SlideShare a Scribd company logo

Protect Sensitive Data with Ada Keystore

S
Stephane Carrez

toring passwords and secret configuration is a challenge for an application. Ada Keystore is a library that stores arbitrary content by encrypting them in secure keystore (AES-256, HMAC-256). The talk presents the project and shows how to use the Ada Keystore library to get or store secret information in a secure manner. The presentation explains how the Ada features such as types, protected types, tasks, pre/post conditions have helped during the development of this project.

Software
1 of 24
Download to read offline
Protect Sensitive Data with Ada Keystore Stéphane Carrez FOSDEM 2020
https://github.com/stcarrez/ada-keystore 2 Why Ada Keystore? ● Store sensitive parameters of an Ada server : – Database connection passwords – API secret keys ● Tool to store sensitive information : – Passwords and accounts – Encrypted documents without exposing their keys
https://github.com/stcarrez/ada-keystore 3 Getting a secret (1) with Keystore.Files; function Get_Secret return String is WS : Keystore.Files.Wallet_File; Pass : Keystore.Secret_Key:= Keystore.Create ("..."); begin WS.Open (Pass, “secure.akt”); return WS.Get ("api-key"); end Get_Secret; ● Open keystore with simple password (simple but less secure : password in code!)
https://github.com/stcarrez/ada-keystore 4 Getting a secret (2) with Keystore.GPG; with Keystore.Passwords.GPG; with Keystore.Files; function Get_Secret return String is WS : Keystore.Files.Wallet_File; Ctx  : Keystore.Passwords.GPG.Context_Type; begin Keystore.GPG.Open (WS, Ctx, “secure.akt”); return WS.Get ("api-key"); end Get_Secret; ● Open keystore protected with GPG
https://github.com/stcarrez/ada-keystore 5 Ada Keystore: a secure storage AKT User passwordGPG protected key Encrypted Data Keystore Ada Keystore
https://github.com/stcarrez/ada-keystore 6 Ada Keystore: with multiple keys Directory key Master key block Data info key Data key key Data keys Data keys Signature key User password GPG protected key Data fragment Data fragment Data fragment Data fragment Data fragment Directory keys Encrypted Data
https://github.com/stcarrez/ada-keystore 7 Ada Keystore: with blocks (unchained) HMAC-256HDR (1815-12-10) (1852-11-27) Ada HMAC-256UUID Storage ID HDR Data Storage Info + HMAC Directory Name Entry Data block indexes & keys HMAC-256HDR Data fragment info HMAC-256 Data Fragment Header block Directory block Data block Master key block ... HMAC-256HDR Wallet info Key slot 1UUID Key slot 7... 4K
https://github.com/stcarrez/ada-keystore 8 Ada Keystore: key protection Wallet master key slot N (512 bytes) key slot Nsalt key N HMAC 256 = ? AES-256 CBC Wallet Master Keys (32 bytes) (240 bytes) key key (256 bits) key IV (128 bits) dat key (256 bits) dat IV (128 bits) dir key (256 bits) dir IV (128 bits) Wallet master key block AES-256 CBC PBKDF2 HMAC 256 ctr slot N (4 bytes) Sign N HMAC (32 bytes) (32 bytes) PBKDF2 HMAC 256 (4 bytes) salt IV N (32 bytes) HMAC-256HDR Wallet info Key slot 1UUID Key slot 7... Wallet Header Key, wallet header IV, Block ID User password NO, invalid password YES, valid password dir sign (256 bits) dat sign (256 bits) key sign (256 bits) Key IV HMAC 256 = ? NO, invalid block YES, valid block Wallet Sign
https://github.com/stcarrez/ada-keystore 9 Ada Keystore: GPG protection Wallet master key slot N (512 bytes) key slot N HMAC 256 = ? AES-256 CBC Wallet Master Keys (240 bytes) key key (256 bits) key IV (128 bits) dat key (256 bits) dat IV (128 bits) dir key (256 bits) dir IV (128 bits) Wallet master key block AES-256 CBC Sign N HMAC (32 bytes) (32 bytes) HMAC-256HDR Wallet info Key slot 1UUID Key slot 7... NO, invalid password YES, valid password dir sign (256 bits) dat sign (256 bits) key sign (256 bits) Key, IV GPG2 GPG Private key Header block Key (32 bytes) IV (16 bytes) IV Key (16 bytes) (32 bytes) (1815-12-10) (1852-11-27) Ada HMAC-256UUID Storage ID HDR Data Storage Info + HMAC Sign (32 bytes) HMAC 256 = ? NO, invalid block YES, valid block header tag (4 bytes)
https://github.com/stcarrez/ada-keystore 10 Ada Keystore: directory encryption Directory block AES-256 CBC HMAC-256HDR ... Directory Key, directory IV, Block ID HMAC 256 Directory Sign Directory Name Entry Data block indexes & keys... Per data fragment encryption keys Name (N bytes) Entry ID (4 bytes) key (256 bits) IV (128 bits) Block NumStore ID (4 bytes)(4 bytes)(4 bytes) Entry ID HMAC-256HDR Data fragment info HMAC-256 Data Fragment HMAC-256HDR Data fragment info HMAC-256 Data Fragment
https://github.com/stcarrez/ada-keystore 11 Ada Keystore: data encryption Data block AES-256 CBC ... Data Key, IV, Block ID HMAC 256 Data Sign HMAC-256 HDR Data fragment info HMAC-256 Data Fragment AES-256 CBC HMAC 256 Data entry descriptor HMAC (256 bits) Data OffsetSlot Size (8 bytes)(2 bytes)(4 bytes) Entry ID Data fragment Key, IV, Block ID Data Fragment
https://github.com/stcarrez/ada-keystore 12 Ada Keystore: directory decryption Directory block AES-256 CBC HMAC-256HDR ... Directory Key, directory IV, Block ID HMAC 256 = ? NO, invalid block YES, valid block Directory Sign Directory Name Entry Data block indexes & keys... Per data fragment encryption keys Name (N bytes) Entry ID (4 bytes) key (256 bits) IV (128 bits) Block NumStore ID (4 bytes)(4 bytes)(4 bytes) Entry ID HMAC-256HDR Data fragment info HMAC-256 Data Fragment HMAC-256HDR Data fragment info HMAC-256 Data Fragment
