auth-filters: do not use HMAC-SHA1

Though SHA1 is broken, HMAC-SHA1 is still fine. But let's not push our
luck; SHA256 is more sensible anyway.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

diff --git a/filters/gentoo-ldap-authentication.lua b/filters/gentoo-ldap-authentication.lua
index 6d8eb3e2890f7ddb4676ed20bddfcfbe1c732ef3..c1e382fecbe3e9df5d6a25736b6a9f68358c4a54 100644 (file)
--- a/filters/gentoo-ldap-authentication.lua
+++ b/filters/gentoo-ldap-authentication.lua
@@ -271,7 +271,7 @@ function validate_value(expected_field, cookie)
        end
 
        -- Lua hashes strings, so these comparisons are time invariant.
        end
 
        -- Lua hashes strings, so these comparisons are time invariant.

-       if hmac ~= crypto.hmac.digest("sha1", field .. "|" .. value .. "|" .. tostring(expiration) .. "|" .. salt, secret) then
+       if hmac ~= crypto.hmac.digest("sha256", field .. "|" .. value .. "|" .. tostring(expiration) .. "|" .. salt, secret) then

                return nil
        end
 
                return nil
        end
 


@@ -296,7 +296,7 @@ function secure_value(field, value, expiration)
        value = url_encode(value)
        field = url_encode(field)
        authstr = field .. "|" .. value .. "|" .. tostring(expiration) .. "|" .. salt
        value = url_encode(value)
        field = url_encode(field)
        authstr = field .. "|" .. value .. "|" .. tostring(expiration) .. "|" .. salt

-       authstr = authstr .. "|" .. crypto.hmac.digest("sha1", authstr, secret)
+       authstr = authstr .. "|" .. crypto.hmac.digest("sha256", authstr, secret)

        return authstr
 end
 
        return authstr
 end
 

diff --git a/filters/simple-authentication.lua b/filters/simple-authentication.lua
index de34d092135d0db24b6a7057c00e3293e9fffe2c..596c04184841eef803de918c7aab8b8e43769b87 100644 (file)
--- a/filters/simple-authentication.lua
+++ b/filters/simple-authentication.lua
@@ -231,7 +231,7 @@ function validate_value(expected_field, cookie)
        end
 
        -- Lua hashes strings, so these comparisons are time invariant.
        end
 
        -- Lua hashes strings, so these comparisons are time invariant.

-       if hmac ~= crypto.hmac.digest("sha1", field .. "|" .. value .. "|" .. tostring(expiration) .. "|" .. salt, secret) then
+       if hmac ~= crypto.hmac.digest("sha256", field .. "|" .. value .. "|" .. tostring(expiration) .. "|" .. salt, secret) then

                return nil
        end
 
                return nil
        end
 


@@ -256,7 +256,7 @@ function secure_value(field, value, expiration)
        value = url_encode(value)
        field = url_encode(field)
        authstr = field .. "|" .. value .. "|" .. tostring(expiration) .. "|" .. salt
        value = url_encode(value)
        field = url_encode(field)
        authstr = field .. "|" .. value .. "|" .. tostring(expiration) .. "|" .. salt

-       authstr = authstr .. "|" .. crypto.hmac.digest("sha1", authstr, secret)
+       authstr = authstr .. "|" .. crypto.hmac.digest("sha256", authstr, secret)

        return authstr
 end
 
        return authstr
 end