1 // Copyright 2021 Ian Jackson and contributors to Hippotat
2 // SPDX-License-Identifier: GPL-3.0-or-later
3 // There is NO WARRANTY.
8 impl<T> T where T: Debug {
9 fn to_debug(&self) -> String { format!("{:?}", self) }
13 impl<T,E> Result<T,E> where AE: From<E> {
14 fn dcontext<D:Debug>(self, d: D) -> anyhow::Result<T> {
15 self.map_err(|e| AE::from(e)).with_context(|| d.to_debug())
19 #[derive(Error,Debug)]
20 pub enum ReadLimitedError {
21 #[error("maximum size {limit} exceeded")]
22 Truncated { sofar: Box<[u8]>, limit: usize },
24 #[error("HTTP error {0}")]
25 Hyper(#[from] hyper::Error),
28 impl ReadLimitedError {
29 pub fn discard_data(&mut self) { match self {
30 ReadLimitedError::Truncated { sofar,.. } => { mem::take(sofar); },
35 impl<T> Result<T,ReadLimitedError> {
36 fn discard_data(self) -> Self {
37 self.map_err(|mut e| { e.discard_data(); e })
41 #[throws(ReadLimitedError)]
42 pub async fn read_limited_bytes<S>(limit: usize, stream: &mut S) -> Box<[u8]>
43 where S: futures::Stream<Item=Result<hyper::body::Bytes,hyper::Error>>
45 // we also require that the Stream is cancellation-safe
47 let mut accum = vec![];
48 while let Some(item) = stream.next().await {
51 if accum.len() > limit {
52 throw!(ReadLimitedError::Truncated { limit, sofar: accum.into() })
58 use sha2::Digest as _;
60 type HmacH = sha2::Sha256;
61 const HMAC_B: usize = 64;
62 const HMAC_L: usize = 32;
64 pub fn token_hmac(key: &[u8], message: &[u8]) -> [u8; HMAC_L] {
66 let mut padded = [0; HMAC_B];
67 if key.len() > padded.len() {
68 let digest: [u8; HMAC_L] = HmacH::digest(key).into();
69 padded[0..HMAC_L].copy_from_slice(&digest);
71 padded[0.. key.len()].copy_from_slice(key);
75 let mut ikey = key; for k in &mut ikey { *k ^= 0x36; }
76 let mut okey = key; for k in &mut okey { *k ^= 0x5C; }
78 //dbg!(&key, &ikey, &okey);
92 fn hmac_test_vectors(){
95 Key = 0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
97 Data = 4869205468657265 ("Hi There")
99 HMAC-SHA-256 = b0344c61d8db38535ca8afceaf0bf12b
100 881dc200c9833da726e9376c2e32cff7
103 Key = 4a656665 ("Jefe")
104 Data = 7768617420646f2079612077616e7420 ("what do ya want ")
105 666f72206e6f7468696e673f ("for nothing?")
107 HMAC-SHA-256 = 5bdcc146bf60754e6a042426089575c7
108 5a003f089d2739839dec58b964ec3843
111 Key = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
113 Data = dddddddddddddddddddddddddddddddd
114 dddddddddddddddddddddddddddddddd
115 dddddddddddddddddddddddddddddddd
118 HMAC-SHA-256 = 773ea91e36800e46854db8ebd09181a7
119 2959098b3ef8c122d9635514ced565fe
122 Key = 0102030405060708090a0b0c0d0e0f10
123 111213141516171819 (25 bytes)
124 Data = cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd
125 cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd
126 cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd
129 HMAC-SHA-256 = 82558a389a443c0ea4cc819899f2083a
130 85f0faa3e578f8077a2e3ff46729665b
134 Key = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
135 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
136 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
137 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
138 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
139 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
140 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
141 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
143 Data = 54657374205573696e67204c61726765 ("Test Using Large")
144 72205468616e20426c6f636b2d53697a ("r Than Block-Siz")
145 65204b6579202d2048617368204b6579 ("e Key - Hash Key")
146 204669727374 (" First")
148 HMAC-SHA-256 = 60e431591ee0b67f0d8a26aacbf5b77f
149 8e0bc6213728c5140546040f0ee37f54
151 Key = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
152 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
153 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
154 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
155 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
156 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
157 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
158 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
160 Data = 54686973206973206120746573742075 ("This is a test u")
161 73696e672061206c6172676572207468 ("sing a larger th")
162 616e20626c6f636b2d73697a65206b65 ("an block-size ke")
163 7920616e642061206c61726765722074 ("y and a larger t")
164 68616e20626c6f636b2d73697a652064 ("han block-size d")
165 6174612e20546865206b6579206e6565 ("ata. The key nee")
166 647320746f2062652068617368656420 ("ds to be hashed ")
167 6265666f7265206265696e6720757365 ("before being use")
168 642062792074686520484d414320616c ("d by the HMAC al")
169 676f726974686d2e ("gorithm.")
171 HMAC-SHA-256 = 9b09ffa71b942fcb27635fbcd5b0e944
172 bfdc63644f0713938a7f51535c3a35e2
174 let vectors = regex_replace_all!{
179 let vectors = regex_replace_all!{
184 let vectors = regex_replace_all!{
189 let mut lines = vectors.split('\n');
190 assert_eq!( lines.next().unwrap(), "" );
191 let mut get = |prefix| {
192 let l = lines.next()?;
194 let b = l.strip_prefix(prefix).unwrap().as_bytes().chunks(2)
195 .map(|s| str::from_utf8(s).unwrap())
196 .map(|s| { assert_eq!(s.len(), 2); u8::from_str_radix(s,16).unwrap() })
197 .collect::<Vec<u8>>();
200 while let Some(key) = get(" Key = ") {
201 let data = get(" Data = ").unwrap();
202 let exp = get(" HMAC-SHA-256 = ").unwrap();
203 let got = token_hmac(&key, &data);
204 assert_eq!(&got[..], &exp);