Replace Digest requirement with EagerHash

Author: daxpedda

dsa/src/generate/secret_number.rs

@@ -6,7 +6,7 @@ use crate::{Components, signing_key::SigningKey};
 use alloc::vec;
 use core::cmp::min;
 use crypto_bigint::{BoxedUint, NonZero, RandomBits, Resize};
-use digest::{Digest, FixedOutputReset, block_api::BlockSizeUser};
+use rfc6979::hmac::EagerHash;
 use signature::rand_core::TryCryptoRng;
 use zeroize::Zeroizing;
 
@@ -25,7 +25,7 @@ pub fn secret_number_rfc6979<D>(
     hash: &[u8],
 ) -> Result<(BoxedUint, BoxedUint), signature::Error>
 where
-    D: Digest + BlockSizeUser + FixedOutputReset,
+    D: EagerHash,
 {
     let q = signing_key.verifying_key().components().q();
     let size = (q.bits() / 8) as usize;

dsa/src/signing_key.rs

@@ -13,7 +13,8 @@ use crypto_bigint::{
     BoxedUint, NonZero, Resize,
     modular::{BoxedMontyForm, BoxedMontyParams},
 };
-use digest::{Digest, FixedOutputReset, Update, block_api::BlockSizeUser};
+use digest::Update;
+use rfc6979::hmac::EagerHash;
 use signature::{
     DigestSigner, MultipartSigner, RandomizedDigestSigner, Signer,
     hazmat::{PrehashSigner, RandomizedPrehashSigner},
@@ -94,7 +95,7 @@ impl SigningKey {
     #[cfg(feature = "hazmat")]
     pub fn sign_prehashed_rfc6979<D>(&self, prehash: &[u8]) -> Result<Signature, signature::Error>
     where
-        D: Digest + BlockSizeUser + FixedOutputReset,
+        D: EagerHash,
     {
         let k_kinv = crate::generate::secret_number_rfc6979::<D>(self, prehash)?;
         self.sign_prehashed(k_kinv, prehash)
@@ -158,7 +159,7 @@ impl Signer<Signature> for SigningKey {
 impl MultipartSigner<Signature> for SigningKey {
     fn try_multipart_sign(&self, msg: &[&[u8]]) -> Result<Signature, signature::Error> {
         self.try_sign_digest(|digest: &mut sha2::Sha256| {
-            msg.iter().for_each(|slice| Digest::update(digest, slice));
+            msg.iter().for_each(|slice| digest.update(slice));
             Ok(())
         })
     }
@@ -190,15 +191,15 @@ impl RandomizedPrehashSigner<Signature> for SigningKey {
 
 impl<D> DigestSigner<D, Signature> for SigningKey
 where
-    D: Digest + BlockSizeUser + FixedOutputReset,
+    D: EagerHash + Update,
 {
     fn try_sign_digest<F: Fn(&mut D) -> Result<(), signature::Error>>(
         &self,
         f: F,
     ) -> Result<Signature, signature::Error> {
         let mut digest = D::new();
         f(&mut digest)?;
-        let hash = digest.finalize_fixed();
+        let hash = digest.finalize();
         let ks = crate::generate::secret_number_rfc6979::<D>(self, &hash)?;
 
         self.sign_prehashed(ks, &hash)
@@ -207,7 +208,7 @@ where
 
 impl<D> RandomizedDigestSigner<D, Signature> for SigningKey
 where
-    D: Digest + Update,
+    D: EagerHash + Update,
 {
     fn try_sign_digest_with_rng<
         R: TryCryptoRng + ?Sized,

dsa/src/verifying_key.rs

@@ -8,7 +8,8 @@ use crypto_bigint::{
     BoxedUint, NonZero, Resize,
     modular::{BoxedMontyForm, BoxedMontyParams},
 };
-use digest::{Digest, Update};
+use digest::Update;
+use rfc6979::hmac::EagerHash;
 use signature::{DigestVerifier, MultipartVerifier, Verifier, hazmat::PrehashVerifier};
 
