summaryrefslogtreecommitdiff
path: root/vendor/github.com/docker/libtrust/hash.go
blob: a2df787dd994cbbac44240679ba79a95f71fc780 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
package libtrust

import (
	"crypto"
	_ "crypto/sha256" // Registrer SHA224 and SHA256
	_ "crypto/sha512" // Registrer SHA384 and SHA512
	"fmt"
)

type signatureAlgorithm struct {
	algHeaderParam string
	hashID         crypto.Hash
}

func (h *signatureAlgorithm) HeaderParam() string {
	return h.algHeaderParam
}

func (h *signatureAlgorithm) HashID() crypto.Hash {
	return h.hashID
}

var (
	rs256 = &signatureAlgorithm{"RS256", crypto.SHA256}
	rs384 = &signatureAlgorithm{"RS384", crypto.SHA384}
	rs512 = &signatureAlgorithm{"RS512", crypto.SHA512}
	es256 = &signatureAlgorithm{"ES256", crypto.SHA256}
	es384 = &signatureAlgorithm{"ES384", crypto.SHA384}
	es512 = &signatureAlgorithm{"ES512", crypto.SHA512}
)

func rsaSignatureAlgorithmByName(alg string) (*signatureAlgorithm, error) {
	switch {
	case alg == "RS256":
		return rs256, nil
	case alg == "RS384":
		return rs384, nil
	case alg == "RS512":
		return rs512, nil
	default:
		return nil, fmt.Errorf("RSA Digital Signature Algorithm %q not supported", alg)
	}
}

func rsaPKCS1v15SignatureAlgorithmForHashID(hashID crypto.Hash) *signatureAlgorithm {
	switch {
	case hashID == crypto.SHA512:
		return rs512
	case hashID == crypto.SHA384:
		return rs384
	case hashID == crypto.SHA256:
		fallthrough
	default:
		return rs256
	}
}