├── .github
    ├── FUNDING.yml
    ├── PULL_REQUEST_TEMPLATE.md
    └── CONTRIBUTING.md
├── README.md
├── HS256.php
├── HS384.php
├── HS512.php
├── composer.json
├── LICENSE
└── HMAC.php


/.github/FUNDING.yml:
--------------------------------------------------------------------------------
1 | patreon: FlorentMorselli
2 | 


--------------------------------------------------------------------------------
/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | Please do not submit any Pull Requests here. It will be automatically closed.
2 | 
3 | You should submit it here: https://github.com/web-token/jwt-framework/pulls
4 | 


--------------------------------------------------------------------------------
/.github/CONTRIBUTING.md:
--------------------------------------------------------------------------------
1 | # Contributing
2 | 
3 | This repository is a sub repository of [the JWT Framework](https://github.com/web-token/jwt-framework) project and is READ ONLY. 
4 | Please do not submit any Pull Requests here. It will be automatically closed.
5 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | HMAC Based Signature Algorithms For JWT-Framework
 2 | =================================================
 3 | 
 4 | This repository is a sub repository of [the JWT Framework](https://github.com/web-token/jwt-framework) project and is READ ONLY.
 5 | 
 6 | **Please do not submit any Pull Request here.**
 7 | You should go to [the main repository](https://github.com/web-token/jwt-framework) instead.
 8 | 
 9 | # Documentation
10 | 
11 | The official documentation is available as https://web-token.spomky-labs.com/ 
12 | 
13 | # Licence
14 | 
15 | This software is release under [MIT licence](LICENSE).
16 | 


--------------------------------------------------------------------------------
/HS256.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | declare(strict_types=1);
 4 | 
 5 | namespace Jose\Component\Signature\Algorithm;
 6 | 
 7 | use InvalidArgumentException;
 8 | use Jose\Component\Core\JWK;
 9 | 
10 | final class HS256 extends HMAC
11 | {
12 |     public function name(): string
13 |     {
14 |         return 'HS256';
15 |     }
16 | 
17 |     protected function getHashAlgorithm(): string
18 |     {
19 |         return 'sha256';
20 |     }
21 | 
22 |     protected function getKey(JWK $key): string
23 |     {
24 |         $k = parent::getKey($key);
25 |         if (mb_strlen($k, '8bit') < 32) {
26 |             throw new InvalidArgumentException('Invalid key length.');
27 |         }
28 | 
29 |         return $k;
30 |     }
31 | }
32 | 


--------------------------------------------------------------------------------
/HS384.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | declare(strict_types=1);
 4 | 
 5 | namespace Jose\Component\Signature\Algorithm;
 6 | 
 7 | use InvalidArgumentException;
 8 | use Jose\Component\Core\JWK;
 9 | 
10 | final class HS384 extends HMAC
11 | {
12 |     public function name(): string
13 |     {
14 |         return 'HS384';
15 |     }
16 | 
17 |     protected function getHashAlgorithm(): string
18 |     {
19 |         return 'sha384';
20 |     }
21 | 
22 |     protected function getKey(JWK $key): string
23 |     {
24 |         $k = parent::getKey($key);
25 |         if (mb_strlen($k, '8bit') < 48) {
26 |             throw new InvalidArgumentException('Invalid key length.');
27 |         }
28 | 
29 |         return $k;
30 |     }
31 | }
32 | 


--------------------------------------------------------------------------------
/HS512.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | declare(strict_types=1);
 4 | 
 5 | namespace Jose\Component\Signature\Algorithm;
 6 | 
 7 | use InvalidArgumentException;
 8 | use Jose\Component\Core\JWK;
 9 | 
10 | final class HS512 extends HMAC
11 | {
12 |     public function name(): string
13 |     {
14 |         return 'HS512';
15 |     }
16 | 
17 |     protected function getHashAlgorithm(): string
18 |     {
19 |         return 'sha512';
20 |     }
21 | 
22 |     protected function getKey(JWK $key): string
23 |     {
24 |         $k = parent::getKey($key);
25 |         if (mb_strlen($k, '8bit') < 64) {
26 |             throw new InvalidArgumentException('Invalid key length.');
27 |         }
28 | 
29 |         return $k;
30 |     }
31 | }
32 | 


--------------------------------------------------------------------------------
/composer.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "name": "web-token/jwt-signature-algorithm-hmac",
 3 |     "description": "HMAC Based Signature Algorithms the JWT Framework.",
 4 |     "type": "library",
 5 |     "license": "MIT",
 6 |     "keywords": ["JWS", "JWT", "JWE", "JWA", "JWK", "JWKSet", "Jot", "Jose", "RFC7515", "RFC7516", "RFC7517", "RFC7518", "RFC7519", "RFC7520", "Bundle", "Symfony"],
 7 |     "homepage": "https://github.com/web-token",
 8 |     "authors": [
 9 |         {
10 |             "name": "Florent Morselli",
11 |             "homepage": "https://github.com/Spomky"
12 |         },{
13 |             "name": "All contributors",
14 |             "homepage": "https://github.com/web-token/jwt-framework/contributors"
15 |         }
16 |     ],
17 |     "autoload": {
18 |         "psr-4": {
19 |             "Jose\\Component\\Signature\\Algorithm\\":  ""
20 |         }
21 |     },
22 |     "require": {
23 |         "php": ">=8.1",
24 |         "web-token/jwt-signature": "^3.0"
25 |     }
26 | }
27 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | The MIT License (MIT)
 2 | 
 3 | Copyright (c) 2014-2019 Spomky-Labs
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/HMAC.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | declare(strict_types=1);
 4 | 
 5 | namespace Jose\Component\Signature\Algorithm;
 6 | 
 7 | use function in_array;
 8 | use InvalidArgumentException;
 9 | use function is_string;
10 | use Jose\Component\Core\JWK;
11 | use ParagonIE\ConstantTime\Base64UrlSafe;
12 | 
13 | abstract class HMAC implements MacAlgorithm
14 | {
15 |     public function allowedKeyTypes(): array
16 |     {
17 |         return ['oct'];
18 |     }
19 | 
20 |     public function verify(JWK $key, string $input, string $signature): bool
21 |     {
22 |         return hash_equals($this->hash($key, $input), $signature);
23 |     }
24 | 
25 |     public function hash(JWK $key, string $input): string
26 |     {
27 |         $k = $this->getKey($key);
28 | 
29 |         return hash_hmac($this->getHashAlgorithm(), $input, $k, true);
30 |     }
31 | 
32 |     protected function getKey(JWK $key): string
33 |     {
34 |         if (! in_array($key->get('kty'), $this->allowedKeyTypes(), true)) {
35 |             throw new InvalidArgumentException('Wrong key type.');
36 |         }
37 |         if (! $key->has('k')) {
38 |             throw new InvalidArgumentException('The key parameter "k" is missing.');
39 |         }
40 |         $k = $key->get('k');
41 |         if (! is_string($k)) {
42 |             throw new InvalidArgumentException('The key parameter "k" is invalid.');
43 |         }
44 | 
45 |         return Base64UrlSafe::decode($k);
46 |     }
47 | 
48 |     abstract protected function getHashAlgorithm(): string;
49 | }
50 | 


--------------------------------------------------------------------------------