git.apps.os.sepia.ceph.com Git - fscrypt.git/commit

crypto: Key struct for secure buffers

This commit adds in the crypto package, which will hold all
of the security primitives for fscrypt. This first component deals with
securely handling keys in memory. To do this in a consistent way across
fscrypt, we introduce the Key struct.

Any sensitive memory (like keys, passwords, or recovery tokens) in
fscrypt will be held in a Key. No code outside of the crypto package
should access the Key's data directly. Convenience functions and methods
are provided to construct keys from io.Readers (either with fixed length
or with variable length) and to access information about the Keys.

The most important property of Keys is that the data is locked in memory
on construction, and the data is unlocked and wiped when Wipe is called.
This happens either by something like "defer key.Wipe()" or through the
finalizer.

Change-Id: Ice76335f3975efb439b3f1ab605ef34cb7fcb4d6

author	Joe Richey <joerichey@google.com>
	Thu, 2 Mar 2017 19:22:43 +0000 (11:22 -0800)
committer	Joe Richey joerichey@google.com <joerichey@google.com>
	Tue, 2 May 2017 20:39:18 +0000 (13:39 -0700)
commit	20924ca06efba5a50356bdb5abb1f7b87f34f817
tree	fa72ee02796db8cd6e3ffd477ae98f61bf1a1c3c	tree \| snapshot
parent	a683ab55245aa44ada5059f8e9816adbd94198ff	commit \| diff

crypto/crypto_test.go	[new file with mode: 0644]	blob
crypto/key.go	[new file with mode: 0644]	blob