- Notifications
You must be signed in to change notification settings - Fork 371
/
Copy pathed25519.go
79 lines (63 loc) · 2.04 KB
/
ed25519.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
package jwt
import (
"crypto"
"crypto/ed25519"
"crypto/rand"
"errors"
)
var (
ErrEd25519Verification=errors.New("ed25519: verification error")
)
// SigningMethodEd25519 implements the EdDSA family.
// Expects ed25519.PrivateKey for signing and ed25519.PublicKey for verification
typeSigningMethodEd25519struct{}
// Specific instance for EdDSA
var (
SigningMethodEdDSA*SigningMethodEd25519
)
funcinit() {
SigningMethodEdDSA=&SigningMethodEd25519{}
RegisterSigningMethod(SigningMethodEdDSA.Alg(), func() SigningMethod {
returnSigningMethodEdDSA
})
}
func (m*SigningMethodEd25519) Alg() string {
return"EdDSA"
}
// Verify implements token verification for the SigningMethod.
// For this verify method, key must be an ed25519.PublicKey
func (m*SigningMethodEd25519) Verify(signingStringstring, sig []byte, keyinterface{}) error {
vared25519Key ed25519.PublicKey
varokbool
ifed25519Key, ok=key.(ed25519.PublicKey); !ok {
returnnewError("Ed25519 verify expects ed25519.PublicKey", ErrInvalidKeyType)
}
iflen(ed25519Key) !=ed25519.PublicKeySize {
returnErrInvalidKey
}
// Verify the signature
if!ed25519.Verify(ed25519Key, []byte(signingString), sig) {
returnErrEd25519Verification
}
returnnil
}
// Sign implements token signing for the SigningMethod.
// For this signing method, key must be an ed25519.PrivateKey
func (m*SigningMethodEd25519) Sign(signingStringstring, keyinterface{}) ([]byte, error) {
vared25519Key crypto.Signer
varokbool
ifed25519Key, ok=key.(crypto.Signer); !ok {
returnnil, newError("Ed25519 sign expects crypto.Signer", ErrInvalidKeyType)
}
if_, ok:=ed25519Key.Public().(ed25519.PublicKey); !ok {
returnnil, ErrInvalidKey
}
// Sign the string and return the result. ed25519 performs a two-pass hash
// as part of its algorithm. Therefore, we need to pass a non-prehashed
// message into the Sign function, as indicated by crypto.Hash(0)
sig, err:=ed25519Key.Sign(rand.Reader, []byte(signingString), crypto.Hash(0))
iferr!=nil {
returnnil, err
}
returnsig, nil
}
