summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVictor Shyba <victor.shyba@gmail.com>2015-01-15 16:23:43 -0300
committerVictor Shyba <victor.shyba@gmail.com>2015-01-15 16:25:01 -0300
commitcd8e4665136873a40d8726541fed4560aadd3d74 (patch)
tree1f06712447cfcb87340e508d2fdb4ef0b4d05a11
parentab2fb69e74464d5424d7e3429d4e787586cd00e8 (diff)
for #227, also use IV on hmac generation
-rw-r--r--service/pixelated/support/encrypted_file_storage.py9
1 files changed, 5 insertions, 4 deletions
diff --git a/service/pixelated/support/encrypted_file_storage.py b/service/pixelated/support/encrypted_file_storage.py
index 49a67627..67036054 100644
--- a/service/pixelated/support/encrypted_file_storage.py
+++ b/service/pixelated/support/encrypted_file_storage.py
@@ -51,17 +51,18 @@ class EncryptedFileStorage(FileStorage):
def file_length(self, name):
return self.length_cache[name][0]
- def gen_mac(self, ciphertext):
- return hmac.new(self.signkey, ciphertext, sha256).digest()
+ def gen_mac(self, iv, ciphertext):
+ verifiable_payload = ''.join((iv, ciphertext))
+ return hmac.new(self.signkey, verifiable_payload, sha256).digest()
def encrypt(self, content):
iv, ciphertext = encrypt_sym(content, self.masterkey, EncryptionMethods.XSALSA20)
- mac = self.gen_mac(ciphertext)
+ mac = self.gen_mac(iv, ciphertext)
return ''.join((mac, iv, ciphertext))
def decrypt(self, payload):
payload_mac, iv, ciphertext = payload[:32], payload[32:65], payload[65:]
- generated_mac = self.gen_mac(ciphertext)
+ generated_mac = self.gen_mac(iv, ciphertext)
if sha256(payload_mac).digest() != sha256(generated_mac).digest():
raise Exception("EncryptedFileStorage - Error opening file. Wrong MAC")
return decrypt_sym(ciphertext, self.masterkey, EncryptionMethods.XSALSA20, iv=iv)