api-docs/crates-enclave/src/jsonwebtoken/crypto/mod.rs.html - incubator-teaclave-website - Git at Google

 <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="Source of the Rust file `/root/.cargo/registry/src/github.com-1ecc6299db9ec823/jsonwebtoken-7.2.0/src/crypto/mod.rs`."><meta name="keywords" content="rust, rustlang, rust-lang"><title>mod.rs - source</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" href="../../../normalize.css"><link rel="stylesheet" href="../../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" href="../../../ayu.css" disabled><link rel="stylesheet" href="../../../dark.css" disabled><link rel="stylesheet" href="../../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../../storage.js"></script><script defer src="../../../source-script.js"></script><script defer src="../../../source-files.js"></script><script defer src="../../../main.js"></script><noscript><link rel="stylesheet" href="../../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../../favicon.svg"></head><body class="rustdoc source"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="sidebar"><a class="sidebar-logo" href="../../../jsonwebtoken/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a></nav><main><div class="width-limiter"><nav class="sub"><a class="sub-logo-container" href="../../../jsonwebtoken/index.html"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></a><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><a href="../../../help.html">?</a></div><div id="settings-menu" tabindex="-1"><a href="../../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../../wheel.svg"></a></div></div></form></nav><section id="main-content" class="content"><div class="example-wrap"><pre class="src-line-numbers"><span id="1">1</span>
 <span id="2">2</span>
 <span id="3">3</span>
 <span id="4">4</span>
 <span id="5">5</span>
 <span id="6">6</span>
 <span id="7">7</span>
 <span id="8">8</span>
 <span id="9">9</span>
 <span id="10">10</span>
 <span id="11">11</span>
 <span id="12">12</span>
 <span id="13">13</span>
 <span id="14">14</span>
 <span id="15">15</span>
 <span id="16">16</span>
 <span id="17">17</span>
 <span id="18">18</span>
 <span id="19">19</span>
 <span id="20">20</span>
 <span id="21">21</span>
 <span id="22">22</span>
 <span id="23">23</span>
 <span id="24">24</span>
 <span id="25">25</span>
 <span id="26">26</span>
 <span id="27">27</span>
 <span id="28">28</span>
 <span id="29">29</span>
 <span id="30">30</span>
 <span id="31">31</span>
 <span id="32">32</span>
 <span id="33">33</span>
 <span id="34">34</span>
 <span id="35">35</span>
 <span id="36">36</span>
 <span id="37">37</span>
 <span id="38">38</span>
 <span id="39">39</span>
 <span id="40">40</span>
 <span id="41">41</span>
 <span id="42">42</span>
 <span id="43">43</span>
 <span id="44">44</span>
 <span id="45">45</span>
 <span id="46">46</span>
 <span id="47">47</span>
 <span id="48">48</span>
 <span id="49">49</span>
 <span id="50">50</span>
 <span id="51">51</span>
 <span id="52">52</span>
 <span id="53">53</span>
 <span id="54">54</span>
 <span id="55">55</span>
 <span id="56">56</span>
 <span id="57">57</span>
 <span id="58">58</span>
 <span id="59">59</span>
 <span id="60">60</span>
 <span id="61">61</span>
 <span id="62">62</span>
 <span id="63">63</span>
 <span id="64">64</span>
 <span id="65">65</span>
 <span id="66">66</span>
 <span id="67">67</span>
 <span id="68">68</span>
 <span id="69">69</span>
 <span id="70">70</span>
 <span id="71">71</span>
 <span id="72">72</span>
 <span id="73">73</span>
 <span id="74">74</span>
 <span id="75">75</span>
 <span id="76">76</span>
 <span id="77">77</span>
 <span id="78">78</span>
 <span id="79">79</span>
 <span id="80">80</span>
 <span id="81">81</span>
 <span id="82">82</span>
 <span id="83">83</span>
 <span id="84">84</span>
 <span id="85">85</span>
 <span id="86">86</span>
 <span id="87">87</span>
 <span id="88">88</span>
 <span id="89">89</span>
 <span id="90">90</span>
 <span id="91">91</span>
 <span id="92">92</span>
 <span id="93">93</span>
 <span id="94">94</span>
 <span id="95">95</span>
 <span id="96">96</span>
 <span id="97">97</span>
 <span id="98">98</span>
 </pre><pre class="rust"><code><span class="kw">use </span>ring::constant_time::verify_slices_are_equal;
 <span class="kw">use </span>ring::{hmac, signature};

