Switch to using the internal SHA/HMAC implementations.

Cargo.toml

@@ -13,12 +13,8 @@ base64      = "^0.10.1"
 byteorder   = "^1.3.1"
 chrono      = "^0.4.6"
 cryptonum   = { path = "cryptonum" }
-digest      = "^0.8.0"
-hmac        = "^0.7.0"
 num         = "^0.2.0"
 rand        = "^0.6.5"
-sha-1       = "^0.8.1"
-sha2        = "^0.8.0"
 simple_asn1 = "^0.2.0"
 
 [dev-dependencies]

src/dsa/mod.rs

@@ -5,10 +5,8 @@
 //! random number generator.
 //! 
 //! ```rust
-//! extern crate sha2;
-//! 
 //! use simple_crypto::dsa::{DSAKeyPair,DSAParameters,L2048N256};
-//! use sha2::Sha224;
+//! use simple_crypto::sha::SHA224;
 //! 
 //! // Generate a set of DSA parameters, assuming you don't have
 //! // them already
@@ -25,8 +23,8 @@
 //! // using it. For example, to sign the vector [0,1,2,3,4] with SHA224
 //! // and then verify that signature, we would write: 
 //! let msg = vec![0,1,2,3,4];
-//! let sig = kp.private.sign::<Sha224>(&msg);
+//! let sig = kp.private.sign::<SHA224>(&msg);
-//! assert!( kp.public.verify::<Sha224>(&msg, &sig) );
+//! assert!( kp.public.verify::<SHA224>(&msg, &sig) );
 //! ```
 
 

src/dsa/params.rs

@@ -1,7 +1,6 @@
 use cryptonum::unsigned::{CryptoNum,Decoder,Encoder,ModExp,PrimeGen};
 use cryptonum::unsigned::{U192,U256,U1024,U2048,U3072};
-use digest::Digest;
+use sha::{Hash,SHA256};
-use sha2::Sha256;
 use simple_asn1::{ToASN1,ASN1Block,ASN1Class,ASN1EncodeErr};
 use rand::Rng;
 use utils::TranslateNums;
@@ -222,5 +221,5 @@ fn hash<T>(x: &T, len: usize) -> Vec<u8>
     while base.len() < bytelen {
         base.insert(0,0);
     }
-    Sha256::digest(&base).as_slice().to_vec()
+    SHA256::hash(&base)
 }

src/dsa/private.rs

@@ -1,9 +1,8 @@
 use cryptonum::unsigned::*;
 use cryptonum::signed::ModInv;
-use digest::{BlockInput,Digest,Input,FixedOutput,Reset};
 use dsa::params::*;
 use dsa::rfc6979::*;
-use hmac::{Hmac,Mac};
+use sha::Hash;
 
 /// A DSA private key, parameterized by its DSA parameters (so that you don't
 /// accidentally pass the wrong key to the wrong routine).
@@ -31,10 +30,7 @@ macro_rules! privkey_impls {
                DSAPrivateKey{ params, x }
            }
 
-           pub fn sign<Hash>(&self, m: &[u8]) -> DSASignature<$ntype>
+           pub fn sign<H: Hash + Clone>(&self, m: &[u8]) -> DSASignature<$ntype>
-             where
-              Hash: BlockInput + Clone + Default + Digest + FixedOutput + Input + Reset,
-              Hmac<Hash>: Mac
            {
                // This algorithm is per RFC 6979, which has a nice, relatively
                // straightforward description of how to do DSA signing.
@@ -47,7 +43,7 @@ macro_rules! privkey_impls {
                //     As was noted in the description of bits2octets, the extra
                //     modular reduction is no more than a conditional subtraction.
                //
-               let h1 = <Hash>::digest(m);
+               let h1 = <H>::hash(m);
                let n  = $ptype::n_size();
                let h0: $ntype = bits2int(&h1, $ptype::n_size());
                let q = &self.params.q;
@@ -59,7 +55,7 @@ macro_rules! privkey_impls {
                //     process used to generate k.  In plain DSA or ECDSA, k should
                //     be selected through a random selection that chooses a value
                //     among the q-1 possible values with uniform probability.
-               for k in KIterator::<Hash,$ntype>::new(&h1, n, q, &self.x) {
+               for k in KIterator::<H,$ntype>::new(&h1, n, q, &self.x) {
                    // 3. A value r (modulo q) is computed from k and the key
                    //    parameters:
                    //     *  For DSA:
@@ -111,7 +107,7 @@ macro_rules! generate_tests {
             use cryptonum::unsigned::Decoder;
             use super::*;
             use testing::run_test;
-            use sha2::{Sha224,Sha256,Sha384,Sha512};
+            use sha::{SHA224,SHA256,SHA384,SHA512};
 
