[mod] remove python script and talk directly to openssl

2024-09-03 20:06:27 +02:00 · 2017-05-15 20:57:23 +02:00 · 2017-05-15 20:57:23 +02:00 · 782d81fbfe
commit 782d81fbfe
parent d71b5bc2a1
2 changed files with 8 additions and 12 deletions
--- a/helpers.lua
+++ b/helpers.lua
@ -79,8 +79,14 @@ function hmac_sha512(key, message)
    -- this is a bad and probably leak the key and the message in the process list
    -- but if someone got there I guess we really have other problems
    -- and also this is way better than the previous situation
-    local pipe = io.popen("python /usr/share/ssowat/hmac_sha512.py '" ..key.. "' '" ..message.. "'")
-    local hash = pipe:read()
+    local pipe = io.popen("echo -n '" ..message.. "' | openssl sha512 -hmac '" ..key.. "'")
+
+    -- openssl returns something like this:
+    -- root@yunohost:~# echo -n "qsd" | openssl sha512 -hmac "key"
+    -- (stdin)= f1c2b1658fe64c5a3d16459f2f4eea213e4181905c190235b060ab2a4e7d6a41c15ea2c246828537a1e32ae524b7a7ed309e6d296089194c3e3e3efb98c1fbe3
+    --
+    -- so we need to remove the "(stdin)= " at the beginning
+    local hash = pipe:read():sub(string.len("(stdin)= ") + 1)
    pipe:close()
    return hash
 end
--- a/hmac_sha512.py
+++ b/hmac_sha512.py
@ -1,10 +0,0 @@
-import sys
-import hashlib
-import hmac
-
-key = sys.argv[1]
-message = sys.argv[2]
-
-result = hmac.new(key, digestmod=hashlib.sha512)
-result.update(message)
-print result.hexdigest()