dnrops
/
meilisearch
mirror of https://github.com/meilisearch/meilisearch.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Wrap sha256 in HMAC instead of directly use sha256

This commit is contained in:
ManyTheFish 2022-06-08 14:04:45 +02:00
parent 0928f3d41c
commit 987a7f8926
3 changed files with 25 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
Cargo.lock generated
View File

@ -927,6 +927,7 @@ checksum = "f2fb860ca6fafa5552fb6d0e816a69c8e49f0908bf524e30a90d97c85892d506"
dependencies = [ dependencies = [
"block-buffer", "block-buffer",
"crypto-common", "crypto-common",
"subtle",
] ]
[[package]] [[package]]
@ -1460,6 +1461,15 @@ version = "0.4.3"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
[[package]]
name = "hmac"
version = "0.12.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e"
dependencies = [
"digest",
]
[[package]] [[package]]
name = "http" name = "http"
version = "0.2.7" version = "0.2.7"
@ -1974,6 +1984,7 @@ version = "0.27.1"
dependencies = [ dependencies = [
"base64", "base64",
"enum-iterator", "enum-iterator",
"hmac",
"meilisearch-error", "meilisearch-error",
"milli", "milli",
"rand", "rand",
@ -3272,6 +3283,12 @@ version = "0.10.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623"
[[package]]
name = "subtle"
version = "2.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601"
[[package]] [[package]]
name = "syn" name = "syn"
version = "0.15.44" version = "0.15.44"

1
meilisearch-auth/Cargo.toml
View File

@ -6,6 +6,7 @@ edition = "2021"
[dependencies] [dependencies]
base64 = "0.13.0" base64 = "0.13.0"
enum-iterator = "0.7.0" enum-iterator = "0.7.0"
hmac = "0.12.1"
meilisearch-error = { path = "../meilisearch-error" } meilisearch-error = { path = "../meilisearch-error" }
milli = { git = "https://github.com/meilisearch/milli.git", tag = "v0.28.0" } milli = { git = "https://github.com/meilisearch/milli.git", tag = "v0.28.0" }
rand = "0.8.4" rand = "0.8.4"

11
meilisearch-auth/src/store.rs
View File

@ -8,9 +8,10 @@ use std::str;
use std::sync::Arc; use std::sync::Arc;
use enum_iterator::IntoEnumIterator; use enum_iterator::IntoEnumIterator;
use hmac::{Hmac, Mac};
use milli::heed::types::{ByteSlice, DecodeIgnore, SerdeJson}; use milli::heed::types::{ByteSlice, DecodeIgnore, SerdeJson};
use milli::heed::{Database, Env, EnvOpenOptions, RwTxn}; use milli::heed::{Database, Env, EnvOpenOptions, RwTxn};
use sha2::{Digest, Sha256}; use sha2::Sha256;
use time::OffsetDateTime; use time::OffsetDateTime;
use uuid::Uuid; use uuid::Uuid;
@ -242,9 +243,11 @@ impl<'a> milli::heed::BytesEncode<'a> for KeyIdActionCodec {
} }
pub fn generate_key_as_base64(uid: &[u8], master_key: &[u8]) -> String { pub fn generate_key_as_base64(uid: &[u8], master_key: &[u8]) -> String {
let key = [uid, master_key].concat(); let mut mac = Hmac::<Sha256>::new_from_slice(master_key).unwrap();
let sha = Sha256::digest(&key); mac.update(uid);
base64::encode_config(sha, base64::URL_SAFE_NO_PAD)
let result = mac.finalize();
base64::encode_config(result.into_bytes(), base64::URL_SAFE_NO_PAD)
} }
/// Divides one slice into two at an index, returns `None` if mid is out of bounds. /// Divides one slice into two at an index, returns `None` if mid is out of bounds.