2025-07-08 08:23:30 -04:00
|
|
|
// Package varsig implements v1.0.0 of the [Varsig specification] with
|
|
|
|
|
// limited support for varsig < v1. This is primarily in support of the
|
|
|
|
|
// UCAN v1.0.0 specification and will be deprecated in the future.
|
2024-11-29 09:08:28 -05:00
|
|
|
//
|
2025-07-08 08:23:30 -04:00
|
|
|
// # Common algorithm naming
|
2024-11-29 09:08:28 -05:00
|
|
|
//
|
|
|
|
|
// While there is no strict need for compatibility with JWA/JWT/JWE/JWS,
|
2025-07-04 09:40:18 -04:00
|
|
|
// all attempts are made to keep the algorithm names here consistent with
|
2025-07-08 08:23:30 -04:00
|
|
|
// list made available at the [IANA Registry] titled "JSON Web Signature
|
|
|
|
|
// and Encryption Algorithms" (JOSE.)
|
2024-11-29 09:08:28 -05:00
|
|
|
//
|
|
|
|
|
// It should also be noted that algorithm in this context might in fact be
|
|
|
|
|
// a pseudonym - for cryptographical signing algorithms that require the
|
|
|
|
|
// signed data to be hashed first, these names commonly refer to the
|
|
|
|
|
// combination of that signing algorithm and the hash algorithm.
|
|
|
|
|
//
|
2025-07-08 08:23:30 -04:00
|
|
|
// [IANA Registry]]: https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms
|
2024-11-29 09:08:28 -05:00
|
|
|
// [Varsig Specification]: https://github.com/ChainAgnostic/varsig
|
|
|
|
|
package varsig
|
2025-07-04 09:40:18 -04:00
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"encoding/binary"
|
2025-07-08 14:13:47 -04:00
|
|
|
"errors"
|
2025-07-04 09:40:18 -04:00
|
|
|
"io"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// Varsig represents types that describe how a signature was generated
|
|
|
|
|
// and thus how to interpret the signature and verify the signed data.
|
|
|
|
|
type Varsig interface {
|
2025-07-09 12:55:44 +02:00
|
|
|
// Version returns the varsig's version field.
|
2025-07-04 09:40:18 -04:00
|
|
|
Version() Version
|
2025-07-09 12:55:44 +02:00
|
|
|
|
|
|
|
|
// Discriminator returns the algorithm used to produce the corresponding signature.
|
2025-07-08 07:34:57 -04:00
|
|
|
Discriminator() Discriminator
|
2025-07-09 12:55:44 +02:00
|
|
|
|
|
|
|
|
// PayloadEncoding returns the codec that was used to encode the signed data.
|
2025-07-04 09:40:18 -04:00
|
|
|
PayloadEncoding() PayloadEncoding
|
2025-07-09 12:55:44 +02:00
|
|
|
|
|
|
|
|
// Signature returns the cryptographic signature of the signed data.
|
|
|
|
|
// This value is never present in a varsig >= v1 and must either be a valid
|
|
|
|
|
// signature with the correct length or empty in varsig < v1.
|
2025-07-04 09:40:18 -04:00
|
|
|
Signature() []byte
|
|
|
|
|
|
2025-07-09 12:55:44 +02:00
|
|
|
// Encode returns the encoded byte format of the varsig.
|
2025-07-04 09:40:18 -04:00
|
|
|
Encode() []byte
|
|
|
|
|
}
|
|
|
|
|
|
2025-07-04 10:04:40 -04:00
|
|
|
// Decode converts the provided data into one of the Varsig types
|
|
|
|
|
// provided by the DefaultRegistry.
|
2025-07-04 09:40:18 -04:00
|
|
|
func Decode(data []byte) (Varsig, error) {
|
2025-07-04 10:04:40 -04:00
|
|
|
return DefaultRegistry().Decode(data)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// DecodeStream converts data read from the provided io.Reader into one
|
|
|
|
|
// of the Varsig types provided by the DefaultRegistry.
|
2025-07-08 18:38:23 +02:00
|
|
|
func DecodeStream(r BytesReader) (Varsig, error) {
|
2025-07-04 10:04:40 -04:00
|
|
|
return DefaultRegistry().DecodeStream(r)
|
2025-07-04 09:40:18 -04:00
|
|
|
}
|
|
|
|
|
|
2025-07-08 18:38:23 +02:00
|
|
|
type varsig struct {
|
2025-07-08 07:34:57 -04:00
|
|
|
vers Version
|
|
|
|
|
disc Discriminator
|
|
|
|
|
payEnc PayloadEncoding
|
|
|
|
|
sig []byte
|
2025-07-04 09:40:18 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Version returns the varsig's version field.
|
2025-07-08 18:38:23 +02:00
|
|
|
func (v varsig) Version() Version {
|
2025-07-04 09:40:18 -04:00
|
|
|
return v.vers
|
|
|
|
|
}
|
|
|
|
|
|
2025-07-08 18:38:23 +02:00
|
|
|
// Discriminator returns the algorithm used to produce the corresponding
|
2025-07-04 09:40:18 -04:00
|
|
|
// signature.
