Python credstash uses strings for the HMAC (#11)

This is a slight adaptation of winebarrel#12. It also fixes winebarrel#7.
kgaughan · Jun 10, 2023 · 1d6274a · 1d6274a
1 parent 3b5849d
commit 1d6274a
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/src/gcredstash/driver.go b/src/gcredstash/driver.go
@@ -83,9 +83,14 @@ func (driver *Driver) DecryptMaterial(name string, material map[string]*dynamodb
 		return "", err
 	}
 
-	contents := B64Decode(*material["contents"].S)
-	hmac := HexDecode(*material["hmac"].S)
+	var hmac []byte
+	if len(material["hmac"].B) == 0 {
+		hmac = HexDecode(*material["hmac"].S)
+	} else {
+		hmac = HexDecode(string(material["hmac"].B))
+	}
 
+	contents := B64Decode(*material["contents"].S)
 	if !ValidateHMAC(contents, hmac, hmacKey) {
 		return "", fmt.Errorf("%s: %w", name, ErrBadHMAC)
 	}