go/varsig
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: go:v1.0.0-pre3
Branches Tags
go:main go:add-ci go:deps go:constants-alloc
go:v1.0.0 go:v1.0.0-pre6 go:v1.0.0-pre5 go:v1.0.0-pre4 go:v1.0.0-pre3 go:v1.0.0-pre2 go:v1.0.0-pre1
..
compare: go:v1.0.0-pre4
Branches Tags
go:main go:add-ci go:deps go:constants-alloc
go:v1.0.0 go:v1.0.0-pre6 go:v1.0.0-pre5 go:v1.0.0-pre4 go:v1.0.0-pre3 go:v1.0.0-pre2 go:v1.0.0-pre1

11 Commits
v1.0.0-pre ... v1.0.0-pre

Author SHA1 Message Date
Steve Moyer
25d4579b29 test(ucan): add test for updated UCAN example varsig 2025-07-10 06:46:07 -04:00
Michael Muré
5fb3516d15 feat(deps): remove the multicodec dependency, as varsig constants are not multicodec 2025-07-10 12:39:27 +02:00
Michael Muré
eb70826a70 varsig: handle unknown version with an error 2025-07-09 13:39:09 +02:00
Michael Muré
6308c66ab7 update varsig documentation 2025-07-09 13:39:09 +02:00
Steve Moyer
f6b72f1907 fix(v0): restores validateSig behavior 2025-07-09 13:39:09 +02:00
Michael Muré
03770e0d38 use value receiver, remove unneeded generic 2025-07-09 13:39:09 +02:00
Steve Moyer
1ea8b00efd Merge pull request #1 from ucan-wg/constants-alloc 
perf(constants): avoid allocating a map for each Decode*() call
 2025-07-08 11:53:19 -04:00
Steve Moyer
21a78a9d2d fix(eddsa): use DecodeHashAlgorithm and create decodeEdDSACurve 2025-07-08 11:27:18 -04:00
Michael Muré
5cea53af26 perf(constants): avoid allocating a map for each Decode*() call 
```
goos: linux
goarch: amd64
pkg: github.com/ucan-wg/go-varsig
cpu: 13th Gen Intel(R) Core(TM) i7-1360P
                         │    old.txt    │               new.txt                │
                         │    sec/op     │    sec/op     vs base                │
DecodeHashAlgorithm-16     145.65n ± 10%   59.62n ± 30%  -59.07% (p=0.000 n=10)
DecodePayloadEncoding-16   136.65n ± 46%   50.02n ±  5%  -63.40% (p=0.000 n=10)
geomean                     141.1n         54.60n        -61.29%

                         │  old.txt   │               new.txt               │
                         │    B/op    │    B/op     vs base                 │
DecodeHashAlgorithm-16     48.00 ± 0%   48.00 ± 0%       ~ (p=1.000 n=10) ¹
DecodePayloadEncoding-16   48.00 ± 0%   48.00 ± 0%       ~ (p=1.000 n=10) ¹
geomean                    48.00        48.00       +0.00%
¹ all samples are equal

                         │  old.txt   │               new.txt               │
                         │ allocs/op  │ allocs/op   vs base                 │
DecodeHashAlgorithm-16     1.000 ± 0%   1.000 ± 0%       ~ (p=1.000 n=10) ¹
DecodePayloadEncoding-16   1.000 ± 0%   1.000 ± 0%       ~ (p=1.000 n=10) ¹
geomean                    1.000        1.000       +0.00%
¹ all samples are equal
```
 2025-07-08 16:53:40 +02:00
Steve Moyer
8dcaefbf3a feat: switch to dual Apache/MIT licenses 2025-07-08 10:51:45 -04:00
Steve Moyer
caaa0204b8 fix(hash): HashAlgorithmUnspecified should not be ok 2025-07-08 09:42:09 -04:00
19 changed files with 519 additions and 383 deletions
Expand all files Collapse all files

212
LICENSE
View File

@@ -1,201 +1,25 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
The contents of this repository are Copyright (c) corresponding authors and
contributors, licensed under the `Permissive License Stack` meaning either of:
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
- Apache-2.0 Software License: https://www.apache.org/licenses/LICENSE-2.0
([...4tr2kfsq](https://dweb.link/ipfs/bafkreiankqxazcae4onkp436wag2lj3ccso4nawxqkkfckd6cg4tr2kfsq))
1. Definitions.
- MIT Software License: https://opensource.org/licenses/MIT
([...vljevcba](https://dweb.link/ipfs/bafkreiepofszg4gfe2gzuhojmksgemsub2h4uy2gewdnr35kswvljevcba))
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
You may not use the contents of this repository except in compliance
with one of the listed Licenses. For an extended clarification of the
intent behind the choice of Licensing please refer to
https://protocol.ai/blog/announcing-the-permissive-license-stack/
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
Unless required by applicable law or agreed to in writing, software
distributed under the terms listed in this notice is distributed on
an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
either express or implied. See each License for the specific language
governing permissions and limitations under that License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
<!--- SPDX-License-Identifier: Apache-2.0 OR MIT -->
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
`SPDX-License-Identifier: Apache-2.0 OR MIT`
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Verbatim copies of both licenses are included in the LICENSE-APACHE-2.0 and LICENSE-MIT files.

201
LICENSE-APACHE-2.0 Normal file
View File

@@ -0,0 +1,201 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright 2025 UCAN Working Group - All right reserved
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

21
LICENSE-MIT Normal file
View File

@@ -0,0 +1,21 @@
MIT License
Copyright (c) 2025 UCAN Working Group - All rights reserved
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

6
README.md
View File

@@ -2,12 +2,12 @@
`go-varsig` implements the upcoming v1.0.0 release of the [`varsig` specification](https://github.com/ChainAgnostic/varsig/pull/18)
with limited (and soon to be deprecated) support for the `varsig` < v1.0
specification. This is predominatly included to support the UCAN v1.0
specification. This is predominantly included to support the UCAN v1.0
use-case.
