michael/jsonwebtoken
michael
/
jsonwebtoken
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Use constant time comparison for hmacs, see MacResult::code for warning

This commit is contained in:
Kevin Butler 2015-11-05 17:45:43 +00:00
parent 6138bf3dce
commit 486c4a87f9
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/lib.rs
View File

@ -14,6 +14,7 @@ use crypto::sha2::{Sha256, Sha384, Sha512};
use crypto::hmac::Hmac;
use crypto::mac::Mac;
use crypto::digest::Digest;
use crypto::util::fixed_time_eq;
pub mod errors;
use errors::Error;
@ -81,7 +82,7 @@ fn sign(data: &str, secret: &[u8], algorithm: Algorithm) -> String {
/// Compares the signature given with a re-computed signature
fn verify(signature: &str, data: &str, secret: &[u8], algorithm: Algorithm) -> bool {
signature == sign(data, secret, algorithm)
fixed_time_eq(signature.as_ref(), sign(data, secret, algorithm).as_ref())
}
/// Encode the claims passed and sign the payload using the algorithm and the secret