feat: switch to version 2.0 (pre) of the signature crate

Rework the crate to implement traits from the preview of the signature
crate. Use Vec<u8> as Self::Repr type.

Signed-off-by: Dmitry Baryshkov <[email protected]>

Author: lumag

Cargo.toml

@@ -23,7 +23,7 @@ subtle = { version = "2.1.1", default-features = false }
 digest = { version = "0.10.5", default-features = false, features = ["alloc", "oid"] }
 pkcs1 = { version = "0.4", default-features = false, features = ["pkcs8", "alloc"] }
 pkcs8 = { version = "0.9", default-features = false, features = ["alloc"] }
-signature = { version = "1.6.4", default-features = false , features = ["digest-preview", "rand-preview"] }
+signature = { version = "2.0.0-pre", default-features = false , features = ["digest-preview", "rand-preview"] }
 zeroize = { version = "1", features = ["alloc"] }
 
 # Temporary workaround until https://github.com/dignifiedquire/num-bigint/pull/42 lands
@@ -53,7 +53,7 @@ name = "key"
 
 [features]
 default = ["std", "pem"]
-hazmat = ["signature/hazmat-preview"]
+hazmat = []
 nightly = ["num-bigint/nightly"]
 serde = ["num-bigint/serde", "serde_crate"]
 expose-internals = []
@@ -68,3 +68,6 @@ rustdoc-args = ["--cfg", "docsrs"]
 
 [profile.dev]
 opt-level = 2
+
+[patch.crates-io]
+signature = { git = "https://github.com/RustCrypto/traits" }

src/lib.rs

@@ -52,7 +52,7 @@
 //! use rsa::RsaPrivateKey;
 //! use rsa::pkcs1v15::{SigningKey, VerifyingKey};
 //! use sha2::{Digest, Sha256};
-//! use signature::{RandomizedSigner, Signature, Verifier};
+//! use signature::{RandomizedSigner, SignatureEncoding, Verifier};
 //!
 //! let mut rng = rand::thread_rng();
 //!
@@ -64,7 +64,7 @@
 //! // Sign
 //! let data = b"hello world";
 //! let signature = signing_key.sign_with_rng(&mut rng, data);
-//! assert_ne!(signature.as_bytes(), data);
+//! assert_ne!(signature.to_bytes().as_ref(), data.as_slice());
 //!
 //! // Verify
 //! verifying_key.verify(data, &signature).expect("failed to verify");
@@ -75,7 +75,7 @@
 //! use rsa::RsaPrivateKey;
 //! use rsa::pss::{BlindedSigningKey, VerifyingKey};
 //! use sha2::{Digest, Sha256};
-//! use signature::{RandomizedSigner, Signature, Verifier};
+//! use signature::{RandomizedSigner, SignatureEncoding, Verifier};
 //!
 //! let mut rng = rand::thread_rng();
 //!
@@ -87,7 +87,7 @@
 //! // Sign
 //! let data = b"hello world";
 //! let signature = signing_key.sign_with_rng(&mut rng, data);
-//! assert_ne!(signature.as_bytes(), data);
+//! assert_ne!(signature.to_bytes().as_ref(), data);
 //!
 //! // Verify
 //! verifying_key.verify(data, &signature).expect("failed to verify");

src/pkcs1v15.rs

@@ -1,16 +1,15 @@
-use alloc::vec;
+use alloc::boxed::Box;
 use alloc::vec::Vec;
 use core::fmt::{Debug, Display, Formatter, LowerHex, UpperHex};
 use core::marker::PhantomData;
-use core::ops::Deref;
 use digest::Digest;
 use pkcs8::{AssociatedOid, Document, EncodePrivateKey, EncodePublicKey, SecretDocument};
 use rand_core::{CryptoRng, RngCore};
 #[cfg(feature = "hazmat")]
 use signature::hazmat::{PrehashSigner, PrehashVerifier};
 use signature::{
-    DigestSigner, DigestVerifier, RandomizedDigestSigner, RandomizedSigner,
-    Signature as SignSignature, Signer, Verifier,
+    DigestSigner, DigestVerifier, RandomizedDigestSigner, RandomizedSigner, SignatureEncoding,
+    Signer, Verifier,
 };
 use subtle::{Choice, ConditionallySelectable, ConstantTimeEq};
 use zeroize::Zeroizing;
@@ -20,60 +19,52 @@ use crate::errors::{Error, Result};
 use crate::key::{self, PrivateKey, PublicKey};
 use crate::{RsaPrivateKey, RsaPublicKey};
 
-#[derive(Clone)]
+#[derive(Clone, PartialEq, Eq)]
 pub struct Signature {
-    bytes: Vec<u8>,
+    bytes: Box<[u8]>,
 }
 
-impl signature::Signature for Signature {
-    fn from_bytes(bytes: &[u8]) -> signature::Result<Self> {
-        Ok(Signature {
-            bytes: bytes.into(),
-        })
-    }
-
-    fn as_bytes(&self) -> &[u8] {
-        self.bytes.as_slice()
-    }
+impl SignatureEncoding for Signature {
+    type Repr = Box<[u8]>;
 }
 
-impl From<Vec<u8>> for Signature {
-    fn from(bytes: Vec<u8>) -> Self {
+impl From<Box<[u8]>> for Signature {
+    fn from(bytes: Box<[u8]>) -> Self {
         Self { bytes }
     }
 }
 
-impl Deref for Signature {
-    type Target = [u8];
+impl<'a> TryFrom<&'a [u8]> for Signature {
+    type Error = signature::Error;
 
