From 81b6eb0bd9875e48eccd10895ebf09c644b2fa32 Mon Sep 17 00:00:00 2001 From: daxpedda Date: Tue, 16 Sep 2025 13:13:53 +0200 Subject: [PATCH 1/2] Update to `digest::EagerHash` --- Cargo.lock | 9 ++++----- dsa/src/generate/secret_number.rs | 2 +- dsa/src/signing_key.rs | 3 +-- dsa/src/verifying_key.rs | 3 +-- dsa/tests/deterministic.rs | 3 +-- ecdsa/Cargo.toml | 7 +++---- ecdsa/src/hazmat.rs | 2 +- ecdsa/src/recovery.rs | 3 +-- ecdsa/src/signing.rs | 3 +-- ecdsa/src/verifying.rs | 3 +-- rfc6979/src/lib.rs | 3 ++- 11 files changed, 17 insertions(+), 24 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 46577b69..0eb256c9 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -319,9 +319,9 @@ dependencies = [ [[package]] name = "digest" -version = "0.11.0-rc.1" +version = "0.11.0-rc.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3a4aae35a0fcbe22ff1be50fe96df72002d5a4a6fb4aae9193cf2da0daa36da2" +checksum = "6749b668519cd7149ee3d11286a442a8a8bdc3a9d529605f579777bfccc5a4bc" dependencies = [ "block-buffer", "const-oid", @@ -358,7 +358,6 @@ dependencies = [ "digest", "elliptic-curve", "hex-literal", - "hmac", "rfc6979", "serdect", "sha2", @@ -525,9 +524,9 @@ checksum = "bcaaec4551594c969335c98c903c1397853d4198408ea609190f420500f6be71" [[package]] name = "hmac" -version = "0.13.0-rc.1" +version = "0.13.0-rc.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49e206bca159aebaaed410f5e78b2fe56bfc0dd5b19ecae922813b8556b8b07e" +checksum = "a3fd4dc94c318c1ede8a2a48341c250d6ddecd3ba793da2820301a9f92417ad9" dependencies = [ "digest", ] diff --git a/dsa/src/generate/secret_number.rs b/dsa/src/generate/secret_number.rs index b8516285..994e8473 100644 --- a/dsa/src/generate/secret_number.rs +++ b/dsa/src/generate/secret_number.rs @@ -6,7 +6,7 @@ use crate::{Components, signing_key::SigningKey}; use alloc::vec; use core::cmp::min; use crypto_bigint::{BoxedUint, NonZero, RandomBits, Resize}; -use rfc6979::hmac::EagerHash; +use digest::block_api::EagerHash; use signature::rand_core::TryCryptoRng; use zeroize::Zeroizing; diff --git a/dsa/src/signing_key.rs b/dsa/src/signing_key.rs index 3a345260..613da1f7 100644 --- a/dsa/src/signing_key.rs +++ b/dsa/src/signing_key.rs @@ -13,8 +13,7 @@ use crypto_bigint::{ BoxedUint, NonZero, Resize, modular::{BoxedMontyForm, BoxedMontyParams}, }; -use digest::Update; -use rfc6979::hmac::EagerHash; +use digest::{Update, block_api::EagerHash}; use signature::{ DigestSigner, MultipartSigner, RandomizedDigestSigner, Signer, hazmat::{PrehashSigner, RandomizedPrehashSigner}, diff --git a/dsa/src/verifying_key.rs b/dsa/src/verifying_key.rs index 2ff7258a..481d04fc 100644 --- a/dsa/src/verifying_key.rs +++ b/dsa/src/verifying_key.rs @@ -8,8 +8,7 @@ use crypto_bigint::{ BoxedUint, NonZero, Resize, modular::{BoxedMontyForm, BoxedMontyParams}, }; -use digest::Update; -use rfc6979::hmac::EagerHash; +use digest::{Update, block_api::EagerHash}; use signature::{DigestVerifier, MultipartVerifier, Verifier, hazmat::PrehashVerifier}; #[cfg(feature = "pkcs8")] diff --git a/dsa/tests/deterministic.rs b/dsa/tests/deterministic.rs index a2cced1d..cc8610b7 100644 --- a/dsa/tests/deterministic.rs +++ b/dsa/tests/deterministic.rs @@ -1,8 +1,7 @@ #![cfg(feature = "hazmat")] use crypto_bigint::BoxedUint; -use digest::Update; +use digest::{Update, block_api::EagerHash}; use dsa::{Components, Signature, SigningKey, VerifyingKey}; -use rfc6979::hmac::EagerHash; use sha1::Sha1; use sha2::{Sha224, Sha256, Sha384, Sha512}; use signature::DigestSigner; diff --git a/ecdsa/Cargo.toml b/ecdsa/Cargo.toml index cdae64fa..ed1e8691 100644 --- a/ecdsa/Cargo.toml +++ b/ecdsa/Cargo.toml @@ -23,8 +23,7 @@ zeroize = { version = "1.5", default-features = false } # optional dependencies der = { version = "0.8.0-rc.8", optional = true } -digest = { version = "0.11.0-rc.1", optional = true, default-features = false, features = ["oid"] } -hmac = { version = "0.13.0-rc.1", default-features = false, optional = true } +digest = { version = "0.11.0-rc.2", optional = true, default-features = false, features = ["oid"] } rfc6979 = { version = "0.5.0-rc.1", optional = true } serdect = { version = "0.4", optional = true, default-features = false, features = ["alloc"] } sha2 = { version = "0.11.0-rc.2", optional = true, default-features = false, features = ["oid"] } @@ -40,11 +39,11 @@ default = ["digest"] alloc = ["elliptic-curve/alloc", "signature/alloc", "spki/alloc"] std = ["alloc", "elliptic-curve/std"] -arithmetic = ["dep:hmac", "dep:rfc6979", "elliptic-curve/arithmetic"] +arithmetic = ["dep:digest", "dep:rfc6979", "elliptic-curve/arithmetic"] algorithm = ["dep:rfc6979", "arithmetic", "digest", "hazmat"] dev = ["arithmetic", "digest", "elliptic-curve/dev", "hazmat"] der = ["dep:der"] -digest = ["dep:digest", "dep:hmac", "elliptic-curve/digest", "signature/digest"] +digest = ["dep:digest", "elliptic-curve/digest", "signature/digest"] hazmat = [] pkcs8 = ["der", "digest", "elliptic-curve/pkcs8"] pem = ["elliptic-curve/pem", "pkcs8"] diff --git a/ecdsa/src/hazmat.rs b/ecdsa/src/hazmat.rs index 911611f7..fe2d3009 100644 --- a/ecdsa/src/hazmat.rs +++ b/ecdsa/src/hazmat.rs @@ -34,7 +34,7 @@ use crate::{ }; #[cfg(any(feature = "arithmetic", feature = "digest"))] -use hmac::EagerHash; +use digest::block_api::EagerHash; /// Bind a preferred [`Digest`] algorithm to an elliptic curve type. /// diff --git a/ecdsa/src/recovery.rs b/ecdsa/src/recovery.rs index e9234c02..27783e97 100644 --- a/ecdsa/src/recovery.rs +++ b/ecdsa/src/recovery.rs @@ -8,6 +8,7 @@ use { EcdsaCurve, Signature, SignatureSize, SigningKey, VerifyingKey, hazmat::{DigestAlgorithm, bits2field, sign_prehashed_rfc6979, verify_prehashed}, }, + digest::{Digest, block_api::EagerHash}, elliptic_curve::{ AffinePoint, FieldBytesEncoding, FieldBytesSize, Group, PrimeField, ProjectivePoint, bigint::CheckedAdd, @@ -18,10 +19,8 @@ use { elliptic_curve::{ CurveArithmetic, FieldBytes, Scalar, array::ArraySize, ops::Invert, subtle::CtOption, }, - rfc6979::hmac::EagerHash, signature::{ DigestSigner, MultipartSigner, RandomizedDigestSigner, Signer, - digest::Digest, hazmat::{PrehashSigner, RandomizedPrehashSigner}, rand_core::TryCryptoRng, }, diff --git a/ecdsa/src/signing.rs b/ecdsa/src/signing.rs index cb31ef44..de08bbfc 100644 --- a/ecdsa/src/signing.rs +++ b/ecdsa/src/signing.rs @@ -5,7 +5,7 @@ use crate::{ hazmat::{DigestAlgorithm, bits2field, sign_prehashed_rfc6979}, }; use core::fmt::{self, Debug}; -use digest::{Update, const_oid::AssociatedOid}; +use digest::{Update, block_api::EagerHash, const_oid::AssociatedOid}; use elliptic_curve::{ CurveArithmetic, FieldBytes, NonZeroScalar, Scalar, SecretKey, array::ArraySize, @@ -14,7 +14,6 @@ use elliptic_curve::{ subtle::{Choice, ConstantTimeEq, CtOption}, zeroize::{Zeroize, ZeroizeOnDrop}, }; -use rfc6979::hmac::EagerHash; use signature::{ DigestSigner, MultipartSigner, RandomizedDigestSigner, RandomizedMultipartSigner, RandomizedSigner, Signer, diff --git a/ecdsa/src/verifying.rs b/ecdsa/src/verifying.rs index 8eeff02b..18a4b69e 100644 --- a/ecdsa/src/verifying.rs +++ b/ecdsa/src/verifying.rs @@ -5,7 +5,7 @@ use crate::{ hazmat::{self, DigestAlgorithm, bits2field}, }; use core::{cmp::Ordering, fmt::Debug}; -use digest::Update; +use digest::{Update, block_api::EagerHash}; use elliptic_curve::{ AffinePoint, CurveArithmetic, FieldBytesSize, ProjectivePoint, PublicKey, array::ArraySize, @@ -13,7 +13,6 @@ use elliptic_curve::{ scalar::IsHigh, sec1::{self, CompressedPoint, EncodedPoint, FromEncodedPoint, ToEncodedPoint}, }; -use rfc6979::hmac::EagerHash; use signature::{DigestVerifier, MultipartVerifier, Verifier, hazmat::PrehashVerifier}; #[cfg(feature = "alloc")] diff --git a/rfc6979/src/lib.rs b/rfc6979/src/lib.rs index 8e13e579..41d3afd2 100644 --- a/rfc6979/src/lib.rs +++ b/rfc6979/src/lib.rs @@ -43,10 +43,11 @@ pub use hmac; pub use hmac::digest::array::typenum::consts; use hmac::{ - EagerHash, HmacReset, + HmacReset, digest::{ KeyInit, Mac, OutputSizeUser, array::{Array, ArraySize}, + block_api::EagerHash, }, }; From 135f7c57f2c1d21921f2c1454e131a5505411d6b Mon Sep 17 00:00:00 2001 From: daxpedda Date: Tue, 16 Sep 2025 13:42:37 +0200 Subject: [PATCH 2/2] Merge `arithmetic` into `algorithm` crate feature --- ecdsa/Cargo.toml | 5 ++--- ecdsa/src/der.rs | 2 +- ecdsa/src/hazmat.rs | 21 +++++++++------------ ecdsa/src/lib.rs | 6 +++--- 4 files changed, 15 insertions(+), 19 deletions(-) diff --git a/ecdsa/Cargo.toml b/ecdsa/Cargo.toml index ed1e8691..9ee20106 100644 --- a/ecdsa/Cargo.toml +++ b/ecdsa/Cargo.toml @@ -39,9 +39,8 @@ default = ["digest"] alloc = ["elliptic-curve/alloc", "signature/alloc", "spki/alloc"] std = ["alloc", "elliptic-curve/std"] -arithmetic = ["dep:digest", "dep:rfc6979", "elliptic-curve/arithmetic"] -algorithm = ["dep:rfc6979", "arithmetic", "digest", "hazmat"] -dev = ["arithmetic", "digest", "elliptic-curve/dev", "hazmat"] +algorithm = ["dep:rfc6979", "digest", "elliptic-curve/arithmetic", "hazmat"] +dev = ["algorithm", "elliptic-curve/dev"] der = ["dep:der"] digest = ["dep:digest", "elliptic-curve/digest", "signature/digest"] hazmat = [] diff --git a/ecdsa/src/der.rs b/ecdsa/src/der.rs index 88cb98ef..3280b393 100644 --- a/ecdsa/src/der.rs +++ b/ecdsa/src/der.rs @@ -393,7 +393,7 @@ fn find_scalar_range(outer: &[u8], inner: &[u8]) -> Result> { Ok(Range { start, end }) } -#[cfg(all(test, feature = "arithmetic"))] +#[cfg(all(test, feature = "algorithm"))] mod tests { use elliptic_curve::dev::MockCurve; diff --git a/ecdsa/src/hazmat.rs b/ecdsa/src/hazmat.rs index fe2d3009..19016b8e 100644 --- a/ecdsa/src/hazmat.rs +++ b/ecdsa/src/hazmat.rs @@ -14,9 +14,12 @@ use crate::{EcdsaCurve, Error, Result}; use core::cmp; use elliptic_curve::{FieldBytes, array::typenum::Unsigned}; -#[cfg(feature = "arithmetic")] +#[cfg(feature = "algorithm")] use { - crate::{RecoveryId, SignatureSize}, + crate::{ + RecoveryId, Signature, SignatureSize, + elliptic_curve::{FieldBytesEncoding, array::ArraySize}, + }, elliptic_curve::{ CurveArithmetic, NonZeroScalar, ProjectivePoint, Scalar, ff::PrimeField, @@ -27,13 +30,7 @@ use { }, }; -#[cfg(feature = "arithmetic")] -use crate::{ - Signature, - elliptic_curve::{FieldBytesEncoding, array::ArraySize}, -}; - -#[cfg(any(feature = "arithmetic", feature = "digest"))] +#[cfg(feature = "digest")] use digest::block_api::EagerHash; /// Bind a preferred [`Digest`] algorithm to an elliptic curve type. @@ -102,7 +99,7 @@ pub fn bits2field(bits: &[u8]) -> Result> { /// /// This will return an error if a zero-scalar was generated. It can be tried again with a /// different `k`. -#[cfg(feature = "arithmetic")] +#[cfg(feature = "algorithm")] #[allow(non_snake_case)] pub fn sign_prehashed( d: &NonZeroScalar, @@ -159,7 +156,7 @@ where /// entropy `ad`. /// /// [RFC6979]: https://datatracker.ietf.org/doc/html/rfc6979 -#[cfg(feature = "arithmetic")] +#[cfg(feature = "algorithm")] pub fn sign_prehashed_rfc6979( d: &NonZeroScalar, z: &FieldBytes, @@ -201,7 +198,7 @@ where /// # Low-S Normalization /// /// This is a low-level function that does *NOT* apply the `EcdsaCurve::NORMALIZE_S` checks. -#[cfg(feature = "arithmetic")] +#[cfg(feature = "algorithm")] pub fn verify_prehashed( q: &ProjectivePoint, z: &FieldBytes, diff --git a/ecdsa/src/lib.rs b/ecdsa/src/lib.rs index 33495a8a..bd4bafd5 100644 --- a/ecdsa/src/lib.rs +++ b/ecdsa/src/lib.rs @@ -93,7 +93,7 @@ use elliptic_curve::{ #[cfg(feature = "alloc")] use alloc::vec::Vec; -#[cfg(feature = "arithmetic")] +#[cfg(feature = "algorithm")] use { core::str, elliptic_curve::{ @@ -300,7 +300,7 @@ where } } -#[cfg(feature = "arithmetic")] +#[cfg(feature = "algorithm")] impl Signature where C: EcdsaCurve + CurveArithmetic, @@ -423,7 +423,7 @@ where } } -#[cfg(feature = "arithmetic")] +#[cfg(feature = "algorithm")] impl str::FromStr for Signature where C: EcdsaCurve + CurveArithmetic,