parent
2662f6ad1f
commit
30571cafd2
|
@ -39,11 +39,12 @@ pub(crate) fn sign(
|
||||||
key: &[u8],
|
key: &[u8],
|
||||||
message: &[u8],
|
message: &[u8],
|
||||||
) -> Result<String> {
|
) -> Result<String> {
|
||||||
let key_pair = signature::RsaKeyPair::from_der(key).map_err(|_| ErrorKind::InvalidRsaKey)?;
|
let key_pair = signature::RsaKeyPair::from_der(key)
|
||||||
|
.map_err(|e| ErrorKind::InvalidRsaKey(e.description_()))?;
|
||||||
|
|
||||||
let mut signature = vec![0; key_pair.public_modulus_len()];
|
let mut signature = vec![0; key_pair.public_modulus_len()];
|
||||||
let rng = rand::SystemRandom::new();
|
let rng = rand::SystemRandom::new();
|
||||||
key_pair.sign(alg, &rng, message, &mut signature).map_err(|_| ErrorKind::InvalidRsaKey)?;
|
key_pair.sign(alg, &rng, message, &mut signature).map_err(|_| ErrorKind::RsaFailedSigning)?;
|
||||||
|
|
||||||
Ok(b64_encode(&signature))
|
Ok(b64_encode(&signature))
|
||||||
}
|
}
|
||||||
|
|
|
@ -41,7 +41,9 @@ pub enum ErrorKind {
|
||||||
/// When the secret given is not a valid ECDSA key
|
/// When the secret given is not a valid ECDSA key
|
||||||
InvalidEcdsaKey,
|
InvalidEcdsaKey,
|
||||||
/// When the secret given is not a valid RSA key
|
/// When the secret given is not a valid RSA key
|
||||||
InvalidRsaKey,
|
InvalidRsaKey(&'static str),
|
||||||
|
/// We could not sign with the given key
|
||||||
|
RsaFailedSigning,
|
||||||
/// When the algorithm from string doesn't match the one passed to `from_str`
|
/// When the algorithm from string doesn't match the one passed to `from_str`
|
||||||
InvalidAlgorithmName,
|
InvalidAlgorithmName,
|
||||||
/// When a key is provided with an invalid format
|
/// When a key is provided with an invalid format
|
||||||
|
@ -79,7 +81,8 @@ impl StdError for Error {
|
||||||
ErrorKind::InvalidToken => None,
|
ErrorKind::InvalidToken => None,
|
||||||
ErrorKind::InvalidSignature => None,
|
ErrorKind::InvalidSignature => None,
|
||||||
ErrorKind::InvalidEcdsaKey => None,
|
ErrorKind::InvalidEcdsaKey => None,
|
||||||
ErrorKind::InvalidRsaKey => None,
|
ErrorKind::RsaFailedSigning => None,
|
||||||
|
ErrorKind::InvalidRsaKey(_) => None,
|
||||||
ErrorKind::ExpiredSignature => None,
|
ErrorKind::ExpiredSignature => None,
|
||||||
ErrorKind::InvalidIssuer => None,
|
ErrorKind::InvalidIssuer => None,
|
||||||
ErrorKind::InvalidAudience => None,
|
ErrorKind::InvalidAudience => None,
|
||||||
|
@ -102,8 +105,8 @@ impl fmt::Display for Error {
|
||||||
ErrorKind::InvalidToken
|
ErrorKind::InvalidToken
|
||||||
| ErrorKind::InvalidSignature
|
| ErrorKind::InvalidSignature
|
||||||
| ErrorKind::InvalidEcdsaKey
|
| ErrorKind::InvalidEcdsaKey
|
||||||
| ErrorKind::InvalidRsaKey
|
|
||||||
| ErrorKind::ExpiredSignature
|
| ErrorKind::ExpiredSignature
|
||||||
|
| ErrorKind::RsaFailedSigning
|
||||||
| ErrorKind::InvalidIssuer
|
| ErrorKind::InvalidIssuer
|
||||||
| ErrorKind::InvalidAudience
|
| ErrorKind::InvalidAudience
|
||||||
| ErrorKind::InvalidSubject
|
| ErrorKind::InvalidSubject
|
||||||
|
@ -111,6 +114,7 @@ impl fmt::Display for Error {
|
||||||
| ErrorKind::InvalidAlgorithm
|
| ErrorKind::InvalidAlgorithm
|
||||||
| ErrorKind::InvalidKeyFormat
|
| ErrorKind::InvalidKeyFormat
|
||||||
| ErrorKind::InvalidAlgorithmName => write!(f, "{:?}", self.0),
|
| ErrorKind::InvalidAlgorithmName => write!(f, "{:?}", self.0),
|
||||||
|
ErrorKind::InvalidRsaKey(ref msg) => write!(f, "RSA key invalid: {}", msg),
|
||||||
