Bump crypto-bigint to v0.7.0-pre.5 (#382)

...and all of the downstream dependencies needed to upgrade it:

- `dsa`
- `rsa`
- `p256`
- `p384`
- `p521`

This notably includes some changes to `dsa` and `rsa` which eliminate
the use of `Odd` and `NonZero` input parameters, putting those checks in
the constructor instead.

Author: tarcieri

Cargo.lock

@@ -17,7 +17,7 @@ rust-version = "1.85"
 
 [dependencies]
 base64ct = { version = "1.7", optional = true }
-bigint = { package = "crypto-bigint", version = "=0.7.0-pre.4", optional = true, default-features = false, features = ["alloc"] }
+bigint = { package = "crypto-bigint", version = "=0.7.0-pre.5", optional = true, default-features = false, features = ["alloc"] }
 bytes = { version = "1", optional = true, default-features = false }
 digest = { version = "0.11.0-rc.0", optional = true, default-features = false }
 pem-rfc7468 = { version = "1.0.0-rc.3", optional = true }

ssh-encoding/Cargo.toml

@@ -264,11 +264,3 @@ use alloc::vec::Vec;
 
 #[cfg(feature = "bigint")]
 pub use bigint::BoxedUint as Uint;
-
-/// Non-zero [`Uint`].
-#[cfg(feature = "bigint")]
-pub type NonZeroUint = bigint::NonZero<Uint>;
-
-/// Odd [`Uint`].
-#[cfg(feature = "bigint")]
-pub type OddUint = bigint::Odd<Uint>;

ssh-encoding/src/lib.rs

@@ -5,7 +5,7 @@ use alloc::{boxed::Box, vec::Vec};
 use core::fmt;
 
 #[cfg(feature = "bigint")]
-use crate::{NonZeroUint, OddUint, Uint};
+use crate::Uint;
 
 #[cfg(feature = "subtle")]
 use subtle::{Choice, ConstantTimeEq};
@@ -207,42 +207,6 @@ impl fmt::UpperHex for Mpint {
     }
 }
 
-#[cfg(feature = "bigint")]
-impl TryFrom<NonZeroUint> for Mpint {
-    type Error = Error;
-
-    fn try_from(uint: NonZeroUint) -> Result<Mpint> {
-        Mpint::try_from(&uint)
-    }
-}
-
-#[cfg(feature = "bigint")]
-impl TryFrom<&NonZeroUint> for Mpint {
-    type Error = Error;
-
-    fn try_from(uint: &NonZeroUint) -> Result<Mpint> {
-        Self::try_from(uint.as_ref())
-    }
-}
-
-#[cfg(feature = "bigint")]
-impl TryFrom<OddUint> for Mpint {
-    type Error = Error;
-
-    fn try_from(uint: OddUint) -> Result<Mpint> {
-        Mpint::try_from(&uint)
-    }
-}
-
-#[cfg(feature = "bigint")]
-impl TryFrom<&OddUint> for Mpint {
-    type Error = Error;
-
-    fn try_from(uint: &OddUint) -> Result<Mpint> {
-        Self::try_from(uint.as_ref())
-    }
-}
-
 #[cfg(feature = "bigint")]
 impl TryFrom<Uint> for Mpint {
     type Error = Error;
@@ -262,46 +226,6 @@ impl TryFrom<&Uint> for Mpint {
     }
 }
 
