Merge pull request #78 from yotamofek/master

mikkyang · web-flow · commit cf254debcd58 · 2022-01-08T15:02:13.000-08:00
digest 0.10, hmac 0.12
diff --git a/Cargo.toml b/Cargo.toml
@@ -16,10 +16,10 @@ features = ["openssl"]
 
 [dependencies]
 base64 = "0.13"
-crypto-mac = "0.11"
-digest = "0.9"
-hmac = "0.11"
-sha2 = "0.9"
+crypto-common = "0.1"
+digest = "0.10"
+hmac = { version = "0.12", features = ["reset"] }
+sha2 = "0.10"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 
diff --git a/README.md b/README.md
@@ -20,7 +20,7 @@ Claims can be any `serde::Serialize` type, usually derived with
 `serde_derive`.
 
 ```rust
-use hmac::{Hmac, NewMac};
+use hmac::{Hmac, Mac};
 use jwt::SignWithKey;
 use sha2::Sha256;
 use std::collections::BTreeMap;
@@ -40,7 +40,7 @@ Claims can be any `serde::Deserialize` type, usually derived with
 `serde_derive`.
 
 ```rust
-use hmac::{Hmac, NewMac};
+use hmac::{Hmac, Mac};
 use jwt::VerifyWithKey;
 use sha2::Sha256;
 use std::collections::BTreeMap;
@@ -64,7 +64,7 @@ fields, but any type that implements `JoseHeader` can be used.
 Both header and claims have to implement `serde::Serialize`.
 
 ```rust
-use hmac::{Hmac, NewMac};
+use hmac::{Hmac, Mac};
 use jwt::{AlgorithmType, Header, SignWithKey, Token};
 use sha2::Sha384;
 use std::collections::BTreeMap;
@@ -87,7 +87,7 @@ assert_eq!(token.as_str(), "eyJhbGciOiJIUzM4NCJ9.eyJzdWIiOiJzb21lb25lIn0.WM_WnPU
 Both header and claims have to implement `serde::Deserialize`.
 
 ```rust
-use hmac::{Hmac, NewMac};
+use hmac::{Hmac, Mac};
 use jwt::{AlgorithmType, Header, Token, VerifyWithKey};
 use sha2::Sha384;
 use std::collections::BTreeMap;
@@ -114,7 +114,7 @@ For the trait `VerifyWithStore`, the key id from the deserialized header will be
 to use.
 
 ```rust
-use hmac::{Hmac, NewMac};
+use hmac::{Hmac, Mac};
 use jwt::{Header, SignWithStore, Token, VerifyWithStore};
 use sha2::Sha512;
 use std::collections::BTreeMap;
diff --git a/examples/custom_claims.rs b/examples/custom_claims.rs
@@ -1,4 +1,4 @@
-use hmac::{Hmac, NewMac};
+use hmac::{Hmac, Mac};
 use jwt::{Header, SignWithKey, Token, VerifyWithKey};
 use serde::{Deserialize, Serialize};
 use sha2::Sha256;
diff --git a/examples/hs256.rs b/examples/hs256.rs
@@ -1,4 +1,4 @@
-use hmac::{Hmac, NewMac};
+use hmac::{Hmac, Mac};
 use jwt::{RegisteredClaims, SignWithKey, VerifyWithKey};
 use sha2::Sha256;
 
diff --git a/src/algorithm/mod.rs b/src/algorithm/mod.rs
@@ -4,7 +4,7 @@
 //! module. The `none` algorithm is explicitly not supported.
 //! ## Examples
 //! ```
-//! use hmac::{Hmac, NewMac};
+//! use hmac::{Hmac, Mac};
 //! use sha2::Sha256;
 //!
 //! let hs256_key: Hmac<Sha256> = Hmac::new_from_slice(b"some-secret").unwrap();
diff --git a/src/algorithm/rust_crypto.rs b/src/algorithm/rust_crypto.rs
@@ -2,9 +2,14 @@
 //! According to that organization, only hmac is safely implemented at the
 //! moment.
