ecdsa: bump elliptic-curve to v0.13.0-pre.1

Bumps the `elliptic-curve` crate to the latest prerelease on crates.io.

Notably this includes changes to how `FieldBytes` is encoded made with
the goal of supporting elliptic curves with unusual moduli such as P-224
and P-521:

RustCrypto/traits#1220

Author: tarcieri

Cargo.lock

@@ -9,6 +9,3 @@ members = [
 
 [profile.dev]
 opt-level = 2
-
-[patch.crates-io.elliptic-curve]
-git = "https://github.com/RustCrypto/traits.git"

Cargo.toml

@@ -16,7 +16,7 @@ edition = "2021"
 rust-version = "1.61"
 
 [dependencies]
-elliptic-curve = { version = "=0.13.0-pre", default-features = false, features = ["digest", "sec1"] }
+elliptic-curve = { version = "=0.13.0-pre.1", default-features = false, features = ["digest", "sec1"] }
 signature = { version = "2.0, <2.1", default-features = false, features = ["rand_core"] }
 
 # optional dependencies
@@ -25,7 +25,7 @@ rfc6979 = { version = "=0.4.0-pre", optional = true, path = "../rfc6979" }
 serdect = { version = "0.1", optional = true, default-features = false, features = ["alloc"] }
 
 [dev-dependencies]
-elliptic-curve = { version = "=0.13.0-pre", default-features = false, features = ["dev"] }
+elliptic-curve = { version = "=0.13.0-pre.1", default-features = false, features = ["dev"] }
 hex-literal = "0.3"
 sha2 = { version = "0.10", default-features = false }
 

ecdsa/Cargo.toml

@@ -10,7 +10,7 @@ use elliptic_curve::{
     bigint::Integer,
     consts::U9,
     generic_array::{ArrayLength, GenericArray},
-    FieldSize, PrimeCurve,
+    FieldBytesSize, PrimeCurve,
 };
 
 #[cfg(feature = "alloc")]
@@ -39,7 +39,7 @@ use serdect::serde::{de, ser, Deserialize, Serialize};
 pub type MaxOverhead = U9;
 
 /// Maximum size of an ASN.1 DER encoded signature for the given elliptic curve.
-pub type MaxSize<C> = <<FieldSize<C> as Add>::Output as Add<MaxOverhead>>::Output;
+pub type MaxSize<C> = <<FieldBytesSize<C> as Add>::Output as Add<MaxOverhead>>::Output;
 
 /// Byte array containing a serialized ASN.1 signature
 type SignatureBytes<C> = GenericArray<u8, MaxSize<C>>;
@@ -51,7 +51,7 @@ pub struct Signature<C>
 where
     C: PrimeCurve,
     MaxSize<C>: ArrayLength<u8>,
-    <FieldSize<C> as Add>::Output: Add<MaxOverhead> + ArrayLength<u8>,
+    <FieldBytesSize<C> as Add>::Output: Add<MaxOverhead> + ArrayLength<u8>,
 {
     /// ASN.1 DER-encoded signature data
     bytes: SignatureBytes<C>,
@@ -68,7 +68,7 @@ impl<C> Signature<C>
 where
     C: PrimeCurve,
     MaxSize<C>: ArrayLength<u8>,
-    <FieldSize<C> as Add>::Output: Add<MaxOverhead> + ArrayLength<u8>,
+    <FieldBytesSize<C> as Add>::Output: Add<MaxOverhead> + ArrayLength<u8>,
 {
     /// Get the length of the signature in bytes
     pub fn len(&self) -> usize {
@@ -120,7 +120,7 @@ impl<C> AsRef<[u8]> for Signature<C>
 where
     C: PrimeCurve,
     MaxSize<C>: ArrayLength<u8>,
-    <FieldSize<C> as Add>::Output: Add<MaxOverhead> + ArrayLength<u8>,
+    <FieldBytesSize<C> as Add>::Output: Add<MaxOverhead> + ArrayLength<u8>,
 {
     fn as_ref(&self) -> &[u8] {
         self.as_bytes()
@@ -131,7 +131,7 @@ impl<C> Clone for Signature<C>
 where
     C: PrimeCurve,
     MaxSize<C>: ArrayLength<u8>,
-    <FieldSize<C> as Add>::Output: Add<MaxOverhead> + ArrayLength<u8>,
+    <FieldBytesSize<C> as Add>::Output: Add<MaxOverhead> + ArrayLength<u8>,
 {
     fn clone(&self) -> Self {
         Self {
@@ -146,7 +146,7 @@ impl<C> Debug for Signature<C>
 where
     C: PrimeCurve,
     MaxSize<C>: ArrayLength<u8>,
-    <FieldSize<C> as Add>::Output: Add<MaxOverhead> + ArrayLength<u8>,
+    <FieldBytesSize<C> as Add>::Output: Add<MaxOverhead> + ArrayLength<u8>,
 {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
         write!(f, "ecdsa::der::Signature<{:?}>(", C::default())?;
@@ -163,7 +163,7 @@ impl<C> From<crate::Signature<C>> for Signature<C>
 where
     C: PrimeCurve,
     MaxSize<C>: ArrayLength<u8>,
-    <FieldSize<C> as Add>::Output: Add<MaxOverhead> + ArrayLength<u8>,
+    <FieldBytesSize<C> as Add>::Output: Add<MaxOverhead> + ArrayLength<u8>,
 {
     fn from(sig: crate::Signature<C>) -> Signature<C> {
         sig.to_der()
@@ -174,7 +174,7 @@ impl<C> TryFrom<&[u8]> for Signature<C>
 where
     C: PrimeCurve,
     MaxSize<C>: ArrayLength<u8>,
-    <FieldSize<C> as Add>::Output: Add<MaxOverhead> + ArrayLength<u8>,
+    <FieldBytesSize<C> as Add>::Output: Add<MaxOverhead> + ArrayLength<u8>,
 {
     type Error = Error;
 
