From 52026474e774a745a2f0f84312098d7120d4d5a8 Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Thu, 14 Dec 2023 10:24:54 -0800 Subject: [PATCH 1/3] async-signature: move to `AFIT` `AFIT` is expected in the upcoming rust-1.75 release (scheduled for 2023/12/28). `#[allow(async_fn_in_trait)]` is required until a solution to RPITIT is merged in rust. This put responsability on the implementor of `async_signature::AsyncSigner` to make sure their future is `Send`able. see https://github.com/rust-lang/rust/pull/115822#issuecomment-1731149475 for more context. --- async-signature/Cargo.toml | 2 +- async-signature/src/lib.rs | 7 ++----- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/async-signature/Cargo.toml b/async-signature/Cargo.toml index 753f62944..d5bc4511c 100644 --- a/async-signature/Cargo.toml +++ b/async-signature/Cargo.toml @@ -10,7 +10,7 @@ readme = "README.md" keywords = ["crypto", "ecdsa", "ed25519", "signature", "signing"] categories = ["cryptography", "no-std"] edition = "2021" -rust-version = "1.60" +rust-version = "1.75" [dependencies] async-trait = "0.1.9" diff --git a/async-signature/src/lib.rs b/async-signature/src/lib.rs index 8c59952ca..6b88d34d7 100644 --- a/async-signature/src/lib.rs +++ b/async-signature/src/lib.rs @@ -17,13 +17,12 @@ pub use signature::{self, Error}; #[cfg(feature = "digest")] pub use signature::digest::{self, Digest}; -use async_trait::async_trait; /// Asynchronously sign the provided message bytestring using `Self` /// (e.g. client for a Cloud KMS or HSM), returning a digital signature. /// /// This trait is an async equivalent of the [`signature::Signer`] trait. -#[async_trait(?Send)] +#[allow(async_fn_in_trait)] pub trait AsyncSigner { /// Attempt to sign the given message, returning a digital signature on /// success, or an error if something went wrong. @@ -33,7 +32,6 @@ pub trait AsyncSigner { async fn sign_async(&self, msg: &[u8]) -> Result; } -#[async_trait(?Send)] impl AsyncSigner for T where S: 'static, @@ -48,7 +46,7 @@ where /// /// This trait is an async equivalent of the [`signature::DigestSigner`] trait. #[cfg(feature = "digest")] -#[async_trait(?Send)] +#[allow(async_fn_in_trait)] pub trait AsyncDigestSigner where D: Digest + 'static, @@ -60,7 +58,6 @@ where } #[cfg(feature = "digest")] -#[async_trait(?Send)] impl AsyncDigestSigner for T where D: Digest + 'static, From eb3e80b8611cefcfaf55aaec11428eed31c619ef Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Thu, 14 Dec 2023 10:30:12 -0800 Subject: [PATCH 2/3] async-signature: introduce an `AsyncRandomizedSigner` trait --- async-signature/Cargo.toml | 1 + async-signature/src/lib.rs | 40 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+) diff --git a/async-signature/Cargo.toml b/async-signature/Cargo.toml index d5bc4511c..7028483ce 100644 --- a/async-signature/Cargo.toml +++ b/async-signature/Cargo.toml @@ -18,6 +18,7 @@ signature = ">= 2.0, <2.3" [features] digest = ["signature/digest"] +rand_core = ["signature/rand_core"] [package.metadata.docs.rs] all-features = true diff --git a/async-signature/src/lib.rs b/async-signature/src/lib.rs index 6b88d34d7..1dcd2b199 100644 --- a/async-signature/src/lib.rs +++ b/async-signature/src/lib.rs @@ -17,6 +17,8 @@ pub use signature::{self, Error}; #[cfg(feature = "digest")] pub use signature::digest::{self, Digest}; +#[cfg(feature = "rand_core")] +use signature::rand_core::CryptoRngCore; /// Asynchronously sign the provided message bytestring using `Self` /// (e.g. client for a Cloud KMS or HSM), returning a digital signature. @@ -68,3 +70,41 @@ where self.try_sign_digest(digest) } } + +/// Sign the given message using the provided external randomness source. +#[cfg(feature = "rand_core")] +#[allow(async_fn_in_trait)] +pub trait AsyncRandomizedSigner { + /// Sign the given message and return a digital signature + async fn sign_with_rng_async(&self, rng: &mut impl CryptoRngCore, msg: &[u8]) -> S { + self.try_sign_with_rng_async(rng, msg) + .await + .expect("signature operation failed") + } + + /// Attempt to sign the given message, returning a digital signature on + /// success, or an error if something went wrong. + /// + /// The main intended use case for signing errors is when communicating + /// with external signers, e.g. cloud KMS, HSMs, or other hardware tokens. + async fn try_sign_with_rng_async( + &self, + rng: &mut impl CryptoRngCore, + msg: &[u8], + ) -> Result; +} + +#[cfg(feature = "rand_core")] +impl AsyncRandomizedSigner for T +where + S: 'static, + T: signature::RandomizedSigner, +{ + async fn try_sign_with_rng_async( + &self, + rng: &mut impl CryptoRngCore, + msg: &[u8], + ) -> Result { + self.try_sign_with_rng(rng, msg) + } +} From cbc3e6c67bd12a895f0163b936d9224525f4e7d5 Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Thu, 14 Dec 2023 11:03:08 -0800 Subject: [PATCH 3/3] WIP: async-signature: bring rustc beta for AFIT support --- .github/workflows/async-signature.yml | 3 +-- .github/workflows/workspace.yml | 4 ++-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/async-signature.yml b/.github/workflows/async-signature.yml index 41aba9707..60bfab329 100644 --- a/.github/workflows/async-signature.yml +++ b/.github/workflows/async-signature.yml @@ -23,8 +23,7 @@ jobs: strategy: matrix: rust: - - 1.60.0 # MSRV - - stable + - beta steps: - uses: actions/checkout@v4 - uses: RustCrypto/actions/cargo-cache@master diff --git a/.github/workflows/workspace.yml b/.github/workflows/workspace.yml index 30a0da8f8..67667fb50 100644 --- a/.github/workflows/workspace.yml +++ b/.github/workflows/workspace.yml @@ -26,7 +26,7 @@ jobs: - uses: RustCrypto/actions/cargo-cache@master - uses: dtolnay/rust-toolchain@master with: - toolchain: 1.73.0 + toolchain: beta components: clippy - run: cargo clippy --all --all-features --tests -- -D warnings @@ -36,6 +36,6 @@ jobs: - uses: actions/checkout@v4 - uses: dtolnay/rust-toolchain@master with: - toolchain: stable + toolchain: beta components: rustfmt - run: cargo fmt --all -- --check