netcraft
/
litecoin
mirror of https://github.com/litecoin-project/litecoin
6
0
Fork 0
Code Issues Projects Releases Wiki Activity

Properly generate salt in rpcauth.py, update tests

Browse Source 
Previously, when iterating over bytes of the generated salt to construct
a hex string, only one character would be outputted when the byte is
less than 0x10. Meaning that for a 16 byte salt, the hex string might be
less than 32 characters and collisions would occur.
pull/643/head
Carl Dong 6 years ago
parent 35739976c1
commit 6be7d14d24
2 changed files with 9 additions and 12 deletions
Show Stats Download Patch File Download Diff File

15
share/rpcauth/rpcauth.py
Unescape View File

@ -5,17 +5,13 @@
import sys import sys
import os import os
from random import SystemRandom
import base64 import base64
from binascii import hexlify
import hmac import hmac
def generate_salt(): def generate_salt(size):
# This uses os.urandom() underneath """Create size byte hex salt"""
cryptogen = SystemRandom() return hexlify(os.urandom(size)).decode()
# Create 16 byte hex salt
salt_sequence = [cryptogen.randrange(256) for _ in range(16)]
return ''.join([format(r, 'x') for r in salt_sequence])
def generate_password(): def generate_password():
"""Create 32 byte b64 password""" """Create 32 byte b64 password"""
@ -32,7 +28,8 @@ def main():
username = sys.argv[1] username = sys.argv[1]
salt = generate_salt() # Create 16 byte hex salt
salt = generate_salt(16)
if len(sys.argv) > 2: if len(sys.argv) > 2:
password = sys.argv[2] password = sys.argv[2]
else: else:

6
test/util/rpcauth-test.py
Unescape View File

@ -24,8 +24,8 @@ class TestRPCAuth(unittest.TestCase):
self.rpcauth = importlib.import_module('rpcauth') self.rpcauth = importlib.import_module('rpcauth')
def test_generate_salt(self): def test_generate_salt(self):
self.assertLessEqual(len(self.rpcauth.generate_salt()), 32) for i in range(16, 32 + 1):
self.assertGreaterEqual(len(self.rpcauth.generate_salt()), 16) self.assertEqual(len(self.rpcauth.generate_salt(i)), i * 2)
def test_generate_password(self): def test_generate_password(self):
password = self.rpcauth.generate_password() password = self.rpcauth.generate_password()
@ -34,7 +34,7 @@ class TestRPCAuth(unittest.TestCase):
self.assertEqual(expected_password, password) self.assertEqual(expected_password, password)
def test_check_password_hmac(self): def test_check_password_hmac(self):
salt = self.rpcauth.generate_salt() salt = self.rpcauth.generate_salt(16)
password = self.rpcauth.generate_password() password = self.rpcauth.generate_password()
password_hmac = self.rpcauth.password_to_hmac(salt, password) password_hmac = self.rpcauth.password_to_hmac(salt, password)

Write Preview
Loading…
Cancel
Save