let client: ClientName = meta.need_parse().context("client addr")?;
- let (client_time, hmac_got) = (||{
+ let mut hmac_got = [0; HMAC_L];
+ let (client_time, hmac_got_l) = (||{
let token: &str = meta.need_next().context(r#"find in "m""#)?;
- let (time_t, hmac_got) = token.split_once(' ')
+ let (time_t, hmac_b64) = token.split_once(' ')
.ok_or_else(|| anyhow!("split"))?;
- let time_t: u64 = time_t.parse().context("parse time_t")?;
- Ok::<_,AE>((time_t, hmac_got))
+ let time_t = u64::from_str_radix(time_t, 16).context("parse time_t")?;
+ let l = io::copy(
+ &mut base64::read::DecoderReader::new(&mut hmac_b64.as_bytes(),
+ BASE64_CONFIG),
+ &mut &mut hmac_got[..]
+ ).context("parse b64 token")?;
+ let l = l.try_into()?;
+ Ok::<_,AE>((time_t, l))
})().context("token")?;
+ let hmac_got = &hmac_got[0..hmac_got_l];
let client = all_clients.get(&client);
let client_time_s = format!("{:x}", client_time);
let hmac_exp = token_hmac(secret, client_time_s.as_bytes());
// We also definitely want a consttime memeq for the hmac value
- let hmac_ok = hmac_got.as_bytes().ct_eq(&hmac_exp);
+ let hmac_ok = hmac_got.ct_eq(&hmac_exp);
if ! bool::from(hmac_ok & client_exists) {
throw!(anyhow!("xxx should be a 403 error"));
}