@@ -11,6 +11,9 @@ use p256::ecdsa::{
1111use p384:: ecdsa:: {
1212 Signature as Signature384 , SigningKey as SigningKey384 , VerifyingKey as VerifyingKey384 ,
1313} ;
14+ use p521:: ecdsa:: {
15+ Signature as Signature521 , SigningKey as SigningKey521 , VerifyingKey as VerifyingKey521 ,
16+ } ;
1417use rsa:: pkcs8:: DecodePrivateKey ;
1518use signature:: { Error , Signer , Verifier } ;
1619
@@ -85,3 +88,62 @@ define_ecdsa_signer!(Es384Signer, Algorithm::ES384, SigningKey384);
8588
8689define_ecdsa_verifier ! ( Es256Verifier , Algorithm :: ES256 , VerifyingKey256 , Signature256 ) ;
8790define_ecdsa_verifier ! ( Es384Verifier , Algorithm :: ES384 , VerifyingKey384 , Signature384 ) ;
91+
92+ // P521 (ES512) uses a different API - no sign_recoverable
93+ pub struct Es512Signer ( SigningKey521 ) ;
94+
95+ impl Es512Signer {
96+ pub ( crate ) fn new ( encoding_key : & EncodingKey ) -> Result < Self > {
97+ if encoding_key. family != AlgorithmFamily :: Ec {
98+ return Err ( new_error ( ErrorKind :: InvalidKeyFormat ) ) ;
99+ }
100+
101+ Ok ( Self (
102+ SigningKey521 :: from_bytes ( encoding_key. inner ( ) . into ( ) )
103+ . map_err ( |_| ErrorKind :: InvalidEcdsaKey ) ?,
104+ ) )
105+ }
106+ }
107+
108+ impl Signer < Vec < u8 > > for Es512Signer {
109+ fn try_sign ( & self , msg : & [ u8 ] ) -> std:: result:: Result < Vec < u8 > , Error > {
110+ let signature: Signature521 = self . 0 . sign ( msg) ;
111+ Ok ( signature. to_vec ( ) )
112+ }
113+ }
114+
115+ impl JwtSigner for Es512Signer {
116+ fn algorithm ( & self ) -> Algorithm {
117+ Algorithm :: ES512
118+ }
119+ }
120+
121+ pub struct Es512Verifier ( VerifyingKey521 ) ;
122+
123+ impl Es512Verifier {
124+ pub ( crate ) fn new ( decoding_key : & DecodingKey ) -> Result < Self > {
125+ if decoding_key. family != AlgorithmFamily :: Ec {
126+ return Err ( new_error ( ErrorKind :: InvalidKeyFormat ) ) ;
127+ }
128+
129+ Ok ( Self (
130+ VerifyingKey521 :: from_sec1_bytes ( decoding_key. as_bytes ( ) )
131+ . map_err ( |_| ErrorKind :: InvalidEcdsaKey ) ?,
132+ ) )
133+ }
134+ }
135+
136+ impl Verifier < Vec < u8 > > for Es512Verifier {
137+ fn verify ( & self , msg : & [ u8 ] , signature : & Vec < u8 > ) -> std:: result:: Result < ( ) , Error > {
138+ self . 0
139+ . verify ( msg, & Signature521 :: from_slice ( signature) . map_err ( Error :: from_source) ?)
140+ . map_err ( Error :: from_source) ?;
141+ Ok ( ( ) )
142+ }
143+ }
144+
145+ impl JwtVerifier for Es512Verifier {
146+ fn algorithm ( & self ) -> Algorithm {
147+ Algorithm :: ES512
148+ }
149+ }
0 commit comments