             #[test]
             fn verify() {
@@ -141,10 +137,10 @@ macro_rules! generate_tests {
                     let params = $params::new(p,g,q);
                     let private = DSAPrivateKey::<$params>::new(params, x);
                     let sig = match h {
-                        224 => private.sign::<Sha224>(mbytes),
+                        224 => private.sign::<SHA224>(mbytes),
-                        256 => private.sign::<Sha256>(mbytes),
+                        256 => private.sign::<SHA256>(mbytes),
-                        384 => private.sign::<Sha384>(mbytes),
+                        384 => private.sign::<SHA384>(mbytes),
-                        512 => private.sign::<Sha512>(mbytes),
+                        512 => private.sign::<SHA512>(mbytes),
                         _   => panic!("Unexpected hash {}", h)
                     };
                     assert_eq!(r, sig.r);

src/dsa/public.rs

@@ -1,9 +1,9 @@
 use cryptonum::unsigned::*;
 use cryptonum::signed::ModInv;
-use digest::Digest;
 use dsa::params::*;
 use dsa::rfc6979::DSASignature;
 use simple_asn1::{ASN1Block,ASN1Class,ASN1EncodeErr,ToASN1};
+use sha::Hash;
 use std::cmp::min;
 use utils::TranslateNums;
 
@@ -32,8 +32,7 @@ macro_rules! pubkey_impls {
                 DSAPublicKey{ params, y }
             }
 
-            pub fn verify<Hash>(&self, m: &[u8], sig: &DSASignature<$ntype>) -> bool
+            pub fn verify<H: Hash>(&self, m: &[u8], sig: &DSASignature<$ntype>) -> bool
-             where Hash: Digest
             {
                 if sig.r >= self.params.q {
                     return false;
@@ -44,7 +43,7 @@ macro_rules! pubkey_impls {
                 // w = (s')^-1 mod q;
                 if let Some(w) = sig.s.modinv(&self.params.q) {
                     // z = the leftmost min(N, outlen) bits of Hash(M').
-                    let mut digest_bytes = <Hash>::digest(m).to_vec();
+                    let mut digest_bytes = <H>::hash(m);
                     let len = min(digest_bytes.len(), $ptype::n_size() / 8);
                     digest_bytes.truncate(len);
                     let z = $ntype::from_bytes(&digest_bytes);
@@ -95,7 +94,7 @@ macro_rules! generate_tests {
             use cryptonum::unsigned::Decoder;
             use super::*;
             use testing::run_test;
-            use sha2::{Sha224,Sha256,Sha384,Sha512};
+            use sha::{SHA224,SHA256,SHA384,SHA512};
 
             #[test]
             fn verify() {
@@ -126,10 +125,10 @@ macro_rules! generate_tests {
                     let public = DSAPublicKey::<$params>::new(params, y);
                     let sig = DSASignature::<$nt>::new(r, s);
                     match h {
-                        224 => assert!(public.verify::<Sha224>(mbytes, &sig)),
+                        224 => assert!(public.verify::<SHA224>(mbytes, &sig)),
-                        256 => assert!(public.verify::<Sha256>(mbytes, &sig)),
+                        256 => assert!(public.verify::<SHA256>(mbytes, &sig)),
-                        384 => assert!(public.verify::<Sha384>(mbytes, &sig)),
+                        384 => assert!(public.verify::<SHA384>(mbytes, &sig)),
-                        512 => assert!(public.verify::<Sha512>(mbytes, &sig)),
+                        512 => assert!(public.verify::<SHA512>(mbytes, &sig)),
                         _   => panic!("Unexpected hash {}", h)
                     }
                 });

src/dsa/rfc6979.rs

@@ -1,7 +1,6 @@
 use cryptonum::unsigned::{CryptoNum,Decoder,Encoder};
-use digest::{BlockInput,Digest,FixedOutput,Input,Reset};
+use hmac::HMAC;
-use digest::generic_array::ArrayLength;
+use sha::Hash;
-use hmac::{Hmac,Mac};
 use num::BigInt;
 use simple_asn1::{ASN1Block,ASN1Class,ASN1DecodeErr,ASN1EncodeErr};
 use simple_asn1::{FromASN1,ToASN1};
@@ -26,11 +25,10 @@ impl<N> DSASignature<N>
 #[allow(non_snake_case)]
 pub struct KIterator<H,N>
  where
-  H: BlockInput + Clone + Default + Digest + FixedOutput + Input + Reset,
+  H: Hash + Clone,
   N: Clone + Decoder + Encoder + PartialOrd + Shr<usize,Output=N>,
-  Hmac<H>: Mac
 {
-    hmac_k: Hmac<H>,
+    hmac_k: HMAC<H>,
     V: Vec<u8>,
     q: N,
     qlen: usize
@@ -38,9 +36,8 @@ pub struct KIterator<H,N>
 
