#![forbid(unsafe_code)]
use oxicrypto_core::{CryptoError, Vec};
use p521::ecdsa::{
signature::{Signer as EcdsaSigner, Verifier as EcdsaVerifier},
Signature, SigningKey, VerifyingKey,
};
pub struct EcdsaP521Signer {
signing_key: SigningKey,
}
impl EcdsaP521Signer {
pub fn from_bytes(scalar: &[u8]) -> Result<Self, CryptoError> {
let signing_key = SigningKey::from_slice(scalar).map_err(|_| CryptoError::InvalidKey)?;
Ok(Self { signing_key })
}
#[must_use = "signature result must be checked"]
pub fn sign(&self, message: &[u8]) -> Result<Vec<u8>, CryptoError> {
let sig: Signature = EcdsaSigner::sign(&self.signing_key, message);
Ok(sig.to_der().as_bytes().to_vec())
}
#[must_use]
pub fn verifying_key_bytes(&self) -> Vec<u8> {
self.signing_key.verifying_key().to_sec1_bytes().to_vec()
}
}
pub struct EcdsaP521Verifier {
verifying_key: VerifyingKey,
}
impl EcdsaP521Verifier {
pub fn from_sec1_bytes(bytes: &[u8]) -> Result<Self, CryptoError> {
let verifying_key =
VerifyingKey::from_sec1_bytes(bytes).map_err(|_| CryptoError::InvalidKey)?;
Ok(Self { verifying_key })
}
#[must_use = "verification result must be checked"]
pub fn verify(&self, message: &[u8], signature: &[u8]) -> Result<(), CryptoError> {
let sig = Signature::from_der(signature).map_err(|_| CryptoError::InvalidTag)?;
EcdsaVerifier::verify(&self.verifying_key, message, &sig)
.map_err(|_| CryptoError::InvalidTag)
}
}