 <span class="kw">use </span><span class="kw">crate</span>::algorithms::Algorithm;
 <span class="kw">use </span><span class="kw">crate</span>::decoding::{DecodingKey, DecodingKeyKind};
 <span class="kw">use </span><span class="kw">crate</span>::encoding::EncodingKey;
 <span class="kw">use </span><span class="kw">crate</span>::errors::Result;
 <span class="kw">use </span><span class="kw">crate</span>::serialization::{b64_decode, b64_encode};

 <span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">mod </span>ecdsa;
 <span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">mod </span>rsa;

 <span class="doccomment">/// The actual HS signing + encoding
 /// Could be in its own file to match RSA/EC but it&#39;s 2 lines...
 </span><span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">fn </span>sign_hmac(alg: hmac::Algorithm, key: <span class="kw-2">&amp;</span>[u8], message: <span class="kw-2">&amp;</span>str) -&gt; <span class="prelude-ty">Result</span>&lt;String&gt; {
     <span class="kw">let </span>digest = hmac::sign(<span class="kw-2">&amp;</span>hmac::Key::new(alg, key), message.as_bytes());
     <span class="prelude-val">Ok</span>(b64_encode(digest.as_ref()))
 }

 <span class="doccomment">/// Take the payload of a JWT, sign it using the algorithm given and return
 /// the base64 url safe encoded of the result.
 ///
 /// If you just want to encode a JWT, use `encode` instead.
 </span><span class="kw">pub fn </span>sign(message: <span class="kw-2">&amp;</span>str, key: <span class="kw-2">&amp;</span>EncodingKey, algorithm: Algorithm) -&gt; <span class="prelude-ty">Result</span>&lt;String&gt; {
     <span class="kw">match </span>algorithm {
         Algorithm::HS256 =&gt; sign_hmac(hmac::HMAC_SHA256, key.inner(), message),
         Algorithm::HS384 =&gt; sign_hmac(hmac::HMAC_SHA384, key.inner(), message),
         Algorithm::HS512 =&gt; sign_hmac(hmac::HMAC_SHA512, key.inner(), message),

         Algorithm::ES256 | Algorithm::ES384 =&gt; {
             ecdsa::sign(ecdsa::alg_to_ec_signing(algorithm), key.inner(), message)
         }

         Algorithm::RS256
         | Algorithm::RS384
         | Algorithm::RS512
         | Algorithm::PS256
         | Algorithm::PS384
         | Algorithm::PS512 =&gt; rsa::sign(rsa::alg_to_rsa_signing(algorithm), key.inner(), message),
     }
 }

 <span class="doccomment">/// See Ring docs for more details
 </span><span class="kw">fn </span>verify_ring(
     alg: <span class="kw-2">&amp;</span><span class="lifetime">&#39;static </span><span class="kw">dyn </span>signature::VerificationAlgorithm,
     signature: <span class="kw-2">&amp;</span>str,
     message: <span class="kw-2">&amp;</span>str,
     key: <span class="kw-2">&amp;</span>[u8],
 ) -&gt; <span class="prelude-ty">Result</span>&lt;bool&gt; {
     <span class="kw">let </span>signature_bytes = b64_decode(signature)<span class="question-mark">?</span>;
     <span class="kw">let </span>public_key = signature::UnparsedPublicKey::new(alg, key);
     <span class="kw">let </span>res = public_key.verify(message.as_bytes(), <span class="kw-2">&amp;</span>signature_bytes);

