Sign implements token signing for the SigningMethod. For this signing method, key must be an ecdsa.PrivateKey struct
(signingString string, key any)
| 90 | // Sign implements token signing for the SigningMethod. |
| 91 | // For this signing method, key must be an ecdsa.PrivateKey struct |
| 92 | func (m *SigningMethodECDSA) Sign(signingString string, key any) ([]byte, error) { |
| 93 | // Get the key |
| 94 | var ecdsaKey *ecdsa.PrivateKey |
| 95 | switch k := key.(type) { |
| 96 | case *ecdsa.PrivateKey: |
| 97 | ecdsaKey = k |
| 98 | default: |
| 99 | return nil, newError("ECDSA sign expects *ecdsa.PrivateKey", ErrInvalidKeyType) |
| 100 | } |
| 101 | |
| 102 | // Create the hasher |
| 103 | if !m.Hash.Available() { |
| 104 | return nil, ErrHashUnavailable |
| 105 | } |
| 106 | |
| 107 | hasher := m.Hash.New() |
| 108 | hasher.Write([]byte(signingString)) |
| 109 | |
| 110 | // Sign the string and return r, s |
| 111 | if r, s, err := ecdsa.Sign(rand.Reader, ecdsaKey, hasher.Sum(nil)); err == nil { |
| 112 | curveBits := ecdsaKey.Curve.Params().BitSize |
| 113 | |
| 114 | if m.CurveBits != curveBits { |
| 115 | return nil, ErrInvalidKey |
| 116 | } |
| 117 | |
| 118 | keyBytes := curveBits / 8 |
| 119 | if curveBits%8 > 0 { |
| 120 | keyBytes += 1 |
| 121 | } |
| 122 | |
| 123 | // We serialize the outputs (r and s) into big-endian byte arrays |
| 124 | // padded with zeros on the left to make sure the sizes work out. |
| 125 | // Output must be 2*keyBytes long. |
| 126 | out := make([]byte, 2*keyBytes) |
| 127 | r.FillBytes(out[0:keyBytes]) // r is assigned to the first half of output. |
| 128 | s.FillBytes(out[keyBytes:]) // s is assigned to the second half of output. |
| 129 | |
| 130 | return out, nil |
| 131 | } else { |
| 132 | return nil, err |
| 133 | } |
| 134 | } |