chore(deps): bump crypto-bigint to 0.7.0-pre.2 (#953)

Author: baloo

Cargo.lock

@@ -33,8 +33,4 @@ slh-dsa         = { path = "./slh-dsa" }
 elliptic-curve = { git = "https://github.com/RustCrypto/traits.git" }
 signature      = { git = "https://github.com/RustCrypto/traits.git" }
 
-# https://github.com/RustCrypto/crypto-bigint/pull/762
-# https://github.com/RustCrypto/crypto-bigint/pull/765
-crypto-bigint = { git = "https://github.com/RustCrypto/crypto-bigint.git" }
-
 crypto-primes = { git = "https://github.com/entropyxyz/crypto-primes.git" }

Cargo.toml

@@ -17,7 +17,7 @@ rust-version = "1.85"
 
 [dependencies]
 digest = "=0.11.0-pre.10"
-crypto-bigint = { version = "=0.7.0-pre.1", default-features = false, features = ["alloc", "zeroize"] }
+crypto-bigint = { version = "=0.7.0-pre.2", default-features = false, features = ["alloc", "zeroize"] }
 crypto-primes = { version = "=0.7.0-dev", default-features = false }
 pkcs8 = { version = "0.11.0-rc.1", default-features = false, features = ["alloc"] }
 rfc6979 = { version = "=0.5.0-pre.4" }

dsa/Cargo.toml

@@ -1,4 +1,4 @@
-use crypto_bigint::{BoxedUint, NonZero};
+use crypto_bigint::{BoxedUint, NonZero, Resize};
 use crypto_primes::{Flavor, random_prime};
 use signature::rand_core::CryptoRng;
 
@@ -15,8 +15,8 @@ pub use self::keypair::keypair;
 /// Calculate the upper and lower bounds for generating values like p or q
 #[inline]
 fn calculate_bounds(size: u32) -> (NonZero<BoxedUint>, NonZero<BoxedUint>) {
-    let lower = BoxedUint::one().widen(size + 1).shl(size - 1);
-    let upper = BoxedUint::one().widen(size + 1).shl(size);
+    let lower = BoxedUint::one().resize(size + 1).shl(size - 1);
+    let upper = BoxedUint::one().resize(size + 1).shl(size);
 
     let lower = NonZero::new(lower).expect("[bug] shl can't go backward");
     let upper = NonZero::new(upper).expect("[bug] shl can't go backward");

dsa/src/generate.rs

@@ -9,7 +9,7 @@ use crate::{
     two,
 };
 use crypto_bigint::{
-    BoxedUint, NonZero, Odd, RandomBits,
+    BoxedUint, NonZero, Odd, RandomBits, Resize,
     modular::{BoxedMontyForm, BoxedMontyParams},
     subtle::CtOption,
 };
@@ -46,7 +46,7 @@ pub fn common<R: CryptoRng + ?Sized>(
                     break 'gen_m m;
                 }
             };
-            let rem = NonZero::new((two() * &*q).widen(m.bits_precision()))
+            let rem = NonZero::new((two() * &*q).resize(m.bits_precision()))
                 .expect("[bug] 2 * NonZero can't be zero");
 
             let mr = &m % &rem;
@@ -60,11 +60,11 @@ pub fn common<R: CryptoRng + ?Sized>(
     };
 
     // Q needs to be the same precision as P for the operations below.
-    let q = q.widen(l);
+    let q = q.resize(l);
 
     // Generate g using the unverifiable method as defined by Appendix A.2.1
     let e = (&*p - &BoxedUint::one()) / &q;
-    let mut h = BoxedUint::one().widen(l);
+    let mut h = BoxedUint::one().resize(l);
     let g = loop {
         let params = BoxedMontyParams::new_vartime(p.clone());
         let form = BoxedMontyForm::new(h.clone(), params);
@@ -79,7 +79,7 @@ pub fn common<R: CryptoRng + ?Sized>(
         h += BoxedUint::one();
     };
 
-    let q = NonZero::new(q.shorten(n)).expect("[bug] q_min(2^N-1) < q < q_max(2^N), Q is non zero");
+    let q = q.resize(n);
 
     (p, q, g)
 }

dsa/src/generate/components.rs

@@ -5,7 +5,7 @@
 use crate::{Components, signing_key::SigningKey};
 use alloc::vec;
 use core::cmp::min;
-use crypto_bigint::{BoxedUint, NonZero, RandomBits};
+use crypto_bigint::{BoxedUint, NonZero, RandomBits, Resize};
 use digest::{Digest, FixedOutputReset, core_api::BlockSizeUser};
 use signature::rand_core::TryCryptoRng;
 use zeroize::Zeroizing;
@@ -68,14 +68,14 @@ pub fn secret_number<R: TryCryptoRng + ?Sized>(
 ) -> Result<Option<(BoxedUint, BoxedUint)>, signature::Error> {
     let q = components.q();
     let n = q.bits();
-    let q = q.widen(n + 64);
+    let q = q.resize(n + 64);
     let q = &q;
 
