Update to &[&[u8]] messages

Author: daxpedda

Cargo.lock

@@ -25,3 +25,5 @@ lms-signature = { path = "./lms" }
 ml-dsa = { path = "./ml-dsa" }
 rfc6979 = { path = "./rfc6979" }
 slh-dsa = { path = "./slh-dsa" }
+
+signature = { git = "https://github.com/RustCrypto/traits", rev = "9e3f5ec97faf6a96c0bad7756402c940db240066" }

Cargo.toml

@@ -148,8 +148,9 @@ impl SigningKey {
 impl ZeroizeOnDrop for SigningKey {}
 
 impl Signer<Signature> for SigningKey {
-    fn try_sign(&self, msg: &[u8]) -> Result<Signature, signature::Error> {
-        let digest = sha2::Sha256::new_with_prefix(msg);
+    fn try_sign(&self, msg: &[&[u8]]) -> Result<Signature, signature::Error> {
+        let mut digest = sha2::Sha256::default();
+        msg.iter().for_each(|slice| digest.update(slice));
         self.try_sign_digest(digest)
     }
 }

dsa/src/signing_key.rs

@@ -107,8 +107,10 @@ impl VerifyingKey {
 }
 
 impl Verifier<Signature> for VerifyingKey {
-    fn verify(&self, msg: &[u8], signature: &Signature) -> Result<(), signature::Error> {
-        self.verify_digest(sha2::Sha256::new_with_prefix(msg), signature)
+    fn verify(&self, msg: &[&[u8]], signature: &Signature) -> Result<(), signature::Error> {
+        let mut digest = sha2::Sha256::default();
+        msg.iter().for_each(|slice| digest.update(slice));
+        self.verify_digest(digest, signature)
     }
 }
 

dsa/src/verifying_key.rs

@@ -104,9 +104,9 @@ fn signer_verifier_signature() {
     // construct signature manually and by `Signer` defaults. Ensure results are identical.
     let manual_digest = Sha256::new_with_prefix(message).finalize();
     let manual_signature = signing_key.sign_prehash(&manual_digest).unwrap();
-    let signer_signature = signing_key.sign(message);
-    verifying_key.verify(message, &manual_signature).unwrap();
-    verifying_key.verify(message, &signer_signature).unwrap();
+    let signer_signature = signing_key.sign(&[message]);
+    verifying_key.verify(&[message], &manual_signature).unwrap();
+    verifying_key.verify(&[message], &signer_signature).unwrap();
     assert_eq!(manual_signature, signer_signature);
 
     // verify signature manually and by `Verifier` defaults. Ensure signatures can be applied interchangeably.
@@ -116,8 +116,8 @@ fn signer_verifier_signature() {
     verifying_key
         .verify_prehash(&manual_digest, &signer_signature)
         .unwrap();
-    verifying_key.verify(message, &manual_signature).unwrap();
-    verifying_key.verify(message, &signer_signature).unwrap();
+    verifying_key.verify(&[message], &manual_signature).unwrap();
+    verifying_key.verify(&[message], &signer_signature).unwrap();
 }
 
 /// This test forces the r and s of the signature to a bit precision different to what would

dsa/tests/signature.rs

@@ -200,7 +200,7 @@ macro_rules! new_wycheproof_test {
                     Err(_) => return Some("failed to parse signature ASN.1"),
                 };
 
-                match verifying_key.verify(msg, &sig) {
+                match verifying_key.verify(&[msg], &sig) {
                     Ok(_) if pass => None,
                     Ok(_) => Some("signature verify unexpectedly succeeded"),
                     Err(_) if !pass => None,

ecdsa/src/dev.rs

@@ -96,7 +96,7 @@ impl RecoveryId {
     /// otherwise.
     pub fn trial_recovery_from_msg<C>(
         verifying_key: &VerifyingKey<C>,
-        msg: &[u8],
+        msg: &[&[u8]],
         signature: &Signature<C>,
     ) -> Result<Self>
     where
@@ -105,7 +105,9 @@ impl RecoveryId {
         FieldBytesSize<C>: sec1::ModulusSize,
         SignatureSize<C>: ArraySize,
     {
-        Self::trial_recovery_from_digest(verifying_key, C::Digest::new_with_prefix(msg), signature)
+        let mut digest = C::Digest::new();
+        msg.iter().for_each(|slice| digest.update(slice));
+        Self::trial_recovery_from_digest(verifying_key, digest, signature)
     }
 
     /// Given a public key, message digest, and signature, use trial recovery
@@ -220,8 +222,10 @@ where
 
