/rust/registry/src/index.crates.io-1949cf8c6b5b557f/jsonwebtoken-9.3.1/src/crypto/ecdsa.rs
Line | Count | Source |
1 | | use ring::{rand, signature}; |
2 | | |
3 | | use crate::algorithms::Algorithm; |
4 | | use crate::errors::Result; |
5 | | use crate::serialization::b64_encode; |
6 | | |
7 | | /// Only used internally when validating EC, to map from our enum to the Ring EcdsaVerificationAlgorithm structs. |
8 | 0 | pub(crate) fn alg_to_ec_verification( |
9 | 0 | alg: Algorithm, |
10 | 0 | ) -> &'static signature::EcdsaVerificationAlgorithm { |
11 | 0 | match alg { |
12 | 0 | Algorithm::ES256 => &signature::ECDSA_P256_SHA256_FIXED, |
13 | 0 | Algorithm::ES384 => &signature::ECDSA_P384_SHA384_FIXED, |
14 | 0 | _ => unreachable!("Tried to get EC alg for a non-EC algorithm"), |
15 | | } |
16 | 0 | } |
17 | | |
18 | | /// Only used internally when signing EC, to map from our enum to the Ring EcdsaVerificationAlgorithm structs. |
19 | 0 | pub(crate) fn alg_to_ec_signing(alg: Algorithm) -> &'static signature::EcdsaSigningAlgorithm { |
20 | 0 | match alg { |
21 | 0 | Algorithm::ES256 => &signature::ECDSA_P256_SHA256_FIXED_SIGNING, |
22 | 0 | Algorithm::ES384 => &signature::ECDSA_P384_SHA384_FIXED_SIGNING, |
23 | 0 | _ => unreachable!("Tried to get EC alg for a non-EC algorithm"), |
24 | | } |
25 | 0 | } |
26 | | |
27 | | /// The actual ECDSA signing + encoding |
28 | | /// The key needs to be in PKCS8 format |
29 | 0 | pub fn sign( |
30 | 0 | alg: &'static signature::EcdsaSigningAlgorithm, |
31 | 0 | key: &[u8], |
32 | 0 | message: &[u8], |
33 | 0 | ) -> Result<String> { |
34 | 0 | let rng = rand::SystemRandom::new(); |
35 | 0 | let signing_key = signature::EcdsaKeyPair::from_pkcs8(alg, key, &rng)?; |
36 | 0 | let out = signing_key.sign(&rng, message)?; |
37 | 0 | Ok(b64_encode(out)) |
38 | 0 | } |