jwt/ed25519.go

package jwt

import (
	"errors"

	"crypto"
	"crypto/ed25519"
	"crypto/rand"
)

var (
	ErrEd25519Verification = errors.New("ed25519: verification error")
)

// SigningMethodEd25519 implements the EdDSA family.
// Expects ed25519.PrivateKey for signing and ed25519.PublicKey for verification
type SigningMethodEd25519 struct{}

// Specific instance for EdDSA
var (
	SigningMethodEdDSA *SigningMethodEd25519
)

func init() {
	SigningMethodEdDSA = &SigningMethodEd25519{}
	RegisterSigningMethod(SigningMethodEdDSA.Alg(), func() SigningMethod {
		return SigningMethodEdDSA
	})
}

func (m *SigningMethodEd25519) Alg() string {
	return "EdDSA"
}

// Verify implements token verification for the SigningMethod.
// For this verify method, key must be an ed25519.PublicKey
func (m *SigningMethodEd25519) Verify(signingString, signature string, key interface{}) error {
	var err error
	var ed25519Key ed25519.PublicKey
	var ok bool

	if ed25519Key, ok = key.(ed25519.PublicKey); !ok {
		return ErrInvalidKeyType
	}

	if len(ed25519Key) != ed25519.PublicKeySize {
		return ErrInvalidKey
	}

	// Decode the signature
	var sig []byte
	if sig, err = DecodeSegment(signature); err != nil {
		return err
	}

	// Verify the signature
	if !ed25519.Verify(ed25519Key, []byte(signingString), sig) {
		return ErrEd25519Verification
	}

	return nil
}

// Sign implements token signing for the SigningMethod.
// For this signing method, key must be an ed25519.PrivateKey
func (m *SigningMethodEd25519) Sign(signingString string, key interface{}) (string, error) {
	var ed25519Key crypto.Signer
	var ok bool

	if ed25519Key, ok = key.(crypto.Signer); !ok {
		return "", ErrInvalidKeyType
	}

	if _, ok := ed25519Key.Public().(ed25519.PublicKey); !ok {
		return "", ErrInvalidKey
	}

	// Sign the string and return the encoded result
	// ed25519 performs a two-pass hash as part of its algorithm. Therefore, we need to pass a non-prehashed message into the Sign function, as indicated by crypto.Hash(0)
	sig, err := ed25519Key.Sign(rand.Reader, []byte(signingString), crypto.Hash(0))
	if err != nil {
		return "", err
	}
	return EncodeSegment(sig), nil
}
add ed25519 support (#36) Signed-off-by: Vasiliy Tolstov <v.tolstov@unistack.org> 2021-07-30 00:57:09 +03:00			`package jwt`

			`import (`
			`"errors"`

Accept `crypto.Signer` that contains a `ed25519.PublicKey` in ed25519 (#95) * accept generic crypto.Signer in ed25519 in order to allow usage of other ed25519 providers than crypto/ed25519 * add check to ensure the key is indeed of type ed25519 * adding comment clarifying crypto.Hash(0) * Update ed25519.go Co-authored-by: Christian Banse <oxisto@aybaze.com> 2021-08-24 04:56:11 +03:00			`"crypto"`
add ed25519 support (#36) Signed-off-by: Vasiliy Tolstov <v.tolstov@unistack.org> 2021-07-30 00:57:09 +03:00			`"crypto/ed25519"`
Accept `crypto.Signer` that contains a `ed25519.PublicKey` in ed25519 (#95) * accept generic crypto.Signer in ed25519 in order to allow usage of other ed25519 providers than crypto/ed25519 * add check to ensure the key is indeed of type ed25519 * adding comment clarifying crypto.Hash(0) * Update ed25519.go Co-authored-by: Christian Banse <oxisto@aybaze.com> 2021-08-24 04:56:11 +03:00			`"crypto/rand"`
add ed25519 support (#36) Signed-off-by: Vasiliy Tolstov <v.tolstov@unistack.org> 2021-07-30 00:57:09 +03:00			`)`

			`var (`
			`ErrEd25519Verification = errors.New("ed25519: verification error")`
			`)`

Adds go module support /v4 (#41) Additionally, added `staticcheck` for basic static code analysis (#44) Co-authored-by: Christian Banse <oxisto@aybaze.com> 2021-08-03 16:51:01 +03:00			`// SigningMethodEd25519 implements the EdDSA family.`
add ed25519 support (#36) Signed-off-by: Vasiliy Tolstov <v.tolstov@unistack.org> 2021-07-30 00:57:09 +03:00			`// Expects ed25519.PrivateKey for signing and ed25519.PublicKey for verification`
			`type SigningMethodEd25519 struct{}`

			`// Specific instance for EdDSA`
			`var (`
			`SigningMethodEdDSA *SigningMethodEd25519`
			`)`

			`func init() {`
			`SigningMethodEdDSA = &SigningMethodEd25519{}`
			`RegisterSigningMethod(SigningMethodEdDSA.Alg(), func() SigningMethod {`
			`return SigningMethodEdDSA`
			`})`
			`}`

