own hmac, Digest one's key length rules are annoying

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

diff --git a/Cargo.lock b/Cargo.lock
index c0b447a82432dc830d950eb4206b58a78320d5aa..510a42ee30fea8a9ce4f57e72e5e8489d794f7a2 100644 (file)
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -122,16 +122,6 @@ dependencies = [
  "libc",
 ]
 
-[[package]]
-name = "crypto-mac"
-version = "0.11.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b1d1a86f49236c215f271d40892d5fc950490551400b02ef360692c29815c714"
-dependencies = [
- "generic-array",
- "subtle",
-]
-
 [[package]]
 name = "digest"
 version = "0.9.0"
@@ -382,7 +372,6 @@ dependencies = [
  "fehler",
  "futures",
  "hippotat-macros",
- "hmac",
  "hyper",
  "hyper-tls",
  "ipnet",
@@ -407,16 +396,6 @@ dependencies = [
  "syn",
 ]
 
-[[package]]
-name = "hmac"
-version = "0.11.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2a2a2320eb7ec0ebe8da8f744d7812d9fc4cb4d09344ac01898dbcb6a20ae69b"
-dependencies = [
- "crypto-mac",
- "digest",
-]
-
 [[package]]
 name = "http"
 version = "0.2.4"
@@ -988,12 +967,6 @@ dependencies = [
  "syn",
 ]
 
-[[package]]
-name = "subtle"
-version = "2.4.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601"
-
 [[package]]
 name = "syn"
 version = "1.0.73"

diff --git a/Cargo.toml b/Cargo.toml
index fbca270d3a2982b813d1f107268033f120ed5757..d4f12c7271457b190c064583203a2e5c32c48aae 100644 (file)
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -41,12 +41,3 @@ void = "1"
 extend = "1"           # no deps not in sid
 fehler = "1"           # no deps (other than fehler-macros, obvs)
 lazy-regex = "2"       # no deps not in sid
-
-hmac = "0.11"
-# ^ more troublesome.  runtime deps are
-#      crypto-mac      not in sid, all deps in sid
-#      digest          in sid
-#   plus dev-dependencies probably for testing with test vectors
-#      sha2            in sid
-#      md-5            not in sid, disable ?
-#      streebog        not in sid, disable ? (OST algorithms)

diff --git a/src/utils.rs b/src/utils.rs
index 317c84071e2d6c0a987af1d650a2e1a914d27dfb..95498f95af7a33a2202124b4fe328f23bc911d3d 100644 (file)
--- a/src/utils.rs
+++ b/src/utils.rs
@@ -15,3 +15,33 @@ impl<T,E> Result<T,E> where AE: From<E> {
     self.map_err(|e| AE::from(e)).with_context(|| d.to_debug())
   }
 }
+
+use sha2::Digest as _;
+
+type HmacH = sha2::Sha256;
+const HMAC_L: usize = 32;
+
+#[throws(AE)]
+fn token_hmac(key: &[u8], message: &[u8]) -> [u8; HMAC_L] {
+  let key = {
+    let mut padded = [0; HMAC_L];
+    if key.len() > HMAC_L {
+      padded = HmacH::digest(key).into();
+    } else {
+      padded[0.. key.len()].copy_from_slice(key);
+    }
+    padded
+  };
+  let mut ikey = key;  for k in &mut ikey { *k ^= 0x36; }
+  let mut okey = key;  for k in &mut okey { *k ^= 0x5C; }
+
+  let h1 = HmacH::new()
+    .chain(&ikey)
+    .chain(message)
+    .finalize();
+  let h2 = HmacH::new()
+    .chain(&okey)
+    .chain(h1)
+    .finalize();
+  h2.into()
+}