From d065453bd0a7a22b4efd724b11ecec6a50c275bc Mon Sep 17 00:00:00 2001 From: Leonard Lyubich Date: Wed, 2 Mar 2022 13:15:36 +0300 Subject: [PATCH] [#380] Support changes in signature schemes Support new `SignatureRFC6979` message. Make `refs.ECDSA_SHA512` to be default scheme. Signed-off-by: Leonard Lyubich --- container/convert.go | 37 +++++++++++++++++++++++++---------- container/grpc/service.go | 16 +++++++-------- container/grpc/service.pb.go | Bin 112686 -> 112658 bytes container/types.go | 10 ++++++++++ refs/grpc/types.go | 14 +++++++++++++ refs/grpc/types.pb.go | Bin 26473 -> 28422 bytes refs/types.go | 5 ++--- util/signature/data.go | 4 ++-- util/signature/options.go | 32 ++++++++++++------------------ 9 files changed, 76 insertions(+), 42 deletions(-) diff --git a/container/convert.go b/container/convert.go index 89e0153e..5e49bead 100644 --- a/container/convert.go +++ b/container/convert.go @@ -152,6 +152,18 @@ func (c *Container) FromGRPCMessage(m grpc.Message) error { return nil } +func toSignatureRFC6979(s *refs.Signature) *refsGRPC.SignatureRFC6979 { + var res *refsGRPC.SignatureRFC6979 + + if s != nil { + res = new(refsGRPC.SignatureRFC6979) + res.SetKey(s.GetKey()) + res.SetSign(s.GetSign()) + } + + return res +} + func (r *PutRequestBody) ToGRPCMessage() grpc.Message { var m *container.PutRequest_Body @@ -159,7 +171,7 @@ func (r *PutRequestBody) ToGRPCMessage() grpc.Message { m = new(container.PutRequest_Body) m.SetContainer(r.cnr.ToGRPCMessage().(*container.Container)) - m.SetSignature(r.sig.ToGRPCMessage().(*refsGRPC.Signature)) + m.SetSignature(toSignatureRFC6979(r.sig)) } return m @@ -195,7 +207,8 @@ func (r *PutRequestBody) FromGRPCMessage(m grpc.Message) error { r.sig = new(refs.Signature) } - err = r.sig.FromGRPCMessage(sig) + r.sig.SetKey(sig.GetKey()) + r.sig.SetSign(sig.GetSign()) } return err @@ -391,7 +404,7 @@ func (r *GetResponseBody) ToGRPCMessage() grpc.Message { m.SetContainer(r.cnr.ToGRPCMessage().(*container.Container)) m.SetSessionToken(r.token.ToGRPCMessage().(*sessionGRPC.SessionToken)) - m.SetSignature(r.sig.ToGRPCMessage().(*refsGRPC.Signature)) + m.SetSignature(toSignatureRFC6979(r.sig)) } return m @@ -424,7 +437,8 @@ func (r *GetResponseBody) FromGRPCMessage(m grpc.Message) error { r.sig = new(refs.Signature) } - err = r.sig.FromGRPCMessage(sig) + r.sig.SetKey(sig.GetKey()) + r.sig.SetSign(sig.GetSign()) } token := v.GetSessionToken() @@ -486,7 +500,7 @@ func (r *DeleteRequestBody) ToGRPCMessage() grpc.Message { m = new(container.DeleteRequest_Body) m.SetContainerId(r.cid.ToGRPCMessage().