-    fn deref(&self) -> &Self::Target {
-        self.as_bytes()
+    fn try_from(bytes: &'a [u8]) -> signature::Result<Self> {
+        Ok(Self {
+            bytes: bytes.into(),
+        })
     }
 }
 
-impl PartialEq for Signature {
-    fn eq(&self, other: &Self) -> bool {
-        self.as_bytes() == other.as_bytes()
+impl From<Signature> for Box<[u8]> {
+    fn from(signature: Signature) -> Box<[u8]> {
+        signature.bytes
     }
 }
 
-impl Eq for Signature {}
-
-impl Debug for Signature {
-    fn fmt(&self, fmt: &mut Formatter<'_>) -> core::result::Result<(), core::fmt::Error> {
-        fmt.debug_list().entries(self.as_bytes().iter()).finish()
+impl AsRef<[u8]> for Signature {
+    fn as_ref(&self) -> &[u8] {
+        self.bytes.as_ref()
     }
 }
 
-impl AsRef<[u8]> for Signature {
-    fn as_ref(&self) -> &[u8] {
-        self.as_bytes()
+impl Debug for Signature {
+    fn fmt(&self, fmt: &mut Formatter<'_>) -> core::result::Result<(), core::fmt::Error> {
+        fmt.debug_list().entries(self.bytes.iter()).finish()
     }
 }
 
 impl LowerHex for Signature {
     fn fmt(&self, f: &mut Formatter<'_>) -> core::fmt::Result {
-        for byte in self.as_bytes() {
+        for byte in self.bytes.iter() {
             write!(f, "{:02x}", byte)?;
         }
         Ok(())
@@ -82,7 +73,7 @@ impl LowerHex for Signature {
 
 impl UpperHex for Signature {
     fn fmt(&self, f: &mut Formatter<'_>) -> core::fmt::Result {
-        for byte in self.as_bytes() {
+        for byte in self.bytes.iter() {
             write!(f, "{:02X}", byte)?;
         }
         Ok(())
@@ -391,7 +382,7 @@ where
 {
     fn try_sign(&self, msg: &[u8]) -> signature::Result<Signature> {
         sign::<DummyRng, _>(None, &self.inner, &self.prefix, &D::digest(msg))
-            .map(|v| v.into())
+            .map(|v| v.into_boxed_slice().into())
             .map_err(|e| e.into())
     }
 }
@@ -406,7 +397,7 @@ where
         msg: &[u8],
     ) -> signature::Result<Signature> {
         sign(Some(&mut rng), &self.inner, &self.prefix, &D::digest(msg))
-            .map(|v| v.into())
+            .map(|v| v.into_boxed_slice().into())
             .map_err(|e| e.into())
     }
 }
@@ -417,7 +408,7 @@ where
 {
     fn try_sign_digest(&self, digest: D) -> signature::Result<Signature> {
         sign::<DummyRng, _>(None, &self.inner, &self.prefix, &digest.finalize())
-            .map(|v| v.into())
+            .map(|v| v.into_boxed_slice().into())
             .map_err(|e| e.into())
     }
 }
@@ -437,7 +428,7 @@ where
             &self.prefix,
             &digest.finalize(),
         )
-        .map(|v| v.into())
+        .map(|v| v.into_boxed_slice().into())
         .map_err(|e| e.into())
     }
 }
@@ -449,7 +440,7 @@ where
 {
     fn sign_prehash(&self, prehash: &[u8]) -> signature::Result<Signature> {
         sign::<DummyRng, _>(None, &self.inner, &self.prefix, prehash)
-            .map(|v| v.into())
+            .map(|v| v.into_boxed_slice().into())
             .map_err(|e| e.into())
     }
 }
@@ -604,7 +595,7 @@ mod tests {
     use sha1::{Digest, Sha1};
     use sha2::Sha256;
     use sha3::Sha3_256;
-    use signature::{RandomizedSigner, Signature, Signer, Verifier};
+    use signature::{RandomizedSigner, Signer, Verifier};
 
     use crate::{PaddingScheme, PublicKey, PublicKeyParts, RsaPrivateKey, RsaPublicKey};
 
@@ -898,8 +889,10 @@ mod tests {
         let verifying_key = VerifyingKey::<Sha1>::new_with_prefix(pub_key);
 
         for (text, sig, expected) in &tests {
-            let result =
-                verifying_key.verify(text.as_bytes(), &Signature::from_bytes(sig).unwrap());
+            let result = verifying_key.verify(
+                text.as_bytes(),
+                &Signature::try_from(sig.as_slice()).unwrap(),
+            );
             match expected {
                 true => result.expect("failed to verify"),
                 false => {
@@ -937,7 +930,8 @@ mod tests {
         for (text, sig, expected) in &tests {
             let mut digest = Sha1::new();
             digest.update(text.as_bytes());
-            let result = verifying_key.verify_digest(digest, &Signature::from_bytes(sig).unwrap());
+            let result =
+                verifying_key.verify_digest(digest, &Signature::try_from(sig.as_slice()).unwrap());
             match expected {
                 true => result.expect("failed to verify"),
                 false => {
@@ -976,7 +970,7 @@ mod tests {
 
         let verifying_key: VerifyingKey<_> = (&signing_key).into();
         verifying_key
-            .verify_prehash(msg, &Signature::from_bytes(&expected_sig).unwrap())
+            .verify_prehash(msg, &Signature::from_bytes(&expected_sig.into_boxed_slice()).unwrap())
             .expect("failed to verify");
     }
 }