From 97de95f6e4b19551758a92904de048e52049a562 Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Tue, 10 Aug 2021 01:40:06 +0100 Subject: [PATCH] server: get token, wip hmac work Signed-off-by: Ian Jackson --- src/bin/server.rs | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/src/bin/server.rs b/src/bin/server.rs index bc56fe7..3e71b41 100644 --- a/src/bin/server.rs +++ b/src/bin/server.rs @@ -92,13 +92,21 @@ async fn handle( let client: ClientName = meta.need_parse().context("client addr")?; - let (client_time, hmac_got) = (||{ + let mut hmac_got = [0; HMAC_L]; + let (client_time, hmac_got_l) = (||{ let token: &str = meta.need_next().context(r#"find in "m""#)?; - let (time_t, hmac_got) = token.split_once(' ') + let (time_t, hmac_b64) = token.split_once(' ') .ok_or_else(|| anyhow!("split"))?; - let time_t: u64 = time_t.parse().context("parse time_t")?; - Ok::<_,AE>((time_t, hmac_got)) + let time_t = u64::from_str_radix(time_t, 16).context("parse time_t")?; + let l = io::copy( + &mut base64::read::DecoderReader::new(&mut hmac_b64.as_bytes(), + BASE64_CONFIG), + &mut &mut hmac_got[..] + ).context("parse b64 token")?; + let l = l.try_into()?; + Ok::<_,AE>((time_t, l)) })().context("token")?; + let hmac_got = &hmac_got[0..hmac_got_l]; let client = all_clients.get(&client); @@ -113,7 +121,7 @@ async fn handle( let client_time_s = format!("{:x}", client_time); let hmac_exp = token_hmac(secret, client_time_s.as_bytes()); // We also definitely want a consttime memeq for the hmac value - let hmac_ok = hmac_got.as_bytes().ct_eq(&hmac_exp); + let hmac_ok = hmac_got.ct_eq(&hmac_exp); if ! bool::from(hmac_ok & client_exists) { throw!(anyhow!("xxx should be a 403 error")); } -- 2.30.2