(*refsGRPC.ContainerID)) - m.SetSignature(r.sig.ToGRPCMessage().(*refsGRPC.Signature)) + m.SetSignature(toSignatureRFC6979(r.sig)) } return m @@ -522,7 +536,8 @@ func (r *DeleteRequestBody) FromGRPCMessage(m grpc.Message) error { r.sig = new(refs.Signature) } - err = r.sig.FromGRPCMessage(sig) + r.sig.SetKey(sig.GetKey()) + r.sig.SetSign(sig.GetSign()) } return err @@ -765,7 +780,7 @@ func (r *SetExtendedACLRequestBody) ToGRPCMessage() grpc.Message { m = new(container.SetExtendedACLRequest_Body) m.SetEacl(r.eacl.ToGRPCMessage().(*aclGRPC.EACLTable)) - m.SetSignature(r.sig.ToGRPCMessage().(*refsGRPC.Signature)) + m.SetSignature(toSignatureRFC6979(r.sig)) } return m @@ -801,7 +816,8 @@ func (r *SetExtendedACLRequestBody) FromGRPCMessage(m grpc.Message) error { r.sig = new(refs.Signature) } - err = r.sig.FromGRPCMessage(sig) + r.sig.SetKey(sig.GetKey()) + r.sig.SetSign(sig.GetSign()) } return err @@ -981,7 +997,7 @@ func (r *GetExtendedACLResponseBody) ToGRPCMessage() grpc.Message { m = new(container.GetExtendedACLResponse_Body) m.SetEacl(r.eacl.ToGRPCMessage().(*aclGRPC.EACLTable)) - m.SetSignature(r.sig.ToGRPCMessage().(*refsGRPC.Signature)) + m.SetSignature(toSignatureRFC6979(r.sig)) m.SetSessionToken(r.token.ToGRPCMessage().(*sessionGRPC.SessionToken)) } @@ -1018,7 +1034,8 @@ func (r *GetExtendedACLResponseBody) FromGRPCMessage(m grpc.Message) error { r.sig = new(refs.Signature) } - err = r.sig.FromGRPCMessage(sig) + r.sig.SetKey(sig.GetKey()) + r.sig.SetSign(sig.GetSign()) } token := v.GetSessionToken() diff --git a/container/grpc/service.go b/container/grpc/service.go index 6aa854ba..09743dcc 100644 --- a/container/grpc/service.go +++ b/container/grpc/service.go @@ -14,7 +14,7 @@ func (m *PutRequest_Body) SetContainer(v *Container) { } // SetSignature sets signature of the container structure. -func (m *PutRequest_Body) SetSignature(v *refs.Signature) { +func (m *PutRequest_Body) SetSignature(v *refs.SignatureRFC6979) { if m != nil { m.Signature = v } @@ -77,7 +77,7 @@ func (m *DeleteRequest_Body) SetContainerId(v *refs.ContainerID) { } // SetSignature sets signature of the container identifier. -func (m *DeleteRequest_Body) SetSignature(v *refs.Signature) { +func (m *DeleteRequest_Body) SetSignature(v *refs.SignatureRFC6979) { if m != nil { m.Signature = v } @@ -166,8 +166,8 @@ func (m *GetResponse_Body) SetSessionToken(v *session.SessionToken) { } } -// SetSignature sets signature of the requested container. -func (m *GetResponse_Body) SetSignature(v *refs.Signature) { +// SetSignature sets signature of the container structure. +func (m *GetResponse_Body) SetSignature(v *refs.SignatureRFC6979) { if m != nil { m.Signature = v } @@ -257,8 +257,8 @@ func (m *SetExtendedACLRequest_Body) SetEacl(v *acl.EACLTable) { } } -// SetSignature sets signature of the eACL table. -func (m *SetExtendedACLRequest_Body) SetSignature(v *refs.Signature) { +// SetSignature sets signature of the eACL table structure. +func (m *SetExtendedACLRequest_Body) SetSignature(v *refs.SignatureRFC6979) { if m != nil { m.Signature = v } @@ -341,8 +341,8 @@ func (m *GetExtendedACLResponse_Body) SetEacl(v *acl.EACLTable) { } } -// SetSignature sets signature of the eACL table. -func (m *GetExtendedACLResponse_Body) SetSignature(v *refs.Signature) { +// SetSignature sets signature of the eACL table structure. +func (m *GetExtendedACLResponse_Body) SetSignature(v *refs.SignatureRFC6979) { if m != nil { m.Signature = v } diff --git a/container/grpc/service.pb.go b/container/grpc/service.pb.go index d7fa78e20e26790b782328b964bb38d4505a71bb..dd913949064e96a31b9dc70e339fcccfd0aaef5f 100644 GIT binary patch delta 3976 zcma)9YfzNu6`lj^vb!w1EEh#!xh#lW7WkH3c0phjxf{87i3X#B8cdp|5pAcMsEHXh zCb1fux5?2u$RsSH=k1I9@=+TTE)yKJWLji*}qQe_+4& zJMVkmbDrls=X`rd^)HO-_kFxh#IH|@p3_k4t?*Td8m~Rjy#Ai3@PeziLMU5f17B=B zZ1`VG(Y$`DSeaoEBiqe^p67Dz*cCXk?jU2>=_DM23)-hV((%#Rrs5dMAu?n zVA0QaF5PW+uMcE?_^V`5JCYFi=y;3HQ0{SNDr*&& z_~q~<{=iRhY;llYG+&G5pBc#?VKQ=$g>v}|BUSL{3#o;>Oq3`xu4Id&C-nTXiOPAF zjZFNpLa{t-qM4#;z|NQFkyC8Ek;d*sO6R}EP}LNV*J&~;Ydvo1(CtW6duKa;S!;oN#%_VloSr9)kSX6KBSi+#fk0bvv|LY3b@^*xg9)T!lMdh zaZe(W(Q{RAER|;|Yr9v7`jJBZ+Z;;c{<)MW@A%shI2cIgqY0GEeP)V^DD{bpR}(mM zBAjF#OA^)*2lviFSlD9VmGLxzmsrUtN(QTf7o7B3q@i5RhYCXm7pLP+2ZxJ7*ER;X zL{Jg&`wAt<6xWH*2D3vcj^{74sXG_hMOuGIa%%$pU!O5YEOQ0liKI2U=%sSw?Vf>s z5ZFIL)XgVMw2CjyqauKr%nGu>FUQb*5=_mVOv(=c)1+d-UNhx$R~6zfsiaIK@1+uQ z@`g%s^JqFXvOktmcv}lt_--tCGp!0Q>{aA2A^q@I(e2FSQ?bDQCkrW?t1QT7S`>Lz z%H7f-F|Q3w=QJyTgMlNIWG^37z|cQnUF;n6O1E*8F9vUVRrq;j9HolBOY()NzE~;t z{To$a1E(IEMP(xWq?20<$RrM*o5mSUIH)g~%(PtcuaSFN$S+~FbAJhC;RN<)fuV0* zPvf3sWGk~Av}#G9)bZlt4GEN_LpVO4$T~Ga5_1y&#YmGWOq&7;YM#NfLPkAi1}diV z3ke`zh?G$>D;!LuGU@mEc~rvoBvRx9YIX|pGRDFjt#a*F#8fkhJlyV~BG$QSB3m7# z~G9l?xK686K+{eGob|7#ZR7sFzA~P^z?391_#3as04@a>b^z4zcW50{_E7 zPWiU80>K)yDPH{em@!;QDdN?uvn0QhcrY1Q?