Skip to content
This repository has been archived by the owner on Jan 17, 2024. It is now read-only.

Commit

Permalink
Add encryption cipher to HMAC aad
Browse files Browse the repository at this point in the history
  • Loading branch information
@lixmal
lixmal committed Aug 2, 2017
1 parent d9d68e0 commit f73cd42
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 5 deletions.
2 changes: 1 addition & 1 deletion lib/File/KeePass/Web.pm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ sub get_crypt {
my $iv = Crypt::URandom::urandom(IV_SIZE);

my $ciphertext = $crypt->encrypt($plaintext, $$enc_key, $iv);
my $mac = hmac $mac_cipher, $$mac_key, $iv, $ciphertext, map { Encode::encode 'UTF-8', $_ } @adata;
my $mac = hmac $mac_cipher, $$mac_key, $enc_cipher, $iv, $ciphertext, map { Encode::encode 'UTF-8', $_ } @adata;

return $iv . $mac . $ciphertext;
}
Expand Down
8 changes: 4 additions & 4 deletions lib/KeePass4Web/KeePass.pm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -230,7 +230,7 @@ sub fetch_and_decrypt {
# reencrypt db and store in shared memory
# add expiry date in front
my $ciphertext = get_crypt->encrypt(encode_sereal($kp->groups), $db_enc_key, $db_iv);
my $mac = hmac config->{hmac_cipher}, $db_mac_key, $db_iv, $ciphertext;
my $mac = hmac config->{hmac_cipher}, $db_mac_key, config->{ipc_cipher}, $db_iv, $ciphertext;
ipc_store $db_iv . $mac . $ciphertext, $header;

# pw keys already a ref
Expand Down Expand Up @@ -267,7 +267,7 @@ sub ipc_retrieve {
my ($iv, $mac, $ciphertext) = unpack 'a' . IV_SIZE . "a${MAC_SIZE}a*", $user->{groups};

my ($enc_key, $mac_key) = retrieve_db_keys;
my $calced_mac = hmac config->{hmac_cipher}, $mac_key, $iv, $ciphertext;
my $calced_mac = hmac config->{hmac_cipher}, $mac_key, config->{ipc_cipher}, $iv, $ciphertext;
die "Failed to verify database MAC\n" if !equal $mac, $calced_mac;

return decode_sereal get_crypt->decrypt($ciphertext, $enc_key, $iv);
Expand Down Expand Up @@ -460,7 +460,7 @@ ajax '/get_password' => sub {
my $aad = $name eq 'password' ? File::KeePass::Web::PASSWORD : File::KeePass::Web::STRING . " $name";

my ($enc_key, $mac_key) = retrieve_pw_keys;
my $calced_mac = hmac config->{hmac_cipher}, $mac_key, $iv, $ciphertext, Encode::encode 'UTF-8', $aad;
my $calced_mac = hmac config->{hmac_cipher}, $mac_key, config->{pw_cipher}, $iv, $ciphertext, Encode::encode 'UTF-8', $aad;
return failure 'Failed to verify password MAC' if !equal $mac, $calced_mac;

return success undef, Encode::decode 'UTF-8', get_crypt(config->{pw_cipher})->decrypt($ciphertext, $enc_key, $iv);
Expand Down Expand Up @@ -491,7 +491,7 @@ ajax '/get_file' => sub {
my ($iv, $mac, $ciphertext) = unpack 'a' . File::KeePass::Web::IV_SIZE . "a${MAC_SIZE}a*", $binary->{$filename};
my ($enc_key, $mac_key) = retrieve_pw_keys;

my $calced_mac = hmac config->{hmac_cipher}, $mac_key, $iv, $ciphertext, Encode::encode 'UTF-8', File::KeePass::Web::FILE . " $filename";
my $calced_mac = hmac config->{hmac_cipher}, $mac_key, config->{pw_cipher}, $iv, $ciphertext, Encode::encode 'UTF-8', File::KeePass::Web::FILE . " $filename";
return failure 'Failed to verify file MAC' if !equal $mac, $calced_mac;
my $file = get_crypt(config->{pw_cipher})->decrypt($ciphertext, $enc_key, $iv);

Expand Down

0 comments on commit f73cd42

Please sign in to comment.