authenticate: encrypt & mac oauth2 callback state

- cryptutil: add hmac & tests
- cryptutil: rename cipher / encoders to be more clear
- cryptutil: simplify SecureEncoder interface
- cryptutil: renamed NewCipherFromBase64 to NewAEADCipherFromBase64
- cryptutil: move key & random generators to helpers

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

internal/cryptutil/mock_cipher_test.go

@@ -5,31 +5,13 @@ import (
 	"testing"
 )
 
-func TestMockCipher_Unmarshal(t *testing.T) {
+func TestMockEncoder(t *testing.T) {
 	e := errors.New("err")
-	mc := MockCipher{
-		EncryptResponse: []byte("EncryptResponse"),
-		EncryptError:    e,
-		DecryptResponse: []byte("DecryptResponse"),
-		DecryptError:    e,
+	mc := MockEncoder{
 		MarshalResponse: "MarshalResponse",
 		MarshalError:    e,
 		UnmarshalError:  e,
 	}
-	b, err := mc.Encrypt([]byte("test"))
-	if string(b) != "EncryptResponse" {
-		t.Error("unexpected encrypt response")
-	}
-	if err != e {
-		t.Error("unexpected encrypt error")
-	}
-	b, err = mc.Decrypt([]byte("test"))
-	if string(b) != "DecryptResponse" {
-		t.Error("unexpected Decrypt response")
-	}
-	if err != e {
-		t.Error("unexpected Decrypt error")
-	}
 	s, err := mc.Marshal("test")
 	if err != e {
 		t.Error("unexpected Marshal error")