frostfs-api-go/util/signature/data.go

package signature

import (
	"crypto/ecdsa"

	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
	crypto "git.frostfs.info/TrueCloudLab/frostfs-crypto"
)

type DataSource interface {
	ReadSignedData([]byte) ([]byte, error)
	SignedDataSize() int
}

type DataWithSignature interface {
	DataSource
	GetSignature() *refs.Signature
	SetSignature(*refs.Signature)
}

type SignOption func(*cfg)

type KeySignatureHandler func(*refs.Signature)

type KeySignatureSource func() *refs.Signature

func SignDataWithHandler(key *ecdsa.PrivateKey, src DataSource, handler KeySignatureHandler, opts ...SignOption) error {
	if key == nil {
		return crypto.ErrEmptyPrivateKey
	}

	cfg := defaultCfg()

	for i := range opts {
		opts[i](cfg)
	}

	data, err := readSignedData(cfg, src)
	if err != nil {
		return err
	}

	sigData, err := sign(cfg, key, data)
	if err != nil {
		return err
	}

	sig := new(refs.Signature)
	sig.SetScheme(cfg.scheme)
	sig.SetKey(crypto.MarshalPublicKey(&key.PublicKey))
	sig.SetSign(sigData)
	handler(sig)

	return nil
}

func VerifyDataWithSource(dataSrc DataSource, sigSrc KeySignatureSource, opts ...SignOption) error {
	cfg := defaultCfg()

	for i := range opts {
		opts[i](cfg)
	}

	data, err := readSignedData(cfg, dataSrc)
	if err != nil {
		return err
	}

	return verify(cfg, data, sigSrc())
}

func SignData(key *ecdsa.PrivateKey, v DataWithSignature, opts ...SignOption) error {
	return SignDataWithHandler(key, v, v.SetSignature, opts...)
}

func VerifyData(src DataWithSignature, opts ...SignOption) error {
	return VerifyDataWithSource(src, src.GetSignature, opts...)
}

func readSignedData(cfg *cfg, src DataSource) ([]byte, error) {
	size := src.SignedDataSize()
	if cfg.buffer == nil || cap(cfg.buffer) < size {
		cfg.buffer = make([]byte, size)
	} else {
		cfg.buffer = cfg.buffer[:size]
	}
	return src.ReadSignedData(cfg.buffer)
}
service: Add updated Sign/Verify mechanism 2020-08-12 14:03:11 +00:00			`package signature`

			`import (`
			`"crypto/ecdsa"`

Rename package name Due to source code relocation from GitHub. Signed-off-by: Alex Vanin <a.vanin@yadro.com> 2023-03-07 10:38:56 +00:00			`"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"`
			`crypto "git.frostfs.info/TrueCloudLab/frostfs-crypto"`
service: Add updated Sign/Verify mechanism 2020-08-12 14:03:11 +00:00			`)`

			`type DataSource interface {`
			`ReadSignedData([]byte) ([]byte, error)`
service/signature: Rename interface methods Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-12 15:20:04 +00:00			`SignedDataSize() int`
service: Add updated Sign/Verify mechanism 2020-08-12 14:03:11 +00:00			`}`

			`type DataWithSignature interface {`
			`DataSource`
[#55] refs: Add Scheme field to Signature Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-02-22 11:25:43 +00:00			`GetSignature() *refs.Signature`
			`SetSignature(*refs.Signature)`
service: Add updated Sign/Verify mechanism 2020-08-12 14:03:11 +00:00			`}`

			`type SignOption func(*cfg)`

[#55] refs: Add Scheme field to Signature Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-02-22 11:25:43 +00:00			`type KeySignatureHandler func(*refs.Signature)`
service: Add updated Sign/Verify mechanism 2020-08-12 14:03:11 +00:00
[#55] refs: Add Scheme field to Signature Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-02-22 11:25:43 +00:00			`type KeySignatureSource func() *refs.Signature`
service: Add updated Sign/Verify mechanism 2020-08-12 14:03:11 +00:00
[#55] refs: Add Scheme field to Signature Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-02-22 11:25:43 +00:00			`func SignDataWithHandler(key *ecdsa.PrivateKey, src DataSource, handler KeySignatureHandler, opts ...SignOption) error {`
service: Add updated Sign/Verify mechanism 2020-08-12 14:03:11 +00:00			`if key == nil {`
[#55] refs: Add Scheme field to Signature Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-02-22 11:25:43 +00:00			`return crypto.ErrEmptyPrivateKey`
service: Add updated Sign/Verify mechanism 2020-08-12 14:03:11 +00:00			`}`

