diff options
author | Katharina Fey <kookie@spacekookie.de> | 2018-09-16 18:41:49 +0100 |
---|---|---|
committer | Katharina Fey <kookie@spacekookie.de> | 2018-09-16 18:41:49 +0100 |
commit | 9ceda952a1c0d42b11a67dd7d00178c720f9c601 (patch) | |
tree | 83af0919b50d9b9a4e91772f9bfdef288d2baeda /lockchain-crypto/src/engine.rs | |
parent | f7c0e6d59dc420d73916083af1dfd95a8b4c6fc9 (diff) |
Starting work on Keyfold
The idea here is the following:
You don't want to have to write encryption code for keys all the time
especially if there are many and maybe lots of interactions.
Also...maybe you doN't have the raw key anymore. It's kept in the vault
in encrypted form and you just cache it from time to time. So you get it,
decrypt it, store it in the Engine again, do some crypto. The user forgets
about you, the key is cleared..etc.
The keyfold comes in right there! It takes care of decrypting and
re-encrypting any keychanges made by the user, so that the Vault
backend only ever gets encrypted keys to work with.
Diffstat (limited to 'lockchain-crypto/src/engine.rs')
-rw-r--r-- | lockchain-crypto/src/engine.rs | 68 |
1 files changed, 43 insertions, 25 deletions
diff --git a/lockchain-crypto/src/engine.rs b/lockchain-crypto/src/engine.rs index 45470c1..e80c846 100644 --- a/lockchain-crypto/src/engine.rs +++ b/lockchain-crypto/src/engine.rs @@ -17,53 +17,71 @@ impl Encryptable for DataBody {} pub struct AesEngine { ctx: Aes256Siv, - _key: Key, + _key: Option<Key>, iv: Vec<u8>, } impl AesEngine { - /// Generate new key and encryption engine - #[deprecated] - pub fn generate() -> Self { - let key = Key::new(KeyType::Aes256); - let len = key.len(); + /// Initialise an AesEngine and take ownership of a raw key + pub fn new(key: Key) -> Self { + assert!(key.len() == 64); + Self { ctx: Aes256Siv::new(&key.as_slice()), - _key: key, - iv: random::bytes(len), + _key: Some(key), + iv: random::bytes(64), } } + /// Generate new key and encryption engine + #[deprecated] + pub fn generate() -> Self { + // let key = Key::new(KeyType::Aes256); + // let len = key.len(); + // Self { + // ctx: Aes256Siv::new(&key.as_slice()), + // _key: key, + // new_key: None, + // iv: random::bytes(len), + // } + unimplemented!() + } + /// Generate an Aes context from password #[deprecated] pub fn from_pw(pw: &str, salt: &str) -> Self { - let key = Key::from_pw(KeyType::Aes256, pw, salt); - let len = key.len(); - Self { - ctx: Aes256Siv::new(&key.as_slice()), - _key: key, - iv: random::bytes(len), - } + // let key = Key::from_pw(KeyType::Aes256, pw, salt); + // let len = key.len(); + // Self { + // ctx: Aes256Siv::new(&key.as_slice()), + // _key: key, + // new_key: None, + // iv: random::bytes(len), + // } + unimplemented!() } /// Load a packed data object which contains an Aes context #[deprecated] pub fn load(packed: PackedData, pw: &str, salt: &str) -> Option<Self> { - let mut temp = Self::from_pw(pw, salt); - let k: Key = Key::decode(&String::from_utf8(temp.decrypt_primitive(&packed)?).ok()?).ok()?; - - Some(Self { - ctx: Aes256Siv::new(&k.as_slice()), - _key: k, - iv: packed.iv, - }) + // let mut temp = Self::from_pw(pw, salt); + // let k: Key = Key::decode(&String::from_utf8(temp.decrypt_primitive(&packed)?).ok()?).ok()?; + + // Some(Self { + // ctx: Aes256Siv::new(&k.as_slice()), + // _key: k, + // new_key: None, + // iv: packed.iv, + // }) + unimplemented!() } /// Serialise the current context to save it somewhere #[deprecated] pub fn save(&mut self) -> PackedData { - let k = self._key.as_slice().into(); - self.encrypt_primitive(&k) + // let k = self._key.as_slice().into(); + // self.encrypt_primitive(&k) + unimplemented!() } fn encrypt_primitive(&mut self, data: &Vec<u8>) -> PackedData { |