shimun/fido2luks
1
0
Fork 0
Code Issues Pull Requests 3 Releases Wiki Activity

Use ring for sha256 calculation

Browse Source 
According to https://rustsec.org/advisories/RUSTSEC-2016-0005.html,
rust-crypto is unmaintained.

Crates depending on rust-crypto should be ported to other crates.

This port replaces rust-crypto with the sha2 implementation of ring,
as fido2luks already depends on it via ctap_hmac. Note that it uses
an old version of ring, so I used the same version, here.
This commit is contained in:
Jan Niehusmann
2019-10-11 21:52:35 +00:00
parent 79e9a37806
commit 3cf5ccf2a0
4 changed files with 13 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/main.rs
View File

@@ -5,10 +5,9 @@ use crate::cli::*;
use crate::config::*;
use crate::device::*;
use crate::error::*;
use crypto::digest::Digest;
use crypto::sha2::Sha256;
use cryptsetup_rs as luks;
use cryptsetup_rs::Luks1CryptDevice;
use ring::digest;
use std::io::{self};
use std::path::PathBuf;
@@ -26,11 +25,11 @@ fn open_container(device: &PathBuf, name: &str, secret: &[u8; 32]) -> Fido2LuksR
}
fn assemble_secret(hmac_result: &[u8], salt: &[u8]) -> [u8; 32] {
let mut digest = Sha256::new();
digest.input(salt);
digest.input(hmac_result);
let mut digest = digest::Context::new(&digest::SHA256);
digest.update(salt);
digest.update(hmac_result);
let mut secret = [0u8; 32];
digest.result(&mut secret);
secret.as_mut().copy_from_slice(digest.finish().as_ref());
secret
}