RSA working

CHANGELOG.md

@@ -0,0 +1,19 @@
+# Changelog
+
+## 2.0.0 (unreleased)
+
+- Use Serde instead of rustc_serialize
+- Add RSA support
+- Change API, see README for new usage
+
+## Previous
+
+- 1.1.7: update ring
+- 1.1.6: update ring
+- 1.1.5: update ring version
+- 1.1.4: use ring instead of rust-crypto
+- 1.1.3: Make sign and verify public
+- 1.1.2: Update rust-crypto to 0.2.35
+- 1.1.1: Don't serialize empty fields in header
+- 1.1.0: Impl Error for jsonwebtoken errors
+- 1.0: Initial release

README.md

@@ -69,15 +69,3 @@ On my thinkpad 440s for a 2 claims struct using HMAC SHA256:
 test bench_decode ... bench:       4,947 ns/iter (+/- 611)
 test bench_encode ... bench:       3,301 ns/iter (+/- 465)
 ```
-
-## Changelog
-
-- 1.1.7: update ring
-- 1.1.6: update ring
-- 1.1.5: update ring version
-- 1.1.4: use ring instead of rust-crypto
-- 1.1.3: Make sign and verify public
-- 1.1.2: Update rust-crypto to 0.2.35
-- 1.1.1: Don't serialize empty fields in header
-- 1.1.0: Impl Error for jsonwebtoken errors
-- 1.0: Initial release

src/crypto.rs

@@ -102,12 +102,17 @@ pub fn verify(signature: &str, signing_input: &str, key: &[u8], algorithm: Algor
                 _ => unreachable!(),
             };
             let signature_bytes = base64::decode_config(signature, base64::URL_SAFE_NO_PAD)?;
+            let public_key_der = untrusted::Input::from(key);
+            let message = untrusted::Input::from(signing_input.as_bytes());
+            let expected_signature = untrusted::Input::from(signature_bytes.as_slice());
+
             let res = signature::verify(
                 verification_alg,
-                untrusted::Input::from(key),
-                untrusted::Input::from(signing_input.as_bytes()),
-                untrusted::Input::from(signature_bytes.as_slice()),
+                public_key_der,
+                message,
+                expected_signature,
             );
+            println!("{:?}", res);
 
             Ok(res.is_ok())
         },

src/header.rs

@@ -3,14 +3,18 @@ use crypto::Algorithm;
 
 /// A basic JWT header, the alg defaults to HS256 and typ is automatically
 /// set to `JWT`. All the other fields are optional
-#[derive(Debug, PartialEq, Serialize, Deserialize)]
+#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
 pub struct Header {
     typ: String,
     pub alg: Algorithm,
+    #[serde(skip_serializing_if = "Option::is_none")]
     pub jku: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
     pub kid: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
     pub x5u: Option<String>,
-    pub x5t: Option<String>
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub x5t: Option<String>,
 }
 
 impl Header {

tests/notes.md

@@ -17,3 +17,6 @@ Same as PEM but replace `PEM` by `DER`.
 
 ## Converting private DER to PEM
 `openssl rsa -in private_rsa_key.der -inform DER -outform PEM -out private_rsa_key.pem`
+
+## Generating public key
+`openssl rsa -in private_rsa_key.der -inform DER -RSAPublicKey_out -outform DER -out public_key.der`

tests/rsa.rs

@@ -11,12 +11,12 @@ struct Claims {
     company: String
 }
 
-//#[test]
-//fn round_trip_sign_verification() {
-//    let encrypted = sign("hello world", include_bytes!("private_rsa_key.der"), Algorithm::RS256).unwrap();
-//    let is_valid = verify(&encrypted, "hello world", include_bytes!("public_rsa_key.der"), Algorithm::RS256).unwrap();
-//    assert!(is_valid);
-//}
+#[test]
+fn round_trip_sign_verification() {
+    let encrypted = sign("hello world", include_bytes!("private_rsa_key.der"), Algorithm::RS256).unwrap();
+    let is_valid = verify(&encrypted, "hello world", include_bytes!("public_rsa_key.der"), Algorithm::RS256).unwrap();
+    assert!(is_valid);
+}
 
 
 #[test]