Add new method for vault key exchange

parent 41a25346
......@@ -50,7 +50,6 @@ object uclass keytmp
keysize uvar vpk
keysize uvar vsk
tf_ctx_256 uvar tf-key
keysize uvar tf-in
keysize uvar tf-out
$10 uvar tf-hashout
1 64s uvar last-mykey
......@@ -630,9 +629,9 @@ drop
\ principle: use Threefish_256.
\ block layout:
\ 1. 32 byte ephemeral key -> use for DHE.
\ 2. 16 byte IV, used for all blocks as tweak
\ 2. 16 byte IV, used for all blocks as incrementing tweak
\ 3. 16 byte hash, to check for success
\ 4. 32 byte each blocks, decrypted by DHE+tweak
\ 4. 32 byte each blocks, decrypted by DHE+tweak in ECB mode
: >vdhe ( addr -- ) sk@ drop swap tf-key tf_ctx_256-key ed-dh 2drop ;
: >viv ( addr -- ) tf-key tf_ctx_256-tweak $10 move ;
......@@ -643,7 +642,8 @@ drop
c:0key tf-out keysize c:hash tf-hashout $10 c:hash@
tf-hashout $10 chk over str= IF
tf-out keysize unloop EXIT THEN
0 to mode
tf-key tf_tweak256++
4 to mode
keysize +LOOP 0 0 ;
: v-dec$ ( addr u -- session-key u / 0 0 )
over >vdhe keysize /string
......@@ -653,12 +653,13 @@ drop
: vdhe ( -- ) vsk vpk ed-keypair vpk keysize type ;
: viv ( -- ) $10 rng$ 2dup type tf-key tf_ctx_256-tweak swap move ;
: vsessionkey ( -- )
keysize rng$ tf-in swap move
c:0key tf-in keysize c:hash tf-hashout $10 2dup c:hash@ type ;
keysize rng$ vkey state# move-rep
c:0key vkey keysize c:hash tf-hashout $10 2dup c:hash@ type ;
: v-enc-loop ( keylist -- )
[: drop vsk swap tf-key tf_ctx_256-key ed-dh 2drop
tf-key tf-in tf-out $C tf_encrypt_256
tf-key vkey tf-out $C tf_encrypt_256
tf-out keysize type
tf-key tf_tweak256++
;] $[]map ;
: v-enc-gen ( keylist -- )
vdhe viv vsessionkey v-enc-loop ;
......
......@@ -82,10 +82,12 @@ debug: qr( \ qr code stuff
debug: deprecated( \ deprecated stuff
debug: unhandled( \ unhandled commands
debug: syncfile( \ synchronous file operations
debug: newvault( \ new style vault keys
-db profile( \ don't profile by default )
+db ipv6( \ ipv6 should be on by default )
+db ipv4( \ ipv4 should be on by default )
-db newvault( \ new vault disabled for now )
+db syncfile( \ disable async file operations for now )
\ key debugging task
......
......@@ -33,6 +33,7 @@ c-function nb>sc25519 expand256_modm a a n -- void ( sc char[64] n -- )
c-function sc25519>32b contract256_modm a a -- void ( char[32] sc -- )
c-function sc25519* mul256_modm a a a -- void ( r x y -- )
c-function sc25519+ add256_modm a a a -- void ( r x y -- )
c-function sc25519/ invert256_modm a a -- void ( recip s -- )
c-function ge25519*base ge25519_scalarmult_base a a -- void ( ger x -- )
c-function ge25519-pack ge25519_pack a a -- void ( r ger -- )
......
......@@ -206,6 +206,11 @@ scope{ n2o
keys>search search-keys insert-keys save-pubkeys
?cr keylist ;
: whoami ( -- )
\U whoami
\G whoami: print your own key
?get-me pk@ key>o ..key-list ;
: perm ( -- )
\U perm @user1 .. @usern permissions ..
\G perm: Change or set permissions. permission starts with
......
......@@ -34,6 +34,14 @@
\c ctx->tweak[1] += !++(ctx->tweak[0]);
\c }
\c }
\c void tf_tweak256_pp(struct tf_ctx_256 *ctx)
\c {
\c ctx->tweak[1] += !++(ctx->tweak[0]);
\c }
\c void tf_tweak512_pp(struct tf_ctx_512 *ctx)
\c {
\c ctx->tweak[1] += !++(ctx->tweak[0]);
\c }
\ -------===< structs >===--------
\ tf_ctx_256
begin-structure tf_ctx_256
......@@ -53,3 +61,5 @@ c-function tf_encrypt_256 tf_encrypt_256 a a a n -- void
c-function tf_decrypt_256 tf_decrypt_256 a a a n -- void
c-function tf_encrypt_loop tf_encrypt_loop a a n n n -- void
c-function tf_decrypt_loop tf_decrypt_loop a a n n n -- void
c-function tf_tweak256++ tf_tweak256_pp a -- void
c-function tf_tweak512++ tf_tweak512_pp a -- void
......@@ -91,7 +91,9 @@ net2o' emit net2o: dhe ( $:pubkey -- ) c-state @ !!inv-order!!
$> v-kstate c:key> v-kstate $40 str= 0= !!vault-auth!!
write-decrypt \ write a chunk out
4 c-state xor! ; \ step back to allow fault-file
+net2o: vault-dhe-keys ( $:dhe+keys -- ) c-state @ !!inv-order!!
$> v-dec$ 2dup d0= !!unknown-key!! v-key state# move-rep
3 c-state or! ;
vault-table $save
' context-table is gen-table
......@@ -125,10 +127,12 @@ enc-keccak
vkey( ." vkey key: " vkey state# 85type forth:cr )
enc-mode @ dup ulit, vault-crypt 8 rshift $FF and >crypt
[: [: drop vsk swap keygendh ed-dh 2>r
vkey vaultkey $10 + enc-mode @ $FF and $20 - move
vaultkey enc-mode @ $FF and 2r> encrypt$
vaultkey enc-mode @ $FF and forth:type ;] $[]map ;] $tmp
vkey vaultkey $10 + enc-mode @ $FF and $20 - move
vaultkey enc-mode @ $FF and 2r> encrypt$
vaultkey enc-mode @ $FF and forth:type ;] $[]map ;] $tmp
$, vault-keys 0 >crypt ;
: vdhe-keys, ( key-list -- )
v-enc$ $, vault-dhe-keys 0 >crypt ;
: vfile-in ( -- )
enc-filename $@ enc-file $slurp-file ;
: vfile-pad ( -- )
......@@ -153,7 +157,9 @@ enc-keccak
: encfile-rest ( key-list -- ) >vault >r
code-buf$ cmdreset init-reply
pk@ key| r@ $+[]! \ encrypt for ourself
"v2o" 4cc, vdhe, r> vkeys, vfile, vsig,
"v2o" 4cc,
newvault( r> vdhe-keys, )else( vdhe, r> vkeys, )
vfile, vsig,
s" .v2o" enc-filename $+!
enc-filename $@ [: >r cmd$ $@ r> write-file throw ;] new-file
code0-buf dispose n:o> ;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment