elliptic-curve: add ScalarCore<C> type

.github/workflows/elliptic-curve.yml

@@ -44,7 +44,6 @@ jobs:
       - run: cargo build --target ${{ matrix.target }} --release --no-default-features --features jwk
       - run: cargo build --target ${{ matrix.target }} --release --no-default-features --features pem
       - run: cargo build --target ${{ matrix.target }} --release --no-default-features --features pkcs8
-      - run: cargo build --target ${{ matrix.target }} --release --no-default-features --features zeroize
       - run: cargo build --target ${{ matrix.target }} --release --no-default-features --features ecdh,hazmat,jwk,pem
   test:
     runs-on: ubuntu-latest

Cargo.toml

@@ -12,3 +12,6 @@ members = [
     "signature/async",
     "universal-hash",
 ]
+
+[patch.crates-io]
+crypto-bigint = { git = "https://github.com/RustCrypto/utils.git" }

elliptic-curve/Cargo.toml

@@ -15,10 +15,11 @@ categories = ["cryptography", "no-std"]
 keywords   = ["crypto", "ecc", "elliptic", "weierstrass"]
 
 [dependencies]
-crypto-bigint = { version = "0.2.5", features = ["generic-array"] }
+crypto-bigint = { version = "0.2.5", features = ["generic-array", "zeroize"] }
 generic-array = { version = "0.14", default-features = false }
 rand_core = { version = "0.6", default-features = false }
-subtle = { version = "=2.4", default-features = false }
+subtle = { version = ">=2, <2.5", default-features = false }
+zeroize = { version = ">=1, <1.5", default-features = false }
 
 # optional dependencies
 base64ct = { version = "1", optional = true, default-features = false }
@@ -28,18 +29,17 @@ hex-literal = { version = "0.3", optional = true }
 pkcs8 = { version = "0.7", optional = true }
 serde = { version = "1", optional = true, default-features = false }
 serde_json = { version = "1", optional = true, default-features = false, features = ["alloc"] }
-zeroize = { version = ">=1, <1.5", optional = true,  default-features = false }
 
 [dev-dependencies]
 hex-literal = "0.3"
 
 [features]
 default = ["arithmetic"]
 alloc = [] # todo: activate `group/alloc` when weak feature activation is available
-arithmetic = ["crypto-bigint/zeroize", "ff", "group", "zeroize"]
+arithmetic = ["ff", "group"]
 bits = ["arithmetic", "ff/bits"]
-dev = ["arithmetic", "hex-literal", "pem", "zeroize"]
-ecdh = ["arithmetic", "zeroize"]
+dev = ["arithmetic", "hex-literal", "pem"]
+ecdh = ["arithmetic"]
 hazmat = []
 jwk = ["alloc", "base64ct/alloc", "serde", "serde_json", "zeroize/alloc"]
 pem = ["alloc", "pkcs8/pem"]

elliptic-curve/src/dev.rs

@@ -34,7 +34,7 @@ pub const PSEUDO_COORDINATE_FIXED_BASE_MUL: [u8; 32] =
 ///
 /// Note: this type is roughly modeled off of NIST P-256, but does not provide
 /// an actual cure arithmetic implementation.
-#[derive(Clone, Debug, Default, Eq, PartialEq, PartialOrd, Ord)]
+#[derive(Copy, Clone, Debug, Default, Eq, PartialEq, PartialOrd, Ord)]
 pub struct MockCurve;
 
 impl Curve for MockCurve {
@@ -84,8 +84,9 @@ pub type PublicKey = crate::PublicKey<MockCurve>;
 /// Secret key.
 pub type SecretKey = crate::SecretKey<MockCurve>;
 
-/// Scalar bytes.
-pub type ScalarBytes = crate::ScalarBytes<MockCurve>;
+/// Scalar core.
+// TODO(tarcieri): make this the scalar type
+pub type ScalarCore = crate::ScalarCore<MockCurve>;
 
