Split into separate method

daxpedda · daxpedda · commit 50e2d17b803b · 2025-06-01T13:02:15.000+02:00
diff --git a/signature/src/signer.rs b/signature/src/signer.rs
@@ -1,5 +1,7 @@
 //! Traits for generating digital signatures
 
+use core::iter;
+
 use crate::error::Error;
 
 #[cfg(feature = "digest")]
@@ -12,39 +14,61 @@ use crate::rand_core::{CryptoRng, TryCryptoRng};
 /// or connection to an HSM), returning a digital signature.
 pub trait Signer<S> {
     /// Sign the given message and return a digital signature
-    fn sign(&self, msg: &[&[u8]]) -> S {
+    fn sign(&self, msg: &[u8]) -> S {
         self.try_sign(msg).expect("signature operation failed")
     }
 
+    /// Equivalent of [`sign()`](Self::sign) but the message is passed in segments.
+    fn sign_segments<I: Iterator<Item: AsRef<[u8]>>>(&self, msg: I) -> S {
+        self.try_sign_segments(msg)
+            .expect("signature operation failed")
+    }
+
     /// Attempt to sign the given message, returning a digital signature on
     /// success, or an error if something went wrong.
     ///
     /// The main intended use case for signing errors is when communicating
     /// with external signers, e.g. cloud KMS, HSMs, or other hardware tokens.
-    fn try_sign(&self, msg: &[&[u8]]) -> Result<S, Error>;
+    fn try_sign(&self, msg: &[u8]) -> Result<S, Error> {
+        self.try_sign_segments(iter::once(msg))
+    }
+
+    /// Equivalent of [`try_sign()`](Self::try_sign) but the message is passed in segments.
+    fn try_sign_segments<I: Iterator<Item: AsRef<[u8]>>>(&self, msg: I) -> Result<S, Error>;
 }
 
 /// Sign the provided message bytestring using `&mut Self` (e.g. an evolving
 /// cryptographic key such as a stateful hash-based signature), returning a
 /// digital signature.
 pub trait SignerMut<S> {
     /// Sign the given message, update the state, and return a digital signature.
-    fn sign(&mut self, msg: &[&[u8]]) -> S {
+    fn sign(&mut self, msg: &[u8]) -> S {
         self.try_sign(msg).expect("signature operation failed")
     }
 
+    /// Equivalent of [`sign()`](Self::sign) but the message is passed in segments.
+    fn sign_segments<I: Iterator<Item: AsRef<[u8]>>>(&mut self, msg: I) -> S {
+        self.try_sign_segments(msg)
+            .expect("signature operation failed")
+    }
+
     /// Attempt to sign the given message, updating the state, and returning a
     /// digital signature on success, or an error if something went wrong.
     ///
     /// Signing can fail, e.g., if the number of time periods allowed by the
     /// current key is exceeded.
-    fn try_sign(&mut self, msg: &[&[u8]]) -> Result<S, Error>;
+    fn try_sign(&mut self, msg: &[u8]) -> Result<S, Error> {
+        self.try_sign_segments(iter::once(msg))
+    }
+
+    /// Equivalent of [`try_sign()`](Self::try_sign) but the message is passed in segments.
+    fn try_sign_segments<I: Iterator<Item: AsRef<[u8]>>>(&mut self, msg: I) -> Result<S, Error>;
 }
 
 /// Blanket impl of [`SignerMut`] for all [`Signer`] types.
 impl<S, T: Signer<S>> SignerMut<S> for T {
-    fn try_sign(&mut self, msg: &[&[u8]]) -> Result<S, Error> {
-        T::try_sign(self, msg)
+    fn try_sign_segments<I: Iterator<Item: AsRef<[u8]>>>(&mut self, msg: I) -> Result<S, Error> {
+        T::try_sign_segments(self, msg)
     }
 }
 
@@ -86,11 +110,21 @@ pub trait DigestSigner<D: Digest, S> {
 #[cfg(feature = "rand_core")]
 pub trait RandomizedSigner<S> {
     /// Sign the given message and return a digital signature
-    fn sign_with_rng<R: CryptoRng + ?Sized>(&self, rng: &mut R, msg: &[&[u8]]) -> S {
+    fn sign_with_rng<R: CryptoRng + ?Sized>(&self, rng: &mut R, msg: &[u8]) -> S {
         self.try_sign_with_rng(rng, msg)
             .expect("signature operation failed")
     }
 
+    /// Equivalent of [`sign_with_rng()`](Self::sign_with_rng) but the message is passed in segments.
+    fn sign_segments_with_rng<R, I>(&self, rng: &mut R, msg: I) -> S
+    where
+        R: CryptoRng + ?Sized,
+        I: Iterator<Item: AsRef<[u8]>>,
+    {
+        self.try_sign_segments_with_rng(rng, msg)
+            .expect("signature operation failed")
+    }
+
     /// Attempt to sign the given message, returning a digital signature on
     /// success, or an error if something went wrong.
     ///
@@ -99,8 +133,16 @@ pub trait RandomizedSigner<S> {
     fn try_sign_with_rng<R: TryCryptoRng + ?Sized>(
         &self,
         rng: &mut R,
-        msg: &[&[u8]],
-    ) -> Result<S, Error>;
+        msg: &[u8],
+    ) -> Result<S, Error> {
+        self.try_sign_segments_with_rng(rng, iter::once(msg))
+    }
+
+    /// Equivalent of [`try_sign_with_rng()`](Self::try_sign_with_rng) but the message is passed in segments.
+    fn try_sign_segments_with_rng<R, I>(&self, rng: &mut R, msg: I) -> Result<S, Error>
+    where
+        R: TryCryptoRng + ?Sized,
+        I: Iterator<Item: AsRef<[u8]>>;
 }
 
 /// Combination of [`DigestSigner`] and [`RandomizedSigner`] with support for
@@ -130,11 +172,21 @@ pub trait RandomizedDigestSigner<D: Digest, S> {
 #[cfg(feature = "rand_core")]
 pub trait RandomizedSignerMut<S> {
     /// Sign the given message, update the state, and return a digital signature.
-    fn sign_with_rng<R: CryptoRng + ?Sized>(&mut self, rng: &mut R, msg: &[&[u8]]) -> S {
+    fn sign_with_rng<R: CryptoRng + ?Sized>(&mut self, rng: &mut R, msg: &[u8]) -> S {
         self.try_sign_with_rng(rng, msg)
             .expect("signature operation failed")
     }
 
+    /// Equivalent of [`sign_with_rng()`](Self::sign_with_rng) but the message is passed in segments.
+    fn sign_segments_with_rng<R, I>(&self, rng: &mut R, msg: I) -> S
+    where
+        R: CryptoRng + ?Sized,
+        I: Iterator<Item: AsRef<[u8]>>,
+    {
+        self.try_sign_segments_with_rng(rng, msg)
+            .expect("signature operation failed")
+    }
+
     /// Attempt to sign the given message, updating the state, and returning a
     /// digital signature on success, or an error if something went wrong.
     ///
@@ -143,19 +195,27 @@ pub trait RandomizedSignerMut<S> {
     fn try_sign_with_rng<R: TryCryptoRng + ?Sized>(
         &mut self,
         rng: &mut R,
-        msg: &[&[u8]],
-    ) -> Result<S, Error>;
+        msg: &[u8],
+    ) -> Result<S, Error> {
+        self.try_sign_segments_with_rng(rng, iter::once(msg))
+    }
+
+    /// Equivalent of [`try_sign_with_rng()`](Self::try_sign_with_rng) but the message is passed in segments.
+    fn try_sign_segments_with_rng<R, I>(&self, rng: &mut R, msg: I) -> Result<S, Error>
+    where
+        R: TryCryptoRng + ?Sized,
+        I: Iterator<Item: AsRef<[u8]>>;
 }
 
 /// Blanket impl of [`RandomizedSignerMut`] for all [`RandomizedSigner`] types.
 #[cfg(feature = "rand_core")]
 impl<S, T: RandomizedSigner<S>> RandomizedSignerMut<S> for T {
-    fn try_sign_with_rng<R: TryCryptoRng + ?Sized>(
-        &mut self,
-        rng: &mut R,
-        msg: &[&[u8]],
-    ) -> Result<S, Error> {
-        T::try_sign_with_rng(self, rng, msg)
+    fn try_sign_segments_with_rng<R, I>(&self, rng: &mut R, msg: I) -> Result<S, Error>
+    where
+        R: TryCryptoRng + ?Sized,
+        I: Iterator<Item: AsRef<[u8]>>,
+    {
+        self.try_sign_segments_with_rng(rng, msg)
     }
 }
 
