From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Sat, 31 Jul 2021 22:36:01 +0000 (+0100)
Subject: own hmac, Digest one's key length rules are annoying
X-Git-Tag: hippotat/1.0.0~408
X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ian/git?a=commitdiff_plain;h=f1a9a3aef3c7d190ff048264aaea343f3148033a;p=hippotat.git

own hmac, Digest one's key length rules are annoying

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---

diff --git a/Cargo.lock b/Cargo.lock
index c0b447a..510a42e 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -122,16 +122,6 @@ dependencies = [
  "libc",
 ]
 
-[[package]]
-name = "crypto-mac"
-version = "0.11.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b1d1a86f49236c215f271d40892d5fc950490551400b02ef360692c29815c714"
-dependencies = [
- "generic-array",
- "subtle",
-]
-
 [[package]]
 name = "digest"
 version = "0.9.0"
@@ -382,7 +372,6 @@ dependencies = [
  "fehler",
  "futures",
  "hippotat-macros",
- "hmac",
  "hyper",
  "hyper-tls",
  "ipnet",
@@ -407,16 +396,6 @@ dependencies = [
  "syn",
 ]
 
-[[package]]
-name = "hmac"
-version = "0.11.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2a2a2320eb7ec0ebe8da8f744d7812d9fc4cb4d09344ac01898dbcb6a20ae69b"
-dependencies = [
- "crypto-mac",
- "digest",
-]
-
 [[package]]
 name = "http"
 version = "0.2.4"
@@ -988,12 +967,6 @@ dependencies = [
  "syn",
 ]
 
-[[package]]
-name = "subtle"
-version = "2.4.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601"
-
 [[package]]
 name = "syn"
 version = "1.0.73"
diff --git a/Cargo.toml b/Cargo.toml
index fbca270..d4f12c7 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -41,12 +41,3 @@ void = "1"
 extend = "1"		# no deps not in sid
 fehler = "1"		# no deps (other than fehler-macros, obvs)
 lazy-regex = "2"	# no deps not in sid
-
-hmac = "0.11"
-# ^ more troublesome.  runtime deps are
-#	crypto-mac	not in sid, all deps in sid
-#	digest		in sid
-#   plus dev-dependencies probably for testing with test vectors
-#	sha2		in sid
-#	md-5		not in sid, disable ?
-#	streebog	not in sid, disable ? (OST algorithms)
diff --git a/src/utils.rs b/src/utils.rs
index 317c840..95498f9 100644
--- a/src/utils.rs
+++ b/src/utils.rs
@@ -15,3 +15,33 @@ impl<T,E> Result<T,E> where AE: From<E> {
     self.map_err(|e| AE::from(e)).with_context(|| d.to_debug())
   }
 }
+
+use sha2::Digest as _;
+
+type HmacH = sha2::Sha256;
+const HMAC_L: usize = 32;
+
+#[throws(AE)]
+fn token_hmac(key: &[u8], message: &[u8]) -> [u8; HMAC_L] {
+  let key = {
+    let mut padded = [0; HMAC_L];
+    if key.len() > HMAC_L {
+      padded = HmacH::digest(key).into();
+    } else {
+      padded[0.. key.len()].copy_from_slice(key);
+    }
+    padded
+  };
+  let mut ikey = key;  for k in &mut ikey { *k ^= 0x36; }
+  let mut okey = key;  for k in &mut okey { *k ^= 0x5C; }
+
+  let h1 = HmacH::new()
+    .chain(&ikey)
+    .chain(message)
+    .finalize();
+  let h2 = HmacH::new()
+    .chain(&okey)
+    .chain(h1)
+    .finalize();
+  h2.into()
+}