mirror of
https://git.proxmox.com/git/proxmox
synced 2025-11-04 08:13:32 +00:00
4d6922e2c4
previously we used our own hmac-like implementation for csrf token signing that simply appended the key to the message (csrf token). however, this is possibly insecure as an attacker that finds a collision in the hash function can easily forge a signature. after all, two messages would then produce the same start conditions before hashing the key. while this is probably a theoretic attack on our csrf implementation, it does not hurt to move to the safer standard hmac implementation that avoids such pitfalls. this commit re-uses the hmac key wrapper used for the keyring. it also keeps the old construction around so we can use it for a transition period between old and new csrf token implementations. this is a breaking change as it changes the signature of the `csrf_secret` method of the `AuthContext` trait to return an hmac key. also exposes `assemble_csrf_prevention_toke` so we can re-use this code here instead of duplicating it in e.g. proxmox-backup's auth_helpers. Signed-off-by: Stefan Sterz <s.sterz@proxmox.com> |
||
|---|---|---|
| .. | ||
| debian | ||
| examples | ||
| src | ||
| Cargo.toml | ||