our $VERSION = '1.00';
sub generate_csrf_token {
- my ($id, $secret) = @_;
+ my ($id, $secret, $random, $time) = @_;
- my $time = time;
+ $time //= time;
my $digest = Digest::HMAC_SHA1::hmac_sha1($time . "/" . $id, $secret);
my @digest_bytes = _to_byte_array($digest);
# Mask the token to avoid the BREACH attack.
- my $random = Bytes::Random::Secure::random_bytes(scalar @digest_bytes);
+ if (!defined($random) || length($random) != length($digest)) {
+ $random = Bytes::Random::Secure::random_bytes(scalar @digest_bytes);
+ }
my @random_bytes = _to_byte_array($random);
my $masked_token = "";