-#[cfg(feature = "bigint")]
-impl TryFrom<Mpint> for NonZeroUint {
-    type Error = Error;
-
-    fn try_from(mpint: Mpint) -> Result<NonZeroUint> {
-        NonZeroUint::try_from(&mpint)
-    }
-}
-
-#[cfg(feature = "bigint")]
-impl TryFrom<&Mpint> for NonZeroUint {
-    type Error = Error;
-
-    fn try_from(mpint: &Mpint) -> Result<NonZeroUint> {
-        let uint = Uint::try_from(mpint)?;
-        NonZeroUint::new(uint)
-            .into_option()
-            .ok_or(Error::MpintEncoding)
-    }
-}
-
-#[cfg(feature = "bigint")]
-impl TryFrom<Mpint> for OddUint {
-    type Error = Error;
-
-    fn try_from(mpint: Mpint) -> Result<OddUint> {
-        OddUint::try_from(&mpint)
-    }
-}
-
-#[cfg(feature = "bigint")]
-impl TryFrom<&Mpint> for OddUint {
-    type Error = Error;
-
-    fn try_from(mpint: &Mpint) -> Result<OddUint> {
-        let uint = Uint::try_from(mpint)?;
-        OddUint::new(uint).into_option().ok_or(Error::MpintEncoding)
-    }
-}
-
 #[cfg(feature = "bigint")]
 impl TryFrom<Mpint> for Uint {
     type Error = Error;
@@ -316,14 +240,9 @@ impl TryFrom<&Mpint> for Uint {
     type Error = Error;
 
     fn try_from(mpint: &Mpint) -> Result<Uint> {
+        // TODO(tarcieri): enforce a maximum size?
         let bytes = mpint.as_positive_bytes().ok_or(Error::MpintEncoding)?;
-        let bits_precision = bytes
-            .len()
-            .checked_mul(8)
-            .and_then(|n| u32::try_from(n).ok())
-            .ok_or(Error::MpintEncoding)?;
-
-        Ok(Uint::from_be_slice(bytes, bits_precision)?)
+        Ok(Uint::from_be_slice_vartime(bytes))
     }
 }
 

ssh-encoding/src/mpint.rs

@@ -28,16 +28,16 @@ zeroize = { version = "1", default-features = false }
 # optional dependencies
 argon2 = { version = "0.6.0-rc.0", optional = true, default-features = false, features = ["alloc"] }
 bcrypt-pbkdf = { version = "0.11.0-rc.0", optional = true, default-features = false, features = ["alloc"] }
-dsa = { version = "0.7.0-rc.0", optional = true, default-features = false, features = ["hazmat"] }
+dsa = { version = "0.7.0-rc.1", optional = true, default-features = false, features = ["hazmat"] }
 ed25519-dalek = { version = "=2.2.0-pre", optional = true, default-features = false }
 hex = { version = "0.4", optional = true, default-features = false, features = ["alloc"] }
 hmac = { version = "0.13.0-rc.0", optional = true }
 home = { version = "0.5", optional = true }
-p256 = { version = "0.14.0-pre.5", optional = true, default-features = false, features = ["ecdsa"] }
-p384 = { version = "0.14.0-pre.5", optional = true, default-features = false, features = ["ecdsa"] }
-p521 = { version = "0.14.0-pre.5", optional = true, default-features = false, features = ["ecdsa"] }
+p256 = { version = "0.14.0-pre.7", optional = true, default-features = false, features = ["ecdsa"] }
+p384 = { version = "0.14.0-pre.7", optional = true, default-features = false, features = ["ecdsa"] }
+p521 = { version = "0.14.0-pre.7", optional = true, default-features = false, features = ["ecdsa"] }
 rand_core = { version = "0.9", optional = true, default-features = false }
-rsa = { version = "0.10.0-rc.0", optional = true, default-features = false, features = ["sha2"] }
+rsa = { version = "0.10.0-rc.1", optional = true, default-features = false, features = ["sha2"] }
 sec1 = { version = "0.8.0-rc.5", optional = true, default-features = false, features = ["point"] }
 serde = { version = "1.0.16", optional = true }
 sha1 = { version = "0.11.0-rc.0", optional = true, default-features = false, features = ["oid"] }

ssh-key/Cargo.toml

@@ -136,7 +136,7 @@ impl TryFrom<&dsa::SigningKey> for DsaPrivateKey {
 
     fn try_from(key: &dsa::SigningKey) -> Result<DsaPrivateKey> {
         Ok(DsaPrivateKey {
-            inner: key.x().try_into()?,
+            inner: key.x().as_ref().try_into()?,
         })
     }
 }

ssh-key/src/private/dsa.rs

@@ -8,7 +8,7 @@ use zeroize::Zeroize;
 
