Bump signature to v3.0.0-rc.4 (#1423)

Also bumps `ecdsa` to v0.17.0-rc.7

This brings `*DigestSigner`/`*DigestVerifier` changes introduced in
RustCrypto/traits#2004

Author: tarcieri

Cargo.lock

@@ -22,9 +22,6 @@ members = [
 opt-level = 2
 
 [patch.crates-io]
-# https://github.com/RustCrypto/traits/pull/1996
-ecdsa = { git = "https://github.com/RustCrypto/signatures", rev = "2cd53cf4fbe82c61c2e2ac7b2099ba743b01074e" }
-
 ed448-goldilocks = { path = "ed448-goldilocks" }
 hash2curve = { path = "hash2curve" }
 primefield = { path = "primefield" }

Cargo.toml

@@ -33,7 +33,7 @@ pkcs8 = { version = "0.11.0-rc.3", optional = true }
 primefield = { version = "=0.14.0-pre.5", optional = true }
 primeorder = { version = "=0.14.0-pre.8", optional = true }
 sec1 = { version = "0.8.0-rc.9", optional = true }
-signature = { version = "3.0.0-pre.3", optional = true }
+signature = { version = "3.0.0-rc.4", optional = true }
 
 [dev-dependencies]
 criterion = "0.7"

bign256/Cargo.toml

@@ -17,7 +17,7 @@ rust-version = "1.85"
 elliptic-curve = { version = "0.14.0-rc.14", default-features = false, features = ["sec1"] }
 
 # optional dependencies
-ecdsa = { version = "0.17.0-rc.6", optional = true, default-features = false, features = ["der"] }
+ecdsa = { version = "0.17.0-rc.7", optional = true, default-features = false, features = ["der"] }
 primefield = { version = "=0.14.0-pre.5", optional = true }
 primeorder = { version = "=0.14.0-pre.8", optional = true }
 sha2 = { version = "0.11.0-rc.2", optional = true, default-features = false }

bp256/Cargo.toml

@@ -17,7 +17,7 @@ rust-version = "1.85"
 elliptic-curve = { version = "0.14.0-rc.14", default-features = false, features = ["sec1"] }
 
 # optional dependencies
-ecdsa = { version = "0.17.0-rc.6", optional = true, default-features = false, features = ["der"] }
+ecdsa = { version = "0.17.0-rc.7", optional = true, default-features = false, features = ["der"] }
 primefield = { version = "=0.14.0-pre.5", optional = true }
 primeorder = { version = "=0.14.0-pre.8", optional = true }
 sha2 = { version = "0.11.0-rc.2", optional = true, default-features = false }

bp384/Cargo.toml

@@ -23,9 +23,9 @@ sha3 = { version = "0.11.0-rc.3", default-features = false }
 subtle = { version = "2.6", default-features = false }
 
 # optional dependencies
-ed448 = { version = "0.5.0-rc.0", optional = true, default-features = false }
+ed448 = { version = "0.5.0-rc.1", optional = true, default-features = false }
 serdect = { version = "0.4", optional = true }
-signature = { version = "3.0.0-rc.3", optional = true, default-features = false, features = ["digest", "rand_core"] }
+signature = { version = "3.0.0-rc.4", optional = true, default-features = false, features = ["digest", "rand_core"] }
 
 [features]
 default = ["std", "signing", "pkcs8"]

ed448-goldilocks/Cargo.toml

@@ -214,12 +214,15 @@ impl TryFrom<Box<[u8]>> for SigningKey {
 
 impl<D> signature::DigestSigner<D, Signature> for SigningKey
 where
-    D: Digest,
+    D: Digest + Update,
 {
-    fn try_sign_digest(&self, digest: D) -> Result<Signature, Error> {
-        let mut prehashed_message = [0u8; 64];
-        prehashed_message.copy_from_slice(digest.finalize().as_slice());
-        let sig = self.secret.sign_prehashed(&[], &prehashed_message)?;
+    fn try_sign_digest<F: Fn(&mut D) -> Result<(), Error>>(
+        &self,
+        f: F,
+    ) -> Result<Signature, Error> {
+        let mut digest = D::new();
+        f(&mut digest)?;
+        let sig = self.secret.sign_prehashed(&[], &digest.finalize())?;
         Ok(sig.into())
     }
 }
@@ -240,15 +243,18 @@ impl signature::Signer<Signature> for SigningKey {
 
 impl<D> signature::DigestSigner<D, Signature> for Context<'_, '_, SigningKey>
 where
-    D: Digest,
+    D: Digest + Update,
 {
-    fn try_sign_digest(&self, digest: D) -> Result<Signature, Error> {
-        let mut prehashed_message = [0u8; 64];
-        prehashed_message.copy_from_slice(digest.finalize().as_slice());
+    fn try_sign_digest<F: Fn(&mut D) -> Result<(), Error>>(
+        &self,
+        f: F,
+    ) -> Result<Signature, Error> {
+        let mut digest = D::new();
+        f(&mut digest)?;
         let sig = self
             .key
             .secret
-            .sign_prehashed(self.value, &prehashed_message)?;
+            .sign_prehashed(self.value, &digest.finalize())?;
         Ok(sig.into())
     }
 }
@@ -269,12 +275,16 @@ impl signature::Signer<Signature> for Context<'_, '_, SigningKey> {
 
