rfc6979: replace Digest requirement with EagerHash

dsa/src/generate/secret_number.rs

@@ -6,7 +6,7 @@ use crate::{Components, signing_key::SigningKey};
 use alloc::vec;
 use core::cmp::min;
 use crypto_bigint::{BoxedUint, NonZero, RandomBits, Resize};
-use digest::{Digest, FixedOutputReset, block_api::BlockSizeUser};
+use rfc6979::hmac::EagerHash;
 use signature::rand_core::TryCryptoRng;
 use zeroize::Zeroizing;
 
@@ -25,7 +25,7 @@ pub fn secret_number_rfc6979<D>(
     hash: &[u8],
 ) -> Result<(BoxedUint, BoxedUint), signature::Error>
 where
-    D: Digest + BlockSizeUser + FixedOutputReset,
+    D: EagerHash,
 {
     let q = signing_key.verifying_key().components().q();
     let size = (q.bits() / 8) as usize;

dsa/src/signing_key.rs

@@ -13,7 +13,8 @@ use crypto_bigint::{
     BoxedUint, NonZero, Resize,
     modular::{BoxedMontyForm, BoxedMontyParams},
 };
-use digest::{Digest, FixedOutputReset, Update, block_api::BlockSizeUser};
+use digest::Update;
+use rfc6979::hmac::EagerHash;
 use signature::{
     DigestSigner, MultipartSigner, RandomizedDigestSigner, Signer,
     hazmat::{PrehashSigner, RandomizedPrehashSigner},
@@ -94,7 +95,7 @@ impl SigningKey {
     #[cfg(feature = "hazmat")]
     pub fn sign_prehashed_rfc6979<D>(&self, prehash: &[u8]) -> Result<Signature, signature::Error>
     where
-        D: Digest + BlockSizeUser + FixedOutputReset,
+        D: EagerHash,
     {
         let k_kinv = crate::generate::secret_number_rfc6979::<D>(self, prehash)?;
         self.sign_prehashed(k_kinv, prehash)
@@ -158,7 +159,7 @@ impl Signer<Signature> for SigningKey {
 impl MultipartSigner<Signature> for SigningKey {
     fn try_multipart_sign(&self, msg: &[&[u8]]) -> Result<Signature, signature::Error> {
         self.try_sign_digest(|digest: &mut sha2::Sha256| {
-            msg.iter().for_each(|slice| Digest::update(digest, slice));
+            msg.iter().for_each(|slice| digest.update(slice));
             Ok(())
         })
     }
@@ -190,15 +191,15 @@ impl RandomizedPrehashSigner<Signature> for SigningKey {
 
 impl<D> DigestSigner<D, Signature> for SigningKey
 where
-    D: Digest + BlockSizeUser + FixedOutputReset,
+    D: EagerHash + Update,
 {
     fn try_sign_digest<F: Fn(&mut D) -> Result<(), signature::Error>>(
         &self,
         f: F,
     ) -> Result<Signature, signature::Error> {
         let mut digest = D::new();
         f(&mut digest)?;
-        let hash = digest.finalize_fixed();
+        let hash = digest.finalize();
         let ks = crate::generate::secret_number_rfc6979::<D>(self, &hash)?;
 
         self.sign_prehashed(ks, &hash)
@@ -207,7 +208,7 @@ where
 
 impl<D> RandomizedDigestSigner<D, Signature> for SigningKey
 where
-    D: Digest + Update,
+    D: EagerHash + Update,
 {
     fn try_sign_digest_with_rng<
         R: TryCryptoRng + ?Sized,

dsa/src/verifying_key.rs

@@ -8,7 +8,8 @@ use crypto_bigint::{
     BoxedUint, NonZero, Resize,
     modular::{BoxedMontyForm, BoxedMontyParams},
 };
-use digest::{Digest, Update};
+use digest::Update;
+use rfc6979::hmac::EagerHash;
 use signature::{DigestVerifier, MultipartVerifier, Verifier, hazmat::PrehashVerifier};
 
 #[cfg(feature = "pkcs8")]
@@ -126,7 +127,7 @@ impl MultipartVerifier<Signature> for VerifyingKey {
     ) -> Result<(), signature::Error> {
         self.verify_digest(
             |digest: &mut sha2::Sha256| {
-                msg.iter().for_each(|slice| Digest::update(digest, slice));
+                msg.iter().for_each(|slice| digest.update(slice));
                 Ok(())
             },
             signature,
@@ -150,7 +151,7 @@ impl PrehashVerifier<Signature> for VerifyingKey {
 
 impl<D> DigestVerifier<D, Signature> for VerifyingKey
 where
-    D: Digest + Update,
+    D: EagerHash + Update,
 {
     fn verify_digest<F: Fn(&mut D) -> Result<(), signature::Error>>(
         &self,

dsa/tests/deterministic.rs

@@ -1,7 +1,8 @@
 #![cfg(feature = "hazmat")]
 use crypto_bigint::BoxedUint;
-use digest::{Digest, FixedOutputReset, block_api::BlockSizeUser};
+use digest::Update;
 use dsa::{Components, Signature, SigningKey, VerifyingKey};
+use rfc6979::hmac::EagerHash;
 use sha1::Sha1;
 use sha2::{Sha224, Sha256, Sha384, Sha512};
 use signature::DigestSigner;
@@ -100,23 +101,23 @@ fn dsa_2048_signing_key() -> SigningKey {
 /// Generate a signature given the unhashed message and a private key
 fn generate_signature<D>(signing_key: SigningKey, data: &[u8]) -> Signature
 where
-    D: Digest + BlockSizeUser + FixedOutputReset,
+    D: EagerHash + Update,
 {
-    signing_key.sign_digest(|digest: &mut D| Digest::update(digest, data))
+    signing_key.sign_digest(|digest: &mut D| Update::update(digest, data))
 }
 
 /// Generate a signature using the 1024-bit DSA key
 fn generate_1024_signature<D>(data: &[u8]) -> Signature
 where
-    D: Digest + BlockSizeUser + FixedOutputReset,
+    D: EagerHash + Update,
 {
     generate_signature::<D>(dsa_1024_signing_key(), data)
 }
 
 /// Generate a signature using the 2048-bit DSA key
 fn generate_2048_signature<D>(data: &[u8]) -> Signature
 where
-    D: Digest + BlockSizeUser + FixedOutputReset,
+    D: EagerHash + Update,
 {
     generate_signature::<D>(dsa_2048_signing_key(), data)
 }

ecdsa/Cargo.toml

@@ -24,6 +24,7 @@ zeroize = { version = "1.5", default-features = false }
 # optional dependencies
 der = { version = "0.8.0-rc.8", optional = true }
 digest = { version = "0.11.0-rc.1", optional = true, default-features = false, features = ["oid"] }
+hmac = { version = "0.13.0-rc.1", default-features = false, optional = true }
 rfc6979 = { version = "0.5.0-rc.1", optional = true }
 serdect = { version = "0.4", optional = true, default-features = false, features = ["alloc"] }
 sha2 = { version = "0.11.0-rc.2", optional = true, default-features = false, features = ["oid"] }
@@ -39,15 +40,15 @@ default = ["digest"]
 alloc = ["elliptic-curve/alloc", "signature/alloc", "spki/alloc"]
 std = ["alloc", "elliptic-curve/std"]
 
