Gate randomized signing behind a feature

alexrudy · Nov 29, 2023 · 3fbed5c · 3fbed5c
1 parent 7c07fe4
commit 3fbed5c
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 3 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -25,6 +25,7 @@ p256 = { version = "0.13", features = ["ecdsa", "jwk"], optional = true }
 p384 = { version = "0.13", optional = true }
 p521 = { version = "0.13", optional = true }
 pkcs8 = "0.10"
+rand_core = { version = "0.6.4", optional = true, default-features = false }
 rsa = { version = "0.9", features = ["sha2"], optional = true }
 serde = { version = "1", features = ["derive"] }
 serde_json = "1"
@@ -46,6 +47,7 @@ static_assertions = "1.1.0"
 [features]
 default = ["fmt", "rsa", "ecdsa", "p256", "p384", "p521", "hmac"]
 fmt = []
+rand = ["dep:rand_core"]
 rsa = ["dep:rsa"]
 hmac = ["dep:hmac"]
 ecdsa = ["dep:ecdsa", "dep:elliptic-curve"]

diff --git a/src/algorithms/ecdsa.rs b/src/algorithms/ecdsa.rs
@@ -81,6 +81,7 @@ use base64ct::Base64UrlUnpadded as Base64Url;
 use base64ct::Encoding;
 use bytes::Bytes;
 use digest::generic_array::{ArrayLength, GenericArray};
+#[cfg(feature = "rand")]
 use digest::Digest;
 use ecdsa::EncodedPoint;
 use elliptic_curve::{
@@ -90,6 +91,8 @@ use elliptic_curve::{
     AffinePoint, Curve, CurveArithmetic, FieldBytes, FieldBytesSize, JwkParameters, PublicKey,
     Scalar, SecretKey,
 };
+
+#[cfg(feature = "rand")]
 use signature::RandomizedDigestSigner;
 
 #[cfg(feature = "p256")]
@@ -347,6 +350,7 @@ macro_rules! jose_ecdsa_algorithm {
     };
 }
 
+#[cfg(feature = "rand")]
 impl<S, C> crate::algorithms::RandomizedTokenSigner<S> for ecdsa::SigningKey<C>
 where
     C: PrimeCurve + CurveArithmetic + JwkParameters + ecdsa::hazmat::DigestPrimitive,
@@ -361,7 +365,7 @@ where
         &self,
         header: &str,
         payload: &str,
-        rng: &mut impl elliptic_curve::rand_core::CryptoRngCore,
+        rng: &mut impl rand_core::CryptoRngCore,
     ) -> Result<S, signature::Error> {
         let mut digest = C::Digest::new();
         digest.update(header.as_bytes());

diff --git a/src/algorithms/mod.rs b/src/algorithms/mod.rs
@@ -58,8 +58,9 @@ use std::fmt;
 use base64ct::Encoding;
 use bytes::Bytes;
 use digest::Digest;
+#[cfg(feature = "rand")]
+use rand_core::CryptoRngCore;
 use serde::{Deserialize, Serialize};
-use signature::rand_core::CryptoRngCore;
 use signature::SignatureEncoding;
 
 #[cfg(any(feature = "p256", feature = "hmac", feature = "rsa"))]
@@ -225,6 +226,7 @@ where
     }
 }
 
+#[cfg(feature = "rand")]
 /// A trait to represent an algorithm which can sign a JWT, with a source of
 /// randomness.
 pub trait RandomizedTokenSigner<S>: DynJsonWebAlgorithm + SerializePublicJWK

diff --git a/src/token/mod.rs b/src/token/mod.rs
@@ -450,11 +450,12 @@ where
     }
 
     /// Sign this token using the given algorithm, and a random number generator.
+    #[cfg(feature = "rand")]
     #[allow(clippy::type_complexity)]
     pub fn sign_randomized<A, S>(
         self,
         algorithm: &A,
-        rng: &mut impl elliptic_curve::rand_core::CryptoRngCore,
+        rng: &mut impl rand_core::CryptoRngCore,
     ) -> Result<Token<P, Signed<H, A, S>, Fmt>, TokenSigningError>
     where
         A: crate::algorithms::RandomizedTokenSigner<S> + ?Sized,
@@ -897,6 +898,7 @@ mod test_ecdsa {
         assert_eq!(verified.payload(), Some(&"This is a signed message"));
     }
 
+    #[cfg(feature = "rand")]
     #[test]
     fn rfc7515_example_a3_randomized() {
         let pkey = &json!({