code review changes

internal/pass/sign/lib_test.go

@@ -32,7 +32,7 @@ func (e ecdsaSigningMethodWithStaticKey) Alg() string {
 	return jwt.SigningMethodES256.Alg()
 }
 
-func TestKeyEncryptionAndVerificationHappyPath(t *testing.T) {
+func TestSignAndVerifyHappyPath(t *testing.T) {
 	srv := createTestService(t)
 
 	now := time.Now()
@@ -68,7 +68,7 @@ func createTestService(t *testing.T) Service {
 	return srv
 }
 
-func TestKeyEncryptionAndVerification(t *testing.T) {
+func TestSignAndVerify(t *testing.T) {
 	sess, err := session.NewSession(&aws.Config{
 		Region:           aws.String("us-east-1"),
 		Credentials:      credentials.NewStaticCredentials("test", "test", ""),

internal/pass/sign/sign.go

@@ -73,7 +73,8 @@ func (s kmsSigningMethod) Sign(signingString string, key interface{}) ([]byte, e
 	if err != nil {
 		return nil, fmt.Errorf("failed to sign the message: %w", err)
 	}
-	keySizeInBytes := 258 / 8
+	// We are using encryption method with SHA_256 digest. Hence, key has 256/8=32 bytes.
+	keySizeInBytes := 256 / 8
 	return formatKMSSignatureForJWT(keySizeInBytes, resp.Signature)
 }
 
@@ -84,7 +85,9 @@ func (s kmsSigningMethod) Alg() string {
 
 // formatKMSSignatureForJWT translates asn1 encoded signature (returned by AWS)
 // to format expected by JWT standard.
-// It is an algorithm I found on the internet. It should be tested using e2e tests.
+// It is an algorithm I found on the internet
+// (here: https://github.com/twofas/2fas-server/pull/24/files/4f68cc2e611dca18b9787942e5cf12fc16518dd4#r1452702669 )
+// It should be tested using e2e tests.
 func formatKMSSignatureForJWT(keyBytes int, sig []byte) ([]byte, error) {
 	p := struct {
 		R *big.Int

internal/pass/sign/verify.go

@@ -13,6 +13,8 @@ var ErrInvalidClaims = errors.New("invalid claims")
 func (s Service) CanI(tokenString string, ct ConnectionType) error {
 	cl := jwt.MapClaims{}
 
+	// In Sign we removed `jwtHeader` from JWT before returning it.
+	// We need to add it again before doing the verification.
 	tokenString = jwtHeader + tokenString
 
 	token, err := jwt.ParseWithClaims(

tests/pass/kms_test.go

@@ -15,7 +15,7 @@ import (
 	"github.com/twofas/2fas-server/internal/pass/sign"
 )
 
-func TestKeyEncryptionAndVerificationHappyPath(t *testing.T) {
+func TestSignAndVerifyHappyPath(t *testing.T) {
 	sess, err := session.NewSession(&aws.Config{
 		Region:           aws.String("us-east-1"),
 		Credentials:      credentials.NewStaticCredentials("test", "test", ""),
@@ -48,7 +48,7 @@ func TestKeyEncryptionAndVerificationHappyPath(t *testing.T) {
 	}
 }
 
-func TestKeyEncryptionAndVerification(t *testing.T) {
+func TestSignAndVerify(t *testing.T) {
 	sess, err := session.NewSession(&aws.Config{
 		Region:           aws.String("us-east-1"),
 		Credentials:      credentials.NewStaticCredentials("test", "test", ""),