Struct csrf::HmacCsrfProtection

pub struct HmacCsrfProtection { /* fields omitted */ }

Uses HMAC to provide authenticated CSRF tokens and cookies.

Methods

impl HmacCsrfProtection

fn from_key(hmac_key: [u8; 32]) -> Self

Given an HMAC key, return an HmacCsrfProtection instance.

Trait Implementations

impl CsrfProtection for HmacCsrfProtection

fn from_password(password: &[u8]) -> Self

Using scrypt with params n=12, r=8, p=1, generate the key material used for the underlying crypto functions.

Panics

This function may panic if the underlying crypto library fails catastrophically.

fn rng(&self) -> &SystemRandom

Provide a random number generator for other functions.

fn generate_cookie(
    &self,
    token_value: &[u8; 64],
    ttl_seconds: i64
) -> Result<CsrfCookie, CsrfError>

Given a nonce and a time to live (TTL), create a cookie to send to the end user.

fn generate_token(&self, token_value: &[u8; 64]) -> Result<CsrfToken, CsrfError>

Given a nonce, create a token to send to the end user.

fn parse_cookie(
    &self,
    cookie: &[u8]
) -> Result<UnencryptedCsrfCookie, CsrfError>

Given a decoded byte array, deserialize, decrypt, and verify the cookie.

fn parse_token(&self, token: &[u8]) -> Result<UnencryptedCsrfToken, CsrfError>

Given a decoded byte array, deserialize, decrypt, and verify the token.

fn verify_token_pair(
    &self,
    token: &UnencryptedCsrfToken,
    cookie: &UnencryptedCsrfCookie
) -> bool

Given a token pair that has been parsed, decoded, decrypted, and verified, return whether or not the token matches the cookie and they have not expired.

fn random_bytes(&self, buf: &mut [u8]) -> Result<(), CsrfError>

Given a buffer, fill it with random bytes or error if this is not possible.

fn generate_token_pair(
    &self,
    previous_token_value: Option<&[u8; 64]>,
    ttl_seconds: i64
) -> Result<(CsrfToken, CsrfCookie), CsrfError>

Given an optional previous token and a TTL, generate a matching token and cookie pair.