Merge branch 'master' into tf/restrict-visibility

Author: TomAFrench

Cargo.lock

@@ -6,7 +6,7 @@ use crate::{Components, signing_key::SigningKey};
 use alloc::vec;
 use core::cmp::min;
 use crypto_bigint::{BoxedUint, NonZero, RandomBits, Resize};
-use rfc6979::hmac::EagerHash;
+use digest::block_api::EagerHash;
 use signature::rand_core::TryCryptoRng;
 use zeroize::Zeroizing;
 

dsa/src/generate/secret_number.rs

@@ -13,8 +13,7 @@ use crypto_bigint::{
     BoxedUint, NonZero, Resize,
     modular::{BoxedMontyForm, BoxedMontyParams},
 };
-use digest::Update;
-use rfc6979::hmac::EagerHash;
+use digest::{Update, block_api::EagerHash};
 use signature::{
     DigestSigner, MultipartSigner, RandomizedDigestSigner, Signer,
     hazmat::{PrehashSigner, RandomizedPrehashSigner},

dsa/src/signing_key.rs

@@ -8,8 +8,7 @@ use crypto_bigint::{
     BoxedUint, NonZero, Resize,
     modular::{BoxedMontyForm, BoxedMontyParams},
 };
-use digest::Update;
-use rfc6979::hmac::EagerHash;
+use digest::{Update, block_api::EagerHash};
 use signature::{DigestVerifier, MultipartVerifier, Verifier, hazmat::PrehashVerifier};
 
 #[cfg(feature = "pkcs8")]

dsa/src/verifying_key.rs

@@ -1,8 +1,7 @@
 #![cfg(feature = "hazmat")]
 use crypto_bigint::BoxedUint;
-use digest::Update;
+use digest::{Update, block_api::EagerHash};
 use dsa::{Components, Signature, SigningKey, VerifyingKey};
-use rfc6979::hmac::EagerHash;
 use sha1::Sha1;
 use sha2::{Sha224, Sha256, Sha384, Sha512};
 use signature::DigestSigner;

dsa/tests/deterministic.rs

@@ -23,8 +23,7 @@ zeroize = { version = "1.5", default-features = false }
 
 # optional dependencies
 der = { version = "0.8.0-rc.8", optional = true }
-digest = { version = "0.11.0-rc.1", optional = true, default-features = false, features = ["oid"] }
-hmac = { version = "0.13.0-rc.1", default-features = false, optional = true }
+digest = { version = "0.11.0-rc.2", optional = true, default-features = false, features = ["oid"] }
 rfc6979 = { version = "0.5.0-rc.1", optional = true }
 serdect = { version = "0.4", optional = true, default-features = false, features = ["alloc"] }
 sha2 = { version = "0.11.0-rc.2", optional = true, default-features = false, features = ["oid"] }
@@ -40,11 +39,10 @@ default = ["digest"]
 alloc = ["elliptic-curve/alloc", "signature/alloc", "spki/alloc"]
 std = ["alloc", "elliptic-curve/std"]
 
-arithmetic = ["dep:hmac", "dep:rfc6979", "elliptic-curve/arithmetic"]
-algorithm = ["dep:rfc6979", "arithmetic", "digest", "hazmat"]
-dev = ["arithmetic", "digest", "elliptic-curve/dev", "hazmat"]
+algorithm = ["dep:rfc6979", "digest", "elliptic-curve/arithmetic", "hazmat"]
+dev = ["algorithm", "digest/dev", "elliptic-curve/dev"]
 der = ["dep:der"]
-digest = ["dep:digest", "dep:hmac", "elliptic-curve/digest", "signature/digest"]
+digest = ["dep:digest", "elliptic-curve/digest", "signature/digest"]
 hazmat = []
 pkcs8 = ["der", "digest", "elliptic-curve/pkcs8"]
 pem = ["elliptic-curve/pem", "pkcs8"]

ecdsa/Cargo.toml

@@ -393,7 +393,7 @@ fn find_scalar_range(outer: &[u8], inner: &[u8]) -> Result<Range<usize>> {
     Ok(Range { start, end })
 }
 
-#[cfg(all(test, feature = "arithmetic"))]
+#[cfg(all(test, feature = "algorithm"))]
 mod tests {
     use elliptic_curve::dev::MockCurve;
 

ecdsa/src/der.rs

@@ -6,6 +6,8 @@
 use crate::EcdsaCurve;
 use elliptic_curve::dev::MockCurve;
 
+pub use digest::dev::blobby;
+
 impl EcdsaCurve for MockCurve {
     const NORMALIZE_S: bool = false;
 }
@@ -148,14 +150,13 @@ macro_rules! new_wycheproof_test {
     ($name:ident, $test_name: expr, $curve:path) => {
         use $crate::{
             Signature,
-            elliptic_curve::{bigint::Integer, sec1::EncodedPoint},
+            elliptic_curve::sec1::EncodedPoint,
             signature::Verifier,
         };
 
         #[test]
         fn $name() {
-            use blobby::Blob5Iterator;
-            use elliptic_curve::{array::typenum::Unsigned, bigint::Encoding as _};
+            use $crate::elliptic_curve::{self, array::typenum::Unsigned};
 
             // Build a field element but allow for too-short input (left pad with zeros)
             // or too-long input (check excess leftmost bytes are zeros).
@@ -208,16 +209,48 @@ macro_rules! new_wycheproof_test {
                 }
             }
 
