Merge pull request #3 from dajiaji/fix-key-wrapping

Fix bug on V2/V4 key wrapping.
paragonie · Sep 20, 2021 · 38c1b0a · 38c1b0a
2 parents 7181b76 + 0a620cd
commit 38c1b0a
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/src/Operations/Wrap/Pie.php b/src/Operations/Wrap/Pie.php
@@ -145,6 +145,9 @@ protected function wrapKeyV2V4(string $header, KeyInterface $key): string
         // Step 4:
         $c = sodium_crypto_stream_xchacha20_xor($key->raw(), $n2, $Ek);
 
+        // Step 5:
+        $t = sodium_crypto_generichash($header . $n . $c, $Ak);
+
         // Wipe keys from memory after use:
         try {
             sodium_memzero($Ek);
@@ -158,9 +161,6 @@ protected function wrapKeyV2V4(string $header, KeyInterface $key): string
             $Ak ^= $Ak;
         }
 
-        // Step 5:
-        $t = sodium_crypto_generichash($header . $n . $c);
-
         return Base64UrlSafe::encodeUnpadded($t . $n . $c);
     }
 
@@ -283,7 +283,7 @@ protected function unwrapKeyV2V4(string $header, string $encoded): string
         $Ak = sodium_crypto_generichash("\x81" . $n, $this->wrappingKey->raw());
 
         // Step 3:
-        $t2 = sodium_crypto_generichash($header . $n . $c);
+        $t2 = sodium_crypto_generichash($header . $n . $c, $Ak);
 
         // Step 4:
         if (!hash_equals($t2, $t)) {