bundy/
lib.rs

1#![warn(missing_docs)]
2#![warn(unused_extern_crates)]
3#![deny(warnings)]
4#![deny(clippy::unwrap_used)]
5#![deny(clippy::expect_used)]
6#![deny(clippy::panic)]
7#![deny(clippy::unreachable)]
8#![deny(clippy::await_holding_lock)]
9#![deny(clippy::needless_pass_by_value)]
10#![deny(clippy::trivially_copy_pass_by_ref)]
11
12//! Bundy provides the ability to sign and verify pieces of serialisable data in a way
13//! that makes misusing it difficult. It is heavily inspired by `Fernet`. These transparent
14//! data can be then inspected by clients for their content, while a server may verify that
15//! they have not been tampered with.
16
17#[macro_use]
18extern crate serde_derive;
19
20pub mod error;
21pub mod hs512;
22
23use crate::error::BundyError;
24use serde::de::DeserializeOwned;
25
26/// The algorithm used to create this data. This should NOT be trusted to be
27/// correct, and only serves as a hint for the server for which algorithm may
28/// be used.
29#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
30#[serde(rename_all = "lowercase")]
31pub enum Algo {
32    /// Hmac with SHA512
33    HS512,
34}
35
36/// A data package. This contains the algorithm, signature (in base64) and data (base64 json).
37#[derive(Clone, Debug, Serialize, Deserialize)]
38#[serde(rename_all = "lowercase", deny_unknown_fields)]
39pub struct Data {
40    /// Algorithm in use to sign this data.
41    algo: Algo,
42    /// The base64 signature over data.
43    sig: String,
44    /// The base64 json.
45    data: String,
46}
47
48impl Data {
49    /// This allows a client to parse the content of a `Data` without the need to verify it's
50    /// authenticity i.e. in the case an HMAC is used.
51    ///
52    /// # Safety
53    /// This function is declared unsafe, as it allows a `Data` to be deserilised bypassing
54    /// verification. You MUST understand the implications of using this function, and limit
55    /// it to situations where verification is NOT required. Incorrect use of this function
56    /// MAY cause security vulnerabilities in your application.
57    pub unsafe fn parse_without_verification<T: DeserializeOwned>(
58        input: &str,
59    ) -> Result<T, BundyError> {
60        let r_data = base64::decode_config(input, base64::URL_SAFE).map_err(|e| {
61            log::error!("{:?}", e);
62            BundyError::Base64
63        })?;
64
65        let Data {
66            algo: _,
67            sig: _,
68            data,
69        } = serde_json::from_slice(&r_data).map_err(|e| {
70            log::error!("{:?}", e);
71            BundyError::JsonDecode
72        })?;
73
74        let data = base64::decode_config(&data, base64::URL_SAFE).map_err(|e| {
75            log::error!("{:?}", e);
76            BundyError::Base64
77        })?;
78
79        serde_json::from_slice(&data).map_err(|e| {
80            log::error!("{:?}", e);
81            BundyError::JsonDecode
82        })
83    }
84}