 #[cfg(feature = "pkcs8")]
@@ -126,7 +127,7 @@ impl MultipartVerifier<Signature> for VerifyingKey {
     ) -> Result<(), signature::Error> {
         self.verify_digest(
             |digest: &mut sha2::Sha256| {
-                msg.iter().for_each(|slice| Digest::update(digest, slice));
+                msg.iter().for_each(|slice| digest.update(slice));
                 Ok(())
             },
             signature,
@@ -150,7 +151,7 @@ impl PrehashVerifier<Signature> for VerifyingKey {
 
 impl<D> DigestVerifier<D, Signature> for VerifyingKey
 where
-    D: Digest + Update,
+    D: EagerHash + Update,
 {
     fn verify_digest<F: Fn(&mut D) -> Result<(), signature::Error>>(
         &self,

dsa/tests/deterministic.rs

@@ -1,7 +1,8 @@
 #![cfg(feature = "hazmat")]
 use crypto_bigint::BoxedUint;
-use digest::{Digest, FixedOutputReset, block_api::BlockSizeUser};
+use digest::Update;
 use dsa::{Components, Signature, SigningKey, VerifyingKey};
+use rfc6979::hmac::EagerHash;
 use sha1::Sha1;
 use sha2::{Sha224, Sha256, Sha384, Sha512};
 use signature::DigestSigner;
@@ -100,23 +101,23 @@ fn dsa_2048_signing_key() -> SigningKey {
 /// Generate a signature given the unhashed message and a private key
 fn generate_signature<D>(signing_key: SigningKey, data: &[u8]) -> Signature
 where
-    D: Digest + BlockSizeUser + FixedOutputReset,
+    D: EagerHash + Update,
 {
-    signing_key.sign_digest(|digest: &mut D| Digest::update(digest, data))
+    signing_key.sign_digest(|digest: &mut D| Update::update(digest, data))
 }
 
 /// Generate a signature using the 1024-bit DSA key
 fn generate_1024_signature<D>(data: &[u8]) -> Signature
 where
-    D: Digest + BlockSizeUser + FixedOutputReset,
+    D: EagerHash + Update,
 {
     generate_signature::<D>(dsa_1024_signing_key(), data)
 }
 
 /// Generate a signature using the 2048-bit DSA key
 fn generate_2048_signature<D>(data: &[u8]) -> Signature
 where
-    D: Digest + BlockSizeUser + FixedOutputReset,
+    D: EagerHash + Update,
 {
     generate_signature::<D>(dsa_2048_signing_key(), data)
 }

ecdsa/Cargo.toml

@@ -46,8 +46,7 @@ hazmat = []
 pkcs8 = ["digest", "elliptic-curve/pkcs8", "der"]
 pem = ["elliptic-curve/pem", "pkcs8"]
 serde = ["elliptic-curve/serde", "pkcs8", "serdect"]
-signing = ["arithmetic", "digest", "hazmat", "rfc6979"]
-verifying = ["arithmetic", "digest", "hazmat"]
+signature = ["arithmetic", "digest", "hazmat", "rfc6979"]
 
 [package.metadata.docs.rs]
 all-features = true

ecdsa/src/hazmat.rs

@@ -27,12 +27,12 @@ use {
     },
 };
 
-#[cfg(feature = "digest")]
-use signature::digest::{Digest, FixedOutput, FixedOutputReset, block_api::BlockSizeUser};
-
 #[cfg(feature = "rfc6979")]
 use elliptic_curve::FieldBytesEncoding;
 
+#[cfg(any(feature = "digest", feature = "rfc6979"))]
+use rfc6979::hmac::EagerHash;
+
 #[cfg(any(feature = "arithmetic", feature = "rfc6979"))]
 use crate::{Signature, elliptic_curve::array::ArraySize};
 
@@ -44,7 +44,7 @@ use crate::{Signature, elliptic_curve::array::ArraySize};
 pub trait DigestAlgorithm: EcdsaCurve {
     /// Preferred digest to use when computing ECDSA signatures for this
     /// elliptic curve. This is typically a member of the SHA-2 family.
-    type Digest: BlockSizeUser + Digest + FixedOutput + FixedOutputReset;
+    type Digest: EagerHash + digest::Update;
 }
 