 impl<H,N> KIterator<H,N>
  where
-  H: BlockInput + Clone + Default + Digest + FixedOutput + Input + Reset,
+  H: Hash + Clone,
   N: Clone + Decoder + Encoder + PartialOrd + Shr<usize,Output=N> + Sub<Output=N>,
-  Hmac<H>: Mac
 {
     pub fn new(h1: &[u8], qlen: usize, q: &N, x: &N) -> KIterator<H,N>
     {
@@ -95,11 +92,11 @@ impl<H,N> KIterator<H,N>
         input.push(0x00);
         input.extend_from_slice(&xbytes);
         input.extend_from_slice(&h1bytes);
-        K = hmac(&K, &input);
+        K = HMAC::<H>::hmac(&K, &input);
         // e.  Set:
         //
         //           V = HMAC_K(V)
-        V = hmac(&K, &V);
+        V = HMAC::<H>::hmac(&K, &V);
         // f. Set:
         //
         //           K = HMAC_K(V || 0x01 || int2octets(x) || bits2octets(h1))
@@ -110,14 +107,14 @@ impl<H,N> KIterator<H,N>
         input.push(0x01);
         input.extend_from_slice(&xbytes);
         input.extend_from_slice(&h1bytes);
-        K = hmac(&K, &input);
+        K = HMAC::<H>::hmac(&K, &input);
         // g. Set:
         //
         //          V = HMAC_K(V)
-        V = hmac(&K, &V);
+        V = HMAC::<H>::hmac(&K, &V);
         // h is for later ...
         KIterator {
-            hmac_k: Hmac::<H>::new_varkey(&K).unwrap(),
+            hmac_k: HMAC::<H>::new(&K),
             V: V,
             q: q.clone(),
             qlen: qlen
@@ -127,9 +124,8 @@ impl<H,N> KIterator<H,N>
 
 impl<H,N> Iterator for KIterator<H,N>
  where
-  H: BlockInput + Clone + Default + Digest + FixedOutput + Input + Reset,
+  H: Hash + Clone,
   N: Clone + CryptoNum + Decoder + Encoder + PartialOrd + Shr<usize,Output=N>,
-  Hmac<H>: Mac
 {
     type Item = N;
 
@@ -170,7 +166,7 @@ impl<H,N> Iterator for KIterator<H,N>
            #[allow(non_snake_case)]
            let K = runhmac(&self.hmac_k, &input);
            //               V = HMAC_K(V)
-           self.hmac_k = Hmac::<H>::new_varkey(&K).unwrap();
+           self.hmac_k = HMAC::<H>::new(&K);
            self.V = runhmac(&self.hmac_k, &self.V);
            //
            //          and loop (try to generate a new T, and so on).
@@ -224,26 +220,11 @@ fn int2octets<X>(x: &X, qlen_bits: usize) -> Vec<u8>
     base
 }
 
-fn runhmac<H>(base: &Hmac<H>, m: &[u8]) -> Vec<u8>
+fn runhmac<H: Hash + Clone>(base: &HMAC<H>, m: &[u8]) -> Vec<u8>
-  where
-    H: Clone + BlockInput + Default + Input + FixedOutput + Reset,
-    Hmac<H>: Clone + Mac,
-    H::BlockSize : ArrayLength<u8>
 {
     let mut runner = base.clone();
-    runner.input(&m);
+    runner.update(&m);
-    runner.result().code().as_slice().to_vec()
+    runner.finalize()
-}
-
-fn hmac<H>(k: &[u8], m: &[u8]) -> Vec<u8>
-  where
-    H: BlockInput + Clone + Default + Input + FixedOutput + Reset,
-    Hmac<H>: Clone + Mac,
-    H::BlockSize : ArrayLength<u8>
-{
-    let mut runner = Hmac::<H>::new_varkey(&k).unwrap();
-    runner.input(&m);
-    runner.result().code().as_slice().to_vec()
 }
 
 #[derive(Clone,Debug,PartialEq)]
@@ -304,7 +285,7 @@ impl<N> ToASN1 for DSASignature<N>
 #[cfg(test)]
 mod tests {
     use cryptonum::unsigned::U192;
-    use sha2::{Sha224,Sha256,Sha384,Sha512};
+    use sha::{SHA224,SHA256,SHA384,SHA512};
     use super::*;
     use testing::*;
 
@@ -343,7 +324,7 @@ mod tests {
     fn k_gen_example() {
         let q = U192::from_bytes(&QBYTES);
         let x = U192::from_bytes(&XBYTES);
-        let mut iter = KIterator::<Sha256,U192>::new(&H1, 163, &q, &x);
+        let mut iter = KIterator::<SHA256,U192>::new(&H1, 163, &q, &x);
         match iter.next() {
             None =>
                 assert!(false),
@@ -428,9 +409,9 @@ mod tests {
         };
     }
 
-    k_generator_tests!(kgen_sha224, Sha224, "SHA224");
+    k_generator_tests!(kgen_sha224, SHA224, "SHA224");
-    k_generator_tests!(kgen_sha256, Sha256, "SHA256");
+    k_generator_tests!(kgen_sha256, SHA256, "SHA256");
-    k_generator_tests!(kgen_sha384, Sha384, "SHA384");
+    k_generator_tests!(kgen_sha384, SHA384, "SHA384");
-    k_generator_tests!(kgen_sha512, Sha512, "SHA512");
+    k_generator_tests!(kgen_sha512, SHA512, "SHA512");
 
