hide key material behind zero-arity functionsimplify

author: Robert Newson <rnewson@apache.org> 2021-05-05 22:56:49 +0100
committer: Robert Newson <rnewson@apache.org> 2021-05-05 23:02:42 +0100
commit: 48043c06e3c839d8302a97192b42dba97bf6c8a1 (patch)
tree: 705e8002694fdc504d1644027feb7dd2809d72fd
parent: 66380a23423cde8b083bb905f1ccd7a3b5b2de4d (diff)
download: couchdb-simplify.tar.gz
3 files changed, 29 insertions, 24 deletions
diff --git a/src/aegis/src/aegis_key_manager.erl b/src/aegis/src/aegis_key_manager.erl
index 4426c4f10..b7685d3b8 100644
--- a/src/aegis/src/aegis_key_manager.erl
+++ b/src/aegis/src/aegis_key_manager.erl
@@ -12,14 +12,14 @@
 
 -module(aegis_key_manager).
 
-
+-type key_fun() :: fun(() -> binary()).
 
 -callback init_db(
     Db :: #{},
-    DbOptions :: list()) -> {ok, binary()} | false.
+    DbOptions :: list()) -> {ok, key_fun()} | false.
 
 
--callback open_db(Db :: #{}) -> {ok, binary()} | false.
+-callback open_db(Db :: #{}) -> {ok, key_fun()} | false.
 
 
 -callback get_db_info(Db :: #{}) -> list().
diff --git a/src/aegis/src/aegis_keywrap.erl b/src/aegis/src/aegis_keywrap.erl
index 58c7668e8..597b4d2ed 100644
--- a/src/aegis/src/aegis_keywrap.erl
+++ b/src/aegis/src/aegis_keywrap.erl
@@ -20,39 +20,39 @@
 
 -define(ICV1, 16#A6A6A6A6A6A6A6A6).
 
--spec key_wrap(WrappingKey :: binary(), KeyToWrap :: binary()) -> binary().
-key_wrap(WrappingKey, KeyToWrap)
-  when is_binary(WrappingKey), bit_size(KeyToWrap) rem 64 == 0 ->
-    N = bit_size(KeyToWrap) div 64,
-    wrap(WrappingKey, <<?ICV1:64>>, KeyToWrap, 1, 6 * N).
+-spec key_wrap(WrappingKey :: aegis_key_manager:key_fun(), KeyToWrap :: aegis_key_manager:key_fun()) -> binary().
+key_wrap(WrappingKeyFun, KeyToWrapFun)
+  when is_function(WrappingKeyFun, 0), is_function(KeyToWrapFun, 0) ->
+    N = bit_size(KeyToWrapFun()) div 64,
+    wrap(WrappingKeyFun, <<?ICV1:64>>, KeyToWrapFun(), 1, 6 * N).
 
-wrap(_WrappingKey, A, R, T, End) when T > End ->
+wrap(_WrappingKeyFun, A, R, T, End) when T > End ->
     <<A/binary, R/binary>>;
-wrap(WrappingKey, A, R, T, End) ->
+wrap(WrappingKeyFun, A, R, T, End) ->
     <<R1:64, Rest/binary>> = R,
-    <<MSB_B:64, LSB_B:64>> = ?aes_ecb_encrypt(WrappingKey, <<A/binary, R1:64>>),
-    wrap(WrappingKey, <<(MSB_B bxor T):64>>, <<Rest/binary, LSB_B:64>>, T + 1, End).
+    <<MSB_B:64, LSB_B:64>> = ?aes_ecb_encrypt(WrappingKeyFun(), <<A/binary, R1:64>>),
+    wrap(WrappingKeyFun, <<(MSB_B bxor T):64>>, <<Rest/binary, LSB_B:64>>, T + 1, End).
 
