Remove cryptopasta dependency (#339)

Signed-off-by: nerocrux <nerocrux@gmail.com>
ory · Nov 29, 2018 · b156e6b · b156e6b
1 parent fa65408
commit b156e6b
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 6 deletions.
diff --git a/go.mod b/go.mod
@@ -9,7 +9,6 @@ require (
 	github.com/gopherjs/gopherjs v0.0.0-20181004151105-1babbf986f6f // indirect
 	github.com/gorilla/context v1.1.1 // indirect
 	github.com/gorilla/mux v1.6.2
-	github.com/gtank/cryptopasta v0.0.0-20170601214702-1f550f6f2f69
 	github.com/jtolds/gls v4.2.1+incompatible // indirect
 	github.com/magiconair/properties v1.8.0
 	github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826

diff --git a/go.sum b/go.sum
@@ -18,8 +18,6 @@ github.com/gorilla/context v1.1.1 h1:AWwleXJkX/nhcU9bZSnZoi3h/qGYqQAGhq6zZe/aQW8
 github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
 github.com/gorilla/mux v1.6.2 h1:Pgr17XVTNXAk3q/r4CpKzC5xBM/qW1uVLV+IhRZpIIk=
 github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
-github.com/gtank/cryptopasta v0.0.0-20170601214702-1f550f6f2f69 h1:7xsUJsB2NrdcttQPa7JLEaGzvdbk7KvfrjgHZXOQRo0=
-github.com/gtank/cryptopasta v0.0.0-20170601214702-1f550f6f2f69/go.mod h1:YLEMZOtU+AZ7dhN9T/IpGhXVGly2bvkJQ+zxj3WeVQo=
 github.com/jtolds/gls v4.2.1+incompatible h1:fSuqC+Gmlu6l/ZYAoZzx2pyucC8Xza35fpRVWLVmUEE=
 github.com/jtolds/gls v4.2.1+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/magiconair/properties v1.8.0 h1:LLgXmsheXeRoUOBOjtwPQCWIYqM/LU1ayDtDePerRcY=

diff --git a/token/hmac/hmacsha.go b/token/hmac/hmacsha.go
@@ -25,12 +25,13 @@
 package hmac
 
 import (
+	"crypto/hmac"
+	"crypto/sha512"
 	"encoding/base64"
 	"fmt"
 	"strings"
 	"sync"
 
-	"github.com/gtank/cryptopasta"
 	"github.com/pkg/errors"
 
 	"github.com/ory/fosite"
@@ -83,7 +84,7 @@ func (c *HMACStrategy) Generate() (string, string, error) {
 		return "", "", errors.WithStack(err)
 	}
 
-	signature := cryptopasta.GenerateHMAC(tokenKey, &signingKey)
+	signature := generateHMAC(tokenKey, &signingKey)
 
 	encodedSignature := b64.EncodeToString(signature)
 	encodedToken := fmt.Sprintf("%s.%s", b64.EncodeToString(tokenKey), encodedSignature)
@@ -134,7 +135,8 @@ func (c *HMACStrategy) validate(secret []byte, token string) error {
 		return errors.WithStack(err)
 	}
 
-	if !cryptopasta.CheckHMAC(decodedTokenKey, decodedTokenSignature, &signingKey) {
+	expectedMAC := generateHMAC(decodedTokenKey, &signingKey)
+	if !hmac.Equal(expectedMAC, decodedTokenSignature) {
 		// Hash is invalid
 		return errors.WithStack(fosite.ErrTokenSignatureMismatch)
 	}
@@ -151,3 +153,9 @@ func (c *HMACStrategy) Signature(token string) string {
 
 	return split[1]
 }
+
+func generateHMAC(data []byte, key *[32]byte) []byte {
+	h := hmac.New(sha512.New512_256, key[:])
+	h.Write(data)
+	return h.Sum(nil)
+}