     <span class="prelude-val">Ok</span>(res.is_ok())
 }

 <span class="doccomment">/// Compares the signature given with a re-computed signature for HMAC or using the public key
 /// for RSA/EC.
 ///
 /// If you just want to decode a JWT, use `decode` instead.
 ///
 /// `signature` is the signature part of a jwt (text after the second &#39;.&#39;)
 ///
 /// `message` is base64(header) + &quot;.&quot; + base64(claims)
 </span><span class="kw">pub fn </span>verify(
     signature: <span class="kw-2">&amp;</span>str,
     message: <span class="kw-2">&amp;</span>str,
     key: <span class="kw-2">&amp;</span>DecodingKey,
     algorithm: Algorithm,
 ) -&gt; <span class="prelude-ty">Result</span>&lt;bool&gt; {
     <span class="kw">match </span>algorithm {
         Algorithm::HS256 | Algorithm::HS384 | Algorithm::HS512 =&gt; {
             <span class="comment">// we just re-sign the message with the key and compare if they are equal
             </span><span class="kw">let </span>signed = sign(message, <span class="kw-2">&amp;</span>EncodingKey::from_secret(key.as_bytes()), algorithm)<span class="question-mark">?</span>;
             <span class="prelude-val">Ok</span>(verify_slices_are_equal(signature.as_ref(), signed.as_ref()).is_ok())
         }
         Algorithm::ES256 | Algorithm::ES384 =&gt; verify_ring(
             ecdsa::alg_to_ec_verification(algorithm),
             signature,
             message,
             key.as_bytes(),
         ),
         Algorithm::RS256
         | Algorithm::RS384
         | Algorithm::RS512
         | Algorithm::PS256
         | Algorithm::PS384
         | Algorithm::PS512 =&gt; {
             <span class="kw">let </span>alg = rsa::alg_to_rsa_parameters(algorithm);
             <span class="kw">match </span><span class="kw-2">&amp;</span>key.kind {
                 DecodingKeyKind::SecretOrDer(bytes) =&gt; verify_ring(alg, signature, message, bytes),
                 DecodingKeyKind::RsaModulusExponent { n, e } =&gt; {
                     rsa::verify_from_components(alg, signature, message, (n, e))
                 }
             }
         }
     }
 }
 </code></pre></div>
 </section></div></main><div id="rustdoc-vars" data-root-path="../../../" data-current-crate="jsonwebtoken" data-themes="ayu,dark,light" data-resource-suffix="" data-rustdoc-version="1.66.0-nightly (5c8bff74b 2022-10-21)" ></div></body></html>
	<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="Source of the Rust file `/root/.cargo/registry/src/github.com-1ecc6299db9ec823/jsonwebtoken-7.2.0/src/crypto/mod.rs`."><meta name="keywords" content="rust, rustlang, rust-lang"><title>mod.rs - source</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" href="../../../normalize.css"><link rel="stylesheet" href="../../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" href="../../../ayu.css" disabled><link rel="stylesheet" href="../../../dark.css" disabled><link rel="stylesheet" href="../../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../../storage.js"></script><script defer src="../../../source-script.js"></script><script defer src="../../../source-files.js"></script><script defer src="../../../main.js"></script><noscript><link rel="stylesheet" href="../../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../../favicon.svg"></head><body class="rustdoc source"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="sidebar"><a class="sidebar-logo" href="../../../jsonwebtoken/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a></nav><main><div class="width-limiter"><nav class="sub"><a class="sub-logo-container" href="../../../jsonwebtoken/index.html"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></a><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><a href="../../../help.html">?</a></div><div id="settings-menu" tabindex="-1"><a href="../../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../../wheel.svg"></a></div></div></form></nav><section id="main-content" class="content"><div class="example-wrap"><pre class="src-line-numbers"><span id="1">1</span>
	<span id="2">2</span>
	<span id="3">3</span>
	<span id="4">4</span>
	<span id="5">5</span>
	<span id="6">6</span>
	<span id="7">7</span>
	<span id="8">8</span>
	<span id="9">9</span>
	<span id="10">10</span>
	<span id="11">11</span>
	<span id="12">12</span>
	<span id="13">13</span>
	<span id="14">14</span>
	<span id="15">15</span>
	<span id="16">16</span>
	<span id="17">17</span>
	<span id="18">18</span>
	<span id="19">19</span>
	<span id="20">20</span>
	<span id="21">21</span>
	<span id="22">22</span>
	<span id="23">23</span>
	<span id="24">24</span>
	<span id="25">25</span>
	<span id="26">26</span>
	<span id="27">27</span>
	<span id="28">28</span>
	<span id="29">29</span>
	<span id="30">30</span>
	<span id="31">31</span>
	<span id="32">32</span>
	<span id="33">33</span>
	<span id="34">34</span>
	<span id="35">35</span>
	<span id="36">36</span>
	<span id="37">37</span>
	<span id="38">38</span>
	<span id="39">39</span>
	<span id="40">40</span>
	<span id="41">41</span>
	<span id="42">42</span>
	<span id="43">43</span>
	<span id="44">44</span>
	<span id="45">45</span>
	<span id="46">46</span>
	<span id="47">47</span>
	<span id="48">48</span>
	<span id="49">49</span>
	<span id="50">50</span>
	<span id="51">51</span>
	<span id="52">52</span>
	<span id="53">53</span>
	<span id="54">54</span>
	<span id="55">55</span>
	<span id="56">56</span>
	<span id="57">57</span>
	<span id="58">58</span>
	<span id="59">59</span>
	<span id="60">60</span>
	<span id="61">61</span>
	<span id="62">62</span>
	<span id="63">63</span>
	<span id="64">64</span>
	<span id="65">65</span>
	<span id="66">66</span>
	<span id="67">67</span>
	<span id="68">68</span>
	<span id="69">69</span>
	<span id="70">70</span>
	<span id="71">71</span>
	<span id="72">72</span>
	<span id="73">73</span>
	<span id="74">74</span>
	<span id="75">75</span>
	<span id="76">76</span>
	<span id="77">77</span>
	<span id="78">78</span>
	<span id="79">79</span>
	<span id="80">80</span>
	<span id="81">81</span>
	<span id="82">82</span>
	<span id="83">83</span>
	<span id="84">84</span>
	<span id="85">85</span>
	<span id="86">86</span>
	<span id="87">87</span>
	<span id="88">88</span>
	<span id="89">89</span>
	<span id="90">90</span>
	<span id="91">91</span>
	<span id="92">92</span>
	<span id="93">93</span>
	<span id="94">94</span>
	<span id="95">95</span>
	<span id="96">96</span>
	<span id="97">97</span>
	<span id="98">98</span>
	</pre><pre class="rust"><code><span class="kw">use </span>ring::constant_time::verify_slices_are_equal;
	<span class="kw">use </span>ring::{hmac, signature};

