Home Explore Help
Sign In
SMusatov
/
dim
mirror of https://github.com/Dusk-Labs/dim.git
1
0
Fork 0
Files
Tree: 6b6c9c430d
Branches Tags
dim
/
${GITHUB_REF##*
/
}
/
src
/
auth
/
lib.rs.html

lib.rs.html 16 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206 
  1. <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="Source of the Rust file `auth/src/lib.rs`."><meta name="keywords" content="rust, rustlang, rust-lang"><title>lib.rs - source</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" type="text/css" href="../../normalize.css"><link rel="stylesheet" type="text/css" href="../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" type="text/css" href="../../ayu.css" disabled><link rel="stylesheet" type="text/css" href="../../dark.css" disabled><link rel="stylesheet" type="text/css" href="../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../storage.js"></script><script src="../../crates.js"></script><script defer src="../../main.js"></script><script defer src="../../source-script.js"></script><script defer src="../../source-files.js"></script>
    2. 

  2.     <noscript><link rel="stylesheet" href="../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../favicon.svg"></head><body class="rustdoc source"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="sidebar-logo" href="../../auth/index.html"><div class="logo-container"><img class="rust-logo" src="../../rust-logo.svg" alt="logo"></div>
    3. 

  3.         </a><h2 class="location"></h2>
    4. 

  4.     </nav>
    5. 

  5.     <nav class="sidebar"><a class="sidebar-logo" href="../../auth/index.html"><div class="logo-container"><img class="rust-logo" src="../../rust-logo.svg" alt="logo"></div>
    6. 

  6.         </a></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../../auth/index.html"><img class="rust-logo" src="../../rust-logo.svg" alt="logo"></a><nav class="sub"><div class="theme-picker hidden"><button id="theme-picker" aria-label="Pick another theme!" aria-haspopup="menu" title="themes"><img width="22" height="22" alt="Pick another theme!" src="../../brush.svg"></button><div id="theme-choices" role="menu"></div></div><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><button type="button" id="help-button" title="help">?</button><a id="settings-menu" href="../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../wheel.svg"></a></div></form></nav></div><section id="main-content" class="content"><div class="example-wrap"><pre class="line-numbers"><span id="1">1</span>
    7. 

  7. <span id="2">2</span>
    8. 

  8. <span id="3">3</span>
    9. 

  9. <span id="4">4</span>
    10. 

  10. <span id="5">5</span>
    11. 

  11. <span id="6">6</span>
    12. 

  12. <span id="7">7</span>
    13. 

  13. <span id="8">8</span>
    14. 

  14. <span id="9">9</span>
    15. 

  15. <span id="10">10</span>
    16. 

  16. <span id="11">11</span>
    17. 

  17. <span id="12">12</span>
    18. 

  18. <span id="13">13</span>
    19. 

  19. <span id="14">14</span>
    20. 

  20. <span id="15">15</span>
    21. 

  21. <span id="16">16</span>
    22. 

  22. <span id="17">17</span>
    23. 

  23. <span id="18">18</span>
    24. 

  24. <span id="19">19</span>
    25. 

  25. <span id="20">20</span>
    26. 

  26. <span id="21">21</span>
    27. 

  27. <span id="22">22</span>
    28. 

  28. <span id="23">23</span>
    29. 

  29. <span id="24">24</span>
    30. 

  30. <span id="25">25</span>
    31. 

  31. <span id="26">26</span>
    32. 

  32. <span id="27">27</span>
    33. 

  33. <span id="28">28</span>
    34. 

  34. <span id="29">29</span>
    35. 

  35. <span id="30">30</span>
    36. 

  36. <span id="31">31</span>
    37. 

  37. <span id="32">32</span>
    38. 

  38. <span id="33">33</span>
    39. 

  39. <span id="34">34</span>
    40. 

  40. <span id="35">35</span>
    41. 

  41. <span id="36">36</span>
    42. 

