crypto: Correctly generate a random nonce for pickling of the signing objects.
This commit is contained in:
parent
7cab7cadc9
commit
6a7da5a8b6
1 changed files with 8 additions and 1 deletions
|
@ -19,6 +19,7 @@ use aes_gcm::{
|
|||
Aes256Gcm,
|
||||
};
|
||||
use base64::{decode_config, encode_config, DecodeError, URL_SAFE_NO_PAD};
|
||||
use getrandom::getrandom;
|
||||
use serde::{Deserialize, Serialize};
|
||||
use std::{
|
||||
collections::BTreeMap,
|
||||
|
@ -42,6 +43,8 @@ use crate::{
|
|||
requests::UploadSigningKeysRequest,
|
||||
};
|
||||
|
||||
const NONCE_SIZE: usize = 12;
|
||||
|
||||
fn encode<T: AsRef<[u8]>>(input: T) -> String {
|
||||
encode_config(input, URL_SAFE_NO_PAD)
|
||||
}
|
||||
|
@ -276,7 +279,11 @@ impl Signing {
|
|||
async fn pickle(&self, pickle_key: &[u8]) -> PickledSigning {
|
||||
let key = GenericArray::from_slice(pickle_key);
|
||||
let cipher = Aes256Gcm::new(key);
|
||||
let nonce = GenericArray::from_slice(b"unique nonce");
|
||||
|
||||
let mut nonce = vec![0u8; NONCE_SIZE];
|
||||
getrandom(&mut nonce).expect("Can't generate nonce to pickle the signing object");
|
||||
let nonce = GenericArray::from_slice(nonce.as_slice());
|
||||
|
||||
let ciphertext = cipher
|
||||
.encrypt(nonce, self.seed.as_slice())
|
||||
.expect("Can't encrypt signing pickle");
|
||||
|
|
Loading…
Reference in a new issue