     /// Sign the given message, hashing it with the curve's default digest
     /// function, and returning a signature and recovery ID.
-    pub fn sign_recoverable(&self, msg: &[u8]) -> Result<(Signature<C>, RecoveryId)> {
-        self.sign_digest_recoverable(C::Digest::new_with_prefix(msg))
+    pub fn sign_recoverable(&self, msg: &[&[u8]]) -> Result<(Signature<C>, RecoveryId)> {
+        let mut digest = C::Digest::new();
+        msg.iter().for_each(|slice| digest.update(slice));
+        self.sign_digest_recoverable(digest)
     }
 }
 
@@ -290,7 +294,7 @@ where
     Scalar<C>: Invert<Output = CtOption<Scalar<C>>>,
     SignatureSize<C>: ArraySize,
 {
-    fn try_sign(&self, msg: &[u8]) -> Result<(Signature<C>, RecoveryId)> {
+    fn try_sign(&self, msg: &[&[u8]]) -> Result<(Signature<C>, RecoveryId)> {
         self.sign_recoverable(msg)
     }
 }
@@ -308,14 +312,16 @@ where
     ///
     /// The message is first hashed using this curve's [`DigestPrimitive`].
     pub fn recover_from_msg(
-        msg: &[u8],
+        msg: &[&[u8]],
         signature: &Signature<C>,
         recovery_id: RecoveryId,
     ) -> Result<Self>
     where
         C: DigestPrimitive,
     {
-        Self::recover_from_digest(C::Digest::new_with_prefix(msg), signature, recovery_id)
+        let mut digest = C::Digest::new();
+        msg.iter().for_each(|slice| digest.update(slice));
+        Self::recover_from_digest(digest, signature, recovery_id)
     }
 
     /// Recover a [`VerifyingKey`] from the given message [`Digest`],

ecdsa/src/recovery.rs

@@ -175,8 +175,10 @@ where
     Scalar<C>: Invert<Output = CtOption<Scalar<C>>>,
     SignatureSize<C>: ArraySize,
 {
-    fn try_sign(&self, msg: &[u8]) -> Result<Signature<C>> {
-        self.try_sign_digest(C::Digest::new_with_prefix(msg))
+    fn try_sign(&self, msg: &[&[u8]]) -> Result<Signature<C>> {
+        let mut digest = C::Digest::new();
+        msg.iter().for_each(|slice| digest.update(slice));
+        self.try_sign_digest(digest)
     }
 }
 
@@ -232,9 +234,11 @@ where
     fn try_sign_with_rng<R: TryCryptoRng + ?Sized>(
         &self,
         rng: &mut R,
-        msg: &[u8],
+        msg: &[&[u8]],
     ) -> Result<Signature<C>> {
-        self.try_sign_digest_with_rng(rng, C::Digest::new_with_prefix(msg))
+        let mut digest = C::Digest::new();
+        msg.iter().for_each(|slice| digest.update(slice));
+        self.try_sign_digest_with_rng(rng, digest)
     }
 }
 
@@ -259,8 +263,10 @@ where
     Scalar<C>: Invert<Output = CtOption<Scalar<C>>>,
     SignatureSize<C>: ArraySize,
 {
-    fn try_sign(&self, msg: &[u8]) -> Result<SignatureWithOid<C>> {
-        self.try_sign_digest(C::Digest::new_with_prefix(msg))
+    fn try_sign(&self, msg: &[&[u8]]) -> Result<SignatureWithOid<C>> {
+        let mut digest = C::Digest::new();
+        msg.iter().for_each(|slice| digest.update(slice));
+        self.try_sign_digest(digest)
     }
 }
 
@@ -287,7 +293,7 @@ where
     der::MaxSize<C>: ArraySize,
     <FieldBytesSize<C> as Add>::Output: Add<der::MaxOverhead> + ArraySize,
 {
-    fn try_sign(&self, msg: &[u8]) -> Result<der::Signature<C>> {
+    fn try_sign(&self, msg: &[&[u8]]) -> Result<der::Signature<C>> {
         Signer::<Signature<C>>::try_sign(self, msg).map(Into::into)
     }
 }
@@ -358,7 +364,7 @@ where
     fn try_sign_with_rng<R: TryCryptoRng + ?Sized>(
         &self,
         rng: &mut R,
-        msg: &[u8],
+        msg: &[&[u8]],
     ) -> Result<der::Signature<C>> {
         RandomizedSigner::<Signature<C>>::try_sign_with_rng(self, rng, msg).map(Into::into)
     }

ecdsa/src/signing.rs

@@ -177,8 +177,10 @@ where
     C: EcdsaCurve + CurveArithmetic + DigestPrimitive,
     SignatureSize<C>: ArraySize,
 {
-    fn verify(&self, msg: &[u8], signature: &Signature<C>) -> Result<()> {
-        self.verify_digest(C::Digest::new_with_prefix(msg), signature)
+    fn verify(&self, msg: &[&[u8]], signature: &Signature<C>) -> Result<()> {
+        let mut digest = C::Digest::new();
+        msg.iter().for_each(|slice| digest.update(slice));
+        self.verify_digest(digest, signature)
     }
 }
 
@@ -188,12 +190,28 @@ where
     C: EcdsaCurve + CurveArithmetic + DigestPrimitive,
     SignatureSize<C>: ArraySize,
 {
-    fn verify(&self, msg: &[u8], sig: &SignatureWithOid<C>) -> Result<()> {
+    fn verify(&self, msg: &[&[u8]], sig: &SignatureWithOid<C>) -> Result<()> {
         match sig.oid() {
-            ECDSA_SHA224_OID => self.verify_prehash(&Sha224::digest(msg), sig.signature()),
-            ECDSA_SHA256_OID => self.verify_prehash(&Sha256::digest(msg), sig.signature()),
-            ECDSA_SHA384_OID => self.verify_prehash(&Sha384::digest(msg), sig.signature()),
-            ECDSA_SHA512_OID => self.verify_prehash(&Sha512::digest(msg), sig.signature()),
+            ECDSA_SHA224_OID => {
+                let mut digest = Sha224::new();
+                msg.iter().for_each(|slice| digest.update(slice));
+                self.verify_prehash(&digest.finalize(), sig.signature())
+            }
+            ECDSA_SHA256_OID => {
+                let mut digest = Sha256::new();
+                msg.iter().for_each(|slice| digest.update(slice));
+                self.verify_prehash(&digest.finalize(), sig.signature())
+            }
+            ECDSA_SHA384_OID => {
+                let mut digest = Sha384::new();
+                msg.iter().for_each(|slice| digest.update(slice));
+                self.verify_prehash(&digest.finalize(), sig.signature())
+            }
+            ECDSA_SHA512_OID => {
+                let mut digest = Sha512::new();
+                msg.iter().for_each(|slice| digest.update(slice));
+                self.verify_prehash(&digest.finalize(), sig.signature())
+            }
             _ => Err(Error::new()),
         }
     }
@@ -236,7 +254,7 @@ where
     der::MaxSize<C>: ArraySize,
     <FieldBytesSize<C> as Add>::Output: Add<der::MaxOverhead> + ArraySize,
 {
-    fn verify(&self, msg: &[u8], signature: &der::Signature<C>) -> Result<()> {
+    fn verify(&self, msg: &[&[u8]], signature: &der::Signature<C>) -> Result<()> {
         let signature = Signature::<C>::try_from(signature.clone())?;
         Verifier::<Signature<C>>::verify(self, msg, &signature)
     }

ecdsa/src/verifying.rs

@@ -43,7 +43,7 @@
 //!         // NOTE: use `try_sign` if you'd like to be able to handle
 //!         // errors from external signing services/devices (e.g. HSM/KMS)
 //!         // <https://docs.rs/signature/latest/signature/trait.Signer.html#tymethod.try_sign>
-//!         self.signing_key.sign(format_message(person).as_bytes())
+//!         self.signing_key.sign(&[format_message(person).as_bytes()])
 //!     }
 //! }
 //!
@@ -60,7 +60,7 @@
 //!         person: &str,
 //!         signature: &ed25519::Signature
 //!     ) -> Result<(), ed25519::Error> {
-//!         self.verifying_key.verify(format_message(person).as_bytes(), signature)
+//!         self.verifying_key.verify(&[format_message(person).as_bytes()], signature)
 //!     }
 //! }
 //!

ed25519/src/lib.rs

@@ -43,7 +43,7 @@
 //!         // NOTE: use `try_sign` if you'd like to be able to handle
 //!         // errors from external signing services/devices (e.g. HSM/KMS)
 //!         // <https://docs.rs/signature/latest/signature/trait.Signer.html#tymethod.try_sign>
-//!         self.signing_key.sign(format_message(person).as_bytes())
+//!         self.signing_key.sign(&[format_message(person).as_bytes()])
 //!     }
 //! }
 //!
@@ -60,7 +60,7 @@
 //!         person: &str,
 //!         signature: &ed448_signature::Signature
 //!     ) -> Result<(), ed448_signature::Error> {
-//!         self.verifying_key.verify(format_message(person).as_bytes(), signature)
+//!         self.verifying_key.verify(&[format_message(person).as_bytes()], signature)
 //!     }
 //! }
 //!

ed448/src/lib.rs

@@ -32,11 +32,11 @@ mod tests {
         let msg = "this is a test message".as_bytes();
 
         // Sign the message
-        let sig = sk.try_sign_with_rng(&mut rng, msg);
+        let sig = sk.try_sign_with_rng(&mut rng, &[msg]);
         let sig = sig.unwrap();
 
