From 9224b6b9088d062452fa5b7dec0d63fa97d1cb6d Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Fri, 29 Dec 2023 11:02:15 -0700 Subject: [PATCH] async-signature: move to AFIT; MSRV 1.75 (#1428) `AFIT` was stabilized in Rust 1.75. `#[allow(async_fn_in_trait)]` is required until a solution to RPITIT is merged in rust. This put responsability on the implementor of `async_signature::AsyncSigner` to make sure their future is `Send`able. see https://github.com/rust-lang/rust/pull/115822#issuecomment-1731149475 for more context. Also introduces an `AsyncRandomizedSigner` trait. Co-authored-by: Arthur Gautier --- .github/workflows/async-signature.yml | 2 +- Cargo.lock | 12 ------- async-signature/Cargo.toml | 4 +-- async-signature/README.md | 4 +-- async-signature/src/lib.rs | 47 ++++++++++++++++++++++++--- 5 files changed, 47 insertions(+), 22 deletions(-) diff --git a/.github/workflows/async-signature.yml b/.github/workflows/async-signature.yml index 41aba970..589fc27f 100644 --- a/.github/workflows/async-signature.yml +++ b/.github/workflows/async-signature.yml @@ -23,7 +23,7 @@ jobs: strategy: matrix: rust: - - 1.60.0 # MSRV + - 1.75.0 # MSRV - stable steps: - uses: actions/checkout@v4 diff --git a/Cargo.lock b/Cargo.lock index 4456a4a2..e573a449 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -58,21 +58,9 @@ checksum = "96d30a06541fbafbc7f82ed10c06164cfbd2c401138f6addd8404629c4b16711" name = "async-signature" version = "0.4.0" dependencies = [ - "async-trait", "signature 2.2.0 (registry+https://github.com/rust-lang/crates.io-index)", ] -[[package]] -name = "async-trait" -version = "0.1.75" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fdf6721fb0140e4f897002dd086c06f6c27775df19cfe1fccb21181a48fd2c98" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - [[package]] name = "base16ct" version = "0.1.1" diff --git a/async-signature/Cargo.toml b/async-signature/Cargo.toml index 753f6294..14fc45eb 100644 --- a/async-signature/Cargo.toml +++ b/async-signature/Cargo.toml @@ -10,14 +10,14 @@ readme = "README.md" keywords = ["crypto", "ecdsa", "ed25519", "signature", "signing"] categories = ["cryptography", "no-std"] edition = "2021" -rust-version = "1.60" +rust-version = "1.75" [dependencies] -async-trait = "0.1.9" signature = ">= 2.0, <2.3" [features] digest = ["signature/digest"] +rand_core = ["signature/rand_core"] [package.metadata.docs.rs] all-features = true diff --git a/async-signature/README.md b/async-signature/README.md index 55b6e64c..1a5b5be9 100644 --- a/async-signature/README.md +++ b/async-signature/README.md @@ -9,7 +9,7 @@ ## Minimum Supported Rust Version -Rust **1.60** or higher. +Rust **1.75** or higher. Minimum supported Rust version can be changed in the future, but it will be done with a minor version bump. @@ -36,7 +36,7 @@ dual licensed as above, without any additional terms or conditions. [docs-image]: https://docs.rs/async-signature/badge.svg [docs-link]: https://docs.rs/async-signature/ [license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg -[rustc-image]: https://img.shields.io/badge/rustc-1.60+-blue.svg +[rustc-image]: https://img.shields.io/badge/rustc-1.75+-blue.svg [chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg [chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260048-signatures [build-image]: https://github.com/RustCrypto/traits/workflows/async-signature/badge.svg?branch=master&event=push diff --git a/async-signature/src/lib.rs b/async-signature/src/lib.rs index 8c59952c..1dcd2b19 100644 --- a/async-signature/src/lib.rs +++ b/async-signature/src/lib.rs @@ -17,13 +17,14 @@ pub use signature::{self, Error}; #[cfg(feature = "digest")] pub use signature::digest::{self, Digest}; -use async_trait::async_trait; +#[cfg(feature = "rand_core")] +use signature::rand_core::CryptoRngCore; /// Asynchronously sign the provided message bytestring using `Self` /// (e.g. client for a Cloud KMS or HSM), returning a digital signature. /// /// This trait is an async equivalent of the [`signature::Signer`] trait. -#[async_trait(?Send)] +#[allow(async_fn_in_trait)] pub trait AsyncSigner { /// Attempt to sign the given message, returning a digital signature on /// success, or an error if something went wrong. @@ -33,7 +34,6 @@ pub trait AsyncSigner { async fn sign_async(&self, msg: &[u8]) -> Result; } -#[async_trait(?Send)] impl AsyncSigner for T where S: 'static, @@ -48,7 +48,7 @@ where /// /// This trait is an async equivalent of the [`signature::DigestSigner`] trait. #[cfg(feature = "digest")] -#[async_trait(?Send)] +#[allow(async_fn_in_trait)] pub trait AsyncDigestSigner where D: Digest + 'static, @@ -60,7 +60,6 @@ where } #[cfg(feature = "digest")] -#[async_trait(?Send)] impl AsyncDigestSigner for T where D: Digest + 'static, @@ -71,3 +70,41 @@ where self.try_sign_digest(digest) } } + +/// Sign the given message using the provided external randomness source. +#[cfg(feature = "rand_core")] +#[allow(async_fn_in_trait)] +pub trait AsyncRandomizedSigner { + /// Sign the given message and return a digital signature + async fn sign_with_rng_async(&self, rng: &mut impl CryptoRngCore, msg: &[u8]) -> S { + self.try_sign_with_rng_async(rng, msg) + .await + .expect("signature operation failed") + } + + /// Attempt to sign the given message, returning a digital signature on + /// success, or an error if something went wrong. + /// + /// The main intended use case for signing errors is when communicating + /// with external signers, e.g. cloud KMS, HSMs, or other hardware tokens. + async fn try_sign_with_rng_async( + &self, + rng: &mut impl CryptoRngCore, + msg: &[u8], + ) -> Result; +} + +#[cfg(feature = "rand_core")] +impl AsyncRandomizedSigner for T +where + S: 'static, + T: signature::RandomizedSigner, +{ + async fn try_sign_with_rng_async( + &self, + rng: &mut impl CryptoRngCore, + msg: &[u8], + ) -> Result { + self.try_sign_with_rng(rng, msg) + } +}