https://github.com/stcarrez/ada-keystore 13 Ada Keystore: data decryption Data block AES-256 CBC ... Data Key, IV, Block ID HMAC 256 = ? NO, invalid block YES, valid block Data Sign HMAC-256 HDR Data fragment info HMAC-256 Data Fragment AES-256 CBC HMAC 256 Data entry descriptor HMAC (256 bits) Data OffsetSlot Size (8 bytes)(2 bytes)(4 bytes) Entry ID = ? NO, invalid fragment YES, valid fragment Data fragment Key, IV, Block ID Data Fragment
https://github.com/stcarrez/ada-keystore 14 Ada Keystore: more complexity Data block AES-256 CBC ... Data Key, IV, Block ID HMAC 256 = ? NO, invalid block YES, valid block Data Sign Name (N bytes) Entry ID (4 bytes) (4 bytes) Entry ID HMAC-256 HDR Data fragment info HMAC-256 Data Fragment AES-256 CBC HMAC 256 Data entry descriptor HMAC (256 bits) Data OffsetSlot Size (8 bytes)(2 bytes)(4 bytes) Entry ID = ? NO, invalid fragment YES, valid fragment Data fragment Key, IV, Block ID Data Fragment Directory block AES-256 CBC HMAC-256HDR ... Directory Key, directory IV, Block ID HMAC 256 = ? NO, invalid block YES, valid block Directory Sign Directory Name Entry Data block indexes & keys... Per data fragment encryption keys Name (N bytes) Entry ID (4 bytes) key (256 bits) IV (128 bits) Block NumStore ID (4 bytes)(4 bytes)(4 bytes) Entry ID HMAC-256HDR Data fragment info HMAC-256 Data Fragment HMAC-256HDR Data fragment info HMAC-256 Data Fragment Wallet master key slot N (512 bytes) key slot Nsalt key N HMAC 256 = ? AES-256 CBC Wallet Master Keys (32 bytes) (240 bytes) key key (256 bits) key IV (128 bits) dat key (256 bits) dat IV (128 bits) dir key (256 bits) dir IV (128 bits) Wallet master key block AES-256 CBC PBKDF2 HMAC 256 ctr slot N (4 bytes) Sign N HMAC (32 bytes) (32 bytes) PBKDF2 HMAC 256 (4 bytes) salt IV N (32 bytes) HMAC-256HDR Wallet info Key slot 1UUID Key slot 7... Wallet Header Key, wallet header IV, Block ID User password NO, invalid password YES, valid password dir sign (256 bits) dat sign (256 bits) key sign (256 bits) Key IV HMAC 256 = ? NO, invalid block YES, valid block Wallet Sign Update data Secure data erase Insert data Protect keys Thread safe API Multi-task encryption/decryption Prevent security holes
https://github.com/stcarrez/ada-keystore 15 Ada benefit : limited types ● Use limited record : – Encryption keys cannot be copied – Secret key content visible only to AES operations ● Use Ada.Finalization.Limited_Controlled : – Erase encryption keys when object is released type Secret_Key (Length : Key_Length) is limited private;
https://github.com/stcarrez/ada-keystore 16 Ada benefit : subtypes ● Use subtype to constraint index computation : – Detect index errors when they are computed not when we access the data subtype Buffer_Size is Stream_Element_Offset range 0 .. 4064; subtype Block_Index is Stream_Element_Offset range 1 .. 4064; subtype Block_Type is Stream_Element_Array (Block_Index); Key_Pos := Key_Header_Pos - Key_Slot_Size (Iterator.Key_Count); Buf.Data (Key_Pos .. Key_Pos + Key_Size - 1) := ...; better to raise Constraint_Error here bounds still verified
https://github.com/stcarrez/ada-keystore 17 Ada benefit : private child package ● Use private child package : – Restrict scope of operations – Helps in refactoring decisions EntriesData Keys Files Headers Refs Workers Containers Files Tools GPG Cmds Files GPG Passwords Keystore Repository Buffers Marshallers IO Keys Random Input Keys Unsafe
https://github.com/stcarrez/ada-keystore 18 Ada benefit : precondition ● Use Preconditions : – Nice for API constraints – Helpful to detect internal errors earlier function Contains (Container : in Wallet; Name : in String) return Boolean is abstract with Pre'Class => Container.Is_Open; procedure Put_Unsigned_32 (Into : in out Marshaller; Value : in Interfaces.Unsigned_32) with Pre => Into.Pos <= Block_Type'Last - 4;
https://github.com/stcarrez/ada-keystore 19 Ada benefit : postcondition ● Use Postconditions : – Nice for API clarification – More complex to write function Get_Header (From : in out Marshaller) return Unsigned_32 with Post => From.Pos = Block_Type'First + 3; procedure Get_Keys (From : in Key_Provider; Key : out Secret_Key; IV : out Secret_Key; Sign : out Secret_Key) is abstract with Post'Class => Key.Length = 32 and IV.Length = 16 and Sign.Length = 32;
https://github.com/stcarrez/ada-keystore 20 Ada benefit : protected types ● Use protected types : – Concurrent access to keystore objects – Holds de keystore internal data structures protected type Wallet_Container is procedure Open (...); procedure Create (...); procedure Add (...); ... end Wallet_Container;
https://github.com/stcarrez/ada-keystore 21 Ada benefit : tasks ● Use tasks for encryption/decryption process: – parallelize encryption and decryption – allow to configure the number of tasks – pre-allocation of tasks
https://github.com/stcarrez/ada-keystore 22 Ada Keystore Work Queues AES-256 CBC HMAC 256 READ BLOCKExecutor Queue Executor Task #1 Sequence Queue AES-256 CBC HMAC 256 Executor Task #N HMAC-256HDR Data fragment info HMAC-256 Data Fragment HMAC-256HDR Data fragment info HMAC-256 Data Fragment HMAC-256HDR Data fragment info HMAC-256 Data Fragment Data Fragment #1 Data Fragment #2 Data Fragment #N Prepare Work Collect Work READ BLOCK Work Pool
https://github.com/stcarrez/ada-keystore 23 Conclusion ● Writing a secure keystore is hard : – insert, update, remove data entries that look random – don’t leak secret keys ● Project succeeded thanks to Ada : – many errors prevented by the language – no buffer overflow, runtime error detection ● Secure storage made simple for Ada : – simple Ada API (Open, Create, Add, Get, Remove) – https://ada-keystore.readthedocs.io/en/latest/
https://github.com/stcarrez/ada-keystore 24 Questions ?

