Skip to content

Commit 86aa94e

Browse files
Str1ker17Str1ker17
committed
Fix secret
1 parent 392db3b commit 86aa94e

2 files changed

Lines changed: 20 additions & 6 deletions

File tree

src/plugins/BoundAuthPlugin/BoundAuth.c

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -295,7 +295,8 @@ PLUGINAPI int PLUGINCALL Initialize(struct pluginlink *link, int argc, char **ar
295295

296296
/* DONE: parse passwordLen= and other parameters. */
297297
for (int i = 1; i < argc; ++i) {
298-
const char *val = strtok(argv[i], "=");
298+
strtok(argv[i], "=");
299+
const char *val = strtok(NULL, "=");
299300
if (val && strcmp(argv[i], "len") == 0) {
300301
if (sscanf(val, "%hhu", &PluginConfig.len) != 1 || PluginConfig.len == 0) {
301302
log_err_config(link, "%s= should be followed by a positive integer", argv[i]);

src/plugins/BoundAuthPlugin/generator.html

Lines changed: 18 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -17,17 +17,30 @@ <h3>BoundAuth Generator</h3>
1717
<p><b>Result:</b> <code id="output"></code></p>
1818

1919
<script>
20-
async function computeHMAC(password, ip, sharedSecret = "") {
21-
const keyData = new TextEncoder().encode(password + sharedSecret);
20+
async function hmacSHA256(keyBytes, messageBytes) {
2221
const key = await crypto.subtle.importKey(
23-
"raw", keyData,
22+
"raw", keyBytes,
2423
{ name: "HMAC", hash: "SHA-256" },
2524
false, ["sign"]
2625
);
26+
return new Uint8Array(await crypto.subtle.sign("HMAC", key, messageBytes));
27+
}
2728

29+
async function computeHMAC(password, ip, sharedSecret = "") {
2830
const ipBin = parseIP(ip);
29-
const signature = await crypto.subtle.sign("HMAC", key, ipBin);
30-
return base32encode(new Uint8Array(signature)).slice(0, parseInt(document.getElementById("length").value, 10));
31+
const pwBytes = new TextEncoder().encode(password);
32+
33+
const inner = await hmacSHA256(pwBytes, ipBin); // inner = HMAC(user_secret, ip)
34+
35+
let final;
36+
if (sharedSecret.length > 0) {
37+
const sharedBytes = new TextEncoder().encode(sharedSecret);
38+
final = await hmacSHA256(sharedBytes, inner); // final = HMAC(server_secret, inner)
39+
} else {
40+
final = inner;
41+
}
42+
43+
return base32encode(final).slice(0, parseInt(document.getElementById("length").value, 10));
3144
}
3245

3346
function parseIP(ip) {

0 commit comments

Comments
 (0)