 impl<D> signature::DigestVerifier<D, Signature> for SigningKey
 where
-    D: Digest,
+    D: Digest + Update,
 {
-    fn verify_digest(&self, msg: D, signature: &Signature) -> Result<(), Error> {
+    fn verify_digest<F: Fn(&mut D) -> Result<(), Error>>(
+        &self,
+        f: F,
+        signature: &Signature,
+    ) -> Result<(), Error> {
         <VerifyingKey as signature::DigestVerifier<D, Signature>>::verify_digest(
             &self.secret.public_key,
-            msg,
+            f,
             signature,
         )
     }

ed448-goldilocks/src/sign/signing_key.rs

@@ -64,12 +64,16 @@ impl signature::Verifier<Signature> for VerifyingKey {
 
 impl<D> signature::DigestVerifier<D, Signature> for VerifyingKey
 where
-    D: Digest,
+    D: Digest + Update,
 {
-    fn verify_digest(&self, digest: D, signature: &Signature) -> Result<(), Error> {
-        let mut prehashed_message = [0u8; 64];
-        prehashed_message.copy_from_slice(digest.finalize().as_slice());
-        self.verify_inner(signature, 1, &[], &prehashed_message)
+    fn verify_digest<F: Fn(&mut D) -> Result<(), Error>>(
+        &self,
+        f: F,
+        signature: &Signature,
+    ) -> Result<(), Error> {
+        let mut digest = D::new();
+        f(&mut digest)?;
+        self.verify_inner(signature, 1, &[], &digest.finalize())
     }
 }
 
@@ -81,13 +85,17 @@ impl signature::Verifier<Signature> for Context<'_, '_, VerifyingKey> {
 
 impl<D> signature::DigestVerifier<D, Signature> for Context<'_, '_, VerifyingKey>
 where
-    D: Digest,
+    D: Digest + Update,
 {
-    fn verify_digest(&self, digest: D, signature: &Signature) -> Result<(), Error> {
-        let mut prehashed_message = [0u8; 64];
-        prehashed_message.copy_from_slice(digest.finalize().as_slice());
+    fn verify_digest<F: Fn(&mut D) -> Result<(), Error>>(
+        &self,
+        f: F,
+        signature: &Signature,
+    ) -> Result<(), Error> {
+        let mut digest = D::new();
+        f(&mut digest)?;
         self.key
-            .verify_inner(signature, 1, self.value, &prehashed_message)
+            .verify_inner(signature, 1, self.value, &digest.finalize())
     }
 }
 

ed448-goldilocks/src/sign/verifying_key.rs

@@ -25,17 +25,17 @@ hash2curve = { version = "0.14.0-rc.1", optional = true }
 
 # optional dependencies
 once_cell = { version = "1.21", optional = true, default-features = false }
-ecdsa-core = { version = "0.17.0-rc.6", package = "ecdsa", optional = true, default-features = false, features = ["der"] }
+ecdsa-core = { version = "0.17.0-rc.7", package = "ecdsa", optional = true, default-features = false, features = ["der"] }
 hex-literal = { version = "1", optional = true }
 primeorder = { version = "=0.14.0-pre.8", optional = true }
 serdect = { version = "0.4", optional = true, default-features = false }
 sha2 = { version = "0.11.0-rc.2", optional = true, default-features = false }
-signature = { version = "3.0.0-rc.3", optional = true }
+signature = { version = "3.0.0-rc.4", optional = true }
 
 [dev-dependencies]
 blobby = "0.3"
 criterion = "0.7"
-ecdsa-core = { version = "0.17.0-rc.6", package = "ecdsa", default-features = false, features = ["dev"] }
+ecdsa-core = { version = "0.17.0-rc.7", package = "ecdsa", default-features = false, features = ["dev"] }
 hex = "0.4.3"
 hex-literal = "1"
 num-bigint = "0.4"

k256/Cargo.toml

@@ -178,7 +178,9 @@ mod tests {
     mod recovery {
         use crate::{
             EncodedPoint,
-            ecdsa::{RecoveryId, Signature, SigningKey, VerifyingKey, signature::DigestVerifier},
+            ecdsa::{
+                RecoveryId, Signature, SigningKey, VerifyingKey, signature::hazmat::PrehashVerifier,
+            },
         };
         use hex_literal::hex;
         use sha2::{Digest, Sha256};
@@ -242,8 +244,8 @@ mod tests {
             let msg = hex!(
                 "e9808504e3b29200831e848094f0109fc8df283027b6285cc889f5aa624eac1f55843b9aca0080018080"
             );
-            let digest = Keccak256::new_with_prefix(msg);
 
+            let digest = Keccak256::new_with_prefix(msg);
             let (sig, recid) = signing_key.sign_digest_recoverable(digest.clone()).unwrap();
             assert_eq!(
                 sig.to_bytes().as_slice(),
@@ -257,7 +259,11 @@ mod tests {
                 VerifyingKey::recover_from_digest(digest.clone(), &sig, recid).unwrap();
 
             assert_eq!(signing_key.verifying_key(), &verifying_key);
-            assert!(verifying_key.verify_digest(digest, &sig).is_ok());
+            assert!(
+                verifying_key
+                    .verify_prehash(&digest.finalize(), &sig)
+                    .is_ok()
+            );
         }
     }