search

ANSSI-FR / MLA

Multi Layer Archive - A pure rust encrypted and compressed archive file format
GNU Lesser General Public License v3.0
330 stars 20 forks source link

Aes gcm key commitment #209

Closed commial closed 4 months ago

commial commented 4 months ago

Fix #206

:warning: this is a breaking change

In this PR, the key commitment scheme is obtained by prefixing the encrypted data with a fixed 32 bytes string.

To avoid using the same key (the archive key) twice, the hardcoded string is the first chunk to be encrypted. To avoid using the same nonce & key, there is a shift of 1 (FIRST_DATA_CHUNK_NUMBER=1) between the "chunk_number" value computed by layers and the actual value used in the build_nonce, ie:

Data on disk: [hardcoded string. Nonce=build_nonce(nonce, 0) -- 512bits + tag long][underlayer chunk #1. Nonce=build_nonce(nonce, 1) -- 4MB + tag long]...[underlayer chunk #n. Nonce=build_nonce(nonce, n) -- last size + tag long]

Note: as this PR modifies the current format, it is expected to fail on archive_v1 checks

Update: use a 512bits for 256bits of security

commial commented 4 months ago

Failing tests are caused by an update to Py-bindings (unrelated to this PR) and the "long" test CI enabling the check_archive_v1 test, which is expected to fail