2021-10-27 10:00:11 +00:00
|
|
|
package signature
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/ecdsa"
|
|
|
|
"crypto/elliptic"
|
|
|
|
"errors"
|
2021-12-10 13:56:04 +00:00
|
|
|
"fmt"
|
|
|
|
|
|
|
|
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
2022-02-24 11:05:05 +00:00
|
|
|
"github.com/nspcc-dev/neofs-sdk-go/signature"
|
2021-10-27 10:00:11 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
type DataSource interface {
|
|
|
|
ReadSignedData([]byte) ([]byte, error)
|
|
|
|
SignedDataSize() int
|
|
|
|
}
|
|
|
|
|
|
|
|
type DataWithSignature interface {
|
|
|
|
DataSource
|
2022-02-24 11:05:05 +00:00
|
|
|
GetSignature() *signature.Signature
|
|
|
|
SetSignature(*signature.Signature)
|
2021-10-27 10:00:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
type SignOption func(*cfg)
|
|
|
|
|
2022-02-24 11:05:05 +00:00
|
|
|
type KeySignatureHandler func(*signature.Signature)
|
2021-10-27 10:00:11 +00:00
|
|
|
|
2022-02-24 11:05:05 +00:00
|
|
|
type KeySignatureSource func() *signature.Signature
|
2021-10-27 10:00:11 +00:00
|
|
|
|
|
|
|
const (
|
|
|
|
// PrivateKeyCompressedSize is constant with compressed size of private key (SK).
|
|
|
|
// D coordinate stored, recover PK by formula x, y = curve.ScalarBaseMul(d,bytes).
|
|
|
|
PrivateKeyCompressedSize = 32
|
|
|
|
|
|
|
|
// PublicKeyCompressedSize is constant with compressed size of public key (PK).
|
|
|
|
PublicKeyCompressedSize = 33
|
|
|
|
|
|
|
|
// PublicKeyUncompressedSize is constant with uncompressed size of public key (PK).
|
|
|
|
// First byte always should be 0x4 other 64 bytes is X and Y (32 bytes per coordinate).
|
|
|
|
// 2 * 32 + 1.
|
|
|
|
PublicKeyUncompressedSize = 65
|
|
|
|
)
|
|
|
|
|
|
|
|
var (
|
|
|
|
// ErrEmptyPrivateKey is returned when used private key is empty.
|
|
|
|
ErrEmptyPrivateKey = errors.New("empty private key")
|
|
|
|
// ErrInvalidPublicKey is returned when public key cannot be unmarshalled.
|
|
|
|
ErrInvalidPublicKey = errors.New("invalid public key")
|
|
|
|
// ErrInvalidSignature is returned if signature cannot be verified.
|
|
|
|
ErrInvalidSignature = errors.New("invalid signature")
|
|
|
|
)
|
|
|
|
|
2022-02-24 11:05:05 +00:00
|
|
|
func SignDataWithHandler(key *ecdsa.PrivateKey, src DataSource, handler KeySignatureHandler, opts ...SignOption) error {
|
2021-10-27 10:00:11 +00:00
|
|
|
if key == nil {
|
2022-02-24 11:05:05 +00:00
|
|
|
return ErrEmptyPrivateKey
|
2021-10-27 10:00:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
data, err := dataForSignature(src)
|
|
|
|
if err != nil {
|
2022-02-24 11:05:05 +00:00
|
|
|
return err
|
2021-10-27 10:00:11 +00:00
|
|
|
}
|
|
|
|
defer bytesPool.Put(&data)
|
|
|
|
|
2022-02-24 11:05:05 +00:00
|
|
|
cfg := getConfig(opts...)
|
2021-10-27 10:00:11 +00:00
|
|
|
|
2022-02-24 11:05:05 +00:00
|
|
|
sigData, err := sign(cfg.defaultScheme, key, data)
|
2021-10-27 10:00:11 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2022-02-24 11:05:05 +00:00
|
|
|
sig := signature.New()
|
|
|
|
sig.SetKey((*keys.PublicKey)(&key.PublicKey).Bytes())
|
|
|
|
sig.SetSign(sigData)
|
|
|
|
sig.SetScheme(cfg.defaultScheme)
|
|
|
|
|
|
|
|
handler(sig)
|
2021-10-27 10:00:11 +00:00
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func VerifyDataWithSource(dataSrc DataSource, sigSrc KeySignatureSource, opts ...SignOption) error {
|
|
|
|
data, err := dataForSignature(dataSrc)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
defer bytesPool.Put(&data)
|
|
|
|
|
2022-02-24 11:05:05 +00:00
|
|
|
cfg := getConfig(opts...)
|
2021-10-27 10:00:11 +00:00
|
|
|
|
2022-02-24 11:05:05 +00:00
|
|
|
sig := sigSrc()
|
2021-10-27 10:00:11 +00:00
|
|
|
|
2021-12-10 13:56:04 +00:00
|
|
|
var pub *keys.PublicKey
|
2022-02-24 11:05:05 +00:00
|
|
|
if len(sig.Key()) != 0 {
|
|
|
|
pub, err = keys.NewPublicKeyFromBytes(sig.Key(), elliptic.P256())
|
2021-12-10 13:56:04 +00:00
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("%w: %v", ErrInvalidPublicKey, err)
|
2021-10-27 10:00:11 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-02-24 11:05:05 +00:00
|
|
|
scheme := sig.Scheme()
|
|
|
|
if scheme == signature.Unspecified {
|
|
|
|
scheme = cfg.defaultScheme
|
|
|
|
}
|
|
|
|
if cfg.restrictScheme != signature.Unspecified && scheme != cfg.restrictScheme {
|
|
|
|
return fmt.Errorf("%w: unexpected signature scheme", ErrInvalidSignature)
|
|
|
|
}
|
|
|
|
|
|
|
|
return verify(
|
|
|
|
scheme,
|
2021-12-10 13:56:04 +00:00
|
|
|
(*ecdsa.PublicKey)(pub),
|
|
|
|
data,
|
2022-02-24 11:05:05 +00:00
|
|
|
sig.Sign(),
|
2021-12-10 13:56:04 +00:00
|
|
|
)
|
2021-10-27 10:00:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func SignData(key *ecdsa.PrivateKey, v DataWithSignature, opts ...SignOption) error {
|
2022-02-24 11:05:05 +00:00
|
|
|
return SignDataWithHandler(key, v, v.SetSignature, opts...)
|
2021-10-27 10:00:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func VerifyData(src DataWithSignature, opts ...SignOption) error {
|
2022-02-24 11:05:05 +00:00
|
|
|
return VerifyDataWithSource(src, src.GetSignature, opts...)
|
2021-10-27 10:00:11 +00:00
|
|
|
}
|