 }

src/dsa/tests.rs

@@ -1,7 +1,5 @@
 use cryptonum::unsigned::*;
-use digest::Digest;
+use sha::{Hash,SHA1,SHA224,SHA256,SHA384,SHA512};
-use sha1::Sha1;
-use sha2::{Sha224,Sha256,Sha384,Sha512};
 use simple_asn1::{der_decode,der_encode};
 use dsa::params::{DSAParameters,L1024N160,L2048N256};
 use dsa::private::DSAPrivateKey;
@@ -13,7 +11,7 @@ macro_rules! run_rfc6979_test {
      k $k: expr,
      r $r: expr,
      s $s: expr) => ({
-        let h1 = <$hash>::digest(&$val);
+        let h1 = <$hash>::hash(&$val);
         let rbytes = $r;
         let sbytes = $s;
         let r = $ntype::from_bytes(&rbytes);
@@ -108,7 +106,7 @@ fn appendix_a21() {
     //    k = 7BDB6B0FF756E1BB5D53583EF979082F9AD5BD5B
     //    r = 2E1A0C2562B2912CAAF89186FB0F42001585DA55
     //    s = 29EFB6B0AFF2D7A68EB70CA313022253B9A88DF5
-    run_rfc6979_test!(Sha1, U192, sample, params, public, private,
+    run_rfc6979_test!(SHA1, U192, sample, params, public, private,
       k vec![0x7B, 0xDB, 0x6B, 0x0F, 0xF7, 0x56, 0xE1, 0xBB,
              0x5D, 0x53, 0x58, 0x3E, 0xF9, 0x79, 0x08, 0x2F,
              0x9A, 0xD5, 0xBD, 0x5B],
@@ -122,7 +120,7 @@ fn appendix_a21() {
     //     k = 562097C06782D60C3037BA7BE104774344687649
     //     r = 4BC3B686AEA70145856814A6F1BB53346F02101E
     //     s = 410697B92295D994D21EDD2F4ADA85566F6F94C1
-    run_rfc6979_test!(Sha224, U192, sample, params, public, private,
+    run_rfc6979_test!(SHA224, U192, sample, params, public, private,
        k vec![0x56, 0x20, 0x97, 0xC0, 0x67, 0x82, 0xD6, 0x0C,
               0x30, 0x37, 0xBA, 0x7B, 0xE1, 0x04, 0x77, 0x43,
               0x44, 0x68, 0x76, 0x49],
@@ -136,7 +134,7 @@ fn appendix_a21() {
     //    k = 519BA0546D0C39202A7D34D7DFA5E760B318BCFB
     //    r = 81F2F5850BE5BC123C43F71A3033E9384611C545
     //    s = 4CDD914B65EB6C66A8AAAD27299BEE6B035F5E89
-    run_rfc6979_test!(Sha256, U192, sample, params, public, private,
+    run_rfc6979_test!(SHA256, U192, sample, params, public, private,
         k vec![0x51, 0x9B, 0xA0, 0x54, 0x6D, 0x0C, 0x39, 0x20,
                0x2A, 0x7D, 0x34, 0xD7, 0xDF, 0xA5, 0xE7, 0x60,
                0xB3, 0x18, 0xBC, 0xFB],
@@ -150,7 +148,7 @@ fn appendix_a21() {
     //    k = 95897CD7BBB944AA932DBC579C1C09EB6FCFC595
     //    r = 07F2108557EE0E3921BC1774F1CA9B410B4CE65A
     //    s = 54DF70456C86FAC10FAB47C1949AB83F2C6F7595
-    run_rfc6979_test!(Sha384, U192, sample, params, public, private,
+    run_rfc6979_test!(SHA384, U192, sample, params, public, private,
         k vec![0x95, 0x89, 0x7C, 0xD7, 0xBB, 0xB9, 0x44, 0xAA,
                0x93, 0x2D, 0xBC, 0x57, 0x9C, 0x1C, 0x09, 0xEB,
                0x6F, 0xCF, 0xC5, 0x95],
@@ -164,7 +162,7 @@ fn appendix_a21() {
     //    k = 09ECE7CA27D0F5A4DD4E556C9DF1D21D28104F8B
     //    r = 16C3491F9B8C3FBBDD5E7A7B667057F0D8EE8E1B
     //    s = 02C36A127A7B89EDBB72E4FFBC71DABC7D4FC69C
-    run_rfc6979_test!(Sha512, U192, sample, params, public, private,
+    run_rfc6979_test!(SHA512, U192, sample, params, public, private,
         k vec![0x09, 0xEC, 0xE7, 0xCA, 0x27, 0xD0, 0xF5, 0xA4,
                0xDD, 0x4E, 0x55, 0x6C, 0x9D, 0xF1, 0xD2, 0x1D,
                0x28, 0x10, 0x4F, 0x8B],
@@ -178,7 +176,7 @@ fn appendix_a21() {
     //    k = 5C842DF4F9E344EE09F056838B42C7A17F4A6433
     //    r = 42AB2052FD43E123F0607F115052A67DCD9C5C77
     //    s = 183916B0230D45B9931491D4C6B0BD2FB4AAF088
-    run_rfc6979_test!(Sha1, U192, test, params, public, private,
+    run_rfc6979_test!(SHA1, U192, test, params, public, private,
         k vec![0x5C, 0x84, 0x2D, 0xF4, 0xF9, 0xE3, 0x44, 0xEE,
                0x09, 0xF0, 0x56, 0x83, 0x8B, 0x42, 0xC7, 0xA1,
                0x7F, 0x4A, 0x64, 0x33],
@@ -192,7 +190,7 @@ fn appendix_a21() {
     //    k = 4598B8EFC1A53BC8AECD58D1ABBB0C0C71E67297
     //    r = 6868E9964E36C1689F6037F91F28D5F2C30610F2