>KLlVr3QGUl(VFISvf&MsXgBp+*sR zTF;wvDAfWhZ<&gh2U5YAs#fMwJil26zVDcikVZ@4sIwY*M&xn4VKUYKpQz_@iw7C` zCJWmi^?;(vfay-W%zW5NothM?R9q^~eVfXU6-(|>zc>S)Rq)~|HDyA@F!oIy!84c}#` zN+^gFNIp@HR_M?o~yUe_99b+!>-jovgfFN2|q! zLBE)Oy-}mUCvjLd-zY)sP=Au#&cWa`k_}b2yk+^lQk*qpT zg)|*?A;z~Mg$9JZ%qN#-mttup_$#T_mJ23LzXroGxXn`0W5ltMd`mO|14?CDqb$_}NemR#e4+&tUpYgH&KI%8lQ3 zP=_V-gtg^ZJEQ>jYK~bef)?-aqXBBt zA^D>fhxh8JN#<>W7#W- z=|%qC3_QxFV$e!nS<1t8)NDp>d=e=9b8}BMoSsagj-fe@AkP3XpmY~shWY4Z0I zS<0461>W_5Wb(mA)X!1bCZH6?48>5?VHK7=WkEip_ zh0t`z9KfUw=0|2@Fz*?$hhrK`esdee$9U8s8*D{Z?Q&d^*W;Z@*9z(Rg%lmSuG*pX;_S7`upwJ?2vQ1|+TZ>@4?U-{gr@R5tWvr`9#P3!>Ke{RQ~4;Mf$uFoeUZ|{JR^i@+1%DaZ2S%5@l=K?1T0GTT3OP7Td z;Evf^ofjnXJUb2Y5rS1s!6d#M1vuZ%p&8Q2FF56X$+iN}3XVVH$L48o>-mTsbl)`( z{qoiO!2-ujn#CE5U>pj{&BzOa~bq_0(es#C+{+Qq05=!HjyuC@z3TiX!iDOtp@ zFOc^B+iOEzS+@jO1lkb(+e@?pJ|%i;B~`s7Bg#b>XD2q$IP9SFJ{Q_N~DzdGKM13Euk*_1|uW jxkxqp%~Nvxo3G>1XF=Wkt@tF`^&A}yAOGMs`pEfTn7GW; delta 3925 zcmcInYj9NM8J>69>}EH++1#_q?j|S6CV{X?_LA%-kR^ALm@5Q=5=jCQ3R*E-9HG)l zX2f>1DwnVFwp2|9MxAklM)PBTFd}v8Slf!3PCF`Ah*A;JkVOT=DD?TxvguguO#krb z%-M6^^WL84eco^PhjmB8y74z3Tv}SHbZ`2}=C#}J-#VylyKCd%y@SfV_ix*-tQ%AY zH*McIxK&x%(cRTp-?Fr&u|c_StI}BC&|TZVd}+PEGEmvy-CXM}_lxX<4zcxkl28ib z#K6H4ar!xv7>$n+$A(Sfo+Akp>vo0bi9f7xh^I&G!m-mlF*@?6*jpHU;>;rz+PQ#_ z*!GF{elsi%{=+1W=f#Wf_Uc8~i3G7HJ6>cwzxw69xyD(%ZJZE8+E6%_iiiTdFPHMU#z<`%Po+q_xRn2Hq+XuPqk5s7E97mdRK`=y zq~qtzRH!i;#M&=ith7>&aDSY{7KPF{JdaXE__G`yUPe06`-vrluiRSJ1}RazI%^eE zpXhiqQ8C}hpb~zQ$OlJUTTRs*)Q}?bu9k^~Ulog=Ud-jV6iU(z21MudLf*cd9Q;Z( zE@NiWi(}IYk9ny~;|*|5J?-X!Iemog|Nn3Yd8e0>`Gq*j)1AR-CuhY0wAw7>TMiX8zp^fOJg-ff*CQCnWLaSU=R2Wk^=)&(7Gkz;Q z=vov^gGA~0bUQm*@$qyo?Ksc_xa4bb_xIf0T@hV84NCW(+$0%#OnU+ei~4ONH}GgekK@H}+EE3SW-B;LB1#{H#KDf&N3 z;=_et$BlN_4S$+0-0#QmZcuQJw;v^;;+bT!^Y^jpN>;fy$KouWPDTZ%l3{)|38(@- zl{dB&Di`hN%K70Ga`DJKa>gj`9bUgIsVO=;IyoA4IY4?eqB%6ArEli(p$sbIN5KyM zTLz|QDidyzg@r$>qcYL)d9f^OH^Gwa0Z-k9mPd=z^-O3_ML0w9y_?OX*J!$`|@G)cn_c&S%vm4?4>x)XrRSn z@@guNra&DqmvQ_wW=xJ;5g*OQ&y7Zk7hUH~JedMGmYnuVx!A(5XCYI}nU(jJ!{ga% z)DoU5W_K(l@MCRM$zvs?0y7whKDs~rQ6r!}t;jU7Ia0Tc{x_`Y|pIVu_Ox~Ay zQItrW$>f9zsum~C>G)eG9KV%=sEVF);`|cXX6LT--vCWG-uckp1Aenj|@se_2As)Gd;Fvj| z8V;!M;f%r*Wa#Zo-m3CkO z-0e~BsJg4?5-n!