Changeset View
Changeset View
Standalone View
Standalone View
src/applications/files/format/PhabricatorFileAES256StorageFormat.php
Show First 20 Lines • Show All 50 Lines • ▼ Show 20 Lines | public function newWriteIterator($raw_iterator) { | ||||
list($key, $iv) = $this->extractKeyAndIV($file); | list($key, $iv) = $this->extractKeyAndIV($file); | ||||
$data = $this->encryptData($data, $key, $iv); | $data = $this->encryptData($data, $key, $iv); | ||||
return array($data); | return array($data); | ||||
} | } | ||||
public function newFormatIntegrityHash() { | |||||
$file = $this->getFile(); | |||||
list($key_envelope, $iv_envelope) = $this->extractKeyAndIV($file); | |||||
// NOTE: We include the IV in the format integrity hash. If we do not, | |||||
// attackers can potentially forge the first block of decrypted data | |||||
// in CBC mode if they are able to substitute a chosen IV and predict | |||||
// the plaintext. (Normally, they can not tamper with the IV.) | |||||
$input = self::FORMATKEY.'/iv:'.$iv_envelope->openEnvelope(); | |||||
return PhabricatorHash::digest($input); | |||||
} | |||||
public function newStorageProperties() { | public function newStorageProperties() { | ||||
// Generate a unique key and IV for this block of data. | // Generate a unique key and IV for this block of data. | ||||
$key_envelope = self::newAES256Key(); | $key_envelope = self::newAES256Key(); | ||||
$iv_envelope = self::newAES256IV(); | $iv_envelope = self::newAES256IV(); | ||||
return $this->formatStorageProperties($key_envelope, $iv_envelope); | return $this->formatStorageProperties($key_envelope, $iv_envelope); | ||||
} | } | ||||
▲ Show 20 Lines • Show All 133 Lines • Show Last 20 Lines |