From cd8e4665136873a40d8726541fed4560aadd3d74 Mon Sep 17 00:00:00 2001
From: Victor Shyba <victor.shyba@gmail.com>
Date: Thu, 15 Jan 2015 16:23:43 -0300
Subject: for #227, also use IV on hmac generation

---
 service/pixelated/support/encrypted_file_storage.py | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'service/pixelated/support/encrypted_file_storage.py')

diff --git a/service/pixelated/support/encrypted_file_storage.py b/service/pixelated/support/encrypted_file_storage.py
index 49a67627..67036054 100644
--- a/service/pixelated/support/encrypted_file_storage.py
+++ b/service/pixelated/support/encrypted_file_storage.py
@@ -51,17 +51,18 @@ class EncryptedFileStorage(FileStorage):
     def file_length(self, name):
         return self.length_cache[name][0]
 
-    def gen_mac(self, ciphertext):
-        return hmac.new(self.signkey, ciphertext, sha256).digest()
+    def gen_mac(self, iv, ciphertext):
+        verifiable_payload = ''.join((iv, ciphertext))
+        return hmac.new(self.signkey, verifiable_payload, sha256).digest()
 
     def encrypt(self, content):
         iv, ciphertext = encrypt_sym(content, self.masterkey, EncryptionMethods.XSALSA20)
-        mac = self.gen_mac(ciphertext)
+        mac = self.gen_mac(iv, ciphertext)
         return ''.join((mac, iv, ciphertext))
 
     def decrypt(self, payload):
         payload_mac, iv, ciphertext = payload[:32], payload[32:65], payload[65:]
-        generated_mac = self.gen_mac(ciphertext)
+        generated_mac = self.gen_mac(iv, ciphertext)
         if sha256(payload_mac).digest() != sha256(generated_mac).digest():
             raise Exception("EncryptedFileStorage  - Error opening file. Wrong MAC")
         return decrypt_sym(ciphertext, self.masterkey, EncryptionMethods.XSALSA20, iv=iv)
-- 
cgit v1.2.3