Bump signature to 2.0.0-pre

Implements the proposed breaking changes to the `signature` crate from
RustCrypto/traits#1141

Most notably the `Signature` trait has been replaced with a
`SignatureEncoding` trait which permits an internally structured
signature representation.

Author: tarcieri

Cargo.lock

@@ -9,3 +9,6 @@ members = [
 
 [profile.dev]
 opt-level = 2
+
+[patch.crates-io]
+signature = { git = "https://github.com/RustCrypto/traits.git" }

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "dsa"
-version = "0.4.2"
+version = "0.5.0-pre"
 description = """
 Pure Rust implementation of the Digital Signature Algorithm (DSA) as specified
 in FIPS 186-4 (Digital Signature Standard), providing RFC6979 deterministic
@@ -23,11 +23,14 @@ pkcs8 = { version = "0.9", default-features = false, features = ["alloc"] }
 rand = { version = "0.8", default-features = false }
 rfc6979 = { version = "0.3", path = "../rfc6979" }
 sha2 = { version = "0.10", default-features = false }
-signature = { version = ">= 1.6.4, < 1.7", default-features = false, features = ["digest-preview", "rand-preview", "hazmat-preview"] }
+signature = { version = "=2.0.0-pre", default-features = false, features = ["alloc", "digest-preview", "rand-preview"] }
 zeroize = { version = "1.5", default-features = false }
 
 [dev-dependencies]
 pkcs8 = { version = "0.9", default-features = false, features = ["pem"] }
 rand = "0.8"
 rand_chacha = "0.3"
 sha1 = "0.10"
+
+[features]
+std = []

dsa/Cargo.toml

@@ -2,7 +2,7 @@ use digest::Digest;
 use dsa::{Components, KeySize, SigningKey};
 use pkcs8::{EncodePrivateKey, EncodePublicKey, LineEnding};
 use sha1::Sha1;
-use signature::{RandomizedDigestSigner, Signature};
+use signature::{RandomizedDigestSigner, SignatureEncoding};
 use std::{fs::File, io::Write};
 
 fn main() {
@@ -22,7 +22,7 @@ fn main() {
     file.flush().unwrap();
 
     let mut file = File::create("signature.der").unwrap();
-    file.write_all(signature.as_bytes()).unwrap();
+    file.write_all(&signature.to_bytes()).unwrap();
     file.flush().unwrap();
 
     let mut file = File::create("private.pem").unwrap();

dsa/examples/sign.rs

@@ -2,18 +2,16 @@
 //! Module containing the definition of the Signature container
 //!
 
-use alloc::vec::Vec;
+use alloc::{boxed::Box, vec::Vec};
 use num_bigint::BigUint;
 use num_traits::Zero;
 use pkcs8::der::{self, asn1::UIntRef, Decode, Encode, Reader, Sequence};
+use signature::SignatureEncoding;
 
 /// Container of the DSA signature
 #[derive(Clone)]
 #[must_use]
 pub struct Signature {
-    /// Internally cached DER representation of the signature
-    der_repr: Vec<u8>,
-
     /// Signature part r
     r: BigUint,
 
@@ -25,24 +23,12 @@ opaque_debug::implement!(Signature);
 
 impl Signature {
     /// Create a new Signature container from its components
-    pub fn from_components(r: BigUint, s: BigUint) -> Self {
-        let mut signature = Self {
-            der_repr: Vec::with_capacity(0),
-            r,
-            s,
-        };
-        signature.der_repr = signature.to_vec().unwrap();
-
-        signature
-    }
-
-    /// Verify signature component validity
-    pub(crate) fn r_s_valid(&self, q: &BigUint) -> bool {
-        if self.r().is_zero() || self.s().is_zero() || self.r() > q || self.s() > q {
-            return false;
+    pub fn from_components(r: BigUint, s: BigUint) -> signature::Result<Self> {
+        if r.is_zero() || s.is_zero() {
+            return Err(signature::Error::new());
         }
 
-        true
+        Ok(Self { r, s })
     }
 
     /// Signature part r
@@ -58,12 +44,6 @@ impl Signature {
     }
 }
 
-impl AsRef<[u8]> for Signature {
-    fn as_ref(&self) -> &[u8] {
-        &self.der_repr
-    }
-}
-
 impl<'a> Decode<'a> for Signature {
     fn decode<R: Reader<'a>>(reader: &mut R) -> der::Result<Self> {
         reader.sequence(|sequence| {
@@ -73,11 +53,17 @@ impl<'a> Decode<'a> for Signature {
             let r = BigUint::from_bytes_be(r.as_bytes());
             let s = BigUint::from_bytes_be(s.as_bytes());
 
-            Ok(Self::from_components(r, s))
+            Self::from_components(r, s).map_err(|_| der::Tag::Integer.value_error())
         })
     }
 }
 
+impl From<Signature> for Box<[u8]> {
+    fn from(sig: Signature) -> Box<[u8]> {
+        sig.to_bytes()
+    }
+}
+
 impl PartialEq for Signature {
     fn eq(&self, other: &Self) -> bool {
         self.r().eq(other.r()) && self.s().eq(other.s())
@@ -105,8 +91,23 @@ impl<'a> Sequence<'a> for Signature {
     }
 }
 
