Changeset View
Changeset View
Standalone View
Standalone View
src/applications/files/format/PhabricatorFileAES256StorageFormat.php
| Show First 20 Lines • Show All 61 Lines • ▼ Show 20 Lines | public function newFormatIntegrityHash() { | ||||
| // NOTE: We include the IV in the format integrity hash. If we do not, | // NOTE: We include the IV in the format integrity hash. If we do not, | ||||
| // attackers can potentially forge the first block of decrypted data | // attackers can potentially forge the first block of decrypted data | ||||
| // in CBC mode if they are able to substitute a chosen IV and predict | // in CBC mode if they are able to substitute a chosen IV and predict | ||||
| // the plaintext. (Normally, they can not tamper with the IV.) | // the plaintext. (Normally, they can not tamper with the IV.) | ||||
| $input = self::FORMATKEY.'/iv:'.$iv_envelope->openEnvelope(); | $input = self::FORMATKEY.'/iv:'.$iv_envelope->openEnvelope(); | ||||
| return PhabricatorHash::digest($input); | return PhabricatorHash::digestWithNamedKey( | ||||
| $input, | |||||
| PhabricatorFileStorageEngine::HMAC_INTEGRITY); | |||||
| } | } | ||||
| public function newStorageProperties() { | public function newStorageProperties() { | ||||
| // Generate a unique key and IV for this block of data. | // Generate a unique key and IV for this block of data. | ||||
| $key_envelope = self::newAES256Key(); | $key_envelope = self::newAES256Key(); | ||||
| $iv_envelope = self::newAES256IV(); | $iv_envelope = self::newAES256IV(); | ||||
| return $this->formatStorageProperties($key_envelope, $iv_envelope); | return $this->formatStorageProperties($key_envelope, $iv_envelope); | ||||
| ▲ Show 20 Lines • Show All 135 Lines • Show Last 20 Lines | |||||