[#53] util: move signature package from neofs-api-go

Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-10-27 13:00:11 +03:00 · 2021-10-27 13:00:11 +03:00 · 1feafcbcbf
commit 1feafcbcbf
parent bd554c94d8
3 changed files with 242 additions and 0 deletions
--- a/util/signature/data.go
+++ b/util/signature/data.go
@ -0,0 +1,120 @@
+package signature
+
+import (
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"errors"
+	"fmt"
+
+	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
+)
+
+type DataSource interface {
+	ReadSignedData([]byte) ([]byte, error)
+	SignedDataSize() int
+}
+
+type DataWithSignature interface {
+	DataSource
+	GetSignatureWithKey() (key, sig []byte)
+	SetSignatureWithKey(key, sig []byte)
+}
+
+type SignOption func(*cfg)
+
+type KeySignatureHandler func(key []byte, sig []byte)
+
+type KeySignatureSource func() (key, sig []byte)
+
+const (
+	// PrivateKeyCompressedSize is constant with compressed size of private key (SK).
+	// D coordinate stored, recover PK by formula x, y = curve.ScalarBaseMul(d,bytes).
+	PrivateKeyCompressedSize = 32
+
+	// PublicKeyCompressedSize is constant with compressed size of public key (PK).
+	PublicKeyCompressedSize = 33
+
+	// PublicKeyUncompressedSize is constant with uncompressed size of public key (PK).
+	// First byte always should be 0x4 other 64 bytes is X and Y (32 bytes per coordinate).
+	// 2 * 32 + 1.
+	PublicKeyUncompressedSize = 65
+)
+
+var (
+	// ErrEmptyPrivateKey is returned when used private key is empty.
+	ErrEmptyPrivateKey = errors.New("empty private key")
+	// ErrInvalidPublicKey is returned when public key cannot be unmarshalled.
+	ErrInvalidPublicKey = errors.New("invalid public key")
+	// ErrInvalidSignature is returned if signature cannot be verified.
+	ErrInvalidSignature = errors.New("invalid signature")
+)
+
+func DataSignature(key *ecdsa.PrivateKey, src DataSource, opts ...SignOption) ([]byte, error) {
+	if key == nil {
+		return nil, ErrEmptyPrivateKey
+	}
+
+	data, err := dataForSignature(src)
+	if err != nil {
+		return nil, err
+	}
+	defer bytesPool.Put(&data)
+
+	cfg := defaultCfg()
+
+	for i := range opts {
+		opts[i](cfg)
+	}
+
+	return cfg.signFunc(key, data)
+}
+
+func SignDataWithHandler(key *ecdsa.PrivateKey, src DataSource, handler KeySignatureHandler, opts ...SignOption) error {
+	sig, err := DataSignature(key, src, opts...)
+	if err != nil {
+		return err
+	}
+
+	pub := (*keys.PublicKey)(&key.PublicKey)
+	handler(pub.Bytes(), sig)
+
+	return nil
+}
+
+func VerifyDataWithSource(dataSrc DataSource, sigSrc KeySignatureSource, opts ...SignOption) error {
+	data, err := dataForSignature(dataSrc)
+	if err != nil {
+		return err
+	}
+	defer bytesPool.Put(&data)
+
+	cfg := defaultCfg()
+
+	for i := range opts {
+		opts[i](cfg)
+	}
+
+	key, sig := sigSrc()
+
+	var pub *keys.PublicKey
+	if len(key) != 0 {
+		pub, err = keys.NewPublicKeyFromBytes(key, elliptic.P256())
+		if err != nil {
+			return fmt.Errorf("%w: %v", ErrInvalidPublicKey, err)
+		}
+	}
+
+	return cfg.verifyFunc(
+		(*ecdsa.PublicKey)(pub),
+		data,
+		sig,
+	)
+}
+
+func SignData(key *ecdsa.PrivateKey, v DataWithSignature, opts ...SignOption) error {
+	return SignDataWithHandler(key, v, v.SetSignatureWithKey, opts...)
+}
+
+func VerifyData(src DataWithSignature, opts ...SignOption) error {
+	return VerifyDataWithSource(src, src.GetSignatureWithKey, opts...)
+}