&Asaow_bs8;iISPa^EgP*>65cMl|N|Zc0@yhw-V)B9ob_x89 zLO$`tHCs%%>^omlkbO-XCCK5AU8hcu+ar$7E>N`^H1ctAGUf5foJe9;vE;Im({i!C zKpmB-N(I^U|IHZd{wqd)H22_6b1@tkObuc>f=A#HWM6_3^5R54sJ@`0ZYxCmlug+9Kl5Ch!wlS{Q<6 zKRb`t)PbYF*TU@Ab(AXU^kEPm!i$C58&Ua89oY5Sl{C(-hb1Uz6Ux;kYAltV>Tqsp z#?+K9!3M>^>$uc~rMRL28rauNwit{){4Q&R_8o4J@^sU=D!SnYVETQtS}D8!3cgea zQ8{tN%*Ps``Eg%n$!)uU?U~s5txJ(|M_Q!TON0fE)ZE-w4+;LQ0g)lWC76nMUXu@y zq8r+P4()6rhb)wvs8)1cGD`O*o@t6~iLoklxTu*duw2}XR{X4rHt_SUfEG$&6K_vv zNsi_6;ucJ-a(O_Wub^N)5 zY7xWSNsj;Q?T2tE%T`gJ>4YW@T(C&(utbg-HxF&s_J@uI2f#)bLHbpX@E(UzhlcOQ(T`laA7BsmrGuXR90l! zAQKfSoC23bmCPhE-cM7Ppfs%DAxwqr>CP2Ev!tFLz;29H%L@2J&AIeBPkQo*#E-L8 z`C;!$az<3c%150N(4I)BJ^27My2VmCcn3YkHLEaZ?M`H+YTAhNCaW3w>A7W?(+oqm<5nFILXIXi}F{Q&+&96Xg8+A~0} zSeUi|7-b9EwQY!Op(lsv%aqWbhsi^sH-14b3VriSB8|~#@F5xeVJ_$KUD#m*!;~2c OK1zBDwf>6UaQz#FZq#=G diff --git a/container/types.go b/container/types.go index ea7fd9cb..4da17233 100644 --- a/container/types.go +++ b/container/types.go @@ -316,6 +316,8 @@ func (r *PutRequestBody) GetSignature() *refs.Signature { func (r *PutRequestBody) SetSignature(v *refs.Signature) { if r != nil { + // TODO: (neofs-api-go#381) avoid this hack (e.g. create refs.SignatureRFC6979 type) + v.SetScheme(0) r.sig = v } } @@ -434,6 +436,8 @@ func (r *GetResponseBody) GetSignature() *refs.Signature { // SetSignature sets signature of the requested container. func (r *GetResponseBody) SetSignature(v *refs.Signature) { if r != nil { + // TODO: (neofs-api-go#381) avoid this hack (e.g. create refs.SignatureRFC6979 type) + v.SetScheme(0) r.sig = v } } @@ -476,6 +480,8 @@ func (r *DeleteRequestBody) GetSignature() *refs.Signature { func (r *DeleteRequestBody) SetSignature(v *refs.Signature) { if r != nil { + // TODO: (neofs-api-go#381) avoid this hack (e.g. create refs.SignatureRFC6979 type) + v.SetScheme(0) r.sig = v } } @@ -588,6 +594,8 @@ func (r *SetExtendedACLRequestBody) GetSignature() *refs.Signature { func (r *SetExtendedACLRequestBody) SetSignature(v *refs.Signature) { if r != nil { + // TODO: (neofs-api-go#381) avoid this hack (e.g. create refs.SignatureRFC6979 type) + v.SetScheme(0) r.sig = v } } @@ -672,6 +680,8 @@ func (r *GetExtendedACLResponseBody) GetSignature() *refs.Signature { func (r *GetExtendedACLResponseBody) SetSignature(v *refs.Signature) { if r != nil { + // TODO: (neofs-api-go#381) avoid this hack (e.g. create refs.SignatureRFC6979 type) + v.SetScheme(0) r.sig = v } } diff --git a/refs/grpc/types.go b/refs/grpc/types.go index b1c48c1f..e191656d 100644 --- a/refs/grpc/types.go +++ b/refs/grpc/types.go @@ -84,6 +84,20 @@ func (x *Signature) SetScheme(s SignatureScheme) { } } +// SetKey sets public key in a binary format. +func (x *SignatureRFC6979) SetKey(v []byte) { + if x != nil { + x.Key = v + } +} + +// SetSign sets signature. +func (x *SignatureRFC6979) SetSign(v []byte) { + if x != nil { + x.Sign = v + } +} + // FromString parses SignatureScheme from a string representation, // It is a reverse action to String(). // diff --git a/refs/grpc/types.pb.go b/refs/grpc/types.pb.go index 7df2f05a3a3705d71d243623267ed91df6df31bb..96f62855e7a293e5b5a9f90ae4381ae201d4f217 100644 GIT binary patch delta 1040 zcmZWoOH30{6it8N3`nW+Zzw}C(vkwx&rCZdU@L-1%g}ZR6b1Q6t5qcOiyCb(F>&KY zIborgpoxhq6JmF6gasR8Sh#VeZgfF38lyWj`rh!7&s)6AJ?Gqe&%3#^wyL@FL9@7| zMNn6bl+LN)F|QlfIKeSy*z_lHTW=!KoIZp<`r;$JgJl?NOY;dOI1p=X7A3DVptJ>D zf@t+~PC}+xJLV1MjAHo3XWGQKdfd?E@@$%A>+3m^!O;|MGIf4zXli;QQO8bQzmnjT zt$4F0mOX2Dtg~gY45ctAl%mdJe#<#}AE`G401?xNX zixrk#{EVXu)?=UZ_jy>VtugNP6|L;WgMe{YfqZ}Wwt=L-HDhmB(Q177VM$=7kwJgc z3W+LBpO77x)%wyHZ!FHd2&8jO?hyyaU*m`9?WB{%qp$=-3JM6|mMHA@s<%YR1-T4I zLx=IS!-6le$si6>v?f%KXJI2!p-L?Y?~?FUxDfV^!UH7Vja&ujq;>he)vf0+yix%#m`8#!ARGeUFsV9Ab{#qK`IhlB*y^`Twv-g|9}{>Vm2i z)ar|!0uIJ3R4MEjofO+psy+xoYChb6yecHBlUUz?M0L2X5vuA_6qFxl3~qItx0Eux zQzTkl6sSGYnusi23jPKegXkhrW~NKgY9%`Y-P~+48|&S6mLrF3IPd3hU$mgDrv!aH zjhO54=?H_fr;G5rm&MnfA}z~%?{s2_nd?9h}(&Y5zEfsY`4^cb$jH%a@vwyu!!!OBRE)Si`SVwMZG*V_E@mli_ D`BW@! delta 831 zcmZ9KPfQa*7{#+~#kLTM!~(5AMhoJ=+*{z;I77d>e7tR75EG~wb!IcRWaAX?qS?9A_b?|a{D_WDQe>uc`e zhG`|GE~tx_R4+-+D`ZxglWRqd6jV*Alq-rRYlTJCz-2|9trBA^ld@dV3i(=5u8^u$ zspYj=MIqYdvf{Pdq{2m2ra;QiDZMWg=i#aCU(esF zK#Slkt>!54>nj$AzI9zY z1fzF#Tw>NhgrYz%TO){$cjD$mCtA{uow-G1)5n-O7@(S9*f8HtOALt&iAGl=Z5Odg zX%HqRb`eVzjRKzRqF#nVh8?cS9aV@8;-~k%GAT8&kHFdoX7DZ1f$x(MmKhT17&ICE zQ#;mPrVIH!M87vBnM`3fau*2hmiEGxaa(*o!lNta!iQ-qN|{!ins(rqvG>UhSToKq zGC};zh!C@3EMkkK%L&1t8u=eF$n^M$J% K7uNequejfw(fI-Z diff --git a/refs/types.go b/refs/types.go index dbe307a8..7d89881c 100644 --- a/refs/types.go +++ b/refs/types.go @@ -35,8 +35,7 @@ type SignatureScheme uint32 //nolint:revive const ( - UnspecifiedScheme SignatureScheme = iota - ECDSA_SHA512 + ECDSA_SHA512 SignatureScheme = iota ECDSA_RFC6979_SHA256 ) @@ -189,7 +188,7 @@ func (s *Signature) GetScheme() SignatureScheme { if s != nil { return s.scheme } - return UnspecifiedScheme + return 0 } func (s *Signature) SetScheme(scheme SignatureScheme) { diff --git a/util/signature/data.go