signstar_crypto/signer/
traits.rs

1//! Traits and associated structures for low-level signer interface.
2
3use crate::signer::error::Error;
4
5/// Represents a signing key for low-level operations.
6pub trait RawSigningKey {
7    /// Returns key identifier as a string.
8    ///
9    /// Each signing key has an identifier in a implementation defined format.
10    /// This function will convert that to a [`String`].
11    fn key_id(&self) -> String;
12
13    /// Signs a raw digest.
14    ///
15    /// The digest is without any framing and the result should be a vector of raw signature parts.
16    ///
17    /// # Errors
18    ///
19    /// If the operation fails, the implementation should return an appropriate error.
20    /// The [`Error::Hsm`] variant is appropriate for forwarding client-specific HSM errors.
21    fn sign(&self, digest: &[u8]) -> Result<Vec<Vec<u8>>, Error>;
22
23    /// Returns certificate bytes associated with this signing key, if any.
24    ///
25    /// This interface does not interpret the certificate in any way but only reflects on whether a
26    /// certificate is set or not.
27    ///
28    /// # Errors
29    ///
30    /// If the operation fails, the implementation should return an appropriate error.
31    /// The [`Error::Hsm`] variant is appropriate for forwarding client-specific HSM errors.
32    fn certificate(&self) -> Result<Option<Vec<u8>>, Error>;
33
34    /// Returns raw public parts of the signing key.
35    ///
36    /// The implementation of the [`RawSigningKey`] trait implies that a signing key exists and also
37    /// provides public parts.
38    /// The returned [`RawPublicKey`] is used for generating technology-specific certificates.
39    ///
40    /// # Errors
41    ///
42    /// If the operation fails, the implementation should return an appropriate error.
43    /// The [`Error::Hsm`] variant is appropriate for forwarding client-specific HSM errors.
44    fn public(&self) -> Result<RawPublicKey, Error>;
45}
46
47/// Representation of a public key associated with a [`RawSigningKey`] implementation.
48#[derive(Debug)]
49pub enum RawPublicKey {
50    /// Ed25519 public key.
51    Ed25519(Vec<u8>),
52    /// RSA public key.
53    Rsa {
54        /// Modulus of the RSA key.
55        modulus: Vec<u8>,
56        /// Exponent of the RSA key.
57        exponent: Vec<u8>,
58    },
59    /// NIST P-256 public key.
60    P256(Vec<u8>),
61    /// NIST P-348 public key.
62    P384(Vec<u8>),
63    /// NIST P-521 public key.
64    P521(Vec<u8>),
65}