mirror of
https://gitlab.gnome.org/GNOME/libsecret.git
synced 2024-12-22 12:48:51 +00:00
file-collection: Make it consistent about block cipher algorithm
The original code tries to encrypt the file format using AES-256-CBC, though actually AES-128-CBC was used because the key size is shorter and libgcrypt automatically degrades to AES-128-CBC based on the key size. Reported by Sophie Herold in: https://github.com/bilelmoussaoui/oo7/issues/46#issuecomment-1816286494 Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
This commit is contained in:
parent
47f524e2df
commit
0b4769f871
@ -32,8 +32,9 @@ EGG_SECURE_DECLARE (secret_file_collection);
|
|||||||
#define MAC_ALGO GCRY_MAC_HMAC_SHA256
|
#define MAC_ALGO GCRY_MAC_HMAC_SHA256
|
||||||
#define MAC_SIZE 32
|
#define MAC_SIZE 32
|
||||||
|
|
||||||
#define CIPHER_ALGO GCRY_CIPHER_AES256
|
#define CIPHER_ALGO GCRY_CIPHER_AES128
|
||||||
#define CIPHER_BLOCK_SIZE 16
|
#define CIPHER_BLOCK_SIZE 16
|
||||||
|
#define KEY_SIZE 16
|
||||||
#define IV_SIZE CIPHER_BLOCK_SIZE
|
#define IV_SIZE CIPHER_BLOCK_SIZE
|
||||||
|
|
||||||
#define KEYRING_FILE_HEADER "GnomeKeyring\n\r\0\n"
|
#define KEYRING_FILE_HEADER "GnomeKeyring\n\r\0\n"
|
||||||
@ -96,9 +97,9 @@ do_derive_key (SecretFileCollection *self)
|
|||||||
|
|
||||||
password = secret_value_get (self->password, &n_password);
|
password = secret_value_get (self->password, &n_password);
|
||||||
|
|
||||||
key = egg_secure_alloc (CIPHER_BLOCK_SIZE);
|
key = egg_secure_alloc (KEY_SIZE);
|
||||||
self->key = g_bytes_new_with_free_func (key,
|
self->key = g_bytes_new_with_free_func (key,
|
||||||
CIPHER_BLOCK_SIZE,
|
KEY_SIZE,
|
||||||
egg_secure_free,
|
egg_secure_free,
|
||||||
key);
|
key);
|
||||||
|
|
||||||
@ -106,7 +107,7 @@ do_derive_key (SecretFileCollection *self)
|
|||||||
gcry = gcry_kdf_derive (password, n_password,
|
gcry = gcry_kdf_derive (password, n_password,
|
||||||
GCRY_KDF_PBKDF2, PBKDF2_HASH_ALGO,
|
GCRY_KDF_PBKDF2, PBKDF2_HASH_ALGO,
|
||||||
g_bytes_get_data (self->salt, NULL), n_salt,
|
g_bytes_get_data (self->salt, NULL), n_salt,
|
||||||
self->iteration_count, CIPHER_BLOCK_SIZE, key);
|
self->iteration_count, KEY_SIZE, key);
|
||||||
return (gcry != 0) ? FALSE : TRUE;
|
return (gcry != 0) ? FALSE : TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user