git.apps.os.sepia.ceph.com Git - fscrypt.git/commit

crypto: reading and writing recovery keys

This commit adds in the concept of recovery codes: human-readable
strings that contain the necessary information to rederive a
cryptographic key. These keys look like:
73PZBXVP-DKJX7SKV-NNTFIC7A-QEGRPZUX-4K5ORRH2-MTKMKP3B-HFCA====

They are input or output directly to a io.Reader or io.Writer
respectively. This prevents the data from passing through unsecured
memory before it gets to its destination. Of course, if the provided
io.Reader or io.Writer is insecure, there is nothing we can do. In most
cases the provided io.Reader or io.Writer will be stdin or stdout. In
some rare cases you might want to pipe the output to another key.

This commit also adds tests and benchmarks for encoding/decoding
recovery codes. It also tests that encoding/decoding will fail in the
correct situations. A benchmark is also added to measure the effect of
locking the keys in memory.

Change-Id: Ifa0bc4c08582789785cf1cdd9a4acfe76c79534f

author	Joe Richey <joerichey@google.com>
	Thu, 2 Mar 2017 22:01:20 +0000 (14:01 -0800)
committer	Joe Richey joerichey@google.com <joerichey@google.com>
	Tue, 2 May 2017 20:39:18 +0000 (13:39 -0700)
commit	ee10adc91e79bca395a6b069797a99863fc957dd
tree	fc07fbeb9432cb66c74561961f8b47f5d9bed4f5	tree \| snapshot
parent	8128b35375dfc4846dd1573dda55ef232ffd2d66	commit \| diff

crypto/crypto_test.go		diff \| blob \| history
crypto/key.go		diff \| blob \| history
crypto/recovery_test.go	[new file with mode: 0644]	blob
util/util.go		diff \| blob \| history