Accept `crypto.Signer` that contains a `ed25519.PublicKey` in ed25519 (#95)

* accept generic crypto.Signer in ed25519 in order to allow usage of other ed25519 providers than crypto/ed25519 * add check to ensure the key is indeed of type ed25519 * adding comment clarifying crypto.Hash(0) * Update ed25519.go Co-authored-by: Christian Banse <oxisto@aybaze.com>
2021-08-24 10:56:11 +09:00 · 2021-08-24 10:56:11 +09:00 · 2bd8ee77fc
parent 80625fb516
commit 2bd8ee77fc
1 changed files with 10 additions and 6 deletions
--- a/ed25519.go
+++ b/ed25519.go
@ -3,7 +3,9 @@ package jwt
 import (
 	"errors"
 	"crypto"
 	"crypto/ed25519"
 	"crypto/rand"
 )
 var (
@ -62,20 +64,22 @@ func (m *SigningMethodEd25519) Verify(signingString, signature string, key inter
 // Sign implements token signing for the SigningMethod.
 // For this signing method, key must be an ed25519.PrivateKey
 func (m *SigningMethodEd25519) Sign(signingString string, key interface{}) (string, error) {
-	var ed25519Key ed25519.PrivateKey
+	var ed25519Key crypto.Signer
 	var ok bool
-	if ed25519Key, ok = key.(ed25519.PrivateKey); !ok {
+	if ed25519Key, ok = key.(crypto.Signer); !ok {
 		return "", ErrInvalidKeyType
 	}
-	// ed25519.Sign panics if private key not equal to ed25519.PrivateKeySize
+	if _, ok := ed25519Key.Public().(ed25519.PublicKey); !ok {
 	// this allows to avoid recover usage
 	if len(ed25519Key) != ed25519.PrivateKeySize {
 		return "", ErrInvalidKey
 	}
 	// Sign the string and return the encoded result
-	sig := ed25519.Sign(ed25519Key, []byte(signingString))
+	// ed25519 performs a two-pass hash as part of its algorithm. Therefore, we need to pass a non-prehashed message into the Sign function, as indicated by crypto.Hash(0)
 	sig, err := ed25519Key.Sign(rand.Reader, []byte(signingString), crypto.Hash(0))
 	if err != nil {
 		return "", err
 	}
 	return EncodeSegment(sig), nil
 }