Skip to content

feat(general): key derivation algorithm for cache encryption #3799

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
julio-lopez merged 5 commits into from
Apr 26, 2024
Merged

feat(general): key derivation algorithm for cache encryption #3799

julio-lopez merged 5 commits into from
Apr 26, 2024

Conversation

@bathina2
Copy link
Contributor

@bathina2 bathina2 commented Apr 13, 2024

This PR provides the password key derivation algorithm option when connecting to a kopia server.
When connecting to a kopia server the client uses the password to derive the cache encryption key.

@bathina2 bathina2 changed the title Caching key derivation algorithm feat(general): Caching key derivation algorithm Apr 13, 2024
julio-lopez
julio-lopez requested changes Apr 22, 2024
View reviewed changes
@codecov
Copy link

codecov bot commented Apr 22, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 77.77778% with 2 lines in your changes are missing coverage. Please review.

Project coverage is 77.02%. Comparing base (cb455c6) to head (cbf0f2a).
Report is 116 commits behind head on master.

Files Patch % Lines
cli/command_repository_connect_server.go 60.00% 1 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #3799      +/-   ##
==========================================
+ Coverage   75.86%   77.02%   +1.16%     
==========================================
  Files         470      473       +3     
  Lines       37301    28686    -8615     
==========================================
- Hits        28299    22096    -6203     
+ Misses       7071     4693    -2378     
+ Partials     1931     1897      -34

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@julio-lopez julio-lopez changed the title feat(general): Caching key derivation algorithm feat(general): key derivation algorithm for cache encryption Apr 23, 2024
julio-lopez
julio-lopez requested changes Apr 25, 2024
View reviewed changes
@julio-lopez
Copy link
Collaborator

julio-lopez commented Apr 25, 2024

FYI @miquella

julio-lopez
julio-lopez approved these changes Apr 26, 2024
View reviewed changes
Copy link
Collaborator

@julio-lopez julio-lopez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1: LG 👍
🥇 @bathina2 Thanks for doing this.

We'll merge once CI passes

@julio-lopez julio-lopez merged commit 1e98511 into kopia:master Apr 26, 2024
@julio-lopez julio-lopez deleted the caching_key_derivation_algorithm branch April 26, 2024 00:45
This was referenced Apr 26, 2024
Closed
Merged
julio-lopez added a commit that referenced this pull request Apr 27, 2024
@julio-lopez
refactor(general): user password hashing and key derivation helpers (#…
ca1962f 
…3821)

Code movement and simplification, no functional changes.

Objectives:
- Allow callers specifying the needed key (or hash) size, instead of
hard-coding it in the registered PBK derivers. Conceptually, the caller
needs to specify the key size, since that is a requirement of the
(encryption) algorithm being used in the caller. Now, the code changes
here do not result in any functional changes since the key size is
always 32 bytes.
- Remove a global definition for the default PB key deriver to use.
Instead, each of the 3 use case sets the default value.

Changes:
- `crypto.DeriveKeyFromPassword` now takes a key size.
- Adds new constants for the key sizes at the callers.
- Removes the global `crypto.MasterKeySize` const.
- Removes the global `crypto.DefaultKeyDerivationAlgorithm` const.
- Adds const for the default derivation algorithms for each use case.
- Adds a const for the salt length in the `internal/user` package, to ensure
  the same salt length is used in both hash versions.
- Unexports various functions, variables and constants in the `internal/crypto`
  & `internal/user` packages.
- Renames various constants for consistency.
- Removes unused functions and symbols.
- Renames files to be consistent and better reflect the structure of the code.
- Adds a couple of tests to ensure the const values are in sync and supported.
- Fixes a couple of typos

Followups to:
- #3725
- #3770
- #3779
- #3799
- #3816

The individual commits show the code transformations to simplify the
review of the changes.
@julio-lopez
Copy link
Collaborator

julio-lopez commented Nov 18, 2024
edited
Loading

@julio-lopez julio-lopez mentioned this pull request Nov 20, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@julio-lopez julio-lopez julio-lopez approved these changes

@Shrekster Shrekster Awaiting requested review from Shrekster

@redgoat650 redgoat650 Awaiting requested review from redgoat650

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bathina2 @julio-lopez