diff --git a/age/src/cli_common.rs b/age/src/cli_common.rs index 53fbed8..b5dcd44 100644 --- a/age/src/cli_common.rs +++ b/age/src/cli_common.rs @@ -108,7 +108,7 @@ pub fn read_identities( filenames: Vec, max_work_factor: Option, ) -> Result>, ReadError> { - let mut identities: Vec> = vec![]; + let mut identities: Vec> = Vec::with_capacity(filenames.len()); for filename in filenames { #[cfg(feature = "armor")] diff --git a/age/src/scrypt.rs b/age/src/scrypt.rs index c3dfc96..1a510f0 100644 --- a/age/src/scrypt.rs +++ b/age/src/scrypt.rs @@ -84,9 +84,9 @@ impl crate::Recipient for Recipient { let mut salt = [0; SALT_LEN]; OsRng.fill_bytes(&mut salt); - let mut inner_salt = vec![]; - inner_salt.extend_from_slice(SCRYPT_SALT_LABEL); - inner_salt.extend_from_slice(&salt); + let mut inner_salt = [0; SCRYPT_SALT_LABEL.len() + SALT_LEN]; + inner_salt[..SCRYPT_SALT_LABEL.len()].copy_from_slice(SCRYPT_SALT_LABEL); + inner_salt[SCRYPT_SALT_LABEL.len()..].copy_from_slice(&salt); let log_n = target_scrypt_work_factor(); @@ -137,9 +137,9 @@ impl<'a> crate::Identity for Identity<'a> { })); } - let mut inner_salt = vec![]; - inner_salt.extend_from_slice(SCRYPT_SALT_LABEL); - inner_salt.extend_from_slice(&salt); + let mut inner_salt = [0; SCRYPT_SALT_LABEL.len() + SALT_LEN]; + inner_salt[..SCRYPT_SALT_LABEL.len()].copy_from_slice(SCRYPT_SALT_LABEL); + inner_salt[SCRYPT_SALT_LABEL.len()..].copy_from_slice(&salt); let enc_key = match scrypt(&inner_salt, log_n, self.passphrase.expose_secret()) { Ok(k) => k, diff --git a/age/src/ssh/identity.rs b/age/src/ssh/identity.rs index 2f1925c..a0f10f3 100644 --- a/age/src/ssh/identity.rs +++ b/age/src/ssh/identity.rs @@ -96,9 +96,9 @@ impl UnencryptedKey { let shared_secret = tweak .diffie_hellman(&X25519PublicKey::from(*sk.diffie_hellman(&epk).as_bytes())); - let mut salt = vec![]; - salt.extend_from_slice(epk.as_bytes()); - salt.extend_from_slice(pk.as_bytes()); + let mut salt = [0; 64]; + salt[..32].copy_from_slice(epk.as_bytes()); + salt[32..].copy_from_slice(pk.as_bytes()); let enc_key = hkdf( &salt, diff --git a/age/src/ssh/recipient.rs b/age/src/ssh/recipient.rs index dbc60d6..7ac020c 100644 --- a/age/src/ssh/recipient.rs +++ b/age/src/ssh/recipient.rs @@ -147,9 +147,9 @@ impl crate::Recipient for Recipient { let shared_secret = tweak.diffie_hellman(&(*esk.diffie_hellman(&pk).as_bytes()).into()); - let mut salt = vec![]; - salt.extend_from_slice(epk.as_bytes()); - salt.extend_from_slice(pk.as_bytes()); + let mut salt = [0; 64]; + salt[..32].copy_from_slice(epk.as_bytes()); + salt[32..].copy_from_slice(pk.as_bytes()); let enc_key = hkdf( &salt, diff --git a/age/src/x25519.rs b/age/src/x25519.rs index 4cd58fc..21d3fe8 100644 --- a/age/src/x25519.rs +++ b/age/src/x25519.rs @@ -120,9 +120,9 @@ impl crate::Identity for Identity { return Some(Err(DecryptError::InvalidHeader)); } - let mut salt = vec![]; - salt.extend_from_slice(epk.as_bytes()); - salt.extend_from_slice(pk.as_bytes()); + let mut salt = [0; 64]; + salt[..32].copy_from_slice(epk.as_bytes()); + salt[32..].copy_from_slice(pk.as_bytes()); let enc_key = hkdf(&salt, X25519_RECIPIENT_KEY_LABEL, shared_secret.as_bytes()); @@ -204,9 +204,9 @@ impl crate::Recipient for Recipient { panic!("Generated the all-zero esk; OS RNG is likely failing!"); } - let mut salt = vec![]; - salt.extend_from_slice(epk.as_bytes()); - salt.extend_from_slice(self.0.as_bytes()); + let mut salt = [0; 64]; + salt[..32].copy_from_slice(epk.as_bytes()); + salt[32..].copy_from_slice(self.0.as_bytes()); let enc_key = hkdf(&salt, X25519_RECIPIENT_KEY_LABEL, shared_secret.as_bytes()); let encrypted_file_key = aead_encrypt(&enc_key, file_key.expose_secret());