     //    s = 49CEC3ACDC83018C5BD2674ECAAD35B8CD22940F
-    run_rfc6979_test!(Sha224, U192, test, params, public, private,
+    run_rfc6979_test!(SHA224, U192, test, params, public, private,
         k vec![0x45, 0x98, 0xB8, 0xEF, 0xC1, 0xA5, 0x3B, 0xC8,
                0xAE, 0xCD, 0x58, 0xD1, 0xAB, 0xBB, 0x0C, 0x0C,
                0x71, 0xE6, 0x72, 0x97],
@@ -206,7 +204,7 @@ fn appendix_a21() {
     //    k = 5A67592E8128E03A417B0484410FB72C0B630E1A
     //    r = 22518C127299B0F6FDC9872B282B9E70D0790812
     //    s = 6837EC18F150D55DE95B5E29BE7AF5D01E4FE160
-    run_rfc6979_test!(Sha256, U192, test, params, public, private,
+    run_rfc6979_test!(SHA256, U192, test, params, public, private,
         k vec![0x5A, 0x67, 0x59, 0x2E, 0x81, 0x28, 0xE0, 0x3A,
                0x41, 0x7B, 0x04, 0x84, 0x41, 0x0F, 0xB7, 0x2C,
                0x0B, 0x63, 0x0E, 0x1A],
@@ -220,7 +218,7 @@ fn appendix_a21() {
     //    k = 220156B761F6CA5E6C9F1B9CF9C24BE25F98CD89
     //    r = 854CF929B58D73C3CBFDC421E8D5430CD6DB5E66
     //    s = 91D0E0F53E22F898D158380676A871A157CDA622
-    run_rfc6979_test!(Sha384, U192, test, params, public, private,
+    run_rfc6979_test!(SHA384, U192, test, params, public, private,
         k vec![0x22, 0x01, 0x56, 0xB7, 0x61, 0xF6, 0xCA, 0x5E,
                0x6C, 0x9F, 0x1B, 0x9C, 0xF9, 0xC2, 0x4B, 0xE2,
                0x5F, 0x98, 0xCD, 0x89],
@@ -234,7 +232,7 @@ fn appendix_a21() {
     //    k = 65D2C2EEB175E370F28C75BFCDC028D22C7DBE9C
     //    r = 8EA47E475BA8AC6F2D821DA3BD212D11A3DEB9A0
     //    s = 7C670C7AD72B6C050C109E1790008097125433E8
-    run_rfc6979_test!(Sha512, U192, test, params, public, private,
+    run_rfc6979_test!(SHA512, U192, test, params, public, private,
         k vec![0x65, 0xD2, 0xC2, 0xEE, 0xB1, 0x75, 0xE3, 0x70,
                0xF2, 0x8C, 0x75, 0xBF, 0xCD, 0xC0, 0x28, 0xD2,
                0x2C, 0x7D, 0xBE, 0x9C],
@@ -368,7 +366,7 @@ fn appendix_a22() {
     // k = 888FA6F7738A41BDC9846466ABDB8174C0338250AE50CE955CA16230F9CBD53E
     // r = 3A1B2DBD7489D6ED7E608FD036C83AF396E290DBD602408E8677DAABD6E7445A
     // s = D26FCBA19FA3E3058FFC02CA1596CDBB6E0D20CB37B06054F7E36DED0CDBBCCF
-    run_rfc6979_test!(Sha1, U256, sample, params, public, private,
+    run_rfc6979_test!(SHA1, U256, sample, params, public, private,
         k vec![0x88,0x8F,0xA6,0xF7,0x73,0x8A,0x41,0xBD,
                0xC9,0x84,0x64,0x66,0xAB,0xDB,0x81,0x74,
                0xC0,0x33,0x82,0x50,0xAE,0x50,0xCE,0x95,
@@ -385,7 +383,7 @@ fn appendix_a22() {
     // k = BC372967702082E1AA4FCE892209F71AE4AD25A6DFD869334E6F153BD0C4D806
     // r = DC9F4DEADA8D8FF588E98FED0AB690FFCE858DC8C79376450EB6B76C24537E2C
     // s = A65A9C3BC7BABE286B195D5DA68616DA8D47FA0097F36DD19F517327DC848CEC
-    run_rfc6979_test!(Sha224, U256, sample, params, public, private,
+    run_rfc6979_test!(SHA224, U256, sample, params, public, private,
         k vec![0xBC,0x37,0x29,0x67,0x70,0x20,0x82,0xE1,
                0xAA,0x4F,0xCE,0x89,0x22,0x09,0xF7,0x1A,
                0xE4,0xAD,0x25,0xA6,0xDF,0xD8,0x69,0x33,
@@ -402,7 +400,7 @@ fn appendix_a22() {
     // k = 8926A27C40484216F052F4427CFD5647338B7B3939BC6573AF4333569D597C52
     // r = EACE8BDBBE353C432A795D9EC556C6D021F7A03F42C36E9BC87E4AC7932CC809
     // s = 7081E175455F9247B812B74583E9E94F9EA79BD640DC962533B0680793A38D53
-    run_rfc6979_test!(Sha256, U256, sample, params, public, private,
+    run_rfc6979_test!(SHA256, U256, sample, params, public, private,
         k vec![0x89,0x26,0xA2,0x7C,0x40,0x48,0x42,0x16,
                0xF0,0x52,0xF4,0x42,0x7C,0xFD,0x56,0x47,
                0x33,0x8B,0x7B,0x39,0x39,0xBC,0x65,0x73,
@@ -419,7 +417,7 @@ fn appendix_a22() {
     // k = C345D5AB3DA0A5BCB7EC8F8FB7A7E96069E03B206371EF7D83E39068EC564920
     // r = B2DA945E91858834FD9BF616EBAC151EDBC4B45D27D0DD4A7F6A22739F45C00B
