Werner Almesberger
2016-05-20 17:44:35 UTC
Middleware
----------
The middleware related to handling account databases covers three
areas:
- the actual cryptographic primitives,
- the code that reads or writes account records, and
- base32 encoding/decoding for when a human-readable representation
of a key is needed.
There are two implementations of Anelok's cryptography, one in the
firmware and another for host tools. The firmware can only read the
account database so far, but not edit it. The host tools can read
and write.
The bits in the firmware:
- cryptographic primitives:
TweetNaCl:
https://gitlab.com/anelok/anelok/blob/master/crypter/tweetnacl.h
https://gitlab.com/anelok/anelok/blob/master/crypter/tweetnacl.c
from
https://tweetnacl.cr.yp.to/
included via
https://gitlab.com/anelok/anelok/blob/master/fw/db/crypto/tweetnacl.c
uNaCl (optimized elliptic curve multiplication):
https://gitlab.com/anelok/anelok/tree/master/fw/db/crypto/unacl
from
http://munacl.cryptojedi.org/curve25519-cortexm0.shtml
included via
https://gitlab.com/anelok/anelok/blob/master/fw/db/crypto/unacl-scalarmult.c
- database framework:
https://gitlab.com/anelok/anelok/blob/master/fw/db/crypto/account.c
- base32 encoding (for displaying the public key):
https://gitlab.com/anelok/anelok/blob/master/fw/base/base32.h
https://gitlab.com/anelok/anelok/blob/master/fw/base/base32.c
The host middleware used to be an intricate mixture of C, Perl, and
shell scripts, but I've replaced all this since with Python.
- cryptographic primitives:
- PyNaCl:
https://pynacl.readthedocs.io/
- a bit of TweetNaCl for crypto_stream_xsalsa20_tweet_xor, which isn't
available through PyNaCl. The code is included there:
https://gitlab.com/anelok/anelok/blob/master/crypter/csx.py
- database framework:
https://gitlab.com/anelok/anelok/blob/master/crypter/account_db.py
- base32 encoding and decoding:
https://gitlab.com/anelok/anelok/blob/master/crypter/base32.py
Host tools
----------
The command-line tool crypter.py is used to compose and examine account
databases:
https://gitlab.com/anelok/anelok/blob/master/crypter/crypter.py
https://gitlab.com/anelok/anelok/blob/master/crypter/dump.py
I've also started working on a GUI, but that's still not quite
usable (besides looking awful):
https://gitlab.com/anelok/anelok/tree/master/gui
Missing features
----------------
The firmware should be fully ready for multiple readers now. One
change that may be necessary is to grow the ShK cache from one
entry to multiple entries. This cache holds the result of the
computationally expensive key agreement (i.e., the Curve25519
multiplication), and should be large enough to hold one ShK for
each writer that has participated in the creation of the account
database.
The host-side middleware now implements all the low-level bits for
multiple readers but still lacks some API changes and more elaborate
key handling before it will actually be able to create databases with
multiple readers.
Another major item that is still left to do is to define an "on-disk"
format for the account database. For now, I just concatenate all the
records, but it would be very difficult to edit a database in such a
format (short of recreating it each time, which is what the host
tools do at the moment).
- Werner
----------
The middleware related to handling account databases covers three
areas:
- the actual cryptographic primitives,
- the code that reads or writes account records, and
- base32 encoding/decoding for when a human-readable representation
of a key is needed.
There are two implementations of Anelok's cryptography, one in the
firmware and another for host tools. The firmware can only read the
account database so far, but not edit it. The host tools can read
and write.
The bits in the firmware:
- cryptographic primitives:
TweetNaCl:
https://gitlab.com/anelok/anelok/blob/master/crypter/tweetnacl.h
https://gitlab.com/anelok/anelok/blob/master/crypter/tweetnacl.c
from
https://tweetnacl.cr.yp.to/
included via
https://gitlab.com/anelok/anelok/blob/master/fw/db/crypto/tweetnacl.c
uNaCl (optimized elliptic curve multiplication):
https://gitlab.com/anelok/anelok/tree/master/fw/db/crypto/unacl
from
http://munacl.cryptojedi.org/curve25519-cortexm0.shtml
included via
https://gitlab.com/anelok/anelok/blob/master/fw/db/crypto/unacl-scalarmult.c
- database framework:
https://gitlab.com/anelok/anelok/blob/master/fw/db/crypto/account.c
- base32 encoding (for displaying the public key):
https://gitlab.com/anelok/anelok/blob/master/fw/base/base32.h
https://gitlab.com/anelok/anelok/blob/master/fw/base/base32.c
The host middleware used to be an intricate mixture of C, Perl, and
shell scripts, but I've replaced all this since with Python.
- cryptographic primitives:
- PyNaCl:
https://pynacl.readthedocs.io/
- a bit of TweetNaCl for crypto_stream_xsalsa20_tweet_xor, which isn't
available through PyNaCl. The code is included there:
https://gitlab.com/anelok/anelok/blob/master/crypter/csx.py
- database framework:
https://gitlab.com/anelok/anelok/blob/master/crypter/account_db.py
- base32 encoding and decoding:
https://gitlab.com/anelok/anelok/blob/master/crypter/base32.py
Host tools
----------
The command-line tool crypter.py is used to compose and examine account
databases:
https://gitlab.com/anelok/anelok/blob/master/crypter/crypter.py
https://gitlab.com/anelok/anelok/blob/master/crypter/dump.py
I've also started working on a GUI, but that's still not quite
usable (besides looking awful):
https://gitlab.com/anelok/anelok/tree/master/gui
Missing features
----------------
The firmware should be fully ready for multiple readers now. One
change that may be necessary is to grow the ShK cache from one
entry to multiple entries. This cache holds the result of the
computationally expensive key agreement (i.e., the Curve25519
multiplication), and should be large enough to hold one ShK for
each writer that has participated in the creation of the account
database.
The host-side middleware now implements all the low-level bits for
multiple readers but still lacks some API changes and more elaborate
key handling before it will actually be able to create databases with
multiple readers.
Another major item that is still left to do is to define an "on-disk"
format for the account database. For now, I just concatenate all the
records, but it would be very difficult to edit a database in such a
format (short of recreating it each time, which is what the host
tools do at the moment).
- Werner