tustvold commented on code in PR #585:
URL:
https://github.com/apache/arrow-rs-object-store/pull/585#discussion_r2637298419
##########
src/client/crypto.rs:
##########
@@ -0,0 +1,235 @@
+use crate::Result;
+
+/// Algorithm for computing digests
+#[derive(Debug, Ord, PartialOrd, Eq, PartialEq)]
+#[non_exhaustive]
+pub enum DigestAlgorithm {
+ /// SHA-256
+ Sha256,
+}
+
+/// Algorithm for signing payloads
+#[derive(Debug, Ord, PartialOrd, Eq, PartialEq)]
+#[non_exhaustive]
+pub enum SigningAlgorithm {
+ /// RSASSA-PKCS1-v1_5 using SHA-256
+ RS256,
+}
+
+/// Provides cryptographic primitives
+pub trait CryptoProvider: std::fmt::Debug + Send + Sync {
+ /// Compute a digest
+ fn digest(&self, algorithm: DigestAlgorithm) -> Result<Box<dyn
DigestContext>>;
+
+ /// Compute an HMAC with the provided `secret`
+ fn hmac(&self, algorithm: DigestAlgorithm, secret: &[u8]) ->
Result<Box<dyn HmacContext>>;
+
+ /// Sign a payload with the provided PEM-encoded secret
+ fn sign(&self, algorithm: SigningAlgorithm, pem: &[u8]) -> Result<Box<dyn
Signer>>;
+}
+
+/// Incrementally compute a digest, see [`CryptoProvider::digest`]
+pub trait DigestContext: Send {
+ ///Updates the digest with all the data in data.
+ ///
+ /// It is implementation-defined behaviour to call this after calling
[`Self::finish`]
+ fn update(&mut self, data: &[u8]);
Review Comment:
I debated making this method fallible, but decided any error can be returned
by `finish`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
