signature/verifier.rs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46
//! Trait for verifying digital signatures
use crate::{error::Error, Signature};
#[cfg(feature = "digest-preview")]
use crate::digest::Digest;
/// Verify the provided message bytestring using `Self` (e.g. a public key)
pub trait Verifier<S: Signature> {
/// Use `Self` to verify that the provided signature for a given message
/// bytestring is authentic.
///
/// Returns `Error` if it is inauthentic, or otherwise returns `()`.
fn verify(&self, msg: &[u8], signature: &S) -> Result<(), Error>;
}
/// Verify the provided signature for the given prehashed message [`Digest`]
/// is authentic.
///
/// ## Notes
///
/// This trait is primarily intended for signature algorithms based on the
/// [Fiat-Shamir heuristic], a method for converting an interactive
/// challenge/response-based proof-of-knowledge protocol into an offline
/// digital signature through the use of a random oracle, i.e. a digest
/// function.
///
/// The security of such protocols critically rests upon the inability of
/// an attacker to solve for the output of the random oracle, as generally
/// otherwise such signature algorithms are a system of linear equations and
/// therefore doing so would allow the attacker to trivially forge signatures.
///
/// To prevent misuse which would potentially allow this to be possible, this
/// API accepts a [`Digest`] instance, rather than a raw digest value.
///
/// [Fiat-Shamir heuristic]: https://en.wikipedia.org/wiki/Fiat%E2%80%93Shamir_heuristic
#[cfg(feature = "digest-preview")]
#[cfg_attr(docsrs, doc(cfg(feature = "digest-preview")))]
pub trait DigestVerifier<D, S>
where
D: Digest,
S: Signature,
{
/// Verify the signature against the given [`Digest`] output.
fn verify_digest(&self, digest: D, signature: &S) -> Result<(), Error>;
}