Add support for BLAKE2B

Fixes #52

Cargo.toml

@@ -13,6 +13,7 @@ readme = "README.md"
 
 [dependencies]
 anyhow = "1.0.75"
+blake2b_simd = "1.0.2"
 binstring = "0.1.1"
 ciborium = { version = "0.2.1", optional = true }
 coarsetime = "0.1.33"

README.md

@@ -36,10 +36,11 @@ A new JWT (JSON Web Tokens) implementation for Rust that focuses on simplicity,
 `jwt-simple` is unopinionated and supports all commonly deployed authentication and signature algorithms:
 
 | JWT algorithm name | Description                           |
-|--------------------|---------------------------------------|
+| ------------------ | ------------------------------------- |
 | `HS256`            | HMAC-SHA-256                          |
 | `HS384`            | HMAC-SHA-384                          |
 | `HS512`            | HMAC-SHA-512                          |
+| `BLAKE2B`          | BLAKE2B-256                           |
 | `RS256`            | RSA with PKCS#1v1.5 padding / SHA-256 |
 | `RS384`            | RSA with PKCS#1v1.5 padding / SHA-384 |
 | `RS512`            | RSA with PKCS#1v1.5 padding / SHA-512 |

src/algorithms/hmac.rs

@@ -308,3 +308,74 @@ impl HS384Key {
         self
     }
 }
+
+//
+
+#[derive(Debug, Clone)]
+pub struct Blake2BKey {
+    key: HMACKey,
+    key_id: Option<String>,
+}
+
+impl MACLike for Blake2BKey {
+    fn jwt_alg_name() -> &'static str {
+        "BLAKE2B"
+    }
+
+    fn key(&self) -> &HMACKey {
+        &self.key
+    }
+
+    fn key_id(&self) -> &Option<String> {
+        &self.key_id
+    }
+
+    fn set_key_id(&mut self, key_id: String) {
+        self.key_id = Some(key_id);
+    }
+
+    fn metadata(&self) -> &Option<KeyMetadata> {
+        &self.key.metadata
+    }
+
+    fn attach_metadata(&mut self, metadata: KeyMetadata) -> Result<(), Error> {
+        self.key.metadata = Some(metadata);
+        Ok(())
+    }
+
+    fn authentication_tag(&self, authenticated: &str) -> Vec<u8> {
+        blake2b_simd::Params::new()
+            .hash_length(32)
+            .key(self.key().as_ref())
+            .to_state()
+            .update(authenticated.as_bytes())
+            .finalize()
+            .as_bytes()
+            .to_vec()
+    }
+}
+
+impl Blake2BKey {
+    pub fn from_bytes(raw_key: &[u8]) -> Self {
+        Blake2BKey {
+            key: HMACKey::from_bytes(raw_key),
+            key_id: None,
+        }
+    }
+
+    pub fn to_bytes(&self) -> Vec<u8> {
+        self.key.to_bytes()
+    }
+
+    pub fn generate() -> Self {
+        Blake2BKey {
+            key: HMACKey::generate(),
+            key_id: None,
+        }
+    }
+
+    pub fn with_key_id(mut self, key_id: &str) -> Self {
+        self.key_id = Some(key_id.to_string());
+        self
+    }
+}

src/lib.rs

@@ -14,6 +14,7 @@
 //!   * `HS256`
 //!   * `HS384`
 //!   * `HS512`
+//! * `BLAKE2B`
 //! * RSA
 //!   * `RS256`
 //!   * `RS384`
@@ -423,6 +424,20 @@ a3t0cyDKinOY7JGIwh8DWAa4pfEzgg56yLcilYSSohXeaQV0nR8+rm9J8GUYXjPK
             .unwrap();
     }
 
+    #[test]
+    fn blake2b() {
+        let key = Blake2BKey::from_bytes(b"your-256-bit-secret").with_key_id("my-key-id");
+        let claims = Claims::create(Duration::from_secs(86400)).with_issuer("test issuer");
+        let token = key.authenticate(claims).unwrap();
+        let options = VerificationOptions {
+            allowed_issuers: Some(HashSet::from_strings(&["test issuer"])),
+            ..Default::default()
+        };
+        let _claims = key
+            .verify_token::<NoCustomClaims>(&token, Some(options))
+            .unwrap();
+    }
+
     #[test]
     fn rs256() {
         let key_pair = RS256KeyPair::from_pem(RSA_KP_PEM).unwrap();