 
-use crypto_mac::Mac;
-use digest::generic_array::ArrayLength;
-use digest::{BlockInput, FixedOutput, Reset, Update};
+use digest::core_api::{CoreProxy, FixedOutputCore};
+use digest::{
+    block_buffer::Eager,
+    consts::U256,
+    core_api::{BlockSizeUser, BufferKindUser},
+    generic_array::typenum::{IsLess, Le, NonZero},
+    HashMarker, Mac,
+};
 use hmac::Hmac;
 
 use crate::algorithm::{AlgorithmType, SigningAlgorithm, VerifyingAlgorithm};
@@ -34,16 +39,22 @@ type_level_algorithm_type!(sha2::Sha512, AlgorithmType::Hs512);
 
 impl<D> SigningAlgorithm for Hmac<D>
 where
-    D: Update + BlockInput + FixedOutput + Reset + Default + Clone + TypeLevelAlgorithmType,
-    D::BlockSize: ArrayLength<u8>,
-    D::OutputSize: ArrayLength<u8>,
+    D: CoreProxy + TypeLevelAlgorithmType,
+    D::Core: HashMarker
+        + BufferKindUser<BufferKind = Eager>
+        + FixedOutputCore
+        + digest::Reset
+        + Default
+        + Clone,
+    <D::Core as BlockSizeUser>::BlockSize: IsLess<U256>,
+    Le<<D::Core as BlockSizeUser>::BlockSize, U256>: NonZero,
 {
     fn algorithm_type(&self) -> AlgorithmType {
         D::algorithm_type()
     }
 
     fn sign(&self, header: &str, claims: &str) -> Result<String, Error> {
-        let hmac = get_hmac_with_data(&self, header, claims);
+        let hmac = get_hmac_with_data(self, header, claims);
         let mac_result = hmac.finalize();
         let code = mac_result.into_bytes();
         Ok(base64::encode_config(&code, base64::URL_SAFE_NO_PAD))
@@ -52,26 +63,38 @@ where
 
 impl<D> VerifyingAlgorithm for Hmac<D>
 where
-    D: Update + BlockInput + FixedOutput + Reset + Default + Clone + TypeLevelAlgorithmType,
-    D::BlockSize: ArrayLength<u8>,
-    D::OutputSize: ArrayLength<u8>,
+    D: CoreProxy + TypeLevelAlgorithmType,
+    D::Core: HashMarker
+        + BufferKindUser<BufferKind = Eager>
+        + FixedOutputCore
+        + digest::Reset
+        + Default
+        + Clone,
+    <D::Core as BlockSizeUser>::BlockSize: IsLess<U256>,
+    Le<<D::Core as BlockSizeUser>::BlockSize, U256>: NonZero,
 {
     fn algorithm_type(&self) -> AlgorithmType {
         D::algorithm_type()
     }
 
     fn verify_bytes(&self, header: &str, claims: &str, signature: &[u8]) -> Result<bool, Error> {
         let hmac = get_hmac_with_data(self, header, claims);
-        hmac.verify(&signature)?;
+        hmac.verify_slice(signature)?;
         Ok(true)
     }
 }
 
 fn get_hmac_with_data<D>(hmac: &Hmac<D>, header: &str, claims: &str) -> Hmac<D>
 where
-    D: Update + BlockInput + FixedOutput + Reset + Default + Clone + TypeLevelAlgorithmType,
-    D::BlockSize: ArrayLength<u8>,
-    D::OutputSize: ArrayLength<u8>,
+    D: CoreProxy,
+    D::Core: HashMarker
+        + BufferKindUser<BufferKind = Eager>
+        + FixedOutputCore
+        + digest::Reset
+        + Default
+        + Clone,
+    <D::Core as BlockSizeUser>::BlockSize: IsLess<U256>,
+    Le<<D::Core as BlockSizeUser>::BlockSize, U256>: NonZero,
