Merge remote-tracking branch 'rust-crypto/master'

Author: carloskiki

Cargo.lock

@@ -17,3 +17,6 @@ members = [
 [patch.crates-io]
 digest = { path = "digest" }
 signature = { path = "signature" }
+
+# https://github.com/RustCrypto/utils/pull/1192
+block-buffer = { git = "https://github.com/RustCrypto/utils.git" }

Cargo.toml

@@ -60,7 +60,7 @@ macro_rules! buffer_fixed {
         $crate::buffer_fixed!(
             impl_inner: $name$(< $( $lt $( : $clt $(+ $dlt )* )? ),+ >)?($core_ty);
             BaseFixedTraits AlgorithmName Default Clone HashMarker
-            Reset FixedOutputReset SerializableState $($trait_name)*;
+            Reset FixedOutputReset SerializableState ZeroizeOnDrop $($trait_name)*;
         );
     };
 
@@ -476,5 +476,30 @@ macro_rules! buffer_fixed {
         }
 
         $crate::buffer_fixed!(impl_inner: $name$(< $( $lt $( : $clt $(+ $dlt )* )? ),+ >)?($core_ty); $($trait_name)*;);
-    }
+    };
+
+    // Implements `ZeroizeOnDrop`
+    (
+        impl_inner: $name:ident
+        $(< $( $lt:tt $( : $clt:tt $(+ $dlt:tt )* )? ),+ >)?
+        ($core_ty:ty);
+        ZeroizeOnDrop $($trait_name:ident)*;
+    ) => {
+        // Verify that `$core_ty` and `Buffer<$core_ty>` implement `ZeroizeOnDrop`
+        #[cfg(feature = "zeroize")]
+        const _: () = {
+            fn check_core$(< $( $lt $( : $clt $(+ $dlt )* )? ),+ >)?(v: &$core_ty) {
+                v as &dyn $crate::zeroize::ZeroizeOnDrop;
+            }
+
+            fn check_buffer$(< $( $lt $( : $clt $(+ $dlt )* )? ),+ >)?(v: &$crate::block_api::Buffer<$core_ty>) {
+                v as &dyn $crate::zeroize::ZeroizeOnDrop;
+            }
+        };
+
+        #[cfg(feature = "zeroize")]
+        impl$(< $( $lt $( : $clt $(+ $dlt )* )? ),+ >)? $crate::zeroize::ZeroizeOnDrop for $name$(< $( $lt ),+ >)? {}
+
+        $crate::buffer_fixed!(impl_inner: $name$(< $( $lt $( : $clt $(+ $dlt )* )? ),+ >)?($core_ty); $($trait_name)*;);
+    };
 }

digest/src/buffer_macros/fixed.rs

@@ -75,6 +75,17 @@ mod block_api {
             })
         }
     }
+
+    #[cfg(feature = "zeroize")]
+    impl Drop for FixedHashCore {
+        fn drop(&mut self) {
+            use zeroize::Zeroize;
+            self.state.zeroize();
+        }
+    }
+
+    #[cfg(feature = "zeroize")]
+    impl zeroize::ZeroizeOnDrop for FixedHashCore {}
 }
 
 digest::buffer_fixed!(
@@ -99,3 +110,11 @@ digest::buffer_fixed!(
     oid: "0.1.2.3.4.5";
     impl: FixedHashTraits;
 );
+
+#[cfg(feature = "zeroize")]
+/// check for `ZeroizeOnDrop` implementations
+const _: () = {
+    const fn check_zeroize<T: zeroize::ZeroizeOnDrop>() {}
+    check_zeroize::<FixedHashWithSer>();
+    check_zeroize::<FixedHashWithOidSer>();
+};

digest/tests/dummy_fixed.rs

@@ -2,7 +2,7 @@
 
 use crate::{
     Curve, CurveGroup, Error, FieldBytes, Group, NonZeroScalar, PrimeCurve, ScalarPrimitive,
-    ops::{Invert, LinearCombination, Mul, Reduce, ShrAssign},
+    ops::{Invert, LinearCombination, Mul, Reduce},
     point::{AffineCoordinates, NonIdentity},
     scalar::{FromUintUnchecked, IsHigh},
 };
@@ -81,7 +81,6 @@ pub trait CurveArithmetic: Curve {
         + for<'a> Mul<&'a Self::ProjectivePoint, Output = Self::ProjectivePoint>
         + PartialOrd
         + Reduce<Self::Uint, Bytes = FieldBytes<Self>>
-        + ShrAssign<usize>
         + TryInto<NonZeroScalar<Self>, Error = Error>
         + ff::Field
         + ff::PrimeField<Repr = FieldBytes<Self>>;

elliptic-curve/src/arithmetic.rs

@@ -7,11 +7,30 @@
 ![Rust Version][rustc-image]
 [![Project Chat][chat-image]][chat-link]
 
-This crate contains traits which provide generic, object-safe APIs for
+This crate contains traits which provide generic type-safe APIs for
 generating and verifying [digital signatures].
 
-Used by the [`dsa`], [`ecdsa`], [`ed25519`], and [`rsa`] crates maintained by
-the [RustCrypto] organization, as well as [`ed25519-dalek`].
+## Supported crates
+
+The following crates are implemented using traits from the `signature` crate:
+
+### RustCrypto crates
+
+- [`dsa`]
+- [`ecdsa`]
+- [`ed25519`]
+- [`ed448`]
+- [`ed448-goldilocks`]
+- [`lms`]
+- [`ml-dsa`]
+- [`slh-dsa`]
+- [`sm2`]
+- [`rsa`]
+
+### Third-party crates
+
+- [`ed25519-dalek`]
+- [`yubihsm`]
 
 ## SemVer Policy Exemptions
 
@@ -55,5 +74,12 @@ dual licensed as above, without any additional terms or conditions.
 [`dsa`]: https://github.com/RustCrypto/signatures/tree/master/dsa
 [`ecdsa`]: https://github.com/RustCrypto/signatures/tree/master/ecdsa
 [`ed25519`]: https://github.com/RustCrypto/signatures/tree/master/ed25519
-[`ed25519-dalek`]: https://github.com/dalek-cryptography/ed25519-dalek
+[`ed25519-dalek`]: https://github.com/dalek-cryptography/curve25519-dalek/tree/main/ed25519-dalek
+[`ed448`]: https://github.com/RustCrypto/elliptic-curves/tree/master/ed448
+[`ed448-goldilocks`]: https://github.com/RustCrypto/elliptic-curves/tree/master/ed448-goldilocks
+[`lms`]: https://github.com/RustCrypto/signatures/tree/master/lms
+[`ml-dsa`]: https://github.com/RustCrypto/signatures/tree/master/ml-dsa
 [`rsa`]: https://github.com/RustCrypto/RSA
+[`slh-dsa`]: https://github.com/RustCrypto/signatures/tree/master/slh-dsa
+[`sm2`]: https://github.com/RustCrypto/elliptic-curves/tree/master/sm2
+[`yubihsm`]: https://github.com/iqlusioninc/yubihsm.rs