Recommended

Python Cryptography & Security
Python Cryptography & SecurityPython Cryptography & Security
Python Cryptography & SecurityJose Manuel Ortega Candel
 
iOS Keychain 介紹
iOS Keychain 介紹iOS Keychain 介紹
iOS Keychain 介紹ShengWen Chiou
 
2014.11 asfws
2014.11 asfws2014.11 asfws
2014.11 asfwsCyber Security Alliance
 
Apache Commons ソースリーディングの会:Codec
Apache Commons ソースリーディングの会:CodecApache Commons ソースリーディングの会:Codec
Apache Commons ソースリーディングの会:Codecmoai kids
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Svetlin Nakov
 
Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019Michel Schudel
 
Cryptography 101 for_java_developers, Fall 2019
Cryptography 101 for_java_developers, Fall 2019Cryptography 101 for_java_developers, Fall 2019
Cryptography 101 for_java_developers, Fall 2019Michel Schudel
 
Cryptography 101 for Java developers
Cryptography 101 for Java developersCryptography 101 for Java developers
Cryptography 101 for Java developersMichel Schudel
 

Recommended

Python Cryptography & Security
Python Cryptography & SecurityPython Cryptography & Security
Python Cryptography & SecurityJose Manuel Ortega Candel
 
iOS Keychain 介紹
iOS Keychain 介紹iOS Keychain 介紹
iOS Keychain 介紹ShengWen Chiou
 
2014.11 asfws
2014.11 asfws2014.11 asfws
2014.11 asfwsCyber Security Alliance
 
Apache Commons ソースリーディングの会:Codec
Apache Commons ソースリーディングの会:CodecApache Commons ソースリーディングの会:Codec
Apache Commons ソースリーディングの会:Codecmoai kids
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Svetlin Nakov
 
Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019Michel Schudel
 
Cryptography 101 for_java_developers, Fall 2019
Cryptography 101 for_java_developers, Fall 2019Cryptography 101 for_java_developers, Fall 2019
Cryptography 101 for_java_developers, Fall 2019Michel Schudel
 
Cryptography 101 for Java developers
Cryptography 101 for Java developersCryptography 101 for Java developers
Cryptography 101 for Java developersMichel Schudel
 
Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019Michel Schudel
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)securityEnrico Zimuel
 
Cryptography in PHP: use cases
Cryptography in PHP: use casesCryptography in PHP: use cases
Cryptography in PHP: use casesEnrico Zimuel
 
Security and Encryption on iOS
Security and Encryption on iOSSecurity and Encryption on iOS
Security and Encryption on iOSGraham Lee
 
Cisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-oneCisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-oneDefconRussia
 
Pki by Steve Lamb
Pki by Steve LambPki by Steve Lamb
Pki by Steve LambInformation Security Awareness Group
 
9 password security
9 password security9 password security
9 password securitydrewz lin
 
Hack ASP.NET website
Hack ASP.NET websiteHack ASP.NET website
Hack ASP.NET websitePositive Hack Days
 
Secure Storage: COMPOSABLE AND ROBUST OUTSOURCED STORAGE
Secure Storage: COMPOSABLE AND ROBUST OUTSOURCED STORAGESecure Storage: COMPOSABLE AND ROBUST OUTSOURCED STORAGE
Secure Storage: COMPOSABLE AND ROBUST OUTSOURCED STORAGEPriyanka Aash
 
Hacking oracle using metasploit
Hacking oracle using metasploitHacking oracle using metasploit
Hacking oracle using metasploitAlberto García Illera
 
