feat(crypto): hash algorithm for EdDSA
This commit is contained in:
Tim Möhlmann
parent
de034c8d24
commit
7e1846e6e2
1 changed files with 10 additions and 0 deletions
|
|
@ -21,6 +21,16 @@ func GetHashAlgorithm(sigAlgorithm jose.SignatureAlgorithm) (hash.Hash, error) {
|
|||
return sha512.New384(), nil
|
||||
case jose.RS512, jose.ES512, jose.PS512:
|
||||
return sha512.New(), nil
|
||||
|
||||
// There is no published spec for this yet.
|
||||
// There is consensus here: https://bitbucket.org/openid/connect/issues/1125/_hash-algorithm-for-eddsa-id-tokens
|
||||
// Currently go-jose only supports the ed25519 curve key for EdDSA, so we can safely assume sha512 here.
|
||||
//
|
||||
// TODO: When go-jose ever decides to support ed448, we need to know the "crv" parameter and use shake256 for ed448.
|
||||
// The "crv" value is currently not exposed by go-jose.JSONWebKey and is currently only hard-coded to be set during marshalling.
|
||||
case jose.EdDSA:
|
||||
return sha512.New(), nil
|
||||
|
||||
default:
|
||||
return nil, fmt.Errorf("%w: %q", ErrUnsupportedAlgorithm, sigAlgorithm)
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue