lib_q_core/providers/
signature_provider.rs

1//! Signature provider implementation
2//!
3//! This module provides the LibQSignatureProvider that implements signature operations
4//! with proper security validation and algorithm routing.
5
6#[cfg(feature = "alloc")]
7use alloc::{
8    string::ToString,
9    vec::Vec,
10};
11
12use crate::api::{
13    Algorithm,
14    SignatureOperations,
15};
16use crate::error::Result;
17use crate::security::SecurityValidator;
18use crate::traits::{
19    SigKeypair,
20    SigPublicKey,
21    SigSecretKey,
22};
23
24/// lib-Q signature provider implementation
25///
26/// This provider implements signature operations for lib-Q, including key generation,
27/// signing, and verification with proper security validation.
28#[cfg(feature = "alloc")]
29#[derive(Clone)]
30pub struct LibQSignatureProvider {
31    security_validator: SecurityValidator,
32}
33
34#[cfg(feature = "alloc")]
35impl LibQSignatureProvider {
36    /// Create a new signature provider
37    ///
38    /// # Returns
39    ///
40    /// A new instance of LibQSignatureProvider with security validation initialized.
41    ///
42    /// # Errors
43    ///
44    /// Returns an error if the security validator fails to initialize.
45    pub fn new() -> Result<Self> {
46        Ok(Self {
47            security_validator: SecurityValidator::new()?,
48        })
49    }
50}
51
52#[cfg(feature = "alloc")]
53impl SignatureOperations for LibQSignatureProvider {
54    fn generate_keypair(
55        &self,
56        algorithm: Algorithm,
57        randomness: Option<&[u8]>,
58    ) -> Result<SigKeypair> {
59        // Validate algorithm category
60        self.security_validator
61            .validate_algorithm_category(algorithm, crate::api::AlgorithmCategory::Signature)?;
62
63        // Validate randomness if provided
64        if let Some(rng) = randomness {
65            self.security_validator.validate_randomness(rng)?;
66        }
67
68        // Route to specific algorithm implementation
69        // Note: Actual implementations are provided by the main lib-q crate
70        match algorithm {
71            Algorithm::MlDsa44 | Algorithm::MlDsa65 | Algorithm::MlDsa87 => {
72                Err(crate::error::Error::NotImplemented {
73                    feature: "ML-DSA implementations are provided by the main lib-q crate"
74                        .to_string(),
75                })
76            }
77            Algorithm::FnDsa | Algorithm::FnDsa512 | Algorithm::FnDsa1024 => {
78                Err(crate::error::Error::NotImplemented {
79                    feature: "FN-DSA implementations are provided by the main lib-q crate"
80                        .to_string(),
81                })
82            }
83            Algorithm::SlhDsaSha256128fRobust |
84            Algorithm::SlhDsaSha256192fRobust |
85            Algorithm::SlhDsaSha256256fRobust |
86            Algorithm::SlhDsaShake256128fRobust |
87            Algorithm::SlhDsaShake256192fRobust |
88            Algorithm::SlhDsaShake256256fRobust => Err(crate::error::Error::NotImplemented {
89                feature: "SLH-DSA implementations are provided by the main lib-q crate".to_string(),
90            }),
91            _ => Err(crate::error::Error::InvalidAlgorithm {
92                algorithm: "Algorithm not supported for signature operations",
93            }),
94        }
95    }
96
97    fn sign(
98        &self,
99        algorithm: Algorithm,
100        secret_key: &SigSecretKey,
101        message: &[u8],
102        randomness: Option<&[u8]>,
103    ) -> Result<Vec<u8>> {
104        // Validate algorithm category
105        self.security_validator
106            .validate_algorithm_category(algorithm, crate::api::AlgorithmCategory::Signature)?;
107
108        // Validate secret key
109        self.security_validator
110            .validate_secret_key(algorithm, secret_key.as_bytes())?;
111
112        // Validate message
113        self.security_validator
114            .validate_signature_message(message)?;
115
116        // Validate randomness if provided
117        if let Some(rng) = randomness {
118            self.security_validator.validate_randomness(rng)?;
119        }
120
121        // Route to specific algorithm implementation
122        // Note: Actual implementations are provided by the main lib-q crate
123        match algorithm {
124            Algorithm::MlDsa44 | Algorithm::MlDsa65 | Algorithm::MlDsa87 => {
125                Err(crate::error::Error::NotImplemented {
126                    feature: "ML-DSA implementations are provided by the main lib-q crate"
127                        .to_string(),
128                })
129            }
130            Algorithm::FnDsa | Algorithm::FnDsa512 | Algorithm::FnDsa1024 => {
131                Err(crate::error::Error::NotImplemented {
