forked from TrueCloudLab/frostfs-api-go
59 lines
1.4 KiB
Go
59 lines
1.4 KiB
Go
package signature
|
|
|
|
import (
|
|
"crypto/ecdsa"
|
|
"fmt"
|
|
|
|
"github.com/nspcc-dev/neofs-api-go/v2/refs"
|
|
crypto "github.com/nspcc-dev/neofs-crypto"
|
|
)
|
|
|
|
type cfg struct {
|
|
defaultScheme refs.SignatureScheme
|
|
restrictScheme refs.SignatureScheme
|
|
}
|
|
|
|
func defaultCfg() *cfg {
|
|
return &cfg{
|
|
defaultScheme: refs.ECDSA_SHA512,
|
|
restrictScheme: refs.UnspecifiedScheme,
|
|
}
|
|
}
|
|
|
|
func verify(cfg *cfg, data []byte, sig *refs.Signature) error {
|
|
scheme := sig.GetScheme()
|
|
if scheme == refs.UnspecifiedScheme {
|
|
scheme = cfg.defaultScheme
|
|
}
|
|
if cfg.restrictScheme != refs.UnspecifiedScheme && scheme != cfg.restrictScheme {
|
|
return fmt.Errorf("%w: unexpected signature scheme", crypto.ErrInvalidSignature)
|
|
}
|
|
|
|
pub := crypto.UnmarshalPublicKey(sig.GetKey())
|
|
switch scheme {
|
|
case refs.ECDSA_SHA512:
|
|
return crypto.Verify(pub, data, sig.GetSign())
|
|
case refs.ECDSA_RFC6979_SHA256:
|
|
return crypto.VerifyRFC6979(pub, data, sig.GetSign())
|
|
default:
|
|
return crypto.ErrInvalidSignature
|
|
}
|
|
}
|
|
|
|
func sign(cfg *cfg, scheme refs.SignatureScheme, key *ecdsa.PrivateKey, data []byte) ([]byte, error) {
|
|
switch scheme {
|
|
case refs.ECDSA_SHA512:
|
|
return crypto.Sign(key, data)
|
|
case refs.ECDSA_RFC6979_SHA256:
|
|
return crypto.SignRFC6979(key, data)
|
|
default:
|
|
panic("unsupported scheme")
|
|
}
|
|
}
|
|
|
|
func SignWithRFC6979() SignOption {
|
|
return func(c *cfg) {
|
|
c.defaultScheme = refs.ECDSA_RFC6979_SHA256
|
|
c.restrictScheme = refs.ECDSA_RFC6979_SHA256
|
|
}
|
|
}
|