pub trait Signature<PK: SignaturePublicKey, SK: SignaturePrivateKey>: Sized {
// Required methods
fn keygen() -> Result<(PK, SK), SignatureError>;
fn sign(
sk: &SK,
msg: &[u8],
ctx: Option<&[u8]>,
) -> Result<Vec<u8>, SignatureError>;
fn sign_out(
sk: &SK,
msg: &[u8],
ctx: Option<&[u8]>,
output: &mut [u8],
) -> Result<usize, SignatureError>;
fn sign_init(sk: &SK, ctx: Option<&[u8]>) -> Result<Self, SignatureError>;
fn sign_update(&mut self, msg_chunk: &[u8]);
fn sign_final(self) -> Result<Vec<u8>, SignatureError>;
fn sign_final_out(self, output: &mut [u8]) -> Result<usize, SignatureError>;
fn verify(
pk: &PK,
msg: &[u8],
ctx: Option<&[u8]>,
sig: &[u8],
) -> Result<(), SignatureError>;
fn verify_init(pk: &PK, ctx: Option<&[u8]>) -> Result<Self, SignatureError>;
fn verify_update(&mut self, msg_chunk: &[u8]);
fn verify_final(self, sig: &[u8]) -> Result<(), SignatureError>;
}Expand description
A digital signature algorithm is defined as a set of three operations: key generation, signing, and verification.
To avoid the use of dyn, this trait does not include key generation; you’ll have to consult the documentation for the underlying signature primitive for how to generate a key pair.
This high-level trait defines the operations over a generic signature algorithm that is assumed to source all its randomness from bouncycastle’s default os-backed RNG. The underlying signature primitives will expose APIs that allow for specifying a specific RNG or deterministic seed values.
Required Methods§
Sourcefn keygen() -> Result<(PK, SK), SignatureError>
fn keygen() -> Result<(PK, SK), SignatureError>
Generate a keypair. Error condition: Basically only on RNG failures
Sourcefn sign(
sk: &SK,
msg: &[u8],
ctx: Option<&[u8]>,
) -> Result<Vec<u8>, SignatureError>
fn sign( sk: &SK, msg: &[u8], ctx: Option<&[u8]>, ) -> Result<Vec<u8>, SignatureError>
Produce a signature for the provided message and context.
Both the msg and ctx accept zero-length byte arrays.
A note about the ctx context parameter:
This is a newer addition to cryptographic signature primitives. It allows for binding the
signature to some external property of the application so that a signature will fail to validate
if removed from its intended context.
This is particularly useful at preventing content confusion attacks between data formats that
have very similar data structures, for example S/MIME emails, signed PDFs, and signed executables
that all use the Cryptographic Message Syntax (CMS) data format, or multiple data objects that
all use the JWS data format.
To be properly effective, the ctx value must not be under the control of the attacker, which generally
means that it needs to be a value that is never transmitted over the wire, but rather is something
known to the application by context.
For example, “email” vs “pdf” would be a good choice since the application should know what it is
attempting to sign or verify.
The ctx param can also be used to bind the signed content to a transaction ID or a username,
but care should be taken to ensure that an attacker attempting a
content confusion attack not also cause the signed / verifier to use an incorrect transaction ID or username.
Not all signature primitives will support a context value, so you may need to consult the documentation for the underlying primitive for how it handles a ctx in that case, for example, it might throw an error, ignore the provided ctx value, or append the ctx to the msg in a non-standard way.
Sourcefn sign_out(
sk: &SK,
msg: &[u8],
ctx: Option<&[u8]>,
output: &mut [u8],
) -> Result<usize, SignatureError>
fn sign_out( sk: &SK, msg: &[u8], ctx: Option<&[u8]>, output: &mut [u8], ) -> Result<usize, SignatureError>
Returns the number of bytes written to the output buffer. Can be called with an oversized buffer.
Sourcefn sign_init(sk: &SK, ctx: Option<&[u8]>) -> Result<Self, SignatureError>
fn sign_init(sk: &SK, ctx: Option<&[u8]>) -> Result<Self, SignatureError>
Initialize a signer for streaming mode with the provided private key.
fn sign_update(&mut self, msg_chunk: &[u8])
Sourcefn sign_final(self) -> Result<Vec<u8>, SignatureError>
fn sign_final(self) -> Result<Vec<u8>, SignatureError>
Complete the signing operation. Consumes self.
Sourcefn sign_final_out(self, output: &mut [u8]) -> Result<usize, SignatureError>
fn sign_final_out(self, output: &mut [u8]) -> Result<usize, SignatureError>
Returns the number of bytes written to the output buffer. Can be called with an oversized buffer.
Sourcefn verify(
pk: &PK,
msg: &[u8],
ctx: Option<&[u8]>,
sig: &[u8],
) -> Result<(), SignatureError>
fn verify( pk: &PK, msg: &[u8], ctx: Option<&[u8]>, sig: &[u8], ) -> Result<(), SignatureError>
On success, returns Ok(()) On failure, returns Err(SignatureError::SignatureVerificationFailed); may also return other types of SignatureError as appropriate (such as for invalid-length inputs).
fn verify_init(pk: &PK, ctx: Option<&[u8]>) -> Result<Self, SignatureError>
fn verify_update(&mut self, msg_chunk: &[u8])
Sourcefn verify_final(self, sig: &[u8]) -> Result<(), SignatureError>
fn verify_final(self, sig: &[u8]) -> Result<(), SignatureError>
On success, returns Ok(()) On failure, returns Err(SignatureError::SignatureVerificationFailed); may also return other types of SignatureError as appropriate (such as for invalid-length inputs).
Dyn Compatibility§
This trait is not dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.