Changeset View
Changeset View
Standalone View
Standalone View
src/applications/files/format/PhabricatorFileAES256StorageFormat.php
Show First 20 Lines • Show All 61 Lines • ▼ Show 20 Lines | public function newFormatIntegrityHash() { | ||||
// NOTE: We include the IV in the format integrity hash. If we do not, | // NOTE: We include the IV in the format integrity hash. If we do not, | ||||
// attackers can potentially forge the first block of decrypted data | // attackers can potentially forge the first block of decrypted data | ||||
// in CBC mode if they are able to substitute a chosen IV and predict | // in CBC mode if they are able to substitute a chosen IV and predict | ||||
// the plaintext. (Normally, they can not tamper with the IV.) | // the plaintext. (Normally, they can not tamper with the IV.) | ||||
$input = self::FORMATKEY.'/iv:'.$iv_envelope->openEnvelope(); | $input = self::FORMATKEY.'/iv:'.$iv_envelope->openEnvelope(); | ||||
return PhabricatorHash::digest($input); | return PhabricatorHash::digestWithNamedKey( | ||||
$input, | |||||
PhabricatorFileStorageEngine::HMAC_INTEGRITY); | |||||
} | } | ||||
public function newStorageProperties() { | public function newStorageProperties() { | ||||
// Generate a unique key and IV for this block of data. | // Generate a unique key and IV for this block of data. | ||||
$key_envelope = self::newAES256Key(); | $key_envelope = self::newAES256Key(); | ||||
$iv_envelope = self::newAES256IV(); | $iv_envelope = self::newAES256IV(); | ||||
return $this->formatStorageProperties($key_envelope, $iv_envelope); | return $this->formatStorageProperties($key_envelope, $iv_envelope); | ||||
▲ Show 20 Lines • Show All 135 Lines • Show Last 20 Lines |