michael/jsonwebtoken
michael
/
jsonwebtoken
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add sha384 and sha512 

Thanks to irc user durka42
This commit is contained in:
Vincent Prouillet 2015-11-02 22:34:20 +00:00
parent b3663e90c6
commit 61bbe889f2
2 changed files with 19 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -28,13 +28,13 @@ In addition to the normal base64/json decoding errors, `decode` can return two c
- **WrongAlgorithmHeader**: if the alg in the header doesn't match the one given to decode - **WrongAlgorithmHeader**: if the alg in the header doesn't match the one given to decode
## Algorithms ## Algorithms
Right now, only SHA256 is supported. Right now, only SHA family is supported: SHA256, SHA384 and SHA512.
## Missing ## Missing
The header is currently not customisable and therefore does not support things like kid right now. The header is currently not customisable and therefore does not support things like kid right now.
## Performance ## Performance
On my thinkpad 440s for a 2 claims struct: On my thinkpad 440s for a 2 claims struct using SHA256:
``` ```
test bench_decode ... bench: 7,106 ns/iter (+/- 5,354) test bench_decode ... bench: 7,106 ns/iter (+/- 5,354)

25
src/lib.rs
View File

@ -10,7 +10,7 @@ extern crate crypto;
use rustc_serialize::{json, Encodable, Decodable}; use rustc_serialize::{json, Encodable, Decodable};
use rustc_serialize::base64::{self, ToBase64, FromBase64}; use rustc_serialize::base64::{self, ToBase64, FromBase64};
use crypto::sha2::Sha256; use crypto::sha2::{Sha256, Sha384, Sha512};
use crypto::hmac::Hmac; use crypto::hmac::Hmac;
use crypto::mac::Mac; use crypto::mac::Mac;
use crypto::digest::Digest; use crypto::digest::Digest;
@ -18,16 +18,20 @@ use crypto::digest::Digest;
pub mod errors; pub mod errors;
use errors::Error; use errors::Error;
#[derive(Debug, Copy, Clone)] #[derive(Debug, Copy, Clone, RustcDecodable, RustcEncodable)]
/// The algorithms supported for signing, so far only Hmac Sha256 /// The algorithms supported for signing, so far only Hmac Sha256
pub enum Algorithm { pub enum Algorithm {
HS256, HS256,
HS384,
HS512
} }
impl ToString for Algorithm { impl ToString for Algorithm {
fn to_string(&self) -> String { fn to_string(&self) -> String {
match *self { match *self {
Algorithm::HS256 => "HS256".to_owned(), Algorithm::HS256 => "HS256".to_owned(),
Algorithm::HS384 => "HS384".to_owned(),
Algorithm::HS512 => "HS512".to_owned(),
} }
} }
} }
@ -72,12 +76,17 @@ impl Header {
/// Take the payload of a JWT and sign it using the algorithm given. /// Take the payload of a JWT and sign it using the algorithm given.
/// Returns the base64 url safe encoded of the hmac result /// Returns the base64 url safe encoded of the hmac result
fn sign(data: &str, secret: &[u8], algorithm: Algorithm) -> String { fn sign(data: &str, secret: &[u8], algorithm: Algorithm) -> String {
let digest = match algorithm { fn crypt<D: Digest>(digest: D, data: &str, secret: &[u8]) -> String {
Algorithm::HS256 => Sha256::new(), let mut hmac = Hmac::new(digest, secret);
}; hmac.input(data.as_bytes());
let mut hmac = Hmac::new(digest, secret); hmac.result().code().to_base64(base64::URL_SAFE)
hmac.input(data.as_bytes()); }
hmac.result().code().to_base64(base64::URL_SAFE)
match algorithm {
Algorithm::HS256 => crypt(Sha256::new(), data, secret),
Algorithm::HS384 => crypt(Sha384::new(), data, secret),
Algorithm::HS512 => crypt(Sha512::new(), data, secret),
}
} }
/// Compares the signature given with a re-computed signature /// Compares the signature given with a re-computed signature