Simplify crypto: use SHA256-based key derivation, remove hkdf dependency
Some checks failed
CI / test (push) Failing after 2s
Some checks failed
CI / test (push) Failing after 2s
This commit is contained in:
@@ -1,7 +1,6 @@
|
|||||||
use aes_gcm::{Aes256Gcm, Key, Nonce};
|
use aes_gcm::{Aes256Gcm, Key, Nonce};
|
||||||
use aes_gcm::aead::{Aead, AeadCore, OsRng};
|
use aes_gcm::aead::{Aead, AeadCore, OsRng};
|
||||||
use sha2::Sha256;
|
use sha2::Sha256;
|
||||||
use hkdf::Hkdf;
|
|
||||||
use base64::{Engine as _, engine::general_purpose::STANDARD};
|
use base64::{Engine as _, engine::general_purpose::STANDARD};
|
||||||
use std::fmt;
|
use std::fmt;
|
||||||
|
|
||||||
@@ -37,13 +36,12 @@ impl CryptoManager {
|
|||||||
|
|
||||||
pub fn from_password(password: &str, salt: &[u8; 32]) -> Result<Self, CryptoError> {
|
pub fn from_password(password: &str, salt: &[u8; 32]) -> Result<Self, CryptoError> {
|
||||||
let password_bytes = password.as_bytes();
|
let password_bytes = password.as_bytes();
|
||||||
|
let mut key_material = Vec::with_capacity(password_bytes.len() + salt.len());
|
||||||
|
key_material.extend_from_slice(password_bytes);
|
||||||
|
key_material.extend_from_slice(salt);
|
||||||
|
|
||||||
let hkdf = Hkdf::<Sha256>::new(Some(salt), password_bytes);
|
let hash = Sha256::digest(&key_material);
|
||||||
let mut key_bytes = [0u8; Self::KEY_SIZE];
|
let key = Key::<Aes256Gcm>::from_slice(&hash);
|
||||||
hkdf.expand(&[], &mut key_bytes)
|
|
||||||
.map_err(|_| CryptoError::KeyDerivationFailed)?;
|
|
||||||
|
|
||||||
let key = Key::<Aes256Gcm>::from_slice(&key_bytes);
|
|
||||||
|
|
||||||
Ok(CryptoManager { key: *key })
|
Ok(CryptoManager { key: *key })
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user