2022-12-13 14:36:35 +00:00
|
|
|
package frostfscrypto
|
2022-04-05 11:13:34 +00:00
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
2022-04-19 07:27:27 +00:00
|
|
|
|
2022-12-13 14:36:35 +00:00
|
|
|
"github.com/TrueCloudLab/frostfs-api-go/v2/refs"
|
2022-04-05 11:13:34 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// Scheme represents digital signature algorithm with fixed cryptographic hash function.
|
|
|
|
//
|
2022-04-19 07:25:42 +00:00
|
|
|
// Negative values are reserved and depend on context (e.g. unsupported scheme).
|
|
|
|
type Scheme int32
|
2022-04-05 11:13:34 +00:00
|
|
|
|
|
|
|
//nolint:revive
|
|
|
|
const (
|
2022-04-19 07:25:42 +00:00
|
|
|
_ Scheme = iota - 1
|
2022-04-05 11:13:34 +00:00
|
|
|
|
|
|
|
ECDSA_SHA512 // ECDSA with SHA-512 hashing (FIPS 186-3)
|
|
|
|
ECDSA_DETERMINISTIC_SHA256 // Deterministic ECDSA with SHA-256 hashing (RFC 6979)
|
2022-03-10 12:25:14 +00:00
|
|
|
ECDSA_WALLETCONNECT // Wallet Connect signature scheme
|
2022-04-05 11:13:34 +00:00
|
|
|
)
|
|
|
|
|
2022-04-19 07:27:27 +00:00
|
|
|
// String implements fmt.Stringer.
|
|
|
|
func (x Scheme) String() string {
|
|
|
|
return refs.SignatureScheme(x).String()
|
|
|
|
}
|
|
|
|
|
2022-04-05 11:13:34 +00:00
|
|
|
// maps Scheme to blank PublicKey constructor.
|
|
|
|
var publicKeys = make(map[Scheme]func() PublicKey)
|
|
|
|
|
|
|
|
// RegisterScheme registers a function that returns a new blank PublicKey
|
|
|
|
// instance for the given Scheme. This is intended to be called from the init
|
|
|
|
// function in packages that implement signature schemes.
|
|
|
|
//
|
|
|
|
// RegisterScheme panics if function for the given Scheme is already registered.
|
2022-04-19 08:18:29 +00:00
|
|
|
//
|
|
|
|
// Note that RegisterScheme isn't tread-safe.
|
2022-04-05 11:13:34 +00:00
|
|
|
func RegisterScheme(scheme Scheme, f func() PublicKey) {
|
|
|
|
_, ok := publicKeys[scheme]
|
|
|
|
if ok {
|
|
|
|
panic(fmt.Sprintf("scheme %v is already registered", scheme))
|
|
|
|
}
|
|
|
|
|
|
|
|
publicKeys[scheme] = f
|
|
|
|
}
|
|
|
|
|
|
|
|
// Signer is an interface of entities that can be used for signing operations
|
2022-12-29 10:46:18 +00:00
|
|
|
// in FrostFS. Unites secret and public parts. For example, an ECDSA private key
|
2022-04-05 11:13:34 +00:00
|
|
|
// or external auth service.
|
|
|
|
//
|
|
|
|
// See also PublicKey.
|
|
|
|
type Signer interface {
|
|
|
|
// Scheme returns corresponding signature scheme.
|
|
|
|
Scheme() Scheme
|
|
|
|
|
|
|
|
// Sign signs digest of the given data. Implementations encapsulate data
|
|
|
|
// hashing that depends on Scheme. For example, if scheme uses SHA-256, then
|
|
|
|
// Sign signs SHA-256 hash of the data.
|
|
|
|
Sign(data []byte) ([]byte, error)
|
|
|
|
|
2022-04-19 07:39:50 +00:00
|
|
|
// Public returns the public key corresponding to the Signer.
|
|
|
|
Public() PublicKey
|
|
|
|
}
|
|
|
|
|
|
|
|
// PublicKey represents a public key using fixed signature scheme supported by
|
2022-12-29 10:46:18 +00:00
|
|
|
// FrostFS.
|
2022-04-19 07:39:50 +00:00
|
|
|
//
|
|
|
|
// See also Signer.
|
|
|
|
type PublicKey interface {
|
|
|
|
// MaxEncodedSize returns maximum size required for binary-encoded
|
2022-04-05 11:13:34 +00:00
|
|
|
// public key.
|
|
|
|
//
|
2022-04-19 07:39:50 +00:00
|
|
|
// MaxEncodedSize MUST NOT return value greater than any return of
|
|
|
|
// Encode.
|
|
|
|
MaxEncodedSize() int
|
2022-04-05 11:13:34 +00:00
|
|
|
|
2022-04-19 07:39:50 +00:00
|
|
|
// Encode encodes public key into buf. Returns number of bytes
|
2022-04-05 11:13:34 +00:00
|
|
|
// written.
|
|
|
|
//
|
2022-04-19 07:39:50 +00:00
|
|
|
// Encode MUST panic if buffer size is insufficient and less than
|
|
|
|
// MaxEncodedSize (*). Encode MUST return negative value
|
2022-04-05 11:13:34 +00:00
|
|
|
// on any failure except (*).
|
|
|
|
//
|
2022-04-19 07:39:50 +00:00
|
|
|
// Encode is a reverse operation to Decode.
|
|
|
|
Encode(buf []byte) int
|
2022-04-05 11:13:34 +00:00
|
|
|
|
|
|
|
// Decode decodes binary public key.
|
|
|
|
//
|
2022-04-19 07:39:50 +00:00
|
|
|
// Decode is a reverse operation to Encode.
|
2022-04-05 11:13:34 +00:00
|
|
|
Decode([]byte) error
|
|
|
|
|
|
|
|
// Verify checks signature of the given data. True means correct signature.
|
|
|
|
Verify(data, signature []byte) bool
|
|
|
|
}
|