projects / arvados.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: acf5455)
13493: Fix HMAC usage.
authorTom Clegg <tclegg@veritasgenetics.com>
Tue, 10 Jul 2018 18:25:20 +0000 (14:25 -0400)
committerTom Clegg <tclegg@veritasgenetics.com>
Tue, 10 Jul 2018 18:25:20 +0000 (14:25 -0400)
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tclegg@veritasgenetics.com>

sdk/go/auth/salt.go patch | blob | history

diff --git a/sdk/go/auth/salt.go b/sdk/go/auth/salt.go
index f669eb2760e16a9ec32454de6b5eb925aae57f85..667a30f5ef669ac50c06e0756c4a30ecbde3e025 100644 (file)
--- a/sdk/go/auth/salt.go
+++ b/sdk/go/auth/salt.go
@@ -9,6 +9,7 @@ import (
        "crypto/sha1"
        "errors"
        "fmt"
+       "io"
        "regexp"
        "strings"
 )
@@ -33,7 +34,9 @@ func SaltToken(token, remote string) (string, error) {
        secret := parts[2]
        if len(secret) != 40 {
                // not already salted
-               secret = fmt.Sprintf("%x", hmac.New(sha1.New, []byte(secret)).Sum([]byte(remote)))
+               hmac := hmac.New(sha1.New, []byte(secret))
+               io.WriteString(hmac, remote)
+               secret = fmt.Sprintf("%x", hmac.Sum(nil))
                return "v2/" + uuid + "/" + secret, nil
        } else if strings.HasPrefix(uuid, remote) {
                // already salted for the desired remote