This commit adds ECC cases to functions checking for RSA records.
Additionally, the rsaEncryptedKey variable is changed to pubEncryptedKey
to reflect a general use of public key crypto.
There are a few changes made here:
* Comments have been updated to reflect the presence of ECC records.
* Variables named rsa* have been renamed pub* to reflect the general
use of public key cryptography, instead of RSA specifically.
* An if statement for RSA keys now handles both RSA and ECC keys.
This adds code to handle ECC records; the RSA code remains intact.
While old password records are not affected, new records use ECC. Due to
the use of public keys to encrypt a KEK that is then used to encrypt
data, there is no visible change to end users. A user with an RSA key
can interact and share a secret with a user who has an ECC key.
The bulk of this commit simply adds cases for handling EC records.
The package encrypts data using ECDHE with AES-128-CBC-HMAC-SHA1;
this matches the other components. The curve used is P256 to match
the use of AES-128. The Go ECDSA package is used; no signatures are
done, but it presents usable PublicKey and PrivateKey types that are
useful for this system.
The passvault's id is created with math.rand as a native int.
If the vault is created on a 64-bit system, it breaks compatibility
with 32-bit systems.
- Generate vaults with 32-bit ids.
- Update testcode
The string used for selecting the transaction type should
be copied because it is passed by reference.
Augment HMAC to validate entire decryption request
All the valued fields need to be hashed for incoming
encrypted file. This is to keep the integrity of the
request.
Add static test case for core
Test the output of a pre-computed encrypted blob with associated
vault.
Support hosting static file under /index
Require client auth only when server CA present
Add tests for cryptor.go
Improve comments.
The makeRandom() function was ignoring its argument and always returning 16
bytes of random data (this didn't matter because it was only ever called with
16 as its argument).
Take another look at this file and perform general clean up of comments and
go style.
Spotted another small bug where an error was set using
err = errors.New()
but there was no return statement so the error was ignored.
The major work here has been:
1. Clean up some go idioms to make the code more idiomatic and simplify
functions where possible to minimize number of lines where there was
unnecessary code.
2. Document as many of the functions and packages as possible.
3. Add a test suite for the padding package.
4. Force 'go fmt' when 'make' is performed.
5. Better handling of errors throughout the code. There were quite a few
that were ignored, now they are handled and reported on (e.g. if the
JSON in the password vault is broken it will no longer be ignored, etc.)
6. Changed the names of a number of functions to make them clearer.
The code could now do with someone who knows it well to go through and
document everything clearly for release.
