diff --git a/src/encoder.rs b/src/encoder.rs index 135bafc..19f02f2 100644 --- a/src/encoder.rs +++ b/src/encoder.rs @@ -1,8 +1,6 @@ // Copyright 2020-2023 IOTA Stiftung // SPDX-License-Identifier: Apache-2.0 -use std::ops::Range; - use super::Disclosure; use super::Hasher; use super::Sha256Hasher; @@ -17,7 +15,7 @@ use serde_json::Value; pub(crate) const DIGESTS_KEY: &str = "_sd"; pub(crate) const ARRAY_DIGEST_KEY: &str = "..."; -pub(crate) const DEFAULT_SALT_RANGE: Range = 24..34; +pub(crate) const DEFAULT_SALT_SIZE: usize = 30; /// Transforms a JSON object into an SD-JWT object by substituting selected values /// with their corresponding disclosure digests. @@ -39,7 +37,7 @@ impl SdObjectEncoder { pub fn new(object: &str) -> Result> { Ok(SdObjectEncoder { object: serde_json::from_str(object).map_err(|e| Error::DeserializationError(e.to_string()))?, - salt_length: rand::thread_rng().gen_range(DEFAULT_SALT_RANGE), + salt_length: DEFAULT_SALT_SIZE, hasher: Sha256Hasher::new(), }) } @@ -52,7 +50,7 @@ impl TryFrom for SdObjectEncoder { match value { Value::Object(object) => Ok(SdObjectEncoder { object, - salt_length: rand::thread_rng().gen_range(DEFAULT_SALT_RANGE), + salt_length: DEFAULT_SALT_SIZE, hasher: Sha256Hasher::new(), }), _ => Err(Error::DataTypeMismatch("expected object".to_owned())), @@ -65,7 +63,7 @@ impl SdObjectEncoder { pub fn with_custom_hasher(object: &str, hasher: H) -> Result { Ok(Self { object: serde_json::from_str(object).map_err(|e| Error::DeserializationError(e.to_string()))?, - salt_length: rand::thread_rng().gen_range(DEFAULT_SALT_RANGE), + salt_length: DEFAULT_SALT_SIZE, hasher, }) } @@ -198,12 +196,11 @@ impl SdObjectEncoder { /// Adds a decoy digest to the specified path. /// If path is an empty slice, decoys will be added to the top level. - pub fn add_decoys(&mut self, path: &[&str], number_of_decoys: usize) -> Result> { - let mut disclosures = vec![]; + pub fn add_decoys(&mut self, path: &[&str], number_of_decoys: usize) -> Result<()> { for _ in 0..number_of_decoys { - disclosures.push(self.add_decoy(path)?); + self.add_decoy(path)?; } - Ok(disclosures) + Ok(()) } fn add_decoy(&mut self, path: &[&str]) -> Result { diff --git a/src/hasher.rs b/src/hasher.rs index a9073c6..cb99070 100644 --- a/src/hasher.rs +++ b/src/hasher.rs @@ -5,6 +5,12 @@ use crypto::hashes::sha::SHA256; use crypto::hashes::sha::SHA256_LEN; /// Used to implement hash functions to be used for encoding/decoding. +/// +/// ## Note +/// +/// Implementations of this trait are expected only for algorithms listed in +/// the IANA "Named Information Hash Algorithm" registry. +/// See [Hash Function Claim](https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-06.html#name-hash-function-claim) pub trait Hasher: Sync + Send { /// Digests input to produce unique fixed-size hash value in bytes. fn digest(&self, input: &[u8]) -> Vec; @@ -13,10 +19,8 @@ pub trait Hasher: Sync + Send { /// /// ## Note /// - /// The hash algorithm identifier MUST be a hash algorithm value - /// from the "Hash Name String" column in the IANA "Named Information - /// Hash Algorithm" registry [IANA.Hash.Algorithms](https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-06.html#IANA.Hash.Algorithms) - /// or a value defined in another specification and/or profile of this specification. + /// The hash algorithm identifier MUST be a hash algorithm value from the + /// "Hash Name String" column in the IANA "Named Information Hash Algorithm" fn alg_name(&self) -> &'static str; }