|
2025-07-08 18:38:23 +02:00
|
|
|
func (v varsig) Discriminator() Discriminator {
|
2025-07-08 07:34:57 -04:00
|
|
|
return v.disc
|
2025-07-04 09:40:18 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// PayloadEncoding returns the codec that was used to encode the signed
|
|
|
|
|
// data.
|
2025-07-08 18:38:23 +02:00
|
|
|
func (v varsig) PayloadEncoding() PayloadEncoding {
|
2025-07-04 09:40:18 -04:00
|
|
|
return v.payEnc
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Signature returns the cryptographic signature of the signed data. This
|
|
|
|
|
// value is never present in a varsig >= v1 and must either be a valid
|
|
|
|
|
// signature with the correct length or empty in varsig < v1.
|
2025-07-08 18:38:23 +02:00
|
|
|
func (v varsig) Signature() []byte {
|
2025-07-04 09:40:18 -04:00
|
|
|
return v.sig
|
|
|
|
|
}
|
|
|
|
|
|
2025-07-08 18:38:23 +02:00
|
|
|
func (v varsig) encode() []byte {
|
2025-07-22 12:27:57 +02:00
|
|
|
// Pre-allocate to the maximum size to avoid re-allocating.
|
|
|
|
|
// I think the maximum is 10 bytes, but it's all the same for go to allocate 16 (due to the small
|
|
|
|
|
// size allocation class), so we might as well get some headroom for bigger varints.
|
|
|
|
|
buf := make([]byte, 0, 16)
|
2025-07-04 09:40:18 -04:00
|
|
|
|
|
|
|
|
buf = binary.AppendUvarint(buf, Prefix)
|
|
|
|
|
|
|
|
|
|
if v.Version() == Version1 {
|
|
|
|
|
buf = binary.AppendUvarint(buf, uint64(Version1))
|
|
|
|
|
}
|
|
|
|
|
|
2025-07-08 07:34:57 -04:00
|
|
|
buf = binary.AppendUvarint(buf, uint64(v.disc))
|
2025-07-04 09:40:18 -04:00
|
|
|
|
|
|
|
|
return buf
|
|
|
|
|
}
|
|
|
|
|
|
2025-07-08 18:38:23 +02:00
|
|
|
func (v varsig) decodePayEncAndSig(r BytesReader) (PayloadEncoding, []byte, error) {
|
2025-07-07 07:34:17 -04:00
|
|
|
payEnc, err := DecodePayloadEncoding(r, v.Version())
|
|
|
|
|
if err != nil {
|
2025-07-08 18:38:23 +02:00
|
|
|
return 0, nil, err
|
2025-07-07 07:34:17 -04:00
|
|
|
}
|
|
|
|
|
|
2025-07-08 18:38:23 +02:00
|
|
|
var signature []byte
|
2025-07-08 14:13:47 -04:00
|
|
|
switch v.Version() {
|
|
|
|
|
case Version0:
|
2025-07-08 18:38:23 +02:00
|
|
|
signature, err = io.ReadAll(r)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return 0, nil, err
|
|
|
|
|
}
|
2025-07-08 14:13:47 -04:00
|
|
|
case Version1:
|
|
|
|
|
_, err := r.ReadByte()
|
|
|
|
|
if err != nil && !errors.Is(err, io.EOF) {
|
|
|
|
|
return 0, nil, err
|
|
|
|
|
}
|
|
|
|
|
if err == nil {
|
|
|
|
|
return 0, nil, ErrUnexpectedSignaturePresent
|
|
|
|
|
}
|
2025-07-09 13:15:39 +02:00
|
|
|
default:
|
|
|
|
|
return 0, nil, ErrUnsupportedVersion
|
2025-07-04 09:40:18 -04:00
|
|
|
}
|
|
|
|
|
|
2025-07-08 18:38:23 +02:00
|
|
|
return payEnc, signature, nil
|
2025-07-04 09:40:18 -04:00
|
|
|
}
|
|
|
|
|
|
2025-07-08 14:13:47 -04:00
|
|
|
func validateSig[T Varsig](v T, expectedLength uint64) (T, error) {
|
|
|
|
|
if v.Version() == Version0 && len(v.Signature()) == 0 {
|
|
|
|
|
return v, ErrMissingSignature
|
2025-07-04 09:40:18 -04:00
|
|
|
}
|
|
|
|
|
|
2025-07-08 14:13:47 -04:00
|
|
|
if v.Version() == Version0 && uint64(len(v.Signature())) != expectedLength {
|
|
|
|
|
return *new(T), ErrUnexpectedSignatureSize
|
2025-07-04 09:40:18 -04:00
|
|
|
}
|
|
|
|
|
|
2025-07-08 14:13:47 -04:00
|
|
|
if v.Version() == Version1 && len(v.Signature()) != 0 {
|
|
|
|
|
return *new(T), ErrUnexpectedSignaturePresent
|
2025-07-04 09:40:18 -04:00
|
|
|
}
|
|
|
|
|
|
2025-07-08 14:13:47 -04:00
|
|
|
return v, nil
|
2025-07-08 18:38:23 +02:00
|
|
|
}
|
2025-07-04 09:40:18 -04:00
|
|
|
|
2025-07-08 18:38:23 +02:00
|
|
|
type BytesReader interface {
|
|
|
|
|
io.ByteReader
|
|
|
|
|
io.Reader
|
2025-07-04 09:40:18 -04:00
|
|
|
}
|
