynamic to key-entry
......@@ -62,6 +79,7 @@ Variable key-table
Variable this-key
Variable this-keyid
2Variable addsig
64Variable key-read-offset
: current-key ( addr u -- )
2dup keysize umin key-table #@ drop cell+ dup this-key ! >o rdrop ke-pk $! ;
......@@ -71,7 +89,8 @@ Variable this-keyid
: key:new ( addr u -- )
\ addr u is the public key
sample-key dup cell- @ >osize @ 2dup erase
over >o 64#-1 ke-last 64! o> -1 cells /string
over >o 64#-1 ke-last 64! key-read-offset 64@ ke-offset 64! o>
-1 cells /string keypack-all# n>64 key-read-offset 64+!
2over keysize umin key-table #! current-key ;
\ search for keys - not optimized
......@@ -90,14 +109,14 @@ Variable strict-keys strict-keys on
: .key ( addr u -- ) drop cell+ >o
." nick: " ke-nick $@ type cr
." ke-pk: " ke-pk $@ xtype cr
ke-sk $@len IF ." ke-sk: " ke-sk $@ xtype cr THEN
ke-sk @ IF ." ke-sk: " ke-sk @ keysize xtype cr THEN
." first: " ke-first 64@ .sigdate cr
." last: " ke-last 64@ .sigdate cr
o> ;
: dumpkey ( addr u -- ) drop cell+ >o
.\" x\" " ke-pk $@ xtype .\" \" key:new" cr
ke-sk $@len IF .\" x\" " ke-sk $@ xtype .\" \" ke-sk $! +seckey" cr THEN
ke-sk @ IF .\" x\" " ke-sk @ keysize xtype .\" \" ke-sk sec! +seckey" cr THEN
'"' emit ke-nick $@ type .\" \" ke-nick $! "
ke-first 64@ 64>d [: '$' emit 0 ud.r ;] $10 base-execute
." . d>64 ke-first 64! " ke-type @ . ." ke-type !" cr o> ;
......@@ -149,7 +168,7 @@ Variable keys
: +passphrase ( -- ) get-passphrase +key ;
: ">passphrase ( addr u -- ) >passphrase +key ;
: +seckey ( -- )
ke-sk $@ drop ke-pk $@ drop keypad ed-dh +key ;
ke-sk @ ke-pk $@ drop keypad ed-dh +key ;
"" ">passphrase \ following the encrypt-everything paradigm,
\ no password is the empty string! It's still encrypted!
......@@ -167,26 +186,10 @@ Variable keys
\ we store each item in a 256 bytes encrypted string, i.e. with a 16
\ byte salt and a 16 byte checksum.
\ Keys are passwords and private keys (self-keyed, i.e. private*public key)
$100 Constant keypack#
0 Value pw-level# \ pw-level# 0 is lowest
\ !!TODO!! we need a way to tell how much we can trust keys
\ passwords need a pw-level (because they are guessable)
\ secrets don't, they aren't. We can quickly decrypt all
\ secret-based stuff, without bothering with slowdowns.
\ So secrets should use normal string decrypt
keypack# mykey-salt# + $10 + Constant keypack-all#
keypack-all# buffer: keypack
keypack-all# buffer: keypack-d
get-current also net2o-base definitions
8 net2o: newkey ( $:string -- ) $> key:new ;
+net2o: privkey ( $:string -- ) $> ke-sk $! +seckey ;
+net2o: privkey ( $:string -- ) $> ke-sk sec! +seckey ;
+net2o: keytype ( n -- ) 64>n ke-type ! ; \ default: anonymous
+net2o: keynick ( $:string -- ) $> ke-nick $! ;
+net2o: keyprofile ( $:string -- ) $> ke-prof $! ;
......@@ -200,9 +203,7 @@ dup set-current previous
key-entry >static to key-entry \ back to static method table
' context-class is cmd-table
static-a to allocater
key-entry new to sample-key
dynamic-a to allocater
key-entry ' new static-a with-allocater to sample-key
sample-key this-key ! \ dummy
: key:code ( -- )
......@@ -287,7 +288,8 @@ set-current previous previous
: read-key-loop ( -- )
BEGIN
keypack keypack-all# ?key-fd read-file throw
?key-fd file-position throw d>64 key-read-offset 64!
keypack keypack-all# key-fd read-file throw
keypack-all# = WHILE try-decrypt do-key
REPEAT ;
......@@ -300,7 +302,7 @@ set-current previous previous
key-table @ 0= IF read-keys THEN
nick-key this-keyid @ 0= ?EXIT
this-key @ .ke-pk $@ pkc swap keysize 2* umin move
ke-sk $@ skc swap move ;
ke-sk @ skc keysize move ;
: i'm ( "name" -- ) parse-name >key ;
......@@ -317,7 +319,7 @@ set-current previous previous
key( ." with:" cr o cell- 0 .key ) ;
:noname ( revaddr u1 keyaddr u2 -- )
0 >o current-key replace-key o> ; is renew-key
0 >o current-key replace-key skc keysize ke-sk sec! o> ; is renew-key
0 [IF]
Local Variables:
......
......@@ -80,6 +80,7 @@ s" String stack full" throwcode !!string-full!!
s" String stack empty" throwcode !!string-empty!!
s" Unknown crypto function" throwcode !!unknown-crypt!!
s" Wrong revocation secret" throwcode !!not-my-revsk!!
s" krypto mem request too big " throwcode !!kr-size!!
\ required tools
......@@ -91,6 +92,7 @@ require unix/socket.fs
require unix/mmap.fs
require unix/pthread.fs
require unix/filestat.fs
require kregion.fs
require string.fs
require struct0x.fs
require debugging.fs
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment