1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
mod local_prelude {
pub use crate::{
algo::{
cipher::{aes256::ctr::Algo as AES256_CTR, symmetric as symm},
hash::{
asymmetric::{Algo as AsymmHashAlgo, KeyPair as AsymmHashKeyPair},
rsa::pss_sha384_mgf1_65537::{Algo as RSA, KeyPair as RSAKey},
},
key_deriv::hkdf::sha384::Algo as HKDF_SHA384,
Algo as A, Key as K, SafeGenerateKey,
},
encoding::base64::{decode_no_padding as b64_decode, encode_no_padding as b64_encode},
token::paseto::{
collapse_to_vec, multi_part_pre_auth_encoding, token,
v1::{
nonce::{Nonce, Randomness},
public::{error::Error, HEADER},
},
KnownClaims,
},
BoolToResult,
};
pub use serde::{de::DeserializeOwned, Deserialize, Serialize};
pub use serde_json as json;
pub use std::{convert::TryFrom, ops::Deref, str};
}
use self::{decryption::VerifiedToken, encryption::SignedToken, local_prelude::*};
mod decryption;
mod encryption;
mod error;
pub const VERSION: &'static str = "v1";
pub const PURPOSE: &'static str = "public";
pub const HEADER: token::Header = token::Header::new(VERSION.as_bytes(), PURPOSE.as_bytes());
impl token::SerializedData {
fn v1_public_sign(self, key: &RSAKey) -> Result<SignedToken, Error> {
SignedToken::try_from((self, key))
}
}
impl token::Unpacked {
fn v1_public_verify(self, key: &RSAKey) -> Result<VerifiedToken, Error> {
self.verify_header(HEADER).ok_or(Error::Unpacking)?;
VerifiedToken::try_from((self, key))
}
}
pub fn encrypt<T, F>(
tok: token::Data<T, F>,
private_key: &RSAKey,
) -> Result<token::Packed, error::Error>
where
T: Serialize,
F: Serialize,
{
Ok(tok
.serialize()?
.v1_public_sign(private_key)?
.canonicalize()
.pack())
}
pub fn decrypt<T, F>(
tok: token::Packed,
key: &RSAKey,
) -> Result<token::Data<T, F>, error::Error>
where
T: DeserializeOwned,
F: DeserializeOwned,
{
Ok(tok
.unpack()?
.v1_public_verify(key)?
.canonicalize()
.deserialize()?)
}
#[cfg(test)]
mod unit_tests {
use super::*;
use crate::algo::SafeGenerateKey;
#[test]
fn v1_public_cycle() {
let orig = token::Data {
msg: "hello".to_owned(),
footer: Some("weird thing".to_owned()),
};
let beginning = orig.clone();
let key = RSAKey::generate(&()).unwrap();
let encrypted_tok = encrypt(beginning, &key).unwrap();
let decrypted_tok: token::Data<String, String> = decrypt(encrypted_tok, &key).unwrap();
assert_eq!(orig, decrypted_tok);
}
}