From 44e941123a4c6ef44ad4e6856c09a0762b8bce86 Mon Sep 17 00:00:00 2001
Message-Id: <44e941123a4c6ef44ad4e6856c09a0762b8bce86.1715188504.git.mdw@distorted.org.uk>
From: Mark Wooding <mdw@chiark.greenend.org.uk>
Date: Sat, 10 Aug 2013 13:28:17 +0100
Subject: [PATCH 1/1] httpauth.py: Allow configuration of the hash function.
Organization: Straylight/Edgeware

From: Mark Wooding <mdw@distorted.org.uk>

---
 httpauth.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/httpauth.py b/httpauth.py
index 13ba0d1..ea978eb 100644
--- a/httpauth.py
+++ b/httpauth.py
@@ -100,7 +100,10 @@ CONF.DEFAULTS.update(
   SECRETLIFE = 30*60,
 
   ## Maximum age of an authentication key, in seconds.
-  SECRETFRESH = 5*60)
+  SECRETFRESH = 5*60,
+
+  ## Hash function to use for crypto.
+  AUTHHASH = H.sha256)
 
 def cleansecrets():
   """Remove dead secrets from the database."""
@@ -152,7 +155,7 @@ def hack_octets(s):
 
 def auth_tag(sec, stamp, nonce, user):
   """Compute a tag using secret SEC on `STAMP.NONCE.USER'."""
-  hmac = HM.HMAC(sec, digestmod = H.sha256)
+  hmac = HM.HMAC(sec, digestmod = CFG.AUTHHASH)
   hmac.update('%d.%s.%s' % (stamp, nonce, user))
   return hack_octets(hmac.digest())
 
-- 
[mdw]