			`func (m *SigningMethodEd25519) Alg() string {`
			`return "EdDSA"`
			`}`

Adds go module support /v4 (#41) Additionally, added `staticcheck` for basic static code analysis (#44) Co-authored-by: Christian Banse <oxisto@aybaze.com> 2021-08-03 16:51:01 +03:00			`// Verify implements token verification for the SigningMethod.`
add ed25519 support (#36) Signed-off-by: Vasiliy Tolstov <v.tolstov@unistack.org> 2021-07-30 00:57:09 +03:00			`// For this verify method, key must be an ed25519.PublicKey`
			`func (m *SigningMethodEd25519) Verify(signingString, signature string, key interface{}) error {`
			`var err error`
			`var ed25519Key ed25519.PublicKey`
			`var ok bool`

			`if ed25519Key, ok = key.(ed25519.PublicKey); !ok {`
			`return ErrInvalidKeyType`
			`}`

			`if len(ed25519Key) != ed25519.PublicKeySize {`
			`return ErrInvalidKey`
			`}`

			`// Decode the signature`
			`var sig []byte`
			`if sig, err = DecodeSegment(signature); err != nil {`
			`return err`
			`}`

			`// Verify the signature`
			`if !ed25519.Verify(ed25519Key, []byte(signingString), sig) {`
			`return ErrEd25519Verification`
			`}`

			`return nil`
			`}`

Adds go module support /v4 (#41) Additionally, added `staticcheck` for basic static code analysis (#44) Co-authored-by: Christian Banse <oxisto@aybaze.com> 2021-08-03 16:51:01 +03:00			`// Sign implements token signing for the SigningMethod.`
add ed25519 support (#36) Signed-off-by: Vasiliy Tolstov <v.tolstov@unistack.org> 2021-07-30 00:57:09 +03:00			`// For this signing method, key must be an ed25519.PrivateKey`
			`func (m *SigningMethodEd25519) Sign(signingString string, key interface{}) (string, error) {`
Accept `crypto.Signer` that contains a `ed25519.PublicKey` in ed25519 (#95) * accept generic crypto.Signer in ed25519 in order to allow usage of other ed25519 providers than crypto/ed25519 * add check to ensure the key is indeed of type ed25519 * adding comment clarifying crypto.Hash(0) * Update ed25519.go Co-authored-by: Christian Banse <oxisto@aybaze.com> 2021-08-24 04:56:11 +03:00			`var ed25519Key crypto.Signer`
add ed25519 support (#36) Signed-off-by: Vasiliy Tolstov <v.tolstov@unistack.org> 2021-07-30 00:57:09 +03:00			`var ok bool`

Accept `crypto.Signer` that contains a `ed25519.PublicKey` in ed25519 (#95) * accept generic crypto.Signer in ed25519 in order to allow usage of other ed25519 providers than crypto/ed25519 * add check to ensure the key is indeed of type ed25519 * adding comment clarifying crypto.Hash(0) * Update ed25519.go Co-authored-by: Christian Banse <oxisto@aybaze.com> 2021-08-24 04:56:11 +03:00			`if ed25519Key, ok = key.(crypto.Signer); !ok {`
add ed25519 support (#36) Signed-off-by: Vasiliy Tolstov <v.tolstov@unistack.org> 2021-07-30 00:57:09 +03:00			`return "", ErrInvalidKeyType`
			`}`

Accept `crypto.Signer` that contains a `ed25519.PublicKey` in ed25519 (#95) * accept generic crypto.Signer in ed25519 in order to allow usage of other ed25519 providers than crypto/ed25519 * add check to ensure the key is indeed of type ed25519 * adding comment clarifying crypto.Hash(0) * Update ed25519.go Co-authored-by: Christian Banse <oxisto@aybaze.com> 2021-08-24 04:56:11 +03:00			`if _, ok := ed25519Key.Public().(ed25519.PublicKey); !ok {`
add ed25519 support (#36) Signed-off-by: Vasiliy Tolstov <v.tolstov@unistack.org> 2021-07-30 00:57:09 +03:00			`return "", ErrInvalidKey`
			`}`

			`// Sign the string and return the encoded result`
Accept `crypto.Signer` that contains a `ed25519.PublicKey` in ed25519 (#95) * accept generic crypto.Signer in ed25519 in order to allow usage of other ed25519 providers than crypto/ed25519 * add check to ensure the key is indeed of type ed25519 * adding comment clarifying crypto.Hash(0) * Update ed25519.go Co-authored-by: Christian Banse <oxisto@aybaze.com> 2021-08-24 04:56:11 +03:00			`// ed25519 performs a two-pass hash as part of its algorithm. Therefore, we need to pass a non-prehashed message into the Sign function, as indicated by crypto.Hash(0)`
			`sig, err := ed25519Key.Sign(rand.Reader, []byte(signingString), crypto.Hash(0))`
			`if err != nil {`
			`return "", err`
			`}`
add ed25519 support (#36) Signed-off-by: Vasiliy Tolstov <v.tolstov@unistack.org> 2021-07-30 00:57:09 +03:00			`return EncodeSegment(sig), nil`
			`}`