	<span class="kw">use </span><span class="kw">crate</span>::algorithms::Algorithm;
	<span class="kw">use </span><span class="kw">crate</span>::decoding::{DecodingKey, DecodingKeyKind};
	<span class="kw">use </span><span class="kw">crate</span>::encoding::EncodingKey;
	<span class="kw">use </span><span class="kw">crate</span>::errors::Result;
	<span class="kw">use </span><span class="kw">crate</span>::serialization::{b64_decode, b64_encode};

	<span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">mod </span>ecdsa;
	<span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">mod </span>rsa;

	<span class="doccomment">/// The actual HS signing + encoding
	/// Could be in its own file to match RSA/EC but it's 2 lines...
	</span><span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">fn </span>sign_hmac(alg: hmac::Algorithm, key: <span class="kw-2">&</span>[u8], message: <span class="kw-2">&</span>str) -> <span class="prelude-ty">Result</span><String> {
	<span class="kw">let </span>digest = hmac::sign(<span class="kw-2">&</span>hmac::Key::new(alg, key), message.as_bytes());
	<span class="prelude-val">Ok</span>(b64_encode(digest.as_ref()))
	}

	<span class="doccomment">/// Take the payload of a JWT, sign it using the algorithm given and return
	/// the base64 url safe encoded of the result.
	///
	/// If you just want to encode a JWT, use `encode` instead.
	</span><span class="kw">pub fn </span>sign(message: <span class="kw-2">&</span>str, key: <span class="kw-2">&</span>EncodingKey, algorithm: Algorithm) -> <span class="prelude-ty">Result</span><String> {
	<span class="kw">match </span>algorithm {
	Algorithm::HS256 => sign_hmac(hmac::HMAC_SHA256, key.inner(), message),
	Algorithm::HS384 => sign_hmac(hmac::HMAC_SHA384, key.inner(), message),
	Algorithm::HS512 => sign_hmac(hmac::HMAC_SHA512, key.inner(), message),

