2021-07-30 00:57:09 +03:00
package jwt
import (
"errors"
2021-08-24 04:56:11 +03:00
"crypto"
2021-07-30 00:57:09 +03:00
"crypto/ed25519"
2021-08-24 04:56:11 +03:00
"crypto/rand"
2021-07-30 00:57:09 +03:00
)
var (
ErrEd25519Verification = errors . New ( "ed25519: verification error" )
)
2021-08-03 16:51:01 +03:00
// SigningMethodEd25519 implements the EdDSA family.
2021-07-30 00:57:09 +03:00
// Expects ed25519.PrivateKey for signing and ed25519.PublicKey for verification
type SigningMethodEd25519 struct { }
// Specific instance for EdDSA
var (
SigningMethodEdDSA * SigningMethodEd25519
)
func init ( ) {
SigningMethodEdDSA = & SigningMethodEd25519 { }
2022-02-18 02:59:12 +03:00
RegisterSigningMethod ( SigningMethodEdDSA . Alg ( ) , func ( ) SigningMethod [ ed25519 . PublicKey ] {
2021-07-30 00:57:09 +03:00
return SigningMethodEdDSA
} )
}
func ( m * SigningMethodEd25519 ) Alg ( ) string {
return "EdDSA"
}
2021-08-03 16:51:01 +03:00
// Verify implements token verification for the SigningMethod.
2021-07-30 00:57:09 +03:00
// For this verify method, key must be an ed25519.PublicKey
2022-02-18 02:59:12 +03:00
func ( m * SigningMethodEd25519 ) Verify ( signingString , signature string , key ed25519 . PublicKey ) error {
2021-07-30 00:57:09 +03:00
var err error
var ed25519Key ed25519 . PublicKey
2022-02-18 02:59:12 +03:00
/ * if ed25519Key , ok = key . ( ed25519 . PublicKey ) ; ! ok {
2021-07-30 00:57:09 +03:00
return ErrInvalidKeyType
2022-02-18 02:59:12 +03:00
} * /
2021-07-30 00:57:09 +03:00
if len ( ed25519Key ) != ed25519 . PublicKeySize {
return ErrInvalidKey
}
// Decode the signature
var sig [ ] byte
if sig , err = DecodeSegment ( signature ) ; err != nil {
return err
}
// Verify the signature
if ! ed25519 . Verify ( ed25519Key , [ ] byte ( signingString ) , sig ) {
return ErrEd25519Verification
}
return nil
}
2021-08-03 16:51:01 +03:00
// Sign implements token signing for the SigningMethod.
2021-07-30 00:57:09 +03:00
// For this signing method, key must be an ed25519.PrivateKey
func ( m * SigningMethodEd25519 ) Sign ( signingString string , key interface { } ) ( string , error ) {
2021-08-24 04:56:11 +03:00
var ed25519Key crypto . Signer
2021-07-30 00:57:09 +03:00
var ok bool
2021-08-24 04:56:11 +03:00
if ed25519Key , ok = key . ( crypto . Signer ) ; ! ok {
2021-07-30 00:57:09 +03:00
return "" , ErrInvalidKeyType
}
2021-08-24 04:56:11 +03:00
if _ , ok := ed25519Key . Public ( ) . ( ed25519 . PublicKey ) ; ! ok {
2021-07-30 00:57:09 +03:00
return "" , ErrInvalidKey
}
// Sign the string and return the encoded result
2021-08-24 04:56:11 +03:00
// ed25519 performs a two-pass hash as part of its algorithm. Therefore, we need to pass a non-prehashed message into the Sign function, as indicated by crypto.Hash(0)
sig , err := ed25519Key . Sign ( rand . Reader , [ ] byte ( signingString ) , crypto . Hash ( 0 ) )
if err != nil {
return "" , err
}
2021-07-30 00:57:09 +03:00
return EncodeSegment ( sig ) , nil
}