## Usage
Include the `go-varsig` library by running the following command:
Include the `go-varsig` library by running the following command:
```bash
go get github.com/ucan-wg/go-varsig@latest
@@ -29,7 +29,7 @@ asdf install
### Checks
This repository contains an set of pre-commit hooks that are run prior to
This repository contains a set of pre-commit hooks that are run prior to
each `git commit`. You can also run these checks manually using the
following command:

10
common.go
View File

@@ -4,7 +4,7 @@ package varsig
// by the [IANA JOSE specification].
//
// [IANA JOSE specification]: https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms
func Ed25519(payloadEncoding PayloadEncoding, opts ...Option) (*EdDSAVarsig, error) {
func Ed25519(payloadEncoding PayloadEncoding, opts ...Option) (EdDSAVarsig, error) {
return NewEdDSAVarsig(CurveEd25519, HashAlgorithmSHA512, payloadEncoding, opts...)
}
@@ -12,7 +12,7 @@ func Ed25519(payloadEncoding PayloadEncoding, opts ...Option) (*EdDSAVarsig, err
// by the [IANA JOSE specification].
//
// [IANA JOSE specification]: https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms
func Ed448(payloadEncoding PayloadEncoding, opts ...Option) (*EdDSAVarsig, error) {
func Ed448(payloadEncoding PayloadEncoding, opts ...Option) (EdDSAVarsig, error) {
return NewEdDSAVarsig(CurveEd448, HashAlgorithmShake256, payloadEncoding, opts...)
}
@@ -20,7 +20,7 @@ func Ed448(payloadEncoding PayloadEncoding, opts ...Option) (*EdDSAVarsig, error
// by the [IANA JOSE specification].
//
// [IANA JOSE specification]: https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms
func RS256(keyLength uint64, payloadEncoding PayloadEncoding, opts ...Option) (*RSAVarsig, error) {
func RS256(keyLength uint64, payloadEncoding PayloadEncoding, opts ...Option) (RSAVarsig, error) {
return NewRSAVarsig(HashAlgorithmSHA256, keyLength, payloadEncoding, opts...)
}
@@ -28,7 +28,7 @@ func RS256(keyLength uint64, payloadEncoding PayloadEncoding, opts ...Option) (*
// by the [IANA JOSE specification].
//
// [IANA JOSE specification]: https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms
func RS384(keyLength uint64, payloadEncoding PayloadEncoding, opts ...Option) (*RSAVarsig, error) {
func RS384(keyLength uint64, payloadEncoding PayloadEncoding, opts ...Option) (RSAVarsig, error) {
return NewRSAVarsig(HashAlgorithmSHA384, keyLength, payloadEncoding, opts...)
}
@@ -36,6 +36,6 @@ func RS384(keyLength uint64, payloadEncoding PayloadEncoding, opts ...Option) (*
// by the [IANA JOSE specification].
//
// [IANA JOSE specification]: https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms
func RS512(keyLength uint64, payloadEncoding PayloadEncoding, opts ...Option) (*RSAVarsig, error) {
func RS512(keyLength uint64, payloadEncoding PayloadEncoding, opts ...Option) (RSAVarsig, error) {
return NewRSAVarsig(HashAlgorithmSHA512, keyLength, payloadEncoding, opts...)
}

19
common_test.go
View File

@@ -11,7 +11,8 @@ import (
func TestEd25519(t *testing.T) {
t.Parallel()
in := mustVarsig[varsig.EdDSAVarsig](t)(varsig.Ed25519(varsig.PayloadEncodingDAGCBOR))
in, err := varsig.Ed25519(varsig.PayloadEncodingDAGCBOR)
mustVarsig(t, in, err)
out := roundTrip(t, in, "3401ed01ed011371")
assertEdDSAEqual(t, in, out)
}
@@ -19,7 +20,8 @@ func TestEd25519(t *testing.T) {
func TestEd448(t *testing.T) {
t.Parallel()
in := mustVarsig[varsig.EdDSAVarsig](t)(varsig.Ed448(varsig.PayloadEncodingDAGCBOR))
in, err := varsig.Ed448(varsig.PayloadEncodingDAGCBOR)
mustVarsig(t, in, err)
out := roundTrip(t, in, "3401ed0183241971")
assertEdDSAEqual(t, in, out)
}
@@ -27,7 +29,8 @@ func TestEd448(t *testing.T) {
func TestRS256(t *testing.T) {
t.Parallel()
in := mustVarsig[varsig.RSAVarsig](t)(varsig.RS256(0x100, varsig.PayloadEncodingDAGCBOR))
in, err := varsig.RS256(0x100, varsig.PayloadEncodingDAGCBOR)
mustVarsig(t, in, err)
out := roundTrip(t, in, "3401852412800271")
assertRSAEqual(t, in, out)
}
@@ -35,7 +38,8 @@ func TestRS256(t *testing.T) {
func TestRS384(t *testing.T) {
t.Parallel()
in := mustVarsig[varsig.RSAVarsig](t)(varsig.RS384(0x100, varsig.PayloadEncodingDAGCBOR))
in, err := varsig.RS384(0x100, varsig.PayloadEncodingDAGCBOR)
mustVarsig(t, in, err)
out := roundTrip(t, in, "3401852420800271")
assertRSAEqual(t, in, out)
}
@@ -43,19 +47,20 @@ func TestRS384(t *testing.T) {
func TestRS512(t *testing.T) {
t.Parallel()
in := mustVarsig[varsig.RSAVarsig](t)(varsig.RS512(0x100, varsig.PayloadEncodingDAGCBOR))
in, err := varsig.RS512(0x100, varsig.PayloadEncodingDAGCBOR)
mustVarsig(t, in, err)
out := roundTrip(t, in, "3401852413800271")
assertRSAEqual(t, in, out)
}
func assertEdDSAEqual(t *testing.T, in, out *varsig.EdDSAVarsig) {
func assertEdDSAEqual(t *testing.T, in, out varsig.EdDSAVarsig) {
t.Helper()
assert.Equal(t, in.Curve(), out.Curve())
assert.Equal(t, in.HashAlgorithm(), out.HashAlgorithm())
}
func assertRSAEqual(t *testing.T, in, out *varsig.RSAVarsig) {
func assertRSAEqual(t *testing.T, in, out varsig.RSAVarsig) {
t.Helper()
assert.Equal(t, in.HashAlgorithm(), out.HashAlgorithm())

96
constant.go
View File

@@ -1,34 +1,30 @@
package varsig
import (
"bytes"
"encoding/binary"
"fmt"
"github.com/multiformats/go-multicodec"
)
// Prefix is the multicodec.Code for the varsig's varuint prefix byte.
