Documentation
¶
Overview ¶
Package algorithm provides algorithm agility for Signet's cryptographic operations. It defines algorithm constants and a registry of algorithm implementations, allowing callers to select signing algorithms by name.
Index ¶
- Constants
- func MarshalPublicKey(pub crypto.PublicKey) ([]byte, error)
- func Register(alg Algorithm, ops AlgorithmOps)
- func UnmarshalPublicKey(alg Algorithm, data []byte) (crypto.PublicKey, error)
- func Verify(pub crypto.PublicKey, message, signature []byte) (bool, error)
- func ZeroizePrivateKey(key crypto.PrivateKey)
- type Algorithm
- type AlgorithmOps
Constants ¶
const DefaultAlgorithm = Ed25519
DefaultAlgorithm is the algorithm used when none is specified.
Variables ¶
This section is empty.
Functions ¶
func MarshalPublicKey ¶
MarshalPublicKey serializes a public key using the appropriate algorithm. Dispatches deterministically via MatchesPublicKey.
func Register ¶
func Register(alg Algorithm, ops AlgorithmOps)
Register adds an algorithm implementation to the registry. Called by init() functions in algorithm-specific files.
Panics if the new algorithm's key types overlap with an already-registered algorithm, since dispatch functions rely on exactly one match.
func UnmarshalPublicKey ¶
UnmarshalPublicKey deserializes a public key using the named algorithm. The algorithm must be specified because raw bytes are ambiguous.
func Verify ¶
Verify checks a signature using the appropriate algorithm for the given public key. Dispatches deterministically via MatchesPublicKey.
func ZeroizePrivateKey ¶
func ZeroizePrivateKey(key crypto.PrivateKey)
ZeroizePrivateKey securely zeros private key material using the appropriate algorithm. Dispatches deterministically via MatchesPrivateKey.
Panics if no registered algorithm matches the key type. For a security-critical operation, silently ignoring an unrecognized key would mask bugs.
Types ¶
type AlgorithmOps ¶
type AlgorithmOps interface {
// GenerateKey creates a new key pair, returning (publicKey, privateSigner, error).
// The returned crypto.Signer owns the private key material.
GenerateKey() (crypto.PublicKey, crypto.Signer, error)
// GenerateKeyFromSeed creates a deterministic key pair from a seed.
// Seed size requirements are algorithm-specific.
GenerateKeyFromSeed(seed []byte) (crypto.PublicKey, crypto.Signer, error)
// SeedSize returns the expected seed size in bytes for this algorithm.
SeedSize() int
// Verify checks a signature against a public key and message.
Verify(pub crypto.PublicKey, message, signature []byte) (bool, error)
// MarshalPublicKey serializes a public key to bytes for hashing or storage.
MarshalPublicKey(pub crypto.PublicKey) ([]byte, error)
// UnmarshalPublicKey deserializes a public key from bytes.
UnmarshalPublicKey(data []byte) (crypto.PublicKey, error)
// MatchesPublicKey reports whether the given public key is of this algorithm's type.
MatchesPublicKey(pub crypto.PublicKey) bool
// MatchesPrivateKey reports whether the given private key is of this algorithm's type.
MatchesPrivateKey(key crypto.PrivateKey) bool
// ZeroizePrivateKey securely zeros private key material.
ZeroizePrivateKey(key crypto.PrivateKey)
}
AlgorithmOps defines the operations for a signing algorithm. Each algorithm registers an implementation of this interface.
func Get ¶
func Get(alg Algorithm) (AlgorithmOps, error)
Get returns the AlgorithmOps for the given algorithm.
func MustGet ¶
func MustGet(alg Algorithm) AlgorithmOps
MustGet returns the AlgorithmOps for the given algorithm, panicking if not found. Use only in init() or test setup.
Source Files