     // s = 19048B63D9FD6BCA1D9BAE3664E1BCB97F7276C306130969F63F38FA8319021B
-    run_rfc6979_test!(Sha384, U256, sample, params, public, private,
+    run_rfc6979_test!(SHA384, U256, sample, params, public, private,
         k vec![0xC3,0x45,0xD5,0xAB,0x3D,0xA0,0xA5,0xBC,
                0xB7,0xEC,0x8F,0x8F,0xB7,0xA7,0xE9,0x60,
                0x69,0xE0,0x3B,0x20,0x63,0x71,0xEF,0x7D,
@@ -436,7 +434,7 @@ fn appendix_a22() {
     // k = 5A12994431785485B3F5F067221517791B85A597B7A9436995C89ED0374668FC
     // r = 2016ED092DC5FB669B8EFB3D1F31A91EECB199879BE0CF78F02BA062CB4C942E
     // s = D0C76F84B5F091E141572A639A4FB8C230807EEA7D55C8A154A224400AFF2351
-    run_rfc6979_test!(Sha512, U256, sample, params, public, private,
+    run_rfc6979_test!(SHA512, U256, sample, params, public, private,
         k vec![0x5A,0x12,0x99,0x44,0x31,0x78,0x54,0x85,
                0xB3,0xF5,0xF0,0x67,0x22,0x15,0x17,0x79,
                0x1B,0x85,0xA5,0x97,0xB7,0xA9,0x43,0x69,
@@ -453,7 +451,7 @@ fn appendix_a22() {
     // k = 6EEA486F9D41A037B2C640BC5645694FF8FF4B98D066A25F76BE641CCB24BA4F
     // r = C18270A93CFC6063F57A4DFA86024F700D980E4CF4E2CB65A504397273D98EA0
     // s = 414F22E5F31A8B6D33295C7539C1C1BA3A6160D7D68D50AC0D3A5BEAC2884FAA
-    run_rfc6979_test!(Sha1, U256, test, params, public, private,
+    run_rfc6979_test!(SHA1, U256, test, params, public, private,
         k vec![0x6E,0xEA,0x48,0x6F,0x9D,0x41,0xA0,0x37,
                0xB2,0xC6,0x40,0xBC,0x56,0x45,0x69,0x4F,
                0xF8,0xFF,0x4B,0x98,0xD0,0x66,0xA2,0x5F,
@@ -470,7 +468,7 @@ fn appendix_a22() {
     // k = 06BD4C05ED74719106223BE33F2D95DA6B3B541DAD7BFBD7AC508213B6DA6670
     // r = 272ABA31572F6CC55E30BF616B7A265312018DD325BE031BE0CC82AA17870EA3
     // s = E9CC286A52CCE201586722D36D1E917EB96A4EBDB47932F9576AC645B3A60806
-    run_rfc6979_test!(Sha224, U256, test, params, public, private,
+    run_rfc6979_test!(SHA224, U256, test, params, public, private,
         k vec![0x06,0xBD,0x4C,0x05,0xED,0x74,0x71,0x91,
                0x06,0x22,0x3B,0xE3,0x3F,0x2D,0x95,0xDA,
                0x6B,0x3B,0x54,0x1D,0xAD,0x7B,0xFB,0xD7,
@@ -487,7 +485,7 @@ fn appendix_a22() {
     // k = 1D6CE6DDA1C5D37307839CD03AB0A5CBB18E60D800937D67DFB4479AAC8DEAD7
     // r = 8190012A1969F9957D56FCCAAD223186F423398D58EF5B3CEFD5A4146A4476F0
     // s = 7452A53F7075D417B4B013B278D1BB8BBD21863F5E7B1CEE679CF2188E1AB19E
-    run_rfc6979_test!(Sha256, U256, test, params, public, private,
+    run_rfc6979_test!(SHA256, U256, test, params, public, private,
         k vec![0x1D,0x6C,0xE6,0xDD,0xA1,0xC5,0xD3,0x73,
                0x07,0x83,0x9C,0xD0,0x3A,0xB0,0xA5,0xCB,
                0xB1,0x8E,0x60,0xD8,0x00,0x93,0x7D,0x67,
@@ -504,7 +502,7 @@ fn appendix_a22() {
     // k = 206E61F73DBE1B2DC8BE736B22B079E9DACD974DB00EEBBC5B64CAD39CF9F91C
     // r = 239E66DDBE8F8C230A3D071D601B6FFBDFB5901F94D444C6AF56F732BEB954BE
     // s = 6BD737513D5E72FE85D1C750E0F73921FE299B945AAD1C802F15C26A43D34961
-    run_rfc6979_test!(Sha384, U256, test, params, public, private,
+    run_rfc6979_test!(SHA384, U256, test, params, public, private,
         k vec![0x20,0x6E,0x61,0xF7,0x3D,0xBE,0x1B,0x2D,
                0xC8,0xBE,0x73,0x6B,0x22,0xB0,0x79,0xE9,
                0xDA,0xCD,0x97,0x4D,0xB0,0x0E,0xEB,0xBC,
@@ -521,7 +519,7 @@ fn appendix_a22() {
     // k = AFF1651E4CD6036D57AA8B2A05CCF1A9D5A40166340ECBBDC55BE10B568AA0AA
     // r = 89EC4BB1400ECCFF8E7D9AA515CD1DE7803F2DAFF09693EE7FD1353E90A68307
     // s = C9F0BDABCC0D880BB137A994CC7F3980CE91CC10FAF529FC46565B15CEA854E1
-    run_rfc6979_test!(Sha512, U256, test, params, public, private,
+    run_rfc6979_test!(SHA512, U256, test, params, public, private,
         k vec![0xAF,0xF1,0x65,0x1E,0x4C,0xD6,0x03,0x6D,
                0x57,0xAA,0x8B,0x2A,0x05,0xCC,0xF1,0xA9,
                0xD5,0xA4,0x01,0x66,0x34,0x0E,0xCB,0xBD,

