Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Replaced md5 token info hash with sha256 #2947

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Replaced md5 token info hash with sha256 #2947

Changes from 2 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
61e938e
changed token info hash for SFI concerns
wonwuakpa-msft Feb 20, 2025
9c6a061
Merge branch 'main' into wendi/change-hash
wonwuakpa-msft Feb 20, 2025
1e60d5c
Merge branch 'main' into wendi/change-hash
wonwuakpa-msft Feb 21, 2025
612c9c8
Merge branch 'main' into wendi/change-hash
wonwuakpa-msft Feb 27, 2025
3d16f92
Merge branch 'main' into wendi/change-hash
wonwuakpa-msft Mar 11, 2025
ce038c9
UT test for LoadToken() using SHA256
wonwuakpa-msft Mar 15, 2025
8ccc458
Merge branch 'wendi/change-hash' of https://github.com/Azure/azure-st…
wonwuakpa-msft Mar 15, 2025
e8124be
Merge branch 'main' into wendi/change-hash
wonwuakpa-msft Mar 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 7 additions & 7 deletions common/credCacheInternal_windows.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ package common

import (
"bytes"
"crypto/md5"
"crypto/sha256"
"encoding/json"
"errors"
"fmt"
Expand Down Expand Up @@ -114,7 +114,7 @@ func (c *CredCacheInternalIntegration) removeCachedTokenInternal() error {
// segmentTokenInfo is used to present information about segmented token saved in credential manager.
type segmentedTokenHeader struct {
SegmentNum string `json:"SegmentNum"`
MD5Hash string `json:"MD5Hash"`
SHA256Hash string `json:"SHA256Hash"`
}

// loadTokenInternal restores a Token object from file cache.
Expand Down Expand Up @@ -147,12 +147,12 @@ func (c *CredCacheInternalIntegration) loadTokenInternal() (*OAuthTokenInfo, err
}
tokenInfo = buffer.Bytes()

// Do md5 validation, ensuring the token is consistent
md5OfReadTokenInfo := fmt.Sprintf("%x", md5.Sum(tokenInfo))
if md5OfReadTokenInfo != segmentedTokenHeader.MD5Hash {
// Do sha256 validation, ensuring the token is consistent
sha256OfReadTokenInfo := fmt.Sprintf("%x", sha256.Sum256(tokenInfo)) // returns 32 byte checksum
if sha256OfReadTokenInfo != segmentedTokenHeader.SHA256Hash {
return nil, fmt.Errorf(
"segmented token broken, MD5 mismatch, expected: %s, get: %s",
segmentedTokenHeader.MD5Hash, md5OfReadTokenInfo)
"segmented token broken, SHA256 hash mismatch, expected: %s, get: %s",
segmentedTokenHeader.SHA256Hash, sha256OfReadTokenInfo)
}
}

Expand Down
Loading