rustls_rustcrypto/
sign.rs

1#[cfg(feature = "alloc")]
2use alloc::{sync::Arc, vec::Vec};
3use core::marker::PhantomData;
4
5use self::ecdsa::{EcdsaSigningKeyP256, EcdsaSigningKeyP384};
6use self::eddsa::Ed25519SigningKey;
7use self::rsa::RsaSigningKey;
8
9use pki_types::PrivateKeyDer;
10use rustls::sign::{Signer, SigningKey};
11use rustls::{Error, SignatureScheme};
12use signature::{RandomizedSigner, SignatureEncoding};
13
14#[derive(Debug)]
15pub struct GenericRandomizedSigner<S, T>
16where
17    S: SignatureEncoding,
18    T: RandomizedSigner<S>,
19{
20    _marker: PhantomData<S>,
21    key: Arc<T>,
22    scheme: SignatureScheme,
23}
24
25impl<T, S> Signer for GenericRandomizedSigner<S, T>
26where
27    S: SignatureEncoding + Send + Sync + core::fmt::Debug,
28    T: RandomizedSigner<S> + Send + Sync + core::fmt::Debug,
29{
30    fn sign(&self, message: &[u8]) -> Result<Vec<u8>, Error> {
31        self.key
32            .try_sign_with_rng(&mut rand_core::OsRng, message)
33            .map_err(|_| rustls::Error::General("signing failed".into()))
34            .map(|sig: S| sig.to_vec())
35    }
36
37    fn scheme(&self) -> SignatureScheme {
38        self.scheme
39    }
40}
41
42#[derive(Debug)]
43pub struct GenericSigner<S, T>
44where
45    S: SignatureEncoding,
46    T: signature::Signer<S>,
47{
48    _marker: PhantomData<S>,
49    key: Arc<T>,
50    scheme: SignatureScheme,
51}
52
53impl<S, T> Signer for GenericSigner<S, T>
54where
55    S: SignatureEncoding + Send + Sync + core::fmt::Debug,
56    T: signature::Signer<S> + Send + Sync + core::fmt::Debug,
57{
58    fn sign(&self, message: &[u8]) -> Result<Vec<u8>, Error> {
59        self.key
60            .try_sign(message)
61            .map_err(|_| rustls::Error::General("signing failed".into()))
62            .map(|sig: S| sig.to_vec())
63    }
64
65    fn scheme(&self) -> SignatureScheme {
66        self.scheme
67    }
68}
69
70/// Extract any supported key from the given DER input.
71///
72/// # Errors
73///
74/// Returns an error if the key couldn't be decoded.
75pub fn any_supported_type(der: &PrivateKeyDer<'_>) -> Result<Arc<dyn SigningKey>, rustls::Error> {
76    RsaSigningKey::try_from(der)
77        .map(|x| Arc::new(x) as _)
78        .or_else(|_| any_ecdsa_type(der))
79        .or_else(|_| any_eddsa_type(der))
80}
81
82/// Extract any supported ECDSA key from the given DER input.
83///
84/// # Errors
85///
86/// Returns an error if the key couldn't be decoded.
87pub fn any_ecdsa_type(der: &PrivateKeyDer<'_>) -> Result<Arc<dyn SigningKey>, rustls::Error> {
88    let p256 = |_| EcdsaSigningKeyP256::try_from(der).map(|x| Arc::new(x) as _);
89    let p384 = |_| EcdsaSigningKeyP384::try_from(der).map(|x| Arc::new(x) as _);
90    p256(()).or_else(p384)
91}
92
93/// Extract any supported EDDSA key from the given DER input.
94///
95/// # Errors
96///
97/// Returns an error if the key couldn't be decoded.
98pub fn any_eddsa_type(der: &PrivateKeyDer<'_>) -> Result<Arc<dyn SigningKey>, rustls::Error> {
99    // TODO: Add support for Ed448
100    Ed25519SigningKey::try_from(der).map(|x| Arc::new(x) as _)
101}
102
103pub mod ecdsa;
104pub mod eddsa;
105pub mod rsa;