| <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="Source of the Rust file `/root/.cargo/registry/src/github.com-1ecc6299db9ec823/jsonwebtoken-7.2.0/src/crypto/mod.rs`."><meta name="keywords" content="rust, rustlang, rust-lang"><title>mod.rs - source</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" href="../../../normalize.css"><link rel="stylesheet" href="../../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" href="../../../ayu.css" disabled><link rel="stylesheet" href="../../../dark.css" disabled><link rel="stylesheet" href="../../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../../storage.js"></script><script defer src="../../../source-script.js"></script><script defer src="../../../source-files.js"></script><script defer src="../../../main.js"></script><noscript><link rel="stylesheet" href="../../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../../favicon.svg"></head><body class="rustdoc source"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="sidebar"><a class="sidebar-logo" href="../../../jsonwebtoken/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a></nav><main><div class="width-limiter"><nav class="sub"><a class="sub-logo-container" href="../../../jsonwebtoken/index.html"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></a><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><a href="../../../help.html">?</a></div><div id="settings-menu" tabindex="-1"><a href="../../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../../wheel.svg"></a></div></div></form></nav><section id="main-content" class="content"><div class="example-wrap"><pre class="src-line-numbers"><span id="1">1</span> |
| <span id="2">2</span> |
| <span id="3">3</span> |
| <span id="4">4</span> |
| <span id="5">5</span> |
| <span id="6">6</span> |
| <span id="7">7</span> |
| <span id="8">8</span> |
| <span id="9">9</span> |
| <span id="10">10</span> |
| <span id="11">11</span> |
| <span id="12">12</span> |
| <span id="13">13</span> |
| <span id="14">14</span> |
| <span id="15">15</span> |
| <span id="16">16</span> |
| <span id="17">17</span> |
| <span id="18">18</span> |
| <span id="19">19</span> |
| <span id="20">20</span> |
| <span id="21">21</span> |
| <span id="22">22</span> |
| <span id="23">23</span> |
| <span id="24">24</span> |
| <span id="25">25</span> |
| <span id="26">26</span> |
| <span id="27">27</span> |
| <span id="28">28</span> |
| <span id="29">29</span> |
| <span id="30">30</span> |
| <span id="31">31</span> |
| <span id="32">32</span> |
| <span id="33">33</span> |
| <span id="34">34</span> |
| <span id="35">35</span> |
| <span id="36">36</span> |
| <span id="37">37</span> |
| <span id="38">38</span> |
| <span id="39">39</span> |
| <span id="40">40</span> |
| <span id="41">41</span> |
| <span id="42">42</span> |
| <span id="43">43</span> |
| <span id="44">44</span> |
| <span id="45">45</span> |
| <span id="46">46</span> |
| <span id="47">47</span> |
| <span id="48">48</span> |
| <span id="49">49</span> |
| <span id="50">50</span> |
| <span id="51">51</span> |
| <span id="52">52</span> |
| <span id="53">53</span> |
| <span id="54">54</span> |
| <span id="55">55</span> |
| <span id="56">56</span> |
| <span id="57">57</span> |
| <span id="58">58</span> |
| <span id="59">59</span> |
| <span id="60">60</span> |
| <span id="61">61</span> |
| <span id="62">62</span> |
| <span id="63">63</span> |
| <span id="64">64</span> |
| <span id="65">65</span> |
| <span id="66">66</span> |
| <span id="67">67</span> |
| <span id="68">68</span> |
| <span id="69">69</span> |
| <span id="70">70</span> |
| <span id="71">71</span> |
| <span id="72">72</span> |
| <span id="73">73</span> |
| <span id="74">74</span> |
| <span id="75">75</span> |
| <span id="76">76</span> |
| <span id="77">77</span> |
| <span id="78">78</span> |
| <span id="79">79</span> |
| <span id="80">80</span> |
| <span id="81">81</span> |
| <span id="82">82</span> |
| <span id="83">83</span> |
| <span id="84">84</span> |
| <span id="85">85</span> |
| <span id="86">86</span> |
| <span id="87">87</span> |
| <span id="88">88</span> |
| <span id="89">89</span> |
| <span id="90">90</span> |
| <span id="91">91</span> |
| <span id="92">92</span> |
| <span id="93">93</span> |
| <span id="94">94</span> |
| <span id="95">95</span> |
| <span id="96">96</span> |
| <span id="97">97</span> |
| <span id="98">98</span> |
| </pre><pre class="rust"><code><span class="kw">use </span>ring::constant_time::verify_slices_are_equal; |
| <span class="kw">use </span>ring::{hmac, signature}; |
| |
| <span class="kw">use </span><span class="kw">crate</span>::algorithms::Algorithm; |
| <span class="kw">use </span><span class="kw">crate</span>::decoding::{DecodingKey, DecodingKeyKind}; |
| <span class="kw">use </span><span class="kw">crate</span>::encoding::EncodingKey; |
| <span class="kw">use </span><span class="kw">crate</span>::errors::Result; |