ErrorKind::Json(ref err) => write!(f, "JSON error: {}", err),
|
ErrorKind::Json(ref err) => write!(f, "JSON error: {}", err),
|
||||||
ErrorKind::Utf8(ref err) => write!(f, "UTF-8 error: {}", err),
|
ErrorKind::Utf8(ref err) => write!(f, "UTF-8 error: {}", err),
|
||||||
ErrorKind::Crypto(ref err) => write!(f, "Crypto error: {}", err),
|
ErrorKind::Crypto(ref err) => write!(f, "Crypto error: {}", err),
|
||||||
|
|
|
@ -18,15 +18,10 @@ fn round_trip_sign_verification_pk8() {
|
||||||
let pubkey = include_bytes!("public_ecdsa_key.pk8");
|
let pubkey = include_bytes!("public_ecdsa_key.pk8");
|
||||||
|
|
||||||
let encrypted =
|
let encrypted =
|
||||||
sign(b"hello world", &EncodingKey::from_ec_der(privkey), Algorithm::ES256)
|
sign(b"hello world", &EncodingKey::from_ec_der(privkey), Algorithm::ES256).unwrap();
|
||||||
|
let is_valid =
|
||||||
|
verify(&encrypted, b"hello world", &DecodingKey::from_ec_der(pubkey), Algorithm::ES256)
|
||||||
.unwrap();
|
.unwrap();
|
||||||
let is_valid = verify(
|
|
||||||
&encrypted,
|
|
||||||
b"hello world",
|
|
||||||
&DecodingKey::from_ec_der(pubkey),
|
|
||||||
Algorithm::ES256,
|
|
||||||
)
|
|
||||||
.unwrap();
|
|
||||||
assert!(is_valid);
|
assert!(is_valid);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -34,12 +29,9 @@ fn round_trip_sign_verification_pk8() {
|
||||||
fn round_trip_sign_verification_pem() {
|
fn round_trip_sign_verification_pem() {
|
||||||
let privkey_pem = include_bytes!("private_ecdsa_key.pem");
|
let privkey_pem = include_bytes!("private_ecdsa_key.pem");
|
||||||
let pubkey_pem = include_bytes!("public_ecdsa_key.pem");
|
let pubkey_pem = include_bytes!("public_ecdsa_key.pem");
|
||||||
let encrypted = sign(
|
let encrypted =
|
||||||
b"hello world",
|
sign(b"hello world", &EncodingKey::from_ec_pem(privkey_pem).unwrap(), Algorithm::ES256)
|
||||||
&EncodingKey::from_ec_pem(privkey_pem).unwrap(),
|
.unwrap();
|
||||||
Algorithm::ES256,
|
|
||||||
)
|
|
||||||
.unwrap();
|
|
||||||
let is_valid = verify(
|
let is_valid = verify(
|
||||||
&encrypted,
|
&encrypted,
|
||||||
b"hello world",
|
b"hello world",
|
||||||
|
|
|
@ -18,15 +18,10 @@ fn round_trip_sign_verification_pk8() {
|
||||||
let pubkey = include_bytes!("public_ed25519_key.pk8");
|
let pubkey = include_bytes!("public_ed25519_key.pk8");
|
||||||
|
|
||||||
let encrypted =
|
let encrypted =
|
||||||
sign(b"hello world", &EncodingKey::from_ed_der(privkey), Algorithm::EdDSA)
|
sign(b"hello world", &EncodingKey::from_ed_der(privkey), Algorithm::EdDSA).unwrap();
|
||||||
|
let is_valid =
|
||||||
|
verify(&encrypted, b"hello world", &DecodingKey::from_ed_der(pubkey), Algorithm::EdDSA)
|
||||||
.unwrap();
|
.unwrap();
|
||||||
let is_valid = verify(
|
|
||||||
&encrypted,
|
|
||||||
b"hello world",
|
|
||||||
&DecodingKey::from_ed_der(pubkey),
|
|
||||||
Algorithm::EdDSA,
|
|
||||||
)
|
|
||||||
.unwrap();
|
|
||||||
assert!(is_valid);
|
assert!(is_valid);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -34,12 +29,9 @@ fn round_trip_sign_verification_pk8() {
|
||||||
fn round_trip_sign_verification_pem() {
|
fn round_trip_sign_verification_pem() {
|
||||||
let privkey_pem = include_bytes!("private_ed25519_key.pem");
|
let privkey_pem = include_bytes!("private_ed25519_key.pem");
|
||||||
let pubkey_pem = include_bytes!("public_ed25519_key.pem");
|
let pubkey_pem = include_bytes!("public_ed25519_key.pem");
|
||||||
let encrypted = sign(
|
let encrypted =
|
||||||
b"hello world",
|
