frostfs-sdk-go/util/signature/data.go

package signature

import (
	"crypto/ecdsa"
	"errors"

	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
	"github.com/nspcc-dev/neofs-sdk-go/signature"
)

type DataSource interface {
	ReadSignedData([]byte) ([]byte, error)
	SignedDataSize() int
}

type DataWithSignature interface {
	DataSource
	GetSignature() *signature.Signature
	SetSignature(*signature.Signature)
}

type SignOption func(*cfg)

const (
	// PrivateKeyCompressedSize is constant with compressed size of private key (SK).
	// D coordinate stored, recover PK by formula x, y = curve.ScalarBaseMul(d,bytes).
	PrivateKeyCompressedSize = 32

	// PublicKeyCompressedSize is constant with compressed size of public key (PK).
	PublicKeyCompressedSize = 33

	// PublicKeyUncompressedSize is constant with uncompressed size of public key (PK).
	// First byte always should be 0x4 other 64 bytes is X and Y (32 bytes per coordinate).
	// 2 * 32 + 1.
	PublicKeyUncompressedSize = 65
)

var (
	// ErrEmptyPrivateKey is returned when used private key is empty.
	ErrEmptyPrivateKey = errors.New("empty private key")
	// ErrInvalidPublicKey is returned when public key cannot be unmarshalled.
	ErrInvalidPublicKey = errors.New("invalid public key")
	// ErrInvalidSignature is returned if signature cannot be verified.
	ErrInvalidSignature = errors.New("invalid signature")
)

func SignData(key *ecdsa.PrivateKey, src DataSource, opts ...SignOption) (*signature.Signature, error) {
	if key == nil {
		return nil, ErrEmptyPrivateKey
	}

	data, err := dataForSignature(src)
	if err != nil {
		return nil, err
	}
	defer bytesPool.Put(&data)

	cfg := getConfig(opts...)

	sigData, err := sign(cfg.scheme, key, data)
	if err != nil {
		return nil, err
	}

	sig := signature.New()
	sig.SetKey((*keys.PublicKey)(&key.PublicKey).Bytes())
	sig.SetSign(sigData)
	sig.SetScheme(cfg.scheme)
	return sig, nil
}

func VerifyData(dataSrc DataSource, sig *signature.Signature, opts ...SignOption) error {
	data, err := dataForSignature(dataSrc)
	if err != nil {
		return err
	}
	defer bytesPool.Put(&data)

	cfg := getConfig(opts...)

	return verify(cfg, data, sig)
}
[#53] util: move signature package from neofs-api-go Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2021-10-27 10:00:11 +00:00			`package signature`

			`import (`
			`"crypto/ecdsa"`
			`"errors"`
[#93] Remove golang.org/x/crypto dependency Signed-off-by: Denis Kirillov <denis@nspcc.ru> 2021-12-10 13:56:04 +00:00
			`"github.com/nspcc-dev/neo-go/pkg/crypto/keys"`
[#150] signature: Add scheme Allow `SignOption` to set 2 parameters: 1. Default signature scheme, which is used in case scheme is unspecified. 2. Restrict scheme option which also checks that scheme is either unspecified or equal to the restricted scheme. This is only used for verification and is necessary because some of the signatures are used in smart-contracts. Also provide signature struct to sign/verify functions in helpers. The constant names differ a bit from those in API because of linter complaints. Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-02-24 11:05:05 +00:00			`"github.com/nspcc-dev/neofs-sdk-go/signature"`
[#53] util: move signature package from neofs-api-go Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2021-10-27 10:00:11 +00:00			`)`

			`type DataSource interface {`
			`ReadSignedData([]byte) ([]byte, error)`
			`SignedDataSize() int`
			`}`

			`type DataWithSignature interface {`
			`DataSource`
[#150] signature: Add scheme Allow `SignOption` to set 2 parameters: 1. Default signature scheme, which is used in case scheme is unspecified. 2. Restrict scheme option which also checks that scheme is either unspecified or equal to the restricted scheme. This is only used for verification and is necessary because some of the signatures are used in smart-contracts. Also provide signature struct to sign/verify functions in helpers. The constant names differ a bit from those in API because of linter complaints. Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-02-24 11:05:05 +00:00			`GetSignature() *signature.Signature`
			`SetSignature(*signature.Signature)`
[#53] util: move signature package from neofs-api-go Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2021-10-27 10:00:11 +00:00			`}`

			`type SignOption func(*cfg)`

			`const (`
			`// PrivateKeyCompressedSize is constant with compressed size of private key (SK).`
			`// D coordinate stored, recover PK by formula x, y = curve.ScalarBaseMul(d,bytes).`
			`PrivateKeyCompressedSize = 32`

			`// PublicKeyCompressedSize is constant with compressed size of public key (PK).`
			`PublicKeyCompressedSize = 33`

			`// PublicKeyUncompressedSize is constant with uncompressed size of public key (PK).`
			`// First byte always should be 0x4 other 64 bytes is X and Y (32 bytes per coordinate).`
			`// 2 * 32 + 1.`
			`PublicKeyUncompressedSize = 65`
			`)`

