Revision 3718bf6d lib/utils.py
b/lib/utils.py | ||
---|---|---|
2608 | 2608 |
|
2609 | 2609 |
return ("%s: %s/%s\n\n%s" % |
2610 | 2610 |
(constants.X509_CERT_SIGNATURE_HEADER, salt, |
2611 |
Sha1Hmac(key, salt + cert_pem),
|
|
2611 |
Sha1Hmac(key, cert_pem, salt=salt),
|
|
2612 | 2612 |
cert_pem)) |
2613 | 2613 |
|
2614 | 2614 |
|
... | ... | |
2647 | 2647 |
# Dump again to ensure it's in a sane format |
2648 | 2648 |
sane_pem = OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, cert) |
2649 | 2649 |
|
2650 |
if not VerifySha1Hmac(key, salt + sane_pem, signature):
|
|
2650 |
if not VerifySha1Hmac(key, sane_pem, signature, salt=salt):
|
|
2651 | 2651 |
raise errors.GenericError("X509 certificate signature is invalid") |
2652 | 2652 |
|
2653 | 2653 |
return (cert, salt) |
2654 | 2654 |
|
2655 | 2655 |
|
2656 |
def Sha1Hmac(key, text): |
|
2656 |
def Sha1Hmac(key, text, salt=None):
|
|
2657 | 2657 |
"""Calculates the HMAC-SHA1 digest of a text. |
2658 | 2658 |
|
2659 | 2659 |
HMAC is defined in RFC2104. |
... | ... | |
2663 | 2663 |
@type text: string |
2664 | 2664 |
|
2665 | 2665 |
""" |
2666 |
return hmac.new(key, text, sha1).hexdigest() |
|
2666 |
if salt: |
|
2667 |
salted_text = salt + text |
|
2668 |
else: |
|
2669 |
salted_text = text |
|
2670 |
|
|
2671 |
return hmac.new(key, salted_text, sha1).hexdigest() |
|
2667 | 2672 |
|
2668 | 2673 |
|
2669 |
def VerifySha1Hmac(key, text, digest): |
|
2674 |
def VerifySha1Hmac(key, text, digest, salt=None):
|
|
2670 | 2675 |
"""Verifies the HMAC-SHA1 digest of a text. |
2671 | 2676 |
|
2672 | 2677 |
HMAC is defined in RFC2104. |
... | ... | |
2680 | 2685 |
@return: Whether HMAC-SHA1 digest matches |
2681 | 2686 |
|
2682 | 2687 |
""" |
2683 |
return digest.lower() == Sha1Hmac(key, text).lower() |
|
2688 |
return digest.lower() == Sha1Hmac(key, text, salt=salt).lower()
|
|
2684 | 2689 |
|
2685 | 2690 |
|
2686 | 2691 |
def SafeEncode(text): |
Also available in: Unified diff