Fix HMAC calculation
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
nemunaire 2022-02-19 15:30:26 +01:00
parent 173964a6fc
commit 21ef2f1372
5 changed files with 20 additions and 6 deletions

View File

@ -15,5 +15,8 @@ func main() {
sharedSecret = os.Args[1] sharedSecret = os.Args[1]
} }
fmt.Println(base64.StdEncoding.EncodeToString(hmac.New(sha512.New, []byte(sharedSecret)).Sum([]byte(fmt.Sprintf("%d", time.Now().Unix()/10))))) h := hmac.New(sha512.New, []byte(sharedSecret))
h.Write([]byte(fmt.Sprintf("%d", time.Now().Unix()/10)))
fmt.Println(base64.StdEncoding.EncodeToString(h.Sum(nil)))
} }

View File

@ -68,7 +68,9 @@ func NewStudent(login string) (*Student, error) {
} }
func (s *Student) GetPKey() []byte { func (s *Student) GetPKey() []byte {
return hmac.New(sha512.New512_224, []byte(SharedSecret)).Sum([]byte(s.Login)) h := hmac.New(sha512.New512_224, []byte(SharedSecret))
h.Write([]byte(s.Login))
return h.Sum(nil)
} }
func (s *Student) Update() (int64, error) { func (s *Student) Update() (int64, error) {

View File

@ -143,7 +143,10 @@ func (l loginChecker) registerUser(username, remoteAddr string, ent ARPEntry) (n
if err != nil { if err != nil {
return nil, err return nil, err
} }
req.Header.Add("X-ADLIN-Authentication", base64.StdEncoding.EncodeToString(hmac.New(sha512.New, []byte(loginSalt)).Sum([]byte(fmt.Sprintf("%d", time.Now().Unix()/10)))))
h := hmac.New(sha512.New, []byte(loginSalt))
h.Write([]byte(fmt.Sprintf("%d", time.Now().Unix()/10)))
req.Header.Add("X-ADLIN-Authentication", base64.StdEncoding.EncodeToString(h.Sum(nil)))
req.Header.Set("Content-Type", "application/json") req.Header.Set("Content-Type", "application/json")
client := &http.Client{} client := &http.Client{}

View File

@ -36,6 +36,7 @@ func registerUser(tplPath string, filename string, username string, ip net.IP) e
defer userfd.Close() defer userfd.Close()
pkey := hmac.New(sha512.New512_224, []byte(loginSalt)) pkey := hmac.New(sha512.New512_224, []byte(loginSalt))
pkey.Write([]byte(username))
if len(ip.To4()) != 4 { if len(ip.To4()) != 4 {
return fmt.Errorf("Unable to assign a protected IP.") return fmt.Errorf("Unable to assign a protected IP.")
@ -45,7 +46,7 @@ func registerUser(tplPath string, filename string, username string, ip net.IP) e
return err return err
} else if err := pxeTmpl.Execute(userfd, map[string]string{ } else if err := pxeTmpl.Execute(userfd, map[string]string{
"username": username, "username": username,
"pkey": fmt.Sprintf("%x", pkey.Sum([]byte(username))), "pkey": fmt.Sprintf("%x", pkey.Sum(nil)),
"ip": ip.String(), "ip": ip.String(),
}); err != nil { }); err != nil {
return err return err

View File

@ -28,8 +28,13 @@ type DispatchFunction func(httprouter.Params, []byte) (interface{}, error)
func remoteValidatorHandler(f func(http.ResponseWriter, *http.Request, httprouter.Params)) func(http.ResponseWriter, *http.Request, httprouter.Params) { func remoteValidatorHandler(f func(http.ResponseWriter, *http.Request, httprouter.Params)) func(http.ResponseWriter, *http.Request, httprouter.Params) {
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
expectedMAC := hmac.New(sha512.New, []byte(adlin.SharedSecret)).Sum([]byte(fmt.Sprintf("%d", time.Now().Unix()/10))) h := hmac.New(sha512.New, []byte(adlin.SharedSecret))
previousMAC := hmac.New(sha512.New, []byte(adlin.SharedSecret)).Sum([]byte(fmt.Sprintf("%d", time.Now().Unix()/10-1))) h.Write([]byte(fmt.Sprintf("%d", time.Now().Unix()/10)))
expectedMAC := h.Sum(nil)
h = hmac.New(sha512.New, []byte(adlin.SharedSecret))
h.Write([]byte(fmt.Sprintf("%d", time.Now().Unix()/10-1)))
previousMAC := h.Sum(nil)
if aauth, err := base64.StdEncoding.DecodeString(r.Header.Get("X-ADLIN-Authentication")); err != nil { if aauth, err := base64.StdEncoding.DecodeString(r.Header.Get("X-ADLIN-Authentication")); err != nil {
http.Error(w, fmt.Sprintf("{\"errmsg\":%q}\n", err), http.StatusUnauthorized) http.Error(w, fmt.Sprintf("{\"errmsg\":%q}\n", err), http.StatusUnauthorized)