132                    feature: "FN-DSA implementations are provided by the main lib-q crate"
133                        .to_string(),
134                })
135            }
136            Algorithm::SlhDsaSha256128fRobust |
137            Algorithm::SlhDsaSha256192fRobust |
138            Algorithm::SlhDsaSha256256fRobust |
139            Algorithm::SlhDsaShake256128fRobust |
140            Algorithm::SlhDsaShake256192fRobust |
141            Algorithm::SlhDsaShake256256fRobust => Err(crate::error::Error::NotImplemented {
142                feature: "SLH-DSA implementations are provided by the main lib-q crate".to_string(),
143            }),
144            _ => Err(crate::error::Error::InvalidAlgorithm {
145                algorithm: "Algorithm not supported for signature operations",
146            }),
147        }
148    }
149
150    fn verify(
151        &self,
152        algorithm: Algorithm,
153        public_key: &SigPublicKey,
154        message: &[u8],
155        signature: &[u8],
156    ) -> Result<bool> {
157        // Validate algorithm category
158        self.security_validator
159            .validate_algorithm_category(algorithm, crate::api::AlgorithmCategory::Signature)?;
160
161        // Validate public key
162        self.security_validator
163            .validate_public_key(algorithm, public_key.as_bytes())?;
164
165        // Validate message
166        self.security_validator
167            .validate_signature_message(message)?;
168
169        // Validate signature
170        self.security_validator
171            .validate_signature(algorithm, signature)?;
172
173        // Route to specific algorithm implementation
174        // Note: Actual implementations are provided by the main lib-q crate
175        match algorithm {
176            Algorithm::MlDsa44 | Algorithm::MlDsa65 | Algorithm::MlDsa87 => {
177                Err(crate::error::Error::NotImplemented {
178                    feature: "ML-DSA implementations are provided by the main lib-q crate"
179                        .to_string(),
180                })
181            }
182            Algorithm::FnDsa | Algorithm::FnDsa512 | Algorithm::FnDsa1024 => {
183                Err(crate::error::Error::NotImplemented {
184                    feature: "FN-DSA implementations are provided by the main lib-q crate"
185                        .to_string(),
186                })
187            }
188            Algorithm::SlhDsaSha256128fRobust |
189            Algorithm::SlhDsaSha256192fRobust |
190            Algorithm::SlhDsaSha256256fRobust |
191            Algorithm::SlhDsaShake256128fRobust |
192            Algorithm::SlhDsaShake256192fRobust |
193            Algorithm::SlhDsaShake256256fRobust => Err(crate::error::Error::NotImplemented {
194                feature: "SLH-DSA implementations are provided by the main lib-q crate".to_string(),
195            }),
196            _ => Err(crate::error::Error::InvalidAlgorithm {
197                algorithm: "Algorithm not supported for signature operations",
198            }),
199        }
200    }
201}
202
203#[cfg(test)]
204#[cfg(feature = "alloc")]
205mod tests {
206    use super::*;
207
208    #[test]
209    fn test_signature_provider_creation() {
210        let provider = LibQSignatureProvider::new();
211        assert!(
212            provider.is_ok(),
213            "LibQSignatureProvider should be created successfully"
214        );
215    }
216
217    #[test]
218    fn test_signature_provider_unsupported_algorithm() {
219        let provider = LibQSignatureProvider::new().unwrap();
220        let result = provider.generate_keypair(Algorithm::Sha3_256, None);
221        assert!(
222            result.is_err(),
223            "Should return error for unsupported algorithm"
224        );
225
226        if let Err(crate::error::Error::InvalidAlgorithm { .. }) = result {
227            // Expected error type
228        } else {
229            panic!("Expected InvalidAlgorithm error");
230        }
231    }
232
233    #[test]
234    fn test_signature_provider_feature_flag_handling() {
235        let provider = LibQSignatureProvider::new().unwrap();
236
237        // Test ML-DSA without feature flag
238        let result = provider.generate_keypair(Algorithm::MlDsa65, None);
239        assert!(
240            result.is_err(),
241            "Should return error when feature flag is not enabled"
242        );
243
244        if let Err(crate::error::Error::NotImplemented { feature }) = result {
245            assert!(
246                feature.contains("ML-DSA implementations are provided by the main lib-q crate"),
247                "Error should mention that implementations are provided by main lib-q crate"
248            );
249        } else {
250            panic!("Expected NotImplemented error");
251        }
252    }
253}
lib_q_core/providers/signature_provider.rs

lib_q_core/providers/
signature_provider.rs
