Page MenuHomePhabricator

Support HMAC+SHA256 with automatic key generation and management

Authored by epriestley on Apr 6 2017, 4:38 PM.



Ref T12509. This adds support for HMAC+SHA256 (instead of HMAC+SHA1). Although HMAC+SHA1 is not currently broken in any sense, SHA1 has a well-known collision and it's good to look at moving away from HMAC+SHA1.

The new mechanism also automatically generates and stores HMAC keys.

Currently, HMAC keys largely use a per-install constant defined in security.hmac-key. In theory this can be changed, but in practice essentially no install changes it.

We generally (in fact, always, I think?) don't use HMAC digests in a way where it matters that this key is well-known, but it's slightly better if this key is unique per class of use cases. Principally, if use cases have unique HMAC keys they are generally less vulnerable to precomputation attacks where an attacker might generate a large number of HMAC hashes of well-known values and use them in a nefarious way. The actual threat here is probably close to nonexistent, but we can harden against it without much extra effort.

Beyond that, this isn't something users should really have to think about or bother configuring.

Test Plan
  • Added unit tests.
  • Used bin/files integrity to verify, strip, and recompute hashes.
  • Tampered with a generated HMAC key, verified it invalidated hashes.

Diff Detail

rP Phabricator
Lint Not Applicable
Tests Not Applicable

Event Timeline

This breaks the integrity hashes of files uploaded to installs that upgraded in the last ~18 hours until they upgrade again, but bin/files integrity has tools to repair them and I'll issue some guidance about this.

This revision is now accepted and ready to land.Apr 6 2017, 10:37 PM
This revision was automatically updated to reflect the committed changes.