Homec4science

Move most remaining sha1() calls to HMAC

Authored by epriestley <git@epriestley.com> on Dec 18 2011, 20:00.

Description

Move most remaining sha1() calls to HMAC

Summary:

  • For context, see T547. This is the last (maybe?) in a series of diffs that

moves us off raw sha1() calls in order to make it easier to audit the codebase
for correct use of hash functions.

  • This breaks CSRF tokens. Any open forms will generate an error when

submitted, so maybe upgrade off-peak.

  • We now generate HMAC mail keys but accept MAC or HMAC. In a few months, we

can remove the MAC version.

  • The only remaining callsite is Conduit. We can't use HMAC since Arcanist

would need to know the key. {T550} provides a better solution to this, anyway.

Test Plan:

  • Verified CSRF tokens generate properly.
  • Manually changed CSRF to an incorrect value and got an error.
  • Verified mail generates with a new mail hash.
  • Verified Phabricator accepts both old and new mail hashes.
  • Verified Phabricator rejects bad mail hashes.
  • Checked user log, things look OK.

Reviewers: btrahan, jungejason, benmathews

Reviewed By: btrahan

CC: aran, epriestley, btrahan

Maniphest Tasks: T547

Differential Revision: 1237

Details

Committed
epriestley <git@epriestley.com>Dec 19 2011, 17:56
Pushed
aubortJan 31 2017, 17:16
Parents
rPH5f1b3937e5cb: Added Outlook boundaries for email parser
Branches
Unknown
Tags
Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPHe45ffda55a9a: Move most remaining sha1() calls to HMAC (authored by epriestley <git@epriestley.com>).Dec 19 2011, 17:56