iron.git

commit 3fb2e140020981cba12faa88c034c12a27fa5d6a

Author: Paolo Lulli <paolo@lulli.net>

WIP - Key exchange between client and server


 key_exchange/kx-derive | 16 ++++++++++++++++
 key_exchange/kx-export-pub | 15 +++++++++++++++
 key_exchange/kx-gen-keypair | 15 +++++++++++++++
 key_exchange/kx-init-dh | 8 ++++++++
 key_exchange/workflow.txt | 16 ++++++++++++++++


diff --git a/key_exchange/kx-derive b/key_exchange/kx-derive
new file mode 100755
index 0000000000000000000000000000000000000000..7eb24ff7e9cb414ccf1e202af014beebb882999c
--- /dev/null
+++ b/key_exchange/kx-derive
@@ -0,0 +1,16 @@
+#! /bin/bash 
+
+cd $(dirname $0)
+KEYS_DIR=./keys
+
+if [ "$#" != 2 ]; then
+	echo "Usage: $0 <profile> <peer>"
+	exit 1
+fi
+
+test -d ${KEYS_DIR} || mkdir -p ${KEYS_DIR}
+
+profile=$1
+peer=$2
+
+openssl pkeyutl -derive -inkey  ${KEYS_DIR}/"${profile}.pem" -peerkey ${KEYS_DIR}/"${peer}-pub.pem" -out "${profile}-${peer}.key"




diff --git a/key_exchange/kx-export-pub b/key_exchange/kx-export-pub
new file mode 100755
index 0000000000000000000000000000000000000000..1005256988caab7d13251324c1fcf8c30bb9c631
--- /dev/null
+++ b/key_exchange/kx-export-pub
@@ -0,0 +1,15 @@
+#! /bin/bash 
+
+cd $(dirname $0)
+KEYS_DIR=./keys
+
+if [ "$#" != 1 ]; then
+	echo "Usage: $0 <profile>"
+	exit 1
+fi
+
+test -d ${KEYS_DIR} || mkdir -p ${KEYS_DIR}
+
+profile=$1
+
+openssl pkey -in ${KEYS_DIR}/"${profile}.pem" -pubout -out ${KEYS_DIR}/"${profile}-pub.pem"




diff --git a/key_exchange/kx-gen-keypair b/key_exchange/kx-gen-keypair
new file mode 100755
index 0000000000000000000000000000000000000000..a13f67ce993c75c95f9505028614fa60b36bd0cf
--- /dev/null
+++ b/key_exchange/kx-gen-keypair
@@ -0,0 +1,15 @@
+#! /bin/bash 
+
+cd $(dirname $0)
+KEYS_DIR=./keys
+
+if [ "$#" != 1 ]; then
+	echo "Usage: $0 <profile>"
+	exit 1
+fi
+
+test -d ${KEYS_DIR} || mkdir -p ${KEYS_DIR}
+
+profile=$1
+
+openssl genpkey -paramfile ${KEYS_DIR}/dhp.pem -out ${KEYS_DIR}/"${profile}.pem"




diff --git a/key_exchange/kx-init-dh b/key_exchange/kx-init-dh
new file mode 100755
index 0000000000000000000000000000000000000000..bd1afb62bd357511a30a5fb5db6d963841665619
--- /dev/null
+++ b/key_exchange/kx-init-dh
@@ -0,0 +1,8 @@
+#! /bin/bash -x
+
+cd $(dirname $0)
+WORK_DIR=./keys
+
+test -d ${WORK_DIR} || mkdir -p ${WORK_DIR}
+
+openssl genpkey -genparam -algorithm DH -out ${WORK_DIR}/dhp.pem -pkeyopt dh_paramgen_prime_len:4096




diff --git a/key_exchange/workflow.txt b/key_exchange/workflow.txt
new file mode 100644
index 0000000000000000000000000000000000000000..ffd72bde7402e6e29bd83cdde0c0b33bbdbb0af8
--- /dev/null
+++ b/key_exchange/workflow.txt
@@ -0,0 +1,16 @@
+Server generates DH params
+
+Server generates keypair and exposes public key 
+
+/security/dh/generate
+/security/dh/get
+
+Server generates keypair 
+Server uses private key to calculate secret
+Server stores <secret>
+Server uses <secret> to encrypt data symmetrically (AES)
+
+Client gets dh params from: /security/dh/get
+Client generates keypair 
+Client uses private key to calculate secret
+Client uses secret to encrypt/decrypt server to/from Server