Головна сторінка Огляд Довідка
Реєстрація Увійти
zhouyuhuan
/
Cloudpods
1
0
Відгалуження 0
Файли Проблеми 0 Запити на злиття 0 Wiki
Гілка: feature/cloudpods
Гілки Теги
Cloudpods
/
backend
/
vendor
/
github.com
/
lestrrat-go
/
jwx
/
jws
/
rsa.go

rsa.go 3.0 KB
Постійне посилання Історія Запис

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142 
  1. package jws
    2. 

  2. 

  3. import (
    4. 

  4. 	"crypto"
    5. 

  5. 	"crypto/rand"
    6. 

  6. 	"crypto/rsa"
    7. 

  7. 

  8. 	"github.com/lestrrat-go/jwx/internal/keyconv"
    9. 

  9. 	"github.com/lestrrat-go/jwx/jwa"
    10. 

  10. 	"github.com/pkg/errors"
    11. 

  11. )
    12. 

  12. 

  13. var rsaSigners map[jwa.SignatureAlgorithm]*rsaSigner
    14. 

  14. var rsaVerifiers map[jwa.SignatureAlgorithm]*rsaVerifier
    15. 

  15. 

  16. func init() {
    17. 

  17. 	algs := map[jwa.SignatureAlgorithm]struct {
    18. 

  18. 		Hash crypto.Hash
    19. 

  19. 		PSS  bool
    20. 

  20. 	}{
    21. 

  21. 		jwa.RS256: {
    22. 

  22. 			Hash: crypto.SHA256,
    23. 

  23. 		},
    24. 

  24. 		jwa.RS384: {
    25. 

  25. 			Hash: crypto.SHA384,
    26. 

  26. 		},
    27. 

  27. 		jwa.RS512: {
    28. 

  28. 			Hash: crypto.SHA512,
    29. 

  29. 		},
    30. 

  30. 		jwa.PS256: {
    31. 

  31. 			Hash: crypto.SHA256,
    32. 

  32. 			PSS:  true,
    33. 

  33. 		},
    34. 

  34. 		jwa.PS384: {
    35. 

  35. 			Hash: crypto.SHA384,
    36. 

  36. 			PSS:  true,
    37. 

  37. 		},
    38. 

  38. 		jwa.PS512: {
    39. 

  39. 			Hash: crypto.SHA512,
    40. 

  40. 			PSS:  true,
    41. 

  41. 		},
    42. 

  42. 	}
    43. 

  43. 

  44. 	rsaSigners = make(map[jwa.SignatureAlgorithm]*rsaSigner)
    45. 

  45. 	rsaVerifiers = make(map[jwa.SignatureAlgorithm]*rsaVerifier)
    46. 

  46. 	for alg, item := range algs {
    47. 

  47. 		rsaSigners[alg] = &rsaSigner{
    48. 

  48. 			alg:  alg,
    49. 

  49. 			hash: item.Hash,
    50. 

  50. 			pss:  item.PSS,
    51. 

  51. 		}
    52. 

  52. 		rsaVerifiers[alg] = &rsaVerifier{
    53. 

  53. 			alg:  alg,
    54. 

  54. 			hash: item.Hash,
    55. 

  55. 			pss:  item.PSS,
    56. 

  56. 		}
    57. 

  57. 	}
    58. 

  58. }
    59. 

  59. 

  60. type rsaSigner struct {
    61. 

  61. 	alg  jwa.SignatureAlgorithm
    62. 

  62. 	hash crypto.Hash
    63. 

  63. 	pss  bool
    64. 

  64. }
    65. 

  65. 

  66. func newRSASigner(alg jwa.SignatureAlgorithm) Signer {
    67. 

  67. 	return rsaSigners[alg]
    68. 

  68. }
    69. 

  69. 

  70. func (rs *rsaSigner) Algorithm() jwa.SignatureAlgorithm {
    71. 

  71. 	return rs.alg
    72. 

