From e7153b9c6a407b55acd31172ca09137dbe7e65e2 Mon Sep 17 00:00:00 2001
From: Tony Garnock-Jones <tonyg@leastfixedpoint.com>
Date: Tue, 8 Jun 2021 09:28:48 +0200
Subject: [PATCH] Truncate output of hmac-sha256 correctly

---
 syndicate/sturdy.rkt | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/syndicate/sturdy.rkt b/syndicate/sturdy.rkt
index c0b9759..61b23ab 100644
--- a/syndicate/sturdy.rkt
+++ b/syndicate/sturdy.rkt
@@ -44,21 +44,24 @@
                    #:read-syntax? #f
                    #:decode-embedded embedded-not-allowed))
 
+(define (signature key data)
+  (subbytes (hmac-sha256 key data) 0 KEY_LENGTH))
+
 (define (mint oid key)
-  (SturdyRef oid '() (hmac-sha256 key (sturdy-encode oid))))
+  (SturdyRef oid '() (signature key (sturdy-encode oid))))
 
 (define (attenuate-sturdy r . attenuation)
   (match-define (SturdyRef oid caveatChain sig) r)
   (SturdyRef oid
              (append caveatChain (list attenuation))
-             (hmac-sha256 sig (sturdy-encode (Attenuation->preserves attenuation)))))
+             (signature sig (sturdy-encode (Attenuation->preserves attenuation)))))
 
 (define (SturdyRef-valid? r key)
   (match-define (SturdyRef oid caveatChain actual-sig) r)
   (define expected-sig
-    (for/fold [(sig (hmac-sha256 key (sturdy-encode oid)))]
+    (for/fold [(sig (signature key (sturdy-encode oid)))]
               [(attenuation (in-list caveatChain))]
-      (hmac-sha256 sig (sturdy-encode (Attenuation->preserves attenuation)))))
+      (signature sig (sturdy-encode (Attenuation->preserves attenuation)))))
   (equal? expected-sig actual-sig))
 
 (define (validate r key)