@@ -207,7 +207,7 @@ impl<C> TryFrom<Signature<C>> for crate::Signature<C>
 where
     C: PrimeCurve,
     MaxSize<C>: ArrayLength<u8>,
-    <FieldSize<C> as Add>::Output: Add<MaxOverhead> + ArrayLength<u8>,
+    <FieldBytesSize<C> as Add>::Output: Add<MaxOverhead> + ArrayLength<u8>,
 {
     type Error = Error;
 
@@ -226,7 +226,7 @@ impl<C> From<Signature<C>> for Box<[u8]>
 where
     C: PrimeCurve,
     MaxSize<C>: ArrayLength<u8>,
-    <FieldSize<C> as Add>::Output: Add<MaxOverhead> + ArrayLength<u8>,
+    <FieldBytesSize<C> as Add>::Output: Add<MaxOverhead> + ArrayLength<u8>,
 {
     fn from(signature: Signature<C>) -> Box<[u8]> {
         signature.to_vec().into_boxed_slice()
@@ -238,7 +238,7 @@ impl<C> SignatureEncoding for Signature<C>
 where
     C: PrimeCurve,
     MaxSize<C>: ArrayLength<u8>,
-    <FieldSize<C> as Add>::Output: Add<MaxOverhead> + ArrayLength<u8>,
+    <FieldBytesSize<C> as Add>::Output: Add<MaxOverhead> + ArrayLength<u8>,
 {
     type Repr = Box<[u8]>;
 
@@ -252,7 +252,7 @@ impl<C> Serialize for Signature<C>
 where
     C: PrimeCurve,
     MaxSize<C>: ArrayLength<u8>,
-    <FieldSize<C> as Add>::Output: Add<MaxOverhead> + ArrayLength<u8>,
+    <FieldBytesSize<C> as Add>::Output: Add<MaxOverhead> + ArrayLength<u8>,
 {
     fn serialize<S>(&self, serializer: S) -> core::result::Result<S::Ok, S::Error>
     where
@@ -267,7 +267,7 @@ impl<'de, C> Deserialize<'de> for Signature<C>
 where
     C: PrimeCurve,
     MaxSize<C>: ArrayLength<u8>,
-    <FieldSize<C> as Add>::Output: Add<MaxOverhead> + ArrayLength<u8>,
+    <FieldBytesSize<C> as Add>::Output: Add<MaxOverhead> + ArrayLength<u8>,
 {
     fn deserialize<D>(deserializer: D) -> core::result::Result<Self, D::Error>
     where
@@ -310,7 +310,7 @@ impl<C> signature::PrehashSignature for Signature<C>
 where
     C: PrimeCurve + crate::hazmat::DigestPrimitive,
     MaxSize<C>: ArrayLength<u8>,
-    <FieldSize<C> as Add>::Output: Add<MaxOverhead> + ArrayLength<u8>,
+    <FieldBytesSize<C> as Add>::Output: Add<MaxOverhead> + ArrayLength<u8>,
 {
     type Digest = C::Digest;
 }

ecdsa/src/der.rs

@@ -21,14 +21,16 @@ use {
         ff::PrimeField,
         group::{Curve as _, Group},
         ops::{Invert, LinearCombination, MulByGenerator, Reduce},
+        point::{AffineXCoordinate, AffineYIsOdd},
+        scalar::IsHigh,
         subtle::CtOption,
-        AffineXCoordinate, AffineYIsOdd, CurveArithmetic, IsHigh, ProjectivePoint, Scalar,
+        CurveArithmetic, ProjectivePoint, Scalar,
     },
 };
 
