starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-04-25 09:48:29 +02:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

eab: use hex key instead of binary (fixes issue with nullbytes)

Browse Source
This commit is contained in:
Lukas Schauer
2020-09-14 18:59:41 +02:00
parent 416fd0fd1b
commit b3b2fee496
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
dehydrated
View File

@@ -632,8 +632,8 @@ init_system() {
eab_url="${CA_NEW_ACCOUNT}" eab_url="${CA_NEW_ACCOUNT}"
eab_protected64="$(printf '{"alg":"HS256","kid":"%s","url":"%s"}' "${EAB_KID}" "${eab_url}" | urlbase64)" eab_protected64="$(printf '{"alg":"HS256","kid":"%s","url":"%s"}' "${EAB_KID}" "${eab_url}" | urlbase64)"
eab_payload64="$(printf "%s" '{"e": "'"${pubExponent64}"'", "kty": "RSA", "n": "'"${pubMod64}"'"}' | urlbase64)" eab_payload64="$(printf "%s" '{"e": "'"${pubExponent64}"'", "kty": "RSA", "n": "'"${pubMod64}"'"}' | urlbase64)"
eab_key="$(printf "%s" "${EAB_HMAC_KEY}" | deurlbase64)" eab_key="$(printf "%s" "${EAB_HMAC_KEY}" | deurlbase64 | bin2hex)"
eab_signed64="$(printf '%s' "${eab_protected64}.${eab_payload64}" | "${OPENSSL}" dgst -binary -sha256 -hmac "${eab_key}" | urlbase64)" eab_signed64="$(printf '%s' "${eab_protected64}.${eab_payload64}" | "${OPENSSL}" dgst -binary -sha256 -mac HMAC -macopt "hexkey:${eab_key}" | urlbase64)"
if [[ -n "${CONTACT_EMAIL}" ]]; then if [[ -n "${CONTACT_EMAIL}" ]]; then
regjson='{"contact":["mailto:'"${CONTACT_EMAIL}"'"], "termsOfServiceAgreed": true, "externalAccountBinding": {"protected": "'"${eab_protected64}"'", "payload": "'"${eab_payload64}"'", "signature": "'"${eab_signed64}"'"}}' regjson='{"contact":["mailto:'"${CONTACT_EMAIL}"'"], "termsOfServiceAgreed": true, "externalAccountBinding": {"protected": "'"${eab_protected64}"'", "payload": "'"${eab_payload64}"'", "signature": "'"${eab_signed64}"'"}}'
@@ -742,7 +742,7 @@ hex2bin() {
# Convert binary data to hex string # Convert binary data to hex string
bin2hex() { bin2hex() {
hexdump | _sed 's/^[^ ]*//' | tr -d ' \n\r' hexdump -e '16/1 "%02x"'
} }
# OpenSSL writes to stderr/stdout even when there are no errors. So just # OpenSSL writes to stderr/stdout even when there are no errors. So just