Whats new in iOS5
Whats new in iOS5Whats new in iOS5
Whats new in iOS5Paul Ardeleanu
 
amani_rwc_password
amani_rwc_passwordamani_rwc_password
amani_rwc_passwordArvind Mani
 
JavaOne 2016 - JVM assisted sensitive data
JavaOne 2016 - JVM assisted sensitive dataJavaOne 2016 - JVM assisted sensitive data
JavaOne 2016 - JVM assisted sensitive dataCharlie Gracie
 
iCloud keychain
iCloud keychainiCloud keychain
iCloud keychainAlexey Troshichev
 
SOURCE Boston --Attacking Oracle Web Applications with Metasploit & wXf
SOURCE Boston --Attacking Oracle Web Applications with Metasploit & wXfSOURCE Boston --Attacking Oracle Web Applications with Metasploit & wXf
SOURCE Boston --Attacking Oracle Web Applications with Metasploit & wXfChris Gates
 
PyConIT6 - MAKING SESSIONS AND CACHING ROOMMATES
PyConIT6 - MAKING SESSIONS AND CACHING ROOMMATESPyConIT6 - MAKING SESSIONS AND CACHING ROOMMATES
PyConIT6 - MAKING SESSIONS AND CACHING ROOMMATESAlessandro Molina
 
Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Adventures in Underland: Is encryption solid as a rock or a handful of dust?Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Adventures in Underland: Is encryption solid as a rock or a handful of dust?Paula Januszkiewicz
 
Crypto storage
Crypto storageCrypto storage
Crypto storageGraham Lee
 
CONFidence 2018: Intel ME: Security keys Genealogy, Obfuscation and other Mag...
CONFidence 2018: Intel ME: Security keys Genealogy, Obfuscation and other Mag...CONFidence 2018: Intel ME: Security keys Genealogy, Obfuscation and other Mag...
CONFidence 2018: Intel ME: Security keys Genealogy, Obfuscation and other Mag...PROIDEA
 
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...DefconRussia
 
Passbolt Introduction and Usage for secret managment
Passbolt Introduction and Usage for secret managmentPassbolt Introduction and Usage for secret managment
Passbolt Introduction and Usage for secret managmentThierry Gayet
 
Django cryptography
Django cryptographyDjango cryptography
Django cryptographyErik LaBianca
 

More Related Content

What's hot

Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019Michel Schudel
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)securityEnrico Zimuel
 
Cryptography in PHP: use cases
Cryptography in PHP: use casesCryptography in PHP: use cases
Cryptography in PHP: use casesEnrico Zimuel
 
Security and Encryption on iOS
Security and Encryption on iOSSecurity and Encryption on iOS
Security and Encryption on iOSGraham Lee
 
Cisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-oneCisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-oneDefconRussia
 
9 password security
9 password security9 password security
9 password securitydrewz lin
 
Secure Storage: COMPOSABLE AND ROBUST OUTSOURCED STORAGE
Secure Storage: COMPOSABLE AND ROBUST OUTSOURCED STORAGESecure Storage: COMPOSABLE AND ROBUST OUTSOURCED STORAGE
Secure Storage: COMPOSABLE AND ROBUST OUTSOURCED STORAGEPriyanka Aash
 
amani_rwc_password
amani_rwc_passwordamani_rwc_password
amani_rwc_passwordArvind Mani
 
JavaOne 2016 - JVM assisted sensitive data
JavaOne 2016 - JVM assisted sensitive dataJavaOne 2016 - JVM assisted sensitive data
JavaOne 2016 - JVM assisted sensitive dataCharlie Gracie
 
SOURCE Boston --Attacking Oracle Web Applications with Metasploit & wXf
SOURCE Boston --Attacking Oracle Web Applications with Metasploit & wXfSOURCE Boston --Attacking Oracle Web Applications with Metasploit & wXf
SOURCE Boston --Attacking Oracle Web Applications with Metasploit & wXfChris Gates
 

What's hot (15)

Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)security
 
Cryptography in PHP: use cases
Cryptography in PHP: use casesCryptography in PHP: use cases
Cryptography in PHP: use cases
 
Security and Encryption on iOS
Security and Encryption on iOSSecurity and Encryption on iOS
Security and Encryption on iOS
 
Cisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-oneCisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-one
 
Pki by Steve Lamb
Pki by Steve LambPki by Steve Lamb
Pki by Steve Lamb
 
9 password security
9 password security9 password security
9 password security
 
Hack ASP.NET website
Hack ASP.NET websiteHack ASP.NET website
Hack ASP.NET website
 
Secure Storage: COMPOSABLE AND ROBUST OUTSOURCED STORAGE
Secure Storage: COMPOSABLE AND ROBUST OUTSOURCED STORAGESecure Storage: COMPOSABLE AND ROBUST OUTSOURCED STORAGE
Secure Storage: COMPOSABLE AND ROBUST OUTSOURCED STORAGE
 
Hacking oracle using metasploit
Hacking oracle using metasploitHacking oracle using metasploit
Hacking oracle using metasploit
 
Whats new in iOS5
Whats new in iOS5Whats new in iOS5
Whats new in iOS5
 
amani_rwc_password
amani_rwc_passwordamani_rwc_password
amani_rwc_password
 
JavaOne 2016 - JVM assisted sensitive data
JavaOne 2016 - JVM assisted sensitive dataJavaOne 2016 - JVM assisted sensitive data
JavaOne 2016 - JVM assisted sensitive data
 
iCloud keychain
iCloud keychainiCloud keychain
iCloud keychain
 
SOURCE Boston --Attacking Oracle Web Applications with Metasploit & wXf
SOURCE Boston --Attacking Oracle Web Applications with Metasploit & wXfSOURCE Boston --Attacking Oracle Web Applications with Metasploit & wXf
SOURCE Boston --Attacking Oracle Web Applications with Metasploit & wXf
 