 #[cfg(feature = "digest")]
 use {
-    elliptic_curve::FieldSize,
+    elliptic_curve::FieldBytesSize,
     signature::{
         digest::{core_api::BlockSizeUser, Digest, FixedOutput, FixedOutputReset},
         PrehashSignature,
@@ -39,7 +41,7 @@ use {
 use crate::{elliptic_curve::generic_array::ArrayLength, Signature};
 
 #[cfg(feature = "rfc6979")]
-use elliptic_curve::{bigint::ArrayEncoding, ScalarPrimitive};
+use elliptic_curve::ScalarPrimitive;
 
 /// Try to sign the given prehashed message using ECDSA.
 ///
@@ -73,7 +75,7 @@ where
     fn try_sign_prehashed<K>(
         &self,
         k: K,
-        z: FieldBytes<C>,
+        z: &FieldBytes<C>,
     ) -> Result<(Signature<C>, Option<RecoveryId>)>
     where
         K: AsRef<Self> + Invert<Output = CtOption<Self>>,
@@ -82,7 +84,7 @@ where
             return Err(Error::new());
         }
 
-        let z = Self::from_be_bytes_reduced(z);
+        let z = <Self as Reduce<C::Uint>>::reduce(C::decode_field_bytes(z));
 
         // Compute scalar inversion of 𝑘
         let k_inv = Option::<Scalar<C>>::from(k.invert()).ok_or_else(Error::new)?;
@@ -92,7 +94,7 @@ where
 
         // Lift x-coordinate of 𝑹 (element of base field) into a serialized big
         // integer, then reduce it into an element of the scalar field
-        let r = Self::from_be_bytes_reduced(R.x());
+        let r = Self::reduce(C::decode_field_bytes(&R.x()));
 
         // Compute 𝒔 as a signature over 𝒓 and 𝒛.
         let s = k_inv * (z + (r * self));
@@ -128,16 +130,16 @@ where
     ) -> Result<(Signature<C>, Option<RecoveryId>)>
     where
         Self: From<ScalarPrimitive<C>>,
-        D: Digest + BlockSizeUser + FixedOutput<OutputSize = FieldSize<C>> + FixedOutputReset,
+        D: Digest + BlockSizeUser + FixedOutput<OutputSize = FieldBytesSize<C>> + FixedOutputReset,
     {
-        let k = C::Uint::from_be_byte_array(rfc6979::generate_k::<D, FieldSize<C>>(
+        let k = rfc6979::generate_k::<D, FieldBytesSize<C>>(
             &self.to_repr(),
-            &C::ORDER.to_be_byte_array(),
+            &C::encode_field_bytes(&C::ORDER),
             &z,
             ad,
-        ));
-        let k = Self::from(ScalarPrimitive::<C>::new(k).unwrap());
-        self.try_sign_prehashed(k, z)
+        );
+        let k = ScalarPrimitive::<C>::new(C::decode_field_bytes(&k)).unwrap();
+        self.try_sign_prehashed::<Self>(k.into(), &z)
     }
 }
 
@@ -161,7 +163,7 @@ where
     ///        CRYPTOGRAPHICALLY SECURE DIGEST ALGORITHM!!!
     /// - `sig`: signature to be verified against the key and message
     fn verify_prehashed(&self, z: FieldBytes<C>, sig: &Signature<C>) -> Result<()> {
-        let z = Scalar::<C>::from_be_bytes_reduced(z);
+        let z = Scalar::<C>::reduce(C::decode_field_bytes(&z));
         let (r, s) = sig.split_scalars();
         let s_inv = *s.invert();
         let u1 = z * s_inv;
@@ -175,7 +177,7 @@ where
         .to_affine()
         .x();
 
-        if Scalar::<C>::from_be_bytes_reduced(x) == *r {
+        if *r == Scalar::<C>::reduce(C::decode_field_bytes(&x)) {
             Ok(())
         } else {
             Err(Error::new())
@@ -186,7 +188,7 @@ where
     #[cfg(feature = "digest")]
     fn verify_digest<D>(&self, msg_digest: D, sig: &Signature<C>) -> Result<()>
     where
-        D: FixedOutput<OutputSize = FieldSize<C>>,
+        D: FixedOutput<OutputSize = FieldBytesSize<C>>,
     {
         self.verify_prehashed(msg_digest.finalize_fixed(), sig)
     }
@@ -208,15 +210,15 @@ pub trait DigestPrimitive: PrimeCurve {
     /// elliptic curve. This is typically a member of the SHA-2 family.
     type Digest: BlockSizeUser
         + Digest
-        + FixedOutput<OutputSize = FieldSize<Self>>
+        + FixedOutput<OutputSize = FieldBytesSize<Self>>
         + FixedOutputReset;
 }
 
