Skip to content

Replaced md5 token info hash with sha256 #2947

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 13 commits into from
Apr 9, 2025
Merged

Replaced md5 token info hash with sha256 #2947

Changes from 2 commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
61e938e
changed token info hash for SFI concerns
wonwuakpa-msft Feb 20, 2025
9c6a061
Merge branch 'main' into wendi/change-hash
wonwuakpa-msft Feb 20, 2025
1e60d5c
Merge branch 'main' into wendi/change-hash
wonwuakpa-msft Feb 21, 2025
612c9c8
Merge branch 'main' into wendi/change-hash
wonwuakpa-msft Feb 27, 2025
3d16f92
Merge branch 'main' into wendi/change-hash
wonwuakpa-msft Mar 11, 2025
ce038c9
UT test for LoadToken() using SHA256
wonwuakpa-msft Mar 15, 2025
8ccc458
Merge branch 'wendi/change-hash' of https://github.com/Azure/azure-st…
wonwuakpa-msft Mar 15, 2025
e8124be
Merge branch 'main' into wendi/change-hash
wonwuakpa-msft Mar 20, 2025
8eb5a42
Merge branch 'main' into wendi/change-hash
dphulkar-msft Mar 25, 2025
49a73ef
Merge branch 'main' into wendi/change-hash
wonwuakpa-msft Mar 26, 2025
e147609
Merge branch 'main' into wendi/change-hash
wonwuakpa-msft Apr 2, 2025
b7dcab0
Merge branch 'main' into wendi/change-hash
wonwuakpa-msft Apr 3, 2025
a26f6ea
Merge branch 'main' into wendi/change-hash
wonwuakpa-msft Apr 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 7 additions & 7 deletions common/credCacheInternal_windows.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ package common

import (
"bytes"
"crypto/md5"
"crypto/sha256"
"encoding/json"
"errors"
"fmt"
Expand Down Expand Up @@ -114,7 +114,7 @@ func (c *CredCacheInternalIntegration) removeCachedTokenInternal() error {
// segmentTokenInfo is used to present information about segmented token saved in credential manager.
type segmentedTokenHeader struct {
SegmentNum string `json:"SegmentNum"`
MD5Hash string `json:"MD5Hash"`
SHA256Hash string `json:"SHA256Hash"`
}

// loadTokenInternal restores a Token object from file cache.
Expand Down Expand Up @@ -147,12 +147,12 @@ func (c *CredCacheInternalIntegration) loadTokenInternal() (*OAuthTokenInfo, err
}
tokenInfo = buffer.Bytes()

// Do md5 validation, ensuring the token is consistent
md5OfReadTokenInfo := fmt.Sprintf("%x", md5.Sum(tokenInfo))
if md5OfReadTokenInfo != segmentedTokenHeader.MD5Hash {
// Do sha256 validation, ensuring the token is consistent
sha256OfReadTokenInfo := fmt.Sprintf("%x", sha256.Sum256(tokenInfo)) // returns 32 byte checksum
if sha256OfReadTokenInfo != segmentedTokenHeader.SHA256Hash {
return nil, fmt.Errorf(
"segmented token broken, MD5 mismatch, expected: %s, get: %s",
segmentedTokenHeader.MD5Hash, md5OfReadTokenInfo)
"segmented token broken, SHA256 hash mismatch, expected: %s, get: %s",
segmentedTokenHeader.SHA256Hash, sha256OfReadTokenInfo)
}
}

Expand Down
Loading