YunoHost/SSOwat
1
0
Fork 0
mirror of https://github.com/YunoHost/SSOwat.git synced 2024-09-03 20:06:27 +02:00
Code Issues Projects Releases Packages Wiki Activity

[mod] remove python script and talk directly to openssl

Browse source
This commit is contained in:
Laurent Peuch 2017-05-15 20:57:23 +02:00
parent d71b5bc2a1
commit 782d81fbfe
2 changed files with 8 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
helpers.lua
View file

@ -79,8 +79,14 @@ function hmac_sha512(key, message)
-- this is a bad and probably leak the key and the message in the process list -- this is a bad and probably leak the key and the message in the process list
-- but if someone got there I guess we really have other problems -- but if someone got there I guess we really have other problems
-- and also this is way better than the previous situation -- and also this is way better than the previous situation
local pipe = io.popen("python /usr/share/ssowat/hmac_sha512.py '" ..key.. "' '" ..message.. "'") local pipe = io.popen("echo -n '" ..message.. "' | openssl sha512 -hmac '" ..key.. "'")
local hash = pipe:read()
-- openssl returns something like this:
-- root@yunohost:~# echo -n "qsd" | openssl sha512 -hmac "key"
-- (stdin)= f1c2b1658fe64c5a3d16459f2f4eea213e4181905c190235b060ab2a4e7d6a41c15ea2c246828537a1e32ae524b7a7ed309e6d296089194c3e3e3efb98c1fbe3
--
-- so we need to remove the "(stdin)= " at the beginning
local hash = pipe:read():sub(string.len("(stdin)= ") + 1)
pipe:close() pipe:close()
return hash return hash
end end

10
hmac_sha512.py
View file

@ -1,10 +0,0 @@
import sys
import hashlib
import hmac
key = sys.argv[1]
message = sys.argv[2]
result = hmac.new(key, digestmod=hashlib.sha512)
result.update(message)
print result.hexdigest()