b/util/signature/data.go index ee2d7adf..cd02d884 100644 --- a/util/signature/data.go +++ b/util/signature/data.go @@ -41,13 +41,13 @@ func SignDataWithHandler(key *ecdsa.PrivateKey, src DataSource, handler KeySigna opts[i](cfg) } - sigData, err := sign(cfg, cfg.defaultScheme, key, data) + sigData, err := sign(cfg, key, data) if err != nil { return err } sig := new(refs.Signature) - sig.SetScheme(cfg.defaultScheme) + sig.SetScheme(cfg.scheme) sig.SetKey(crypto.MarshalPublicKey(&key.PublicKey)) sig.SetSign(sigData) handler(sig) diff --git a/util/signature/options.go b/util/signature/options.go index c77c290e..dd389866 100644 --- a/util/signature/options.go +++ b/util/signature/options.go @@ -9,51 +9,45 @@ import ( ) type cfg struct { - defaultScheme refs.SignatureScheme - restrictScheme refs.SignatureScheme + schemeFixed bool + scheme refs.SignatureScheme } func defaultCfg() *cfg { - return &cfg{ - defaultScheme: refs.ECDSA_SHA512, - restrictScheme: refs.UnspecifiedScheme, - } + return new(cfg) } func verify(cfg *cfg, data []byte, sig *refs.Signature) error { - scheme := sig.GetScheme() - if scheme == refs.UnspecifiedScheme { - scheme = cfg.defaultScheme - } - if cfg.restrictScheme != refs.UnspecifiedScheme && scheme != cfg.restrictScheme { - return fmt.Errorf("%w: unexpected signature scheme", crypto.ErrInvalidSignature) + if !cfg.schemeFixed { + cfg.scheme = sig.GetScheme() } pub := crypto.UnmarshalPublicKey(sig.GetKey()) - switch scheme { + + switch cfg.scheme { case refs.ECDSA_SHA512: return crypto.Verify(pub, data, sig.GetSign()) case refs.ECDSA_RFC6979_SHA256: return crypto.VerifyRFC6979(pub, data, sig.GetSign()) default: - return crypto.ErrInvalidSignature + return fmt.Errorf("unsupported signature scheme %s", cfg.scheme) } } -func sign(cfg *cfg, scheme refs.SignatureScheme, key *ecdsa.PrivateKey, data []byte) ([]byte, error) { - switch scheme { +func sign(cfg *cfg, key *ecdsa.PrivateKey, data []byte) ([]byte, error) { + switch cfg.scheme { case refs.ECDSA_SHA512: return crypto.Sign(key, data) case refs.ECDSA_RFC6979_SHA256: return crypto.SignRFC6979(key, data) default: - panic("unsupported scheme") + panic(fmt.Sprintf("unsupported scheme %s", cfg.scheme)) } } func SignWithRFC6979() SignOption { return func(c *cfg) { - c.defaultScheme = refs.ECDSA_RFC6979_SHA256 - c.restrictScheme = refs.ECDSA_RFC6979_SHA256 + c.schemeFixed = true + c.scheme = refs.ECDSA_RFC6979_SHA256 } }