Skip to content

Commit

Permalink
Migrate HMAC to Crypto (#24)
Browse files Browse the repository at this point in the history 
* Remove hash from old SSL integration

* Migrate HMAC signing to Crypto

* Update some styling
  • Loading branch information
@0xTim
0xTim authored Apr 16, 2020
1 parent be40e0e commit b5aa3d4
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 52 deletions.
1 change: 0 additions & 1 deletion Sources/CVaporJWTBoringSSL/hash.txt
View file

This file was deleted.

33 changes: 6 additions & 27 deletions Sources/JWTKit/Signing/HMAC/HMACSigner.swift
View file
Original file line number Diff line number Diff line change
@@ -1,35 +1,14 @@
import CJWTKitBoringSSL
import Foundation
import Crypto

internal struct HMACSigner: JWTAlgorithm {
let key: [UInt8]
let algorithm: OpaquePointer
internal struct HMACSigner<SHAType>: JWTAlgorithm where SHAType: HashFunction {
let key: SymmetricKey
let name: String

func sign<Plaintext>(_ plaintext: Plaintext) throws -> [UInt8]
where Plaintext: DataProtocol
{
let context = CJWTKitBoringSSL_HMAC_CTX_new()
defer { CJWTKitBoringSSL_HMAC_CTX_free(context) }

guard self.key.withUnsafeBytes({
return CJWTKitBoringSSL_HMAC_Init_ex(context, $0.baseAddress?.assumingMemoryBound(to: UInt8.self), $0.count, self.algorithm, nil)
}) == 1 else {
throw JWTError.signingAlgorithmFailure(HMACError.initializationFailure)
}

guard plaintext.copyBytes().withUnsafeBytes({
return CJWTKitBoringSSL_HMAC_Update(context, $0.baseAddress?.assumingMemoryBound(to: UInt8.self), $0.count)
}) == 1 else {
throw JWTError.signingAlgorithmFailure(HMACError.updateFailure)
}
var hash = [UInt8](repeating: 0, count: Int(EVP_MAX_MD_SIZE))
var count: UInt32 = 0

guard hash.withUnsafeMutableBytes({
return CJWTKitBoringSSL_HMAC_Final(context, $0.baseAddress?.assumingMemoryBound(to: UInt8.self), &count)
}) == 1 else {
throw JWTError.signingAlgorithmFailure(HMACError.finalizationFailure)
}
return .init(hash[0..<Int(count)])
let authentication = Crypto.HMAC<SHAType>.authenticationCode(for: plaintext, using: self.key)
return Array(authentication)
}
}
46 changes: 22 additions & 24 deletions Sources/JWTKit/Signing/HMAC/JWTSigner+HMAC.swift
View file
Original file line number Diff line number Diff line change
@@ -1,33 +1,31 @@
import CJWTKitBoringSSL
import Crypto

extension JWTSigner {
public static func hs256<Key>(key: Key) -> JWTSigner
where Key: DataProtocol
{
return .init(algorithm: HMACSigner(
key: key.copyBytes(),
algorithm: CJWTKitBoringSSL_EVP_sha256(),
name: "HS256"
))
public static func hs256<Key>(key: Key) -> JWTSigner where Key: DataProtocol {
let symmetricKey = SymmetricKey(data: key.copyBytes())
return JWTSigner.hs256(key: symmetricKey)
}

public static func hs256(key: SymmetricKey) -> JWTSigner {
return .init(algorithm: HMACSigner<SHA256>(key: key, name: "HS256"))
}

public static func hs384<Key>(key: Key) -> JWTSigner
where Key: DataProtocol
{
return .init(algorithm: HMACSigner(
key: key.copyBytes(),
algorithm: CJWTKitBoringSSL_EVP_sha384(),
name: "HS384"
))
public static func hs384<Key>(key: Key) -> JWTSigner where Key: DataProtocol {
let symmetricKey = SymmetricKey(data: key.copyBytes())
return JWTSigner.hs384(key: symmetricKey)
}

public static func hs384(key: SymmetricKey) -> JWTSigner {
return .init(algorithm: HMACSigner<SHA384>(key: key, name: "HS384"))
}

public static func hs512<Key>(key: Key) -> JWTSigner
where Key: DataProtocol
{
return .init(algorithm: HMACSigner(
key: key.copyBytes(),
algorithm: CJWTKitBoringSSL_EVP_sha512(),
name: "HS512"
))
public static func hs512<Key>(key: Key) -> JWTSigner where Key: DataProtocol {
let symmetricKey = SymmetricKey(data: key.copyBytes())
return JWTSigner.hs512(key: symmetricKey)
}

public static func hs512(key: SymmetricKey) -> JWTSigner {
return .init(algorithm: HMACSigner<SHA512>(key: key, name: "HS512"))
}
}

0 comments on commit b5aa3d4

Please sign in to comment.