-            let data = include_bytes!(concat!("test_vectors/data/", $test_name, ".blb"));
+            #[derive(Debug,Clone,Copy)]
+            struct TestVector {
+                /// X coordinates of the public key
+                pub wx: &'static [u8],
+                /// Y coordinates of the public key
+                pub wy: &'static [u8],
+                /// Payload to verify
+                pub msg: &'static [u8],
+                /// Der encoding of the signature
+                pub sig: &'static [u8],
+                /// Whether the signature should verify (`[1]`) or fail (`[0]`)
+                pub pass_: &'static [u8],
+            }
 
-            for (i, row) in Blob5Iterator::new(data).unwrap().enumerate() {
-                let [wx, wy, msg, sig, status] = row.unwrap();
-                let pass = match status[0] {
-                    0 => false,
-                    1 => true,
-                    _ => panic!("invalid value for pass flag"),
-                };
-                if let Some(desc) = run_test(wx, wy, msg, sig, pass) {
+            impl TestVector {
+                pub fn pass(&self) -> bool {
+                    match self.pass_ {
+                        &[0] => false,
+                        &[1] => true,
+                        other => panic!(
+                            concat!(
+                                "Unsupported value for pass in `",
+                                $test_name,
+                                "`.\n",
+                                "found=`{other:?}`,\n",
+                                "expected=[0] or [1]"
+                            ),
+                            other=other
+                        ),
+                    }
+                }
+            }
+
+            $crate::dev::blobby::parse_into_structs!(
+                include_bytes!(concat!("test_vectors/data/", $test_name, ".blb"));
+                static TEST_VECTORS: &[
+                    TestVector { wx, wy, msg, sig, pass_ }
+                ];
+            );
+
+            for (i, tv) in TEST_VECTORS.iter().enumerate() {
+                if let Some(desc) = run_test(tv.wx, tv.wy, tv.msg, tv.sig, tv.pass()) {
                     panic!(
                         "\n\
                                  Failed test №{}: {}\n\
@@ -226,10 +259,21 @@ macro_rules! new_wycheproof_test {
                                  msg:\t{:?}\n\
                                  sig:\t{:?}\n\
                                  pass:\t{}\n",
-                        i, desc, wx, wy, msg, sig, pass,
+                        i, desc, tv.wx, tv.wy, tv.msg, tv.sig, tv.pass(),
                     );
                 }
             }
         }
     };
 }
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    impl crate::hazmat::DigestAlgorithm for MockCurve {
+        type Digest = sha2::Sha256;
+    }
+
+    new_wycheproof_test!(wycheproof_mock, "wycheproof-mock", MockCurve);
+}

ecdsa/src/dev.rs

@@ -14,9 +14,12 @@ use crate::{EcdsaCurve, Error, Result};
 use core::cmp;
 use elliptic_curve::{FieldBytes, array::typenum::Unsigned};
 
-#[cfg(feature = "arithmetic")]
+#[cfg(feature = "algorithm")]
 use {
-    crate::{RecoveryId, SignatureSize},
+    crate::{
+        RecoveryId, Signature, SignatureSize,
+        elliptic_curve::{FieldBytesEncoding, array::ArraySize},
+    },
     elliptic_curve::{
         CurveArithmetic, NonZeroScalar, ProjectivePoint, Scalar,
         ff::PrimeField,
@@ -27,14 +30,8 @@ use {
     },
 };
 
-#[cfg(feature = "arithmetic")]
-use crate::{
-    Signature,
-    elliptic_curve::{FieldBytesEncoding, array::ArraySize},
-};
-
-#[cfg(any(feature = "arithmetic", feature = "digest"))]
-use hmac::EagerHash;
+#[cfg(feature = "digest")]
+use digest::block_api::EagerHash;
 
 /// Bind a preferred [`Digest`] algorithm to an elliptic curve type.
 ///
@@ -102,7 +99,7 @@ pub fn bits2field<C: EcdsaCurve>(bits: &[u8]) -> Result<FieldBytes<C>> {
 ///
 /// This will return an error if a zero-scalar was generated. It can be tried again with a
 /// different `k`.
-#[cfg(feature = "arithmetic")]
+#[cfg(feature = "algorithm")]
 #[allow(non_snake_case)]
 pub fn sign_prehashed<C>(
     d: &NonZeroScalar<C>,
@@ -159,7 +156,7 @@ where
 /// entropy `ad`.
 ///
 /// [RFC6979]: https://datatracker.ietf.org/doc/html/rfc6979
-#[cfg(feature = "arithmetic")]
+#[cfg(feature = "algorithm")]
 pub fn sign_prehashed_rfc6979<C, D>(
     d: &NonZeroScalar<C>,
     z: &FieldBytes<C>,
@@ -201,7 +198,7 @@ where
 /// # Low-S Normalization
 ///
 /// This is a low-level function that does *NOT* apply the `EcdsaCurve::NORMALIZE_S` checks.
-#[cfg(feature = "arithmetic")]
+#[cfg(feature = "algorithm")]
 pub fn verify_prehashed<C>(
     q: &ProjectivePoint<C>,
     z: &FieldBytes<C>,

ecdsa/src/hazmat.rs

@@ -94,7 +94,7 @@ use elliptic_curve::{
 #[cfg(feature = "alloc")]
 use alloc::vec::Vec;
 
-#[cfg(feature = "arithmetic")]
+#[cfg(feature = "algorithm")]
 use {
     core::str,
     elliptic_curve::{
@@ -301,7 +301,7 @@ where
     }
 }
 
-#[cfg(feature = "arithmetic")]
+#[cfg(feature = "algorithm")]
 impl<C> Signature<C>
 where
     C: EcdsaCurve + CurveArithmetic,
@@ -424,7 +424,7 @@ where
     }
 }
 
-#[cfg(feature = "arithmetic")]
+#[cfg(feature = "algorithm")]
 impl<C> str::FromStr for Signature<C>
 where
     C: EcdsaCurve + CurveArithmetic,