pub trait PHSignature<PK: SignaturePublicKey, SK: SignaturePrivateKey, const PH_LEN: usize>: Signature<PK, SK> {
// Required methods
fn sign_ph(
sk: &SK,
ph: &[u8; PH_LEN],
ctx: Option<&[u8]>,
) -> Result<Vec<u8>, SignatureError>;
fn sign_ph_out(
sk: &SK,
ph: &[u8; PH_LEN],
ctx: Option<&[u8]>,
output: &mut [u8],
) -> Result<usize, SignatureError>;
fn verify_ph(
pk: &PK,
ph: &[u8; PH_LEN],
ctx: Option<&[u8]>,
sig: &[u8],
) -> Result<(), SignatureError>;
}Expand description
Pre-Hashed Signature is an extension to Signature that adds functionality specific to signature primatives that can operate on a pre-hashed message instead of the full message.
Required Methods§
Sourcefn sign_ph(
sk: &SK,
ph: &[u8; PH_LEN],
ctx: Option<&[u8]>,
) -> Result<Vec<u8>, SignatureError>
fn sign_ph( sk: &SK, ph: &[u8; PH_LEN], ctx: Option<&[u8]>, ) -> Result<Vec<u8>, SignatureError>
Produce a signature for the provided pre-hashed message and context.
ctx accepts a zero-length byte array.
A note about the ctx context parameter:
This is a newer addition to cryptographic signature primitives. It allows for binding the
signature to some external property of the application so that a signature will fail to validate
if removed from its intended context.
This is particularly useful at preventing content confusion attacks between data formats that
have very similar data structures, for example S/MIME emails, signed PDFs, and signed executables
that all use the Cryptographic Message Syntax (CMS) data format, or multiple data objects that
all use the JWS data format.
To be properly effective, the ctx value must not be under the control of the attacker, which generally
means that it needs to be a value that is never transmitted over the wire, but rather is something
known to the application by context.
For example, “email” vs “pdf” would be a good choice since the application should know what it is
attempting to sign or verify.
The ctx param can also be used to bind the signed content to a transaction ID or a username,
but care should be taken to ensure that an attacker attempting a
content confusion attack not also cause the signed / verifier to use an incorrect transaction ID or username.
Not all signature primitives will support a context value, so you may need to consult the documentation for the underlying primitive for how it handles a ctx in that case, for example, it might throw an error, ignore the provided ctx value, or append the ctx to the msg in a non-standard way.
Sourcefn sign_ph_out(
sk: &SK,
ph: &[u8; PH_LEN],
ctx: Option<&[u8]>,
output: &mut [u8],
) -> Result<usize, SignatureError>
fn sign_ph_out( sk: &SK, ph: &[u8; PH_LEN], ctx: Option<&[u8]>, output: &mut [u8], ) -> Result<usize, SignatureError>
Returns the number of bytes written to the output buffer. Can be called with an oversized buffer.
Sourcefn verify_ph(
pk: &PK,
ph: &[u8; PH_LEN],
ctx: Option<&[u8]>,
sig: &[u8],
) -> Result<(), SignatureError>
fn verify_ph( pk: &PK, ph: &[u8; PH_LEN], ctx: Option<&[u8]>, sig: &[u8], ) -> Result<(), SignatureError>
On success, returns Ok(()) On failure, returns Err(SignatureError::SignatureVerificationFailed); may also return other types of SignatureError as appropriate (such as for invalid-length inputs).
Dyn Compatibility§
This trait is not dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.