server: get token, wip hmac work

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

diff --git a/src/bin/server.rs b/src/bin/server.rs
index bc56fe7fd5af97090b438de873cc1501930832d9..3e71b4134776e76778cb4373c1712fd2c3e3e50e 100644 (file)
--- a/src/bin/server.rs
+++ b/src/bin/server.rs
@@ -92,13 +92,21 @@ async fn handle(
 
     let client: ClientName = meta.need_parse().context("client addr")?;
 
-    let (client_time, hmac_got) = (||{
+    let mut hmac_got = [0; HMAC_L];
+    let (client_time, hmac_got_l) = (||{
       let token: &str = meta.need_next().context(r#"find in "m""#)?;
-      let (time_t, hmac_got) = token.split_once(' ')
+      let (time_t, hmac_b64) = token.split_once(' ')
         .ok_or_else(|| anyhow!("split"))?;
-      let time_t: u64 = time_t.parse().context("parse time_t")?;
-      Ok::<_,AE>((time_t, hmac_got))
+      let time_t = u64::from_str_radix(time_t, 16).context("parse time_t")?;
+      let l = io::copy(
+        &mut base64::read::DecoderReader::new(&mut hmac_b64.as_bytes(),
+                                              BASE64_CONFIG),
+        &mut &mut hmac_got[..]
+      ).context("parse b64 token")?;
+      let l = l.try_into()?;
+      Ok::<_,AE>((time_t, l))
     })().context("token")?;
+    let hmac_got = &hmac_got[0..hmac_got_l];
 
     let client = all_clients.get(&client);
 
@@ -113,7 +121,7 @@ async fn handle(
     let client_time_s = format!("{:x}", client_time);
     let hmac_exp = token_hmac(secret, client_time_s.as_bytes());
     // We also definitely want a consttime memeq for the hmac value
-    let hmac_ok = hmac_got.as_bytes().ct_eq(&hmac_exp);
+    let hmac_ok = hmac_got.ct_eq(&hmac_exp);
     if ! bool::from(hmac_ok & client_exists) {
       throw!(anyhow!("xxx should be a 403 error"));
     }