| David K. Bainbridge | 215e024 | 2017-09-05 23:18:24 -0700 | [diff] [blame^] | 1 | package libtrust |
| 2 | |
| 3 | import ( |
| 4 | "crypto" |
| 5 | _ "crypto/sha256" // Registrer SHA224 and SHA256 |
| 6 | _ "crypto/sha512" // Registrer SHA384 and SHA512 |
| 7 | "fmt" |
| 8 | ) |
| 9 | |
| 10 | type signatureAlgorithm struct { |
| 11 | algHeaderParam string |
| 12 | hashID crypto.Hash |
| 13 | } |
| 14 | |
| 15 | func (h *signatureAlgorithm) HeaderParam() string { |
| 16 | return h.algHeaderParam |
| 17 | } |
| 18 | |
| 19 | func (h *signatureAlgorithm) HashID() crypto.Hash { |
| 20 | return h.hashID |
| 21 | } |
| 22 | |
| 23 | var ( |
| 24 | rs256 = &signatureAlgorithm{"RS256", crypto.SHA256} |
| 25 | rs384 = &signatureAlgorithm{"RS384", crypto.SHA384} |
| 26 | rs512 = &signatureAlgorithm{"RS512", crypto.SHA512} |
| 27 | es256 = &signatureAlgorithm{"ES256", crypto.SHA256} |
| 28 | es384 = &signatureAlgorithm{"ES384", crypto.SHA384} |
| 29 | es512 = &signatureAlgorithm{"ES512", crypto.SHA512} |
| 30 | ) |
| 31 | |
| 32 | func rsaSignatureAlgorithmByName(alg string) (*signatureAlgorithm, error) { |
| 33 | switch { |
| 34 | case alg == "RS256": |
| 35 | return rs256, nil |
| 36 | case alg == "RS384": |
| 37 | return rs384, nil |
| 38 | case alg == "RS512": |
| 39 | return rs512, nil |
| 40 | default: |
| 41 | return nil, fmt.Errorf("RSA Digital Signature Algorithm %q not supported", alg) |
| 42 | } |
| 43 | } |
| 44 | |
| 45 | func rsaPKCS1v15SignatureAlgorithmForHashID(hashID crypto.Hash) *signatureAlgorithm { |
| 46 | switch { |
| 47 | case hashID == crypto.SHA512: |
| 48 | return rs512 |
| 49 | case hashID == crypto.SHA384: |
| 50 | return rs384 |
| 51 | case hashID == crypto.SHA256: |
| 52 | fallthrough |
| 53 | default: |
| 54 | return rs256 |
| 55 | } |
| 56 | } |