1
  
2
  
3
  
4
  
5
  
6
  
7
  
8
  
9
  
10
  
11
  
12
  
13
  
14
  
15
  
16
  
17
  
18
  
19
  
20
  
21
  
22
  
23
  
24
  
25
  
26
  
27
  
28
  
29
  
30
  
31
  
32
  
33
  
34
  
35
  
36
  
37
  
38
  
39
  
40
  
41
  
42
  
43
  
44
  
45
  
46
  
47
  
48
  
49
  
50
  
51
  
52
  
53
  
54
  
55
  
56
  
57
  
58
  
59
  
60
  
61
  
62
  
63
  
64
  
65
  
66
  
67
  
68
  
69
  
70
  
71
  
72
  
73
  
74
  
75
  
76
  
77
  
78
  
79
  
80
  
81
  
82
  
83
  
84
  
85
  
86
  
87
  
88
  
89
  
90
  
91
  
92
  
93
  
94
  
95
  
96
  
97
  
98
  
99
  
100
  
101
  
102
  
103
  
104
  
105
  
106
  
107
  
108
  
109
  
110
  
111
  
112
  
113
  
114
  
115
  
116
  
117
  
118
  
119
  
120
  
121
  
122
  
123
  
124
  
125
  
126
  
127
  
128
  
129
  
130
  
131
  
132
  
133
  
134
  
#pike __REAL_VERSION__ 
#pragma strict_types 
 
//! Base class for Message Authentication Codes (MAC)s. 
//! 
//! These are hashes that have been extended with a secret key. 
 
inherit .__Hash; 
 
//! Returns the recomended size of the key. 
int(0..) key_size(); 
 
//! Returns the size of the iv/nonce (if any). 
//! 
//! Some MACs like eg @[Crypto.SHA1.HMAC] have fixed ivs, 
//! in which case this function will return @expr{0@}. 
int(0..) iv_size(); 
 
//! JWS algorithm id (if any). 
//! Overloaded by the actual implementations. 
//! 
//! @note 
//!   Never access this value directly. Use @[jwa()]. 
//! 
//! @seealso 
//!   @[jwa()] 
protected constant mac_jwa_id = ""; 
 
//! JWS algorithm identifier (if any, otherwise @expr{0@}). 
//! 
//! @seealso 
//!   @rfc{7518:3.1@} 
string(7bit) jwa() 
{ 
  return (mac_jwa_id != "") && [string(7bit)]mac_jwa_id; 
} 
 
//! The state for the MAC. 
class State 
{ 
  inherit ::this_program; 
 
  //! @param key 
  //!   The secret key for the hash. 
  protected void create(string key); 
 
  //! Returns the recomended size of the key. 
  int(0..) key_size() 
  { 
    return global::key_size(); 
  } 
 
  //! Returns the size of the iv/nonce (if any). 
  //! 
  //! Some MACs like eg @[Crypto.SHA1.HMAC] have fixed ivs, 
  //! in which case this function will return @expr{0@}. 
  int(0..) iv_size() 
  { 
    return global::iv_size(); 
  } 
 
  //! Signs the @[message] with a JOSE JWS MAC signature. 
  //! 
  //! @param message 
  //!   Message to sign. 
  //! 
  //! @param headers 
  //!   JOSE headers to use. Typically a mapping with a single element 
  //!   @expr{"typ"@}. 
  //! 
  //! @returns 
  //!   Returns the signature on success, and @expr{0@} (zero) 
  //!   on failure (typically that JOSE doesn't support this MAC). 
  //! 
  //! @seealso 
  //!   @[jose_decode()], @rfc{7515@} 
  string(7bit) jose_sign(string(8bit) message, 
                         mapping(string(7bit):string(7bit)|int)|void headers) 
  { 
    string(7bit) alg = jwa(); 
    if (!alg) return 0; 
    headers = headers || ([]); 
    headers += ([ "alg": alg ]); 
    string(7bit) tbs = 
      sprintf("%s.%s", 
              [string(7bit)]Pike.Lazy.MIME.encode_base64url(string_to_utf8([string]Pike.Lazy.Standards.JSON.encode(headers))), 
              [string(7bit)]Pike.Lazy.MIME.encode_base64url(message)); 
    init(tbs); 
    string(8bit) raw = digest(); 
    return sprintf("%s.%s", tbs, [string(7bit)]Pike.Lazy.MIME.encode_base64url(raw)); 
  } 
 
  //! Verify and decode a JOSE JWS MAC signed value. 
  //! 
  //! @param jws 
  //!   A JSON Web Signature as returned by @[jose_sign()]. 
  //! 
  //! @returns 
  //!   Returns @expr{0@} (zero) on failure, and an array 
  //!   @array 
  //!     @elem mapping(string(7bit):string(7bit)|int) 0 
  //!       The JOSE header. 
  //!     @elem string(8bit) 1 
  //!       The signed message. 
  //!   @endarray 
  //!   on success. 
  //! 
  //! @seealso 
  //!   @[jose_sign()], @rfc{7515:3.5@} 
  array(mapping(string(7bit): 
                string(7bit)|int)|string(8bit)) jose_decode(string(7bit) jws) 
  { 
    string(7bit) alg = jwa(); 
    if (!alg) return 0; 
    array(string(7bit)) segments = [array(string(7bit))](jws/"."); 
    if (sizeof(segments) != 3) return 0; 
    mapping(string(7bit):string(7bit)|int) headers; 
    catch { 
      headers = [mapping(string(7bit):string(7bit)|int)](mixed) 
        Pike.Lazy.Standards.JSON.decode(utf8_to_string([string(8bit)]Pike.Lazy.MIME.decode_base64url(segments[0]))); 
      if (!mappingp(headers)) return 0; 
      if (headers->alg != alg) return 0; 
      string(7bit) tbs = sprintf("%s.%s", segments[0], segments[1]); 
      init(tbs); 
      string(8bit) raw = digest(); 
      if (Pike.Lazy.MIME.encode_base64url(raw) == segments[2]) { 
        return ({ headers, [string(8bit)]Pike.Lazy.MIME.decode_base64url(segments[1]) }); 
      } 
    }; 
    return 0; 
  } 
}