core/go-crypt
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
14 commits 1 branch 0 tags 203 KiB
Commit graph

4 commits

Author SHA1 Message Date
Snider
301eac1d76 feat(auth): Phase 2 key management — Argon2id, rotation, revocation 
- Register now uses Argon2id (crypt.HashPassword) instead of LTHN hash
- Login detects hash format: Argon2id (.hash) first, LTHN (.lthn) fallback
- Transparent migration: successful legacy login re-hashes with Argon2id
- RotateKeyPair: decrypt metadata with old password, generate new PGP
  keypair, re-encrypt, update hash, invalidate all sessions
- RevokeKey: write JSON revocation record to .rev, invalidate sessions
- IsRevoked: parse .rev for valid JSON (ignores legacy placeholder)
- Login/CreateChallenge reject revoked users
- HardwareKey interface (hardware.go): contract for PKCS#11/YubiKey
- verifyPassword helper: shared Argon2id→LTHN fallback logic
- 55 tests total, all pass with -race

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-02-20 02:27:03 +00:00
Snider
1aeabfd32b feat(auth): add SessionStore interface with SQLite persistence 
Extract in-memory session map into SessionStore interface with two
implementations: MemorySessionStore (default, backward-compatible) and
SQLiteSessionStore (persistent via go-store). Add WithSessionStore
option, background cleanup goroutine, and comprehensive tests including
persistence verification and concurrency safety.

Phase 1: Session Persistence — complete.

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-02-20 01:44:51 +00:00
Snider
9331fc6eac test(phase0): expand test coverage, security audit, and benchmarks 
Add 29 new tests across auth/, crypt/, and trust/ packages:
- auth: concurrent sessions, token uniqueness, challenge expiry boundary,
  empty password, long/unicode usernames, air-gapped round-trip, expired refresh
- crypt: wrong passphrase, empty/large plaintext, KDF determinism, HKDF info
  separation, checksum edge cases
- trust: concurrent registry operations, tier validation, token expiry boundary,
  empty ScopedRepos behaviour, unknown capabilities

Add benchmark suites:
- crypt: Argon2, ChaCha20, AES-GCM, HMAC (1KB/1MB payloads)
- trust: PolicyEvaluate (100 agents), RegistryGet, RegistryRegister

Security audit documented in FINDINGS.md:
- F1: LTHN hash used for password verification (medium)
- F2: PGP private keys not zeroed after use (low, upstream limitation)
- F3: Empty ScopedRepos bypasses repo scope check (medium)
- F4: go vet clean, no math/rand, no secrets in error messages

All tests pass with -race. go vet clean.

Co-Authored-By: Virgil <virgil@lethean.io>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-20 01:14:41 +00:00
Claude
8498ecf890
feat: extract crypto/security packages from core/go 
ChaCha20-Poly1305, AES-256-GCM, Argon2 key derivation, OpenPGP
challenge-response auth, and trust tier policy engine.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-16 15:25:54 +00:00