         // Verify the signature
-        assert!(pk.verify(msg, &sig).is_ok());
+        assert!(pk.verify(&[msg], &sig).is_ok());
     }
 
     // TODO: macro-generate these exhaustively

lms/src/lms/mod.rs

@@ -108,7 +108,7 @@ impl<Mode: LmsMode> RandomizedSignerMut<Signature<Mode>> for SigningKey<Mode> {
     fn try_sign_with_rng<R: TryCryptoRng + ?Sized>(
         &mut self,
         rng: &mut R,
-        msg: &[u8],
+        msg: &[&[u8]],
     ) -> Result<Signature<Mode>, Error> {
         if self.q >= Mode::LEAVES {
             return Err(Error::from_source(LmsOutOfPrivateKeys {}));
@@ -354,7 +354,7 @@ mod tests {
 
         let mut rng = ConstantRng(&c);
         let sig = lms_priv
-            .try_sign_with_rng(&mut rng, msg)
+            .try_sign_with_rng(&mut rng, &[msg])
             .unwrap()
             .to_bytes();
         assert_eq!(sig.len(), expected_signature.len());

lms/src/lms/private.rs

@@ -56,7 +56,7 @@ impl<Mode: LmsMode> VerifyingKey<Mode> {
 }
 
 impl<Mode: LmsMode> Verifier<Signature<Mode>> for VerifyingKey<Mode> {
-    fn verify(&self, msg: &[u8], signature: &Signature<Mode>) -> Result<(), Error> {
+    fn verify(&self, msg: &[&[u8]], signature: &Signature<Mode>) -> Result<(), Error> {
         // Compute the LMS Public Key Candidate Tc from the signature,
         //    message, identifier, pubtype, and ots_typecode, using
         //    Algorithm 6a.

lms/src/lms/public.rs

@@ -254,7 +254,7 @@ mod tests {
         let pk =
             VerifyingKey::<LmsSha256M32H5<LmsOtsSha256N32W8>>::try_from(&pk_bytes[..]).unwrap();
         let sig = Signature::<LmsSha256M32H5<LmsOtsSha256N32W8>>::try_from(&sig_bytes[..]).unwrap();
-        assert!(pk.verify(&msg[..], &sig).is_ok());
+        assert!(pk.verify(&[&msg[..]], &sig).is_ok());
     }
 
     fn test_serialize_deserialize_random<Mode: LmsMode>()
@@ -272,10 +272,10 @@ mod tests {
         let mut sk = SigningKey::<Mode>::new(&mut rng);
         let pk = sk.public();
         let msg = b"Hello, world!";
-        let sig = sk.sign_with_rng(&mut rng, msg);
+        let sig = sk.sign_with_rng(&mut rng, &[msg]);
         let sig_bytes: Vec<_> = sig.clone().into();
         let sig2 = Signature::<Mode>::try_from(&sig_bytes[..]).unwrap();
-        assert!(pk.verify(msg, &sig2).is_ok());
+        assert!(pk.verify(&[msg], &sig2).is_ok());
     }
 
     #[test]

lms/src/lms/signature.rs

@@ -47,13 +47,13 @@ pub mod tests {
         let msg = "this is a test message".as_bytes();
 
         assert!(sk.is_valid());
-        let sig = sk.try_sign_with_rng(&mut rng, msg);
+        let sig = sk.try_sign_with_rng(&mut rng, &[msg]);
         assert!(!sk.is_valid());
 
         assert!(sig.is_ok());
 
         let sig = sig.unwrap();
-        let result = pk.verify(msg, &sig);
+        let result = pk.verify(&[msg], &sig);
 
         assert!(matches!(result, Ok(())));
     }
@@ -71,15 +71,15 @@ pub mod tests {
         let msg = "this is a test message".as_bytes();
 
         assert!(sk.is_valid());
-        let sig = sk.try_sign_with_rng(&mut rng, msg);
+        let sig = sk.try_sign_with_rng(&mut rng, &[msg]);
         assert!(!sk.is_valid());
 
         assert!(sig.is_ok());
 
         let sig = sig.unwrap();
         // modify q to get the wrong public key
         pk.q = 1;
-        let result = pk.verify(msg, &sig);
+        let result = pk.verify(&[msg], &sig);
 
         assert!(result.is_err());
     }
@@ -163,7 +163,7 @@ pub mod tests {
         let c = hex!("0eb1ed54a2460d512388cad533138d240534e97b1e82d33bd927d201dfc24ebb");
         let mut rng = ConstantRng(&c);
         let msg = "The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.\n".as_bytes();
-        let sig = sk.try_sign_with_rng(&mut rng, msg).unwrap();
+        let sig = sk.try_sign_with_rng(&mut rng, &[msg]).unwrap();
 
         assert_eq!(sig.c, Array::from(c));
         assert_eq!(sig.y[0], Array::from(y0));