Update chagelog and docstrings

This commit updates the changelog and adds docstrings for methods `new_from_public_key`, `sign`, and `verify` for `KmsKey`s to specifically highlight the need to call these methods from a Tokio runtime. Signed-off-by: Mark Kirichenko <[email protected]>
awslabs · Jan 14, 2025 · 76db9ab · 76db9ab
1 parent 60941d8
commit 76db9ab
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,21 @@
 
 # Changelog
 
+## 0.5.3
+* Bumped `aws-sdk-kms` to 1.22
+* Bumped MSRV to 1.71
+* Updated docstrings to mention the need in Tokio runtime for non-local key
+use-cases
+
+## 0.5.2
+* Bumped `serde_with` to 3.3
+* Bumped `tss-esapi` to 7.5
+* Bumped `aws-sdk-kms` to 1.20
+* Bumped MSRV to 1.68
+
+## 0.5.1
+* Fixed serde build errors after update
+
 ## 0.5.0
 * Support signing with an AWS KMS private key via the `key_kms` feature. (thank you @puiterwijk)
 * Abstract Openssl operations (thank you @raoulstrackx)

diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "aws-nitro-enclaves-cose"
-version = "0.5.2"
+version = "0.5.3"
 authors = ["Petre Eftime <[email protected]>"]
 edition = "2018"
 license = "Apache-2.0"

diff --git a/src/crypto/kms.rs b/src/crypto/kms.rs
@@ -52,6 +52,8 @@ impl KmsKey {
 
     /// Create a new KmsKey, using the specified client and key_id.
     ///
+    /// This method must be called from a Tokio context, otherwise the call panics.
+    ///
     /// The sig_alg needs to be valid for the specified key.
     /// This version will use local signature verification.
     /// If no public key is passed in, the key will be retrieved with GetPublicKey.
@@ -123,6 +125,21 @@ impl SigningPublicKey for KmsKey {
         Ok((self.sig_alg, self.sig_alg.suggested_message_digest()))
     }
 
+    /// Verifies a digital signature.
+    ///
+    /// If KMS is used for verification, this method must be called from a Tokio context,
+    /// otherwise the call panics.
+    ///
+    /// # Arguments
+    ///
+    /// * `data` - A byte slice containing the data to verify
+    /// * `signature` - A byte slice containing the signature to verify against the data
+    ///
+    /// # Returns
+    ///
+    /// * `Ok(true)` - If the signature is valid for the given data
+    /// * `Ok(false)` - If the signature is invalid or verification fails gracefully
+    /// * `Err(CoseError)` - If an error occurs during verification
     fn verify(&self, data: &[u8], signature: &[u8]) -> Result<bool, CoseError> {
         if self.public_key.is_some() {
             #[cfg(feature = "key_openssl_pkey")]
@@ -172,6 +189,18 @@ impl SigningPublicKey for KmsKey {
 }
 
 impl SigningPrivateKey for KmsKey {
+    /// Signs data using AWS KMS and formats the signature according to the ECDSA specification.
+    ///
+    /// This method must be called from a Tokio context, otherwise the call panics.
+    ///
+    /// # Arguments
+    ///
+    /// * `data` - A byte slice containing the data to be signed
+    ///
+    /// # Returns
+    ///
+    /// * `Ok(Vec<u8>)` - A vector containing the formatted signature bytes
+    /// * `Err(CoseError)` - If signing or signature formatting fails
     fn sign(&self, data: &[u8]) -> Result<Vec<u8>, CoseError> {
         let request = self
             .client