11 // Implements the RSAPSS family of signing methods signing methods
12 type SigningMethodRSAPSS struct {
14 Options *rsa.PSSOptions
17 // Specific instances for RS/PS and company
19 SigningMethodPS256 *SigningMethodRSAPSS
20 SigningMethodPS384 *SigningMethodRSAPSS
21 SigningMethodPS512 *SigningMethodRSAPSS
26 SigningMethodPS256 = &SigningMethodRSAPSS{
32 SaltLength: rsa.PSSSaltLengthAuto,
36 RegisterSigningMethod(SigningMethodPS256.Alg(), func() SigningMethod {
37 return SigningMethodPS256
41 SigningMethodPS384 = &SigningMethodRSAPSS{
47 SaltLength: rsa.PSSSaltLengthAuto,
51 RegisterSigningMethod(SigningMethodPS384.Alg(), func() SigningMethod {
52 return SigningMethodPS384
56 SigningMethodPS512 = &SigningMethodRSAPSS{
62 SaltLength: rsa.PSSSaltLengthAuto,
66 RegisterSigningMethod(SigningMethodPS512.Alg(), func() SigningMethod {
67 return SigningMethodPS512
71 // Implements the Verify method from SigningMethod
72 // For this verify method, key must be an rsa.PublicKey struct
73 func (m *SigningMethodRSAPSS) Verify(signingString, signature string, key interface{}) error {
76 // Decode the signature
78 if sig, err = DecodeSegment(signature); err != nil {
82 var rsaKey *rsa.PublicKey
83 switch k := key.(type) {
91 if !m.Hash.Available() {
92 return ErrHashUnavailable
94 hasher := m.Hash.New()
95 hasher.Write([]byte(signingString))
97 return rsa.VerifyPSS(rsaKey, m.Hash, hasher.Sum(nil), sig, m.Options)
100 // Implements the Sign method from SigningMethod
101 // For this signing method, key must be an rsa.PrivateKey struct
102 func (m *SigningMethodRSAPSS) Sign(signingString string, key interface{}) (string, error) {
103 var rsaKey *rsa.PrivateKey
105 switch k := key.(type) {
106 case *rsa.PrivateKey:
109 return "", ErrInvalidKeyType
113 if !m.Hash.Available() {
114 return "", ErrHashUnavailable
117 hasher := m.Hash.New()
118 hasher.Write([]byte(signingString))
120 // Sign the string and return the encoded bytes
121 if sigBytes, err := rsa.SignPSS(rand.Reader, rsaKey, m.Hash, hasher.Sum(nil), m.Options); err == nil {
122 return EncodeSegment(sigBytes), nil