src/backup/crypt_config.rs - compute_digest: make it more secure
This commit is contained in:
parent
69e5d71961
commit
c1ff544eff
@ -80,10 +80,9 @@ impl CryptConfig {
|
|||||||
/// chunk digest values do not clash with values computed for
|
/// chunk digest values do not clash with values computed for
|
||||||
/// other sectret keys.
|
/// other sectret keys.
|
||||||
pub fn compute_digest(&self, data: &[u8]) -> [u8; 32] {
|
pub fn compute_digest(&self, data: &[u8]) -> [u8; 32] {
|
||||||
// FIXME: use HMAC-SHA256 instead??
|
|
||||||
let mut hasher = openssl::sha::Sha256::new();
|
let mut hasher = openssl::sha::Sha256::new();
|
||||||
hasher.update(&self.id_key);
|
|
||||||
hasher.update(data);
|
hasher.update(data);
|
||||||
|
hasher.update(&self.id_key); // at the end, to avoid length extensions attacks
|
||||||
hasher.finish()
|
hasher.finish()
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -220,7 +219,7 @@ impl CryptConfig {
|
|||||||
created: DateTime<Local>,
|
created: DateTime<Local>,
|
||||||
) -> Result<Vec<u8>, Error> {
|
) -> Result<Vec<u8>, Error> {
|
||||||
|
|
||||||
let modified = Local.timestamp(Local::now().timestamp(), 0);
|
let modified = Local.timestamp(Local::now().timestamp(), 0);
|
||||||
let key_config = super::KeyConfig { kdf: None, created, modified, data: self.enc_key.to_vec() };
|
let key_config = super::KeyConfig { kdf: None, created, modified, data: self.enc_key.to_vec() };
|
||||||
let data = serde_json::to_string(&key_config)?.as_bytes().to_vec();
|
let data = serde_json::to_string(&key_config)?.as_bytes().to_vec();
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user