  72. }
    73. 

  73. 

  74. func (rs *rsaSigner) Sign(payload []byte, key interface{}) ([]byte, error) {
    75. 

  75. 	if key == nil {
    76. 

  76. 		return nil, errors.New(`missing private key while signing payload`)
    77. 

  77. 	}
    78. 

  78. 

  79. 	signer, ok := key.(crypto.Signer)
    80. 

  80. 	if !ok {
    81. 

  81. 		var privkey rsa.PrivateKey
    82. 

  82. 		if err := keyconv.RSAPrivateKey(&privkey, key); err != nil {
    83. 

  83. 			return nil, errors.Wrapf(err, `failed to retrieve rsa.PrivateKey out of %T`, key)
    84. 

  84. 		}
    85. 

  85. 		signer = &privkey
    86. 

  86. 	}
    87. 

  87. 

  88. 	h := rs.hash.New()
    89. 

  89. 	if _, err := h.Write(payload); err != nil {
    90. 

  90. 		return nil, errors.Wrap(err, "failed to write payload to hash")
    91. 

  91. 	}
    92. 

  92. 	if rs.pss {
    93. 

  93. 		return signer.Sign(rand.Reader, h.Sum(nil), &rsa.PSSOptions{
    94. 

  94. 			Hash:       rs.hash,
    95. 

  95. 			SaltLength: rsa.PSSSaltLengthEqualsHash,
    96. 

  96. 		})
    97. 

  97. 	}
    98. 

  98. 	return signer.Sign(rand.Reader, h.Sum(nil), rs.hash)
    99. 

  99. }
    100. 

  100. 

  101. type rsaVerifier struct {
    102. 

  102. 	alg  jwa.SignatureAlgorithm
    103. 

  103. 	hash crypto.Hash
    104. 

  104. 	pss  bool
    105. 

  105. }
    106. 

  106. 

  107. func newRSAVerifier(alg jwa.SignatureAlgorithm) Verifier {
    108. 

  108. 	return rsaVerifiers[alg]
    109. 

  109. }
    110. 

  110. 

  111. func (rv *rsaVerifier) Verify(payload, signature []byte, key interface{}) error {
    112. 

  112. 	if key == nil {
    113. 

  113. 		return errors.New(`missing public key while verifying payload`)
    114. 

  114. 	}
    115. 

  115. 

  116. 	var pubkey rsa.PublicKey
    117. 

  117. 	if cs, ok := key.(crypto.Signer); ok {
    118. 

  118. 		cpub := cs.Public()
    119. 

  119. 		switch cpub := cpub.(type) {
    120. 

  120. 		case rsa.PublicKey:
    121. 

  121. 			pubkey = cpub
    122. 

  122. 		case *rsa.PublicKey:
    123. 

  123. 			pubkey = *cpub
    124. 

  124. 		default:
    125. 

  125. 			return errors.Errorf(`failed to retrieve rsa.PublicKey out of crypto.Signer %T`, key)
    126. 

  126. 		}
    127. 

  127. 	} else {
    128. 

  128. 		if err := keyconv.RSAPublicKey(&pubkey, key); err != nil {
    129. 

  129. 			return errors.Wrapf(err, `failed to retrieve rsa.PublicKey out of %T`, key)
    130. 

  130. 		}
    131. 

  131. 	}
    132. 

  132. 

  133. 	h := rv.hash.New()
    134. 

  134. 	if _, err := h.Write(payload); err != nil {
    135. 

  135. 		return errors.Wrap(err, "failed to write payload to hash")
    136. 

  136. 	}
    137. 

  137. 

  138. 	if rv.pss {
    139. 

  139. 		return rsa.VerifyPSS(&pubkey, rv.hash, h.Sum(nil), signature, nil)
    140. 

  140. 	}
    141. 

  141. 	return rsa.VerifyPKCS1v15(&pubkey, rv.hash, h.Sum(nil), signature)
    142. 

  142. }
    143.