sentinel_crypto/sign_trait.rs
1use crate::error::CryptoError;
2
3/// Core trait for signature algorithms used in sentinel-crypto.
4/// This trait abstracts digital signature operations to allow easy switching
5/// between different signature schemes while maintaining a consistent interface.
6///
7/// Design choice: Associated types for key types ensure type safety at compile-time.
8/// The trait is sealed to prevent insecure external implementations. All operations
9/// return our unified CryptoError for consistent error handling.
10pub trait SignatureAlgorithm: private::Sealed {
11 /// The type of the signing key
12 type SigningKey;
13 /// The type of the verifying key
14 type VerifyingKey;
15 /// The type of the signature
16 type Signature;
17
18 /// Signs the given hash using the provided private key.
19 /// Returns a hex-encoded signature string.
20 ///
21 /// # Arguments
22 /// * `hash` - The hash to sign (as a string)
23 /// * `private_key` - The signing key
24 ///
25 /// # Returns
26 /// A hex-encoded signature string
27 ///
28 /// # Errors
29 /// Returns `CryptoError::Signature` if signing fails
30 fn sign_hash(hash: &str, private_key: &Self::SigningKey) -> Result<String, CryptoError>;
31
32 /// Verifies a signature against the given hash using the provided public key.
33 ///
34 /// # Arguments
35 /// * `hash` - The original hash (as a string)
36 /// * `signature` - The hex-encoded signature to verify
37 /// * `public_key` - The verifying key
38 ///
39 /// # Returns
40 /// `true` if verification succeeds, `false` otherwise
41 ///
42 /// # Errors
43 /// Returns `CryptoError` if verification process fails
44 fn verify_signature(hash: &str, signature: &str, public_key: &Self::VerifyingKey) -> Result<bool, CryptoError>;
45}
46
47// Sealing the trait to prevent external implementations
48pub(crate) mod private {
49 pub trait Sealed {}
50}