From 8b3982ada921af765e7ede7dd3c77ef3fbf075f1 Mon Sep 17 00:00:00 2001 From: drebs Date: Tue, 18 Nov 2014 14:21:58 -0200 Subject: Standardize export of secrets to avoid miscalculation of MAC. --- client/src/leap/soledad/client/secrets.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/client/src/leap/soledad/client/secrets.py b/client/src/leap/soledad/client/secrets.py index b0e54220..af781a26 100644 --- a/client/src/leap/soledad/client/secrets.py +++ b/client/src/leap/soledad/client/secrets.py @@ -403,7 +403,7 @@ class SoledadSecrets(object): crypto.MAC_METHOD_KEY: crypto.MacMethods.HMAC, crypto.MAC_KEY: hmac.new( key, - json.dumps(encrypted_secrets), + json.dumps(encrypted_secrets, sort_keys=True), sha256).hexdigest(), } return data @@ -440,7 +440,8 @@ class SoledadSecrets(object): buflen=32) mac = hmac.new( key, - json.dumps(data[self.STORAGE_SECRETS_KEY]), + json.dumps( + data[self.STORAGE_SECRETS_KEY], sort_keys=True), sha256).hexdigest() else: raise crypto.UnknownMacMethodError('Unknown MAC method: %s.' % -- cgit v1.2.3