From e4b60d210bedfc20070ee73e728811a6bfb69e94 Mon Sep 17 00:00:00 2001
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Date: Tue, 4 Oct 2022 00:58:00 +0300
Subject: [PATCH] signature: expand hazmat to cover sign-with-rng case

Expand hazmat with the RandomizedPrehashSigner trait, declaring fn
sign_prehash_with_rng(). This is necessary for hazmat implementation for
the RSA PSS keys.

Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
---
 signature/src/hazmat.rs | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/signature/src/hazmat.rs b/signature/src/hazmat.rs
index 4a117fcdb..8119225c6 100644
--- a/signature/src/hazmat.rs
+++ b/signature/src/hazmat.rs
@@ -12,6 +12,9 @@
 
 use crate::{Error, Signature};
 
+#[cfg(feature = "rand-preview")]
+use crate::rand_core::{CryptoRng, RngCore};
+
 /// Sign the provided message prehash, returning a digital signature.
 pub trait PrehashSigner<S: Signature> {
     /// Attempt to sign the given message digest, returning a digital signature
@@ -29,6 +32,29 @@ pub trait PrehashSigner<S: Signature> {
     fn sign_prehash(&self, prehash: &[u8]) -> Result<S, Error>;
 }
 
+/// Sign the provided message prehash using the provided external randomness source, returning a digital signature.
+#[cfg(feature = "rand-preview")]
+#[cfg_attr(docsrs, doc(cfg(feature = "rand-preview")))]
+pub trait RandomizedPrehashSigner<S: Signature> {
+    /// Attempt to sign the given message digest, returning a digital signature
+    /// on success, or an error if something went wrong.
+    ///
+    /// The `prehash` parameter should be the output of a secure cryptographic
+    /// hash function.
+    ///
+    /// This API takes a `prehash` byte slice as there can potentially be many
+    /// compatible lengths for the message digest for a given concrete signature
+    /// algorithm.
+    ///
+    /// Allowed lengths are algorithm-dependent and up to a particular
+    /// implementation to decide.
+    fn sign_prehash_with_rng(
+        &self,
+        rng: impl CryptoRng + RngCore,
+        prehash: &[u8],
+    ) -> Result<S, Error>;
+}
+
 /// Verify the provided message prehash using `Self` (e.g. a public key)
 pub trait PrehashVerifier<S: Signature> {
     /// Use `Self` to verify that the provided signature for a given message