frostfs-api-go/util/signature/options.go

package signature

import (
	"crypto/ecdsa"
	"encoding/base64"
	"fmt"

	"github.com/nspcc-dev/neofs-api-go/v2/refs"
	"github.com/nspcc-dev/neofs-api-go/v2/util/signature/walletconnect"
	crypto "github.com/nspcc-dev/neofs-crypto"
)

type cfg struct {
	schemeFixed bool
	scheme      refs.SignatureScheme
	buffer      []byte
}

func defaultCfg() *cfg {
	return new(cfg)
}

func verify(cfg *cfg, data []byte, sig *refs.Signature) error {
	if !cfg.schemeFixed {
		cfg.scheme = sig.GetScheme()
	}

	pub := crypto.UnmarshalPublicKey(sig.GetKey())
	if pub == nil {
		return crypto.ErrEmptyPublicKey
	}

	switch cfg.scheme {
	case refs.ECDSA_SHA512:
		return crypto.Verify(pub, data, sig.GetSign())
	case refs.ECDSA_RFC6979_SHA256:
		return crypto.VerifyRFC6979(pub, data, sig.GetSign())
	case refs.ECDSA_RFC6979_SHA256_WALLET_CONNECT:
		buf := make([]byte, base64.StdEncoding.EncodedLen(len(data)))
		base64.StdEncoding.Encode(buf, data)
		if !walletconnect.Verify(pub, buf, sig.GetSign()) {
			return crypto.ErrInvalidSignature
		}
		return nil
	default:
		return fmt.Errorf("unsupported signature scheme %s", cfg.scheme)
	}
}

func sign(cfg *cfg, key *ecdsa.PrivateKey, data []byte) ([]byte, error) {
	switch cfg.scheme {
	case refs.ECDSA_SHA512:
		return crypto.Sign(key, data)
	case refs.ECDSA_RFC6979_SHA256:
		return crypto.SignRFC6979(key, data)
	case refs.ECDSA_RFC6979_SHA256_WALLET_CONNECT:
		buf := make([]byte, base64.StdEncoding.EncodedLen(len(data)))
		base64.StdEncoding.Encode(buf, data)
		return walletconnect.Sign(key, buf)
	default:
		panic(fmt.Sprintf("unsupported scheme %s", cfg.scheme))
	}
}

func SignWithRFC6979() SignOption {
	return func(c *cfg) {
		c.schemeFixed = true
		c.scheme = refs.ECDSA_RFC6979_SHA256
	}
}

// WithBuffer allows providing pre-allocated buffer for signature verification.
func WithBuffer(buf []byte) SignOption {
	return func(c *cfg) {
		c.buffer = buf
	}
}

func SignWithWalletConnect() SignOption {
	return func(c *cfg) {
		c.scheme = refs.ECDSA_RFC6979_SHA256_WALLET_CONNECT
	}
}
service: Add updated Sign/Verify mechanism 2020-08-12 14:03:11 +00:00			`package signature`

			`import (`
			`"crypto/ecdsa"`
[#386] util/signature: Add WalletConnect API support To avoid introducing new dependency (neo-go), crypto routines are used as in other code. Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-15 13:54:47 +00:00			`"encoding/base64"`
[#55] refs: Add Scheme field to Signature Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-02-22 11:25:43 +00:00			`"fmt"`
service: Add updated Sign/Verify mechanism 2020-08-12 14:03:11 +00:00
[#55] refs: Add Scheme field to Signature Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-02-22 11:25:43 +00:00			`"github.com/nspcc-dev/neofs-api-go/v2/refs"`
[#386] util/signature: Add WalletConnect API support To avoid introducing new dependency (neo-go), crypto routines are used as in other code. Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-15 13:54:47 +00:00			`"github.com/nspcc-dev/neofs-api-go/v2/util/signature/walletconnect"`
service: Add updated Sign/Verify mechanism 2020-08-12 14:03:11 +00:00			`crypto "github.com/nspcc-dev/neofs-crypto"`
			`)`

			`type cfg struct {`
[#380] Support changes in signature schemes Support new `SignatureRFC6979` message. Make `refs.ECDSA_SHA512` to be default scheme. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2022-03-02 10:15:36 +00:00			`schemeFixed bool`
			`scheme refs.SignatureScheme`
[#393] util/signature: Remove bytes pool and provide buffer explicitly Chained verification is done in a single thread there is no need to use pool to do this. Also because newly allocated items are 5 MiB in size we can run out of memory given that typical header it much less in size. Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-04-11 11:23:10 +00:00			`buffer []byte`
service: Add updated Sign/Verify mechanism 2020-08-12 14:03:11 +00:00			`}`

			`func defaultCfg() *cfg {`
[#380] Support changes in signature schemes Support new `SignatureRFC6979` message. Make `refs.ECDSA_SHA512` to be default scheme. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2022-03-02 10:15:36 +00:00			`return new(cfg)`
[#55] refs: Add Scheme field to Signature Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-02-22 11:25:43 +00:00			`}`

