diff --git a/Sources/CVaporJWTBoringSSL/hash.txt b/Sources/CVaporJWTBoringSSL/hash.txt deleted file mode 100644 index 937936f2..00000000 --- a/Sources/CVaporJWTBoringSSL/hash.txt +++ /dev/null @@ -1 +0,0 @@ -This directory is derived from BoringSSL cloned from https://boringssl.googlesource.com/boringssl at revision 6432bb46ab44731567ec923e6c8fc182f13d0070 diff --git a/Sources/JWTKit/Signing/HMAC/HMACSigner.swift b/Sources/JWTKit/Signing/HMAC/HMACSigner.swift index 2f78d35f..2ea0a933 100644 --- a/Sources/JWTKit/Signing/HMAC/HMACSigner.swift +++ b/Sources/JWTKit/Signing/HMAC/HMACSigner.swift @@ -1,35 +1,14 @@ -import CJWTKitBoringSSL +import Foundation +import Crypto -internal struct HMACSigner: JWTAlgorithm { - let key: [UInt8] - let algorithm: OpaquePointer +internal struct HMACSigner: JWTAlgorithm where SHAType: HashFunction { + let key: SymmetricKey let name: String func sign(_ plaintext: Plaintext) throws -> [UInt8] where Plaintext: DataProtocol { - let context = CJWTKitBoringSSL_HMAC_CTX_new() - defer { CJWTKitBoringSSL_HMAC_CTX_free(context) } - - guard self.key.withUnsafeBytes({ - return CJWTKitBoringSSL_HMAC_Init_ex(context, $0.baseAddress?.assumingMemoryBound(to: UInt8.self), $0.count, self.algorithm, nil) - }) == 1 else { - throw JWTError.signingAlgorithmFailure(HMACError.initializationFailure) - } - - guard plaintext.copyBytes().withUnsafeBytes({ - return CJWTKitBoringSSL_HMAC_Update(context, $0.baseAddress?.assumingMemoryBound(to: UInt8.self), $0.count) - }) == 1 else { - throw JWTError.signingAlgorithmFailure(HMACError.updateFailure) - } - var hash = [UInt8](repeating: 0, count: Int(EVP_MAX_MD_SIZE)) - var count: UInt32 = 0 - - guard hash.withUnsafeMutableBytes({ - return CJWTKitBoringSSL_HMAC_Final(context, $0.baseAddress?.assumingMemoryBound(to: UInt8.self), &count) - }) == 1 else { - throw JWTError.signingAlgorithmFailure(HMACError.finalizationFailure) - } - return .init(hash[0..<Int(count)]) + let authentication = Crypto.HMAC<SHAType>.authenticationCode(for: plaintext, using: self.key) + return Array(authentication) } } diff --git a/Sources/JWTKit/Signing/HMAC/JWTSigner+HMAC.swift b/Sources/JWTKit/Signing/HMAC/JWTSigner+HMAC.swift index 94ee809f..62ac36d7 100644 --- a/Sources/JWTKit/Signing/HMAC/JWTSigner+HMAC.swift +++ b/Sources/JWTKit/Signing/HMAC/JWTSigner+HMAC.swift @@ -1,33 +1,31 @@ import CJWTKitBoringSSL +import Crypto extension JWTSigner { - public static func hs256<Key>(key: Key) -> JWTSigner - where Key: DataProtocol - { - return .init(algorithm: HMACSigner( - key: key.copyBytes(), - algorithm: CJWTKitBoringSSL_EVP_sha256(), - name: "HS256" - )) + public static func hs256<Key>(key: Key) -> JWTSigner where Key: DataProtocol { + let symmetricKey = SymmetricKey(data: key.copyBytes()) + return JWTSigner.hs256(key: symmetricKey) + } + + public static func hs256(key: SymmetricKey) -> JWTSigner { + return .init(algorithm: HMACSigner<SHA256>(key: key, name: "HS256")) } - public static func hs384<Key>(key: Key) -> JWTSigner - where Key: DataProtocol - { - return .init(algorithm: HMACSigner( - key: key.copyBytes(), - algorithm: CJWTKitBoringSSL_EVP_sha384(), - name: "HS384" - )) + public static func hs384<Key>(key: Key) -> JWTSigner where Key: DataProtocol { + let symmetricKey = SymmetricKey(data: key.copyBytes()) + return JWTSigner.hs384(key: symmetricKey) + } + + public static func hs384(key: SymmetricKey) -> JWTSigner { + return .init(algorithm: HMACSigner<SHA384>(key: key, name: "HS384")) } - public static func hs512<Key>(key: Key) -> JWTSigner - where Key: DataProtocol - { - return .init(algorithm: HMACSigner( - key: key.copyBytes(), - algorithm: CJWTKitBoringSSL_EVP_sha512(), - name: "HS512" - )) + public static func hs512<Key>(key: Key) -> JWTSigner where Key: DataProtocol { + let symmetricKey = SymmetricKey(data: key.copyBytes()) + return JWTSigner.hs512(key: symmetricKey) + } + + public static func hs512(key: SymmetricKey) -> JWTSigner { + return .init(algorithm: HMACSigner<SHA512>(key: key, name: "HS512")) } }