Update hmac calculation to copy LLNG behavior

LemonLDAPNG · Sep 3, 2019 · 396cdbb · 396cdbb
1 parent e5df7c4
commit 396cdbb
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 9 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,7 +3,7 @@ Changelog
 
 ## 0.4.1
  * BREACKING CHANGE:
-   * Cryptographic function are now compatible with LLNG ≥ 2.0.6 but then
+   * Cryptographic function are now compatible with LLNG ≥ 2.0.5 but then
      may be incompatible with previous versions.
 
 ## 0.4.0

diff --git a/src/packages/lemonldap-ng-conf/lib/crypto.coffee b/src/packages/lemonldap-ng-conf/lib/crypto.coffee
@@ -17,11 +17,11 @@ class Crypto
 		return Buffer.from Array.prototype.slice.call tmp, 0
 
 	encrypt: (s) ->
-		hmac = new sha('sha256').update(s).digest()
 		s = Buffer.from s
-		s = Buffer.concat [hmac,s]
 		l = 16 - s.length % 16
 		s = Buffer.concat [s, Buffer.allocUnsafe(l).fill "\0"]
+		hmac = new sha('sha256').update(s).digest()
+		s = Buffer.concat [hmac,s]
 		iv = this.newIv()
 		cipher = new aesjs.ModeOfOperation.cbc @rk, iv
 		buf = Buffer.concat [iv, cipher.encrypt s]
@@ -37,14 +37,14 @@ class Crypto
 		res = Buffer.from cipher.decrypt s
 		hmac = res.slice 0,32
 		res = res.slice 32
+		newhmac = new sha('sha256').update(res).digest()
 		z = res.indexOf "\0"
 		if z > 0
 			res = res.slice 0, z+1
 		res = res.toString()
-		newhmac = new sha('sha256').update(res).digest()
 		# Remove \0 at end
 		res = res.substring 0, res.length-1
-		if hmac.equals(newhmac) or hmac.equals(new sha('sha256').update(res).digest())
+		if hmac.equals(newhmac)
 			return res
 		else
 			console.error "Bad hmac"

diff --git a/src/packages/lemonldap-ng-conf/test/cr.json b/src/packages/lemonldap-ng-conf/test/cr.json
@@ -1,6 +1,6 @@
 {
-   "utf8 iso 8859 àéç" : "T33lc1/Mmab2ZS29Fe/vkof3I/b00xeg0ChwyllDCI3dQXoff+yclU982UxUFML1KzgUXDHCBkbShcJujOOG88P1LyWDlQd+2jkOEBejA/k=",
-   "longtext xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" : "kEJtTbuQ/FlxOhNDwzq0n6icNFTaeghod3UH7Mbv313i9GR9OBpHaywiEhFRg0SxDC+Lxav1NwNF2jTHQHq8zPZgscy0jbueW1k1uly0SPg+o7onCeXlxCqncaUqce2r",
-   "utf8 Русский" : "oWLWC9+/CgyEaAnO4M9f4J1H1z7NZkxwcKKqISHgciT9znETYMS5FMuTJYg8b25h5CeEirQVmuN/FRnHCFR7NajgJ+lgqtTHReRJR09ErNQ=",
-   "test" : "px9k88IRXWgAU/edNUozgTzoDrUqcRWKeI4vtKFE7m+RfrFQmDqk8vlg4fb+9ibVVeNrIik6nJI7JRTcDXcD+Q=="
+   "utf8 iso 8859 àéç" : "b+FR28F16bqRqugTa1X02npHTbgb/2agx5V+AHCBvqEr9TgwE0R5FzJ2guvWV4KNp5Z0Yi4zw84B6vprRjWt1sABKySL3YYqWvJeX6THsQo=",
+   "test" : "6rjnSaTwK6HCtg4k3IpeouVixkkG4W5bfvg3b8b6lrnCiQj192o1Mx6cJ16HW50v1eiSuf8+baDtJegQqwsAjg==",
+   "utf8 Русский" : "axe4G7tpBJaqMjzkL3K250bteKYsBqTrPR/+MxSjbULrww0mvo4o3uI/0lWFVEwzqsNLfyFzJeXPJ9fvEmsHxhdqP664ecpiyjavjXnzLto=",
+   "longtext xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" : "xpND1ygBHFtBm2u2AbP4fIswH7ZAZHsNgO3ZbgzshXze8bmOP6g6gnpWkqlNhjwjpzO1R3UID4eJOS0UOWKKpeKWs/gh8cWyWrhRafedxT4pq09JgubIKlOlmOemjAtQ"
 }