paseto_core/
lib.rs

1//! PASETO core traits and types.
2//!
3//! This library is mainly offered for crypto developers to write PASETO
4//! libraries easily.
5//!
6//! See:
7//! * <https://crates.io/crates/paseto-v3>
8//! * <https://crates.io/crates/paseto-v3-aws-lc>
9//! * <https://crates.io/crates/paseto-v4>
10//! * <https://crates.io/crates/paseto-v4-sodium>
11
12#![no_std]
13#![deny(unsafe_code)]
14
15#[macro_use]
16extern crate alloc;
17
18#[cfg(test)]
19extern crate std;
20
21#[macro_use]
22pub mod encodings;
23
24mod base64;
25pub mod key;
26pub mod pae;
27pub mod paserk;
28pub mod tokens;
29pub mod validation;
30pub mod version;
31
32use alloc::boxed::Box;
33use core::error::Error;
34
35/// Private key used for [`encryption`](crate::UnencryptedToken::encrypt) and [`decryptiom`](crate::EncryptedToken::decrypt)
36pub type LocalKey<V> = key::Key<V, version::Local>;
37/// Public key used for signature [`verification`](crate::SignedToken::verify)
38pub type PublicKey<V> = key::Key<V, version::Public>;
39/// Private key used for token [`signing`](crate::UnsignedToken::sign)
40pub type SecretKey<V> = key::Key<V, version::Secret>;
41
42/// A token with publically readable data, but not yet verified
43pub type SignedToken<V, M, F = ()> = tokens::SealedToken<V, version::Public, M, F>;
44/// A token with secret data
45pub type EncryptedToken<V, M, F = ()> = tokens::SealedToken<V, version::Local, M, F>;
46/// A [`SignedToken`] that has been verified
47pub type UnsignedToken<V, M, F = ()> = tokens::UnsealedToken<V, version::Public, M, F>;
48/// An [`EncryptedToken`] that has been decrypted
49pub type UnencryptedToken<V, M, F = ()> = tokens::UnsealedToken<V, version::Local, M, F>;
50
51mod sealed {
52    pub trait Sealed {}
53}
54
55#[derive(Debug)]
56#[non_exhaustive]
57/// Error returned for all PASETO and PASERK operations that can fail
58pub enum PasetoError {
59    /// The token was not Base64 URL encoded correctly.
60    Base64DecodeError,
61    /// Could not decode the provided key string
62    InvalidKey,
63    /// The PASETO or PASERK was not of a valid form
64    InvalidToken,
65    /// Could not verify/decrypt the PASETO/PASERK.
66    CryptoError,
67    /// PASETO claims failed validation.
68    ClaimsError,
69    /// There was an error with payload processing
70    PayloadError(Box<dyn Error + Send + Sync>),
71}
72
73impl Error for PasetoError {
74    fn source(&self) -> Option<&(dyn Error + 'static)> {
75        match self {
76            PasetoError::PayloadError(x) => Some(&**x),
77            _ => None,
78        }
79    }
80}
81
82impl core::fmt::Display for PasetoError {
83    fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
84        match self {
85            PasetoError::Base64DecodeError => f.write_str("The token could not be base64 decoded"),
86            PasetoError::InvalidKey => f.write_str("Could not parse the key"),
87            PasetoError::InvalidToken => f.write_str("Could not parse the token"),
88            PasetoError::CryptoError => f.write_str("Token signature could not be validated"),
89            PasetoError::ClaimsError => f.write_str("Token claims could not be validated"),
90            PasetoError::PayloadError(x) => {
91                write!(f, "there was an error with the payload encoding: {x}")
92            }
93        }
94    }
95}