<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="Source of the Rust file `auth/src/lib.rs`."><meta name="keywords" content="rust, rustlang, rust-lang"><title>lib.rs - source</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" type="text/css" href="../../normalize.css"><link rel="stylesheet" type="text/css" href="../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" type="text/css" href="../../ayu.css" disabled><link rel="stylesheet" type="text/css" href="../../dark.css" disabled><link rel="stylesheet" type="text/css" href="../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../storage.js"></script><script defer src="../../source-script.js"></script><script defer src="../../source-files.js"></script><script defer src="../../main.js"></script><noscript><link rel="stylesheet" href="../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../favicon.svg"></head><body class="rustdoc source"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">☰</button><a class="sidebar-logo" href="../../auth/index.html"><div class="logo-container"><img class="rust-logo" src="../../rust-logo.svg" alt="logo"></div> </a><h2 class="location"></h2> </nav> <nav class="sidebar"><a class="sidebar-logo" href="../../auth/index.html"><div class="logo-container"><img class="rust-logo" src="../../rust-logo.svg" alt="logo"></div> </a></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../../auth/index.html"><img class="rust-logo" src="../../rust-logo.svg" alt="logo"></a><nav class="sub"><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><button type="button" id="help-button" title="help">?</button><div id="settings-menu" tabindex="-1"> <a href="../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../wheel.svg"></a></div> </div></form></nav></div><section id="main-content" class="content"><div class="example-wrap"><pre class="line-numbers"><span id="1">1</span> <span id="2">2</span> <span id="3">3</span> <span id="4">4</span> <span id="5">5</span> <span id="6">6</span> <span id="7">7</span> <span id="8">8</span> <span id="9">9</span> <span id="10">10</span> <span id="11">11</span> <span id="12">12</span> <span id="13">13</span> <span id="14">14</span> <span id="15">15</span> <span id="16">16</span> <span id="17">17</span> <span id="18">18</span> <span id="19">19</span> <span id="20">20</span> <span id="21">21</span> <span id="22">22</span> <span id="23">23</span> <span id="24">24</span> <span id="25">25</span> <span id="26">26</span> <span id="27">27</span> <span id="28">28</span> <span id="29">29</span> <span id="30">30</span> <span id="31">31</span> <span id="32">32</span> <span id="33">33</span> <span id="34">34</span> <span id="35">35</span> <span id="36">36</span> <span id="37">37</span> <span id="38">38</span> <span id="39">39</span> <span id="40">40</span> <span id="41">41</span> <span id="42">42</span> <span id="43">43</span> <span id="44">44</span> <span id="45">45</span> <span id="46">46</span> <span id="47">47</span> <span id="48">48</span> <span id="49">49</span> <span id="50">50</span> <span id="51">51</span> <span id="52">52</span> <span id="53">53</span> <span id="54">54</span> <span id="55">55</span> <span id="56">56</span> <span id="57">57</span> <span id="58">58</span> <span id="59">59</span> <span id="60">60</span> <span id="61">61</span> <span id="62">62</span> <span id="63">63</span> <span id="64">64</span> <span id="65">65</span> <span id="66">66</span> <span id="67">67</span> <span id="68">68</span> <span id="69">69</span> <span id="70">70</span> <span id="71">71</span> <span id="72">72</span> <span id="73">73</span> <span id="74">74</span> <span id="75">75</span> <span id="76">76</span> <span id="77">77</span> <span id="78">78</span> <span id="79">79</span> <span id="80">80</span> <span id="81">81</span> <span id="82">82</span> <span id="83">83</span> <span id="84">84</span> <span id="85">85</span> <span id="86">86</span> <span id="87">87</span> <span id="88">88</span> <span id="89">89</span> <span id="90">90</span> <span id="91">91</span> <span id="92">92</span> <span id="93">93</span> <span id="94">94</span> <span id="95">95</span> <span id="96">96</span> <span id="97">97</span> <span id="98">98</span> <span id="99">99</span> </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">aes_gcm::aead::generic_array::GenericArray</span>; <span class="kw">use</span> <span class="ident">aes_gcm::aead::Aead</span>; <span class="kw">use</span> <span class="ident">aes_gcm::AeadInPlace</span>; <span class="kw">use</span> <span class="ident">aes_gcm::Aes256Gcm</span>; <span class="kw">use</span> <span class="ident">aes_gcm::NewAead</span>; <span class="kw">use</span> <span class="ident">displaydoc::Display</span>; <span class="kw">use</span> <span