diff --git a/src/client.rs b/src/client.rs index 852dc42b..a9000ff4 100644 --- a/src/client.rs +++ b/src/client.rs @@ -35,6 +35,7 @@ use crate::{ uuid, wrap::{self, commands::*}, }; +use digest::Output; use sha2::Sha256; use std::{ sync::{Arc, Mutex}, @@ -1030,6 +1031,22 @@ impl Client { .into()) } + /// Compute an RSASSA-PKCS#1v1.5 signature of the SHA-256 hash of the given prehash. + /// + /// + pub(crate) fn sign_rsa_pkcs1v15_prehash( + &self, + key_id: object::Id, + prehash: Output, + ) -> Result { + Ok(self + .send_command(SignPkcs1Command { + key_id, + digest: prehash.to_vec(), + })? + .into()) + } + /// Compute an RSASSA-PKCS#1v1.5 signature of the SHA-256 hash of the given data. /// /// diff --git a/src/rsa/pkcs1/signer.rs b/src/rsa/pkcs1/signer.rs index f7114451..7bdd27b3 100644 --- a/src/rsa/pkcs1/signer.rs +++ b/src/rsa/pkcs1/signer.rs @@ -1,4 +1,5 @@ use crate::{object, rsa::SignatureAlgorithm, Client}; +use digest::Output; use rsa::{ pkcs1v15::{RsaSignatureAssociatedOid, Signature, VerifyingKey}, RsaPublicKey, @@ -85,3 +86,29 @@ where const SIGNATURE_ALGORITHM_IDENTIFIER: AlgorithmIdentifier = as SignatureAlgorithmIdentifier>::SIGNATURE_ALGORITHM_IDENTIFIER; } + +impl signature::hazmat::PrehashSigner for Signer +where + S: SignatureAlgorithm, +{ + fn sign_prehash(&self, prehash: &[u8]) -> Result { + let buf = Output::::try_from(prehash).map_err(|_| Error::new())?; + + self.client + .sign_rsa_pkcs1v15_prehash::(self.signing_key_id, buf)? + .as_slice() + .try_into() + } +} + +impl signature::DigestSigner for Signer +where + S: SignatureAlgorithm, +{ + fn try_sign_digest(&self, digest: S) -> Result { + self.client + .sign_rsa_pkcs1v15_prehash::(self.signing_key_id, digest.finalize())? + .as_slice() + .try_into() + } +}