fix: Don't take ownership of data when using AsyncSigner; use a reference instead

sdk/src/callback_signer.rs

@@ -133,8 +133,8 @@ use async_trait::async_trait;
 #[cfg_attr(not(target_arch = "wasm32"), async_trait)]
 // I'm not sure if this is useful since the callback is still synchronous.
 impl AsyncSigner for CallbackSigner {
-    async fn sign(&self, data: Vec<u8>) -> Result<Vec<u8>> {
-        (self.callback)(self.context, &data)
+    async fn sign(&self, data: &[u8]) -> Result<Vec<u8>> {
+        (self.callback)(self.context, data)
     }
 
     fn alg(&self) -> SigningAlg {

sdk/src/cose_sign.rs

@@ -179,7 +179,7 @@ pub(crate) fn cose_sign(signer: &dyn Signer, data: &[u8], box_size: usize) -> Re
     if _sync {
         sign1.signature = signer.sign(&tbs)?;
     } else {
-        sign1.signature = signer.sign(tbs).await?;
+        sign1.signature = signer.sign(&tbs).await?;
     }
 
     sign1.payload = None; // clear the payload since it is known

sdk/src/openssl/temp_signer_async.rs

@@ -70,9 +70,9 @@ impl AsyncSignerAdapter {
 #[cfg(feature = "openssl_sign")]
 #[async_trait::async_trait]
 impl crate::AsyncSigner for AsyncSignerAdapter {
-    async fn sign(&self, data: Vec<u8>) -> crate::error::Result<Vec<u8>> {
+    async fn sign(&self, data: &[u8]) -> crate::error::Result<Vec<u8>> {
         let signer = get_local_signer(self.alg);
-        signer.sign(&data)
+        signer.sign(data)
     }
 
     fn alg(&self) -> SigningAlg {

sdk/src/signer.rs

@@ -126,7 +126,7 @@ use async_trait::async_trait;
 #[cfg_attr(not(target_arch = "wasm32"), async_trait)]
 pub trait AsyncSigner: Sync {
     /// Returns a new byte array which is a signature over the original.
-    async fn sign(&self, data: Vec<u8>) -> Result<Vec<u8>>;
+    async fn sign(&self, data: &[u8]) -> Result<Vec<u8>>;
 
     /// Returns the algorithm of the Signer.
     fn alg(&self) -> SigningAlg;

sdk/src/store.rs

@@ -505,7 +505,7 @@ impl Store {
         } else {
             if signer.direct_cose_handling() {
                 // Let the signer do all the COSE processing and return the structured COSE data.
-                return signer.sign(claim_bytes.clone()).await; // do not verify remote signers (we never did)
+                return signer.sign(&claim_bytes).await; // do not verify remote signers (we never did)
             } else {
                 cose_sign_async(signer, &claim_bytes, box_size).await
             }

sdk/src/utils/test.rs

@@ -298,7 +298,7 @@ pub(crate) struct AsyncTestGoodSigner {}
 #[cfg_attr(target_arch = "wasm32", async_trait::async_trait(?Send))]
 #[cfg_attr(not(target_arch = "wasm32"), async_trait::async_trait)]
 impl crate::AsyncSigner for AsyncTestGoodSigner {
-    async fn sign(&self, _data: Vec<u8>) -> Result<Vec<u8>> {
+    async fn sign(&self, _data: &[u8]) -> Result<Vec<u8>> {
         Ok(b"not a valid signature".to_vec())
     }
 
@@ -476,7 +476,7 @@ impl crate::signer::AsyncSigner for WebCryptoSigner {
         Ok(self.certs.clone())
     }
 
-    async fn sign(&self, claim_bytes: Vec<u8>) -> crate::error::Result<Vec<u8>> {
+    async fn sign(&self, claim_bytes: &[u8]) -> crate::error::Result<Vec<u8>> {
         use js_sys::{Array, Object, Reflect, Uint8Array};
         use wasm_bindgen_futures::JsFuture;
         use web_sys::CryptoKey;
@@ -485,7 +485,7 @@ impl crate::signer::AsyncSigner for WebCryptoSigner {
         let context = WindowOrWorker::new().unwrap();
         let crypto = context.subtle_crypto().unwrap();
 
-        let mut data = claim_bytes.clone();
+        let mut data = claim_bytes;
         let promise = crypto
             .digest_with_str_and_u8_array("SHA-256", &mut data)
             .unwrap();
@@ -542,14 +542,14 @@ struct TempAsyncRemoteSigner {
 #[cfg_attr(not(target_arch = "wasm32"), async_trait::async_trait)]
 impl crate::signer::AsyncSigner for TempAsyncRemoteSigner {
     // this will not be called but requires an implementation
-    async fn sign(&self, claim_bytes: Vec<u8>) -> Result<Vec<u8>> {
+    async fn sign(&self, claim_bytes: &[u8]) -> Result<Vec<u8>> {
         #[cfg(feature = "openssl_sign")]
         {
             let signer =
                 crate::openssl::temp_signer_async::AsyncSignerAdapter::new(SigningAlg::Ps256);
 
             // this would happen on some remote server
-            crate::cose_sign::cose_sign_async(&signer, &claim_bytes, self.reserve_size()).await
+            crate::cose_sign::cose_sign_async(&signer, claim_bytes, self.reserve_size()).await
         }
         #[cfg(not(feature = "openssl_sign"))]
         {
@@ -558,7 +558,7 @@ impl crate::signer::AsyncSigner for TempAsyncRemoteSigner {
             let mut sign_bytes = std::io::Cursor::new(vec![0u8; self.reserve_size()]);
 
             sign_bytes.rewind()?;
-            sign_bytes.write_all(&claim_bytes)?;
+            sign_bytes.write_all(claim_bytes)?;
 
             // fake sig
             Ok(sign_bytes.into_inner())