Stop using padding

This commit is contained in:
Thomas Gideon 2017-02-20 13:05:06 -05:00
parent 8826655201
commit 9df2ac741e
4 changed files with 14 additions and 14 deletions

View file

@ -1,6 +1,6 @@
[package] [package]
name = "medallion" name = "medallion"
version = "1.1.0" version = "1.1.1"
authors = ["Thomas Gideon <cmdln@thecommandline.net>"] authors = ["Thomas Gideon <cmdln@thecommandline.net>"]
description = "JWT library for rust using serde, serde_json and openssl" description = "JWT library for rust using serde, serde_json and openssl"
homepage = "http://github.com/commandline/medallion" homepage = "http://github.com/commandline/medallion"

View file

@ -1,4 +1,4 @@
use base64::{decode_config, encode_config, URL_SAFE}; use base64::{decode_config, encode_config, URL_SAFE_NO_PAD};
use Component; use Component;
use error::Error; use error::Error;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
@ -40,7 +40,7 @@ impl<T: Serialize + Deserialize> Component for Claims<T> {
/// This implementation simply parses the base64 data twice, each time applying it to the /// This implementation simply parses the base64 data twice, each time applying it to the
/// registered and private claims. /// registered and private claims.
fn from_base64(raw: &str) -> Result<Claims<T>> { fn from_base64(raw: &str) -> Result<Claims<T>> {
let data = decode_config(raw, URL_SAFE)?; let data = decode_config(raw, URL_SAFE_NO_PAD)?;
let reg_claims: Registered = serde_json::from_slice(&data)?; let reg_claims: Registered = serde_json::from_slice(&data)?;
let pri_claims: T = serde_json::from_slice(&data)?; let pri_claims: T = serde_json::from_slice(&data)?;
@ -59,7 +59,7 @@ impl<T: Serialize + Deserialize> Component for Claims<T> {
if let Value::Object(pri_map) = serde_json::to_value(&self.private)? { if let Value::Object(pri_map) = serde_json::to_value(&self.private)? {
reg_map.extend(pri_map); reg_map.extend(pri_map);
let s = serde_json::to_string(&reg_map)?; let s = serde_json::to_string(&reg_map)?;
let enc = encode_config((&*s).as_bytes(), URL_SAFE); let enc = encode_config((&*s).as_bytes(), URL_SAFE_NO_PAD);
Ok(enc) Ok(enc)
} else { } else {
Err(Error::Custom("Could not access registered claims.".to_owned())) Err(Error::Custom("Could not access registered claims.".to_owned()))