			`func verify(cfg cfg, data []byte, sig refs.Signature) error {`
[#380] Support changes in signature schemes Support new `SignatureRFC6979` message. Make `refs.ECDSA_SHA512` to be default scheme. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2022-03-02 10:15:36 +00:00			`if !cfg.schemeFixed {`
			`cfg.scheme = sig.GetScheme()`
[#55] refs: Add Scheme field to Signature Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-02-22 11:25:43 +00:00			`}`

			`pub := crypto.UnmarshalPublicKey(sig.GetKey())`
[#386] util/signature: Add WalletConnect API support To avoid introducing new dependency (neo-go), crypto routines are used as in other code. Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-15 13:54:47 +00:00			`if pub == nil {`
			`return crypto.ErrEmptyPublicKey`
			`}`
[#380] Support changes in signature schemes Support new `SignatureRFC6979` message. Make `refs.ECDSA_SHA512` to be default scheme. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2022-03-02 10:15:36 +00:00
			`switch cfg.scheme {`
[#55] refs: Add Scheme field to Signature Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-02-22 11:25:43 +00:00			`case refs.ECDSA_SHA512:`
			`return crypto.Verify(pub, data, sig.GetSign())`
			`case refs.ECDSA_RFC6979_SHA256:`
			`return crypto.VerifyRFC6979(pub, data, sig.GetSign())`
[#386] util/signature: Add WalletConnect API support To avoid introducing new dependency (neo-go), crypto routines are used as in other code. Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-15 13:54:47 +00:00			`case refs.ECDSA_RFC6979_SHA256_WALLET_CONNECT:`
			`buf := make([]byte, base64.StdEncoding.EncodedLen(len(data)))`
			`base64.StdEncoding.Encode(buf, data)`
			`if !walletconnect.Verify(pub, buf, sig.GetSign()) {`
			`return crypto.ErrInvalidSignature`
			`}`
			`return nil`
[#55] refs: Add Scheme field to Signature Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-02-22 11:25:43 +00:00			`default:`
[#380] Support changes in signature schemes Support new `SignatureRFC6979` message. Make `refs.ECDSA_SHA512` to be default scheme. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2022-03-02 10:15:36 +00:00			`return fmt.Errorf("unsupported signature scheme %s", cfg.scheme)`
[#55] refs: Add Scheme field to Signature Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-02-22 11:25:43 +00:00			`}`
			`}`

[#380] Support changes in signature schemes Support new `SignatureRFC6979` message. Make `refs.ECDSA_SHA512` to be default scheme. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2022-03-02 10:15:36 +00:00			`func sign(cfg cfg, key ecdsa.PrivateKey, data []byte) ([]byte, error) {`
			`switch cfg.scheme {`
[#55] refs: Add Scheme field to Signature Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-02-22 11:25:43 +00:00			`case refs.ECDSA_SHA512:`
			`return crypto.Sign(key, data)`
			`case refs.ECDSA_RFC6979_SHA256:`
			`return crypto.SignRFC6979(key, data)`
[#386] util/signature: Add WalletConnect API support To avoid introducing new dependency (neo-go), crypto routines are used as in other code. Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-15 13:54:47 +00:00			`case refs.ECDSA_RFC6979_SHA256_WALLET_CONNECT:`
			`buf := make([]byte, base64.StdEncoding.EncodedLen(len(data)))`
			`base64.StdEncoding.Encode(buf, data)`
			`return walletconnect.Sign(key, buf)`
[#55] refs: Add Scheme field to Signature Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-02-22 11:25:43 +00:00			`default:`
[#380] Support changes in signature schemes Support new `SignatureRFC6979` message. Make `refs.ECDSA_SHA512` to be default scheme. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2022-03-02 10:15:36 +00:00			`panic(fmt.Sprintf("unsupported scheme %s", cfg.scheme))`
service: Add updated Sign/Verify mechanism 2020-08-12 14:03:11 +00:00			`}`
			`}`

			`func SignWithRFC6979() SignOption {`
			`return func(c *cfg) {`
[#380] Support changes in signature schemes Support new `SignatureRFC6979` message. Make `refs.ECDSA_SHA512` to be default scheme. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2022-03-02 10:15:36 +00:00			`c.schemeFixed = true`
			`c.scheme = refs.ECDSA_RFC6979_SHA256`
service: Add updated Sign/Verify mechanism 2020-08-12 14:03:11 +00:00			`}`
			`}`
[#393] util/signature: Remove bytes pool and provide buffer explicitly Chained verification is done in a single thread there is no need to use pool to do this. Also because newly allocated items are 5 MiB in size we can run out of memory given that typical header it much less in size. Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-04-11 11:23:10 +00:00
			`// WithBuffer allows providing pre-allocated buffer for signature verification.`
			`func WithBuffer(buf []byte) SignOption {`
			`return func(c *cfg) {`
			`c.buffer = buf`
			`}`
			`}`
[#386] util/signature: Add WalletConnect API support To avoid introducing new dependency (neo-go), crypto routines are used as in other code. Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-15 13:54:47 +00:00
			`func SignWithWalletConnect() SignOption {`
			`return func(c *cfg) {`
			`c.scheme = refs.ECDSA_RFC6979_SHA256_WALLET_CONNECT`
			`}`
			`}`