Use hmac.Write instead of hmac.Sum when verifying tokens #25

Merged
dan merged 1 commits from hmac_size_fix into master 2020-07-21 16:38:29 +00:00
2 changed files with 4 additions and 2 deletions

View File

@ -72,7 +72,8 @@ func (t *Token) unblindSignedToken(token SignedToken) {
func (t *Token) SpendToken(data []byte) SpentToken {
key := sha3.Sum256(append(t.t, t.W.Encode(nil)...))
mac := hmac.New(sha3.New512, key[:])
return SpentToken{t.t, mac.Sum(data)}
mac.Write(data)
return SpentToken{t.t, mac.Sum(nil)}
}
// GenerateBlindedTokenBatch generates a batch of blinded tokens (and their unblinded equivalents)

View File

@ -136,7 +136,8 @@ func (ts *TokenServer) SpendToken(token SpentToken, data []byte) error {
W := new(ristretto.Element).ScalarMult(ts.k, T)
key := sha3.Sum256(append(token.T, W.Encode(nil)...))
mac := hmac.New(sha3.New512, key[:])
computedMAC := mac.Sum(data)
mac.Write(data)
computedMAC := mac.Sum(nil)
result := hmac.Equal(token.MAC, computedMAC)
if result == true {
if ts.persistanceService == nil {