Merge branch 'master' into max-stream-peer-servers

1 files changed, 9 insertions, 6 deletions

diff --git a/signer/storage/aes_gcm_storage.go b/signer/storage/aes_gcm_storage.go
index 399637a44..900831867 100644
--- a/signer/storage/aes_gcm_storage.go
+++ b/signer/storage/aes_gcm_storage.go
@@ -63,7 +63,7 @@ func (s *AESEncryptedStorage) Put(key, value string) {
 		log.Warn("Failed to read encrypted storage", "err", err, "file", s.filename)
 		return
 	}
-	ciphertext, iv, err := encrypt(s.key, []byte(value))
+	ciphertext, iv, err := encrypt(s.key, []byte(value), []byte(key))
 	if err != nil {
 		log.Warn("Failed to encrypt entry", "err", err)
 		return
@@ -90,7 +90,7 @@ func (s *AESEncryptedStorage) Get(key string) string {
 		log.Warn("Key does not exist", "key", key)
 		return ""
 	}
-	entry, err := decrypt(s.key, encrypted.Iv, encrypted.CipherText)
+	entry, err := decrypt(s.key, encrypted.Iv, encrypted.CipherText, []byte(key))
 	if err != nil {
 		log.Warn("Failed to decrypt key", "key", key)
 		return ""
@@ -129,7 +129,10 @@ func (s *AESEncryptedStorage) writeEncryptedStorage(creds map[string]storedCrede
 	return nil
 }
 
-func encrypt(key []byte, plaintext []byte) ([]byte, []byte, error) {
+// encrypt encrypts plaintext with the given key, with additional data
+// The 'additionalData' is used to place the (plaintext) KV-store key into the V,
+// to prevent the possibility to alter a K, or swap two entries in the KV store with eachother.
+func encrypt(key []byte, plaintext []byte, additionalData []byte) ([]byte, []byte, error) {
 	block, err := aes.NewCipher(key)
 	if err != nil {
 		return nil, nil, err
@@ -142,11 +145,11 @@ func encrypt(key []byte, plaintext []byte) ([]byte, []byte, error) {
 	if err != nil {
 		return nil, nil, err
 	}
-	ciphertext := aesgcm.Seal(nil, nonce, plaintext, nil)
+	ciphertext := aesgcm.Seal(nil, nonce, plaintext, additionalData)
 	return ciphertext, nonce, nil
 }
 
-func decrypt(key []byte, nonce []byte, ciphertext []byte) ([]byte, error) {
+func decrypt(key []byte, nonce []byte, ciphertext []byte, additionalData []byte) ([]byte, error) {
 	block, err := aes.NewCipher(key)
 	if err != nil {
 		return nil, err
@@ -155,7 +158,7 @@ func decrypt(key []byte, nonce []byte, ciphertext []byte) ([]byte, error) {
 	if err != nil {
 		return nil, err
 	}
-	plaintext, err := aesgcm.Open(nil, nonce, ciphertext, nil)
+	plaintext, err := aesgcm.Open(nil, nonce, ciphertext, additionalData)
 	if err != nil {
 		return nil, err
 	}