jsonwebtoken/src/crypto/ecdsa.rs

use ring::{rand, signature};

use crate::algorithms::Algorithm;
use crate::errors::Result;
use crate::serialization::b64_encode;

/// Only used internally when validating EC, to map from our enum to the Ring EcdsaVerificationAlgorithm structs.
pub(crate) fn alg_to_ec_verification(
    alg: Algorithm,
) -> &'static signature::EcdsaVerificationAlgorithm {
    match alg {
        Algorithm::ES256 => &signature::ECDSA_P256_SHA256_FIXED,
        Algorithm::ES384 => &signature::ECDSA_P384_SHA384_FIXED,
        _ => unreachable!("Tried to get EC alg for a non-EC algorithm"),
    }
}

/// Only used internally when signing EC, to map from our enum to the Ring EcdsaVerificationAlgorithm structs.
pub(crate) fn alg_to_ec_signing(alg: Algorithm) -> &'static signature::EcdsaSigningAlgorithm {
    match alg {
        Algorithm::ES256 => &signature::ECDSA_P256_SHA256_FIXED_SIGNING,
        Algorithm::ES384 => &signature::ECDSA_P384_SHA384_FIXED_SIGNING,
        _ => unreachable!("Tried to get EC alg for a non-EC algorithm"),
    }
}

/// The actual ECDSA signing + encoding
/// The key needs to be in PKCS8 format
pub fn sign(
    alg: &'static signature::EcdsaSigningAlgorithm,
    key: &[u8],
    message: &[u8],
) -> Result<String> {
    let signing_key = signature::EcdsaKeyPair::from_pkcs8(alg, key)?;
    let rng = rand::SystemRandom::new();
    let out = signing_key.sign(&rng, message)?;
    Ok(b64_encode(out))
}
Move crypto to a dir 2019-11-08 14:00:19 -05:00			`use ring::{rand, signature};`

More refactoring in the crypto mod 2019-11-11 14:29:57 -05:00			`use crate::algorithms::Algorithm;`
Not working yet jwk decoding 2019-11-09 06:42:40 -05:00			`use crate::errors::Result;`
Refactor decoding 2019-11-11 14:16:34 -05:00			`use crate::serialization::b64_encode;`

			`/// Only used internally when validating EC, to map from our enum to the Ring EcdsaVerificationAlgorithm structs.`
More refactoring in the crypto mod 2019-11-11 14:29:57 -05:00			`pub(crate) fn alg_to_ec_verification(`
			`alg: Algorithm,`
			`) -> &'static signature::EcdsaVerificationAlgorithm {`
Refactor decoding 2019-11-11 14:16:34 -05:00			`match alg {`
			`Algorithm::ES256 => &signature::ECDSA_P256_SHA256_FIXED,`
			`Algorithm::ES384 => &signature::ECDSA_P384_SHA384_FIXED,`
More refactoring in the crypto mod 2019-11-11 14:29:57 -05:00			`_ => unreachable!("Tried to get EC alg for a non-EC algorithm"),`
			`}`
			`}`

			`/// Only used internally when signing EC, to map from our enum to the Ring EcdsaVerificationAlgorithm structs.`
			`pub(crate) fn alg_to_ec_signing(alg: Algorithm) -> &'static signature::EcdsaSigningAlgorithm {`
			`match alg {`
			`Algorithm::ES256 => &signature::ECDSA_P256_SHA256_FIXED_SIGNING,`
			`Algorithm::ES384 => &signature::ECDSA_P384_SHA384_FIXED_SIGNING,`
			`_ => unreachable!("Tried to get EC alg for a non-EC algorithm"),`
Refactor decoding 2019-11-11 14:16:34 -05:00			`}`
			`}`
Move crypto to a dir 2019-11-08 14:00:19 -05:00
			`/// The actual ECDSA signing + encoding`
Add EncodingKey 2019-12-29 12:42:35 -05:00			`/// The key needs to be in PKCS8 format`
Move crypto to a dir 2019-11-08 14:00:19 -05:00			`pub fn sign(`
			`alg: &'static signature::EcdsaSigningAlgorithm,`
			`key: &[u8],`
Add sign and verify on bytes (#150) 2020-11-17 08:17:40 -05:00			`message: &[u8],`
Move crypto to a dir 2019-11-08 14:00:19 -05:00			`) -> Result<String> {`
Add EncodingKey 2019-12-29 12:42:35 -05:00			`let signing_key = signature::EcdsaKeyPair::from_pkcs8(alg, key)?;`
Move crypto to a dir 2019-11-08 14:00:19 -05:00			`let rng = rand::SystemRandom::new();`
Add sign and verify on bytes (#150) 2020-11-17 08:17:40 -05:00			`let out = signing_key.sign(&rng, message)?;`
removed unnecessary conversions (#180) * removed unnecessary conversions 2021-03-05 03:10:03 -05:00			`Ok(b64_encode(out))`
Move crypto to a dir 2019-11-08 14:00:19 -05:00			`}`