git.frostfs.info/TrueCloudLab/frostfs-sdk-go@v0.0.0-20241022124111-5361f0ecebd3/crypto/signer.go

git.frostfs.info/TrueCloudLab/frostfs-sdk-go@v0.0.0-20241022124111-5361f0ecebd3/crypto/signer.go (about)

     1  package frostfscrypto
     2  
     3  import (
     4  	"fmt"
     5  
     6  	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
     7  )
     8  
     9  // Scheme represents digital signature algorithm with fixed cryptographic hash function.
    10  //
    11  // Negative values are reserved and depend on context (e.g. unsupported scheme).
    12  type Scheme int32
    13  
    14  //nolint:revive
    15  const (
    16  	_ Scheme = iota - 1
    17  
    18  	ECDSA_SHA512               // ECDSA with SHA-512 hashing (FIPS 186-3)
    19  	ECDSA_DETERMINISTIC_SHA256 // Deterministic ECDSA with SHA-256 hashing (RFC 6979)
    20  	ECDSA_WALLETCONNECT        // Wallet Connect signature scheme
    21  )
    22  
    23  // String implements fmt.Stringer.
    24  func (x Scheme) String() string {
    25  	return refs.SignatureScheme(x).String()
    26  }
    27  
    28  // maps Scheme to blank PublicKey constructor.
    29  var publicKeys = make(map[Scheme]func() PublicKey)
    30  
    31  // RegisterScheme registers a function that returns a new blank PublicKey
    32  // instance for the given Scheme. This is intended to be called from the init
    33  // function in packages that implement signature schemes.
    34  //
    35  // RegisterScheme panics if function for the given Scheme is already registered.
    36  //
    37  // Note that RegisterScheme isn't tread-safe.
    38  func RegisterScheme(scheme Scheme, f func() PublicKey) {
    39  	_, ok := publicKeys[scheme]
    40  	if ok {
    41  		panic(fmt.Sprintf("scheme %v is already registered", scheme))
    42  	}
    43  
    44  	publicKeys[scheme] = f
    45  }
    46  
    47  // Signer is an interface of entities that can be used for signing operations
    48  // in FrostFS. Unites secret and public parts. For example, an ECDSA private key
    49  // or external auth service.
    50  //
    51  // See also PublicKey.
    52  type Signer interface {
    53  	// Scheme returns corresponding signature scheme.
    54  	Scheme() Scheme
    55  
    56  	// Sign signs digest of the given data. Implementations encapsulate data
    57  	// hashing that depends on Scheme. For example, if scheme uses SHA-256, then
    58  	// Sign signs SHA-256 hash of the data.
    59  	Sign(data []byte) ([]byte, error)
    60  
    61  	// Public returns the public key corresponding to the Signer.
    62  	Public() PublicKey
    63  }
    64  
    65  // PublicKey represents a public key using fixed signature scheme supported by
    66  // FrostFS.
    67  //
    68  // See also Signer.
    69  type PublicKey interface {
    70  	// MaxEncodedSize returns maximum size required for binary-encoded
    71  	// public key.
    72  	//
    73  	// MaxEncodedSize MUST NOT return value greater than any return of
    74  	// Encode.
    75  	MaxEncodedSize() int
    76  
    77  	// Encode encodes public key into buf. Returns number of bytes
    78  	// written.
    79  	//
    80  	// Encode MUST panic if buffer size is insufficient and less than
    81  	// MaxEncodedSize (*). Encode MUST return negative value
    82  	// on any failure except (*).
    83  	//
    84  	// Encode is a reverse operation to Decode.
    85  	Encode(buf []byte) int
    86  
    87  	// Decode decodes binary public key.
    88  	//
    89  	// Decode is a reverse operation to Encode.
    90  	Decode([]byte) error
    91  
    92  	// Verify checks signature of the given data. True means correct signature.
    93  	Verify(data, signature []byte) bool
    94  }