 
--spec key_unwrap(WrappingKey :: binary(), KeyToUnwrap :: binary()) -> binary() | fail.
-key_unwrap(WrappingKey, KeyToUnwrap)
-  when is_binary(WrappingKey), bit_size(KeyToUnwrap) rem 64 == 0 ->
+-spec key_unwrap(WrappingKey :: aegis_key_manager:key_fun(), KeyToUnwrap :: binary()) -> aegis_key_manager:key_fun() | fail.
+key_unwrap(WrappingKeyFun, KeyToUnwrap)
+  when is_function(WrappingKeyFun, 0), bit_size(KeyToUnwrap) rem 64 == 0 ->
     N = (bit_size(KeyToUnwrap) div 64),
     <<A:64, R/binary>> = KeyToUnwrap,
-    case unwrap(WrappingKey, <<A:64>>, R, 6 * (N - 1)) of
+    case unwrap(WrappingKeyFun, <<A:64>>, R, 6 * (N - 1)) of
         <<?ICV1:64, UnwrappedKey/binary>> ->
-            UnwrappedKey;
+            fun() -> UnwrappedKey end;
         _ ->
             fail
     end.
 
-unwrap(_WrappingKey, A, R, 0) ->
+unwrap(_WrappingKeyFun, A, R, 0) ->
     <<A/binary, R/binary>>;
-unwrap(WrappingKey, <<A:64>>, R, T) ->
+unwrap(WrappingKeyFun, <<A:64>>, R, T) ->
     RestSize = bit_size(R) - 64,
     <<Rest:RestSize, R2: 64>> = R,
-    <<MSB_B:64, LSB_B:64>> = ?aes_ecb_decrypt(WrappingKey, <<(A bxor T):64, R2:64>>),
-    unwrap(WrappingKey, <<MSB_B:64>>, <<LSB_B:64, Rest:RestSize>>, T - 1).
+    <<MSB_B:64, LSB_B:64>> = ?aes_ecb_decrypt(WrappingKeyFun(), <<(A bxor T):64, R2:64>>),
+    unwrap(WrappingKeyFun, <<MSB_B:64>>, <<LSB_B:64, Rest:RestSize>>, T - 1).
 
 
 -ifdef(TEST).
diff --git a/src/aegis/src/aegis_server.erl b/src/aegis/src/aegis_server.erl
index 087e605e3..2da3eac6c 100644
--- a/src/aegis/src/aegis_server.erl
+++ b/src/aegis/src/aegis_server.erl
@@ -181,12 +181,12 @@ do_open_db(#{uuid := UUID} = Db) ->
 
 
 do_encrypt(DbKey, #{uuid := UUID}, Key, Value) ->
-    EncryptionKey = crypto:strong_rand_bytes(32),
+    EncryptionKey = new_encryption_key(),
     <<WrappedKey:320>> = aegis_keywrap:key_wrap(DbKey, EncryptionKey),
 
     {CipherText, <<CipherTag:128>>} =
         ?aes_gcm_encrypt(
-           EncryptionKey,
+           EncryptionKey(),
            <<0:96>>,
            <<UUID/binary, 0:8, Key/binary>>,
            Value),
@@ -202,7 +202,7 @@ do_decrypt(DbKey, #{uuid := UUID}, Key, Value) ->
                 DecryptionKey ->
                     Decrypted =
                     ?aes_gcm_decrypt(
-                        DecryptionKey,
+                        DecryptionKey(),
                         <<0:96>>,
                         <<UUID/binary, 0:8, Key/binary>>,
                         CipherText,
@@ -333,3 +333,8 @@ expiration_check_interval() ->
 
 cache_limit() ->
     config:get_integer("aegis", "cache_limit", ?CACHE_LIMIT).
+
+
+new_encryption_key() ->
+    EncryptionKey = crypto:strong_rand_bytes(32),
+    fun() -> EncryptionKey end.
author	Robert Newson <rnewson@apache.org>	2021-05-05 22:56:49 +0100
committer	Robert Newson <rnewson@apache.org>	2021-05-05 23:02:42 +0100
commit	48043c06e3c839d8302a97192b42dba97bf6c8a1 (patch)
tree	705e8002694fdc504d1644027feb7dd2809d72fd
parent	66380a23423cde8b083bb905f1ccd7a3b5b2de4d (diff)
download	couchdb-simplify.tar.gz