Skip to content

Crypto Storage and LoginWithNewDevice and LoginWithPreviouslyAddedDevice APIs

Daniel Lyubomirov requested to merge storage into master

This MR includes the crypto storage and implementation of two manually written APIs LoginWithNewDevice and LoginWithPreviouslyAddedDevice.

Please check the storage spec at cpp/src/vereign/kvstore/README.md.

Brief description of the packages:

vereign::bytes

Contains two components bytes::View and bytes::Buffer.

The bytes::View is used for read only access of memory of bytes. It is typically used in functions/methods as input.

The bytes::Buffer is dynamically expandable buffer for write access to memory of bytes. It is typically used in functions/methods as output.

bytes::View and bytes::Buffer are used consistently in all functions/methods that work with input/output of bytes. For example they are used in all storage and crypto related APIs.

NOTE: Do you think that we should add extra security, by creating a modification of the bytes::Buffer, a bytes::CryptoBuffer where all the memory upon release or reallocation is zeroed so that no sensitive information stays in the memory once it is not used.

vereign::encoding

  • vereign::encoding::binary encoding/decoding integer (in little endian) and bytes. It is used for encoding the encrypted values in the crypto storage.

  • vereign::encoding::base64 base64 encoding/decoding.

  • vereign::encoding::hex hexadecimal encoding/decoding.

vereign::fs

Some cross-platform filesystem related utilities like joining paths, creating temporary directory etc.

vereign::crypto

A thin layer on top of OpenSSL, currently used by the crypto storage.

Most of the implementation of the crypto storage is with these routines. Only small part of generating the master key is different under windows where the vereign::ncrypt is used.

  • vereign::rand - crypto random generation of bytes.
  • vereign::crypto::aes - AES encryption/decryption.
  • vereign::crypto::rsa - RSA key generation, encryption/decryption, export/import in PEM format.
  • vereign::crypto::digest - currently only sha1 hashing.

vereign::ncrypt

A thin layer on top of Windows native crypto API. Used in the crypto storage for master key generation under Windows.

  • vereign::ncrypt::rsa - RSA persistent key generation, encryption/decryption.

vereign::sqlite

sqlite client. It is used by the key/value abstraction in the vereign::kvstore.

vereign::kvstore

  • vereign::kvstore::Storage - a key value abstraction interface.
  • vereign::kvstore::SqliteStorage - implementation of the Storage interface by using vereign::sqlite client.
  • vereign::kvstore::CryptoStorage - the crypto storage that uses a key/value backend that implements the Storage interface. It is design with the so called pimpl idiom and has two different implementations for linux and windows - vereign/kvstore/detail/linux_crypto_storage.hh and vereign/kvstore/detail/linux_crypto_storage.hh.

vereign::identity

  • vereign::identity::provider - the local identity manager that uses the crypto storage to create the device keys. It is used by the vereign::service layer, currently it is used by the vereign::service::IdentityService.

vereign::service::IdentityService

Implements two new manually written APIs LoginWithNewDevice and LoginWithPreviouslyAddedDevice.

vereign::grpc::IdentityAPI

The grpc layer provided to the integrators that uses the vereign::service::IdentityService.

Edited by Daniel Lyubomirov

Merge request reports