 {
     let mut hmac = hmac.clone();
     hmac.reset();
@@ -85,7 +108,7 @@ where
 mod tests {
     use crate::algorithm::{SigningAlgorithm, VerifyingAlgorithm};
     use crate::error::Error;
-    use crypto_mac::NewMac;
+    use digest::Mac;
     use hmac::Hmac;
     use sha2::Sha256;
 
@@ -96,7 +119,7 @@ mod tests {
         let expected_signature = "TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ";
 
         let signer: Hmac<Sha256> = Hmac::new_from_slice(b"secret")?;
-        let computed_signature = SigningAlgorithm::sign(&signer, &header, &claims)?;
+        let computed_signature = SigningAlgorithm::sign(&signer, header, claims)?;
 
         assert_eq!(computed_signature, expected_signature);
         Ok(())
@@ -110,7 +133,7 @@ mod tests {
 
         let verifier: Hmac<Sha256> = Hmac::new_from_slice(b"secret")?;
         assert!(VerifyingAlgorithm::verify(
-            &verifier, &header, &claims, &signature
+            &verifier, header, claims, signature
         )?);
         Ok(())
     }
diff --git a/src/error.rs b/src/error.rs
@@ -2,7 +2,8 @@ use std::fmt;
 use std::string::FromUtf8Error;
 
 use base64::DecodeError;
-use crypto_mac::{InvalidKeyLength, MacError};
+use crypto_common::InvalidLength;
+use digest::MacError;
 use serde_json::Error as JsonError;
 
 use self::Error::*;
@@ -21,7 +22,7 @@ pub enum Error {
     NoKeyWithKeyId(String),
     NoSignatureComponent,
     RustCryptoMac(MacError),
-    RustCryptoMacKeyLength(InvalidKeyLength),
+    RustCryptoMacKeyLength(InvalidLength),
     TooManyComponents,
     Utf8(FromUtf8Error),
     #[cfg(feature = "openssl")]
@@ -69,6 +70,6 @@ error_wrap!(DecodeError, Base64);
 error_wrap!(JsonError, Json);
 error_wrap!(FromUtf8Error, Utf8);
 error_wrap!(MacError, RustCryptoMac);
-error_wrap!(InvalidKeyLength, RustCryptoMacKeyLength);
+error_wrap!(InvalidLength, RustCryptoMacKeyLength);
 #[cfg(feature = "openssl")]
 error_wrap!(openssl::error::ErrorStack, Error::OpenSsl);
diff --git a/src/lib.rs b/src/lib.rs
@@ -5,7 +5,7 @@
 //! Claims can be any `serde::Serialize` type, usually derived with
 //! `serde_derive`.
 //! ```rust
-//! use hmac::{Hmac, NewMac};
+//! use hmac::{Hmac, Mac};
 //! use jwt::SignWithKey;
 //! use sha2::Sha256;
 //! use std::collections::BTreeMap;
@@ -25,7 +25,7 @@
 //! Claims can be any `serde::Deserialize` type, usually derived with
 //! `serde_derive`.
 //! ```rust
-//! use hmac::{Hmac, NewMac};
+//! use hmac::{Hmac, Mac};
 //! use jwt::VerifyWithKey;
 //! use sha2::Sha256;
 //! use std::collections::BTreeMap;
@@ -47,7 +47,7 @@
 //! #### Signing
 //! Both header and claims have to implement `serde::Serialize`.
 //! ```rust
-//! use hmac::{Hmac, NewMac};
+//! use hmac::{Hmac, Mac};
 //! use jwt::{AlgorithmType, Header, SignWithKey, Token};
 //! use sha2::Sha384;
 //! use std::collections::BTreeMap;
@@ -70,7 +70,7 @@
 //! #### Verification
 //! Both header and claims have to implement `serde::Deserialize`.