class="ident">once_cell::sync::OnceCell</span>; <span class="kw">use</span> <span class="ident">rand::Rng</span>; <span class="kw">use</span> <span class="ident">rand::RngCore</span>; <span class="kw">use</span> <span class="ident">serde::Serialize</span>; <span class="kw">use</span> <span class="ident">std::convert::TryInto</span>; <span class="kw">use</span> <span class="ident">thiserror::Error</span>; <span class="kw">const</span> <span class="ident">NONCE_LEN</span>: <span class="ident">usize</span> <span class="op">=</span> <span class="number">12</span>; <span class="kw">const</span> <span class="ident">TAG_LEN</span>: <span class="ident">usize</span> <span class="op">=</span> <span class="number">16</span>; <span class="doccomment">/// This is the secret key with which we sign the cookies.</span> <span class="comment">// TODO: Generate this at first run to ensure security</span> <span class="kw">static</span> <span class="ident">KEY</span>: <span class="ident">OnceCell</span><span class="op"><</span>[<span class="ident">u8</span>; <span class="number">32</span>]<span class="op">></span> <span class="op">=</span> <span class="ident">OnceCell::new</span>(); <span class="kw">pub</span> <span class="kw">fn</span> <span class="ident">generate_key</span>() -> [<span class="ident">u8</span>; <span class="number">32</span>] { <span class="ident">rand::thread_rng</span>().<span class="ident">gen</span>() } <span class="kw">pub</span> <span class="kw">fn</span> <span class="ident">set_key</span>(<span class="ident">k</span>: [<span class="ident">u8</span>; <span class="number">32</span>]) { <span class="ident">KEY</span>.<span class="ident">set</span>(<span class="ident">k</span>).<span class="ident">expect</span>(<span class="string">"Failed to set secret_key"</span>) } <span class="doccomment">/// This function should only be called from tests</span> <span class="kw">pub</span> <span class="kw">fn</span> <span class="ident">set_key_fallible</span>(<span class="ident">k</span>: [<span class="ident">u8</span>; <span class="number">32</span>]) { <span class="kw">let</span> <span class="kw">_</span> <span class="op">=</span> <span class="ident">KEY</span>.<span class="ident">set</span>(<span class="ident">k</span>); } <span class="kw">fn</span> <span class="ident">get_key</span>() -> <span class="kw-2">&</span><span class="lifetime">'static</span> [<span class="ident">u8</span>; <span class="number">32</span>] { <span class="ident">KEY</span>.<span class="ident">get</span>().<span class="ident">expect</span>(<span class="string">"key must be initialized"</span>) } <span class="attribute">#[<span class="ident">derive</span>(<span class="ident">Clone</span>, <span class="ident">Debug</span>, <span class="ident">Display</span>, <span class="ident">Error</span>, <span class="ident">Serialize</span>)]</span> <span class="kw">pub</span> <span class="kw">enum</span> <span class="ident">AuthError</span> { <span class="doccomment">/// Token is not base64 encoded.</span> <span class="ident">BadBase64</span>, <span class="doccomment">/// Token data is too short.</span> <span class="ident">ShortData</span>, <span class="doccomment">/// Failed to decrypt token.</span> <span class="ident">DecryptError</span>, <span class="doccomment">/// Token plaintext does not contain a UserID.</span> <span class="ident">PlainTextNoti64</span>, } <span class="doccomment">/// Function encrypts a UserID with a nonce and returns it as a base64 string to be used as a cookie/token.</span> <span class="kw">pub</span> <span class="kw">fn</span> <span class="ident">user_cookie_generate</span>(<span class="ident">user</span>: <span class="ident">i64</span>) -> <span class="ident">String</span> { <span class="comment">// Create a vec to hold the [nonce | cookie value].</span> <span class="kw">let</span> <span class="ident">cookie_val</span> <span class="op">=</span> <span class="kw-2">&</span><span class="ident">user</span>.<span class="ident">to_be_bytes</span>(); <span class="kw">let</span> <span class="kw-2">mut</span> <span class="ident">data</span> <span class="op">=</span> <span class="macro">vec!</span>[<span class="number">0</span>; <span class="ident">NONCE_LEN</span> <span class="op">+</span> <span class="ident">cookie_val</span>.<span class="ident">len</span>() <span class="op">+</span> <span class="ident">TAG_LEN</span>]; <span class="comment">// Split data into three: nonce, input/output, tag. Copy input.</span> <span class="kw">let</span> (<span class="ident">nonce</span>, <span class="ident">in_out</span>) <span class="op">=</span> <span class="ident">data</span>.<span class="ident">split_at_mut</span>(<span class="ident">NONCE_LEN</span>); <span class="kw">let</span> (<span class="ident">in_out</span>, <span class="ident">tag</span>) <span class="op">=</span> <span class="ident">in_out</span>.