Package

com.lookout.borderpatrol

crypto

Permalink

package crypto

The crypto module includes primitives for:

It also includes Type Classes for interfacing with backends that would like to encrypt data at rest.

Linear Supertypes
Types, AnyRef, Any
Ordering
  1. Alphabetic
  2. By inheritance
Inherited
  1. crypto
  2. Types
  3. AnyRef
  4. Any
  1. Hide All
  2. Show all
Visibility
  1. Public
  2. All

Type Members

  1. case class CryptKey(keyBytes: Array[Byte], ivBytes: Array[Byte], provider: Provider = new BouncyCastleProvider) extends SymmetricKey with Product with Serializable

    Permalink
  2. trait Decryptable[A] extends AnyRef

    Permalink

    Derive CryptKey instances to decrypt Session data

  3. trait Encryptable[A] extends AnyRef

    Permalink

    Derive CryptKey instances to encrypt Session data

  4. type Encrypted = Array[Byte]

    Permalink
    Definition Classes
    Types
  5. trait EncryptedSessionStore extends AnyRef

    Permalink

    Session store that will store encrypted Session[_] data into a backend TODO: This is silly, let's remove this EncryptedDataEncoder type and treat Session as a Functor, apply the encryption and decryption with mixins into the base SessionStore

  6. type Entropy = IndexedSeq[Byte]

    Permalink
    Definition Classes
    Types
  7. trait Generator[+A] extends AnyRef

    Permalink

    Generate random data from a decent PRNG

  8. type Payload = IndexedSeq[Byte]

    Permalink
    Definition Classes
    Types
  9. type Seconds = Long

    Permalink
    Definition Classes
    Types
  10. type SecretId = IndexedSeq[Byte]

    Permalink
    Definition Classes
    Types
  11. type Signature = IndexedSeq[Byte]

    Permalink
    Definition Classes
    Types
  12. trait Signer extends AnyRef

    Permalink

    Mixin for being able to sign bytes It implements HMAC, recommended to use a decent hashing algorithm like SHA256

  13. type Size = Int

    Permalink
    Definition Classes
    Types
  14. trait SymmetricKey extends AnyRef

    Permalink

    Base components needed for a symmetric key Utilized by CryptKey

  15. type TagId = Byte

    Permalink
    Definition Classes
    Types
  16. type TimeBytes = IndexedSeq[Byte]

    Permalink
    Definition Classes
    Types

Value Members

  1. object CryptKey extends Serializable

    Permalink

    After some investigation into prototyping and fast ciphers, I have a few observations and an implementation Observations:

    After some investigation into prototyping and fast ciphers, I have a few observations and an implementation Observations:

    • It's clear that ChaCha and AES are winners in the speed category of ciphers (http://bench.cr.yp.to/results-stream.html)
    • Stream ciphers are probably the wrong use-case here because we most likely want authenticated encryption, which rules out ChaCha.
    • Most block ciphers require an IV (which must be unique, but can be predictable) *
    • AES-GCM is an authenticated encryption mechanism that could be very useful here *

    Implementation Details: I have chosen to make the IV be the SignedId.Entropy, since it is unique but predictable and public. The key then becomes the hashed SecretKey which is private.

    CryptKey := AES-GCM( Key , Iv ) Key := PBKDF2WithHmacSHA1( SecretKey ) Iv := SignedId.Entropy

    This means that all sessions will be encrypted with the same secret, but they will have a unique IV based on the entropy of the session id. Note: secrets are rotated daily.

    Alternatively, you could create a new SignedId every time Session data is stored

  2. object Decryptable

    Permalink

    Default instances of Decryptable type classes for Buf and A => Buf

  3. object Encryptable

    Permalink

    Default instances of Encryptable type classes for Buf and A => Buf

  4. object EncryptedSessionStore

    Permalink

    Default implementations of EncryptedSessionStore with memcached and an in-memory store for mocking

  5. object Generator

    Permalink

Inherited from Types

Inherited from AnyRef

Inherited from Any

Ungrouped