 //! ```rust
-//! use hmac::{Hmac, NewMac};
+//! use hmac::{Hmac, Mac};
 //! use jwt::{AlgorithmType, Header, Token, VerifyWithKey};
 //! use sha2::Sha384;
 //! use std::collections::BTreeMap;
@@ -144,9 +144,9 @@ impl<H, C, S> Token<H, C, S> {
     }
 }
 
-impl<H, C, S> Into<(H, C)> for Token<H, C, S> {
-    fn into(self) -> (H, C) {
-        (self.header, self.claims)
+impl<H, C, S> From<Token<H, C, S>> for (H, C) {
+    fn from(token: Token<H, C, S>) -> Self {
+        (token.header, token.claims)
     }
 }
 
@@ -195,7 +195,7 @@ mod tests {
     use crate::Claims;
     use crate::Token;
     use hmac::Hmac;
-    use hmac::NewMac;
+    use hmac::Mac;
     use sha2::Sha256;
 
     #[test]
diff --git a/src/token/signed.rs b/src/token/signed.rs
@@ -131,17 +131,17 @@ impl<'a, H, C> Token<H, C, Signed> {
     }
 }
 
-impl<H, C> Into<String> for Token<H, C, Signed> {
-    fn into(self) -> String {
-        self.signature.token_string
+impl<H, C> From<Token<H, C, Signed>> for String {
+    fn from(token: Token<H, C, Signed>) -> Self {
+        token.signature.token_string
     }
 }
 
 #[cfg(test)]
 mod tests {
     use std::collections::BTreeMap;
 
-    use hmac::{Hmac, NewMac};
+    use hmac::{Hmac, Mac};
     use serde::Serialize;
     use sha2::{Sha256, Sha512};
 
diff --git a/src/token/verified.rs b/src/token/verified.rs
@@ -149,7 +149,7 @@ mod tests {
     use std::collections::{BTreeMap, HashMap};
     use std::iter::FromIterator;
 
-    use hmac::{Hmac, NewMac};
+    use hmac::{Hmac, Mac};
     use serde::Deserialize;
     use sha2::{Sha256, Sha512};
 
@@ -247,7 +247,7 @@ mod tests {
 
     // Header   {"alg":"HS512","kid":"second_key"}
     // Claims   {"name":"Jane Doe"}
-    const JANE_DOE_SECOND_KEY_TOKEN: &'static str = "eyJhbGciOiJIUzUxMiIsImtpZCI6InNlY29uZF9rZXkifQ.eyJuYW1lIjoiSmFuZSBEb2UifQ.t2ON5s8DDb2hefBIWAe0jaEcp-T7b2Wevmj0kKJ8BFxKNQURHpdh4IA-wbmBmqtiCnqTGoRdqK45hhW0AOtz0A";
+    const JANE_DOE_SECOND_KEY_TOKEN: &str = "eyJhbGciOiJIUzUxMiIsImtpZCI6InNlY29uZF9rZXkifQ.eyJuYW1lIjoiSmFuZSBEb2UifQ.t2ON5s8DDb2hefBIWAe0jaEcp-T7b2Wevmj0kKJ8BFxKNQURHpdh4IA-wbmBmqtiCnqTGoRdqK45hhW0AOtz0A";
 
     #[test]
     pub fn verify_claims_with_b_tree_map() -> Result<(), Error> {

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-use hmac::{Hmac, NewMac};`
	`1`	`+use hmac::{Hmac, Mac};`
`2`	`2`	`use jwt::{Header, SignWithKey, Token, VerifyWithKey};`
`3`	`3`	`use serde::{Deserialize, Serialize};`
`4`	`4`	`use sha2::Sha256;`
Original file line number	Diff line number	Diff line change
`@@ -131,17 +131,17 @@ impl<'a, H, C> Token<H, C, Signed> {`
`131`	`131`	`}`
`132`	`132`	`}`
`133`	`133`
`134`		`-impl<H, C> Into<String> for Token<H, C, Signed> {`
`135`		`- fn into(self) -> String {`
`136`		`- self.signature.token_string`
	`134`	`+impl<H, C> From<Token<H, C, Signed>> for String {`
	`135`	`+ fn from(token: Token<H, C, Signed>) -> Self {`
	`136`	`+ token.signature.token_string`
`137`	`137`	`}`
`138`	`138`	`}`
`139`	`139`
`140`	`140`	`#[cfg(test)]`
`141`	`141`	`mod tests {`
`142`	`142`	`use std::collections::BTreeMap;`
`143`	`143`
`144`		`- use hmac::{Hmac, NewMac};`
	`144`	`+ use hmac::{Hmac, Mac};`
`145`	`145`	`use serde::Serialize;`
`146`	`146`	`use sha2::{Sha256, Sha512};`
`147`	`147`