Crypto Storage and LoginWithNewDevice and LoginWithPreviouslyAddedDevice APIs

Review changes
Download
Patches
Plain diff

Merged Crypto Storage and LoginWithNewDevice and LoginWithPreviouslyAddedDevice APIs

Overview 16
Commits 16
Pipelines 0
Changes 124

Merged Daniel Lyubomirov requested to merge storage into master 4 years ago

Overview 16
Commits 16
Pipelines 0
Changes 124

This MR includes the crypto storage and implementation of two manually written APIs LoginWithNewDevice and LoginWithPreviouslyAddedDevice.

Please check the storage spec at cpp/src/vereign/kvstore/README.md.

Brief description of the packages:

vereign::bytes

Contains two components bytes::View and bytes::Buffer.

The bytes::View is used for read only access of memory of bytes. It is typically used in functions/methods as input.

The bytes::Buffer is dynamically expandable buffer for write access to memory of bytes. It is typically used in functions/methods as output.

bytes::View and bytes::Buffer are used consistently in all functions/methods that work with input/output of bytes. For example they are used in all storage and crypto related APIs.

NOTE: Do you think that we should add extra security, by creating a modification of the bytes::Buffer, a bytes::CryptoBuffer where all the memory upon release or reallocation is zeroed so that no sensitive information stays in the memory once it is not used.

vereign::encoding

vereign::encoding::binary encoding/decoding integer (in little endian) and bytes. It is used for encoding the encrypted values in the crypto storage.
vereign::encoding::base64 base64 encoding/decoding.
vereign::encoding::hex hexadecimal encoding/decoding.

vereign::fs

Some cross-platform filesystem related utilities like joining paths, creating temporary directory etc.

vereign::crypto

A thin layer on top of OpenSSL, currently used by the crypto storage.

Most of the implementation of the crypto storage is with these routines. Only small part of generating the master key is different under windows where the vereign::ncrypt is used.

vereign::rand - crypto random generation of bytes.
vereign::crypto::aes - AES encryption/decryption.
vereign::crypto::rsa - RSA key generation, encryption/decryption, export/import in PEM format.
vereign::crypto::digest - currently only sha1 hashing.

vereign::ncrypt

A thin layer on top of Windows native crypto API. Used in the crypto storage for master key generation under Windows.

vereign::ncrypt::rsa - RSA persistent key generation, encryption/decryption.

vereign::sqlite

sqlite client. It is used by the key/value abstraction in the vereign::kvstore.

vereign::kvstore

vereign::kvstore::Storage - a key value abstraction interface.
vereign::kvstore::SqliteStorage - implementation of the Storage interface by using vereign::sqlite client.
vereign::kvstore::CryptoStorage - the crypto storage that uses a key/value backend that implements the Storage interface. It is design with the so called pimpl idiom and has two different implementations for linux and windows - vereign/kvstore/detail/linux_crypto_storage.hh and vereign/kvstore/detail/linux_crypto_storage.hh.

vereign::identity

vereign::identity::provider - the local identity manager that uses the crypto storage to create the device keys. It is used by the vereign::service layer, currently it is used by the vereign::service::IdentityService.

vereign::service::IdentityService

Implements two new manually written APIs LoginWithNewDevice and LoginWithPreviouslyAddedDevice.

vereign::grpc::IdentityAPI

The grpc layer provided to the integrators that uses the vereign::service::IdentityService.

Edited 4 years ago by Daniel Lyubomirov

Merge request reports

Activity

Filter activity

Approvals
Assignees & reviewers
Comments (from bots)
Comments (from users)
Commits & branches
Edits
Labels
Lock status
Mentions
Merge request status
Tracking

Please register or sign in to reply

Assignee

0 Reviewers

Request review from

Labels

None

Select labels

Manage project labels

Milestone

None

Time tracking

Participants