Skip to content

Commit e68b302

Browse files
TaeHagenTaeHagen
committed
No Sha256 MGF1
1 parent 6fd4d49 commit e68b302

File tree

1 file changed

+5
-5
lines changed

1 file changed

+5
-5
lines changed

keystore/src/backup.rs

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -91,10 +91,10 @@ impl BackupKeystoreState {
9191

9292
pub fn update_master(&mut self, hardware: &impl Keystore, master_key: &PKey<Private>) -> Result<(), KeystoreError> {
9393
hardware.overwrite_new("keystore:recovery:master", KeyType::Rsa(2048), KeystoreAccessRules {
94-
encryption_paddings: vec![KeystorePadding::OAEP { md: KeystoreDigest::Sha256, mgf1: KeystoreDigest::Sha256 }],
94+
encryption_paddings: vec![KeystorePadding::OAEP { md: KeystoreDigest::Sha256, mgf1: KeystoreDigest::Sha1 }],
9595
digests: vec![KeystoreDigest::Sha256],
96-
mgf1_digests: vec![KeystoreDigest::Sha256],
97-
block_modes: vec![EncryptMode::Rsa(crate::KeystorePadding::OAEP { md: KeystoreDigest::Sha256, mgf1: KeystoreDigest::Sha256 })],
96+
mgf1_digests: vec![KeystoreDigest::Sha1],
97+
block_modes: vec![EncryptMode::Rsa(crate::KeystorePadding::OAEP { md: KeystoreDigest::Sha256, mgf1: KeystoreDigest::Sha1 })],
9898
require_user: true,
9999
can_decrypt: true,
100100
can_encrypt: true,
@@ -103,7 +103,7 @@ impl BackupKeystoreState {
103103

104104
let key = master_key.private_key_to_der()?;
105105
let ciphertext = hardware.encrypt("keystore:recovery:master", &key,
106-
&mut EncryptMode::Rsa(crate::KeystorePadding::OAEP { md: KeystoreDigest::Sha256, mgf1: KeystoreDigest::Sha256 }))?;
106+
&mut EncryptMode::Rsa(crate::KeystorePadding::OAEP { md: KeystoreDigest::Sha256, mgf1: KeystoreDigest::Sha1 }))?;
107107

108108
self.master_key = master_key.public_key_to_der()?.into();
109109
self.encrypted_master_key = ciphertext.into();
@@ -148,7 +148,7 @@ impl<T: Keystore> LockableKeystore for BackupKeystore<T> {
148148
let state = self.state.read().expect("Failed to read!");
149149

150150
let decrypt = self.hardware.decrypt("keystore:recovery:master", state.encrypted_master_key.as_ref(),
151-
&EncryptMode::Rsa(crate::KeystorePadding::OAEP { md: KeystoreDigest::Sha256, mgf1: KeystoreDigest::Sha256 }))?;
151+
&EncryptMode::Rsa(crate::KeystorePadding::OAEP { md: KeystoreDigest::Sha256, mgf1: KeystoreDigest::Sha1 }))?;
152152
*self.unlocked_key.write().unwrap() = Some(PKey::from_ec_key(EcKey::private_key_from_der(&decrypt)?)?);
153153
Ok(())
154154
}

0 commit comments

Comments
 (0)