awiteb/lprs
1
Fork 0
Code Issues 2 Pull requests Releases 3 Activity Actions

security: Use system seeded rng for IV

Browse source 
Acked-by: Amjad Alsharafi <me@amjad.alsharafi.dev>
This commit is contained in:
Awiteb 2024-05-18 11:45:02 +03:00
parent b084107e9d
commit 920ff2a2d4
Signed by: awiteb
GPG key ID: 3F6B55640AA6682F
1 changed files with 3 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
src/vault/cipher.rs
View file

@ -19,7 +19,7 @@ use std::time::{SystemTime, UNIX_EPOCH};
use aes::cipher::{block_padding::Pkcs7, BlockDecryptMut, BlockEncryptMut, KeyIvInit}; use aes::cipher::{block_padding::Pkcs7, BlockDecryptMut, BlockEncryptMut, KeyIvInit};
use base32::Alphabet as Base32Alphabet; use base32::Alphabet as Base32Alphabet;
use clap::ValueEnum; use clap::ValueEnum;
use rand::{rngs::StdRng, Rng, SeedableRng}; use rand::{thread_rng, RngCore};
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use crate::{LprsError, LprsResult}; use crate::{LprsError, LprsResult};
@ -78,13 +78,8 @@ pub fn totp_now(secret_base32: &str, hash_function: &TotpHash) -> LprsResult<(St
/// ///
/// Note: The IV will be add it to the end of the ciphertext (Last 16 bytes) /// Note: The IV will be add it to the end of the ciphertext (Last 16 bytes)
pub(crate) fn encrypt(master_password: &[u8; 32], data: &[u8]) -> Vec<u8> { pub(crate) fn encrypt(master_password: &[u8; 32], data: &[u8]) -> Vec<u8> {
let iv: [u8; 16] = StdRng::seed_from_u64( let mut iv = [0u8; 16];
SystemTime::now() thread_rng().fill_bytes(&mut iv);
.duration_since(UNIX_EPOCH)
.expect("SystemTime before UNIX EPOCH!")
.as_secs(),
)
.gen();
let mut ciphertext = let mut ciphertext =
Aes256CbcEnc::new(master_password.into(), &iv.into()).encrypt_padded_vec_mut::<Pkcs7>(data); Aes256CbcEnc::new(master_password.into(), &iv.into()).encrypt_padded_vec_mut::<Pkcs7>(data);