iron-csrf 0.0.1

CSRF protection for the web framework Iron
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107

use std::str;

use ring::signature;
use ring::signature::Ed25519KeyPair;
use rustc_serialize::json;
use rustc_serialize::base64::{ToBase64, FromBase64, STANDARD};

use untrusted;

#[derive(Eq, PartialEq, Hash, Clone, Debug, RustcEncodable, RustcDecodable)]
pub struct CsrfToken {
    message: Vec<u8>,
    signature: Vec<u8>,
}

unsafe impl Sync for CsrfToken {}
unsafe impl Send for CsrfToken {}

impl CsrfToken {
    fn new(message: Vec<u8>, signature: Vec<u8>) -> Self {
        CsrfToken {
            message: message,
            signature: signature,
        }
    }

    pub fn b64_string(&self) -> String {
        json::encode(&self).unwrap().as_bytes().to_base64(STANDARD) // TODO unwrap is evil
    }

    pub fn parse_b64(string: &str) -> Option<Self> {
        string.as_bytes().from_base64().ok()
            .and_then(|s| str::from_utf8(&s).ok().map(|s| s.to_string()))
            .and_then(|s| json::decode(&s.as_str()).ok())
    }
}

pub trait CsrfProtection: Send + Sync {
    fn generate_token(&self) -> Result<CsrfToken, String>;
    fn validate_token(&self, token: &CsrfToken) -> Result<bool, String>;
}

pub struct Ed25519CsrfProtection {
	key_pair: Ed25519KeyPair,
	pub_key: Vec<u8>,
}

impl Ed25519CsrfProtection {
	pub fn new(key_pair: Ed25519KeyPair, pub_key: Vec<u8>) -> Self {
		Ed25519CsrfProtection {
			key_pair: key_pair,
			pub_key: pub_key,
        }
	}
}

impl CsrfProtection for Ed25519CsrfProtection {
    fn generate_token(&self) -> Result<CsrfToken, String> {
        let msg = String::from("TODO").into_bytes(); // TODO use a timestamp & nonce
        // TODO encrypt message
		let sig = Vec::from(self.key_pair.sign(msg.as_slice()).as_slice());
		Ok(CsrfToken::new(msg, sig))
    }
    
    fn validate_token(&self, token: &CsrfToken) -> Result<bool, String> {
		let msg = untrusted::Input::from(token.message.as_slice());
		let sig = untrusted::Input::from(token.signature.as_slice());
		Ok(signature::verify(&signature::ED25519,
							 untrusted::Input::from(self.pub_key.as_slice()),
                             msg, sig).is_ok())
	}
}

#[cfg(test)]
mod tests {
    use super::*;
    use ring::rand::SystemRandom;

    #[test]
    fn test_csrf_token_serde() {
        let token = CsrfToken::new(b"some message".to_vec(), b"the signature".to_vec());
        let parsed = CsrfToken::parse_b64(token.b64_string().as_str()).unwrap();
        assert_eq!(token, parsed)
    }

    #[test]
    fn test_ed25519_csrf_protection() {
        let rng = SystemRandom::new();
        let (_, key_bytes) = Ed25519KeyPair::generate_serializable(&rng).unwrap();
        let key_pair = Ed25519KeyPair::from_bytes(&key_bytes.private_key, &key_bytes.public_key).unwrap();
        let protect = Ed25519CsrfProtection::new(key_pair, key_bytes.public_key.to_vec());

        // check token validates
        let token = protect.generate_token().unwrap();
        assert!(protect.validate_token(&token).unwrap());

        // check modified token doesn't validate
        let mut token = protect.generate_token().unwrap();
        token.message[0] = token.message[0] ^ 0x07;
        assert!(!protect.validate_token(&token).unwrap());

        // check modified signature doesn't validate
        let mut token = protect.generate_token().unwrap();
        token.signature[0] = token.signature[0] ^ 0x07;
        assert!(!protect.validate_token(&token).unwrap());
    }
}