-arithmetic = ["elliptic-curve/arithmetic"]
+arithmetic = ["dep:hmac", "dep:rfc6979", "elliptic-curve/arithmetic"]
+algorithm = ["dep:rfc6979", "arithmetic", "digest", "hazmat"]
 dev = ["arithmetic", "digest", "elliptic-curve/dev", "hazmat"]
-digest = ["dep:digest", "elliptic-curve/digest", "signature/digest"]
+der = ["dep:der"]
+digest = ["dep:digest", "dep:hmac", "elliptic-curve/digest", "signature/digest"]
 hazmat = []
-pkcs8 = ["digest", "elliptic-curve/pkcs8", "der"]
+pkcs8 = ["der", "digest", "elliptic-curve/pkcs8"]
 pem = ["elliptic-curve/pem", "pkcs8"]
-serde = ["elliptic-curve/serde", "pkcs8", "serdect"]
-signing = ["arithmetic", "digest", "hazmat", "rfc6979"]
-verifying = ["arithmetic", "digest", "hazmat"]
+serde = ["dep:serdect", "elliptic-curve/serde", "pkcs8"]
 
 [package.metadata.docs.rs]
 all-features = true

ecdsa/src/hazmat.rs

@@ -27,14 +27,14 @@ use {
     },
 };
 
-#[cfg(feature = "digest")]
-use signature::digest::{Digest, FixedOutput, FixedOutputReset, block_api::BlockSizeUser};
-
-#[cfg(feature = "rfc6979")]
-use elliptic_curve::FieldBytesEncoding;
+#[cfg(feature = "arithmetic")]
+use crate::{
+    Signature,
+    elliptic_curve::{FieldBytesEncoding, array::ArraySize},
+};
 
-#[cfg(any(feature = "arithmetic", feature = "rfc6979"))]
-use crate::{Signature, elliptic_curve::array::ArraySize};
+#[cfg(any(feature = "arithmetic", feature = "digest"))]
+use hmac::EagerHash;
 
 /// Bind a preferred [`Digest`] algorithm to an elliptic curve type.
 ///
@@ -44,7 +44,7 @@ use crate::{Signature, elliptic_curve::array::ArraySize};
 pub trait DigestAlgorithm: EcdsaCurve {
     /// Preferred digest to use when computing ECDSA signatures for this
     /// elliptic curve. This is typically a member of the SHA-2 family.
-    type Digest: BlockSizeUser + Digest + FixedOutput + FixedOutputReset;
+    type Digest: EagerHash + digest::Update;
 }
 
 /// Partial implementation of the `bits2int` function as defined in
@@ -159,15 +159,15 @@ where
 /// entropy `ad`.
 ///
 /// [RFC6979]: https://datatracker.ietf.org/doc/html/rfc6979
-#[cfg(feature = "rfc6979")]
+#[cfg(feature = "arithmetic")]
 pub fn sign_prehashed_rfc6979<C, D>(
     d: &NonZeroScalar<C>,
     z: &FieldBytes<C>,
     ad: &[u8],
 ) -> Result<(Signature<C>, RecoveryId)>
 where
     C: EcdsaCurve + CurveArithmetic,
-    D: Digest + BlockSizeUser + FixedOutput + FixedOutputReset,
+    D: EagerHash,
     SignatureSize<C>: ArraySize,
 {
     // From RFC6979 § 2.4:

ecdsa/src/lib.rs

@@ -65,9 +65,9 @@ pub mod der;
 pub mod dev;
 #[cfg(feature = "hazmat")]
 pub mod hazmat;
-#[cfg(feature = "signing")]
+#[cfg(feature = "algorithm")]
 mod signing;
-#[cfg(feature = "verifying")]
+#[cfg(feature = "algorithm")]
 mod verifying;
 
 pub use crate::recovery::RecoveryId;
@@ -79,9 +79,9 @@ pub use elliptic_curve::{self, PrimeCurve, sec1::EncodedPoint};
 pub use signature::{self, Error, Result, SignatureEncoding};
 use zeroize::Zeroize;
 
-#[cfg(feature = "signing")]
+#[cfg(feature = "algorithm")]
 pub use crate::signing::SigningKey;
-#[cfg(feature = "verifying")]
+#[cfg(feature = "algorithm")]
 pub use crate::verifying::VerifyingKey;
 
 use core::{fmt, ops::Add};