Truncate output of hmac-sha256 correctly

2021-06-08 09:28:48 +02:00 · 2021-06-08 09:28:48 +02:00 · e7153b9c6a
parent c18a2b2652
commit e7153b9c6a
1 changed files with 7 additions and 4 deletions
--- a/syndicate/sturdy.rkt
+++ b/syndicate/sturdy.rkt
@ -44,21 +44,24 @@
                   #:read-syntax? #f
                   #:decode-embedded embedded-not-allowed))

+(define (signature key data)
+  (subbytes (hmac-sha256 key data) 0 KEY_LENGTH))
+
 (define (mint oid key)
-  (SturdyRef oid '() (hmac-sha256 key (sturdy-encode oid))))
+  (SturdyRef oid '() (signature key (sturdy-encode oid))))

 (define (attenuate-sturdy r . attenuation)
  (match-define (SturdyRef oid caveatChain sig) r)
  (SturdyRef oid
             (append caveatChain (list attenuation))
-             (hmac-sha256 sig (sturdy-encode (Attenuation->preserves attenuation)))))
+             (signature sig (sturdy-encode (Attenuation->preserves attenuation)))))

 (define (SturdyRef-valid? r key)
  (match-define (SturdyRef oid caveatChain actual-sig) r)
  (define expected-sig
-    (for/fold [(sig (hmac-sha256 key (sturdy-encode oid)))]
+    (for/fold [(sig (signature key (sturdy-encode oid)))]
              [(attenuation (in-list caveatChain))]
-      (hmac-sha256 sig (sturdy-encode (Attenuation->preserves attenuation)))))
+      (signature sig (sturdy-encode (Attenuation->preserves attenuation)))))
  (equal? expected-sig actual-sig))

 (define (validate r key)