1 // Copyright 2021-2022 Ian Jackson and contributors to Hippotat
2 // SPDX-License-Identifier: GPL-3.0-or-later WITH LicenseRef-Hippotat-OpenSSL-Exception
3 // There is NO WARRANTY.
8 impl<T> T where T: Debug {
9 fn to_debug(&self) -> String { format!("{:?}", self) }
13 impl<T,E> Result<T,E> where AE: From<E> {
14 fn dcontext<D:Debug>(self, d: D) -> anyhow::Result<T> {
15 self.map_err(|e| AE::from(e)).with_context(|| d.to_debug())
19 #[derive(Error,Debug)]
20 pub enum ReadLimitedError {
21 #[error("maximum size {limit} exceeded")]
22 Truncated { sofar: Box<[u8]>, limit: usize },
24 #[error("HTTP error {0}")]
25 Hyper(#[from] hyper::Error),
28 impl ReadLimitedError {
29 pub fn discard_data(&mut self) { match self {
30 ReadLimitedError::Truncated { sofar,.. } => { mem::take(sofar); },
35 impl<T> Result<T,ReadLimitedError> {
36 fn discard_data(self) -> Self {
37 self.map_err(|mut e| { e.discard_data(); e })
41 // Works around the lack of ErrorKind::IsADirectory
42 // #![feature(io_error_more)]
43 // https://github.com/rust-lang/rust/issues/86442
46 fn is_is_a_directory(&self) -> bool {
48 .unwrap_or_else(|| panic!(
49 "trying to tell whether Kind is IsADirectory for non-OS error io::Error {}",
55 #[throws(ReadLimitedError)]
56 pub async fn read_limited_bytes<S>(limit: usize, initial: Box<[u8]>,
58 stream: &mut S) -> Box<[u8]>
59 where S: futures::Stream<Item=Result<hyper::body::Bytes,hyper::Error>>
61 // we also require that the Stream is cancellation-safe
63 let mut accum = initial.into_vec();
64 let capacity = min(limit, capacity);
65 if capacity > accum.len() { accum.reserve(capacity - accum.len()); }
66 while let Some(item) = stream.next().await {
69 if accum.len() > limit {
70 throw!(ReadLimitedError::Truncated { limit, sofar: accum.into() })
76 pub fn time_t_now() -> u64 {
78 .duration_since(UNIX_EPOCH)
79 .unwrap_or_else(|_| Duration::default()) // clock is being weird
83 use sha2::Digest as _;
84 use sha2::digest::Update as _;
86 pub type HmacH = sha2::Sha256;
87 pub const HMAC_B: usize = 64;
88 pub const HMAC_L: usize = 32;
90 pub fn token_hmac(key: &[u8], message: &[u8]) -> [u8; HMAC_L] {
92 let mut padded = [0; HMAC_B];
93 if key.len() > padded.len() {
94 let digest: [u8; HMAC_L] = HmacH::digest(key).into();
95 padded[0..HMAC_L].copy_from_slice(&digest);
97 padded[0.. key.len()].copy_from_slice(key);
101 let mut ikey = key; for k in &mut ikey { *k ^= 0x36; }
102 let mut okey = key; for k in &mut okey { *k ^= 0x5C; }
104 //dbg!(DumpHex(&key), DumpHex(message), DumpHex(&ikey), DumpHex(&okey));
106 let h1 = HmacH::new()
110 let h2 = HmacH::new()
118 fn hmac_test_vectors(){
121 Key = 0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
123 Data = 4869205468657265 ("Hi There")
125 HMAC-SHA-256 = b0344c61d8db38535ca8afceaf0bf12b
126 881dc200c9833da726e9376c2e32cff7
129 Key = 4a656665 ("Jefe")
130 Data = 7768617420646f2079612077616e7420 ("what do ya want ")
131 666f72206e6f7468696e673f ("for nothing?")
133 HMAC-SHA-256 = 5bdcc146bf60754e6a042426089575c7
134 5a003f089d2739839dec58b964ec3843
137 Key = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
139 Data = dddddddddddddddddddddddddddddddd
140 dddddddddddddddddddddddddddddddd
141 dddddddddddddddddddddddddddddddd
144 HMAC-SHA-256 = 773ea91e36800e46854db8ebd09181a7
145 2959098b3ef8c122d9635514ced565fe
148 Key = 0102030405060708090a0b0c0d0e0f10
149 111213141516171819 (25 bytes)
150 Data = cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd
151 cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd
152 cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd
155 HMAC-SHA-256 = 82558a389a443c0ea4cc819899f2083a
156 85f0faa3e578f8077a2e3ff46729665b
160 Key = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
161 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
162 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
163 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
164 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
165 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
166 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
167 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
169 Data = 54657374205573696e67204c61726765 ("Test Using Large")
170 72205468616e20426c6f636b2d53697a ("r Than Block-Siz")
171 65204b6579202d2048617368204b6579 ("e Key - Hash Key")
172 204669727374 (" First")
174 HMAC-SHA-256 = 60e431591ee0b67f0d8a26aacbf5b77f
175 8e0bc6213728c5140546040f0ee37f54
177 Key = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
178 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
179 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
180 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
181 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
182 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
183 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
184 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
186 Data = 54686973206973206120746573742075 ("This is a test u")
187 73696e672061206c6172676572207468 ("sing a larger th")
188 616e20626c6f636b2d73697a65206b65 ("an block-size ke")
189 7920616e642061206c61726765722074 ("y and a larger t")
190 68616e20626c6f636b2d73697a652064 ("han block-size d")
191 6174612e20546865206b6579206e6565 ("ata. The key nee")
192 647320746f2062652068617368656420 ("ds to be hashed ")
193 6265666f7265206265696e6720757365 ("before being use")
194 642062792074686520484d414320616c ("d by the HMAC al")
195 676f726974686d2e ("gorithm.")
197 HMAC-SHA-256 = 9b09ffa71b942fcb27635fbcd5b0e944
198 bfdc63644f0713938a7f51535c3a35e2
200 let vectors = regex_replace_all!{
205 let vectors = regex_replace_all!{
210 let vectors = regex_replace_all!{
215 let mut lines = vectors.split('\n');
216 assert_eq!( lines.next().unwrap(), "" );
217 let mut get = |prefix| {
218 let l = lines.next()?;
220 let b = l.strip_prefix(prefix).unwrap().as_bytes().chunks(2)
221 .map(|s| str::from_utf8(s).unwrap())
222 .map(|s| { assert_eq!(s.len(), 2); u8::from_str_radix(s,16).unwrap() })
223 .collect::<Vec<u8>>();
226 while let Some(key) = get(" Key = ") {
227 let data = get(" Data = ").unwrap();
228 let exp = get(" HMAC-SHA-256 = ").unwrap();
229 let got = token_hmac(&key, &data);
230 assert_eq!(&got[..], &exp);