const Prefix = uint64(multicodec.Varsig)
// Prefix is the value for the varsig's varuint prefix byte.
const Prefix = uint64(0x34)
// HashAlgorithm is the multicodec.Code that specifies the hash algorithm
// that's used to reduced the signed content
// HashAlgorithm is the value that specifies the hash algorithm
// that's used to reduce the signed content
type HashAlgorithm uint64
// Constant multicodec.Code values that allow Varsig implementations to
// specify how the payload content is hashed before the signature is
// generated.
// Constant values that allow Varsig implementations to specify how
// the payload content is hashed before the signature is generated.
const (
HashAlgorithmUnspecified HashAlgorithm = 0x00
HashAlgorithmSHA256 = HashAlgorithm(multicodec.Sha2_256)
HashAlgorithmSHA384 = HashAlgorithm(multicodec.Sha2_384)
HashAlgorithmSHA512 = HashAlgorithm(multicodec.Sha2_512)
HashAlgorithmShake256 = HashAlgorithm(multicodec.Shake256)
HashAlgorithmSHA256 = HashAlgorithm(0x12)
HashAlgorithmSHA384 = HashAlgorithm(0x20)
HashAlgorithmSHA512 = HashAlgorithm(0x13)
HashAlgorithmShake256 = HashAlgorithm(0x19)
)
// DecodeHashAlgorithm reads and validates the expected hash algorithm
// (for varsig types include a variable hash algorithm.)
func DecodeHashAlgorithm(r *bytes.Reader) (HashAlgorithm, error) {
func DecodeHashAlgorithm(r BytesReader) (HashAlgorithm, error) {
u, err := binary.ReadUvarint(r)
if err != nil {
return HashAlgorithmUnspecified, fmt.Errorf("%w: %w", ErrUnknownHashAlgorithm, err)
@@ -36,17 +32,15 @@ func DecodeHashAlgorithm(r *bytes.Reader) (HashAlgorithm, error) {
h := HashAlgorithm(u)
if _, ok := map[HashAlgorithm]struct{}{
HashAlgorithmUnspecified: {},
HashAlgorithmSHA256: {},
HashAlgorithmSHA384: {},
HashAlgorithmSHA512: {},
HashAlgorithmShake256: {},
}[h]; !ok {
switch h {
case HashAlgorithmSHA256,
HashAlgorithmSHA384,
HashAlgorithmSHA512,
HashAlgorithmShake256:
return h, nil
default:
return HashAlgorithmUnspecified, fmt.Errorf("%w: %x", ErrUnknownHashAlgorithm, h)
}
return h, nil
}
// PayloadEncoding specifies the encoding of the data being (hashed and)
@@ -54,22 +48,22 @@ func DecodeHashAlgorithm(r *bytes.Reader) (HashAlgorithm, error) {
// consistent hashes and signatures.
type PayloadEncoding uint64
// Constant multicodec.Code values that allow Varsig implementations to
// specify how the payload content is encoded before being hashed. In
// varsig >= v1, only canonical encoding is allowed.
// Constant values that allow Varsig implementations to specify how the
// payload content is encoded before being hashed.
// In varsig >= v1, only canonical encoding is allowed.
const (
PayloadEncodingUnspecified PayloadEncoding = 0x00
PayloadEncodingVerbatim PayloadEncoding = 0x5f
PayloadEncodingDAGPB = PayloadEncoding(multicodec.DagPb)
PayloadEncodingDAGCBOR = PayloadEncoding(multicodec.DagCbor)
PayloadEncodingDAGJSON = PayloadEncoding(multicodec.DagJson)
PayloadEncodingEIP191 = PayloadEncoding(multicodec.Eip191)
PayloadEncodingDAGPB = PayloadEncoding(0x70)
PayloadEncodingDAGCBOR = PayloadEncoding(0x71)
PayloadEncodingDAGJSON = PayloadEncoding(0x0129)
PayloadEncodingEIP191 = PayloadEncoding(0xd191)
PayloadEncodingJWT PayloadEncoding = 0x6a77
)
// DecodePayloadEncoding reads and validates the expected canonical payload
// encoding of the data to be signed.
func DecodePayloadEncoding(r *bytes.Reader, vers Version) (PayloadEncoding, error) {
func DecodePayloadEncoding(r BytesReader, vers Version) (PayloadEncoding, error) {
u, err := binary.ReadUvarint(r)
if err != nil {
return PayloadEncodingUnspecified, fmt.Errorf("%w: %w", ErrUnsupportedPayloadEncoding, err)
@@ -89,36 +83,34 @@ func DecodePayloadEncoding(r *bytes.Reader, vers Version) (PayloadEncoding, erro
// https://github.com/ChainAgnostic/varsig#4-payload-encoding
func decodeEncodingInfoV0(payEnc PayloadEncoding) (PayloadEncoding, error) {
if _, ok := map[PayloadEncoding]struct{}{
PayloadEncodingVerbatim: {},
PayloadEncodingDAGPB: {},
PayloadEncodingDAGCBOR: {},
PayloadEncodingDAGJSON: {},
PayloadEncodingJWT: {},
PayloadEncodingEIP191: {},
}[payEnc]; !ok {
switch payEnc {
case PayloadEncodingVerbatim,
PayloadEncodingDAGPB,
PayloadEncodingDAGCBOR,
PayloadEncodingDAGJSON,
PayloadEncodingJWT,
PayloadEncodingEIP191:
return payEnc, nil
default:
return PayloadEncodingUnspecified, fmt.Errorf("%w: version=%d, encoding=%x", ErrUnsupportedPayloadEncoding, Version0, payEnc)
}
return payEnc, nil
}
// https://github.com/expede/varsig/blob/main/README.md#payload-encoding
func decodeEncodingInfoV1(payEnc PayloadEncoding) (PayloadEncoding, error) {
if _, ok := map[PayloadEncoding]struct{}{
PayloadEncodingVerbatim: {},
PayloadEncodingDAGCBOR: {},
PayloadEncodingDAGJSON: {},
PayloadEncodingEIP191: {},
}[payEnc]; !ok {
switch payEnc {
case PayloadEncodingVerbatim,
PayloadEncodingDAGCBOR,
PayloadEncodingDAGJSON,
PayloadEncodingEIP191:
return payEnc, nil
default:
return PayloadEncodingUnspecified, fmt.Errorf("%w: version=%d, encoding=%x", ErrUnsupportedPayloadEncoding, Version1, payEnc)
}
return payEnc, nil
}
// Discriminator is (usually) the multicodec.Code representing the public
// key type of the algorithm used to create the signature.
// Discriminator is (usually) the value representing the public key type of
// the algorithm used to create the signature.
//
// There is not set list of constants here, nor is there a decode function
// as the author of an implementation should include the constant with the

16
constant_test.go
View File

@@ -39,6 +39,14 @@ func TestDecodeHashAlgorithm(t *testing.T) {
})
}
func BenchmarkDecodeHashAlgorithm(b *testing.B) {
b.ReportAllocs()
data := []byte{0x12}
for i := 0; i < b.N; i++ {
_, _ = varsig.DecodeHashAlgorithm(bytes.NewReader(data))
}
}
func TestDecodePayloadEncoding(t *testing.T) {
t.Parallel()
@@ -105,3 +113,11 @@ func TestDecodePayloadEncoding(t *testing.T) {
}
})
}
func BenchmarkDecodePayloadEncoding(b *testing.B) {
b.ReportAllocs()
data := []byte{0x5f}
for i := 0; i < b.N; i++ {
_, _ = varsig.DecodePayloadEncoding(bytes.NewReader(data), varsig.Version1)
}
}

90
eddsa.go
View File

@@ -1,37 +1,49 @@
package varsig
import (
"bytes"
"crypto/ed25519"
"encoding/binary"
"github.com/multiformats/go-multicodec"
"fmt"
)
// Constants containing multicodec.Code values that specify EdDSA signatures.
// Constants containing values that specify EdDSA signatures.
const (
DiscriminatorEdDSA = Discriminator(multicodec.Ed25519Pub)
DiscriminatorEd25519 = Discriminator(multicodec.Ed25519Pub)
DiscriminatorEd448 = Discriminator(multicodec.Ed448Pub)
DiscriminatorEdDSA = Discriminator(0xed)
DiscriminatorEd25519 = Discriminator(0xed)
DiscriminatorEd448 = Discriminator(0x1203)
)
// EdDSACurve are multicodec.Code values that specify which Edwards curve
// is used when generating the signature.
// EdDSACurve are values that specify which Edwards curve is used when
// generating the signature.
type EdDSACurve uint64
// Constants describing the multicodec.Code for each specific Edwards
// curve that can be encoded into a Varsig.
// Constants describing the values for each specific Edwards curve that can
// be encoded into a Varsig.
const (
CurveEd25519 = EdDSACurve(multicodec.Ed25519Pub)
CurveEd448 = EdDSACurve(multicodec.Ed448Pub)
CurveEd25519 = EdDSACurve(0xed)
CurveEd448 = EdDSACurve(0x1203)
)
var _ Varsig = (*EdDSAVarsig)(nil)
func decodeEdDSACurve(r BytesReader) (EdDSACurve, error) {
u, err := binary.ReadUvarint(r)
if err != nil {
return 0, err
}
switch curve := EdDSACurve(u); curve {
case CurveEd25519, CurveEd448:
return curve, nil
default:
return 0, fmt.Errorf("%w: %x", ErrUnknownEdDSACurve, u)
}
}
var _ Varsig = EdDSAVarsig{}
// EdDSAVarsig is a varsig that encodes the parameters required to describe
// an EdDSA signature.
type EdDSAVarsig struct {
varsig[EdDSAVarsig]
varsig
curve EdDSACurve
hashAlg HashAlgorithm
@@ -39,13 +51,13 @@ type EdDSAVarsig struct {
// NewEdDSAVarsig creates and validates an EdDSA varsig with the provided
// curve, hash algorithm and payload encoding.
func NewEdDSAVarsig(curve EdDSACurve, hashAlgorithm HashAlgorithm, payloadEncoding PayloadEncoding, opts ...Option) (*EdDSAVarsig, error) {
func NewEdDSAVarsig(curve EdDSACurve, hashAlgorithm HashAlgorithm, payloadEncoding PayloadEncoding, opts ...Option) (EdDSAVarsig, error) {
options := newOptions(opts...)
var (
vers = Version1
disc = DiscriminatorEdDSA
sig = []byte{}
sig []byte
)
if options.ForceVersion0() {
@@ -54,8 +66,8 @@ func NewEdDSAVarsig(curve EdDSACurve, hashAlgorithm HashAlgorithm, payloadEncodi
sig = options.Signature()
}
v := &EdDSAVarsig{
varsig: varsig[EdDSAVarsig]{
v := EdDSAVarsig{
varsig: varsig{
vers: vers,
disc: disc,
payEnc: payloadEncoding,
@@ -65,17 +77,17 @@ func NewEdDSAVarsig(curve EdDSACurve, hashAlgorithm HashAlgorithm, payloadEncodi
hashAlg: hashAlgorithm,
}
return v.validateSig(v, ed25519.PrivateKeySize)
return validateSig(v, ed25519.SignatureSize)
}
// Curve returns the Edwards curve used to generate the EdDSA signature.
func (v *EdDSAVarsig) Curve() EdDSACurve {
func (v EdDSAVarsig) Curve() EdDSACurve {
return v.curve
}
// HashAlgorithm returns the multicodec.Code describing the hash algorithm
// used to hash the payload content before the signature is generated.
func (v *EdDSAVarsig) HashAlgorithm() HashAlgorithm {
// HashAlgorithm returns the value describing the hash algorithm used to hash
// the payload content before the signature is generated.
func (v EdDSAVarsig) HashAlgorithm() HashAlgorithm {
return v.hashAlg
}
@@ -94,31 +106,35 @@ func (v EdDSAVarsig) Encode() []byte {
return buf
}
func decodeEd25519(r *bytes.Reader, vers Version, disc Discriminator) (Varsig, error) {
curve := uint64(disc)
func decodeEd25519(r BytesReader, vers Version, disc Discriminator) (Varsig, error) {
curve := EdDSACurve(disc)
if vers != Version0 {
u, err := binary.ReadUvarint(r)
var err error
curve, err = decodeEdDSACurve(r)
if err != nil {
return nil, err // TODO: wrap error?
return nil, err
}
curve = u
}
hashAlg, err := binary.ReadUvarint(r)
hashAlg, err := DecodeHashAlgorithm(r)
if err != nil {
return nil, err // TODO: wrap error?
return nil, err
}
v := &EdDSAVarsig{
varsig: varsig[EdDSAVarsig]{
v := EdDSAVarsig{
varsig: varsig{
vers: vers,
disc: disc,
},
curve: EdDSACurve(curve),
hashAlg: HashAlgorithm(hashAlg),
curve: curve,
hashAlg: hashAlg,
}
return v.decodePayEncAndSig(r, v, ed25519.PrivateKeySize)
v.payEnc, v.sig, err = v.decodePayEncAndSig(r)
if err != nil {
return nil, err
}
return validateSig(v, ed25519.SignatureSize)
}

44
eddsa_test.go
View File

@@ -1,6 +1,7 @@
package varsig_test
import (
"encoding/base64"
"encoding/hex"
"testing"
@@ -35,7 +36,7 @@ func TestDecodeEd25519(t *testing.T) {
assert.Equal(t, varsig.PayloadEncodingDAGCBOR, v.PayloadEncoding())
assert.Len(t, v.Signature(), 64)
impl, ok := v.(*varsig.EdDSAVarsig)
impl, ok := v.(varsig.EdDSAVarsig)
require.True(t, ok)
assert.Equal(t, varsig.CurveEd25519, impl.Curve())
assert.Equal(t, varsig.HashAlgorithmSHA512, impl.HashAlgorithm())
@@ -56,3 +57,44 @@ func TestDecodeEd25519(t *testing.T) {
})
})
}
func TestUCANExampleV1(t *testing.T) {
t.Parallel()
// This test is the value shown in the UCAN v1.0.0 example, which is
// an EdDSA varsig = v1 with the Ed25519 curve, SHA2_256 hashing and
// DAG-CBOR content encoding.
example, err := base64.RawStdEncoding.DecodeString("NAHtAe0BE3E")
require.NoError(t, err)
t.Run("Decode", func(t *testing.T) {
t.Parallel()
v, err := varsig.Decode(example)
require.NoError(t, err)
rsaV, ok := v.(varsig.EdDSAVarsig)
require.True(t, ok)
assert.Equal(t, varsig.Version1, rsaV.Version())
assert.Equal(t, varsig.DiscriminatorEdDSA, rsaV.Discriminator())
assert.Equal(t, varsig.CurveEd25519, rsaV.Curve())
assert.Equal(t, varsig.HashAlgorithmSHA512, rsaV.HashAlgorithm())
assert.Equal(t, varsig.PayloadEncodingDAGCBOR, rsaV.PayloadEncoding())
assert.Len(t, rsaV.Signature(), 0)
})
t.Run("Encode", func(t *testing.T) {
t.Parallel()
edDSAVarsig, err := varsig.NewEdDSAVarsig(
varsig.CurveEd25519,
varsig.HashAlgorithmSHA512,
varsig.PayloadEncodingDAGCBOR,
)
require.NoError(t, err)
assert.Equal(t, example, edDSAVarsig.Encode())
t.Log(base64.RawStdEncoding.EncodeToString(edDSAVarsig.Encode()))
})
}

12
error.go
View File

@@ -13,7 +13,7 @@ var ErrMissingSignature = errors.New("missing signature expected in varsig v0")
var ErrNotYetImplemented = errors.New("not yet implemented")
// ErrUnexpectedSignaturePresent is returned when a signature is present
// in a varsig >= v1.
// in a varsig >= v1.
var ErrUnexpectedSignaturePresent = errors.New("unexpected signature present in varsig >= v1")
// ErrUnexpectedSignatureSize is returned when the length of the decoded
@@ -21,7 +21,7 @@ var ErrUnexpectedSignaturePresent = errors.New("unexpected signature present in
// signing algorithm or sent via a Varsig field.
var ErrUnexpectedSignatureSize = errors.New("unexpected signature size in varsig v0")
// ErrUnknownHashAlgoritm is returned when an unexpected value is provided
// ErrUnknownHashAlgorithm is returned when an unexpected value is provided
// while decoding the hashing algorithm.
var ErrUnknownHashAlgorithm = errors.New("unknown hash algorithm")
@@ -30,14 +30,18 @@ var ErrUnknownHashAlgorithm = errors.New("unknown hash algorithm")
// for this field may vary based on the varsig version.
var ErrUnsupportedPayloadEncoding = errors.New("unsupported payload encoding")
// ErrUnknowndiscorith is returned when the Registry doesn't have a
// ErrUnknownDiscriminator is returned when the Registry doesn't have a
// parsing function for the decoded signing algorithm.
var ErrUnknownDiscriminator = errors.New("unknown signing algorithm")
// ErrUnknownEdDSACurve is returned when the decoded uvarint isn't either
// CurveEd25519 or CurveEd448.
var ErrUnknownEdDSACurve = errors.New("unknown Edwards curve")
// ErrUnsupportedVersion is returned when an unsupported varsig version
// field is present.
var ErrUnsupportedVersion = errors.New("unsupported version")
// ErrBadPrefix is returned when the prefix field contains a value other
// than 0x34 (encoded as a uvarint).
// than 0x34 (encoded as an uvarint).
var ErrBadPrefix = errors.New("varsig prefix not found")

5
go.mod
View File

@@ -2,10 +2,7 @@ module github.com/ucan-wg/go-varsig
go 1.24.4
require (
github.com/multiformats/go-multicodec v0.9.2
github.com/stretchr/testify v1.10.0
)
require github.com/stretchr/testify v1.10.0
require (
github.com/davecgh/go-spew v1.1.1 // indirect

2
go.sum
View File

@@ -6,8 +6,6 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/renameio v0.1.0 h1:GOZbcHa3HfsPKPlmyPyN2KEohoMXOhdMbHrvbpl2QaA=
github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
github.com/multiformats/go-multicodec v0.9.2 h1:YrlXCuqxjqm3bXl+vBq5LKz5pz4mvAsugdqy78k0pXQ=
github.com/multiformats/go-multicodec v0.9.2/go.mod h1:LLWNMtyV5ithSBUo3vFIMaeDy+h3EbkMTek1m+Fybbo=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=

14
registry.go
View File

@@ -6,11 +6,11 @@ import (
"fmt"
)
// Version represents which version of the vasig specification was used
// Version represents which version of the varsig specification was used
// to produce Varsig value.
type Version uint64
// Constancts for the existing varsig specifications
// Constants for the existing varsig specifications
const (
Version0 Version = 0
Version1 Version = 1
@@ -18,9 +18,9 @@ const (
// DecodeFunc is a function that parses the varsig representing a specific
// signing algorithm.
type DecodeFunc func(*bytes.Reader, Version, Discriminator) (Varsig, error)
type DecodeFunc func(BytesReader, Version, Discriminator) (Varsig, error)
// Registry contains a mapping between known signing algorithms, and
// Registry contains a mapping between known signing algorithms and
// functions that can parse varsigs for that signing algorithm.
type Registry map[Discriminator]DecodeFunc
@@ -56,7 +56,7 @@ func (rs Registry) Decode(data []byte) (Varsig, error) {
// DecodeStream converts data read from the provided io.Reader into one
// of the registered Varsig types.
func (rs Registry) DecodeStream(r *bytes.Reader) (Varsig, error) {
func (rs Registry) DecodeStream(r BytesReader) (Varsig, error) {
pre, err := binary.ReadUvarint(r)
if err != nil {
return nil, fmt.Errorf("%w: %w", ErrBadPrefix, err)
@@ -79,7 +79,7 @@ func (rs Registry) DecodeStream(r *bytes.Reader) (Varsig, error) {
return decodeFunc(r, vers, disc)
}
func (rs Registry) decodeVersAnddisc(r *bytes.Reader) (Version, Discriminator, error) {
func (rs Registry) decodeVersAnddisc(r BytesReader) (Version, Discriminator, error) {
vers, err := binary.ReadUvarint(r)
if err != nil {
return Version(vers), 0, err
@@ -98,6 +98,6 @@ func (rs Registry) decodeVersAnddisc(r *bytes.Reader) (Version, Discriminator, e
return Version(vers), Discriminator(disc), err
}
func notYetImplementedVarsigDecoder(_ *bytes.Reader, vers Version, disc Discriminator) (Varsig, error) {
func notYetImplementedVarsigDecoder(_ BytesReader, vers Version, disc Discriminator) (Varsig, error) {
return nil, fmt.Errorf("%w: Version: %d, Discriminator: %x", ErrNotYetImplemented, vers, disc)
}

14
registry_test.go
View File

@@ -61,7 +61,7 @@ func testRegistry(t *testing.T) varsig.Registry {
func testDecodeFunc(t *testing.T) varsig.DecodeFunc {
t.Helper()
return func(r *bytes.Reader, vers varsig.Version, disc varsig.Discriminator) (varsig.Varsig, error) {
return func(r varsig.BytesReader, vers varsig.Version, disc varsig.Discriminator) (varsig.Varsig, error) {
v := &testVarsig{
vers: vers,
disc: disc,
@@ -71,7 +71,7 @@ func testDecodeFunc(t *testing.T) varsig.DecodeFunc {
}
}
var _ varsig.Varsig = (*testVarsig)(nil)
var _ varsig.Varsig = testVarsig{}
type testVarsig struct {
vers varsig.Version
@@ -80,22 +80,22 @@ type testVarsig struct {
sig []byte
}
func (v *testVarsig) Version() varsig.Version {
func (v testVarsig) Version() varsig.Version {
return v.vers
}
func (v *testVarsig) Discriminator() varsig.Discriminator {
func (v testVarsig) Discriminator() varsig.Discriminator {
return v.disc
}
func (v *testVarsig) PayloadEncoding() varsig.PayloadEncoding {
func (v testVarsig) PayloadEncoding() varsig.PayloadEncoding {
return v.payEnc
}
func (v *testVarsig) Signature() []byte {
func (v testVarsig) Signature() []byte {
return v.sig
}
func (v *testVarsig) Encode() []byte {
func (v testVarsig) Encode() []byte {
return nil
}

40
rsa.go
View File

@@ -1,33 +1,30 @@
package varsig
import (
"bytes"
"encoding/binary"
"github.com/multiformats/go-multicodec"
)
// DiscriminatorRSA is the multicodec.Code specifying an RSA signature.
const DiscriminatorRSA = Discriminator(multicodec.RsaPub)
// DiscriminatorRSA is the value specifying an RSA signature.
const DiscriminatorRSA = Discriminator(0x1205)
var _ Varsig = (*RSAVarsig)(nil)
var _ Varsig = RSAVarsig{}
// RSAVarsig is a varsig that encodes the parameters required to describe
// an RSA signature.
type RSAVarsig struct {
varsig[RSAVarsig]
varsig
hashAlg HashAlgorithm
sigLen uint64
}
// NewRSAVarsig creates and validates an RSA varsig with the provided
// hash algorithm, key length and payload encoding.
func NewRSAVarsig(hashAlgorithm HashAlgorithm, keyLength uint64, payloadEncoding PayloadEncoding, opts ...Option) (*RSAVarsig, error) {
func NewRSAVarsig(hashAlgorithm HashAlgorithm, keyLength uint64, payloadEncoding PayloadEncoding, opts ...Option) (RSAVarsig, error) {
options := newOptions(opts...)
var (
vers = Version1
sig = []byte{}
sig []byte
)
if options.ForceVersion0() {
@@ -35,8 +32,8 @@ func NewRSAVarsig(hashAlgorithm HashAlgorithm, keyLength uint64, payloadEncoding
sig = options.Signature()
}
v := &RSAVarsig{
varsig: varsig[RSAVarsig]{
v := RSAVarsig{
varsig: varsig{
vers: vers,
disc: DiscriminatorRSA,
payEnc: payloadEncoding,
@@ -46,7 +43,7 @@ func NewRSAVarsig(hashAlgorithm HashAlgorithm, keyLength uint64, payloadEncoding
sigLen: keyLength,
}
return v.validateSig(v, v.sigLen)
return validateSig(v, v.sigLen)
}
// Encode returns the encoded byte format of the RSAVarsig.
@@ -61,17 +58,17 @@ func (v RSAVarsig) Encode() []byte {
}
// HashAlgorithm returns the hash algorithm used to has the payload content.
func (v *RSAVarsig) HashAlgorithm() HashAlgorithm {
func (v RSAVarsig) HashAlgorithm() HashAlgorithm {
return v.hashAlg
}
// KeyLength returns the length of the RSA key used to sign the payload
// content.
func (v *RSAVarsig) KeyLength() uint64 {
func (v RSAVarsig) KeyLength() uint64 {
return v.sigLen
}
func decodeRSA(r *bytes.Reader, vers Version, disc Discriminator) (Varsig, error) {
func decodeRSA(r BytesReader, vers Version, disc Discriminator) (Varsig, error) {
hashAlg, err := DecodeHashAlgorithm(r)
if err != nil {
return nil, err
@@ -82,14 +79,19 @@ func decodeRSA(r *bytes.Reader, vers Version, disc Discriminator) (Varsig, error
return nil, err
}
vs := &RSAVarsig{
varsig: varsig[RSAVarsig]{
vs := RSAVarsig{
varsig: varsig{
vers: vers,
disc: disc,
},
hashAlg: HashAlgorithm(hashAlg),
hashAlg: hashAlg,
sigLen: sigLen,
}
return vs.decodePayEncAndSig(r, vs, sigLen)
vs.payEnc, vs.sig, err = vs.decodePayEncAndSig(r)
if err != nil {
return nil, err
}
return validateSig(vs, vs.sigLen)
}

6
rsa_test.go
View File

@@ -26,7 +26,7 @@ func TestRSAVarsig(t *testing.T) {
vs, err := varsig.Decode(example)
require.NoError(t, err)
rsaVs, ok := vs.(*varsig.RSAVarsig)
rsaVs, ok := vs.(varsig.RSAVarsig)
require.True(t, ok)
assert.Equal(t, varsig.Version1, rsaVs.Version())
@@ -52,7 +52,7 @@ func TestRSAVarsig(t *testing.T) {
})
}
func TestUCANExample(t *testing.T) {
func TestUCANExampleV0(t *testing.T) {
t.Parallel()
const keyLen = 0x100
@@ -69,7 +69,7 @@ func TestUCANExample(t *testing.T) {
vs, err := varsig.Decode(example)
require.ErrorIs(t, err, varsig.ErrMissingSignature)
rsaVs, ok := vs.(*varsig.RSAVarsig)
rsaVs, ok := vs.(varsig.RSAVarsig)
require.True(t, ok)
assert.Equal(t, varsig.Version0, rsaVs.Version())

82
varsig.go
View File

@@ -19,21 +19,29 @@
package varsig
import (
"bytes"
"encoding/binary"
"errors"
"io"
)
// Varsig represents types that describe how a signature was generated
// and thus how to interpret the signature and verify the signed data.
type Varsig interface {
// accessors for fields that are common to all varsig
// Version returns the varsig's version field.
Version() Version
// Discriminator returns the algorithm used to produce the corresponding signature.
Discriminator() Discriminator
// PayloadEncoding returns the codec that was used to encode the signed data.
PayloadEncoding() PayloadEncoding
// Signature returns the cryptographic signature of the signed data.
// This value is never present in a varsig >= v1 and must either be a valid
// signature with the correct length or empty in varsig < v1.
Signature() []byte
// Operations that are common to all varsig
// Encode returns the encoded byte format of the varsig.
Encode() []byte
}
@@ -45,11 +53,11 @@ func Decode(data []byte) (Varsig, error) {
// DecodeStream converts data read from the provided io.Reader into one
// of the Varsig types provided by the DefaultRegistry.
func DecodeStream(r *bytes.Reader) (Varsig, error) {
func DecodeStream(r BytesReader) (Varsig, error) {
return DefaultRegistry().DecodeStream(r)
}
type varsig[T Varsig] struct {
type varsig struct {
vers Version
disc Discriminator
payEnc PayloadEncoding
@@ -57,30 +65,30 @@ type varsig[T Varsig] struct {
}
// Version returns the varsig's version field.
func (v varsig[_]) Version() Version {
func (v varsig) Version() Version {
return v.vers
}
// Discriminator returns the algorithm used to produce corresponding
// Discriminator returns the algorithm used to produce the corresponding
// signature.
func (v varsig[_]) Discriminator() Discriminator {
func (v varsig) Discriminator() Discriminator {
return v.disc
}
// PayloadEncoding returns the codec that was used to encode the signed
// data.
func (v varsig[_]) PayloadEncoding() PayloadEncoding {
func (v varsig) PayloadEncoding() PayloadEncoding {
return v.payEnc
}
// Signature returns the cryptographic signature of the signed data. This
// value is never present in a varsig >= v1 and must either be a valid
// signature with the correct length or empty in varsig < v1.
func (v varsig[_]) Signature() []byte {
func (v varsig) Signature() []byte {
return v.sig
}
func (v *varsig[_]) encode() []byte {
func (v varsig) encode() []byte {
var buf []byte
buf = binary.AppendUvarint(buf, Prefix)
@@ -94,37 +102,51 @@ func (v *varsig[_]) encode() []byte {
return buf
}
func (v *varsig[T]) decodePayEncAndSig(r *bytes.Reader, varsig *T, expectedLength uint64) (*T, error) {
func (v varsig) decodePayEncAndSig(r BytesReader) (PayloadEncoding, []byte, error) {
payEnc, err := DecodePayloadEncoding(r, v.Version())
if err != nil {
return nil, err
return 0, nil, err
}
v.payEnc = payEnc
signature, err := io.ReadAll(r)
if err != nil {
return nil, err
var signature []byte
switch v.Version() {
case Version0:
signature, err = io.ReadAll(r)
if err != nil {
return 0, nil, err
}
case Version1:
_, err := r.ReadByte()
if err != nil && !errors.Is(err, io.EOF) {
return 0, nil, err
}
if err == nil {
return 0, nil, ErrUnexpectedSignaturePresent
}
default:
return 0, nil, ErrUnsupportedVersion
}
v.sig = signature
return v.validateSig(varsig, expectedLength)
return payEnc, signature, nil
}
func (v *varsig[T]) validateSig(varsig *T, expectedLength uint64) (*T, error) {
if v.Version() == Version0 && len(v.sig) == 0 {
return varsig, ErrMissingSignature
func validateSig[T Varsig](v T, expectedLength uint64) (T, error) {
if v.Version() == Version0 && len(v.Signature()) == 0 {
return v, ErrMissingSignature
}
if v.Version() == Version0 && uint64(len(v.sig)) != expectedLength {
return nil, ErrUnexpectedSignatureSize
if v.Version() == Version0 && uint64(len(v.Signature())) != expectedLength {
return *new(T), ErrUnexpectedSignatureSize
}
if v.Version() == Version1 && len(v.sig) != 0 {
return nil, ErrUnexpectedSignaturePresent
if v.Version() == Version1 && len(v.Signature()) != 0 {
return *new(T), ErrUnexpectedSignaturePresent
}
return varsig, nil
return v, nil
}
type BytesReader interface {
io.ByteReader
io.Reader
}

12
varsig_test.go
View File

@@ -133,7 +133,7 @@ func TestDecode(t *testing.T) {
vs, err := varsig.Decode(data)
require.ErrorIs(t, err, varsig.ErrUnexpectedSignatureSize)
assert.Nil(t, vs)
assert.Zero(t, vs)
})
t.Run("fails - unexpected signature present - v1", func(t *testing.T) {
@@ -158,15 +158,11 @@ func TestDecode(t *testing.T) {
})
}
func mustVarsig[T varsig.Varsig](t *testing.T) func(*T, error) *T {
func mustVarsig[T varsig.Varsig](t *testing.T, v T, err error) {
t.Helper()
return func(v *T, err error) *T {
if err != nil && ((*v).Version() != varsig.Version0 || !errors.Is(err, varsig.ErrMissingSignature)) {
t.Error(err)
}
return v
if err != nil && (v.Version() != varsig.Version0 || !errors.Is(err, varsig.ErrMissingSignature)) {
t.Error(err)
}
}