Changeset View
Changeset View
Standalone View
Standalone View
src/applications/files/format/PhabricatorFileAES256StorageFormat.php
| Show First 20 Lines • Show All 50 Lines • ▼ Show 20 Lines | public function newWriteIterator($raw_iterator) { | ||||
| list($key, $iv) = $this->extractKeyAndIV($file); | list($key, $iv) = $this->extractKeyAndIV($file); | ||||
| $data = $this->encryptData($data, $key, $iv); | $data = $this->encryptData($data, $key, $iv); | ||||
| return array($data); | return array($data); | ||||
| } | } | ||||
| public function newFormatIntegrityHash() { | |||||
| $file = $this->getFile(); | |||||
| list($key_envelope, $iv_envelope) = $this->extractKeyAndIV($file); | |||||
| // NOTE: We include the IV in the format integrity hash. If we do not, | |||||
| // attackers can potentially forge the first block of decrypted data | |||||
| // in CBC mode if they are able to substitute a chosen IV and predict | |||||
| // the plaintext. (Normally, they can not tamper with the IV.) | |||||
| $input = self::FORMATKEY.'/iv:'.$iv_envelope->openEnvelope(); | |||||
| return PhabricatorHash::digest($input); | |||||
| } | |||||
| public function newStorageProperties() { | public function newStorageProperties() { | ||||
| // Generate a unique key and IV for this block of data. | // Generate a unique key and IV for this block of data. | ||||
| $key_envelope = self::newAES256Key(); | $key_envelope = self::newAES256Key(); | ||||
| $iv_envelope = self::newAES256IV(); | $iv_envelope = self::newAES256IV(); | ||||
| return $this->formatStorageProperties($key_envelope, $iv_envelope); | return $this->formatStorageProperties($key_envelope, $iv_envelope); | ||||
| } | } | ||||
| ▲ Show 20 Lines • Show All 133 Lines • Show Last 20 Lines | |||||