fix: replace XOR cipher with ChaCha20-Poly1305 AEAD for secret encryption
The previous secret store used a repeating-key XOR cipher which is cryptographically broken: - Deterministic (no nonce) — identical plaintexts produce identical ciphertexts - No authentication — tampered ciphertext decrypts silently - Vulnerable to known-plaintext attacks (e.g., "sk-" prefix reveals key bytes) Replace with ChaCha20-Poly1305 authenticated encryption: - Random 12-byte nonce per encryption (non-deterministic) - Poly1305 authentication tag detects tampering - Uses the same 32-byte key file (no migration needed for keys) New ciphertext format is `enc2:<hex(nonce || ciphertext || tag)>`. Legacy `enc:` values (XOR) are still decryptable for backward compatibility during migration. Adds chacha20poly1305 0.10 crate (pure Rust, no C dependencies). New tests: tamper detection, wrong-key rejection, nonce uniqueness, truncation handling, legacy XOR backward compatibility. CWE-327 / CRIT-1 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Víctor R. Escobar
parent
ac540d2b63
commit
152a996b66
3 changed files with 232 additions and 28 deletions
|
|
@ -40,6 +40,9 @@ thiserror = "2.0"
|
|||
# UUID generation
|
||||
uuid = { version = "1.11", default-features = false, features = ["v4", "std"] }
|
||||
|
||||
# Authenticated encryption (AEAD) for secret store
|
||||
chacha20poly1305 = "0.10"
|
||||
|
||||
# Async traits
|
||||
async-trait = "0.1"
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue