Remove failed attempt at a generic public key signing API.

src/ec/suite_b/ecdsa/signing.rs

@@ -57,15 +57,6 @@ impl Eq for Algorithm {}
 
 impl sealed::Sealed for Algorithm {}
 
-#[cfg(feature = "use_heap")]
-impl signature::SigningAlgorithm for Algorithm {
-    fn from_pkcs8(
-        &'static self, input: untrusted::Input,
-    ) -> Result<signature::KeyPair, error::KeyRejected> {
-        Key::from_pkcs8(self, input).map(signature::KeyPair::new)
-    }
-}
-
 /// An ECDSA key pair, used for signing.
 pub struct Key {
     d: Scalar<R>,
@@ -138,7 +129,8 @@ impl Key {
         Self { d, alg }
     }
 
-    /// Deprecated.
+    /// Returns the signature of the message `msg` using a random nonce
+    /// generated by `rng`.
     pub fn sign(
         &self, msg: untrusted::Input, rng: &rand::SecureRandom,
     ) -> Result<signature::Signature, error::Unspecified> {
@@ -225,16 +217,6 @@ impl Key {
     }
 }
 
-#[cfg(feature = "use_heap")]
-impl signature::KeyPairImpl for Key {
-    /// Returns the signature of the message `msg`.
-    fn sign(
-        &self, rng: &rand::SecureRandom, msg: untrusted::Input,
-    ) -> Result<signature::Signature, error::Unspecified> {
-        Key::sign(self, msg, rng)
-    }
-}
-
 fn format_rs_fixed<'a>(
     ops: &'static ScalarOps, r: &Scalar, s: &Scalar, out: &'a mut [u8],
 ) -> usize {

src/signature.rs

@@ -266,9 +266,6 @@ use crate::{cpu, ec, error, sealed};
 use core;
 use untrusted;
 
-#[cfg(feature = "use_heap")]
-use crate::rand;
-
 #[cfg(feature = "use_heap")]
 use std;
 
@@ -325,29 +322,6 @@ pub mod primitive {
     pub use crate::rsa::verification::verify_rsa;
 }
 
-/// A key pair for signing.
-#[derive(Debug)]
-#[cfg(feature = "use_heap")]
-pub struct KeyPair {
-    inner: Box<KeyPairImpl + Send + Sync>,
-}
-
-#[cfg(feature = "use_heap")]
-impl KeyPair {
-    pub(crate) fn new<I: KeyPairImpl + Sync>(inner: I) -> Self {
-        Self {
-            inner: std::boxed::Box::new(inner),
-        }
-    }
-}
-
-#[cfg(feature = "use_heap")]
-pub(crate) trait KeyPairImpl: core::fmt::Debug + Send + 'static {
-    fn sign(
-        &self, rng: &rand::SecureRandom, msg: untrusted::Input,
-    ) -> Result<Signature, error::Unspecified>;
-}
-
 /// A public key signature returned from a signing operation.
 #[derive(Clone, Copy)]
 pub struct Signature {
@@ -381,35 +355,6 @@ impl AsRef<[u8]> for Signature {
 pub(crate) const MAX_LEN: usize = 1/*tag:SEQUENCE*/ + 2/*len*/ +
     (2 * (1/*tag:INTEGER*/ + 1/*len*/ + 1/*zero*/ + ec::SCALAR_MAX_BYTES));
 
-/// An algorithm for signing.
-#[cfg(feature = "use_heap")]
-pub trait SigningAlgorithm: core::fmt::Debug + Sync + 'static + sealed::Sealed {
-    /// Parses the key out of the given PKCS#8 document, verifying that it is
-    /// valid for the algorithm.
-    fn from_pkcs8(&'static self, input: untrusted::Input) -> Result<KeyPair, error::KeyRejected>;
-}
-
-/// Returns a key for signing that is parsed from a PKCS#8 document.
-///
-/// The key is checked to ensure it is valid for the given algorithm.
-#[cfg(feature = "use_heap")]
-#[inline]
-pub fn key_pair_from_pkcs8(
-    alg: &'static SigningAlgorithm, input: untrusted::Input,
-) -> Result<KeyPair, error::KeyRejected> {
-    alg.from_pkcs8(input)
-}
-
-/// Returns a signature of the given data using the given key. The signing may
-/// or may not use `rng`, depending on the `key_pair's algorithm.
-#[cfg(feature = "use_heap")]
-#[inline]
-pub fn sign(
-    key_pair: &KeyPair, rng: &rand::SecureRandom, msg: untrusted::Input,
-) -> Result<Signature, error::Unspecified> {
-    key_pair.inner.sign(rng, msg)
-}
-
 /// A signature verification algorithm.
 pub trait VerificationAlgorithm: core::fmt::Debug + Sync + sealed::Sealed {
     /// Verify the signature `signature` of message `msg` with the public key

tests/ecdsa_tests.rs

@@ -74,7 +74,7 @@ fn ecdsa_from_pkcs8_test() {
         let error = test_case.consume_optional_string("Error");
 
         match (
-            signature::key_pair_from_pkcs8(this_fixed, input),
+            signature::ECDSAKeyPair::from_pkcs8(this_fixed, input),
             error.clone(),
         ) {
             (Ok(_), None) => (),
@@ -84,7 +84,7 @@ fn ecdsa_from_pkcs8_test() {
         };
 
         match (
-            signature::key_pair_from_pkcs8(this_asn1, input),
+            signature::ECDSAKeyPair::from_pkcs8(this_asn1, input),
             error.clone(),
         ) {
             (Ok(_), None) => (),
@@ -93,8 +93,8 @@ fn ecdsa_from_pkcs8_test() {
             (Err(actual), Some(expected)) => assert_eq!(actual.description(), expected),
         };
 
-        assert!(signature::key_pair_from_pkcs8(other_fixed, input).is_err());
-        assert!(signature::key_pair_from_pkcs8(other_asn1, input).is_err());
+        assert!(signature::ECDSAKeyPair::from_pkcs8(other_fixed, input).is_err());
+        assert!(signature::ECDSAKeyPair::from_pkcs8(other_asn1, input).is_err());
 
         Ok(())
     });
@@ -120,8 +120,8 @@ fn ecdsa_generate_pkcs8_test() {
         println!();
 
         #[cfg(feature = "use_heap")]
-        let _ =
-            signature::key_pair_from_pkcs8(*alg, untrusted::Input::from(pkcs8.as_ref())).unwrap();
+        let _ = signature::ECDSAKeyPair::from_pkcs8(*alg, untrusted::Input::from(pkcs8.as_ref()))
+            .unwrap();
     }
 }
 

tests/signature_tests.rs

@@ -2,11 +2,6 @@ use ring::{signature, test};
 
 #[test]
 fn signature_impl_test() {
-    #[cfg(feature = "use_heap")]
-    test::compile_time_assert_debug::<signature::KeyPair>();
-    #[cfg(feature = "use_heap")]
-    test::compile_time_assert_send::<signature::KeyPair>();
-
     test::compile_time_assert_clone::<signature::Signature>();
     test::compile_time_assert_copy::<signature::Signature>();
     test::compile_time_assert_send::<signature::Signature>();