	Algorithm::ES256 \| Algorithm::ES384 => {
	ecdsa::sign(ecdsa::alg_to_ec_signing(algorithm), key.inner(), message)
	}

	Algorithm::RS256
	\| Algorithm::RS384
	\| Algorithm::RS512
	\| Algorithm::PS256
	\| Algorithm::PS384
	\| Algorithm::PS512 => rsa::sign(rsa::alg_to_rsa_signing(algorithm), key.inner(), message),
	}
	}

	<span class="doccomment">/// See Ring docs for more details
	</span><span class="kw">fn </span>verify_ring(
	alg: <span class="kw-2">&</span><span class="lifetime">'static </span><span class="kw">dyn </span>signature::VerificationAlgorithm,
	signature: <span class="kw-2">&</span>str,
	message: <span class="kw-2">&</span>str,
	key: <span class="kw-2">&</span>[u8],
	) -> <span class="prelude-ty">Result</span><bool> {
	<span class="kw">let </span>signature_bytes = b64_decode(signature)<span class="question-mark">?</span>;
	<span class="kw">let </span>public_key = signature::UnparsedPublicKey::new(alg, key);
	<span class="kw">let </span>res = public_key.verify(message.as_bytes(), <span class="kw-2">&</span>signature_bytes);

	<span class="prelude-val">Ok</span>(res.is_ok())
	}

	<span class="doccomment">/// Compares the signature given with a re-computed signature for HMAC or using the public key
	/// for RSA/EC.
	///
	/// If you just want to decode a JWT, use `decode` instead.
	///
	/// `signature` is the signature part of a jwt (text after the second '.')
	///
	/// `message` is base64(header) + "." + base64(claims)
	</span><span class="kw">pub fn </span>verify(
	signature: <span class="kw-2">&</span>str,
	message: <span class="kw-2">&</span>str,
	key: <span class="kw-2">&</span>DecodingKey,
	algorithm: Algorithm,
	) -> <span class="prelude-ty">Result</span><bool> {
	<span class="kw">match </span>algorithm {
	Algorithm::HS256 \| Algorithm::HS384 \| Algorithm::HS512 => {
	<span class="comment">// we just re-sign the message with the key and compare if they are equal
	</span><span class="kw">let </span>signed = sign(message, <span class="kw-2">&</span>EncodingKey::from_secret(key.as_bytes()), algorithm)<span class="question-mark">?</span>;
	<span class="prelude-val">Ok</span>(verify_slices_are_equal(signature.as_ref(), signed.as_ref()).is_ok())
	}
	Algorithm::ES256 \| Algorithm::ES384 => verify_ring(
	ecdsa::alg_to_ec_verification(algorithm),
	signature,
	message,
	key.as_bytes(),
	),
	Algorithm::RS256
	\| Algorithm::RS384
	\| Algorithm::RS512
	\| Algorithm::PS256
	\| Algorithm::PS384
	\| Algorithm::PS512 => {
	<span class="kw">let </span>alg = rsa::alg_to_rsa_parameters(algorithm);
	<span class="kw">match </span><span class="kw-2">&</span>key.kind {
	DecodingKeyKind::SecretOrDer(bytes) => verify_ring(alg, signature, message, bytes),
	DecodingKeyKind::RsaModulusExponent { n, e } => {
	rsa::verify_from_components(alg, signature, message, (n, e))
	}
	}
	}
	}
	}
	</code></pre></div>
	</section></div></main><div id="rustdoc-vars" data-root-path="../../../" data-current-crate="jsonwebtoken" data-themes="ayu,dark,light" data-resource-suffix="" data-rustdoc-version="1.66.0-nightly (5c8bff74b 2022-10-21)" ></div></body></html>