2015-08-18 05:57:27 +05:30
|
|
|
package jose
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"bytes"
|
|
|
|
|
"crypto"
|
|
|
|
|
"crypto/hmac"
|
|
|
|
|
_ "crypto/sha256"
|
|
|
|
|
"errors"
|
|
|
|
|
"fmt"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type VerifierHMAC struct {
|
|
|
|
|
KeyID string
|
|
|
|
|
Hash crypto.Hash
|
|
|
|
|
Secret []byte
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type SignerHMAC struct {
|
|
|
|
|
VerifierHMAC
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func NewVerifierHMAC(jwk JWK) (*VerifierHMAC, error) {
|
2016-05-10 02:59:14 +05:30
|
|
|
if jwk.Alg != "" && jwk.Alg != "HS256" {
|
2015-08-18 05:57:27 +05:30
|
|
|
return nil, fmt.Errorf("unsupported key algorithm %q", jwk.Alg)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
v := VerifierHMAC{
|
|
|
|
|
KeyID: jwk.ID,
|
|
|
|
|
Secret: jwk.Secret,
|
|
|
|
|
Hash: crypto.SHA256,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return &v, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (v *VerifierHMAC) ID() string {
|
|
|
|
|
return v.KeyID
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (v *VerifierHMAC) Alg() string {
|
|
|
|
|
return "HS256"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (v *VerifierHMAC) Verify(sig []byte, data []byte) error {
|
|
|
|
|
h := hmac.New(v.Hash.New, v.Secret)
|
|
|
|
|
h.Write(data)
|
|
|
|
|
if !bytes.Equal(sig, h.Sum(nil)) {
|
|
|
|
|
return errors.New("invalid hmac signature")
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func NewSignerHMAC(kid string, secret []byte) *SignerHMAC {
|
|
|
|
|
return &SignerHMAC{
|
|
|
|
|
VerifierHMAC: VerifierHMAC{
|
|
|
|
|
KeyID: kid,
|
|
|
|
|
Secret: secret,
|
|
|
|
|
Hash: crypto.SHA256,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (s *SignerHMAC) Sign(data []byte) ([]byte, error) {
|
|
|
|
|
h := hmac.New(s.Hash.New, s.Secret)
|
|
|
|
|
h.Write(data)
|
|
|
|
|
return h.Sum(nil), nil
|
|
|
|
|
}
|
