1 // Copyright 2021 Ian Jackson and contributors to Hippotat
2 // SPDX-License-Identifier: GPL-3.0-or-later
3 // There is NO WARRANTY.
8 impl<T> T where T: Debug {
9 fn to_debug(&self) -> String { format!("{:?}", self) }
13 impl<T,E> Result<T,E> where AE: From<E> {
14 fn dcontext<D:Debug>(self, d: D) -> anyhow::Result<T> {
15 self.map_err(|e| AE::from(e)).with_context(|| d.to_debug())
20 pub async fn read_limited_body<S,E>(limit: usize, mut stream: S) -> Box<[u8]>
21 where S: futures::Stream<Item=Result<hyper::body::Bytes,E>> + Unpin,
22 // we also require that the Stream is cancellation-safe
23 E: std::error::Error + Sync + Send + 'static,
25 let mut accum = vec![];
26 while let Some(item) = stream.next().await {
27 let b = item.context("HTTP error fetching response body")?;
28 if accum.len() + b.len() > limit {
29 throw!(anyhow!("maximum response body size {} exceeded", limit));
36 use sha2::Digest as _;
38 type HmacH = sha2::Sha256;
39 const HMAC_B: usize = 64;
40 const HMAC_L: usize = 32;
42 pub fn token_hmac(key: &[u8], message: &[u8]) -> [u8; HMAC_L] {
44 let mut padded = [0; HMAC_B];
45 if key.len() > padded.len() {
46 let digest: [u8; HMAC_L] = HmacH::digest(key).into();
47 padded[0..HMAC_L].copy_from_slice(&digest);
49 padded[0.. key.len()].copy_from_slice(key);
53 let mut ikey = key; for k in &mut ikey { *k ^= 0x36; }
54 let mut okey = key; for k in &mut okey { *k ^= 0x5C; }
56 //dbg!(&key, &ikey, &okey);
70 fn hmac_test_vectors(){
73 Key = 0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
75 Data = 4869205468657265 ("Hi There")
77 HMAC-SHA-256 = b0344c61d8db38535ca8afceaf0bf12b
78 881dc200c9833da726e9376c2e32cff7
81 Key = 4a656665 ("Jefe")
82 Data = 7768617420646f2079612077616e7420 ("what do ya want ")
83 666f72206e6f7468696e673f ("for nothing?")
85 HMAC-SHA-256 = 5bdcc146bf60754e6a042426089575c7
86 5a003f089d2739839dec58b964ec3843
89 Key = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
91 Data = dddddddddddddddddddddddddddddddd
92 dddddddddddddddddddddddddddddddd
93 dddddddddddddddddddddddddddddddd
96 HMAC-SHA-256 = 773ea91e36800e46854db8ebd09181a7
97 2959098b3ef8c122d9635514ced565fe
100 Key = 0102030405060708090a0b0c0d0e0f10
101 111213141516171819 (25 bytes)
102 Data = cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd
103 cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd
104 cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd
107 HMAC-SHA-256 = 82558a389a443c0ea4cc819899f2083a
108 85f0faa3e578f8077a2e3ff46729665b
112 Key = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
113 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
114 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
115 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
116 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
117 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
118 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
119 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
121 Data = 54657374205573696e67204c61726765 ("Test Using Large")
122 72205468616e20426c6f636b2d53697a ("r Than Block-Siz")
123 65204b6579202d2048617368204b6579 ("e Key - Hash Key")
124 204669727374 (" First")
126 HMAC-SHA-256 = 60e431591ee0b67f0d8a26aacbf5b77f
127 8e0bc6213728c5140546040f0ee37f54
129 Key = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
130 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
131 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
132 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
133 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
134 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
135 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
136 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
138 Data = 54686973206973206120746573742075 ("This is a test u")
139 73696e672061206c6172676572207468 ("sing a larger th")
140 616e20626c6f636b2d73697a65206b65 ("an block-size ke")
141 7920616e642061206c61726765722074 ("y and a larger t")
142 68616e20626c6f636b2d73697a652064 ("han block-size d")
143 6174612e20546865206b6579206e6565 ("ata. The key nee")
144 647320746f2062652068617368656420 ("ds to be hashed ")
145 6265666f7265206265696e6720757365 ("before being use")
146 642062792074686520484d414320616c ("d by the HMAC al")
147 676f726974686d2e ("gorithm.")
149 HMAC-SHA-256 = 9b09ffa71b942fcb27635fbcd5b0e944
150 bfdc63644f0713938a7f51535c3a35e2
152 let vectors = regex_replace_all!{
157 let vectors = regex_replace_all!{
162 let vectors = regex_replace_all!{
167 let mut lines = vectors.split('\n');
168 assert_eq!( lines.next().unwrap(), "" );
169 let mut get = |prefix| {
170 let l = lines.next()?;
172 let b = l.strip_prefix(prefix).unwrap().as_bytes().chunks(2)
173 .map(|s| str::from_utf8(s).unwrap())
174 .map(|s| { assert_eq!(s.len(), 2); u8::from_str_radix(s,16).unwrap() })
175 .collect::<Vec<u8>>();
178 while let Some(key) = get(" Key = ") {
179 let data = get(" Data = ").unwrap();
180 let exp = get(" HMAC-SHA-256 = ").unwrap();
181 let got = token_hmac(&key, &data);
182 assert_eq!(&got[..], &exp);