  42. <span id="37">37</span>
    43. 

  43. <span id="38">38</span>
    44. 

  44. <span id="39">39</span>
    45. 

  45. <span id="40">40</span>
    46. 

  46. <span id="41">41</span>
    47. 

  47. <span id="42">42</span>
    48. 

  48. <span id="43">43</span>
    49. 

  49. <span id="44">44</span>
    50. 

  50. <span id="45">45</span>
    51. 

  51. <span id="46">46</span>
    52. 

  52. <span id="47">47</span>
    53. 

  53. <span id="48">48</span>
    54. 

  54. <span id="49">49</span>
    55. 

  55. <span id="50">50</span>
    56. 

  56. <span id="51">51</span>
    57. 

  57. <span id="52">52</span>
    58. 

  58. <span id="53">53</span>
    59. 

  59. <span id="54">54</span>
    60. 

  60. <span id="55">55</span>
    61. 

  61. <span id="56">56</span>
    62. 

  62. <span id="57">57</span>
    63. 

  63. <span id="58">58</span>
    64. 

  64. <span id="59">59</span>
    65. 

  65. <span id="60">60</span>
    66. 

  66. <span id="61">61</span>
    67. 

  67. <span id="62">62</span>
    68. 

  68. <span id="63">63</span>
    69. 

  69. <span id="64">64</span>
    70. 

  70. <span id="65">65</span>
    71. 

  71. <span id="66">66</span>
    72. 

  72. <span id="67">67</span>
    73. 

  73. <span id="68">68</span>
    74. 

  74. <span id="69">69</span>
    75. 

  75. <span id="70">70</span>
    76. 

  76. <span id="71">71</span>
    77. 

  77. <span id="72">72</span>
    78. 

  78. <span id="73">73</span>
    79. 

  79. <span id="74">74</span>
    80. 

  80. <span id="75">75</span>
    81. 

  81. <span id="76">76</span>
    82. 

  82. <span id="77">77</span>
    83. 

  83. <span id="78">78</span>
    84. 

  84. <span id="79">79</span>
    85. 

  85. <span id="80">80</span>
    86. 

  86. <span id="81">81</span>
    87. 

  87. <span id="82">82</span>
    88. 

  88. <span id="83">83</span>
    89. 

  89. <span id="84">84</span>
    90. 

  90. <span id="85">85</span>
    91. 

  91. <span id="86">86</span>
    92. 

  92. <span id="87">87</span>
    93. 

  93. <span id="88">88</span>
    94. 

  94. <span id="89">89</span>
    95. 

  95. <span id="90">90</span>
    96. 

  96. <span id="91">91</span>
    97. 

  97. <span id="92">92</span>
    98. 

  98. <span id="93">93</span>
    99. 

  99. <span id="94">94</span>
    100. 

  100. <span id="95">95</span>
    101. 

  101. <span id="96">96</span>
    102. 

  102. <span id="97">97</span>
    103. 

  103. <span id="98">98</span>
    104. 

  104. <span id="99">99</span>
    105. 

  105. </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">aes_gcm::aead::generic_array::GenericArray</span>;
    106. 

  106. <span class="kw">use</span> <span class="ident">aes_gcm::aead::Aead</span>;
    107. 

  107. <span class="kw">use</span> <span class="ident">aes_gcm::AeadInPlace</span>;
    108. 

  108. <span class="kw">use</span> <span class="ident">aes_gcm::Aes256Gcm</span>;
    109. 

  109. <span class="kw">use</span> <span class="ident">aes_gcm::NewAead</span>;
    110. 

  110. 

  111. <span class="kw">use</span> <span class="ident">displaydoc::Display</span>;
    112. 

  112. <span class="kw">use</span> <span class="ident">once_cell::sync::OnceCell</span>;
    113. 

  113. <span class="kw">use</span> <span class="ident">rand::Rng</span>;
    114. 