Similar to Protect Sensitive Data with Ada Keystore

PyConIT6 - MAKING SESSIONS AND CACHING ROOMMATES
PyConIT6 - MAKING SESSIONS AND CACHING ROOMMATESPyConIT6 - MAKING SESSIONS AND CACHING ROOMMATES
PyConIT6 - MAKING SESSIONS AND CACHING ROOMMATESAlessandro Molina
 
Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Adventures in Underland: Is encryption solid as a rock or a handful of dust?Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Adventures in Underland: Is encryption solid as a rock or a handful of dust?Paula Januszkiewicz
 
Crypto storage
Crypto storageCrypto storage
Crypto storageGraham Lee
 
CONFidence 2018: Intel ME: Security keys Genealogy, Obfuscation and other Mag...
CONFidence 2018: Intel ME: Security keys Genealogy, Obfuscation and other Mag...CONFidence 2018: Intel ME: Security keys Genealogy, Obfuscation and other Mag...
CONFidence 2018: Intel ME: Security keys Genealogy, Obfuscation and other Mag...PROIDEA
 
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...DefconRussia
 
Passbolt Introduction and Usage for secret managment
Passbolt Introduction and Usage for secret managmentPassbolt Introduction and Usage for secret managment
Passbolt Introduction and Usage for secret managmentThierry Gayet
 
8.X Sec & I Pv6
8.X Sec & I Pv68.X Sec & I Pv6
8.X Sec & I Pv6phanleson
 
Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Matthew McCullough
 
Java Symmetric
Java SymmetricJava Symmetric
Java Symmetricphanleson
 
Memory access tracing [poug17]
Memory access tracing [poug17]Memory access tracing [poug17]
Memory access tracing [poug17]Mahmoud Hatem
 
Hadoop Security Now and Future
Hadoop Security Now and FutureHadoop Security Now and Future
Hadoop Security Now and Futuretcloudcomputing-tw
 
Cryptography for Smalltalkers 2
Cryptography for Smalltalkers 2Cryptography for Smalltalkers 2
Cryptography for Smalltalkers 2ESUG
 
Dodging WebCrypto API Landmines
Dodging WebCrypto API LandminesDodging WebCrypto API Landmines
Dodging WebCrypto API LandminesErnie Turner
 
Defending Against Attacks With Rails
Defending Against Attacks With RailsDefending Against Attacks With Rails
Defending Against Attacks With RailsTony Amoyal
 
Cryptography In Silverlight
Cryptography In SilverlightCryptography In Silverlight
Cryptography In SilverlightBarry Dorrans
 
Develop an encryption and decryption algorithm Your program should a.pdf
Develop an encryption and decryption algorithm Your program should a.pdfDevelop an encryption and decryption algorithm Your program should a.pdf
Develop an encryption and decryption algorithm Your program should a.pdfdeepaksatrker
 
Eight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programsEight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programsAleksandr Yampolskiy
 

Similar to Protect Sensitive Data with Ada Keystore (20)

PyConIT6 - MAKING SESSIONS AND CACHING ROOMMATES
PyConIT6 - MAKING SESSIONS AND CACHING ROOMMATESPyConIT6 - MAKING SESSIONS AND CACHING ROOMMATES
PyConIT6 - MAKING SESSIONS AND CACHING ROOMMATES
 
Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Adventures in Underland: Is encryption solid as a rock or a handful of dust?Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Adventures in Underland: Is encryption solid as a rock or a handful of dust?
 
Crypto storage
Crypto storageCrypto storage
Crypto storage
 
CONFidence 2018: Intel ME: Security keys Genealogy, Obfuscation and other Mag...
CONFidence 2018: Intel ME: Security keys Genealogy, Obfuscation and other Mag...CONFidence 2018: Intel ME: Security keys Genealogy, Obfuscation and other Mag...
CONFidence 2018: Intel ME: Security keys Genealogy, Obfuscation and other Mag...
 
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
 
Passbolt Introduction and Usage for secret managment
Passbolt Introduction and Usage for secret managmentPassbolt Introduction and Usage for secret managment
Passbolt Introduction and Usage for secret managment
 
Django cryptography
Django cryptographyDjango cryptography
Django cryptography
 
8.X Sec & I Pv6
8.X Sec & I Pv68.X Sec & I Pv6
8.X Sec & I Pv6
 
Why learn Internals?
Why learn Internals?Why learn Internals?
Why learn Internals?
 
Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010
 
Java Symmetric
Java SymmetricJava Symmetric
Java Symmetric
 
Memory access tracing [poug17]
Memory access tracing [poug17]Memory access tracing [poug17]
Memory access tracing [poug17]
 
Hadoop Security Now and Future
Hadoop Security Now and FutureHadoop Security Now and Future
Hadoop Security Now and Future
 
Cryptography for Smalltalkers 2
Cryptography for Smalltalkers 2Cryptography for Smalltalkers 2
Cryptography for Smalltalkers 2
 
Dodging WebCrypto API Landmines
Dodging WebCrypto API LandminesDodging WebCrypto API Landmines
Dodging WebCrypto API Landmines
 
Defending Against Attacks With Rails
Defending Against Attacks With RailsDefending Against Attacks With Rails
Defending Against Attacks With Rails
 
Ipsec
IpsecIpsec
Ipsec
 
Cryptography In Silverlight
Cryptography In SilverlightCryptography In Silverlight
Cryptography In Silverlight
 
Develop an encryption and decryption algorithm Your program should a.pdf
Develop an encryption and decryption algorithm Your program should a.pdfDevelop an encryption and decryption algorithm Your program should a.pdf
Develop an encryption and decryption algorithm Your program should a.pdf
 
Eight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programsEight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programs
 

More from Stephane Carrez

Implementing a build manager in Ada
Implementing a build manager in AdaImplementing a build manager in Ada
Implementing a build manager in AdaStephane Carrez
 
Porion a new Build Manager
Porion a new Build ManagerPorion a new Build Manager
Porion a new Build ManagerStephane Carrez
 
AKT un outil pour sécuriser vos données et documents sensibles
AKT un outil pour sécuriser vos données et documents sensiblesAKT un outil pour sécuriser vos données et documents sensibles
AKT un outil pour sécuriser vos données et documents sensiblesStephane Carrez
 
Secure Web Applications with AWA
Secure Web Applications with AWASecure Web Applications with AWA
Secure Web Applications with AWAStephane Carrez
 
Persistence with Ada Database Objects (ADO)
Persistence with Ada Database Objects (ADO)Persistence with Ada Database Objects (ADO)
Persistence with Ada Database Objects (ADO)Stephane Carrez
 
Writing REST APIs with OpenAPI and Swagger Ada
Writing REST APIs with OpenAPI and Swagger AdaWriting REST APIs with OpenAPI and Swagger Ada
Writing REST APIs with OpenAPI and Swagger AdaStephane Carrez
 
IP Network Stack in Ada 2012 and the Ravenscar Profile
IP Network Stack in Ada 2012 and the Ravenscar ProfileIP Network Stack in Ada 2012 and the Ravenscar Profile
IP Network Stack in Ada 2012 and the Ravenscar ProfileStephane Carrez
 

More from Stephane Carrez (8)

Implementing a build manager in Ada
Implementing a build manager in AdaImplementing a build manager in Ada
Implementing a build manager in Ada
 
Porion a new Build Manager
Porion a new Build ManagerPorion a new Build Manager
Porion a new Build Manager
 
AKT un outil pour sécuriser vos données et documents sensibles
AKT un outil pour sécuriser vos données et documents sensiblesAKT un outil pour sécuriser vos données et documents sensibles
AKT un outil pour sécuriser vos données et documents sensibles
 
Ada for Web Development
Ada for Web DevelopmentAda for Web Development
Ada for Web Development
 
Secure Web Applications with AWA
Secure Web Applications with AWASecure Web Applications with AWA
Secure Web Applications with AWA
 
Persistence with Ada Database Objects (ADO)
Persistence with Ada Database Objects (ADO)Persistence with Ada Database Objects (ADO)
Persistence with Ada Database Objects (ADO)
 
Writing REST APIs with OpenAPI and Swagger Ada
Writing REST APIs with OpenAPI and Swagger AdaWriting REST APIs with OpenAPI and Swagger Ada
Writing REST APIs with OpenAPI and Swagger Ada
 
IP Network Stack in Ada 2012 and the Ravenscar Profile
IP Network Stack in Ada 2012 and the Ravenscar ProfileIP Network Stack in Ada 2012 and the Ravenscar Profile
IP Network Stack in Ada 2012 and the Ravenscar Profile
 

Recently uploaded

Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyFrank van der Linden
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)Intelisync
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 

Recently uploaded (20)

Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The Ugly
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 