 /// Partial implementation of the `bits2int` function as defined in
@@ -167,7 +167,7 @@ pub fn sign_prehashed_rfc6979<C, D>(
 ) -> Result<(Signature<C>, RecoveryId)>
 where
     C: EcdsaCurve + CurveArithmetic,
-    D: Digest + BlockSizeUser + FixedOutput + FixedOutputReset,
+    D: EagerHash,
     SignatureSize<C>: ArraySize,
 {
     // From RFC6979 § 2.4:

ecdsa/src/lib.rs

@@ -65,9 +65,9 @@ pub mod der;
 pub mod dev;
 #[cfg(feature = "hazmat")]
 pub mod hazmat;
-#[cfg(feature = "signing")]
+#[cfg(feature = "signature")]
 mod signing;
-#[cfg(feature = "verifying")]
+#[cfg(feature = "signature")]
 mod verifying;
 
 pub use crate::recovery::RecoveryId;
@@ -79,9 +79,9 @@ pub use elliptic_curve::{self, PrimeCurve, sec1::EncodedPoint};
 pub use signature::{self, Error, Result, SignatureEncoding};
 use zeroize::Zeroize;
 
-#[cfg(feature = "signing")]
+#[cfg(feature = "signature")]
 pub use crate::signing::SigningKey;
-#[cfg(feature = "verifying")]
+#[cfg(feature = "signature")]
 pub use crate::verifying::VerifyingKey;
 
 use core::{fmt, ops::Add};

ecdsa/src/recovery.rs

@@ -2,38 +2,29 @@
 
 use crate::{Error, Result};
 
-#[cfg(feature = "signing")]
+#[cfg(feature = "signature")]
 use {
-    crate::{SigningKey, hazmat::sign_prehashed_rfc6979},
-    elliptic_curve::{FieldBytes, subtle::CtOption},
-    signature::{
-        DigestSigner, MultipartSigner, RandomizedDigestSigner, Signer,
-        digest::{FixedOutput, Update},
-        hazmat::{PrehashSigner, RandomizedPrehashSigner},
-        rand_core::TryCryptoRng,
+    crate::{
+        EcdsaCurve, Signature, SignatureSize, SigningKey, VerifyingKey,
+        hazmat::{DigestAlgorithm, bits2field, sign_prehashed_rfc6979, verify_prehashed},
     },
-};
-
-#[cfg(feature = "verifying")]
-use {
-    crate::{VerifyingKey, hazmat::verify_prehashed},
     elliptic_curve::{
         AffinePoint, FieldBytesEncoding, FieldBytesSize, Group, PrimeField, ProjectivePoint,
         bigint::CheckedAdd,
         ops::{LinearCombination, Reduce},
         point::DecompressPoint,
         sec1::{self, FromEncodedPoint, ToEncodedPoint},
     },
-};
-
-#[cfg(any(feature = "signing", feature = "verifying"))]
-use {
-    crate::{
-        EcdsaCurve, Signature, SignatureSize,
-        hazmat::{DigestAlgorithm, bits2field},
+    elliptic_curve::{
+        CurveArithmetic, FieldBytes, Scalar, array::ArraySize, ops::Invert, subtle::CtOption,
+    },
+    rfc6979::hmac::EagerHash,
+    signature::{
+        DigestSigner, MultipartSigner, RandomizedDigestSigner, Signer,
+        digest::Digest,
+        hazmat::{PrehashSigner, RandomizedPrehashSigner},
+        rand_core::TryCryptoRng,
     },
-    elliptic_curve::{CurveArithmetic, Scalar, array::ArraySize, ops::Invert},
-    signature::digest::Digest,
 };
 
 /// Recovery IDs, a.k.a. "recid".
@@ -89,7 +80,7 @@ impl RecoveryId {
     }
 }
 
-#[cfg(feature = "verifying")]
+#[cfg(feature = "signature")]
 impl RecoveryId {
     /// Given a public key, message, and signature, use trial recovery
     /// to determine if a suitable recovery ID exists, or return an error
@@ -118,7 +109,7 @@ impl RecoveryId {
     ) -> Result<Self>
     where
         C: EcdsaCurve + CurveArithmetic,
-        D: Digest,
+        D: EagerHash,
         AffinePoint<C>: DecompressPoint<C> + FromEncodedPoint<C> + ToEncodedPoint<C>,
         FieldBytesSize<C>: sec1::ModulusSize,
         SignatureSize<C>: ArraySize,
@@ -176,7 +167,7 @@ impl From<RecoveryId> for u8 {
     }
 }
 