src/ecdsa/mod.rs

@@ -3,10 +3,8 @@
 //! following code snippet, as an example:
 //!
 //! ```rust
-//! extern crate sha2;
-//! 
 //! use simple_crypto::ecdsa::{ECDSAKeyPair,P384};
-//! use sha2::Sha256;
+//! use simple_crypto::sha::SHA256;
 //! 
 //! // Generate a new ECDSA key for curve P384 (this is a good choice, by
 //! // the way, if you're wondering which curve to use).
@@ -17,8 +15,8 @@
 //! // using it. For example, to sign the vector [0,1,2,3,4] with SHA256
 //! // and then verify that signature, we would write: 
 //! let msg = vec![0,1,2,3,4];
-//! let sig = kp.private.sign::<Sha256>(&msg);
+//! let sig = kp.private.sign::<SHA256>(&msg);
-//! assert!( kp.public.verify::<Sha256>(&msg, &sig) );
+//! assert!( kp.public.verify::<SHA256>(&msg, &sig) );
 //! ```
 
 mod curve;

src/ecdsa/private.rs

@@ -1,10 +1,9 @@
 use cryptonum::signed::*;
 use cryptonum::unsigned::*;
-use digest::{BlockInput,Digest,Input,FixedOutput,Reset};
 use dsa::rfc6979::{DSASignature,KIterator,bits2int};
 use ecdsa::curve::{EllipticCurve,P192,P224,P256,P384,P521};
 use ecdsa::point::{ECCPoint,Point};
-use hmac::{Hmac,Mac};
+use sha::Hash;
 use std::fmt;
 
 /// A private key for the given curve.
@@ -42,10 +41,7 @@ macro_rules! generate_privates
 
             /// Sign the given message with the current key, using the hash provided
             /// in the type.
-            pub fn sign<Hash>(&self, m: &[u8]) -> DSASignature<$base>
+            pub fn sign<H: Hash + Clone>(&self, m: &[u8]) -> DSASignature<$base>
-              where
-                Hash: BlockInput + Clone + Default + Digest + FixedOutput + Input + Reset,
-                Hmac<Hash>: Mac
             {
                 // This algorithm is per RFC 6979, which has a nice, relatively
                 // straightforward description of how to do DSA signing.
@@ -58,7 +54,7 @@ macro_rules! generate_privates
                 //     As was noted in the description of bits2octets, the extra
                 //     modular reduction is no more than a conditional subtraction.
                 //
-                let h1 = <Hash>::digest(m);
+                let h1 = <H>::hash(m);
                 let size = <$curve>::size();
                 let h0: $base = bits2int(&h1, size);
                 let n = <$curve>::n();
@@ -70,7 +66,7 @@ macro_rules! generate_privates
                 //     process used to generate k.  In plain DSA or ECDSA, k should
                 //     be selected through a random selection that chooses a value
                 //     among the q-1 possible values with uniform probability.
-                for k in KIterator::<Hash,$base>::new(&h1, size, &n, &self.d) {
+                for k in KIterator::<H,$base>::new(&h1, size, &n, &self.d) {
                     // 3. A value r (modulo q) is computed from k and the key
                     //    parameters:
                     //     *  For DSA ...
@@ -118,7 +114,7 @@ generate_privates!(P521, U576, I576, U1152, U2304);
 /************* TESTING ********************************************************/
 
 #[cfg(test)]
-use sha2::{Sha224,Sha256,Sha384,Sha512};
+use sha::{SHA224,SHA256,SHA384,SHA512};
 #[cfg(test)]
 use testing::*;
 
