1package libtrust 2 3import ( 4 "crypto" 5 _ "crypto/sha256" // Registrer SHA224 and SHA256 6 _ "crypto/sha512" // Registrer SHA384 and SHA512 7 "fmt" 8) 9 10type signatureAlgorithm struct { 11 algHeaderParam string 12 hashID crypto.Hash 13} 14 15func (h *signatureAlgorithm) HeaderParam() string { 16 return h.algHeaderParam 17} 18 19func (h *signatureAlgorithm) HashID() crypto.Hash { 20 return h.hashID 21} 22 23var ( 24 rs256 = &signatureAlgorithm{"RS256", crypto.SHA256} 25 rs384 = &signatureAlgorithm{"RS384", crypto.SHA384} 26 rs512 = &signatureAlgorithm{"RS512", crypto.SHA512} 27 es256 = &signatureAlgorithm{"ES256", crypto.SHA256} 28 es384 = &signatureAlgorithm{"ES384", crypto.SHA384} 29 es512 = &signatureAlgorithm{"ES512", crypto.SHA512} 30) 31 32func rsaSignatureAlgorithmByName(alg string) (*signatureAlgorithm, error) { 33 switch { 34 case alg == "RS256": 35 return rs256, nil 36 case alg == "RS384": 37 return rs384, nil 38 case alg == "RS512": 39 return rs512, nil 40 default: 41 return nil, fmt.Errorf("RSA Digital Signature Algorithm %q not supported", alg) 42 } 43} 44 45func rsaPKCS1v15SignatureAlgorithmForHashID(hashID crypto.Hash) *signatureAlgorithm { 46 switch { 47 case hashID == crypto.SHA512: 48 return rs512 49 case hashID == crypto.SHA384: 50 return rs384 51 case hashID == crypto.SHA256: 52 fallthrough 53 default: 54 return rs256 55 } 56} 57