1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84

use crate::prelude::*;

/// Sign something that is serializable using the private key for the passed public key.
///
/// Serde convenience for [ `sign_raw `].
pub fn sign<K, D>(key: K, data: D) -> ExternResult<Signature>
where
    K: Into<AgentPubKey>,
    D: serde::Serialize + std::fmt::Debug,
{
    HDK.with(|h| h.borrow().sign(Sign::new(key.into(), data)?))
}

/// Sign some data using the private key for the passed public key.
///
/// Assuming the private key for the provided pubkey exists in lair this will work.
/// If we don't have the private key for the public key then we can't sign anything!
///
/// See [ `sign` ]
pub fn sign_raw<K>(key: K, data: Vec<u8>) -> ExternResult<Signature>
where
    K: Into<AgentPubKey>,
{
    HDK.with(|h| h.borrow().sign(Sign::new_raw(key.into(), data)))
}

/// Sign N serializable things using an ephemeral private key.
///
/// Serde convenience for [ `sign_ephemeral_raw` ].
pub fn sign_ephemeral<D>(datas: Vec<D>) -> ExternResult<EphemeralSignatures>
where
    D: serde::Serialize + std::fmt::Debug,
{
    HDK.with(|h| h.borrow().sign_ephemeral(SignEphemeral::new(datas)?))
}

/// Sign N data using an ephemeral private key.
///
/// This is a complement to [ `sign_raw` ] in case we don't have a meaningful key for the input.
/// __The generated private half of the key is discarded immediately upon signing__.
///
/// The signatures output are pairwise ordered the same as the input data.
/// It is up to the caller to construct meaning for ephemeral signatures in some cryptographic system.
pub fn sign_ephemeral_raw(datas: Vec<Vec<u8>>) -> ExternResult<EphemeralSignatures> {
    HDK.with(|h| h.borrow().sign_ephemeral(SignEphemeral::new_raw(datas)))
}

/// Verify the passed signature and public key against the passed serializable input.
///
/// The data is not used literally, it is serialized.
/// This is important to use if you have data structures rather than bytes, as the serialization will
/// be passed through the canonical serialization process, guaranteeing consistent behaviour.
/// If you pass in a Vec<u8> expecting it to be verified literally the signature won't verify correctly.
///
/// See [ `verify_signature_raw` ]
pub fn verify_signature<K, S, D>(key: K, signature: S, data: D) -> ExternResult<bool>
where
    K: Into<AgentPubKey>,
    S: Into<Signature>,
    D: serde::Serialize + std::fmt::Debug,
{
    HDK.with(|h| {
        h.borrow()
            .verify_signature(VerifySignature::new(key.into(), signature.into(), data)?)
    })
}

/// Verify the passed signature and public key against the literal bytes input.
///
/// The data is used as-is, there is no serialization or additional processing.
/// This is best to use if you have literal bytes from somewhere.
/// If you pass in a Vec<u8> expecting it to be serialized here, the signature won't verify correctly.
///
/// See [ `verify_signature` ]
pub fn verify_signature_raw<K, S>(key: K, signature: S, data: Vec<u8>) -> ExternResult<bool>
where
    K: Into<AgentPubKey>,
    S: Into<Signature>,
{
    HDK.with(|h| {
        h.borrow()
            .verify_signature(VerifySignature::new_raw(key.into(), signature.into(), data))
    })
}