Switch HMAC to BLAKE2s-256
This commit is contained in:
parent
94fa1efd62
commit
f0328b27cd
|
@ -3,6 +3,5 @@ include ../taps/depends.tup
|
|||
NIM_FLAGS += --path:$(TUP_CWD)/../nim
|
||||
NIM_FLAGS += --path:$(TUP_CWD)/../preserves-nim/src
|
||||
NIM_FLAGS += --path:$(TUP_CWD)/../taps/src
|
||||
NIM_FLAGS += --path:%<nimsha2>
|
||||
NIM_GROUPS += $(TUP_CWD)/../nimble/<nimsha2>
|
||||
NIM_FLAGS += --path:$(TUP_CWD)/../hashlib
|
||||
NIM_GROUPS += $(TUP_CWD)/<protocol>
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
include_rules
|
||||
NIM_FLAGS += --path:$(TUP_CWD)/..
|
||||
: foreach *.nim |> !nim_check |>
|
||||
: capabilities.nim |> !nim_bin |> $(BIN_DIR)/mint
|
||||
|
|
|
@ -1,18 +1,24 @@
|
|||
# SPDX-FileCopyrightText: ☭ 2021 Emery Hemingway
|
||||
# SPDX-FileCopyrightText: ☭ Emery Hemingway
|
||||
# SPDX-License-Identifier: Unlicense
|
||||
|
||||
from std/sequtils import toSeq
|
||||
import hashlib/misc/blake2
|
||||
|
||||
import preserves
|
||||
import ./protocols/sturdy, ./private/hmacs
|
||||
import ./protocols/sturdy
|
||||
from ./actors import Ref
|
||||
|
||||
export `$`
|
||||
|
||||
proc hmac(key, data: openarray[byte]): seq[byte] =
|
||||
count[Hmac[BLAKE2S_256]](key, data).data[0..15].toSeq
|
||||
|
||||
proc mint*[T](key: openarray[byte]; oid: Preserve[T]): SturdyRef[T] =
|
||||
SturdyRef[T](oid: oid, sig: hmacSha256(key, encode(oid), key.len))
|
||||
SturdyRef[T](oid: oid, sig: hmac(key, encode oid))
|
||||
|
||||
proc mint*[T](key: openarray[byte]; oid: T; E = void): SturdyRef[E] =
|
||||
var oidPr = toPreserve(oid, E)
|
||||
SturdyRef[E](oid: oidPr, sig: hmacSha256(key, encode(oidPr), key.len))
|
||||
SturdyRef[E](oid: oidPr, sig: hmac(key, encode oidPr))
|
||||
|
||||
proc mint*(): SturdyRef[Ref] =
|
||||
var key: array[16, byte]
|
||||
|
@ -22,13 +28,13 @@ proc attenuate*[T](r: SturdyRef[T]; caveats: Attenuation): SturdyRef[T] =
|
|||
result = SturdyRef[T](
|
||||
oid: r.oid,
|
||||
caveatChain: r.caveatChain,
|
||||
sig: hmacSha256(r.sig, caveats.encode))
|
||||
sig: hmac(r.sig, encode caveats))
|
||||
result.caveatChain.add caveats
|
||||
|
||||
proc validate*[T](key: openarray[byte]; r: SturdyRef[T]): bool =
|
||||
var sig = hmacSha256(key, r.oid.encode, key.len)
|
||||
var sig = hmac(key, encode r.oid)
|
||||
for a in r.caveatChain:
|
||||
sig = hmacSha256(sig, a.encode)
|
||||
sig = hmac(sig, encode a)
|
||||
r.sig == sig
|
||||
|
||||
when isMainModule:
|
||||
|
|
|
@ -1,43 +0,0 @@
|
|||
# SPDX-FileCopyrightText: 2021 ☭ Emery Hemingway
|
||||
# SPDX-License-Identifier: Unlicense
|
||||
|
||||
import nimSHA2
|
||||
|
||||
proc fillPad(pad: var openarray[byte]; key: openarray[byte]; fillByte: byte) =
|
||||
for i in 0..key.high: pad[i] = fillByte xor key[i].uint8
|
||||
for i in key.len..pad.high: pad[i] = fillByte
|
||||
|
||||
proc hmacSha256*[T:char|byte](key: openarray[byte]; msg: openarray[T]; outLength = 32): seq[byte] =
|
||||
const blockSize = 64
|
||||
assert(outLength <= 32)
|
||||
var
|
||||
hash: SHA256
|
||||
pad: array[blockSize, byte]
|
||||
block:
|
||||
const xorByte = 0x36'u8
|
||||
if key.len < blockSize:
|
||||
fillPad(pad, key, xorByte)
|
||||
else:
|
||||
initSHA(hash)
|
||||
update(hash, key)
|
||||
var keyDigest = final(hash)
|
||||
fillPad(pad, keyDigest, xorByte)
|
||||
initSHA(hash)
|
||||
update(hash, pad)
|
||||
update(hash, msg)
|
||||
var digest = final(hash)
|
||||
block:
|
||||
const xorByte = 0x5c'u8
|
||||
if key.len < blockSize:
|
||||
fillPad(pad, key, xorByte)
|
||||
else:
|
||||
initSHA(hash)
|
||||
update(hash, key)
|
||||
var keyDigest = final(hash)
|
||||
fillPad(pad, keyDigest, xorByte)
|
||||
initSHA(hash)
|
||||
update(hash, pad)
|
||||
update(hash, digest)
|
||||
digest = final(hash)
|
||||
result.setLen(outLength)
|
||||
copyMem(result[0].addr, digest[0].addr, result.len)
|
|
@ -1,6 +1,6 @@
|
|||
# Package
|
||||
|
||||
version = "20230506"
|
||||
version = "20230507"
|
||||
author = "Emery Hemingway"
|
||||
description = "Syndicated actors for conversational concurrency"
|
||||
license = "Unlicense"
|
||||
|
@ -9,4 +9,4 @@ srcDir = "src"
|
|||
|
||||
# Dependencies
|
||||
|
||||
requires "nim >= 1.4.8", "nimSHA2 >= 0.1.1", "preserves >= 20221208", "taps >= 20221119"
|
||||
requires "hashlib", "nim >= 1.4.8", "preserves >= 20221208", "taps >= 20221119"
|
||||
|
|
Loading…
Reference in New Issue