-impl signature::Signature for Signature {
-    fn from_bytes(bytes: &[u8]) -> Result<Self, signature::Error> {
-        Signature::from_der(bytes).map_err(|_| signature::Error::new())
+impl SignatureEncoding for Signature {
+    type Repr = Box<[u8]>;
+
+    fn to_bytes(&self) -> Box<[u8]> {
+        self.to_boxed_slice()
+    }
+
+    fn to_vec(&self) -> Vec<u8> {
+        Encode::to_vec(self).expect("DER encoding error")
+    }
+}
+
+impl TryFrom<&[u8]> for Signature {
+    type Error = signature::Error;
+
+    fn try_from(bytes: &[u8]) -> signature::Result<Self> {
+        // TODO(tarcieri): capture error source when `std` feature enabled
+        Self::from_der(bytes).map_err(|_| signature::Error::new())
     }
 }

dsa/src/sig.rs

@@ -70,7 +70,11 @@ impl SigningKey {
     }
 
     /// Sign some pre-hashed data
-    fn sign_prehashed(&self, (k, inv_k): (BigUint, BigUint), hash: &[u8]) -> Option<Signature> {
+    fn sign_prehashed(
+        &self,
+        (k, inv_k): (BigUint, BigUint),
+        hash: &[u8],
+    ) -> signature::Result<Signature> {
         let components = self.verifying_key().components();
         let (p, q, g) = (components.p(), components.q(), components.g());
         let x = self.x();
@@ -85,13 +89,13 @@ impl SigningKey {
 
         let s = (inv_k * (z + x * &r)) % q;
 
-        let signature = Signature::from_components(r, s);
-        // r or s might be 0 (very unlikely but possible)
-        if !signature.r_s_valid(q) {
-            return None;
-        }
+        let signature = Signature::from_components(r, s)?;
 
-        Some(signature)
+        if signature.r() < q && signature.s() < q {
+            Ok(signature)
+        } else {
+            Err(signature::Error::new())
+        }
     }
 }
 
@@ -106,7 +110,6 @@ impl PrehashSigner<Signature> for SigningKey {
     fn sign_prehash(&self, prehash: &[u8]) -> Result<Signature, signature::Error> {
         let k_kinv = crate::generate::secret_number_rfc6979::<sha2::Sha256>(self, prehash);
         self.sign_prehashed(k_kinv, prehash)
-            .ok_or_else(signature::Error::new)
     }
 }
 
@@ -119,7 +122,6 @@ impl RandomizedPrehashSigner<Signature> for SigningKey {
         let components = self.verifying_key.components();
         if let Some(k_kinv) = crate::generate::secret_number(&mut rng, components) {
             self.sign_prehashed(k_kinv, prehash)
-                .ok_or_else(signature::Error::new)
         } else {
             Err(signature::Error::new())
         }
@@ -135,7 +137,6 @@ where
         let ks = crate::generate::secret_number_rfc6979::<D>(self, &hash);
 
         self.sign_prehashed(ks, &hash)
-            .ok_or_else(signature::Error::new)
     }
 }
 
@@ -153,7 +154,6 @@ where
         let hash = digest.finalize();
 
         self.sign_prehashed(ks, &hash)
-            .ok_or_else(signature::Error::new)
     }
 }
 

dsa/src/signing_key.rs

@@ -55,7 +55,7 @@ impl VerifyingKey {
         let (r, s) = (signature.r(), signature.s());
         let y = self.y();
 
-        if !signature.r_s_valid(q) {
+        if signature.r() >= q || signature.s() >= q {
             return Some(false);
         }
 

dsa/src/verifying_key.rs

@@ -131,6 +131,7 @@ fn from_str_signature(r: &str, s: &str) -> Signature {
         BigUint::from_str_radix(r, 16).unwrap(),
         BigUint::from_str_radix(s, 16).unwrap(),
     )
+    .unwrap()
 }
 
 /// Return the RFC 6979 test cases

dsa/tests/deterministic.rs

@@ -1,6 +1,6 @@
 [package]
 name = "ecdsa"
-version = "0.14.8"
+version = "0.15.0-pre"
 description = """
 Pure Rust implementation of the Elliptic Curve Digital Signature Algorithm
 (ECDSA) as specified in FIPS 186-4 (Digital Signature Standard), providing
@@ -17,7 +17,7 @@ rust-version = "1.57"
 
 [dependencies]
 elliptic-curve = { version = "0.12", default-features = false, features = ["digest", "sec1"] }
-signature = { version = ">=1.6.2, <1.7", default-features = false, features = ["hazmat-preview", "rand-preview"] }
+signature = { version = "=2.0.0-pre", default-features = false, features = ["rand-preview"] }
 
 # optional dependencies
 der = { version = "0.6", optional = true }
@@ -31,7 +31,7 @@ sha2 = { version = "0.10", default-features = false }
 
 [features]
 default = ["digest"]
-alloc = []
+alloc = ["signature/alloc"]
 arithmetic = ["elliptic-curve/arithmetic"]
 dev = ["arithmetic", "digest", "elliptic-curve/dev", "hazmat"]
 digest = ["signature/digest-preview"]