[tor-bugs] #12981 [Tor]: Add backends for encrypted storage, scrypt

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Sep 23 16:27:40 UTC 2014 

#12981: Add backends for encrypted storage, scrypt
------------------------+--------------------------------------------
     Reporter:  nickm   |      Owner:
         Type:  defect  |     Status:  needs_review
     Priority:  normal  |  Milestone:  Tor: 0.2.6.x-final
    Component:  Tor     |    Version:
   Resolution:          |   Keywords:  tor-relay, scrypt, nickm-patch
Actual Points:          |  Parent ID:
       Points:          |
------------------------+--------------------------------------------

Comment (by yawning):

 Review:
  * `9b2d8c4e20a57ce849395a2135ac4e720bf99c42` - Rename secret_to_key to
 secret_to_key_rfc2440
    * Mechanical rename, looks good to me.
  * `e72a5b3c070451e7762b1d22553cf077c50eb123` - Move secret-to-key
 functionality into a separate module
    * Trivial code move, looks good to me.
  * `a7cad1069c39a694ee6153f8fc848ea056cb6ffe` - More generic passphrase
 hashing code, including scrypt support
    * `common/crypto_s2k.c`
      * `secret_to_key_get_type()`
        * If there ever is a case where only one of
 `secret_to_key_spec_len()`/`secret_to_key_key_len(type)` fails,
 `S2K_BAD_LEN` will be returned instead of `S2K_BAD_ALGORITHM`.  Fairly
 nitpicky, since it's obvious that it never happens.
      * `make_specifier()`
        * Remove `(void)flags;`
        * Return `S2K_BAD_ALGORITHM` instead of `tor_assert(0);` in the
 default case?  (Invariant so an assert is also ok)
      * `secret_to_key_derivekey()`
        * `return S2K_NO_SCRYPT;` should be `return S2K_NO_SCRYPT_SUPPORT;`
      * `secret_to_key_check()`
        * Probably should assert that `spec_len` and `key_len` are > 0.
    * `common/crypto_s2k.h`
       * `TOR_CRYPTO_H_INCLUDED` -> `CRYPTO_S2K_H_` (Adjust to taste, but
 needs renaming)
  * `8c02faf5034a3bb14459d2c41ba18be76dc5d0fe` - Rudimentary-but-sufficient
 passphrase-encrypted box code.
    * Instead of using a 0 filled IV, randomly generate one and include it
 in the header?  (Obligatory bikesheding/tinfoil-hattery).
    * `crypto_pwbox()`
      * memwipe `keys`?
    * `crypto_unpwbox()`
      * memwipe `keys`?
    * Maybe test cryptoboxes with flags != 0?
  * `18d810fdbe8593000dc25240d5911027ebe3b506` - fixup! More generic
 passphrase hashing code, including scrypt support
    * No functional changes, looks good to me.
  * `0ffe93ba2096b8a9a2d153619b3cc40ab24cc364` - Tweak and expose
 secret_to_key_compute_key for
 testing/`81dc2271c8d94d3bd58aca0ce4e751391bb31e75` - fixup! Tweak and
 expose secret_to_key_compute_key for testing
    * Ok with the fixup commit.
  * `bf57e5d0bf9dab6b61f437da9be00440f8f7e911` - Test vectors for scrypt
 from draft-josefsson-scrypt-kdf-00
    * Looks good to me.
  * `06f3346fdd36f190e878c35d6a0f8298d12a01be` - Test vectors for PBKDF2
 from RFC6070
    * Looks good to me.
  * `6999fa4a12ca38a98144339a4642bb1c7489750c` - Use preferred key-
 expansion means for pbkdf2, scrypt.
    * Looks good to me.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12981#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list