| <span class="kw">use </span><span class="kw">crate</span>::serialization::{b64_decode, b64_encode}; |
| |
| <span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">mod </span>ecdsa; |
| <span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">mod </span>rsa; |
| |
| <span class="doccomment">/// The actual HS signing + encoding |
| /// Could be in its own file to match RSA/EC but it's 2 lines... |
| </span><span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">fn </span>sign_hmac(alg: hmac::Algorithm, key: <span class="kw-2">&</span>[u8], message: <span class="kw-2">&</span>str) -> <span class="prelude-ty">Result</span><String> { |
| <span class="kw">let </span>digest = hmac::sign(<span class="kw-2">&</span>hmac::Key::new(alg, key), message.as_bytes()); |
| <span class="prelude-val">Ok</span>(b64_encode(digest.as_ref())) |
| } |
| |
| <span class="doccomment">/// Take the payload of a JWT, sign it using the algorithm given and return |
| /// the base64 url safe encoded of the result. |
| /// |
| /// If you just want to encode a JWT, use `encode` instead. |
| </span><span class="kw">pub fn </span>sign(message: <span class="kw-2">&</span>str, key: <span class="kw-2">&</span>EncodingKey, algorithm: Algorithm) -> <span class="prelude-ty">Result</span><String> { |
| <span class="kw">match </span>algorithm { |
| Algorithm::HS256 => sign_hmac(hmac::HMAC_SHA256, key.inner(), message), |
| Algorithm::HS384 => sign_hmac(hmac::HMAC_SHA384, key.inner(), message), |
| Algorithm::HS512 => sign_hmac(hmac::HMAC_SHA512, key.inner(), message), |
| |
| Algorithm::ES256 | Algorithm::ES384 => { |
| ecdsa::sign(ecdsa::alg_to_ec_signing(algorithm), key.inner(), message) |
| } |
| |
| Algorithm::RS256 |
| | Algorithm::RS384 |
| | Algorithm::RS512 |
| | Algorithm::PS256 |
| | Algorithm::PS384 |
| | Algorithm::PS512 => rsa::sign(rsa::alg_to_rsa_signing(algorithm), key.inner(), message), |
| } |
| } |
| |
| <span class="doccomment">/// See Ring docs for more details |
| </span><span class="kw">fn </span>verify_ring( |
| alg: <span class="kw-2">&</span><span class="lifetime">'static </span><span class="kw">dyn </span>signature::VerificationAlgorithm, |
| signature: <span class="kw-2">&</span>str, |
| message: <span class="kw-2">&</span>str, |
| key: <span class="kw-2">&</span>[u8], |
| ) -> <span class="prelude-ty">Result</span><bool> { |
| <span class="kw">let </span>signature_bytes = b64_decode(signature)<span class="question-mark">?</span>; |
| <span class="kw">let </span>public_key = signature::UnparsedPublicKey::new(alg, key); |
| <span class="kw">let </span>res = public_key.verify(message.as_bytes(), <span class="kw-2">&</span>signature_bytes); |
| |
| <span class="prelude-val">Ok</span>(res.is_ok()) |
| } |
| |
| <span class="doccomment">/// Compares the signature given with a re-computed signature for HMAC or using the public key |
| /// for RSA/EC. |
| /// |
| /// If you just want to decode a JWT, use `decode` instead. |
| /// |
| /// `signature` is the signature part of a jwt (text after the second '.') |
| /// |
| /// `message` is base64(header) + "." + base64(claims) |
| </span><span class="kw">pub fn </span>verify( |
| signature: <span class="kw-2">&</span>str, |
| message: <span class="kw-2">&</span>str, |
| key: <span class="kw-2">&</span>DecodingKey, |
| algorithm: Algorithm, |
| ) -> <span class="prelude-ty">Result</span><bool> { |
| <span class="kw">match </span>algorithm { |
| Algorithm::HS256 | Algorithm::HS384 | Algorithm::HS512 => { |
| <span class="comment">// we just re-sign the message with the key and compare if they are equal |
| </span><span class="kw">let </span>signed = sign(message, <span class="kw-2">&</span>EncodingKey::from_secret(key.as_bytes()), algorithm)<span class="question-mark">?</span>; |
| <span class="prelude-val">Ok</span>(verify_slices_are_equal(signature.as_ref(), signed.as_ref()).is_ok()) |
| } |
| Algorithm::ES256 | Algorithm::ES384 => verify_ring( |
| ecdsa::alg_to_ec_verification(algorithm), |
| signature, |
| message, |
| key.as_bytes(), |
| ), |
| Algorithm::RS256 |
| | Algorithm::RS384 |
| | Algorithm::RS512 |
| | Algorithm::PS256 |
| | Algorithm::PS384 |
| | Algorithm::PS512 => { |
| <span class="kw">let </span>alg = rsa::alg_to_rsa_parameters(algorithm); |
| <span class="kw">match </span><span class="kw-2">&</span>key.kind { |
| DecodingKeyKind::SecretOrDer(bytes) => verify_ring(alg, signature, message, bytes), |
| DecodingKeyKind::RsaModulusExponent { n, e } => { |
| rsa::verify_from_components(alg, signature, message, (n, e)) |
| } |
| } |
| } |
| } |
| } |
| </code></pre></div> |
| </section></div></main><div id="rustdoc-vars" data-root-path="../../../" data-current-crate="jsonwebtoken" data-themes="ayu,dark,light" data-resource-suffix="" data-rustdoc-version="1.66.0-nightly (5c8bff74b 2022-10-21)" ></div></body></html> |