Merge pull request #100 from ericchiang/remove-jose-hmac-signer
jose: remove hmac signing and verification code
diff --git a/jose/sig_hmac.go b/jose/sig_hmac.go
deleted file mode 100644
index 34cd0e6..0000000
--- a/jose/sig_hmac.go
+++ /dev/null
@@ -1,68 +0,0 @@
-package jose
-
-import (
- "crypto"
- "crypto/hmac"
- _ "crypto/sha256"
- "errors"
- "fmt"
-)
-
-type VerifierHMAC struct {
- KeyID string
- Hash crypto.Hash
- Secret []byte
-}
-
-type SignerHMAC struct {
- VerifierHMAC
-}
-
-func NewVerifierHMAC(jwk JWK) (*VerifierHMAC, error) {
- if jwk.Alg != "" && jwk.Alg != "HS256" {
- return nil, fmt.Errorf("unsupported key algorithm %q", jwk.Alg)
- }
-
- v := VerifierHMAC{
- KeyID: jwk.ID,
- Secret: jwk.Secret,
- Hash: crypto.SHA256,
- }
-
- return &v, nil
-}
-
-func (v *VerifierHMAC) ID() string {
- return v.KeyID
-}
-
-func (v *VerifierHMAC) Alg() string {
- return "HS256"
-}
-
-func (v *VerifierHMAC) Verify(sig []byte, data []byte) error {
- h := hmac.New(v.Hash.New, v.Secret)
- h.Write(data)
- // hmac.Equal compares two hmacs but does it in constant time to mitigating time
- // based attacks. See #98
- if !hmac.Equal(sig, h.Sum(nil)) {
- return errors.New("invalid hmac signature")
- }
- return nil
-}
-
-func NewSignerHMAC(kid string, secret []byte) *SignerHMAC {
- return &SignerHMAC{
- VerifierHMAC: VerifierHMAC{
- KeyID: kid,
- Secret: secret,
- Hash: crypto.SHA256,
- },
- }
-}
-
-func (s *SignerHMAC) Sign(data []byte) ([]byte, error) {
- h := hmac.New(s.Hash.New, s.Secret)
- h.Write(data)
- return h.Sum(nil), nil
-}
diff --git a/jose/sig_hmac_test.go b/jose/sig_hmac_test.go
deleted file mode 100644
index 76c6722..0000000
--- a/jose/sig_hmac_test.go
+++ /dev/null
@@ -1,85 +0,0 @@
-package jose
-
-import (
- "bytes"
- "encoding/base64"
- "testing"
-)
-
-var hmacTestCases = []struct {
- data string
- sig string
- jwk JWK
- valid bool
- desc string
-}{
- {
- "test",
- "Aymga2LNFrM-tnkr6MYLFY2Jou46h2_Omogeu0iMCRQ=",
- JWK{
- ID: "fake-key",
- Alg: "HS256",
- Secret: []byte("secret"),
- },
- true,
- "valid case",
- },
- {
- "test",
- "Aymga2LNFrM-tnkr6MYLFY2Jou46h2_Omogeu0iMCRQ=",
- JWK{
- ID: "different-key",
- Alg: "HS256",
- Secret: []byte("secret"),
- },
- true,
- "invalid: different key, should not match",
- },
- {
- "test sig and non-matching data",
- "Aymga2LNFrM-tnkr6MYLFY2Jou46h2_Omogeu0iMCRQ=",
- JWK{
- ID: "fake-key",
- Alg: "HS256",
- Secret: []byte("secret"),
- },
- false,
- "invalid: sig and data should not match",
- },
-}
-
-func TestVerify(t *testing.T) {
- for _, tt := range hmacTestCases {
- v, err := NewVerifierHMAC(tt.jwk)
- if err != nil {
- t.Errorf("should construct hmac verifier. test: %s. err=%v", tt.desc, err)
- }
-
- decSig, _ := base64.URLEncoding.DecodeString(tt.sig)
- err = v.Verify(decSig, []byte(tt.data))
- if err == nil && !tt.valid {
- t.Errorf("verify failure. test: %s. expected: invalid, actual: valid.", tt.desc)
- }
- if err != nil && tt.valid {
- t.Errorf("verify failure. test: %s. expected: valid, actual: invalid. err=%v", tt.desc, err)
- }
- }
-}
-
-func TestSign(t *testing.T) {
- for _, tt := range hmacTestCases {
- s := NewSignerHMAC("test", tt.jwk.Secret)
- sig, err := s.Sign([]byte(tt.data))
- if err != nil {
- t.Errorf("sign failure. test: %s. err=%v", tt.desc, err)
- }
-
- expSig, _ := base64.URLEncoding.DecodeString(tt.sig)
- if tt.valid && !bytes.Equal(sig, expSig) {
- t.Errorf("sign failure. test: %s. expected: %s, actual: %s.", tt.desc, tt.sig, base64.URLEncoding.EncodeToString(sig))
- }
- if !tt.valid && bytes.Equal(sig, expSig) {
- t.Errorf("sign failure. test: %s. expected: invalid signature.", tt.desc)
- }
- }
-}