vault: use OsRng for AES-GCM IV and salt generation
Replace rand::random() with rand::rngs::OsRng for cryptographic nonce and salt generation in encryption.rs. rand::random() uses thread-local RNG which may not be a CSPRNG on all platforms; OsRng reads from the OS entropy source, preventing catastrophic IV reuse under AES-GCM. Drift item #1 (security-critical).
This commit is contained in:
@@ -37,6 +37,7 @@ use aes_gcm::{
|
|||||||
aead::{Aead, KeyInit},
|
aead::{Aead, KeyInit},
|
||||||
Aes256Gcm, Nonce,
|
Aes256Gcm, Nonce,
|
||||||
};
|
};
|
||||||
|
use rand::{rngs::OsRng, RngCore};
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
use zeroize::Zeroize;
|
use zeroize::Zeroize;
|
||||||
|
|
||||||
@@ -129,12 +130,14 @@ pub fn encrypt(plaintext: &str, key: &EncryptionKey) -> Result<EncryptedData, En
|
|||||||
let cipher = Aes256Gcm::new_from_slice(&key.key_bytes)
|
let cipher = Aes256Gcm::new_from_slice(&key.key_bytes)
|
||||||
.map_err(|e| EncryptionError::Encryption(format!("invalid key length: {e}")))?;
|
.map_err(|e| EncryptionError::Encryption(format!("invalid key length: {e}")))?;
|
||||||
|
|
||||||
// Generate random IV (12 bytes for AES-GCM)
|
// Generate random IV (12 bytes for AES-GCM) using OsRng CSPRNG
|
||||||
let iv_bytes: [u8; 12] = rand::random();
|
let mut iv_bytes = [0u8; 12];
|
||||||
|
OsRng.fill_bytes(&mut iv_bytes);
|
||||||
let nonce = Nonce::from_slice(&iv_bytes);
|
let nonce = Nonce::from_slice(&iv_bytes);
|
||||||
|
|
||||||
// TODO(Phase B): Use salt in HKDF-based key derivation
|
// TODO(Phase B): Use salt in HKDF-based key derivation
|
||||||
let salt_bytes: [u8; 32] = rand::random();
|
let mut salt_bytes = [0u8; 32];
|
||||||
|
OsRng.fill_bytes(&mut salt_bytes);
|
||||||
|
|
||||||
let ciphertext = cipher
|
let ciphertext = cipher
|
||||||
.encrypt(nonce, plaintext.as_bytes())
|
.encrypt(nonce, plaintext.as_bytes())
|
||||||
|
|||||||
Reference in New Issue
Block a user