View file

@ -1,4 +1,4 @@
use base64::{decode_config, encode_config, URL_SAFE}; use base64::{decode_config, encode_config, URL_SAFE_NO_PAD};
use header::Algorithm; use header::Algorithm;
use openssl::hash::MessageDigest; use openssl::hash::MessageDigest;
use openssl::memcmp; use openssl::memcmp;
@ -36,7 +36,7 @@ fn sign_hmac(data: &str, key: &[u8], digest: MessageDigest) -> Result<String> {
signer.update(data.as_bytes())?; signer.update(data.as_bytes())?;
let mac = signer.finish()?; let mac = signer.finish()?;
Ok(encode_config(&mac, URL_SAFE)) Ok(encode_config(&mac, URL_SAFE_NO_PAD))
} }
fn sign_rsa(data: &str, key: &[u8], digest: MessageDigest) -> Result<String> { fn sign_rsa(data: &str, key: &[u8], digest: MessageDigest) -> Result<String> {
@ -46,11 +46,11 @@ fn sign_rsa(data: &str, key: &[u8], digest: MessageDigest) -> Result<String> {
let mut signer = Signer::new(digest, &pkey)?; let mut signer = Signer::new(digest, &pkey)?;
signer.update(data.as_bytes())?; signer.update(data.as_bytes())?;
let sig = signer.finish()?; let sig = signer.finish()?;
Ok(encode_config(&sig, URL_SAFE)) Ok(encode_config(&sig, URL_SAFE_NO_PAD))
} }
fn verify_hmac(target: &str, data: &str, key: &[u8], digest: MessageDigest) -> Result<bool> { fn verify_hmac(target: &str, data: &str, key: &[u8], digest: MessageDigest) -> Result<bool> {
let target_bytes: Vec<u8> = decode_config(target, URL_SAFE)?; let target_bytes: Vec<u8> = decode_config(target, URL_SAFE_NO_PAD)?;
let secret_key = PKey::hmac(key)?; let secret_key = PKey::hmac(key)?;
let mut signer = Signer::new(digest, &secret_key)?; let mut signer = Signer::new(digest, &secret_key)?;
@ -62,7 +62,7 @@ fn verify_hmac(target: &str, data: &str, key: &[u8], digest: MessageDigest) -> R
} }
fn verify_rsa(signature: &str, data: &str, key: &[u8], digest: MessageDigest) -> Result<bool> { fn verify_rsa(signature: &str, data: &str, key: &[u8], digest: MessageDigest) -> Result<bool> {
let signature_bytes: Vec<u8> = decode_config(signature, URL_SAFE)?; let signature_bytes: Vec<u8> = decode_config(signature, URL_SAFE_NO_PAD)?;
let public_key = Rsa::public_key_from_pem(key)?; let public_key = Rsa::public_key_from_pem(key)?;
let pkey = PKey::from_rsa(public_key)?; let pkey = PKey::from_rsa(public_key)?;
let mut verifier = Verifier::new(digest, &pkey)?; let mut verifier = Verifier::new(digest, &pkey)?;
@ -84,7 +84,7 @@ pub mod tests {
pub fn sign_data_hmac() { pub fn sign_data_hmac() {
let header = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9"; let header = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9";
let claims = "eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9"; let claims = "eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9";
let real_sig = "TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ="; let real_sig = "TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ";
let data = format!("{}.{}", header, claims); let data = format!("{}.{}", header, claims);
let sig = sign(&*data, "secret".as_bytes(), &Algorithm::HS256); let sig = sign(&*data, "secret".as_bytes(), &Algorithm::HS256);
@ -96,7 +96,7 @@ pub mod tests {
pub fn sign_data_rsa() { pub fn sign_data_rsa() {
let header = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9"; let header = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9";
let claims = "eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9"; let claims = "eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9";
let real_sig = "nXdpIkFQYZXZ0VlJjHmAc5_aewHCCJpT5jP1fpexUCF_9m3NxlC7uYNXAl6NKno520oh9wVT4VV_vmPeEin7BnnoIJNPcImWcUzkYpLTrDBntiF9HCuqFaniuEVzlf8dVlRJgo8QxhmUZEjyDFjPZXZxPlPV1LD6hrtItxMKZbh1qoNY3OL7Mwo-WuSRQ0mmKj-_y3weAmx_9EaTLY639uD8-o5iZxIIf85U4e55Wdp-C9FJ4RxyHpjgoG8p87IbChfleSdWcZL3NZuxjRCHVWgS1uYG0I-LqBWpWyXnJ1zk6-w4tfxOYpZFMOIyq4tY2mxJQ78Kvcu8bTO7UdI7iA=="; let real_sig = "nXdpIkFQYZXZ0VlJjHmAc5_aewHCCJpT5jP1fpexUCF_9m3NxlC7uYNXAl6NKno520oh9wVT4VV_vmPeEin7BnnoIJNPcImWcUzkYpLTrDBntiF9HCuqFaniuEVzlf8dVlRJgo8QxhmUZEjyDFjPZXZxPlPV1LD6hrtItxMKZbh1qoNY3OL7Mwo-WuSRQ0mmKj-_y3weAmx_9EaTLY639uD8-o5iZxIIf85U4e55Wdp-C9FJ4RxyHpjgoG8p87IbChfleSdWcZL3NZuxjRCHVWgS1uYG0I-LqBWpWyXnJ1zk6-w4tfxOYpZFMOIyq4tY2mxJQ78Kvcu8bTO7UdI7iA";
let data = format!("{}.{}", header, claims); let data = format!("{}.{}", header, claims);
let key = load_pem("./examples/privateKey.pem").unwrap(); let key = load_pem("./examples/privateKey.pem").unwrap();

View file

@ -8,7 +8,7 @@ extern crate serde;
extern crate serde_derive; extern crate serde_derive;
extern crate serde_json; extern crate serde_json;
use base64::{decode_config, encode_config, URL_SAFE}; use base64::{decode_config, encode_config, URL_SAFE_NO_PAD};
use serde::{Serialize, Deserialize}; use serde::{Serialize, Deserialize};
pub use error::Error; pub use error::Error;
pub use header::DefaultHeader; pub use header::DefaultHeader;
@ -50,7 +50,7 @@ impl<T> Component for T
/// Parse from a string. /// Parse from a string.
fn from_base64(raw: &str) -> Result<T> { fn from_base64(raw: &str) -> Result<T> {
let data = decode_config(raw, URL_SAFE)?; let data = decode_config(raw, URL_SAFE_NO_PAD)?;
let s = String::from_utf8(data)?; let s = String::from_utf8(data)?;
Ok(serde_json::from_str(&*s)?) Ok(serde_json::from_str(&*s)?)
} }
@ -58,7 +58,7 @@ impl<T> Component for T
/// Encode to a string. /// Encode to a string.
fn to_base64(&self) -> Result<String> { fn to_base64(&self) -> Result<String> {
let s = serde_json::to_string(&self)?; let s = serde_json::to_string(&self)?;
let enc = encode_config((&*s).as_bytes(), URL_SAFE); let enc = encode_config((&*s).as_bytes(), URL_SAFE_NO_PAD);
Ok(enc) Ok(enc)
} }
} }