summaryrefslogtreecommitdiffstats
path: root/vendor/pasetors/src/common.rs
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/pasetors/src/common.rs')
-rw-r--r--vendor/pasetors/src/common.rs97
1 files changed, 97 insertions, 0 deletions
diff --git a/vendor/pasetors/src/common.rs b/vendor/pasetors/src/common.rs
new file mode 100644
index 000000000..b95583f62
--- /dev/null
+++ b/vendor/pasetors/src/common.rs
@@ -0,0 +1,97 @@
+use crate::errors::Error;
+use crate::token::private::Purpose;
+use crate::token::UntrustedToken;
+use crate::version::private::Version;
+use alloc::string::String;
+use alloc::vec::Vec;
+use ct_codecs::{Base64UrlSafeNoPadding, Decoder, Encoder};
+use subtle::ConstantTimeEq;
+
+/// Encode bytes with Base64 URL-safe and no padding.
+pub(crate) fn encode_b64<T: AsRef<[u8]>>(bytes: T) -> Result<String, Error> {
+ let inlen = bytes.as_ref().len();
+ let mut buf = vec![0u8; Base64UrlSafeNoPadding::encoded_len(inlen)?];
+
+ let ret: String = Base64UrlSafeNoPadding::encode_to_str(&mut buf, bytes)?.into();
+
+ Ok(ret)
+}
+
+/// Decode string with Base64 URL-safe and no padding.
+pub(crate) fn decode_b64<T: AsRef<[u8]>>(encoded: T) -> Result<Vec<u8>, Error> {
+ let inlen = encoded.as_ref().len();
+ // We can use encoded len here, even if it returns more than needed,
+ // because ct-codecs allows this.
+ let mut buf = vec![0u8; Base64UrlSafeNoPadding::encoded_len(inlen)?];
+
+ let ret: Vec<u8> = Base64UrlSafeNoPadding::decode(&mut buf, encoded, None)?.into();
+
+ Ok(ret)
+}
+
+/// If a footer is present, this is validated against the supplied.
+pub(crate) fn validate_footer_untrusted_token<T: Purpose<V>, V: Version>(
+ token: &UntrustedToken<T, V>,
+ footer: Option<&[u8]>,
+) -> Result<(), Error> {
+ // A known footer was supplied for comparison.
+ if let Some(known_footer) = footer {
+ if token.untrusted_footer().is_empty() {
+ // If one was supplied, one must exist in the untrusted.
+ return Err(Error::TokenValidation);
+ }
+
+ if !bool::from(known_footer.ct_eq(token.untrusted_footer())) {
+ return Err(Error::TokenValidation);
+ }
+ }
+
+ Ok(())
+}
+
+#[cfg(test)]
+pub(crate) mod tests {
+ use alloc::string::String;
+ use alloc::vec::Vec;
+ use serde::{Deserialize, Serialize};
+ use serde_json::Value;
+
+ #[allow(non_snake_case)]
+ #[derive(Serialize, Deserialize, Debug)]
+ pub(crate) struct TestFile {
+ pub(crate) name: String,
+ pub(crate) tests: Vec<PasetoTest>,
+ }
+
+ #[allow(non_snake_case)]
+ #[derive(Serialize, Deserialize, Debug)]
+ pub(crate) struct PasetoTest {
+ pub(crate) name: String,
+ #[serde(rename(deserialize = "expect-fail"))]
+ pub(crate) expect_fail: bool,
+ pub(crate) key: Option<String>,
+ pub(crate) nonce: Option<String>,
+ #[serde(rename(deserialize = "public-key"))]
+ pub(crate) public_key: Option<String>,
+ #[serde(rename(deserialize = "secret-key"))]
+ pub(crate) secret_key: Option<String>,
+ #[serde(rename(deserialize = "secret-key-seed"))]
+ pub(crate) secret_key_seed: Option<String>,
+ #[serde(rename(deserialize = "public-key-pem"))]
+ pub(crate) public_key_pem: Option<String>,
+ #[serde(rename(deserialize = "secret-key-pem"))]
+ pub(crate) secret_key_pem: Option<String>,
+ pub(crate) token: String,
+ pub(crate) payload: Option<Value>,
+ pub(crate) footer: String,
+ #[serde(rename(deserialize = "implicit-assertion"))]
+ pub(crate) implicit_assertion: String,
+ }
+
+ #[allow(non_snake_case)]
+ #[derive(Serialize, Deserialize, Debug)]
+ pub(crate) struct Payload {
+ pub(crate) data: String,
+ pub(crate) exp: String,
+ }
+}