Implement PrehashSigner on yubikey::Signer. (#656)

Co-authored-by: roblabla <robin@harfanglab.fr>
This commit is contained in:
Robin Lambertz
2026-05-11 20:37:15 +02:00
committed by GitHub
parent ca2615eef8
commit ba51f6ad16
+31
View File
@@ -309,6 +309,10 @@ pub mod yubikey_signer {
/// Prepare buffer before submitting it for signature /// Prepare buffer before submitting it for signature
fn prepare(input: &[u8]) -> SigResult<Vec<u8>>; fn prepare(input: &[u8]) -> SigResult<Vec<u8>>;
/// Prepare a prehashed message before submitting it for signature
fn prepare_prehash(hashed: &[u8]) -> SigResult<Vec<u8>>;
/// Read back the signature from the device /// Read back the signature from the device
fn read_signature(input: &[u8]) -> SigResult<Self::Signature>; fn read_signature(input: &[u8]) -> SigResult<Self::Signature>;
} }
@@ -340,6 +344,10 @@ pub mod yubikey_signer {
Ok(Sha256::digest(input).to_vec()) Ok(Sha256::digest(input).to_vec())
} }
fn prepare_prehash(hashed: &[u8]) -> SigResult<Vec<u8>> {
Ok(hashed.to_vec())
}
fn read_signature(input: &[u8]) -> SigResult<Self::Signature> { fn read_signature(input: &[u8]) -> SigResult<Self::Signature> {
Self::Signature::from_bytes(input) Self::Signature::from_bytes(input)
} }
@@ -356,6 +364,10 @@ pub mod yubikey_signer {
Ok(Sha384::digest(input).to_vec()) Ok(Sha384::digest(input).to_vec())
} }
fn prepare_prehash(hashed: &[u8]) -> SigResult<Vec<u8>> {
Ok(hashed.to_vec())
}
fn read_signature(input: &[u8]) -> SigResult<Self::Signature> { fn read_signature(input: &[u8]) -> SigResult<Self::Signature> {
Self::Signature::from_bytes(input) Self::Signature::from_bytes(input)
} }
@@ -415,7 +427,10 @@ pub mod yubikey_signer {
fn prepare(input: &[u8]) -> SigResult<Vec<u8>> { fn prepare(input: &[u8]) -> SigResult<Vec<u8>> {
let hashed = Sha256::digest(input).to_vec(); let hashed = Sha256::digest(input).to_vec();
Self::prepare_prehash(&hashed)
}
fn prepare_prehash(hashed: &[u8]) -> SigResult<Vec<u8>> {
OctetString::new(hashed) OctetString::new(hashed)
.map_err(|e| e.into()) .map_err(|e| e.into())
.and_then(Self::emsa_pkcs1_1_5) .and_then(Self::emsa_pkcs1_1_5)
@@ -515,4 +530,20 @@ pub mod yubikey_signer {
Ok(out) Ok(out)
} }
} }
impl<KT: KeyType> signature::hazmat::PrehashSigner<KT::Signature> for Signer<'_, KT> {
fn sign_prehash(&self, hashed: &[u8]) -> SigResult<KT::Signature> {
let data = KT::prepare_prehash(hashed)?;
let out = sign_data(
&mut self.yubikey.borrow_mut(),
&data,
KT::ALGORITHM,
self.key,
)
.map_err(signature::Error::from_source)?;
let out = KT::read_signature(&out)?;
Ok(out)
}
}
} }