@@ -169,15 +229,24 @@ pub trait AsyncSigner<S> {
     ///
     /// The main intended use case for signing errors is when communicating
     /// with external signers, e.g. cloud KMS, HSMs, or other hardware tokens.
-    async fn sign_async(&self, msg: &[&[u8]]) -> Result<S, Error>;
+    async fn sign_async(&self, msg: &[u8]) -> Result<S, Error> {
+        self.sign_segments_async(iter::once(msg)).await
+    }
+
+    /// Equivalent of [`sign_async()`](Self::sign_async) but the message is passed in segments.
+    async fn sign_segments_async<I: Iterator<Item: AsRef<[u8]>>>(&self, msg: I)
+    -> Result<S, Error>;
 }
 
 impl<S, T> AsyncSigner<S> for T
 where
     T: Signer<S>,
 {
-    async fn sign_async(&self, msg: &[&[u8]]) -> Result<S, Error> {
-        self.try_sign(msg)
+    async fn sign_segments_async<I: Iterator<Item: AsRef<[u8]>>>(
+        &self,
+        msg: I,
+    ) -> Result<S, Error> {
+        self.try_sign_segments(msg)
     }
 }
 
@@ -198,12 +267,23 @@ where
 #[cfg(feature = "rand_core")]
 pub trait AsyncRandomizedSigner<S> {
     /// Sign the given message and return a digital signature
-    async fn sign_with_rng_async<R: CryptoRng + ?Sized>(&self, rng: &mut R, msg: &[&[u8]]) -> S {
+    async fn sign_with_rng_async<R: CryptoRng + ?Sized>(&self, rng: &mut R, msg: &[u8]) -> S {
         self.try_sign_with_rng_async(rng, msg)
             .await
             .expect("signature operation failed")
     }
 
+    /// Equivalent of [`sign_with_rng_async()`](Self::sign_with_rng_async) but the message is passed in segments.
+    async fn sign_segments_with_rng_async<R, I>(&self, rng: &mut R, msg: I) -> S
+    where
+        R: CryptoRng + ?Sized,
+        I: Iterator<Item: AsRef<[u8]>>,
+    {
+        self.try_sign_segments_with_rng_async(rng, msg)
+            .await
+            .expect("signature operation failed")
+    }
+
     /// Attempt to sign the given message, returning a digital signature on
     /// success, or an error if something went wrong.
     ///
@@ -212,20 +292,29 @@ pub trait AsyncRandomizedSigner<S> {
     async fn try_sign_with_rng_async<R: TryCryptoRng + ?Sized>(
         &self,
         rng: &mut R,
-        msg: &[&[u8]],
-    ) -> Result<S, Error>;
+        msg: &[u8],
+    ) -> Result<S, Error> {
+        self.try_sign_segments_with_rng_async(rng, iter::once(msg))
+            .await
+    }
+
+    /// Equivalent of [`try_sign_with_rng_async()`](Self::try_sign_with_rng_async) but the message is passed in segments.
+    async fn try_sign_segments_with_rng_async<R, I>(&self, rng: &mut R, msg: I) -> Result<S, Error>
+    where
+        R: TryCryptoRng + ?Sized,
+        I: Iterator<Item: AsRef<[u8]>>;
 }
 
 #[cfg(feature = "rand_core")]
 impl<S, T> AsyncRandomizedSigner<S> for T
 where
     T: RandomizedSigner<S>,
 {
-    async fn try_sign_with_rng_async<R: TryCryptoRng + ?Sized>(
-        &self,
-        rng: &mut R,
-        msg: &[&[u8]],
-    ) -> Result<S, Error> {
-        self.try_sign_with_rng(rng, msg)
+    async fn try_sign_segments_with_rng_async<R, I>(&self, rng: &mut R, msg: I) -> Result<S, Error>
+    where
+        R: TryCryptoRng + ?Sized,
+        I: Iterator<Item: AsRef<[u8]>>,
+    {
+        self.try_sign_segments_with_rng(rng, msg)
     }
 }
diff --git a/signature/src/verifier.rs b/signature/src/verifier.rs
@@ -1,5 +1,7 @@
 //! Trait for verifying digital signatures
 
+use core::iter;
+
 use crate::error::Error;
 
 #[cfg(feature = "digest")]
@@ -11,7 +13,16 @@ pub trait Verifier<S> {
     /// bytestring is authentic.
     ///
     /// Returns `Error` if it is inauthentic, or otherwise returns `()`.
-    fn verify(&self, msg: &[&[u8]], signature: &S) -> Result<(), Error>;
+    fn verify(&self, msg: &[u8], signature: &S) -> Result<(), Error> {
+        self.verify_segments(iter::once(msg), signature)
+    }
+
+    /// Equivalent of [`verify()`](Self::verify) but the message is passed in segments.
+    fn verify_segments<I: Iterator<Item: AsRef<[u8]>>>(
+        &self,
+        msg: I,
+        signature: &S,
+    ) -> Result<(), Error>;
 }
 
 /// Verify the provided signature for the given prehashed message [`Digest`]
