Fix HMAC calculation

2022-02-19 15:30:26 +01:00 · 2022-02-19 15:30:26 +01:00 · 21ef2f1372
parent 173964a6fc
commit 21ef2f1372
5 changed files with 20 additions and 6 deletions
--- a/hmac-generator/main.go
+++ b/hmac-generator/main.go
@ -15,5 +15,8 @@ func main() {
 		sharedSecret = os.Args[1]
 	}

-	fmt.Println(base64.StdEncoding.EncodeToString(hmac.New(sha512.New, []byte(sharedSecret)).Sum([]byte(fmt.Sprintf("%d", time.Now().Unix()/10)))))
+	h := hmac.New(sha512.New, []byte(sharedSecret))
+	h.Write([]byte(fmt.Sprintf("%d", time.Now().Unix()/10)))
+
+	fmt.Println(base64.StdEncoding.EncodeToString(h.Sum(nil)))
 }
--- a/libadlin/students.go
+++ b/libadlin/students.go
@ -68,7 +68,9 @@ func NewStudent(login string) (*Student, error) {
 }

 func (s *Student) GetPKey() []byte {
-	return hmac.New(sha512.New512_224, []byte(SharedSecret)).Sum([]byte(s.Login))
+	h := hmac.New(sha512.New512_224, []byte(SharedSecret))
+	h.Write([]byte(s.Login))
+	return h.Sum(nil)
 }

 func (s *Student) Update() (int64, error) {
--- a/pkg/login-validator/cmd/login.go
+++ b/pkg/login-validator/cmd/login.go
@ -143,7 +143,10 @@ func (l loginChecker) registerUser(username, remoteAddr string, ent ARPEntry) (n
 	if err != nil {
 		return nil, err
 	}
-	req.Header.Add("X-ADLIN-Authentication", base64.StdEncoding.EncodeToString(hmac.New(sha512.New, []byte(loginSalt)).Sum([]byte(fmt.Sprintf("%d", time.Now().Unix()/10)))))
+
+	h := hmac.New(sha512.New, []byte(loginSalt))
+	h.Write([]byte(fmt.Sprintf("%d", time.Now().Unix()/10)))
+	req.Header.Add("X-ADLIN-Authentication", base64.StdEncoding.EncodeToString(h.Sum(nil)))
 	req.Header.Set("Content-Type", "application/json")

 	client := &http.Client{}
--- a/pkg/login-validator/cmd/pxetpl.go
+++ b/pkg/login-validator/cmd/pxetpl.go
@ -36,6 +36,7 @@ func registerUser(tplPath string, filename string, username string, ip net.IP) e
 		defer userfd.Close()

 		pkey := hmac.New(sha512.New512_224, []byte(loginSalt))
+		pkey.Write([]byte(username))

 		if len(ip.To4()) != 4 {
 			return fmt.Errorf("Unable to assign a protected IP.")
@ -45,7 +46,7 @@ func registerUser(tplPath string, filename string, username string, ip net.IP) e
 			return err
 		} else if err := pxeTmpl.Execute(userfd, map[string]string{
 			"username": username,
-			"pkey":     fmt.Sprintf("%x", pkey.Sum([]byte(username))),
+			"pkey":     fmt.Sprintf("%x", pkey.Sum(nil)),
 			"ip":       ip.String(),
 		}); err != nil {
 			return err
--- a/token-validator/handler.go
+++ b/token-validator/handler.go
@ -28,8 +28,13 @@ type DispatchFunction func(httprouter.Params, []byte) (interface{}, error)

 func remoteValidatorHandler(f func(http.ResponseWriter, *http.Request, httprouter.Params)) func(http.ResponseWriter, *http.Request, httprouter.Params) {
 	return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
-		expectedMAC := hmac.New(sha512.New, []byte(adlin.SharedSecret)).Sum([]byte(fmt.Sprintf("%d", time.Now().Unix()/10)))
-		previousMAC := hmac.New(sha512.New, []byte(adlin.SharedSecret)).Sum([]byte(fmt.Sprintf("%d", time.Now().Unix()/10-1)))
+		h := hmac.New(sha512.New, []byte(adlin.SharedSecret))
+		h.Write([]byte(fmt.Sprintf("%d", time.Now().Unix()/10)))
+		expectedMAC := h.Sum(nil)
+
+		h = hmac.New(sha512.New, []byte(adlin.SharedSecret))
+		h.Write([]byte(fmt.Sprintf("%d", time.Now().Unix()/10-1)))
+		previousMAC := h.Sum(nil)

 		if aauth, err := base64.StdEncoding.DecodeString(r.Header.Get("X-ADLIN-Authentication")); err != nil {
 			http.Error(w, fmt.Sprintf("{\"errmsg\":%q}\n", err), http.StatusUnauthorized)