parent
b3663e90c6
commit
61bbe889f2
|
@ -28,13 +28,13 @@ In addition to the normal base64/json decoding errors, `decode` can return two c
|
||||||
- **WrongAlgorithmHeader**: if the alg in the header doesn't match the one given to decode
|
- **WrongAlgorithmHeader**: if the alg in the header doesn't match the one given to decode
|
||||||
|
|
||||||
## Algorithms
|
## Algorithms
|
||||||
Right now, only SHA256 is supported.
|
Right now, only SHA family is supported: SHA256, SHA384 and SHA512.
|
||||||
|
|
||||||
## Missing
|
## Missing
|
||||||
The header is currently not customisable and therefore does not support things like kid right now.
|
The header is currently not customisable and therefore does not support things like kid right now.
|
||||||
|
|
||||||
## Performance
|
## Performance
|
||||||
On my thinkpad 440s for a 2 claims struct:
|
On my thinkpad 440s for a 2 claims struct using SHA256:
|
||||||
|
|
||||||
```
|
```
|
||||||
test bench_decode ... bench: 7,106 ns/iter (+/- 5,354)
|
test bench_decode ... bench: 7,106 ns/iter (+/- 5,354)
|
||||||
|
|
25
src/lib.rs
25
src/lib.rs
|
@ -10,7 +10,7 @@ extern crate crypto;
|
||||||
|
|
||||||
use rustc_serialize::{json, Encodable, Decodable};
|
use rustc_serialize::{json, Encodable, Decodable};
|
||||||
use rustc_serialize::base64::{self, ToBase64, FromBase64};
|
use rustc_serialize::base64::{self, ToBase64, FromBase64};
|
||||||
use crypto::sha2::Sha256;
|
use crypto::sha2::{Sha256, Sha384, Sha512};
|
||||||
use crypto::hmac::Hmac;
|
use crypto::hmac::Hmac;
|
||||||
use crypto::mac::Mac;
|
use crypto::mac::Mac;
|
||||||
use crypto::digest::Digest;
|
use crypto::digest::Digest;
|
||||||
|
@ -18,16 +18,20 @@ use crypto::digest::Digest;
|
||||||
pub mod errors;
|
pub mod errors;
|
||||||
use errors::Error;
|
use errors::Error;
|
||||||
|
|
||||||
#[derive(Debug, Copy, Clone)]
|
#[derive(Debug, Copy, Clone, RustcDecodable, RustcEncodable)]
|
||||||
/// The algorithms supported for signing, so far only Hmac Sha256
|
/// The algorithms supported for signing, so far only Hmac Sha256
|
||||||
pub enum Algorithm {
|
pub enum Algorithm {
|
||||||
HS256,
|
HS256,
|
||||||
|
HS384,
|
||||||
|
HS512
|
||||||
}
|
}
|
||||||
|
|
||||||
impl ToString for Algorithm {
|
impl ToString for Algorithm {
|
||||||
fn to_string(&self) -> String {
|
fn to_string(&self) -> String {
|
||||||
match *self {
|
match *self {
|
||||||
Algorithm::HS256 => "HS256".to_owned(),
|
Algorithm::HS256 => "HS256".to_owned(),
|
||||||
|
Algorithm::HS384 => "HS384".to_owned(),
|
||||||
|
Algorithm::HS512 => "HS512".to_owned(),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -72,12 +76,17 @@ impl Header {
|
||||||
/// Take the payload of a JWT and sign it using the algorithm given.
|
/// Take the payload of a JWT and sign it using the algorithm given.
|
||||||
/// Returns the base64 url safe encoded of the hmac result
|
/// Returns the base64 url safe encoded of the hmac result
|
||||||
fn sign(data: &str, secret: &[u8], algorithm: Algorithm) -> String {
|
fn sign(data: &str, secret: &[u8], algorithm: Algorithm) -> String {
|
||||||
let digest = match algorithm {
|
fn crypt<D: Digest>(digest: D, data: &str, secret: &[u8]) -> String {
|
||||||
Algorithm::HS256 => Sha256::new(),
|
let mut hmac = Hmac::new(digest, secret);
|
||||||
};
|
hmac.input(data.as_bytes());
|
||||||
let mut hmac = Hmac::new(digest, secret);
|
hmac.result().code().to_base64(base64::URL_SAFE)
|
||||||
hmac.input(data.as_bytes());
|
}
|
||||||
hmac.result().code().to_base64(base64::URL_SAFE)
|
|
||||||
|
match algorithm {
|
||||||
|
Algorithm::HS256 => crypt(Sha256::new(), data, secret),
|
||||||
|
Algorithm::HS384 => crypt(Sha384::new(), data, secret),
|
||||||
|
Algorithm::HS512 => crypt(Sha512::new(), data, secret),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Compares the signature given with a re-computed signature
|
/// Compares the signature given with a re-computed signature
|
||||||
|
|
Loading…
Reference in New Issue