A threefish-based approach at vault key storage

parent 050f2596
......@@ -49,6 +49,10 @@ object uclass keytmp
keysize uvar keygendh
keysize uvar vpk
keysize uvar vsk
tf_ctx_256 uvar tf-key
keysize uvar tf-in
keysize uvar tf-out
$10 uvar tf-hashout
1 64s uvar last-mykey
cell uvar keytmp-up
end-class keytmp-c
......@@ -621,6 +625,46 @@ drop
: gen-host-del ( addr u -- addr' u' )
gen>host "host" >delete +sig$ ;
\ Vault support code (generic and more compact)
\ principle: use Threefish_256.
\ block layout:
\ 1. 32 byte ephemeral key -> use for DHE.
\ 2. 16 byte IV, used for all blocks as tweak
\ 3. 16 byte hash, to check for success
\ 4. 32 byte each blocks, decrypted by DHE+tweak
: >vdhe ( addr -- ) sk@ drop swap tf-key tf_ctx_256-key ed-dh 2drop ;
: >viv ( addr -- ) tf-key tf_ctx_256-tweak $10 move ;
: v-dec-loop ( addr u -- session-key u / 0 0 )
over { chk } $10 /string $C { mode }
bounds U+DO
tf-key I tf-out mode tf_decrypt_256
c:0key tf-out keysize c:hash tf-hashout $10 c:hash@
tf-hashout $10 chk over str= IF
tf-out keysize unloop EXIT THEN
0 to mode
keysize +LOOP 0 0 ;
: v-dec$ ( addr u -- session-key u / 0 0 )
over >vdhe keysize /string
over >viv $10 /string
v-dec-loop ;
: vdhe ( -- ) vsk vpk ed-keypair vpk keysize type ;
: viv ( -- ) $10 rng$ 2dup type tf-key tf_ctx_256-tweak swap move ;
: vsessionkey ( -- )
keysize rng$ tf-in swap move
c:0key tf-in keysize c:hash tf-hashout $10 2dup c:hash@ type ;
: v-enc-loop ( keylist -- )
[: drop vsk swap tf-key tf_ctx_256-key ed-dh 2drop
tf-key tf-in tf-out $C tf_encrypt_256
tf-out keysize type
;] $[]map ;
: v-enc-gen ( keylist -- )
vdhe viv vsessionkey v-enc-loop ;
: v-enc$ ( keylist -- addr u )
['] v-enc-gen $tmp ;
\\\
Local Variables:
forth-local-words:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment