1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
//! Executor-free, pure-Rust signature verification for the synchronous verifier core.
//!
//! The presentation/credential verifier is pure over its injected inputs — the only
//! reason it was ever `async` is that [`auths_crypto::CryptoProvider`] is an async
//! trait (it has to be, so a WASM build can route through the genuinely-async
//! `WebCrypto`). But `block_on` is structurally impossible in browser WASM, so every
//! non-Rust binding target needs a path that verifies **without an executor**.
//!
//! This module is that path. It dispatches on the CESR key's curve tag (never on byte
//! length) and verifies with vetted pure-Rust crates — `p256` for P-256 and
//! `ed25519-dalek` for Ed25519 — both of which compile on `wasm32` and run
//! synchronously on every target. Signature verification is deterministic and
//! backend-independent: a valid signature verifies identically whether checked by
//! `ring`, AWS-LC, or these crates, so the synchronous verdict is in exact parity with
//! the async [`CryptoProvider`]-driven path (guarded by the `*_sync` parity tests).
//!
//! It never signs and never touches a secret — it is a verification-only surface, which
//! is exactly why a pure-Rust implementation (no `ring`, no FIPS toolchain) is the right
//! fit for the embeddable verifier.
use CurveType;
use KeriPublicKey;
/// Verify a signature against a CESR-tagged key, dispatching on the key's curve tag.
///
/// The curve is read from the parsed CESR key (`key.curve()`), never inferred from byte
/// length — preserving the load-bearing wire-format curve-tagging rule. Any malformed
/// key, signature, or curve mismatch returns `false` (fail-closed); this function never
/// panics, so it is safe to call directly from the FFI/WASM boundary.
///
/// Args:
/// * `key`: The CESR-tagged public key recovered from a replayed KEL.
/// * `message`: The exact bytes that were signed.
/// * `signature`: The detached signature to check (64 bytes for both curves).
///
/// Usage:
/// ```ignore
/// if software_verify::verify_with_key_sync(&key, &message, &signature) {
/// // signature is valid under the key's tagged curve
/// }
/// ```
pub
/// Verify an Ed25519 signature (RFC 8032) over `message` against a raw 32-byte key.
/// Verify an ECDSA P-256 signature (`r||s`, 64 bytes) against a SEC1 public key.