diff options
| author | Joris Guyonvarch | 2026-04-17 22:53:02 +0200 |
|---|---|---|
| committer | Joris Guyonvarch | 2026-04-17 22:53:02 +0200 |
| commit | 648d073e1b8f4838f147c0520024bd453921a25c (patch) | |
| tree | 3a477d88c3f80a68d6477d9fe5644cc475c0cd81 /src/crypto/signed.rs | |
| parent | 2a6bcee45086bca9128489de19908984ea1be0da (diff) | |
Remove signing login token
It’s enough to use a safe crypto lib. But augment the token size to
upper bound.
Diffstat (limited to 'src/crypto/signed.rs')
| -rw-r--r-- | src/crypto/signed.rs | 71 |
1 files changed, 0 insertions, 71 deletions
diff --git a/src/crypto/signed.rs b/src/crypto/signed.rs deleted file mode 100644 index 436f3d1..0000000 --- a/src/crypto/signed.rs +++ /dev/null @@ -1,71 +0,0 @@ -use hex; -use hmac::{Hmac, Mac}; -use sha2::Sha256; -use std::str; -use std::time::{SystemTime, UNIX_EPOCH}; - -const SEP: &str = "-"; - -pub fn sign(key: &str, raw: &str) -> Result<String, String> { - let nonce = get_nonce()?; - let joined = format!("{nonce}{SEP}{raw}"); - let signature = get_signature(key, &joined)?; - Ok(format!("{signature}{SEP}{joined}")) -} - -pub fn verify(key: &str, signed: &str) -> Result<String, String> { - let mut iter = signed.split(SEP); - match (iter.next(), iter.next()) { - (Some(signature), Some(nonce)) => { - let raw = iter.collect::<Vec<&str>>().join(SEP); - if signature == get_signature(key, &format!("{nonce}{SEP}{raw}"))? { - Ok(raw) - } else { - Err("Signature does not match".to_string()) - } - } - _ => Err("Malformed signed".to_string()), - } -} - -fn get_signature(key: &str, message: &str) -> Result<String, String> { - let mut mac = Hmac::<Sha256>::new_from_slice(key.as_bytes()) - .map_err(|e| format!("Error initializing MAC: {e}"))?; - mac.update(message.as_bytes()); - let result = mac.finalize(); - Ok(hex::encode(result.into_bytes())) -} - -fn get_nonce() -> Result<String, String> { - Ok(SystemTime::now() - .duration_since(UNIX_EPOCH) - .map_err(|e| format!("Failure getting unix expoch: {e}"))? - .as_millis() - .to_string()) -} - -#[cfg(test)] -mod tests { - use super::*; - - #[test] - fn sign_and_validate() { - let key = "xagrlBUobnTj32Rm8tvmsZ6mh8qLfip5".to_string(); - assert_eq!(verify(&key, &sign(&key, "").unwrap()), Ok("".to_string())); - assert_eq!( - verify(&key, &sign(&key, "hello").unwrap()), - Ok("hello".to_string()) - ); - assert_eq!( - verify(&key, &sign(&key, "with-sep").unwrap()), - Ok("with-sep".to_string()) - ); - } - - #[test] - fn fail_when_key_mismatch() { - let key1 = "xagrlBUobnTj32Rm8tvmsZ6mh8qLfip5".to_string(); - let key2 = "8KJBK6axEr9wQ390GgdWA8Pjn8FwILDa".to_string(); - assert!(verify(&key1, &sign(&key2, "hello").unwrap()).is_err()); - } -} |