sign(b"hello world", &EncodingKey::from_ed_pem(privkey_pem).unwrap(), Algorithm::EdDSA)
|
||||||
&EncodingKey::from_ed_pem(privkey_pem).unwrap(),
|
.unwrap();
|
||||||
Algorithm::EdDSA,
|
|
||||||
)
|
|
||||||
.unwrap();
|
|
||||||
let is_valid = verify(
|
let is_valid = verify(
|
||||||
&encrypted,
|
&encrypted,
|
||||||
b"hello world",
|
b"hello world",
|
||||||
|
|
|
@ -17,8 +17,7 @@ pub struct Claims {
|
||||||
#[test]
|
#[test]
|
||||||
fn sign_hs256() {
|
fn sign_hs256() {
|
||||||
let result =
|
let result =
|
||||||
sign(b"hello world", &EncodingKey::from_secret(b"secret"), Algorithm::HS256)
|
sign(b"hello world", &EncodingKey::from_secret(b"secret"), Algorithm::HS256).unwrap();
|
||||||
.unwrap();
|
|
||||||
let expected = "c0zGLzKEFWj0VxWuufTXiRMk5tlI5MbGDAYhzaxIYjo";
|
let expected = "c0zGLzKEFWj0VxWuufTXiRMk5tlI5MbGDAYhzaxIYjo";
|
||||||
assert_eq!(result, expected);
|
assert_eq!(result, expected);
|
||||||
}
|
}
|
||||||
|
@ -26,13 +25,8 @@ fn sign_hs256() {
|
||||||
#[test]
|
#[test]
|
||||||
fn verify_hs256() {
|
fn verify_hs256() {
|
||||||
let sig = "c0zGLzKEFWj0VxWuufTXiRMk5tlI5MbGDAYhzaxIYjo";
|
let sig = "c0zGLzKEFWj0VxWuufTXiRMk5tlI5MbGDAYhzaxIYjo";
|
||||||
let valid = verify(
|
let valid = verify(sig, b"hello world", &DecodingKey::from_secret(b"secret"), Algorithm::HS256)
|
||||||
sig,
|
.unwrap();
|
||||||
b"hello world",
|
|
||||||
&DecodingKey::from_secret(b"secret"),
|
|
||||||
Algorithm::HS256,
|
|
||||||
)
|
|
||||||
.unwrap();
|
|
||||||
assert!(valid);
|
assert!(valid);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -28,8 +28,7 @@ fn round_trip_sign_verification_pem_pkcs1() {
|
||||||
|
|
||||||
for &alg in RSA_ALGORITHMS {
|
for &alg in RSA_ALGORITHMS {
|
||||||
let encrypted =
|
let encrypted =
|
||||||
sign(b"hello world", &EncodingKey::from_rsa_pem(privkey_pem).unwrap(), alg)
|
sign(b"hello world", &EncodingKey::from_rsa_pem(privkey_pem).unwrap(), alg).unwrap();
|
||||||
.unwrap();
|
|
||||||
let is_valid = verify(
|
let is_valid = verify(
|
||||||
&encrypted,
|
&encrypted,
|
||||||
b"hello world",
|
b"hello world",
|
||||||
|
@ -48,8 +47,7 @@ fn round_trip_sign_verification_pem_pkcs8() {
|
||||||
|
|
||||||
for &alg in RSA_ALGORITHMS {
|
for &alg in RSA_ALGORITHMS {
|
||||||
let encrypted =
|
let encrypted =
|
||||||
sign(b"hello world", &EncodingKey::from_rsa_pem(privkey_pem).unwrap(), alg)
|
sign(b"hello world", &EncodingKey::from_rsa_pem(privkey_pem).unwrap(), alg).unwrap();
|
||||||
.unwrap();
|
|
||||||
let is_valid = verify(
|
let is_valid = verify(
|
||||||
&encrypted,
|
&encrypted,
|
||||||
b"hello world",
|
b"hello world",
|
||||||
|
@ -67,15 +65,10 @@ fn round_trip_sign_verification_der() {
|
||||||
let pubkey_der = include_bytes!("public_rsa_key.der");
|
let pubkey_der = include_bytes!("public_rsa_key.der");
|
||||||
|
|
||||||
for &alg in RSA_ALGORITHMS {
|
for &alg in RSA_ALGORITHMS {
|
||||||
let encrypted =
|
let encrypted = sign(b"hello world", &EncodingKey::from_rsa_der(privkey_der), alg).unwrap();
|
||||||
sign(b"hello world", &EncodingKey::from_rsa_der(privkey_der), alg).unwrap();
|
let is_valid =
|
||||||
let is_valid = verify(
|
verify(&encrypted, b"hello world", &DecodingKey::from_rsa_der(pubkey_der), alg)
|
||||||
&encrypted,
|
.unwrap();
|
||||||
b"hello world",
|
|
||||||
&DecodingKey::from_rsa_der(pubkey_der),
|
|
||||||
alg,
|
|
||||||
)
|
|
||||||
.unwrap();
|
|
||||||
assert!(is_valid);
|
assert!(is_valid);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue