signature/signer.rs
1//! Traits for generating digital signatures
2
3use crate::{error::Error, Signature};
4
5#[cfg(feature = "digest-preview")]
6use crate::digest::Digest;
7
8#[cfg(feature = "rand-preview")]
9use crate::rand_core::{CryptoRng, RngCore};
10
11/// Sign the provided message bytestring using `Self` (e.g. a cryptographic key
12/// or connection to an HSM), returning a digital signature.
13pub trait Signer<S: Signature> {
14 /// Sign the given message and return a digital signature
15 fn sign(&self, msg: &[u8]) -> S {
16 self.try_sign(msg).expect("signature operation failed")
17 }
18
19 /// Attempt to sign the given message, returning a digital signature on
20 /// success, or an error if something went wrong.
21 ///
22 /// The main intended use case for signing errors is when communicating
23 /// with external signers, e.g. cloud KMS, HSMs, or other hardware tokens.
24 fn try_sign(&self, msg: &[u8]) -> Result<S, Error>;
25}
26
27/// Sign the provided message bytestring using `&mut Self` (e.g., an evolving
28/// cryptographic key), returning a digital signature.
29pub trait SignerMut<S: Signature> {
30 /// Sign the given message, update the state, and return a digital signature
31 fn sign(&mut self, msg: &[u8]) -> S {
32 self.try_sign(msg).expect("signature operation failed")
33 }
34
35 /// Attempt to sign the given message, updating the state, and returning a
36 /// digital signature on success, or an error if something went wrong.
37 ///
38 /// Signing can fail, e.g., if the number of time periods allowed by the
39 /// current key is exceeded.
40 fn try_sign(&mut self, msg: &[u8]) -> Result<S, Error>;
41}
42
43// Blanket impl of SignerMut for all Signer types
44impl<T, S> SignerMut<S> for T
45where
46 T: Signer<S>,
47 S: Signature,
48{
49 fn try_sign(&mut self, msg: &[u8]) -> Result<S, Error> {
50 T::try_sign(self, msg)
51 }
52}
53
54/// Sign the given prehashed message [`Digest`] using `Self`.
55///
56/// ## Notes
57///
58/// This trait is primarily intended for signature algorithms based on the
59/// [Fiat-Shamir heuristic], a method for converting an interactive
60/// challenge/response-based proof-of-knowledge protocol into an offline
61/// digital signature through the use of a random oracle, i.e. a digest
62/// function.
63///
64/// The security of such protocols critically rests upon the inability of
65/// an attacker to solve for the output of the random oracle, as generally
66/// otherwise such signature algorithms are a system of linear equations and
67/// therefore doing so would allow the attacker to trivially forge signatures.
68///
69/// To prevent misuse which would potentially allow this to be possible, this
70/// API accepts a [`Digest`] instance, rather than a raw digest value.
71///
72/// [Fiat-Shamir heuristic]: https://en.wikipedia.org/wiki/Fiat%E2%80%93Shamir_heuristic
73#[cfg(feature = "digest-preview")]
74#[cfg_attr(docsrs, doc(cfg(feature = "digest-preview")))]
75pub trait DigestSigner<D, S>
76where
77 D: Digest,
78 S: Signature,
79{
80 /// Sign the given prehashed message [`Digest`], returning a signature.
81 ///
82 /// Panics in the event of a signing error.
83 fn sign_digest(&self, digest: D) -> S {
84 self.try_sign_digest(digest)
85 .expect("signature operation failed")
86 }
87
88 /// Attempt to sign the given prehashed message [`Digest`], returning a
89 /// digital signature on success, or an error if something went wrong.
90 fn try_sign_digest(&self, digest: D) -> Result<S, Error>;
91}
92
93/// Sign the given message using the provided external randomness source.
94#[cfg(feature = "rand-preview")]
95#[cfg_attr(docsrs, doc(cfg(feature = "rand-preview")))]
96pub trait RandomizedSigner<S: Signature> {
97 /// Sign the given message and return a digital signature
98 fn sign_with_rng(&self, rng: impl CryptoRng + RngCore, msg: &[u8]) -> S {
99 self.try_sign_with_rng(rng, msg)
100 .expect("signature operation failed")
101 }
102
103 /// Attempt to sign the given message, returning a digital signature on
104 /// success, or an error if something went wrong.
105 ///
106 /// The main intended use case for signing errors is when communicating
107 /// with external signers, e.g. cloud KMS, HSMs, or other hardware tokens.
108 fn try_sign_with_rng(&self, rng: impl CryptoRng + RngCore, msg: &[u8]) -> Result<S, Error>;
109}
110
111/// Combination of [`DigestSigner`] and [`RandomizedSigner`] with support for
112/// computing a signature over a digest which requires entropy from an RNG.
113#[cfg(all(feature = "digest-preview", feature = "rand-preview"))]
114#[cfg_attr(docsrs, doc(cfg(feature = "digest-preview")))]
115#[cfg_attr(docsrs, doc(cfg(feature = "rand-preview")))]
116pub trait RandomizedDigestSigner<D, S>
117where
118 D: Digest,
119 S: Signature,
120{
121 /// Sign the given prehashed message `Digest`, returning a signature.
122 ///
123 /// Panics in the event of a signing error.
124 fn sign_digest_with_rng(&self, rng: impl CryptoRng + RngCore, digest: D) -> S {
125 self.try_sign_digest_with_rng(rng, digest)
126 .expect("signature operation failed")
127 }
128
129 /// Attempt to sign the given prehashed message `Digest`, returning a
130 /// digital signature on success, or an error if something went wrong.
131 fn try_sign_digest_with_rng(
132 &self,
133 rng: impl CryptoRng + RngCore,
134 digest: D,
135 ) -> Result<S, Error>;
136}