  114. <span class="kw">use</span> <span class="ident">rand::RngCore</span>;
    115. 

  115. <span class="kw">use</span> <span class="ident">serde::Serialize</span>;
    116. 

  116. <span class="kw">use</span> <span class="ident">std::convert::TryInto</span>;
    117. 

  117. <span class="kw">use</span> <span class="ident">thiserror::Error</span>;
    118. 

  118. 

  119. <span class="kw">const</span> <span class="ident">NONCE_LEN</span>: <span class="ident">usize</span> <span class="op">=</span> <span class="number">12</span>;
    120. 

  120. <span class="kw">const</span> <span class="ident">TAG_LEN</span>: <span class="ident">usize</span> <span class="op">=</span> <span class="number">16</span>;
    121. 

  121. 

  122. <span class="doccomment">/// This is the secret key with which we sign the cookies.</span>
    123. 

  123. <span class="comment">// TODO: Generate this at first run to ensure security</span>
    124. 

  124. <span class="kw">static</span> <span class="ident">KEY</span>: <span class="ident">OnceCell</span><span class="op">&lt;</span>[<span class="ident">u8</span>; <span class="number">32</span>]<span class="op">&gt;</span> <span class="op">=</span> <span class="ident">OnceCell::new</span>();
    125. 

  125. 

  126. <span class="kw">pub</span> <span class="kw">fn</span> <span class="ident">generate_key</span>() -&gt; [<span class="ident">u8</span>; <span class="number">32</span>] {
    127. 

  127.     <span class="ident">rand::thread_rng</span>().<span class="ident">gen</span>()
    128. 

  128. }
    129. 

  129. 

  130. <span class="kw">pub</span> <span class="kw">fn</span> <span class="ident">set_key</span>(<span class="ident">k</span>: [<span class="ident">u8</span>; <span class="number">32</span>]) {
    131. 

  131.     <span class="ident">KEY</span>.<span class="ident">set</span>(<span class="ident">k</span>).<span class="ident">expect</span>(<span class="string">&quot;Failed to set secret_key&quot;</span>)
    132. 

  132. }
    133. 

  133. 

  134. <span class="doccomment">/// This function should only be called from tests</span>
    135. 

  135. <span class="kw">pub</span> <span class="kw">fn</span> <span class="ident">set_key_fallible</span>(<span class="ident">k</span>: [<span class="ident">u8</span>; <span class="number">32</span>]) {
    136. 

  136.     <span class="kw">let</span> <span class="kw">_</span> <span class="op">=</span> <span class="ident">KEY</span>.<span class="ident">set</span>(<span class="ident">k</span>);
    137. 

  137. }
    138. 

  138. 

  139. <span class="kw">fn</span> <span class="ident">get_key</span>() -&gt; <span class="kw-2">&amp;</span><span class="lifetime">&#39;static</span> [<span class="ident">u8</span>; <span class="number">32</span>] {
    140. 

  140.     <span class="ident">KEY</span>.<span class="ident">get</span>().<span class="ident">expect</span>(<span class="string">&quot;key must be initialized&quot;</span>)
    141. 

  141. }
    142. 

  142. 

  143. <span class="attribute">#[<span class="ident">derive</span>(<span class="ident">Clone</span>, <span class="ident">Debug</span>, <span class="ident">Display</span>, <span class="ident">Error</span>, <span class="ident">Serialize</span>)]</span>
    144. 

  144. <span class="kw">pub</span> <span class="kw">enum</span> <span class="ident">AuthError</span> {
    145. 

  145.     <span class="doccomment">/// Token is not base64 encoded.</span>
    146. 

  146.     <span class="ident">BadBase64</span>,
    147. 

  147.     <span class="doccomment">/// Token data is too short.</span>
    148. 

  148.     <span class="ident">ShortData</span>,
    149. 

  149.     <span class="doccomment">/// Failed to decrypt token.</span>
    150. 