Protect Sensitive Data with Ada Keystore

  • 1. Protect Sensitive Data with Ada Keystore Stéphane Carrez FOSDEM 2020
  • 2. https://github.com/stcarrez/ada-keystore 2 Why Ada Keystore? ● Store sensitive parameters of an Ada server : – Database connection passwords – API secret keys ● Tool to store sensitive information : – Passwords and accounts – Encrypted documents without exposing their keys
  • 3. https://github.com/stcarrez/ada-keystore 3 Getting a secret (1) with Keystore.Files; function Get_Secret return String is WS : Keystore.Files.Wallet_File; Pass : Keystore.Secret_Key:= Keystore.Create ("..."); begin WS.Open (Pass, “secure.akt”); return WS.Get ("api-key"); end Get_Secret; ● Open keystore with simple password (simple but less secure : password in code!)
  • 4. https://github.com/stcarrez/ada-keystore 4 Getting a secret (2) with Keystore.GPG; with Keystore.Passwords.GPG; with Keystore.Files; function Get_Secret return String is WS : Keystore.Files.Wallet_File; Ctx  : Keystore.Passwords.GPG.Context_Type; begin Keystore.GPG.Open (WS, Ctx, “secure.akt”); return WS.Get ("api-key"); end Get_Secret; ● Open keystore protected with GPG
  • 5. https://github.com/stcarrez/ada-keystore 5 Ada Keystore: a secure storage AKT User passwordGPG protected key Encrypted Data Keystore Ada Keystore
  • 6. https://github.com/stcarrez/ada-keystore 6 Ada Keystore: with multiple keys Directory key Master key block Data info key Data key key Data keys Data keys Signature key User password GPG protected key Data fragment Data fragment Data fragment Data fragment Data fragment Directory keys Encrypted Data
  • 7. https://github.com/stcarrez/ada-keystore 7 Ada Keystore: with blocks (unchained) HMAC-256HDR (1815-12-10) (1852-11-27) Ada HMAC-256UUID Storage ID HDR Data Storage Info + HMAC Directory Name Entry Data block indexes & keys HMAC-256HDR Data fragment info HMAC-256 Data Fragment Header block Directory block Data block Master key block ... HMAC-256HDR Wallet info Key slot 1UUID Key slot 7... 4K
  • 8. https://github.com/stcarrez/ada-keystore 8 Ada Keystore: key protection Wallet master key slot N (512 bytes) key slot Nsalt key N HMAC 256 = ? AES-256 CBC Wallet Master Keys (32 bytes) (240 bytes) key key (256 bits) key IV (128 bits) dat key (256 bits) dat IV (128 bits) dir key (256 bits) dir IV (128 bits) Wallet master key block AES-256 CBC PBKDF2 HMAC 256 ctr slot N (4 bytes) Sign N HMAC (32 bytes) (32 bytes) PBKDF2 HMAC 256 (4 bytes) salt IV N (32 bytes) HMAC-256HDR Wallet info Key slot 1UUID Key slot 7... Wallet Header Key, wallet header IV, Block ID User password NO, invalid password YES, valid password dir sign (256 bits) dat sign (256 bits) key sign (256 bits) Key IV HMAC 256 = ? NO, invalid block YES, valid block Wallet Sign
  • 9. https://github.com/stcarrez/ada-keystore 9 Ada Keystore: GPG protection Wallet master key slot N (512 bytes) key slot N HMAC 256 = ? AES-256 CBC Wallet Master Keys (240 bytes) key key (256 bits) key IV (128 bits) dat key (256 bits) dat IV (128 bits) dir key (256 bits) dir IV (128 bits) Wallet master key block AES-256 CBC Sign N HMAC (32 bytes) (32 bytes) HMAC-256HDR Wallet info Key slot 1UUID Key slot 7... NO, invalid password YES, valid password dir sign (256 bits) dat sign (256 bits) key sign (256 bits) Key, IV GPG2 GPG Private key Header block Key (32 bytes) IV (16 bytes) IV Key (16 bytes) (32 bytes) (1815-12-10) (1852-11-27) Ada HMAC-256UUID Storage ID HDR Data Storage Info + HMAC Sign (32 bytes) HMAC 256 = ? NO, invalid block YES, valid block header tag (4 bytes)
  • 10. https://github.com/stcarrez/ada-keystore 10 Ada Keystore: directory encryption Directory block AES-256 CBC HMAC-256HDR ... Directory Key, directory IV, Block ID HMAC 256 Directory Sign Directory Name Entry Data block indexes & keys... Per data fragment encryption keys Name (N bytes) Entry ID (4 bytes) key (256 bits) IV (128 bits) Block NumStore ID (4 bytes)(4 bytes)(4 bytes) Entry ID HMAC-256HDR Data fragment info HMAC-256 Data Fragment HMAC-256HDR Data fragment info HMAC-256 Data Fragment
  • 11. https://github.com/stcarrez/ada-keystore 11 Ada Keystore: data encryption Data block AES-256 CBC ... Data Key, IV, Block ID HMAC 256 Data Sign HMAC-256 HDR Data fragment info HMAC-256 Data Fragment AES-256 CBC HMAC 256 Data entry descriptor HMAC (256 bits) Data OffsetSlot Size (8 bytes)(2 bytes)(4 bytes) Entry ID Data fragment Key, IV, Block ID Data Fragment
  • 12. https://github.com/stcarrez/ada-keystore 12 Ada Keystore: directory decryption Directory block AES-256 CBC HMAC-256HDR ... Directory Key, directory IV, Block ID HMAC 256 = ? NO, invalid block YES, valid block Directory Sign Directory Name Entry Data block indexes & keys... Per data fragment encryption keys Name (N bytes) Entry ID (4 bytes) key (256 bits) IV (128 bits) Block NumStore ID (4 bytes)(4 bytes)(4 bytes) Entry ID HMAC-256HDR Data fragment info HMAC-256 Data Fragment HMAC-256HDR Data fragment info HMAC-256 Data Fragment
  • 13. https://github.com/stcarrez/ada-keystore 13 Ada Keystore: data decryption Data block AES-256 CBC ... Data Key, IV, Block ID HMAC 256 = ? NO, invalid block YES, valid block Data Sign HMAC-256 HDR Data fragment info HMAC-256 Data Fragment AES-256 CBC HMAC 256 Data entry descriptor HMAC (256 bits) Data OffsetSlot Size (8 bytes)(2 bytes)(4 bytes) Entry ID = ? NO, invalid fragment YES, valid fragment Data fragment Key, IV, Block ID Data Fragment
