From ebcd784f6c5d93ce466518795f2a1da14ca91533 Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Mon, 2 Dec 2024 15:09:54 -0800 Subject: [PATCH] signature: merge types from async-signature --- async-signature/README.md | 5 +++ async-signature/src/hazmat.rs | 53 +++++------------------ async-signature/src/lib.rs | 81 ++++------------------------------- signature/src/hazmat.rs | 41 ++++++++++++++++++ signature/src/signer.rs | 74 ++++++++++++++++++++++++++++++++ 5 files changed, 139 insertions(+), 115 deletions(-) diff --git a/async-signature/README.md b/async-signature/README.md index 838661376..a1898475b 100644 --- a/async-signature/README.md +++ b/async-signature/README.md @@ -7,6 +7,10 @@ [![Project Chat][chat-image]][chat-link] [![Build Status][build-image]][build-link] +## Deprecated + +This crate is now deprecated, all the types are available in [`signature`][signature-crate] + ## Minimum Supported Rust Version Rust **1.81** or higher. @@ -41,3 +45,4 @@ dual licensed as above, without any additional terms or conditions. [chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260048-signatures [build-image]: https://github.com/RustCrypto/traits/workflows/async-signature/badge.svg?branch=master&event=push [build-link]: https://github.com/RustCrypto/traits/actions?query=workflow:async-signature +[signature-crate]: https://crates.io/crates/signature diff --git a/async-signature/src/hazmat.rs b/async-signature/src/hazmat.rs index 4a130d578..5fbdda362 100644 --- a/async-signature/src/hazmat.rs +++ b/async-signature/src/hazmat.rs @@ -6,48 +6,15 @@ //! Using them incorrectly can introduce security vulnerabilities. Please //! carefully read the documentation before attempting to use them. -use signature::Error; +#[deprecated( + since = "0.6.0", + note = "use `signature::hazmat::AsyncPrehashSigner` instead" +)] +pub use signature::hazmat::AsyncPrehashSigner; #[cfg(feature = "rand_core")] -use signature::rand_core::CryptoRngCore; - -/// Asynchronously sign the provided message prehash, returning a digital signature. -#[allow(async_fn_in_trait)] -pub trait AsyncPrehashSigner { - /// Attempt to sign the given message digest, returning a digital signature - /// on success, or an error if something went wrong. - /// - /// The `prehash` parameter should be the output of a secure cryptographic - /// hash function. - /// - /// This API takes a `prehash` byte slice as there can potentially be many - /// compatible lengths for the message digest for a given concrete signature - /// algorithm. - /// - /// Allowed lengths are algorithm-dependent and up to a particular - /// implementation to decide. - async fn sign_prehash_async(&self, prehash: &[u8]) -> Result; -} - -/// Asynchronously sign the provided message prehash using the provided external randomness source, returning a digital signature. -#[cfg(feature = "rand_core")] -#[allow(async_fn_in_trait)] -pub trait AsyncRandomizedPrehashSigner { - /// Attempt to sign the given message digest, returning a digital signature - /// on success, or an error if something went wrong. - /// - /// The `prehash` parameter should be the output of a secure cryptographic - /// hash function. - /// - /// This API takes a `prehash` byte slice as there can potentially be many - /// compatible lengths for the message digest for a given concrete signature - /// algorithm. - /// - /// Allowed lengths are algorithm-dependent and up to a particular - /// implementation to decide. - async fn sign_prehash_with_rng_async( - &self, - rng: &mut impl CryptoRngCore, - prehash: &[u8], - ) -> Result; -} +#[deprecated( + since = "0.6.0", + note = "use `signature::hazmat::AsyncRandomizedPrehashSigner` instead" +)] +pub use signature::hazmat::AsyncRandomizedPrehashSigner; diff --git a/async-signature/src/lib.rs b/async-signature/src/lib.rs index 56d40e841..74fbee82b 100644 --- a/async-signature/src/lib.rs +++ b/async-signature/src/lib.rs @@ -20,79 +20,16 @@ pub use signature::{self, Error}; #[cfg(feature = "digest")] pub use signature::digest::{self, Digest}; -#[cfg(feature = "rand_core")] -use signature::rand_core::CryptoRngCore; - -/// Asynchronously sign the provided message bytestring using `Self` -/// (e.g. client for a Cloud KMS or HSM), returning a digital signature. -/// -/// This trait is an async equivalent of the [`signature::Signer`] trait. -#[allow(async_fn_in_trait)] -pub trait AsyncSigner { - /// Attempt to sign the given message, returning a digital signature on - /// success, or an error if something went wrong. - /// - /// The main intended use case for signing errors is when communicating - /// with external signers, e.g. cloud KMS, HSMs, or other hardware tokens. - async fn sign_async(&self, msg: &[u8]) -> Result; -} +#[deprecated(since = "0.6.0", note = "use `signature::AsyncSigner` instead")] +pub use signature::AsyncSigner; -impl AsyncSigner for T -where - T: signature::Signer, -{ - async fn sign_async(&self, msg: &[u8]) -> Result { - self.try_sign(msg) - } -} - -/// Asynchronously sign the given prehashed message [`Digest`] using `Self`. -/// -/// This trait is an async equivalent of the [`signature::DigestSigner`] trait. #[cfg(feature = "digest")] -#[allow(async_fn_in_trait)] -pub trait AsyncDigestSigner -where - D: Digest, -{ - /// Attempt to sign the given prehashed message [`Digest`], returning a - /// digital signature on success, or an error if something went wrong. - async fn sign_digest_async(&self, digest: D) -> Result; -} +#[deprecated(since = "0.6.0", note = "use `signature::AsyncDigestSigner` instead")] +pub use signature::AsyncDigestSigner; -/// Sign the given message using the provided external randomness source. #[cfg(feature = "rand_core")] -#[allow(async_fn_in_trait)] -pub trait AsyncRandomizedSigner { - /// Sign the given message and return a digital signature - async fn sign_with_rng_async(&self, rng: &mut impl CryptoRngCore, msg: &[u8]) -> S { - self.try_sign_with_rng_async(rng, msg) - .await - .expect("signature operation failed") - } - - /// Attempt to sign the given message, returning a digital signature on - /// success, or an error if something went wrong. - /// - /// The main intended use case for signing errors is when communicating - /// with external signers, e.g. cloud KMS, HSMs, or other hardware tokens. - async fn try_sign_with_rng_async( - &self, - rng: &mut impl CryptoRngCore, - msg: &[u8], - ) -> Result; -} - -#[cfg(feature = "rand_core")] -impl AsyncRandomizedSigner for T -where - T: signature::RandomizedSigner, -{ - async fn try_sign_with_rng_async( - &self, - rng: &mut impl CryptoRngCore, - msg: &[u8], - ) -> Result { - self.try_sign_with_rng(rng, msg) - } -} +#[deprecated( + since = "0.6.0", + note = "use `signature::AsyncRandomizedSigner` instead" +)] +pub use signature::AsyncRandomizedSigner; diff --git a/signature/src/hazmat.rs b/signature/src/hazmat.rs index d2f3e9523..4b3da3c4b 100644 --- a/signature/src/hazmat.rs +++ b/signature/src/hazmat.rs @@ -68,3 +68,44 @@ pub trait PrehashVerifier { /// solving a system of linear equations. fn verify_prehash(&self, prehash: &[u8], signature: &S) -> Result<(), Error>; } + +/// Asynchronously sign the provided message prehash, returning a digital signature. +#[allow(async_fn_in_trait)] +pub trait AsyncPrehashSigner { + /// Attempt to sign the given message digest, returning a digital signature + /// on success, or an error if something went wrong. + /// + /// The `prehash` parameter should be the output of a secure cryptographic + /// hash function. + /// + /// This API takes a `prehash` byte slice as there can potentially be many + /// compatible lengths for the message digest for a given concrete signature + /// algorithm. + /// + /// Allowed lengths are algorithm-dependent and up to a particular + /// implementation to decide. + async fn sign_prehash_async(&self, prehash: &[u8]) -> Result; +} + +/// Asynchronously sign the provided message prehash using the provided external randomness source, returning a digital signature. +#[cfg(feature = "rand_core")] +#[allow(async_fn_in_trait)] +pub trait AsyncRandomizedPrehashSigner { + /// Attempt to sign the given message digest, returning a digital signature + /// on success, or an error if something went wrong. + /// + /// The `prehash` parameter should be the output of a secure cryptographic + /// hash function. + /// + /// This API takes a `prehash` byte slice as there can potentially be many + /// compatible lengths for the message digest for a given concrete signature + /// algorithm. + /// + /// Allowed lengths are algorithm-dependent and up to a particular + /// implementation to decide. + async fn sign_prehash_with_rng_async( + &self, + rng: &mut impl CryptoRngCore, + prehash: &[u8], + ) -> Result; +} diff --git a/signature/src/signer.rs b/signature/src/signer.rs index 488f7da67..34caf2a1a 100644 --- a/signature/src/signer.rs +++ b/signature/src/signer.rs @@ -143,3 +143,77 @@ impl> RandomizedSignerMut for T { T::try_sign_with_rng(self, rng, msg) } } + +/// Asynchronously sign the provided message bytestring using `Self` +/// (e.g. client for a Cloud KMS or HSM), returning a digital signature. +/// +/// This trait is an async equivalent of the [`Signer`] trait. +#[allow(async_fn_in_trait)] +pub trait AsyncSigner { + /// Attempt to sign the given message, returning a digital signature on + /// success, or an error if something went wrong. + /// + /// The main intended use case for signing errors is when communicating + /// with external signers, e.g. cloud KMS, HSMs, or other hardware tokens. + async fn sign_async(&self, msg: &[u8]) -> Result; +} + +impl AsyncSigner for T +where + T: Signer, +{ + async fn sign_async(&self, msg: &[u8]) -> Result { + self.try_sign(msg) + } +} + +/// Asynchronously sign the given prehashed message [`Digest`] using `Self`. +/// +/// This trait is an async equivalent of the [`DigestSigner`] trait. +#[cfg(feature = "digest")] +#[allow(async_fn_in_trait)] +pub trait AsyncDigestSigner +where + D: Digest, +{ + /// Attempt to sign the given prehashed message [`Digest`], returning a + /// digital signature on success, or an error if something went wrong. + async fn sign_digest_async(&self, digest: D) -> Result; +} + +/// Sign the given message using the provided external randomness source. +#[cfg(feature = "rand_core")] +#[allow(async_fn_in_trait)] +pub trait AsyncRandomizedSigner { + /// Sign the given message and return a digital signature + async fn sign_with_rng_async(&self, rng: &mut impl CryptoRngCore, msg: &[u8]) -> S { + self.try_sign_with_rng_async(rng, msg) + .await + .expect("signature operation failed") + } + + /// Attempt to sign the given message, returning a digital signature on + /// success, or an error if something went wrong. + /// + /// The main intended use case for signing errors is when communicating + /// with external signers, e.g. cloud KMS, HSMs, or other hardware tokens. + async fn try_sign_with_rng_async( + &self, + rng: &mut impl CryptoRngCore, + msg: &[u8], + ) -> Result; +} + +#[cfg(feature = "rand_core")] +impl AsyncRandomizedSigner for T +where + T: RandomizedSigner, +{ + async fn try_sign_with_rng_async( + &self, + rng: &mut impl CryptoRngCore, + msg: &[u8], + ) -> Result { + self.try_sign_with_rng(rng, msg) + } +}