			`var (`
			`// ErrEmptyPrivateKey is returned when used private key is empty.`
			`ErrEmptyPrivateKey = errors.New("empty private key")`
			`// ErrInvalidPublicKey is returned when public key cannot be unmarshalled.`
			`ErrInvalidPublicKey = errors.New("invalid public key")`
			`// ErrInvalidSignature is returned if signature cannot be verified.`
			`ErrInvalidSignature = errors.New("invalid signature")`
			`)`

[#150] util/signature: Simplify public interface Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-02-24 11:45:52 +00:00			`func SignData(key ecdsa.PrivateKey, src DataSource, opts ...SignOption) (signature.Signature, error) {`
[#53] util: move signature package from neofs-api-go Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2021-10-27 10:00:11 +00:00			`if key == nil {`
[#150] util/signature: Simplify public interface Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-02-24 11:45:52 +00:00			`return nil, ErrEmptyPrivateKey`
[#53] util: move signature package from neofs-api-go Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2021-10-27 10:00:11 +00:00			`}`

			`data, err := dataForSignature(src)`
			`if err != nil {`
[#150] util/signature: Simplify public interface Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-02-24 11:45:52 +00:00			`return nil, err`
[#53] util: move signature package from neofs-api-go Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2021-10-27 10:00:11 +00:00			`}`
			`defer bytesPool.Put(&data)`

[#150] signature: Add scheme Allow `SignOption` to set 2 parameters: 1. Default signature scheme, which is used in case scheme is unspecified. 2. Restrict scheme option which also checks that scheme is either unspecified or equal to the restricted scheme. This is only used for verification and is necessary because some of the signatures are used in smart-contracts. Also provide signature struct to sign/verify functions in helpers. The constant names differ a bit from those in API because of linter complaints. Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-02-24 11:05:05 +00:00			`cfg := getConfig(opts...)`
[#53] util: move signature package from neofs-api-go Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2021-10-27 10:00:11 +00:00
[#157] signature: Change scheme selection `SignData`: use `ECDSAWithSHA512` by default. `SignWithRFC6979` option switches the scheme to `RFC6979WithSHA256`. `VerifyData`: if scheme is not fixed (like by `SignWithRFC6979` option) then scheme from the message is processed. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2022-03-02 10:41:41 +00:00			`sigData, err := sign(cfg.scheme, key, data)`
[#53] util: move signature package from neofs-api-go Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2021-10-27 10:00:11 +00:00			`if err != nil {`
[#150] util/signature: Simplify public interface Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-02-24 11:45:52 +00:00			`return nil, err`
[#53] util: move signature package from neofs-api-go Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2021-10-27 10:00:11 +00:00			`}`

[#150] signature: Add scheme Allow `SignOption` to set 2 parameters: 1. Default signature scheme, which is used in case scheme is unspecified. 2. Restrict scheme option which also checks that scheme is either unspecified or equal to the restricted scheme. This is only used for verification and is necessary because some of the signatures are used in smart-contracts. Also provide signature struct to sign/verify functions in helpers. The constant names differ a bit from those in API because of linter complaints. Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-02-24 11:05:05 +00:00			`sig := signature.New()`
			`sig.SetKey((*keys.PublicKey)(&key.PublicKey).Bytes())`
			`sig.SetSign(sigData)`
[#157] signature: Change scheme selection `SignData`: use `ECDSAWithSHA512` by default. `SignWithRFC6979` option switches the scheme to `RFC6979WithSHA256`. `VerifyData`: if scheme is not fixed (like by `SignWithRFC6979` option) then scheme from the message is processed. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2022-03-02 10:41:41 +00:00			`sig.SetScheme(cfg.scheme)`
[#150] util/signature: Simplify public interface Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-02-24 11:45:52 +00:00			`return sig, nil`
[#53] util: move signature package from neofs-api-go Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2021-10-27 10:00:11 +00:00			`}`

[#150] util/signature: Simplify public interface Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-02-24 11:45:52 +00:00			`func VerifyData(dataSrc DataSource, sig *signature.Signature, opts ...SignOption) error {`
[#53] util: move signature package from neofs-api-go Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2021-10-27 10:00:11 +00:00			`data, err := dataForSignature(dataSrc)`
			`if err != nil {`
			`return err`
			`}`
			`defer bytesPool.Put(&data)`

[#150] signature: Add scheme Allow `SignOption` to set 2 parameters: 1. Default signature scheme, which is used in case scheme is unspecified. 2. Restrict scheme option which also checks that scheme is either unspecified or equal to the restricted scheme. This is only used for verification and is necessary because some of the signatures are used in smart-contracts. Also provide signature struct to sign/verify functions in helpers. The constant names differ a bit from those in API because of linter complaints. Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-02-24 11:05:05 +00:00			`cfg := getConfig(opts...)`
[#53] util: move signature package from neofs-api-go Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2021-10-27 10:00:11 +00:00
[#150] util/signature: Simplify public interface Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-02-24 11:45:52 +00:00			`return verify(cfg, data, sig)`
[#53] util: move signature package from neofs-api-go Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2021-10-27 10:00:11 +00:00			`}`