  150.     <span class="ident">DecryptError</span>,
    151. 

  151.     <span class="doccomment">/// Token plaintext does not contain a UserID.</span>
    152. 

  152.     <span class="ident">PlainTextNoti64</span>,
    153. 

  153. }
    154. 

  154. 

  155. <span class="doccomment">/// Function encrypts a UserID with a nonce and returns it as a base64 string to be used as a cookie/token.</span>
    156. 

  156. <span class="kw">pub</span> <span class="kw">fn</span> <span class="ident">user_cookie_generate</span>(<span class="ident">user</span>: <span class="ident">i64</span>) -&gt; <span class="ident">String</span> {
    157. 

  157.     <span class="comment">// Create a vec to hold the [nonce | cookie value].</span>
    158. 

  158.     <span class="kw">let</span> <span class="ident">cookie_val</span> <span class="op">=</span> <span class="kw-2">&amp;</span><span class="ident">user</span>.<span class="ident">to_be_bytes</span>();
    159. 

  159.     <span class="kw">let</span> <span class="kw-2">mut</span> <span class="ident">data</span> <span class="op">=</span> <span class="macro">vec!</span>[<span class="number">0</span>; <span class="ident">NONCE_LEN</span> <span class="op">+</span> <span class="ident">cookie_val</span>.<span class="ident">len</span>() <span class="op">+</span> <span class="ident">TAG_LEN</span>];
    160. 

  160. 

  161.     <span class="comment">// Split data into three: nonce, input/output, tag. Copy input.</span>
    162. 

  162.     <span class="kw">let</span> (<span class="ident">nonce</span>, <span class="ident">in_out</span>) <span class="op">=</span> <span class="ident">data</span>.<span class="ident">split_at_mut</span>(<span class="ident">NONCE_LEN</span>);
    163. 

  163.     <span class="kw">let</span> (<span class="ident">in_out</span>, <span class="ident">tag</span>) <span class="op">=</span> <span class="ident">in_out</span>.<span class="ident">split_at_mut</span>(<span class="ident">cookie_val</span>.<span class="ident">len</span>());
    164. 

  164.     <span class="ident">in_out</span>.<span class="ident">copy_from_slice</span>(<span class="ident">cookie_val</span>);
    165. 

  165. 

  166.     <span class="comment">// Fill nonce piece with random data.</span>
    167. 

  167.     <span class="kw">let</span> <span class="kw-2">mut</span> <span class="ident">rng</span> <span class="op">=</span> <span class="ident">rand::thread_rng</span>();
    168. 

  168.     <span class="ident">rng</span>.<span class="ident">try_fill_bytes</span>(<span class="ident">nonce</span>)
    169. 

  169.         .<span class="ident">expect</span>(<span class="string">&quot;couldn&#39;t random fill nonce&quot;</span>);
    170. 

  170.     <span class="kw">let</span> <span class="ident">nonce</span> <span class="op">=</span> <span class="ident">GenericArray::clone_from_slice</span>(<span class="ident">nonce</span>);
    171. 

  171. 

  172.     <span class="comment">// Perform the actual sealing operation, using the cookie&#39;s name as</span>
    173. 

  173.     <span class="comment">// associated data to prevent value swapping.</span>
    174. 

  174.     <span class="kw">let</span> <span class="ident">aead</span> <span class="op">=</span> <span class="ident">Aes256Gcm::new</span>(<span class="ident">GenericArray::from_slice</span>(<span class="ident">get_key</span>()));
    175. 

  175.     <span class="kw">let</span> <span class="ident">aad_tag</span> <span class="op">=</span> <span class="ident">aead</span>
    176. 

  176.         .<span class="ident">encrypt_in_place_detached</span>(<span class="kw-2">&amp;</span><span class="ident">nonce</span>, <span class="string">b&quot;&quot;</span>, <span class="ident">in_out</span>)
    177. 