 /// Example scalar type
 #[derive(Clone, Copy, Debug, Default, Eq, PartialEq)]

elliptic-curve/src/jwk.rs

@@ -251,7 +251,7 @@ where
         if let Some(d_base64) = &jwk.d {
             let pk = EncodedPoint::<C>::try_from(jwk)?;
             let mut d_bytes = decode_base64url_fe::<C>(d_base64)?;
-            let result = SecretKey::from_bytes(&d_bytes);
+            let result = SecretKey::from_bytes_be(&d_bytes);
             d_bytes.zeroize();
 
             result.and_then(|secret_key| {
@@ -293,7 +293,7 @@ where
 {
     fn from(sk: &SecretKey<C>) -> JwkEcKey {
         let mut jwk = sk.public_key().to_jwk();
-        let mut d = sk.to_bytes();
+        let mut d = sk.to_bytes_be();
         jwk.d = Some(Base64Url::encode_string(&d));
         d.zeroize();
         jwk

elliptic-curve/src/lib.rs

@@ -37,6 +37,7 @@ pub mod weierstrass;
 
 mod error;
 mod scalar;
+mod secret_key;
 
 #[cfg(feature = "arithmetic")]
 mod arithmetic;
@@ -54,17 +55,16 @@ pub mod ecdh;
 #[cfg(feature = "jwk")]
 mod jwk;
 
-#[cfg(feature = "zeroize")]
-mod secret_key;
-
-pub use self::{
+pub use crate::{
     error::{Error, Result},
-    scalar::bytes::ScalarBytes,
+    scalar::ScalarCore,
+    secret_key::SecretKey,
 };
 pub use crypto_bigint as bigint;
 pub use generic_array::{self, typenum::consts};
 pub use rand_core;
 pub use subtle;
+pub use zeroize;
 
 #[cfg(feature = "arithmetic")]
 pub use {
@@ -86,14 +86,8 @@ pub use crate::jwk::{JwkEcKey, JwkParameters};
 #[cfg(feature = "pkcs8")]
 pub use pkcs8;
 
-#[cfg(feature = "zeroize")]
-pub use secret_key::SecretKey;
-#[cfg(feature = "zeroize")]
-pub use zeroize;
-
 use core::fmt::Debug;
 use generic_array::GenericArray;
-use subtle::{ConstantTimeEq, ConstantTimeGreater, ConstantTimeLess};
 
 /// Algorithm [`ObjectIdentifier`][`pkcs8::ObjectIdentifier`] for elliptic
 /// curve public key cryptography.
@@ -112,19 +106,18 @@ pub const ALGORITHM_OID: pkcs8::ObjectIdentifier =
 /// Other traits in this crate which are bounded by [`Curve`] are intended to
 /// be impl'd by these ZSTs, facilitating types which are generic over elliptic
 /// curves (e.g. [`SecretKey`]).
-pub trait Curve: Clone + Debug + Default + Eq + Ord + Send + Sync {
+pub trait Curve: 'static + Copy + Clone + Debug + Default + Eq + Ord + Send + Sync {
     /// Integer type used to represent field elements of this elliptic curve.
     // TODO(tarcieri): replace this with an e.g. `const Curve::MODULUS: uint`.
     // Requires rust-lang/rust#60551, i.e. `const_evaluatable_checked`
-    type UInt: AsRef<[bigint::Limb]>
+    type UInt: bigint::AddMod<Output = Self::UInt>
         + bigint::ArrayEncoding
-        + bigint::Encoding
-        + Copy
-        + Debug
-        + Default
-        + ConstantTimeEq
-        + ConstantTimeGreater
-        + ConstantTimeLess;
+        + bigint::Integer
+        + bigint::NegMod<Output = Self::UInt>
+        + bigint::Random
+        + bigint::RandomMod
+        + bigint::SubMod<Output = Self::UInt>
+        + zeroize::Zeroize;
 
     /// Order constant.
     ///

elliptic-curve/src/public_key.rs

@@ -115,7 +115,7 @@ where
 
     /// Convert this [`PublicKey`] to a [`ProjectivePoint`] for the given curve
     pub fn to_projective(&self) -> ProjectivePoint<C> {
-        self.point.clone().into()
+        self.point.into()
     }
 
     /// Parse a [`JwkEcKey`] JSON Web Key (JWK) into a [`PublicKey`].
@@ -333,7 +333,7 @@ where
             return Err(pkcs8::der::ErrorKind::UnknownOid { oid: params_oid }.into());
         }
 
-        Self::from_sec1_bytes(&spki.subject_public_key)
+        Self::from_sec1_bytes(spki.subject_public_key)
             .map_err(|_| pkcs8::der::Tag::BitString.value_error().into())
     }
 }