 #[cfg(feature = "rsa")]
 use {
-    encoding::{OddUint, Uint},
+    encoding::Uint,
     rand_core::CryptoRng,
     rsa::{
         pkcs1v15,
@@ -252,7 +252,7 @@ impl TryFrom<&RsaKeypair> for rsa::RsaPrivateKey {
 
     fn try_from(key: &RsaKeypair) -> Result<rsa::RsaPrivateKey> {
         let ret = rsa::RsaPrivateKey::from_components(
-            OddUint::try_from(key.public.n())?,
+            Uint::try_from(key.public.n())?,
             Uint::try_from(key.public.e())?,
             Uint::try_from(&key.private.d)?,
             vec![

ssh-key/src/private/rsa.rs

@@ -5,7 +5,7 @@ use core::hash::{Hash, Hasher};
 use encoding::{CheckedSum, Decode, Encode, Reader, Writer};
 
 #[cfg(feature = "dsa")]
-use encoding::{NonZeroUint, OddUint};
+use encoding::Uint;
 
 /// Digital Signature Algorithm (DSA) public key.
 ///
@@ -119,10 +119,10 @@ impl TryFrom<&DsaPublicKey> for dsa::VerifyingKey {
     type Error = Error;
 
     fn try_from(key: &DsaPublicKey) -> Result<dsa::VerifyingKey> {
-        let p = OddUint::try_from(&key.p)?;
-        let q = NonZeroUint::try_from(&key.q)?;
-        let g = NonZeroUint::try_from(&key.g)?;
-        let y = NonZeroUint::try_from(&key.y)?;
+        let p = Uint::try_from(&key.p)?;
+        let q = Uint::try_from(&key.q)?;
+        let g = Uint::try_from(&key.g)?;
+        let y = Uint::try_from(&key.y)?;
 
         let components = dsa::Components::from_components(p, q, g)?;
         dsa::VerifyingKey::from_components(components, y).map_err(|_| Error::Crypto)
@@ -144,10 +144,10 @@ impl TryFrom<&dsa::VerifyingKey> for DsaPublicKey {
 
     fn try_from(key: &dsa::VerifyingKey) -> Result<DsaPublicKey> {
         Ok(DsaPublicKey {
-            p: key.components().p().try_into()?,
-            q: key.components().q().try_into()?,
-            g: key.components().g().try_into()?,
-            y: key.y().try_into()?,
+            p: key.components().p().as_ref().try_into()?,
+            q: key.components().q().as_ref().try_into()?,
+            g: key.components().g().as_ref().try_into()?,
+            y: key.y().as_ref().try_into()?,
         })
     }
 }

ssh-key/src/public/dsa.rs

@@ -139,7 +139,7 @@ impl TryFrom<&rsa::RsaPublicKey> for RsaPublicKey {
 
     fn try_from(key: &rsa::RsaPublicKey) -> Result<RsaPublicKey> {
         let e = Mpint::try_from(key.e())?;
-        let n = Mpint::try_from(key.n())?;
+        let n = Mpint::try_from(key.n().as_ref())?;
         RsaPublicKey::new(e, n)
     }
 }

ssh-key/src/public/rsa.rs

@@ -12,7 +12,7 @@ use crate::{private::Ed25519Keypair, public::Ed25519PublicKey};
 #[cfg(feature = "dsa")]
 use {
     crate::{private::DsaKeypair, public::DsaPublicKey},
-    encoding::{NonZeroUint, Uint},
+    encoding::Uint,
     signature::{DigestSigner, DigestVerifier},
 };
 
@@ -389,16 +389,7 @@ impl TryFrom<&Signature> for dsa::Signature {
 
         let r = Uint::from_be_slice(components.0, component_bits)?;
         let s = Uint::from_be_slice(components.1, component_bits)?;
-        let signature = Self::from_components(
-            NonZeroUint::new(r)
-                .into_option()
-                .ok_or(encoding::Error::MpintEncoding)?,
-            NonZeroUint::new(s)
-                .into_option()
-                .ok_or(encoding::Error::MpintEncoding)?,
-        );
-
-        Ok(signature)
+        Ok(Self::from_components(r, s).ok_or(encoding::Error::MpintEncoding)?)
     }
 }