-
Notifications
You must be signed in to change notification settings - Fork 46
/
Copy pathalgo_eddsa.go
65 lines (57 loc) · 1.34 KB
/
algo_eddsa.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
package jwt
import (
"crypto/ed25519"
)
// NewSignerEdDSA returns a new ed25519-based signer.
func NewSignerEdDSA(key ed25519.PrivateKey) (*EdDSAAlg, error) {
switch {
case len(key) == 0:
return nil, ErrNilKey
case len(key) != ed25519.PrivateKeySize:
return nil, ErrInvalidKey
default:
return &EdDSAAlg{
publicKey: nil,
privateKey: key,
}, nil
}
}
// NewVerifierEdDSA returns a new ed25519-based verifier.
func NewVerifierEdDSA(key ed25519.PublicKey) (*EdDSAAlg, error) {
switch {
case len(key) == 0:
return nil, ErrNilKey
case len(key) != ed25519.PublicKeySize:
return nil, ErrInvalidKey
default:
return &EdDSAAlg{
publicKey: key,
privateKey: nil,
}, nil
}
}
type EdDSAAlg struct {
publicKey ed25519.PublicKey
privateKey ed25519.PrivateKey
}
func (ed *EdDSAAlg) Algorithm() Algorithm {
return EdDSA
}
func (ed *EdDSAAlg) SignSize() int {
return ed25519.SignatureSize
}
func (ed *EdDSAAlg) Sign(payload []byte) ([]byte, error) {
return ed25519.Sign(ed.privateKey, payload), nil
}
func (ed *EdDSAAlg) Verify(token *Token) error {
switch {
case !token.isValid():
return ErrUninitializedToken
case !constTimeAlgEqual(token.Header().Algorithm, EdDSA):
return ErrAlgorithmMismatch
case !ed25519.Verify(ed.publicKey, token.PayloadPart(), token.Signature()):
return ErrInvalidSignature
default:
return nil
}
}