/
ed448.go
71 lines (63 loc) · 1.71 KB
/
ed448.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
package jwk
import (
"bytes"
"errors"
"github.com/shogo82148/goat/ed448"
"github.com/shogo82148/goat/internal/jsonutils"
"github.com/shogo82148/goat/jwa"
)
func parseEd448Key(d *jsonutils.Decoder, key *Key) {
x := d.MustBytes("x")
if len(x) != ed448.PublicKeySize {
d.SaveError(errors.New("jwk: the parameter x has invalid size"))
return
}
pub := make(ed448.PublicKey, ed448.PublicKeySize)
copy(pub, x)
key.pub = pub
if param, ok := d.GetBytes("d"); ok {
if len(param) != ed448.SeedSize {
d.SaveError(errors.New("jwk: the parameter d has invalid size"))
return
}
priv := ed448.NewKeyFromSeed(param)
if !bytes.Equal([]byte(priv[ed448.SeedSize:]), []byte(pub)) {
d.SaveError(errors.New("jwk: invalid key pair"))
return
}
key.priv = priv
}
// sanity check of the certificate
if certs := key.x5c; len(certs) > 0 {
cert := certs[0]
publicKey := cert.PublicKey
if !pub.Equal(publicKey) {
d.SaveError(errors.New("jwk: public keys are mismatch"))
return
}
}
}
func encodeEd448Key(e *jsonutils.Encoder, priv ed448.PrivateKey, pub ed448.PublicKey) {
e.Set("kty", jwa.OKP.String())
e.Set("crv", jwa.Ed448.String())
e.SetBytes("x", []byte(pub))
if priv != nil {
e.SetBytes("d", []byte(priv[:ed448.SeedSize]))
}
}
func validateEd448PrivateKey(key ed448.PrivateKey) error {
if len(key) != ed448.PrivateKeySize {
return errors.New("jwk: invalid ed448 private key size")
}
want := ed448.NewKeyFromSeed(key[:ed448.SeedSize])
if !bytes.Equal(want, key) {
return errors.New("jwk: invalid ed448 key pair")
}
return nil
}
func validateEd448PublicKey(key ed448.PublicKey) error {
if len(key) != ed448.PublicKeySize {
return errors.New("jwk: invalid ed448 public key size")
}
return nil
}