  • 14. https://github.com/stcarrez/ada-keystore 14 Ada Keystore: more complexity Data block AES-256 CBC ... Data Key, IV, Block ID HMAC 256 = ? NO, invalid block YES, valid block Data Sign Name (N bytes) Entry ID (4 bytes) (4 bytes) Entry ID HMAC-256 HDR Data fragment info HMAC-256 Data Fragment AES-256 CBC HMAC 256 Data entry descriptor HMAC (256 bits) Data OffsetSlot Size (8 bytes)(2 bytes)(4 bytes) Entry ID = ? NO, invalid fragment YES, valid fragment Data fragment Key, IV, Block ID Data Fragment Directory block AES-256 CBC HMAC-256HDR ... Directory Key, directory IV, Block ID HMAC 256 = ? NO, invalid block YES, valid block Directory Sign Directory Name Entry Data block indexes & keys... Per data fragment encryption keys Name (N bytes) Entry ID (4 bytes) key (256 bits) IV (128 bits) Block NumStore ID (4 bytes)(4 bytes)(4 bytes) Entry ID HMAC-256HDR Data fragment info HMAC-256 Data Fragment HMAC-256HDR Data fragment info HMAC-256 Data Fragment Wallet master key slot N (512 bytes) key slot Nsalt key N HMAC 256 = ? AES-256 CBC Wallet Master Keys (32 bytes) (240 bytes) key key (256 bits) key IV (128 bits) dat key (256 bits) dat IV (128 bits) dir key (256 bits) dir IV (128 bits) Wallet master key block AES-256 CBC PBKDF2 HMAC 256 ctr slot N (4 bytes) Sign N HMAC (32 bytes) (32 bytes) PBKDF2 HMAC 256 (4 bytes) salt IV N (32 bytes) HMAC-256HDR Wallet info Key slot 1UUID Key slot 7... Wallet Header Key, wallet header IV, Block ID User password NO, invalid password YES, valid password dir sign (256 bits) dat sign (256 bits) key sign (256 bits) Key IV HMAC 256 = ? NO, invalid block YES, valid block Wallet Sign Update data Secure data erase Insert data Protect keys Thread safe API Multi-task encryption/decryption Prevent security holes
  • 15. https://github.com/stcarrez/ada-keystore 15 Ada benefit : limited types ● Use limited record : – Encryption keys cannot be copied – Secret key content visible only to AES operations ● Use Ada.Finalization.Limited_Controlled : – Erase encryption keys when object is released type Secret_Key (Length : Key_Length) is limited private;
  • 16. https://github.com/stcarrez/ada-keystore 16 Ada benefit : subtypes ● Use subtype to constraint index computation : – Detect index errors when they are computed not when we access the data subtype Buffer_Size is Stream_Element_Offset range 0 .. 4064; subtype Block_Index is Stream_Element_Offset range 1 .. 4064; subtype Block_Type is Stream_Element_Array (Block_Index); Key_Pos := Key_Header_Pos - Key_Slot_Size (Iterator.Key_Count); Buf.Data (Key_Pos .. Key_Pos + Key_Size - 1) := ...; better to raise Constraint_Error here bounds still verified
  • 17. https://github.com/stcarrez/ada-keystore 17 Ada benefit : private child package ● Use private child package : – Restrict scope of operations – Helps in refactoring decisions EntriesData Keys Files Headers Refs Workers Containers Files Tools GPG Cmds Files GPG Passwords Keystore Repository Buffers Marshallers IO Keys Random Input Keys Unsafe
  • 18. https://github.com/stcarrez/ada-keystore 18 Ada benefit : precondition ● Use Preconditions : – Nice for API constraints – Helpful to detect internal errors earlier function Contains (Container : in Wallet; Name : in String) return Boolean is abstract with Pre'Class => Container.Is_Open; procedure Put_Unsigned_32 (Into : in out Marshaller; Value : in Interfaces.Unsigned_32) with Pre => Into.Pos <= Block_Type'Last - 4;
  • 19. https://github.com/stcarrez/ada-keystore 19 Ada benefit : postcondition ● Use Postconditions : – Nice for API clarification – More complex to write function Get_Header (From : in out Marshaller) return Unsigned_32 with Post => From.Pos = Block_Type'First + 3; procedure Get_Keys (From : in Key_Provider; Key : out Secret_Key; IV : out Secret_Key; Sign : out Secret_Key) is abstract with Post'Class => Key.Length = 32 and IV.Length = 16 and Sign.Length = 32;
  • 20. https://github.com/stcarrez/ada-keystore 20 Ada benefit : protected types ● Use protected types : – Concurrent access to keystore objects – Holds de keystore internal data structures protected type Wallet_Container is procedure Open (...); procedure Create (...); procedure Add (...); ... end Wallet_Container;
  • 21. https://github.com/stcarrez/ada-keystore 21 Ada benefit : tasks ● Use tasks for encryption/decryption process: – parallelize encryption and decryption – allow to configure the number of tasks – pre-allocation of tasks
  • 22. https://github.com/stcarrez/ada-keystore 22 Ada Keystore Work Queues AES-256 CBC HMAC 256 READ BLOCKExecutor Queue Executor Task #1 Sequence Queue AES-256 CBC HMAC 256 Executor Task #N HMAC-256HDR Data fragment info HMAC-256 Data Fragment HMAC-256HDR Data fragment info HMAC-256 Data Fragment HMAC-256HDR Data fragment info HMAC-256 Data Fragment Data Fragment #1 Data Fragment #2 Data Fragment #N Prepare Work Collect Work READ BLOCK Work Pool
  • 23. https://github.com/stcarrez/ada-keystore 23 Conclusion ● Writing a secure keystore is hard : – insert, update, remove data entries that look random – don’t leak secret keys ● Project succeeded thanks to Ada : – many errors prevented by the language – no buffer overflow, runtime error detection ● Secure storage made simple for Ada : – simple Ada API (Open, Create, Add, Get, Remove) – https://ada-keystore.readthedocs.io/en/latest/