			`cfg := defaultCfg()`

			`for i := range opts {`
			`opts[i](cfg)`
			`}`

[#393] util/signature: Remove bytes pool and provide buffer explicitly Chained verification is done in a single thread there is no need to use pool to do this. Also because newly allocated items are 5 MiB in size we can run out of memory given that typical header it much less in size. Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-04-11 11:23:10 +00:00			`data, err := readSignedData(cfg, src)`
			`if err != nil {`
			`return err`
			`}`

[#380] Support changes in signature schemes Support new `SignatureRFC6979` message. Make `refs.ECDSA_SHA512` to be default scheme. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2022-03-02 10:15:36 +00:00			`sigData, err := sign(cfg, key, data)`
service: Add updated Sign/Verify mechanism 2020-08-12 14:03:11 +00:00			`if err != nil {`
			`return err`
			`}`

[#55] refs: Add Scheme field to Signature Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-02-22 11:25:43 +00:00			`sig := new(refs.Signature)`
[#380] Support changes in signature schemes Support new `SignatureRFC6979` message. Make `refs.ECDSA_SHA512` to be default scheme. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2022-03-02 10:15:36 +00:00			`sig.SetScheme(cfg.scheme)`
[#55] refs: Add Scheme field to Signature Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-02-22 11:25:43 +00:00			`sig.SetKey(crypto.MarshalPublicKey(&key.PublicKey))`
			`sig.SetSign(sigData)`
			`handler(sig)`
service: Add updated Sign/Verify mechanism 2020-08-12 14:03:11 +00:00
			`return nil`
			`}`

			`func VerifyDataWithSource(dataSrc DataSource, sigSrc KeySignatureSource, opts ...SignOption) error {`
			`cfg := defaultCfg()`

			`for i := range opts {`
			`opts[i](cfg)`
			`}`

[#393] util/signature: Remove bytes pool and provide buffer explicitly Chained verification is done in a single thread there is no need to use pool to do this. Also because newly allocated items are 5 MiB in size we can run out of memory given that typical header it much less in size. Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-04-11 11:23:10 +00:00			`data, err := readSignedData(cfg, dataSrc)`
			`if err != nil {`
			`return err`
			`}`

[#55] refs: Add Scheme field to Signature Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-02-22 11:25:43 +00:00			`return verify(cfg, data, sigSrc())`
service: Add updated Sign/Verify mechanism 2020-08-12 14:03:11 +00:00			`}`

			`func SignData(key *ecdsa.PrivateKey, v DataWithSignature, opts ...SignOption) error {`
[#55] refs: Add Scheme field to Signature Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-02-22 11:25:43 +00:00			`return SignDataWithHandler(key, v, v.SetSignature, opts...)`
service: Add updated Sign/Verify mechanism 2020-08-12 14:03:11 +00:00			`}`

			`func VerifyData(src DataWithSignature, opts ...SignOption) error {`
[#55] refs: Add Scheme field to Signature Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-02-22 11:25:43 +00:00			`return VerifyDataWithSource(src, src.GetSignature, opts...)`
service: Add updated Sign/Verify mechanism 2020-08-12 14:03:11 +00:00			`}`
[#393] util/signature: Remove bytes pool and provide buffer explicitly Chained verification is done in a single thread there is no need to use pool to do this. Also because newly allocated items are 5 MiB in size we can run out of memory given that typical header it much less in size. Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-04-11 11:23:10 +00:00
			`func readSignedData(cfg *cfg, src DataSource) ([]byte, error) {`
			`size := src.SignedDataSize()`
			`if cfg.buffer == nil \|\| cap(cfg.buffer) < size {`
			`cfg.buffer = make([]byte, size)`
			`} else {`
			`cfg.buffer = cfg.buffer[:size]`
			`}`
			`return src.ReadSignedData(cfg.buffer)`
			`}`