blob: 65409a9296e1d32f990f871af8f2bc546f3cffb6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
//! Trait for verifying digital signatures
use crate::error::Error;
#[cfg(feature = "digest")]
use crate::digest::Digest;
/// Verify the provided message bytestring using `Self` (e.g. a public key)
pub trait Verifier<S> {
/// Use `Self` to verify that the provided signature for a given message
/// bytestring is authentic.
///
/// Returns `Error` if it is inauthentic, or otherwise returns `()`.
fn verify(&self, msg: &[u8], signature: &S) -> Result<(), Error>;
}
/// Verify the provided signature for the given prehashed message [`Digest`]
/// is authentic.
///
/// ## Notes
///
/// This trait is primarily intended for signature algorithms based on the
/// [Fiat-Shamir heuristic], a method for converting an interactive
/// challenge/response-based proof-of-knowledge protocol into an offline
/// digital signature through the use of a random oracle, i.e. a digest
/// function.
///
/// The security of such protocols critically rests upon the inability of
/// an attacker to solve for the output of the random oracle, as generally
/// otherwise such signature algorithms are a system of linear equations and
/// therefore doing so would allow the attacker to trivially forge signatures.
///
/// To prevent misuse which would potentially allow this to be possible, this
/// API accepts a [`Digest`] instance, rather than a raw digest value.
///
/// [Fiat-Shamir heuristic]: https://en.wikipedia.org/wiki/Fiat%E2%80%93Shamir_heuristic
#[cfg(feature = "digest")]
pub trait DigestVerifier<D: Digest, S> {
/// Verify the signature against the given [`Digest`] output.
fn verify_digest(&self, digest: D, signature: &S) -> Result<(), Error>;
}
|