frostfs-api-go/util/signature/options.go
Evgenii Stratonikov a4349f6692 [#55] refs: Add Scheme field to Signature
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2022-02-25 10:15:28 +03:00

59 lines
1.4 KiB
Go

package signature
import (
"crypto/ecdsa"
"fmt"
"github.com/nspcc-dev/neofs-api-go/v2/refs"
crypto "github.com/nspcc-dev/neofs-crypto"
)
type cfg struct {
defaultScheme refs.SignatureScheme
restrictScheme refs.SignatureScheme
}
func defaultCfg() *cfg {
return &cfg{
defaultScheme: refs.ECDSA_SHA512,
restrictScheme: refs.UnspecifiedScheme,
}
}
func verify(cfg *cfg, data []byte, sig *refs.Signature) error {
scheme := sig.GetScheme()
if scheme == refs.UnspecifiedScheme {
scheme = cfg.defaultScheme
}
if cfg.restrictScheme != refs.UnspecifiedScheme && scheme != cfg.restrictScheme {
return fmt.Errorf("%w: unexpected signature scheme", crypto.ErrInvalidSignature)
}
pub := crypto.UnmarshalPublicKey(sig.GetKey())
switch scheme {
case refs.ECDSA_SHA512:
return crypto.Verify(pub, data, sig.GetSign())
case refs.ECDSA_RFC6979_SHA256:
return crypto.VerifyRFC6979(pub, data, sig.GetSign())
default:
return crypto.ErrInvalidSignature
}
}
func sign(cfg *cfg, scheme refs.SignatureScheme, key *ecdsa.PrivateKey, data []byte) ([]byte, error) {
switch scheme {
case refs.ECDSA_SHA512:
return crypto.Sign(key, data)
case refs.ECDSA_RFC6979_SHA256:
return crypto.SignRFC6979(key, data)
default:
panic("unsupported scheme")
}
}
func SignWithRFC6979() SignOption {
return func(c *cfg) {
c.defaultScheme = refs.ECDSA_RFC6979_SHA256
c.restrictScheme = refs.ECDSA_RFC6979_SHA256
}
}