diff options
Diffstat (limited to 'vendor/signature')
| -rw-r--r-- | vendor/signature/.cargo-checksum.json | 2 | ||||
| -rw-r--r-- | vendor/signature/CHANGELOG.md | 30 | ||||
| -rw-r--r-- | vendor/signature/Cargo.toml | 26 | ||||
| -rw-r--r-- | vendor/signature/LICENSE-MIT | 2 | ||||
| -rw-r--r-- | vendor/signature/README.md | 35 | ||||
| -rw-r--r-- | vendor/signature/src/encoding.rs | 31 | ||||
| -rw-r--r-- | vendor/signature/src/error.rs | 7 | ||||
| -rw-r--r-- | vendor/signature/src/hazmat.rs | 21 | ||||
| -rw-r--r-- | vendor/signature/src/keypair.rs | 24 | ||||
| -rw-r--r-- | vendor/signature/src/lib.rs | 105 | ||||
| -rw-r--r-- | vendor/signature/src/prehash_signature.rs | 31 | ||||
| -rw-r--r-- | vendor/signature/src/signature.rs | 68 | ||||
| -rw-r--r-- | vendor/signature/src/signer.rs | 64 | ||||
| -rw-r--r-- | vendor/signature/src/verifier.rs | 15 | ||||
| -rw-r--r-- | vendor/signature/tests/derive.rs | 40 |
15 files changed, 239 insertions, 262 deletions
diff --git a/vendor/signature/.cargo-checksum.json b/vendor/signature/.cargo-checksum.json index f3fca0f74..9d2d453d0 100644 --- a/vendor/signature/.cargo-checksum.json +++ b/vendor/signature/.cargo-checksum.json @@ -1 +1 @@ -{"files":{"CHANGELOG.md":"ffea692939624650fdc658b1f4475983ed992dd0448bd0470afb10d3c59fd37a","Cargo.toml":"f8c47b3e2cdd8bf029f036e4725210ac8f5eae78045a59c3a8f07a3571a8221e","LICENSE-APACHE":"a9040321c3712d8fd0b09cf52b17445de04a23a10165049ae187cd39e5c86be5","LICENSE-MIT":"bdebaf9156a298f8fdab56dd26cb5144673de522d80f4c0d88e0039145f147f9","README.md":"61dd7de22512e5ee5a5479c7757be89dc9f136ac810eb25bdea598e4f6600352","src/error.rs":"8e17929b47998ea3b3704adf70e1d501754ffc5910e6b074144ac91cbd811e89","src/hazmat.rs":"dbaa6b9f30626d0e68869d315640ed18e1c3ac665c0227e1de1e401952767b36","src/keypair.rs":"ec3166f3983e5bd781b429603fcfa4fd15546398ba372a32be007bdee36a6020","src/lib.rs":"64c6788856aaba3e31c8b6d91e653590190e802c4ddf327e81c0c32701f19b57","src/signature.rs":"1364b4d70d531eab5e9954044ea7ff3cda5b5a635141f4b25d3f40a5c5d1303f","src/signer.rs":"02e147e922957e53a70d8ab02d504c91ab7f43617abfdb5781e18558ededf7a9","src/verifier.rs":"0c7dc6d48f8bf1960b5e06032548eaa441ecdfa4cdb7a3d38ad2c7486c992635","tests/derive.rs":"619bd7185f7f66376b8c2a61dd896c316af47363a66ab1e949f4146a4e988fa2"},"package":"74233d3b3b2f6d4b006dc19dee745e73e2a6bfb6f93607cd3b02bd5b00797d7c"}
\ No newline at end of file +{"files":{"CHANGELOG.md":"e1dc1a42d89c604d5bfcdd31f0ecda5442fde141fbdaed5ec27741f799a08684","Cargo.toml":"86b4f84f3ef286ed13cf6b2880192db068ae80eadff89955331946c8a253c2d9","LICENSE-APACHE":"a9040321c3712d8fd0b09cf52b17445de04a23a10165049ae187cd39e5c86be5","LICENSE-MIT":"b3470648aff02beb36d7a53240fc9260ed80ed93bd43bace6b67d7ef7336ee33","README.md":"98b8d705baaeb9df4925fd4c5726637f99aaa5cd52183c18c05440647739c146","src/encoding.rs":"872ae940d329d523335d1e28379de898f25ccf98c3366a6773a6728a9e0e1992","src/error.rs":"8673e5193b0571ef7b1212f5e3d3005b2929d1186c38a7911a676db466929a20","src/hazmat.rs":"c662aeb812a9ce24d0e2c7dedeca7d9ae7002bd527cbd484557b04a41bab1817","src/keypair.rs":"9b2f6cda46e3fe8c29b571b912745f4dfb7c6a1186c56790f0e3fd080ab3bdf7","src/lib.rs":"0c00057818e179cc12090292aa7244ab1a60fe3151a1464acfc5dad5b9ea1fe8","src/prehash_signature.rs":"74b7641cfcf5692625adec58b550ac3a12125983e12076c4e811be7f28462a0c","src/signer.rs":"20a50c3c2fc0ef678e1ca87aca9c75527794bd66cf52583aa941b13b3f1ee1da","src/verifier.rs":"4eaeb33529879b3bbfc13442a5823905ca05f8f27316192360f9bbd416822976","tests/derive.rs":"ec2f5f0e33296a1b48f4804e5488d58b98b41d0570de5b7e6c5e809ca0ade3fc"},"package":"5e1788eed21689f9cf370582dfc467ef36ed9c707f073528ddafa8d83e3b8500"}
\ No newline at end of file diff --git a/vendor/signature/CHANGELOG.md b/vendor/signature/CHANGELOG.md index 86198d54c..4f999de55 100644 --- a/vendor/signature/CHANGELOG.md +++ b/vendor/signature/CHANGELOG.md @@ -4,6 +4,36 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## 2.1.0 (2023-04-01) +### Added +- `SignatureEncoding::encoded_len` ([#1283]) + +[#1283]: https://github.com/RustCrypto/traits/pull/1283 + +## 2.0.0 (2023-01-15) +### Added +- `SignatureEncoding` trait as a replacement for `Signature` trait and the + now removed `AsRef<[u8]>` bound on signatures ([#1141]) +- New `Keypair` trait which returns owned keys instead of borrowed ([#1141]) + +### Changed +- `derive-preview` has been renamed to `derive` and stabilized ([#1141]) +- `digest-preview` renamed to `digest`, still unstable ([#1210]) +- `hazmat-preview` feature stabilized and removed, always on ([#1141]) +- `rand-preview` renamed to `rand_core`, still unstable ([#1210]) +- `std` feature is no longer enabled by default ([#1141]) +- Old `Keypair` trait renamed to `KeypairRef` ([#1141]) +- Signature generic parameter removed from `Keypair`/`KeypairRef` ([#1141]) +- Use `&mut impl CryptoRngCore` RNG arguments ([#1147]) + +### Removed +- `Signature` trait - replaced by `SignatureEncoding` ([#1141]) +- `hazmat-preview` feature, now always on ([#1141]) + +[#1141]: https://github.com/RustCrypto/traits/pull/1141 +[#1147]: https://github.com/RustCrypto/traits/pull/1147 +[#1210]: https://github.com/RustCrypto/traits/pull/1141 + ## 1.6.4 (2022-10-06) ### Added - `RandomizedPrehashSigner` trait in `hazmat` module ([#1130]) diff --git a/vendor/signature/Cargo.toml b/vendor/signature/Cargo.toml index fa83ff6a1..2d2391580 100644 --- a/vendor/signature/Cargo.toml +++ b/vendor/signature/Cargo.toml @@ -13,7 +13,7 @@ edition = "2021" rust-version = "1.56" name = "signature" -version = "1.6.4" +version = "2.1.0" authors = ["RustCrypto Developers"] description = "Traits for cryptographic signature algorithms (e.g. ECDSA, Ed25519)" documentation = "https://docs.rs/signature" @@ -39,20 +39,21 @@ rustdoc-args = [ "docsrs", ] +[dependencies.derive] +version = "2" +optional = true +package = "signature_derive" + [dependencies.digest] -version = "0.10.3" +version = "0.10.6" optional = true default-features = false [dependencies.rand_core] -version = "0.6" +version = "0.6.4" optional = true default-features = false -[dependencies.signature_derive] -version = "=1.0.0-pre.7" -optional = true - [dev-dependencies.hex-literal] version = "0.3" @@ -61,12 +62,5 @@ version = "0.10" default-features = false [features] -default = ["std"] -derive-preview = [ - "digest-preview", - "signature_derive", -] -digest-preview = ["digest"] -hazmat-preview = [] -rand-preview = ["rand_core"] -std = [] +alloc = [] +std = ["alloc"] diff --git a/vendor/signature/LICENSE-MIT b/vendor/signature/LICENSE-MIT index 81a3d57ac..d8d87fe29 100644 --- a/vendor/signature/LICENSE-MIT +++ b/vendor/signature/LICENSE-MIT @@ -1,4 +1,4 @@ -Copyright (c) 2018-2022 RustCrypto Developers +Copyright (c) 2018-2023 RustCrypto Developers Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated diff --git a/vendor/signature/README.md b/vendor/signature/README.md index a1a6fa4ae..6f205d603 100644 --- a/vendor/signature/README.md +++ b/vendor/signature/README.md @@ -1,4 +1,4 @@ -# RustCrypto: Digital Signature Algorithms +# [RustCrypto]: Digital Signature Algorithms [![crate][crate-image]][crate-link] [![Docs][docs-image]][docs-link] @@ -8,14 +8,10 @@ [![Project Chat][chat-image]][chat-link] This crate contains traits which provide generic, object-safe APIs for -generating and verifying [digital signatures][1]. +generating and verifying [digital signatures]. -Used by the [`ecdsa`][2] and [`ed25519`][3] crates, with forthcoming support -in the [`rsa`][4] crate. - -See also the [Signatory][5] crate for trait wrappers for using these traits -with many popular Rust cryptography crates, including `ed25519-dalek`, *ring*, -`secp256k1-rs`, and `sodiumoxide`. +Used by the [`dsa`], [`ecdsa`], [`ed25519`], and [`rsa`] crates maintained by +the [RustCrypto] organization, as well as [`ed25519-dalek`]. [Documentation][docs-link] @@ -30,10 +26,11 @@ done with a minor version bump. - All on-by-default features of this library are covered by SemVer - MSRV is considered exempt from SemVer as noted above -- The off-by-default features `derive-preview` and `digest-preview` are - unstable "preview" features which are also considered exempt from SemVer. - Breaking changes to these features will, like MSRV, be done with a minor - version bump. +- The `derive` feature is stable and covered by SemVer +- The off-by-default features `digest` and `rand_core` are unstable features + which are also considered exempt from SemVer as they correspond to pre-1.0 + crates which are still subject to changes. Breaking changes to these features + will, like MSRV, be done with a minor version bump. ## License @@ -63,10 +60,12 @@ dual licensed as above, without any additional terms or conditions. [chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg [chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260048-signatures -[//]: # (general links) +[//]: # (links) -[1]: https://en.wikipedia.org/wiki/Digital_signature -[2]: https://github.com/RustCrypto/signatures/tree/master/ecdsa -[3]: https://github.com/RustCrypto/signatures/tree/master/ed25519 -[4]: https://github.com/RustCrypto/RSA -[5]: https://docs.rs/signatory +[RustCrypto]: https://github.com/RustCrypto/ +[digital signatures]: https://en.wikipedia.org/wiki/Digital_signature +[`dsa`]: https://github.com/RustCrypto/signatures/tree/master/dsa +[`ecdsa`]: https://github.com/RustCrypto/signatures/tree/master/ecdsa +[`ed25519`]: https://github.com/RustCrypto/signatures/tree/master/ed25519 +[`ed25519-dalek`]: https://github.com/dalek-cryptography/ed25519-dalek +[`rsa`]: https://github.com/RustCrypto/RSA diff --git a/vendor/signature/src/encoding.rs b/vendor/signature/src/encoding.rs new file mode 100644 index 000000000..8bc475b01 --- /dev/null +++ b/vendor/signature/src/encoding.rs @@ -0,0 +1,31 @@ +//! Encoding support. + +#[cfg(feature = "alloc")] +use alloc::vec::Vec; + +/// Support for decoding/encoding signatures as bytes. +pub trait SignatureEncoding: + Clone + Sized + for<'a> TryFrom<&'a [u8]> + TryInto<Self::Repr> +{ + /// Byte representation of a signature. + type Repr: 'static + AsRef<[u8]> + Clone + Send + Sync; + + /// Encode signature as its byte representation. + fn to_bytes(&self) -> Self::Repr { + self.clone() + .try_into() + .ok() + .expect("signature encoding error") + } + + /// Encode signature as a byte vector. + #[cfg(feature = "alloc")] + fn to_vec(&self) -> Vec<u8> { + self.to_bytes().as_ref().to_vec() + } + + /// Get the length of this signature when encoded. + fn encoded_len(&self) -> usize { + self.to_bytes().as_ref().len() + } +} diff --git a/vendor/signature/src/error.rs b/vendor/signature/src/error.rs index 06e22d527..1bfaf33bf 100644 --- a/vendor/signature/src/error.rs +++ b/vendor/signature/src/error.rs @@ -22,11 +22,8 @@ pub type Result<T> = core::result::Result<T, Error>; /// /// [BB'06]: https://en.wikipedia.org/wiki/Daniel_Bleichenbacher #[derive(Default)] +#[non_exhaustive] pub struct Error { - /// Prevent from being instantiated as `Error {}` when the `std` feature - /// is disabled - _private: (), - /// Source of the error (if applicable). #[cfg(feature = "std")] source: Option<Box<dyn std::error::Error + Send + Sync + 'static>>, @@ -45,12 +42,10 @@ impl Error { /// cases are for propagating errors related to external signers, e.g. /// communication/authentication errors with HSMs, KMS, etc. #[cfg(feature = "std")] - #[cfg_attr(docsrs, doc(cfg(feature = "std")))] pub fn from_source( source: impl Into<Box<dyn std::error::Error + Send + Sync + 'static>>, ) -> Self { Self { - _private: (), source: Some(source.into()), } } diff --git a/vendor/signature/src/hazmat.rs b/vendor/signature/src/hazmat.rs index 8119225c6..d2f3e9523 100644 --- a/vendor/signature/src/hazmat.rs +++ b/vendor/signature/src/hazmat.rs @@ -5,18 +5,14 @@ //! //! Using them incorrectly can introduce security vulnerabilities. Please //! carefully read the documentation before attempting to use them. -//! -//! To use them, enable the `hazmat-preview` crate feature. Note that this -//! feature is semi-unstable and not subject to regular 1.x SemVer guarantees. -//! However, any breaking changes will be accompanied with a minor version bump. -use crate::{Error, Signature}; +use crate::Error; -#[cfg(feature = "rand-preview")] -use crate::rand_core::{CryptoRng, RngCore}; +#[cfg(feature = "rand_core")] +use crate::rand_core::CryptoRngCore; /// Sign the provided message prehash, returning a digital signature. -pub trait PrehashSigner<S: Signature> { +pub trait PrehashSigner<S> { /// Attempt to sign the given message digest, returning a digital signature /// on success, or an error if something went wrong. /// @@ -33,9 +29,8 @@ pub trait PrehashSigner<S: Signature> { } /// Sign the provided message prehash using the provided external randomness source, returning a digital signature. -#[cfg(feature = "rand-preview")] -#[cfg_attr(docsrs, doc(cfg(feature = "rand-preview")))] -pub trait RandomizedPrehashSigner<S: Signature> { +#[cfg(feature = "rand_core")] +pub trait RandomizedPrehashSigner<S> { /// Attempt to sign the given message digest, returning a digital signature /// on success, or an error if something went wrong. /// @@ -50,13 +45,13 @@ pub trait RandomizedPrehashSigner<S: Signature> { /// implementation to decide. fn sign_prehash_with_rng( &self, - rng: impl