12 // Sadly this is missing from crypto/ecdsa compared to crypto/rsa
13 ErrECDSAVerification = errors.New("crypto/ecdsa: verification error")
16 // Implements the ECDSA family of signing methods signing methods
17 // Expects *ecdsa.PrivateKey for signing and *ecdsa.PublicKey for verification
18 type SigningMethodECDSA struct {
25 // Specific instances for EC256 and company
27 SigningMethodES256 *SigningMethodECDSA
28 SigningMethodES384 *SigningMethodECDSA
29 SigningMethodES512 *SigningMethodECDSA
34 SigningMethodES256 = &SigningMethodECDSA{"ES256", crypto.SHA256, 32, 256}
35 RegisterSigningMethod(SigningMethodES256.Alg(), func() SigningMethod {
36 return SigningMethodES256
40 SigningMethodES384 = &SigningMethodECDSA{"ES384", crypto.SHA384, 48, 384}
41 RegisterSigningMethod(SigningMethodES384.Alg(), func() SigningMethod {
42 return SigningMethodES384
46 SigningMethodES512 = &SigningMethodECDSA{"ES512", crypto.SHA512, 66, 521}
47 RegisterSigningMethod(SigningMethodES512.Alg(), func() SigningMethod {
48 return SigningMethodES512
52 func (m *SigningMethodECDSA) Alg() string {
56 // Implements the Verify method from SigningMethod
57 // For this verify method, key must be an ecdsa.PublicKey struct
58 func (m *SigningMethodECDSA) Verify(signingString, signature string, key interface{}) error {
61 // Decode the signature
63 if sig, err = DecodeSegment(signature); err != nil {
68 var ecdsaKey *ecdsa.PublicKey
69 switch k := key.(type) {
70 case *ecdsa.PublicKey:
73 return ErrInvalidKeyType
76 if len(sig) != 2*m.KeySize {
77 return ErrECDSAVerification
80 r := big.NewInt(0).SetBytes(sig[:m.KeySize])
81 s := big.NewInt(0).SetBytes(sig[m.KeySize:])
84 if !m.Hash.Available() {
85 return ErrHashUnavailable
87 hasher := m.Hash.New()
88 hasher.Write([]byte(signingString))
90 // Verify the signature
91 if verifystatus := ecdsa.Verify(ecdsaKey, hasher.Sum(nil), r, s); verifystatus == true {
94 return ErrECDSAVerification
98 // Implements the Sign method from SigningMethod
99 // For this signing method, key must be an ecdsa.PrivateKey struct
100 func (m *SigningMethodECDSA) Sign(signingString string, key interface{}) (string, error) {
102 var ecdsaKey *ecdsa.PrivateKey
103 switch k := key.(type) {
104 case *ecdsa.PrivateKey:
107 return "", ErrInvalidKeyType
111 if !m.Hash.Available() {
112 return "", ErrHashUnavailable
115 hasher := m.Hash.New()
116 hasher.Write([]byte(signingString))
118 // Sign the string and return r, s
119 if r, s, err := ecdsa.Sign(rand.Reader, ecdsaKey, hasher.Sum(nil)); err == nil {
120 curveBits := ecdsaKey.Curve.Params().BitSize
122 if m.CurveBits != curveBits {
123 return "", ErrInvalidKey
126 keyBytes := curveBits / 8
131 // We serialize the outpus (r and s) into big-endian byte arrays and pad
132 // them with zeros on the left to make sure the sizes work out. Both arrays
133 // must be keyBytes long, and the output must be 2*keyBytes long.
135 rBytesPadded := make([]byte, keyBytes)
136 copy(rBytesPadded[keyBytes-len(rBytes):], rBytes)
139 sBytesPadded := make([]byte, keyBytes)
140 copy(sBytesPadded[keyBytes-len(sBytes):], sBytes)
142 out := append(rBytesPadded, sBytesPadded...)
144 return EncodeSegment(out), nil