src/backup/crypt_config.rs - compute_digest: make it more secure

This commit is contained in:
Dietmar Maurer 2020-07-08 12:49:21 +02:00
parent 69e5d71961
commit c1ff544eff

View File

@ -80,10 +80,9 @@ impl CryptConfig {
/// chunk digest values do not clash with values computed for /// chunk digest values do not clash with values computed for
/// other sectret keys. /// other sectret keys.
pub fn compute_digest(&self, data: &[u8]) -> [u8; 32] { pub fn compute_digest(&self, data: &[u8]) -> [u8; 32] {
// FIXME: use HMAC-SHA256 instead??
let mut hasher = openssl::sha::Sha256::new(); let mut hasher = openssl::sha::Sha256::new();
hasher.update(&self.id_key);
hasher.update(data); hasher.update(data);
hasher.update(&self.id_key); // at the end, to avoid length extensions attacks
hasher.finish() hasher.finish()
} }
@ -220,7 +219,7 @@ impl CryptConfig {
created: DateTime<Local>, created: DateTime<Local>,
) -> Result<Vec<u8>, Error> { ) -> Result<Vec<u8>, Error> {
let modified = Local.timestamp(Local::now().timestamp(), 0); let modified = Local.timestamp(Local::now().timestamp(), 0);
let key_config = super::KeyConfig { kdf: None, created, modified, data: self.enc_key.to_vec() }; let key_config = super::KeyConfig { kdf: None, created, modified, data: self.enc_key.to_vec() };
let data = serde_json::to_string(&key_config)?.as_bytes().to_vec(); let data = serde_json::to_string(&key_config)?.as_bytes().to_vec();