     // Attempt to try a fitting secret number
     // Give up after 4096 tries
     for _ in 0..4096 {
         let c = BoxedUint::try_random_bits(rng, n + 64).map_err(|_| signature::Error::new())?;
-        let rem = NonZero::new((&**q - &BoxedUint::one()).widen(c.bits_precision()))
+        let rem = NonZero::new((&**q - &BoxedUint::one()).resize(c.bits_precision()))
             .expect("[bug] minimum size for q is to 2^(160 - 1)");
         let k = (c % rem) + BoxedUint::one();
 

dsa/src/generate/secret_number.rs

@@ -8,7 +8,7 @@ use core::{
     fmt::{self, Debug},
 };
 use crypto_bigint::{
-    BoxedUint, NonZero,
+    BoxedUint, NonZero, Resize,
     modular::{BoxedMontyForm, BoxedMontyParams},
 };
 use digest::{Digest, FixedOutputReset, core_api::BlockSizeUser};
@@ -104,18 +104,18 @@ impl SigningKey {
 
         debug_assert_eq!(key_size.n_aligned(), q.bits_precision());
 
-        let x = x.widen(p.bits_precision());
+        let x = x.resize(p.bits_precision());
         let x = &x;
 
-        let k = k.widen(p.bits_precision());
-        let inv_k = inv_k.widen(p.bits_precision());
+        let k = k.resize(p.bits_precision());
+        let inv_k = inv_k.resize(p.bits_precision());
 
         let params = BoxedMontyParams::new(p.clone());
         let form = BoxedMontyForm::new((**g).clone(), params);
-        let r = form.pow(&k).retrieve() % q.widen(p.bits_precision());
+        let r = form.pow(&k).retrieve() % q.resize(p.bits_precision());
         debug_assert_eq!(key_size.l_aligned(), r.bits_precision());
 
-        let r_short = r.shorten(key_size.n_aligned());
+        let r_short = r.clone().resize(key_size.n_aligned());
         let r_short = NonZero::new(r_short)
             .expect("[bug] invalid value of k used here, the secret number computed was invalid");
         let r = NonZero::new(r)
@@ -128,8 +128,8 @@ impl SigningKey {
         let z = BoxedUint::from_be_slice(&hash[..z_len], z_len as u32 * 8)
             .expect("invariant violation");
 
-        let s = inv_k.mul_mod(&(z + &**x * &*r), &q.widen(key_size.l_aligned()));
-        let s = s.shorten(key_size.n_aligned());
+        let s = inv_k.mul_mod(&(z + &**x * &*r), &q.resize(key_size.l_aligned()));
+        let s = s.resize(key_size.n_aligned());
         let s = NonZero::new(s)
             .expect("[bug] invalid value of k used here, the secret number computed was invalid");
 

dsa/src/signing_key.rs

@@ -5,7 +5,7 @@
 use crate::{Components, OID, Signature, two};
 use core::cmp::min;
 use crypto_bigint::{
-    BoxedUint, NonZero,
+    BoxedUint, NonZero, Resize,
     modular::{BoxedMontyForm, BoxedMontyParams},
 };
 use digest::Digest;
@@ -69,9 +69,9 @@ impl VerifyingKey {
             return Some(false);
         }
 
-        let q = &q.widen(p.bits_precision());
-        let r = &r.widen(p.bits_precision());
-        let s = &s.widen(p.bits_precision());
+        let q = &q.resize(p.bits_precision());
+        let r = &r.resize(p.bits_precision());
+        let s = &s.resize(p.bits_precision());
 
         let w: BoxedUint = Option::from(s.inv_mod(q))?;
 
@@ -82,10 +82,10 @@ impl VerifyingKey {
         let z = BoxedUint::from_be_slice(&hash[..z_len], z_len as u32 * 8)
             .expect("invariant violation");
 
-        let z = z.widen(p.bits_precision());
-        let w = w.widen(q.bits_precision());
+        let z = z.resize(p.bits_precision());
+        let w = w.resize(q.bits_precision());
 
-        let u1 = (&z * &w) % q.widen(p.bits_precision());
+        let u1 = (&z * &w) % q.resize(p.bits_precision());
         let u2 = r.mul_mod(&w, q);
 
         let p1_params = BoxedMontyParams::new(p.clone());
@@ -97,9 +97,9 @@ impl VerifyingKey {
         let v1 = g_form.pow(&u1).retrieve();
         let v2 = y_form.pow(&u2).retrieve();
         let v3 = v1 * v2;
-        let p = p.widen(v3.bits_precision());
-        let q = q.widen(v3.bits_precision());
-        let v4 = v3 % NonZero::new(p).expect("[bug] p is an odd number and can't be zero");
+        let p = p.resize(v3.bits_precision());
+        let q = q.resize(v3.bits_precision());
+        let v4 = v3 % p.as_nz_ref();
         let v = v4 % q;
 
         Some(v == **r)

dsa/src/verifying_key.rs

@@ -18,7 +18,7 @@ rand = "0.9.0"
 sha2 = "=0.11.0-pre.5"
 static_assertions = "1.1.0"
 rand_core = "0.9.0"
-signature = { version = "=3.0.0-pre", features = ["digest", "std", "rand_core"] }
+signature = { version = "=3.0.0-pre", features = ["alloc", "digest", "rand_core"] }
 typenum = { version = "1.17.0", features = ["const-generics"] }
 zeroize = "1.8.1"