CryptoRng + RngCore, + rng: &mut impl CryptoRngCore, prehash: &[u8], ) -> Result<S, Error>; } /// Verify the provided message prehash using `Self` (e.g. a public key) -pub trait PrehashVerifier<S: Signature> { +pub trait PrehashVerifier<S> { /// Use `Self` to verify that the provided signature for a given message /// `prehash` is authentic. /// diff --git a/vendor/signature/src/keypair.rs b/vendor/signature/src/keypair.rs index 6d9f947c6..d4795f2f9 100644 --- a/vendor/signature/src/keypair.rs +++ b/vendor/signature/src/keypair.rs @@ -1,17 +1,29 @@ //! Signing keypairs. -use crate::Signature; - /// Signing keypair with an associated verifying key. /// /// This represents a type which holds both a signing key and a verifying key. -pub trait Keypair<S: Signature>: AsRef<Self::VerifyingKey> { +pub trait Keypair { /// Verifying key type for this keypair. - type VerifyingKey; + type VerifyingKey: Clone; /// Get the verifying key which can verify signatures produced by the /// signing key portion of this keypair. - fn verifying_key(&self) -> &Self::VerifyingKey { - self.as_ref() + fn verifying_key(&self) -> Self::VerifyingKey; +} + +/// Signing keypair with an associated verifying key. +/// +/// This represents a type which holds both a signing key and a verifying key. +pub trait KeypairRef: AsRef<Self::VerifyingKey> { + /// Verifying key type for this keypair. + type VerifyingKey: Clone; +} + +impl<K: KeypairRef> Keypair for K { + type VerifyingKey = <Self as KeypairRef>::VerifyingKey; + + fn verifying_key(&self) -> Self::VerifyingKey { + self.as_ref().clone() } } diff --git a/vendor/signature/src/lib.rs b/vendor/signature/src/lib.rs index ab504c2ac..ba1feb494 100644 --- a/vendor/signature/src/lib.rs +++ b/vendor/signature/src/lib.rs @@ -4,9 +4,16 @@ html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg", html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg" )] -#![cfg_attr(docsrs, feature(doc_cfg))] +#![cfg_attr(docsrs, feature(doc_auto_cfg))] #![forbid(unsafe_code)] -#![warn(missing_docs, rust_2018_idioms, unused_qualifications)] +#![warn( + clippy::mod_module_files, + clippy::unwrap_used, + missing_docs, + rust_2018_idioms, + unused_lifetimes, + unused_qualifications +)] //! # Design //! @@ -43,24 +50,14 @@ //! ## Implementation //! //! To accomplish the above goals, the [`Signer`] and [`Verifier`] traits -//! provided by this are generic over a [`Signature`] return value, and use -//! generic parameters rather than associated types. Notably, they use such -//! a parameter for the return value, allowing it to be inferred by the type -//! checker based on the desired signature type. -//! -//! The [`Signature`] trait is bounded on `AsRef<[u8]>`, enforcing that -//! signature types are thin wrappers around a "bag-of-bytes" -//! serialization. Inspiration for this approach comes from the Ed25519 -//! signature system, which was based on the observation that past -//! systems were not prescriptive about how signatures should be represented -//! on-the-wire, and that lead to a proliferation of different wire formats -//! and confusion about which ones should be used. This crate aims to provide -//! similar simplicity by minimizing the number of steps involved to obtain -//! a serializable signature. +//! provided by this are generic over a signature value, and use generic +//! parameters rather than associated types. Notably, they use such a parameter +//! for the return value, allowing it to be inferred by the type checker based +//! on the desired signature type. //! //! ## Alternatives considered //! -//! This crate is based on over two years of exploration of how to encapsulate +//! This crate is based on many years of exploration of how to encapsulate //! digital signature systems in the most flexible, developer-friendly way. //! During that time many design alternatives were explored, tradeoffs //! compared, and ultimately the provided API was selected. @@ -73,10 +70,7 @@ //! - "Bag-of-bytes" serialization precludes signature providers from using //! their own internal representation of a signature, which can be helpful //! for many reasons (e.g. advanced signature system features like batch -//! verification). Alternatively each provider could define its own signature -//! type, using a marker trait to identify the particular signature algorithm, -//! have `From` impls for converting to/from `[u8; N]`, and a marker trait -//! for identifying a specific signature algorithm. +//! verification). //! - Associated types, rather than generic parameters of traits, could allow //! more customization of the types used by a particular signature system, //! e.g. using custom error types. @@ -108,8 +102,8 @@ //! //! ## Unstable features //! -//! Despite being post-1.0, this crate includes a number of off-by-default -//! unstable features named `*-preview`, each of which depends on a pre-1.0 +//! Despite being post-1.0, this crate includes off-by-default unstable +//! optional features, each of which depends on a pre-1.0 //! crate. //! //! These features are considered exempt from SemVer. See the @@ -117,21 +111,21 @@ //! //! The following unstable features are presently supported: //! -//! - `derive-preview`: for implementers of signature systems using -//! [`DigestSigner`] and [`DigestVerifier`], the `derive-preview` feature -//! can be used to derive [`Signer`] and [`Verifier`] traits which prehash -//! the input message using the [`PrehashSignature::Digest`] algorithm for -//! a given [`Signature`] type. When the `derive-preview` feature is enabled +//! - `derive`: for implementers of signature systems using [`DigestSigner`] +//! and [`DigestVerifier`], the `derive` feature can be used to +//! derive [`Signer`] and [`Verifier`] traits which prehash the input +//! message using the [`PrehashSignature::Digest`] algorithm for +//! a given signature type. When the `derive` feature is enabled //! import the proc macros with `use signature::{Signer, Verifier}` and then //! add a `derive(Signer)` or `derive(Verifier)` attribute to the given //! digest signer/verifier type. Enabling this feature also enables `digest` //! support (see immediately below). -//! - `digest-preview`: enables the [`DigestSigner`] and [`DigestVerifier`] +//! - `digest`: enables the [`DigestSigner`] and [`DigestVerifier`] //! traits which are based on the [`Digest`] trait from the [`digest`] crate. //! These traits are used for representing signature systems based on the //! [Fiat-Shamir heuristic] which compute a random challenge value to sign //! by computing a cryptographically secure digest of the input message. -//! - `rand-preview`: enables the [`RandomizedSigner`] trait for signature +//! - `rand_core`: enables the [`RandomizedSigner`] trait for signature //! systems which rely on a cryptographically secure random number generator //! for security. //! @@ -143,53 +137,32 @@ //! [`Digest`]: https://docs.rs/digest/latest/digest/trait.Digest.html //! [Fiat-Shamir heuristic]: https://en.wikipedia.org/wiki/Fiat%E2%80%93Shamir_heuristic +#[cfg(feature = "alloc")] +extern crate alloc; #[cfg(feature = "std")] extern crate std; -#[cfg(all(feature = "signature_derive", not(feature = "derive-preview")))] -compile_error!( - "The `signature_derive` feature should not be enabled directly. \ - Use the `derive-preview` feature instead." -); - -#[cfg(all(feature = "digest", not(feature = "digest-preview")))] -compile_error!( - "The `digest` feature should not be enabled directly. \ - Use the `digest-preview` feature instead." -); - -#[cfg(all(feature = "rand_core", not(feature = "rand-preview")))] -compile_error!( - "The `rand_core` feature should not be enabled directly. \ - Use the `rand-preview` feature instead." -); - -#[cfg(feature = "hazmat-preview")] -#[cfg_attr(docsrs, doc(cfg(feature = "hazmat-preview")))] pub mod hazmat; +mod encoding; mod error; mod keypair; -mod signature; mod signer; mod verifier; -#[cfg(feature = "derive-preview")] -#[cfg_attr(docsrs, doc(cfg(feature = "derive-preview")))] -pub use signature_derive::{Signer, Verifier}; +#[cfg(feature = "digest")] +mod prehash_signature; -#[cfg(all(feature = "derive-preview", feature = "digest-preview"))] -#[cfg_attr( - docsrs, - doc(cfg(all(feature = "derive-preview", feature = "digest-preview"))) -)] -pub use signature_derive::{DigestSigner, DigestVerifier}; +pub use crate::{encoding::*, error::*, keypair::*, signer::*, verifier::*}; -#[cfg(feature = "digest-preview")] -pub use digest; +#[cfg(feature = "derive")] +pub use derive::{Signer, Verifier}; -#[cfg(feature = "rand-preview")] -#[cfg_attr(docsrs, doc(cfg(feature = "rand-preview")))] -pub use rand_core; +#[cfg(all(feature = "derive", feature = "digest"))] +pub use derive::{DigestSigner, DigestVerifier}; -pub use crate::{error::*, keypair::*, signature::*, signer::*, verifier::*}; +#[cfg(feature = "digest")] +pub use {crate::prehash_signature::*, digest}; + +#[cfg(feature = "rand_core")] +pub use rand_core; diff --git a/vendor/signature/src/prehash_signature.rs b/vendor/signature/src/prehash_signature.rs new file mode 100644 index 000000000..d9a86456d --- /dev/null +++ b/vendor/signature/src/prehash_signature.rs @@ -0,0 +1,31 @@ +//! `PrehashSignature` trait. + +/// For intra-doc link resolution. +#[allow(unused_imports)] +use crate::{ + signer::{DigestSigner, Signer}, + verifier::{DigestVerifier, Verifier}, +}; + +/// Marker trait for `Signature` types computable as `𝐒(𝐇(𝒎))` +/// i.e. ones which prehash a message to be signed as `𝐇(𝒎)` +/// +/// Where: +/// +/// - `𝐒`: signature algorithm +/// - `𝐇`: hash (a.k.a. digest) function +/// - `𝒎`: message +/// +/// This approach is relatively common in signature schemes based on the +/// [Fiat-Shamir heuristic]. +/// +/// For signature types that implement this trait, when the `derive` crate +/// feature is enabled a custom derive for [`Signer`] is available for any +/// types that impl [`DigestSigner`], and likewise for deriving [`Verifier`] for +/// types which impl [`DigestVerifier`]. +/// +/// [Fiat-Shamir heuristic]: https://en.wikipedia.org/wiki/Fiat%E2%80%93Shamir_heuristic +pub trait PrehashSignature { + /// Preferred `Digest` algorithm to use when computing this signature type. + type Digest: digest::Digest; +} diff --git a/vendor/signature/src/signature.rs b/vendor/signature/src/signature.rs deleted file mode 100644 index 29aa0b845..000000000 --- a/vendor/signature/src/signature.rs +++ /dev/null @@ -1,68 +0,0 @@ -//! Signature traits - -use crate::error::Error; -use core::fmt::Debug; - -/// For intra-doc link resolution -#[cfg(feature = "digest-preview")] -#[allow(unused_imports)] -use crate::{ - signer::{DigestSigner, Signer}, - verifier::{DigestVerifier, Verifier}, -}; - -/// Trait impl'd by concrete types that represent digital signatures. -/// -/// Signature types *must* (as mandated by the `AsRef<[u8]>` bound) be a thin -/// wrapper around the "bag-of-bytes" serialized form of a signature which can -/// be directly parsed from or written to the "wire". -/// -/// Inspiration for this approach comes from the Ed25519 signature system, -/// which adopted it based on the observation that past signature systems -/// were not prescriptive about how signatures should be represented -/// on-the-wire, and that lead to a proliferation of different wire formats and -/// confusion about which ones should be used. -/// -/// The [`Signature`] trait aims to provide similar simplicity by minimizing -/// the number of steps involved to obtain a serializable signature and -/// ideally ensuring there is one signature type for any given signature system -/// shared by all "provider" crates. -/// -/// For signature systems which require a more advanced internal representation -/// (e.g. involving decoded scalars or decompressed elliptic curve points) it's -/// recommended that "provider" libraries maintain their own internal signature -/// type and use `From` bounds to provide automatic conversions. -pub trait Signature: AsRef<[u8]> + Debug + Sized { - /// Parse a signature from its byte representation - fn from_bytes(bytes: &[u8]) -> Result<Self, Error>; - - /// Borrow a byte slice representing the serialized form of this signature - fn as_bytes(&self) -> &[u8] { - self.as_ref() - } -} - -/// Marker trait for `Signature` types computable as `𝐒(𝐇(𝒎))` -/// i.e. ones which prehash a message to be signed as `𝐇(𝒎)` -/// -/// Where: -/// -/// - `𝐒`: signature algorithm -/// - `𝐇`: hash (a.k.a. digest) function -/// - `𝒎`: message -/// -/// This approach is relatively common in signature schemes based on the -/// [Fiat-Shamir heuristic]. -/// -/// For signature types that implement this trait, when the `derive-preview` -/// Cargo feature is enabled a custom derive for [`Signer`] is available for any -/// types that impl [`DigestSigner`], and likewise for deriving [`Verifier`] for -/// types which impl [`DigestVerifier`]. -/// -/// [Fiat-Shamir heuristic]: https://en.wikipedia.org/wiki/Fiat%E2%80%93Shamir_heuristic -#[cfg(feature = "digest-preview")] -#[cfg_attr(docsrs, doc(cfg(feature = "digest-preview")))] -pub trait PrehashSignature: Signature { - /// Preferred `Digest` algorithm to use when computing this signature type. - type Digest: digest::Digest; -} diff --git a/vendor/signature/src/signer.rs b/vendor/signature/src/signer.rs index c025711fe..b339ddf59 100644 --- a/vendor/signature/src/signer.rs +++ b/vendor/signature/src/signer.rs @@ -1,16 +1,16 @@ //! Traits for generating digital signatures -use crate::{error::Error, Signature}; +use crate::error::Error; -#[cfg(feature = "digest-preview")] +#[cfg(feature = "digest")] use crate::digest::Digest; -#[cfg(feature = "rand-preview")] -use crate::rand_core::{CryptoRng, RngCore}; +#[cfg(feature = "rand_core")] +use crate::rand_core::CryptoRngCore; /// Sign the provided message bytestring using `Self` (e.g. a cryptographic key /// or connection to an HSM), returning a digital signature. -pub trait Signer<S: Signature> { +pub trait Signer<S> { /// Sign the given message and return a digital signature fn sign(&self, msg: &[u8]) -> S { self.try_sign(msg).expect("signature operation failed") @@ -24,10 +24,11 @@ pub trait Signer<S: Signature> { fn try_sign(&self, msg: &[u8]) -> Result<S, Error>; } -/// Sign the provided message bytestring using `&mut Self` (e.g., an evolving -/// cryptographic key), returning a digital signature. -pub trait SignerMut<S: Signature> { - /// Sign the given message, update the state, and return a digital signature +/// Sign the provided message bytestring using `&mut Self` (e.g. an evolving +/// cryptographic key such as a stateful hash-based signature), returning a +/// digital signature. +pub trait SignerMut<S> { + /// Sign the given message, update the state, and return a digital signature. fn sign(&mut self, msg: &[u8]) -> S { self.try_sign(msg).expect("signature operation failed") } @@ -40,12 +41,8 @@ pub trait SignerMut<S: Signature> { fn try_sign(&mut self, msg: &[u8]) -> Result<S, Error>; } -// Blanket impl of SignerMut for all Signer types -impl<T, S> SignerMut<S> for T -where - T: Signer<S>, - S: Signature, -{ +/// Blanket impl of [`SignerMut`] for all [`Signer`] types. +impl<S, T: Signer<S>> SignerMut<S> for T { fn try_sign(&mut self, msg: &[u8]) -> Result<S, Error> { T::try_sign(self, msg) } @@ -70,13 +67,8 @@ where /// API accepts a [`Digest`] instance, rather than a raw digest value. /// /// [Fiat-Shamir heuristic]: https://en.wikipedia.org/wiki/Fiat%E2%80%93Shamir_heuristic -#[cfg(feature = "digest-preview")] -#[cfg_attr(docsrs, doc(cfg(feature = "digest-preview")))] -pub trait DigestSigner<D, S> -where - D: Digest, - S: Signature, -{ +#[cfg(feature = "digest")] +pub trait DigestSigner<D: Digest, S> { /// Sign the given prehashed message [`Digest`], returning a signature. /// /// Panics in the event of a signing error. @@ -91,11 +83,10 @@ where } /// Sign the given message using the provided external randomness source. -#[cfg(feature = "rand-preview")] -#[cfg_attr(docsrs, doc(cfg(feature = "rand-preview")))] -pub trait RandomizedSigner<S: Signature> { +#[cfg(feature = "rand_core")] +pub trait RandomizedSigner<S> { /// Sign the given message and return a digital signature - fn sign_with_rng(&self, rng: impl CryptoRng + RngCore, msg: &[u8]) -> S { + fn sign_with_rng(&self, rng: &mut impl CryptoRngCore, msg: &[u8]) -> S { self.try_sign_with_rng(rng, msg) .expect("signature operation failed") } @@ -105,32 +96,23 @@ pub trait RandomizedSigner<S: Signature> { /// /// The main intended use case for signing errors is when communicating /// with external signers, e.g. cloud KMS, HSMs, or other hardware tokens. - fn try_sign_with_rng(&self, rng: impl CryptoRng + RngCore, msg: &[u8]) -> Result<S, Error>; + fn try_sign_with_rng(&self, rng: &mut impl CryptoRngCore, msg: &[u8]) -> Result<S, Error>; } /// Combination of [`DigestSigner`] and [`RandomizedSigner`] with support for /// computing a signature over a digest which requires entropy from an RNG. -#[cfg(all(feature = "digest-preview", feature = "rand-preview"))] -#[cfg_attr(docsrs, doc(cfg(feature = "digest-preview")))] -#[cfg_attr(docsrs, doc(cfg(feature = "rand-preview")))] -pub trait RandomizedDigestSigner<D, S> -where - D: Digest, - S: Signature, -{ +#[cfg(all(feature = "digest", feature = "rand_core"))] +pub trait RandomizedDigestSigner<D: Digest, S> { /// Sign the given prehashed message `Digest`, returning a signature. /// /// Panics in the event of a signing error. - fn sign_digest_with_rng(&self, rng: impl CryptoRng + RngCore, digest: D) -> S { + fn sign_digest_with_rng(&self, rng: &mut impl CryptoRngCore, digest: D) -> S { self.try_sign_digest_with_rng(rng, digest) .expect("signature operation failed") } /// Attempt to sign the given prehashed message `Digest`, returning a /// digital signature on success, or an error if something went wrong. - fn try_sign_digest_with_rng( - &self, - rng: impl CryptoRng + RngCore, - digest: D, - ) -> Result<S, Error>; + fn try_sign_digest_with_rng(&self, rng: &mut impl CryptoRngCore, digest: D) + -> Result<S, Error>; } diff --git a/vendor/signature/src/verifier.rs b/vendor/signature/src/verifier.rs index 4d6efbc2b..65409a929 100644 --- a/vendor/signature/src/verifier.rs +++ b/vendor/signature/src/verifier.rs @@ -1,12 +1,12 @@ //! Trait for verifying digital signatures -use crate::{error::Error, Signature}; +use crate::error::Error; -#[cfg(feature = "digest-preview")] +#[cfg(feature = "digest")] use crate::digest::Digest; /// Verify the provided message bytestring using `Self` (e.g. a public key) -pub trait Verifier<S: Signature> { +pub trait Verifier<S> { /// Use `Self` to verify that the provided signature for a given message /// bytestring is authentic. /// @@ -34,13 +34,8 @@ pub trait Verifier<S: Signature> { /// API accepts a [`Digest`] instance, rather than a raw digest value. /// /// [Fiat-Shamir heuristic]: https://en.wikipedia.org/wiki/Fiat%E2%80%93Shamir_heuristic -#[cfg(feature = "digest-preview")] -#[cfg_attr(docsrs, doc(cfg(feature = "digest-preview")))] -pub trait DigestVerifier<D, S> -where - D: Digest, - S: Signature, -{ +#[cfg(feature = "digest")] +pub trait DigestVerifier<D: Digest, S> { /// Verify the signature against the given [`Digest`] output. fn verify_digest(&self, digest: D, signature: &S) -> Result<(), Error>; } diff --git a/vendor/signature/tests/derive.rs b/vendor/signature/tests/derive.rs index 5048dc682..70e2dc0fc 100644 --- a/vendor/signature/tests/derive.rs +++ b/vendor/signature/tests/derive.rs @@ -1,13 +1,13 @@ //! Tests for code generated by `signature_derive` -#![cfg(all(feature = "derive-preview", feature = "hazmat-preview"))] +#![cfg(feature = "derive")] use digest::{generic_array::GenericArray, Digest, OutputSizeUser}; use hex_literal::hex; use sha2::Sha256; use signature::{ hazmat::{PrehashSigner, PrehashVerifier}, - DigestSigner, DigestVerifier, Error, PrehashSignature, Signature, Signer, Verifier, + DigestSigner, DigestVerifier, Error, PrehashSignature, SignatureEncoding, Signer, Verifier, }; /// Test vector to compute SHA-256 digest of @@ -17,35 +17,43 @@ const INPUT_STRING: &[u8] = b"abc"; const INPUT_STRING_DIGEST: [u8; 32] = hex!("ba7816bf 8f01cfea 414140de 5dae2223 b00361a3 96177a9c b410ff61 f20015ad"); +type Repr = GenericArray<u8, <Sha256 as OutputSizeUser>::OutputSize>; + /// Dummy signature which just contains a digest output -#[derive(Debug)] -struct DummySignature(GenericArray<u8, <Sha256 as OutputSizeUser>::OutputSize>); +#[derive(Clone, Debug)] +struct DummySignature(Repr); + +impl PrehashSignature for DummySignature { + type Digest = Sha256; +} + +impl SignatureEncoding for DummySignature { + type Repr = Repr; +} + +impl TryFrom<&[u8]> for DummySignature { + type Error = Error; -impl Signature for DummySignature { - fn from_bytes(bytes: &[u8]) -> Result<Self, Error> { + fn try_from(bytes: &[u8]) -> Result<Self, Error> { Ok(DummySignature(GenericArray::clone_from_slice( bytes.as_ref(), ))) } } -impl AsRef<[u8]> for DummySignature { - fn as_ref(&self) -> &[u8] { - self.0.as_ref() +impl From<DummySignature> for Repr { + fn from(sig: DummySignature) -> Repr { + sig.0 } } -impl PrehashSignature for DummySignature { - type Digest = Sha256; -} - /// Dummy signer which just returns the message digest as a `DummySignature` #[derive(Signer, DigestSigner, Default)] struct DummySigner {} impl PrehashSigner<DummySignature> for DummySigner { fn sign_prehash(&self, prehash: &[u8]) -> signature::Result<DummySignature> { - DummySignature::from_bytes(prehash) + DummySignature::try_from(prehash) } } @@ -58,7 +66,7 @@ struct DummyVerifier {} impl PrehashVerifier<DummySignature> for DummyVerifier { fn verify_prehash(&self, prehash: &[u8], signature: &DummySignature) -> signature::Result<()> { - assert_eq!(signature.as_ref(), prehash); + assert_eq!(signature.to_bytes().as_slice(), prehash); Ok(()) } } @@ -66,7 +74,7 @@ impl PrehashVerifier<DummySignature> for DummyVerifier { #[test] fn derived_signer_impl() { let sig: DummySignature = DummySigner::default().sign(INPUT_STRING); - assert_eq!(sig.as_ref(), INPUT_STRING_DIGEST.as_ref()) + assert_eq!(sig.to_bytes().as_slice(), INPUT_STRING_DIGEST.as_ref()) } #[test] |