From 1f7efa65649d524eb5ed1ea86401db876f67c048 Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Sun, 24 Mar 2019 12:56:22 -0700 Subject: [PATCH 1/3] sign.rs: Initial Sign trait Trait for producing digital signatures --- signature-crate/src/lib.rs | 3 ++- signature-crate/src/sign.rs | 10 ++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 signature-crate/src/sign.rs diff --git a/signature-crate/src/lib.rs b/signature-crate/src/lib.rs index 85ccc2bd..34a94a86 100644 --- a/signature-crate/src/lib.rs +++ b/signature-crate/src/lib.rs @@ -20,6 +20,7 @@ extern crate std; mod error; mod prelude; +mod sign; mod signature; -pub use crate::{error::Error, signature::Signature}; +pub use crate::{error::Error, sign::Sign, signature::Signature}; diff --git a/signature-crate/src/sign.rs b/signature-crate/src/sign.rs new file mode 100644 index 00000000..445856cf --- /dev/null +++ b/signature-crate/src/sign.rs @@ -0,0 +1,10 @@ +//! Trait for producing digital signatures + +use crate::{error::Error, Signature}; + +/// Sign the provided bytestring message using `Self` (e.g. a cryptographic key +/// or connection to an HSM), returning a digital signature. +pub trait Sign: Send + Sync { + /// Sign the given message and return a digital signature + fn sign(&self, msg: &[u8]) -> Result; +} From 9fd884ce3753d722ee20a9ccdf4be834fd966588 Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Sun, 24 Mar 2019 13:00:14 -0700 Subject: [PATCH 2/3] verify.rs: Initial Verify trait --- signature-crate/src/sign.rs | 2 +- signature-crate/src/verify.rs | 12 ++++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 signature-crate/src/verify.rs diff --git a/signature-crate/src/sign.rs b/signature-crate/src/sign.rs index 445856cf..098528fa 100644 --- a/signature-crate/src/sign.rs +++ b/signature-crate/src/sign.rs @@ -1,4 +1,4 @@ -//! Trait for producing digital signatures +//! Trait for generating digital signatures of message bytestrings use crate::{error::Error, Signature}; diff --git a/signature-crate/src/verify.rs b/signature-crate/src/verify.rs new file mode 100644 index 00000000..0993a943 --- /dev/null +++ b/signature-crate/src/verify.rs @@ -0,0 +1,12 @@ +//! Trait for verifying digital signatures of message bytestrings + +use crate::{error::Error, Signature}; + +/// Verify the provided message bytestring using `Self` (e.g. a public key) +pub trait Verify: Send + Sync { + /// Use `Self` to verify that the provided signature for a given message + /// bytestring is authentic. + /// + /// Returns `Error` if it is inauthentic, or otherwise returns `()`. + fn verify(&self, msg: &[u8], signature: &S) -> Result<(), Error>; +} From c438c2c0388462c8e15eee9830a7a79684bf0d5a Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Sun, 24 Mar 2019 13:13:42 -0700 Subject: [PATCH 3/3] SignDigest and VerifyDigest traits Support for signing and verifying prehashed message `Digest`s, for use with signature algorithms that support Initialize-Update-Finalize usage. --- signature-crate/Cargo.toml | 3 ++- signature-crate/src/lib.rs | 8 ++++++-- signature-crate/src/sign/digest.rs | 18 ++++++++++++++++++ signature-crate/src/{sign.rs => sign/mod.rs} | 9 +++++++-- signature-crate/src/verify/digest.rs | 19 +++++++++++++++++++ .../src/{verify.rs => verify/mod.rs} | 7 ++++++- 6 files changed, 58 insertions(+), 6 deletions(-) create mode 100644 signature-crate/src/sign/digest.rs rename signature-crate/src/{sign.rs => sign/mod.rs} (55%) create mode 100644 signature-crate/src/verify/digest.rs rename signature-crate/src/{verify.rs => verify/mod.rs} (73%) diff --git a/signature-crate/Cargo.toml b/signature-crate/Cargo.toml index 773be118..f52a60af 100644 --- a/signature-crate/Cargo.toml +++ b/signature-crate/Cargo.toml @@ -12,8 +12,9 @@ keywords = ["crypto", "ecdsa", "ed25519", "signature", "signing"] categories = ["cryptography", "no-std"] [dependencies] +digest = { version = "0.8", optional = true, default-features = false } [features] -default = ["std"] +default = ["digest", "std"] alloc = [] std = ["alloc"] diff --git a/signature-crate/src/lib.rs b/signature-crate/src/lib.rs index 34a94a86..14d15ddf 100644 --- a/signature-crate/src/lib.rs +++ b/signature-crate/src/lib.rs @@ -14,13 +14,17 @@ unused_qualifications )] +#[cfg(feature = "digest")] +pub extern crate digest; + #[cfg(any(feature = "std", test))] #[macro_use] extern crate std; mod error; mod prelude; -mod sign; +pub mod sign; mod signature; +pub mod verify; -pub use crate::{error::Error, sign::Sign, signature::Signature}; +pub use crate::{error::Error, sign::Sign, signature::Signature, verify::Verify}; diff --git a/signature-crate/src/sign/digest.rs b/signature-crate/src/sign/digest.rs new file mode 100644 index 00000000..e4f21c2b --- /dev/null +++ b/signature-crate/src/sign/digest.rs @@ -0,0 +1,18 @@ +//! Support for signing messages which have been prehashed messages using +//! the `Digest` trait. +//! +//! For use signature algorithms that support an Initialize-Update-Finalize +//! (IUF) API, such as ECDSA or Ed25519ph. + +use crate::{error::Error, Signature}; +use digest::Digest; + +/// Sign the given prehashed message `Digest` using `Self`. +pub trait SignDigest: Send + Sync +where + D: Digest, + S: Signature, +{ + /// Sign the given prehashed message `Digest`, returning a signature. + fn sign(&self, digest: D) -> Result; +} diff --git a/signature-crate/src/sign.rs b/signature-crate/src/sign/mod.rs similarity index 55% rename from signature-crate/src/sign.rs rename to signature-crate/src/sign/mod.rs index 098528fa..1acc7c84 100644 --- a/signature-crate/src/sign.rs +++ b/signature-crate/src/sign/mod.rs @@ -1,8 +1,13 @@ -//! Trait for generating digital signatures of message bytestrings +//! Traits for generating digital signatures +#[cfg(feature = "digest")] +pub(crate) mod digest; + +#[cfg(feature = "digest")] +pub use self::digest::SignDigest; use crate::{error::Error, Signature}; -/// Sign the provided bytestring message using `Self` (e.g. a cryptographic key +/// Sign the provided message bytestring using `Self` (e.g. a cryptographic key /// or connection to an HSM), returning a digital signature. pub trait Sign: Send + Sync { /// Sign the given message and return a digital signature diff --git a/signature-crate/src/verify/digest.rs b/signature-crate/src/verify/digest.rs new file mode 100644 index 00000000..c577e700 --- /dev/null +++ b/signature-crate/src/verify/digest.rs @@ -0,0 +1,19 @@ +//! Support for verifying messages which have been prehashed messages using +//! the `Digest` trait. +//! +//! For use signature algorithms that support an Initialize-Update-Finalize +//! (IUF) API, such as ECDSA or Ed25519ph. + +use crate::{error::Error, Signature}; +use digest::Digest; + +/// Verify the provided signature for the given prehashed message `Digest` +/// is authentic. +pub trait VerifyDigest: Send + Sync +where + D: Digest, + S: Signature, +{ + /// Verify the signature against the given `Digest` + fn verify(&self, digest: D, signature: &S) -> Result<(), Error>; +} diff --git a/signature-crate/src/verify.rs b/signature-crate/src/verify/mod.rs similarity index 73% rename from signature-crate/src/verify.rs rename to signature-crate/src/verify/mod.rs index 0993a943..d8c4b0e2 100644 --- a/signature-crate/src/verify.rs +++ b/signature-crate/src/verify/mod.rs @@ -1,5 +1,10 @@ -//! Trait for verifying digital signatures of message bytestrings +//! Trait for verifying digital signatures +#[cfg(feature = "digest")] +pub(crate) mod digest; + +#[cfg(feature = "digest")] +pub use self::digest::VerifyDigest; use crate::{error::Error, Signature}; /// Verify the provided message bytestring using `Self` (e.g. a public key)