Skip to content

Add a secure cache to Windows Hello to make it usable (amount of prompts) #105

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 46 commits into
base: develop
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
46 commits
Select commit Hold shift + click to select a range
a647ee8
Store encryption keys in a CryptProtectMemory protected cache
purejava Feb 18, 2025
2688f00
Fix compile errors
purejava Feb 20, 2025
ddf3274
The Windows Hello prompt actually
purejava Mar 29, 2025
7fa7a34
Securely delete signatureData
purejava Mar 29, 2025
8902f9a
Revert "do not expose WindowsHelloKeychain due to usability issues"
purejava Mar 29, 2025
b61387f
Use the challenge as the key for the cache
purejava Mar 29, 2025
152b180
Securely delete protectCopy
purejava Apr 4, 2025
6815aa4
Remove log statements only needed for testing
purejava Apr 4, 2025
c5f31ac
protectCopy is defined in an upper code block
purejava Apr 4, 2025
4504db4
Merge branch 'develop' into secure-cache
purejava Apr 12, 2025
6bda0f9
Revert "Use the challenge as the key for the cache"
purejava May 5, 2025
6d9d5b0
Cleanup
purejava May 5, 2025
eb5446d
Fixes HMAC verification failure
purejava May 5, 2025
f18f6a9
Further cleanup
purejava May 5, 2025
9fda90b
Move signing and caching to it's own method
purejava May 21, 2025
430e750
Check data against CRYPTPROTECTMEMORY_BLOCK_SIZE
purejava May 21, 2025
2b119e8
Use fixed challenge for Windows Hello
purejava May 21, 2025
2bfa54b
fold two lines into one
infeo May 26, 2025
b745722
rename variable
infeo May 26, 2025
cd3d5d7
directly return the buffer instead of a bool
infeo May 26, 2025
6a69dc6
move algorithm creation to its usage
infeo May 27, 2025
2519bb1
rename methods
infeo May 27, 2025
e72e0db
use exceptions instead of returning true/false
infeo May 27, 2025
1c5df21
rename method
infeo May 27, 2025
453fe1a
refactored retrieveAndCacheSignatureData
infeo May 27, 2025
f1d4a4d
clean up hkdf
infeo May 28, 2025
0bf9e88
more memory zeroing
infeo May 28, 2025
942189e
use correct function name
infeo May 28, 2025
d671810
move the fixed challenge to native code and use a salt again
infeo May 28, 2025
04c42db
fix shadowning bug
infeo May 28, 2025
fa4a333
cleanup
infeo May 28, 2025
98ced77
remove intermediate vector
infeo May 28, 2025
c40e8dd
adjust exception message
infeo May 28, 2025
aa30136
remove intermediate vector view
infeo May 28, 2025
0c70e55
directly release java array elements after use
infeo May 28, 2025
26be941
more cleanup
infeo May 28, 2025
1247b3c
anti RAII
infeo May 28, 2025
6275679
more auto
infeo May 28, 2025
aaab125
fix bug of failing memory protection
infeo May 28, 2025
43aaa0e
resolve error code TODOs
infeo May 28, 2025
f302066
fix user cancellation and improve exception handling
infeo May 28, 2025
4bf4fec
use SecureZeroMemory function to clear memory
infeo May 28, 2025
0d97b56
simplify hkdf method
infeo May 29, 2025
7a7452b
add comment about user cancellation
infeo May 29, 2025
70dd2ac
add doxygen like docs
infeo May 29, 2025
abc624d
change windows Hello challenge
infeo May 29, 2025
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion src/main/java/module-info.java
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
opens org.cryptomator.windows.quickaccess to org.cryptomator.integrations.api;

provides AutoStartProvider with WindowsAutoStart;
provides KeychainAccessProvider with WindowsProtectedKeychainAccess;
provides KeychainAccessProvider with WindowsProtectedKeychainAccess, WindowsHelloKeychainAccess;
provides UiAppearanceProvider with WinUiAppearanceProvider;
provides RevealPathService with ExplorerRevealPathService;
provides QuickAccessService with ExplorerQuickAccessService;
Expand Down
12 changes: 6 additions & 6 deletions src/main/java/org/cryptomator/windows/keychain/WindowsHello.java
Original file line number Diff line number Diff line change
Expand Up @@ -12,13 +12,13 @@ public WindowsHello(String keyId) {
}

@Override
public byte[] encrypt(byte[] cleartext, byte[] challenge) {
return Native.INSTANCE.setEncryptionKey(keyId, cleartext, challenge);
public byte[] encrypt(byte[] cleartext, byte[] salt) {
return Native.INSTANCE.encrypt(keyId, cleartext, salt);
}

@Override
public byte[] decrypt(byte[] ciphertext, byte[] challenge) {
return Native.INSTANCE.getEncryptionKey(keyId, ciphertext, challenge);
public byte[] decrypt(byte[] ciphertext, byte[] salt) {
return Native.INSTANCE.decrypt(keyId, ciphertext, salt);
}

public boolean isSupported() {
Expand All @@ -35,9 +35,9 @@ private Native() {

public native boolean isSupported();

public native byte[] setEncryptionKey(byte[] keyId, byte[] cleartext, byte[] challenge);
public native byte[] encrypt(byte[] keyId, byte[] cleartext, byte[] salt);

public native byte[] getEncryptionKey(byte[] keyId, byte[] ciphertext, byte[] challenge);
public native byte[] decrypt(byte[] keyId, byte[] ciphertext, byte[] salt);
}

}
Loading