This is an automated email from the ASF dual-hosted git repository. gstein pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/steve.git
commit af9924686fc09b8ee2fb3e434522316fe923a24f Author: Greg Stein <[email protected]> AuthorDate: Sun May 29 19:20:57 2022 -0500 Accept a salt for opened_key creation. Like the recent change for token creation, the opened_key sometimes needs to be re-computed with the prior salt to get the same value, in order to detect tampering of the election data. Thus, take the salt as a parameter, rather than internal creation and return. --- v3/steve/crypto.py | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/v3/steve/crypto.py b/v3/steve/crypto.py index be7d560..7a07e69 100644 --- a/v3/steve/crypto.py +++ b/v3/steve/crypto.py @@ -35,14 +35,9 @@ def gen_salt() -> bytes: return passlib.utils.getrandbytes(passlib.utils.rng, SALT_LEN) -### fix the types of the election metadata and issue data -### fix return type, to be a tuple -def gen_opened_key(election: bytes, issues: bytes) -> bytes: +def gen_opened_key(edata: bytes, salt: bytes) -> bytes: "Generate the OpenedKey for this election." - salt = gen_salt() - ### TBD: map ELECTION and ISSUES parameters to bytes - opened_key = _hash(election + issues, salt) - return salt, opened_key + return _hash(edata, salt) def gen_token(opened_key: bytes, value: bytes, salt: bytes) -> bytes:
