From: Mark Wooding <mdw@distorted.org.uk>
Date: Sat, 10 Aug 2013 12:28:17 +0000 (+0100)
Subject: httpauth.py: Allow configuration of the hash function.
X-Git-Tag: 1.0.2~4
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/chopwood/commitdiff_plain/44e941123a4c6ef44ad4e6856c09a0762b8bce86?hp=c958c9a5b4de96fe309fce0e598215b0d411e33a

httpauth.py: Allow configuration of the hash function.
---

diff --git a/httpauth.py b/httpauth.py
index 13ba0d1..ea978eb 100644
--- a/httpauth.py
+++ b/httpauth.py
@@ -100,7 +100,10 @@ CONF.DEFAULTS.update(
   SECRETLIFE = 30*60,
 
   ## Maximum age of an authentication key, in seconds.
-  SECRETFRESH = 5*60)
+  SECRETFRESH = 5*60,
+
+  ## Hash function to use for crypto.
+  AUTHHASH = H.sha256)
 
 def cleansecrets():
   """Remove dead secrets from the database."""
@@ -152,7 +155,7 @@ def hack_octets(s):
 
 def auth_tag(sec, stamp, nonce, user):
   """Compute a tag using secret SEC on `STAMP.NONCE.USER'."""
-  hmac = HM.HMAC(sec, digestmod = H.sha256)
+  hmac = HM.HMAC(sec, digestmod = CFG.AUTHHASH)
   hmac.update('%d.%s.%s' % (stamp, nonce, user))
   return hack_octets(hmac.digest())