-#[cfg(feature = "signing")]
+#[cfg(feature = "signature")]
 impl<C> SigningKey<C>
 where
     C: EcdsaCurve + CurveArithmetic + DigestAlgorithm,
@@ -213,7 +204,7 @@ where
     /// Sign the given message digest, returning a signature and recovery ID.
     pub fn sign_digest_recoverable<D>(&self, msg_digest: D) -> Result<(Signature<C>, RecoveryId)>
     where
-        D: Digest,
+        D: EagerHash,
     {
         self.sign_prehash_recoverable(&msg_digest.finalize())
     }
@@ -225,11 +216,11 @@ where
     }
 }
 
-#[cfg(feature = "signing")]
+#[cfg(feature = "signature")]
 impl<C, D> DigestSigner<D, (Signature<C>, RecoveryId)> for SigningKey<C>
 where
     C: EcdsaCurve + CurveArithmetic + DigestAlgorithm,
-    D: Digest + Update,
+    D: EagerHash + digest::Update,
     Scalar<C>: Invert<Output = CtOption<Scalar<C>>>,
     SignatureSize<C>: ArraySize,
 {
@@ -243,7 +234,7 @@ where
     }
 }
 
-#[cfg(feature = "signing")]
+#[cfg(feature = "signature")]
 impl<C> RandomizedPrehashSigner<(Signature<C>, RecoveryId)> for SigningKey<C>
 where
     C: EcdsaCurve + CurveArithmetic + DigestAlgorithm,
@@ -259,11 +250,11 @@ where
     }
 }
 
-#[cfg(feature = "signing")]
+#[cfg(feature = "signature")]
 impl<C, D> RandomizedDigestSigner<D, (Signature<C>, RecoveryId)> for SigningKey<C>
 where
     C: EcdsaCurve + CurveArithmetic + DigestAlgorithm,
-    D: Digest + FixedOutput,
+    D: EagerHash + digest::Update,
     Scalar<C>: Invert<Output = CtOption<Scalar<C>>>,
     SignatureSize<C>: ArraySize,
 {
@@ -274,11 +265,11 @@ where
     ) -> Result<(Signature<C>, RecoveryId)> {
         let mut digest = D::new();
         f(&mut digest)?;
-        self.sign_prehash_with_rng(rng, &digest.finalize_fixed())
+        self.sign_prehash_with_rng(rng, &digest.finalize())
     }
 }
 
-#[cfg(feature = "signing")]
+#[cfg(feature = "signature")]
 impl<C> PrehashSigner<(Signature<C>, RecoveryId)> for SigningKey<C>
 where
     C: EcdsaCurve + CurveArithmetic + DigestAlgorithm,
@@ -290,7 +281,7 @@ where
     }
 }
 
-#[cfg(feature = "signing")]
+#[cfg(feature = "signature")]
 impl<C> Signer<(Signature<C>, RecoveryId)> for SigningKey<C>
 where
     C: EcdsaCurve + CurveArithmetic + DigestAlgorithm,
@@ -302,7 +293,7 @@ where
     }
 }
 
-#[cfg(feature = "signing")]
+#[cfg(feature = "signature")]
 impl<C> MultipartSigner<(Signature<C>, RecoveryId)> for SigningKey<C>
 where
     C: EcdsaCurve + CurveArithmetic + DigestAlgorithm,
@@ -311,13 +302,12 @@ where
 {
     fn try_multipart_sign(&self, msg: &[&[u8]]) -> Result<(Signature<C>, RecoveryId)> {
         let mut digest = C::Digest::new();
-        msg.iter()
-            .for_each(|slice| Digest::update(&mut digest, slice));
+        msg.iter().for_each(|slice| digest.update(slice));
         self.sign_digest_recoverable(digest)
     }
 }
 
-#[cfg(feature = "verifying")]
+#[cfg(feature = "signature")]
 impl<C> VerifyingKey<C>
 where
     C: EcdsaCurve + CurveArithmetic,
@@ -348,7 +338,7 @@ where
         recovery_id: RecoveryId,
     ) -> Result<Self>
     where
-        D: Digest,
+        D: EagerHash,
     {
         Self::recover_from_prehash(&msg_digest.finalize(), signature, recovery_id)
     }