Skip to main content

signstar_crypto/signer/
traits.rs

1//! Traits and associated structures for low-level signer interface.
2
3use crate::Error;
4
5/// Represents a signing key for low-level operations.
6pub trait RawSigningKey {
7    /// Returns key identifier as a string.
8    ///
9    /// Each signing key has an identifier in a implementation defined format.
10    /// This function will convert that to a [`String`].
11    fn key_id(&self) -> String;
12
13    /// Signs a raw digest.
14    ///
15    /// The digest is without any framing and the result should be a vector of raw signature parts.
16    ///
17    /// # Errors
18    ///
19    /// If the operation fails, the implementation should return an appropriate error.
20    /// The [`crate::signer::error::Error::Hsm`] variant is appropriate for forwarding
21    /// client-specific HSM errors.
22    fn sign(&self, digest: &[u8]) -> Result<Vec<Vec<u8>>, Error>;
23
24    /// Returns certificate bytes associated with this signing key, if any.
25    ///
26    /// This interface does not interpret the certificate in any way but only reflects on whether a
27    /// certificate is set or not.
28    ///
29    /// # Errors
30    ///
31    /// If the operation fails, the implementation should return an appropriate error.
32    /// The [`crate::signer::error::Error::Hsm`] variant is appropriate for forwarding
33    /// client-specific HSM errors.
34    fn certificate(&self) -> Result<Option<Vec<u8>>, Error>;
35
36    /// Returns raw public parts of the signing key.
37    ///
38    /// The implementation of the [`RawSigningKey`] trait implies that a signing key exists and also
39    /// provides public parts.
40    /// The returned [`RawPublicKey`] is used for generating technology-specific certificates.
41    ///
42    /// # Errors
43    ///
44    /// If the operation fails, the implementation should return an appropriate error.
45    /// The [`crate::signer::error::Error::Hsm`] variant is appropriate for forwarding
46    /// client-specific HSM errors.
47    fn public(&self) -> Result<RawPublicKey, Error>;
48}
49
50/// Representation of a public key associated with a [`RawSigningKey`] implementation.
51#[derive(Debug)]
52pub enum RawPublicKey {
53    /// Ed25519 public key.
54    Ed25519(Vec<u8>),
55    /// RSA public key.
56    Rsa {
57        /// Modulus of the RSA key.
58        modulus: Vec<u8>,
59        /// Exponent of the RSA key.
60        exponent: Vec<u8>,
61    },
62    /// NIST P-256 public key.
63    P256(Vec<u8>),
64    /// NIST P-348 public key.
65    P384(Vec<u8>),
66    /// NIST P-521 public key.
67    P521(Vec<u8>),
68}