 #[cfg(feature = "digest")]
 impl<C> PrehashSignature for Signature<C>
 where
     C: DigestPrimitive,
-    <FieldSize<C> as core::ops::Add>::Output: ArrayLength<u8>,
+    <FieldBytesSize<C> as core::ops::Add>::Output: ArrayLength<u8>,
 {
     type Digest = C::Digest;
 }

ecdsa/src/hazmat.rs

@@ -90,7 +90,7 @@ use core::{
 use elliptic_curve::{
     bigint::Integer,
     generic_array::{sequence::Concat, ArrayLength, GenericArray},
-    FieldBytes, FieldSize, ScalarPrimitive,
+    FieldBytes, FieldBytesSize, ScalarPrimitive,
 };
 
 #[cfg(feature = "alloc")]
@@ -99,14 +99,14 @@ use alloc::vec::Vec;
 #[cfg(feature = "arithmetic")]
 use {
     core::str,
-    elliptic_curve::{CurveArithmetic, IsHigh, NonZeroScalar},
+    elliptic_curve::{scalar::IsHigh, CurveArithmetic, NonZeroScalar},
 };
 
 #[cfg(feature = "serde")]
 use serdect::serde::{de, ser, Deserialize, Serialize};
 
 /// Size of a fixed sized signature for the given elliptic curve.
-pub type SignatureSize<C> = <FieldSize<C> as Add>::Output;
+pub type SignatureSize<C> = <FieldBytesSize<C> as Add>::Output;
 
 /// Fixed-size byte array containing an ECDSA signature
 pub type SignatureBytes<C> = GenericArray<u8, SignatureSize<C>>;
@@ -149,7 +149,7 @@ where
     pub fn from_der(bytes: &[u8]) -> Result<Self>
     where
         der::MaxSize<C>: ArrayLength<u8>,
-        <FieldSize<C> as Add>::Output: Add<der::MaxOverhead> + ArrayLength<u8>,
+        <FieldBytesSize<C> as Add>::Output: Add<der::MaxOverhead> + ArrayLength<u8>,
     {
         der::Signature::<C>::try_from(bytes).and_then(Self::try_from)
     }
@@ -162,15 +162,15 @@ where
 
     /// Split the signature into its `r` and `s` components, represented as bytes.
     pub fn split_bytes(&self) -> (FieldBytes<C>, FieldBytes<C>) {
-        (self.r.to_be_bytes(), self.s.to_be_bytes())
+        (self.r.to_bytes(), self.s.to_bytes())
     }
 
     /// Serialize this signature as bytes.
     pub fn to_bytes(&self) -> SignatureBytes<C> {
         let mut bytes = SignatureBytes::<C>::default();
         let (r_bytes, s_bytes) = bytes.split_at_mut(C::Uint::BYTES);
-        r_bytes.copy_from_slice(&self.r.to_be_bytes());
-        s_bytes.copy_from_slice(&self.s.to_be_bytes());
+        r_bytes.copy_from_slice(&self.r.to_bytes());
+        s_bytes.copy_from_slice(&self.s.to_bytes());
         bytes
     }
 
@@ -179,7 +179,7 @@ where
     pub fn to_der(&self) -> der::Signature<C>
     where
         der::MaxSize<C>: ArrayLength<u8>,
-        <FieldSize<C> as Add>::Output: Add<der::MaxOverhead> + ArrayLength<u8>,
+        <FieldBytesSize<C> as Add>::Output: Add<der::MaxOverhead> + ArrayLength<u8>,
     {
         let (r, s) = self.split_bytes();
         der::Signature::from_scalar_bytes(&r, &s).expect("DER encoding error")
@@ -285,8 +285,8 @@ where
         }
 
         let (r_bytes, s_bytes) = bytes.split_at(C::Uint::BYTES);
-        let r = ScalarPrimitive::from_be_slice(r_bytes).map_err(|_| Error::new())?;
-        let s = ScalarPrimitive::from_be_slice(s_bytes).map_err(|_| Error::new())?;
+        let r = ScalarPrimitive::from_slice(r_bytes).map_err(|_| Error::new())?;
+        let s = ScalarPrimitive::from_slice(s_bytes).map_err(|_| Error::new())?;
 
         if r.is_zero().into() || s.is_zero().into() {
             return Err(Error::new());