  177.         .<span class="ident">expect</span>(<span class="string">&quot;encryption failure!&quot;</span>);
    178. 

  178. 

  179.     <span class="comment">// Copy the tag into the tag piece.</span>
    180. 

  180.     <span class="ident">tag</span>.<span class="ident">copy_from_slice</span>(<span class="kw-2">&amp;</span><span class="ident">aad_tag</span>);
    181. 

  181. 

  182.     <span class="comment">// Base64 encode [nonce | encrypted value | tag].</span>
    183. 

  183.     <span class="ident">base64::encode</span>(<span class="kw-2">&amp;</span><span class="ident">data</span>)
    184. 

  184. }
    185. 

  185. 

  186. <span class="doccomment">/// Function decrypts a UserID which was encrypted with `user_cookie_generate`</span>
    187. 

  187. <span class="kw">pub</span> <span class="kw">fn</span> <span class="ident">user_cookie_decode</span>(<span class="ident">cookie</span>: <span class="ident">String</span>) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span><span class="ident">i64</span>, <span class="ident">AuthError</span><span class="op">&gt;</span> {
    188. 

  188.     <span class="kw">let</span> <span class="ident">data</span> <span class="op">=</span> <span class="ident">base64::decode</span>(<span class="ident">cookie</span>).<span class="ident">map_err</span>(<span class="op">|</span><span class="kw">_</span><span class="op">|</span> <span class="ident">AuthError::BadBase64</span>)<span class="question-mark">?</span>;
    189. 

  189.     <span class="kw">if</span> <span class="ident">data</span>.<span class="ident">len</span>() <span class="op">&lt;</span><span class="op">=</span> <span class="ident">NONCE_LEN</span> {
    190. 

  190.         <span class="kw">return</span> <span class="prelude-val">Err</span>(<span class="ident">AuthError::ShortData</span>);
    191. 

  191.     }
    192. 

  192.     <span class="kw">let</span> (<span class="ident">nonce</span>, <span class="ident">cipher</span>) <span class="op">=</span> <span class="ident">data</span>.<span class="ident">split_at</span>(<span class="ident">NONCE_LEN</span>);
    193. 

  193.     <span class="kw">let</span> <span class="ident">aead</span> <span class="op">=</span> <span class="ident">Aes256Gcm::new</span>(<span class="ident">GenericArray::from_slice</span>(<span class="ident">get_key</span>()));
    194. 

  194.     <span class="kw">let</span> <span class="ident">plaintext</span> <span class="op">=</span> <span class="ident">aead</span>
    195. 

  195.         .<span class="ident">decrypt</span>(<span class="ident">GenericArray::from_slice</span>(<span class="ident">nonce</span>), <span class="ident">cipher</span>)
    196. 

  196.         .<span class="ident">map_err</span>(<span class="op">|</span><span class="kw">_</span><span class="op">|</span> <span class="ident">AuthError::DecryptError</span>)<span class="question-mark">?</span>;
    197. 

  197. 

  198.     <span class="prelude-val">Ok</span>(<span class="ident">i64::from_be_bytes</span>(
    199. 

  199.         <span class="ident">plaintext</span>
    200. 

  200.             .<span class="ident">try_into</span>()
    201. 

  201.             .<span class="ident">map_err</span>(<span class="op">|</span><span class="kw">_</span><span class="op">|</span> <span class="ident">AuthError::PlainTextNoti64</span>)<span class="question-mark">?</span>,
    202. 

  202.     ))
    203. 

  203. }
    204. 

  204. </code></pre></div>
    205. 

  205. </section><section id="search" class="content hidden"></section></div></main><div id="rustdoc-vars" data-root-path="../../" data-current-crate="auth" data-themes="ayu,dark,light" data-resource-suffix="" data-rustdoc-version="1.61.0 (fe5b13d68 2022-05-18)" ></div>
    206. 

  206. </body></html>
    207.