rust-crypto -> ring
This commit is contained in:
parent
ea5506d8d8
commit
3f986f54a8
|
@ -12,7 +12,7 @@ keywords = ["jwt", "web", "api", "token", "json"]
|
||||||
[dependencies]
|
[dependencies]
|
||||||
rustc-serialize = "0.3"
|
rustc-serialize = "0.3"
|
||||||
clippy = {version = "~0.0.44", optional = true}
|
clippy = {version = "~0.0.44", optional = true}
|
||||||
rust-crypto = "0.2.35"
|
ring = "0.2"
|
||||||
|
|
||||||
[features]
|
[features]
|
||||||
default = []
|
default = []
|
||||||
|
|
33
src/lib.rs
33
src/lib.rs
|
@ -6,16 +6,14 @@
|
||||||
#![cfg_attr(feature = "dev", plugin(clippy))]
|
#![cfg_attr(feature = "dev", plugin(clippy))]
|
||||||
|
|
||||||
extern crate rustc_serialize;
|
extern crate rustc_serialize;
|
||||||
extern crate crypto;
|
extern crate ring;
|
||||||
|
|
||||||
|
use ring::{digest, hmac};
|
||||||
|
use ring::constant_time::verify_slices_are_equal;
|
||||||
|
|
||||||
use rustc_serialize::{json, Encodable, Decodable};
|
use rustc_serialize::{json, Encodable, Decodable};
|
||||||
use rustc_serialize::base64::{self, ToBase64, FromBase64};
|
use rustc_serialize::base64::{self, ToBase64, FromBase64};
|
||||||
use rustc_serialize::json::{ToJson, Json};
|
use rustc_serialize::json::{ToJson, Json};
|
||||||
use crypto::sha2::{Sha256, Sha384, Sha512};
|
|
||||||
use crypto::hmac::Hmac;
|
|
||||||
use crypto::mac::Mac;
|
|
||||||
use crypto::digest::Digest;
|
|
||||||
use crypto::util::fixed_time_eq;
|
|
||||||
|
|
||||||
pub mod errors;
|
pub mod errors;
|
||||||
use errors::Error;
|
use errors::Error;
|
||||||
|
@ -132,22 +130,21 @@ pub struct TokenData<T: Part> {
|
||||||
/// Take the payload of a JWT and sign it using the algorithm given.
|
/// Take the payload of a JWT and sign it using the algorithm given.
|
||||||
/// Returns the base64 url safe encoded of the hmac result
|
/// Returns the base64 url safe encoded of the hmac result
|
||||||
pub fn sign(data: &str, secret: &[u8], algorithm: Algorithm) -> String {
|
pub fn sign(data: &str, secret: &[u8], algorithm: Algorithm) -> String {
|
||||||
fn crypt<D: Digest>(digest: D, data: &str, secret: &[u8]) -> String {
|
let digest = match algorithm {
|
||||||
let mut hmac = Hmac::new(digest, secret);
|
Algorithm::HS256 => &digest::SHA256,
|
||||||
hmac.input(data.as_bytes());
|
Algorithm::HS384 => &digest::SHA384,
|
||||||
hmac.result().code().to_base64(base64::URL_SAFE)
|
Algorithm::HS512 => &digest::SHA512,
|
||||||
}
|
};
|
||||||
|
let key = hmac::SigningKey::new(digest, secret);
|
||||||
match algorithm {
|
hmac::sign(&key, data.as_bytes()).as_ref().to_base64(base64::URL_SAFE)
|
||||||
Algorithm::HS256 => crypt(Sha256::new(), data, secret),
|
|
||||||
Algorithm::HS384 => crypt(Sha384::new(), data, secret),
|
|
||||||
Algorithm::HS512 => crypt(Sha512::new(), data, secret),
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Compares the signature given with a re-computed signature
|
/// Compares the signature given with a re-computed signature
|
||||||
pub fn verify(signature: &str, data: &str, secret: &[u8], algorithm: Algorithm) -> bool {
|
pub fn verify(signature: &str, data: &str, secret: &[u8], algorithm: Algorithm) -> bool {
|
||||||
fixed_time_eq(signature.as_ref(), sign(data, secret, algorithm).as_ref())
|
match verify_slices_are_equal(signature.as_ref(), sign(data, secret, algorithm).as_ref()) {
|
||||||
|
Ok(()) => true,
|
||||||
|
Err(_) => false,
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Encode the claims passed and sign the payload using the algorithm from the header and the secret
|
/// Encode the claims passed and sign the payload using the algorithm from the header and the secret
|
||||||
|
|
Loading…
Reference in New Issue