<span class="ident">split_at_mut</span>(<span class="ident">cookie_val</span>.<span class="ident">len</span>()); <span class="ident">in_out</span>.<span class="ident">copy_from_slice</span>(<span class="ident">cookie_val</span>); <span class="comment">// Fill nonce piece with random data.</span> <span class="kw">let</span> <span class="kw-2">mut</span> <span class="ident">rng</span> <span class="op">=</span> <span class="ident">rand::thread_rng</span>(); <span class="ident">rng</span>.<span class="ident">try_fill_bytes</span>(<span class="ident">nonce</span>) .<span class="ident">expect</span>(<span class="string">"couldn't random fill nonce"</span>); <span class="kw">let</span> <span class="ident">nonce</span> <span class="op">=</span> <span class="ident">GenericArray::clone_from_slice</span>(<span class="ident">nonce</span>); <span class="comment">// Perform the actual sealing operation, using the cookie's name as</span> <span class="comment">// associated data to prevent value swapping.</span> <span class="kw">let</span> <span class="ident">aead</span> <span class="op">=</span> <span class="ident">Aes256Gcm::new</span>(<span class="ident">GenericArray::from_slice</span>(<span class="ident">get_key</span>())); <span class="kw">let</span> <span class="ident">aad_tag</span> <span class="op">=</span> <span class="ident">aead</span> .<span class="ident">encrypt_in_place_detached</span>(<span class="kw-2">&</span><span class="ident">nonce</span>, <span class="string">b""</span>, <span class="ident">in_out</span>) .<span class="ident">expect</span>(<span class="string">"encryption failure!"</span>); <span class="comment">// Copy the tag into the tag piece.</span> <span class="ident">tag</span>.<span class="ident">copy_from_slice</span>(<span class="kw-2">&</span><span class="ident">aad_tag</span>); <span class="comment">// Base64 encode [nonce | encrypted value | tag].</span> <span class="ident">base64::encode</span>(<span class="kw-2">&</span><span class="ident">data</span>) } <span class="doccomment">/// Function decrypts a UserID which was encrypted with `user_cookie_generate`</span> <span class="kw">pub</span> <span class="kw">fn</span> <span class="ident">user_cookie_decode</span>(<span class="ident">cookie</span>: <span class="ident">String</span>) -> <span class="prelude-ty">Result</span><span class="op"><</span><span class="ident">i64</span>, <span class="ident">AuthError</span><span class="op">></span> { <span class="kw">let</span> <span class="ident">data</span> <span class="op">=</span> <span class="ident">base64::decode</span>(<span class="ident">cookie</span>).<span class="ident">map_err</span>(<span class="op">|</span><span class="kw">_</span><span class="op">|</span> <span class="ident">AuthError::BadBase64</span>)<span class="question-mark">?</span>; <span class="kw">if</span> <span class="ident">data</span>.<span class="ident">len</span>() <span class="op"><</span><span class="op">=</span> <span class="ident">NONCE_LEN</span> { <span class="kw">return</span> <span class="prelude-val">Err</span>(<span class="ident">AuthError::ShortData</span>); } <span class="kw">let</span> (<span class="ident">nonce</span>, <span class="ident">cipher</span>) <span class="op">=</span> <span class="ident">data</span>.<span class="ident">split_at</span>(<span class="ident">NONCE_LEN</span>); <span class="kw">let</span> <span class="ident">aead</span> <span class="op">=</span> <span class="ident">Aes256Gcm::new</span>(<span class="ident">GenericArray::from_slice</span>(<span class="ident">get_key</span>())); <span class="kw">let</span> <span class="ident">plaintext</span> <span class="op">=</span> <span class="ident">aead</span> .<span class="ident">decrypt</span>(<span class="ident">GenericArray::from_slice</span>(<span class="ident">nonce</span>), <span class="ident">cipher</span>) .<span class="ident">map_err</span>(<span class="op">|</span><span class="kw">_</span><span class="op">|</span> <span class="ident">AuthError::DecryptError</span>)<span class="question-mark">?</span>; <span class="prelude-val">Ok</span>(<span class="ident">i64::from_be_bytes</span>( <span class="ident">plaintext</span> .<span class="ident">try_into</span>() .<span class="ident">map_err</span>(<span class="op">|</span><span class="kw">_</span><span class="op">|</span> <span class="ident">AuthError::PlainTextNoti64</span>)<span class="question-mark">?</span>, )) } </code></pre></div> </section></div></main><div id="rustdoc-vars" data-root-path="../../" data-current-crate="auth" data-themes="ayu,dark,light" data-resource-suffix="" data-rustdoc-version="1.63.0 (4b91a6ea7 2022-08-08)" ></div> </body></html>