@@ -148,10 +144,10 @@ macro_rules! sign_test_body
 
             let private = ECCPrivateKey::<$curve>::new(d);
             let sig = match usize::from(h) {
-                        224 => private.sign::<Sha224>(mbytes),
+                        224 => private.sign::<SHA224>(mbytes),
-                        256 => private.sign::<Sha256>(mbytes),
+                        256 => private.sign::<SHA256>(mbytes),
-                        384 => private.sign::<Sha384>(mbytes),
+                        384 => private.sign::<SHA384>(mbytes),
-                        512 => private.sign::<Sha512>(mbytes),
+                        512 => private.sign::<SHA512>(mbytes),
                         x   => panic!("Unknown hash algorithm {}", x)
             };
             assert_eq!(r, sig.r, "r signature check");

src/ecdsa/public.rs

@@ -1,10 +1,9 @@
 use cryptonum::signed::*;
 use cryptonum::unsigned::*;
-use digest::{BlockInput,Digest,Input,FixedOutput,Reset};
 use dsa::rfc6979::DSASignature;
 use ecdsa::curve::{EllipticCurve,P192,P224,P256,P384,P521};
 use ecdsa::point::{ECCPoint,Point};
-use hmac::{Hmac,Mac};
+use sha::Hash;
 use simple_asn1::{ASN1Block,ASN1Class,ASN1DecodeErr,ASN1EncodeErr,FromASN1,ToASN1};
 use std::cmp::min;
 
@@ -65,10 +64,7 @@ macro_rules! public_impl {
 
             /// Returns true if the given message matches the given signature,
             /// assuming the provided hash function.
-            pub fn verify<Hash>(&self, m: &[u8], sig: &DSASignature<$un>) -> bool
+            pub fn verify<H: Hash>(&self, m: &[u8], sig: &DSASignature<$un>) -> bool
-              where
-               Hash: BlockInput + Clone + Default + Digest + FixedOutput + Input + Reset,
-               Hmac<Hash>: Mac
             {
                 let n = <$curve>::n();
 
@@ -81,7 +77,7 @@ macro_rules! public_impl {
                 }
 
                 // e = the leftmost min(N, outlen) bits of Hash(M').
-                let mut digest_bytes = <Hash>::digest(m).to_vec();
+                let mut digest_bytes = <H>::hash(m);
                 let len = min(digest_bytes.len(), $curve::size() / 8);
                 digest_bytes.truncate(len);
 
@@ -169,7 +165,7 @@ public_impl!(P384, U384, I384);
 public_impl!(P521, U576, I576);
 
 #[cfg(test)]
-use sha2::{Sha224,Sha256,Sha384,Sha512};
+use sha::{SHA224,SHA256,SHA384,SHA512};
 #[cfg(test)]
 use testing::*;
 
@@ -201,10 +197,10 @@ macro_rules! verify_test_body
             let public = ECCPublicKey::<$curve>::new(point);
             let sig = DSASignature::new(r, s);
             match usize::from(h) {
-                224 => assert!(public.verify::<Sha224>(mbytes, &sig)),
+                224 => assert!(public.verify::<SHA224>(mbytes, &sig)),
-                256 => assert!(public.verify::<Sha256>(mbytes, &sig)),
+                256 => assert!(public.verify::<SHA256>(mbytes, &sig)),
-                384 => assert!(public.verify::<Sha384>(mbytes, &sig)),
+                384 => assert!(public.verify::<SHA384>(mbytes, &sig)),
-                512 => assert!(public.verify::<Sha512>(mbytes, &sig)),
+                512 => assert!(public.verify::<SHA512>(mbytes, &sig)),
                 x   => panic!("Unknown hash algorithm {}", x)
             };
         });

src/ed25519/mod.rs

@@ -25,9 +25,8 @@ mod loads;
 mod point;
 mod scalars;
 
-use digest::Digest;
 use rand::Rng;
-use sha2::Sha512;
+use sha::{Hash,SHA512};
 use self::scalars::{curve25519_scalar_mask,x25519_sc_muladd,x25519_sc_reduce};
 use self::point::{Point,Point2};
 #[cfg(test)]
@@ -103,7 +102,7 @@ impl ED25519Private {
             public: [0; 32]
         };
         result.seed.copy_from_slice(seed);
-        let mut expanded = Sha512::digest(seed);
+        let mut expanded = SHA512::hash(seed);
         let (private, prefix) = expanded.split_at_mut(32);
         result.private.copy_from_slice(private);
         result.prefix.copy_from_slice(prefix);
@@ -120,10 +119,10 @@ impl ED25519Private {
     {
         let mut signature_s = [0u8; 32];
 
-        let mut ctx = Sha512::new();
+        let mut ctx = SHA512::new();
-        ctx.input(&self.prefix);
+        ctx.update(&self.prefix);
-        ctx.input(&msg);
+        ctx.update(&msg);
-        let nonce = digest_scalar(ctx.result().as_slice());
+        let nonce = digest_scalar(&ctx.finalize());
         let r = Point::scalarmult_base(&nonce);
         let signature_r = r.encode();
         let hram_digest = eddsa_digest(&signature_r, &self.public, &msg);
@@ -218,11 +217,11 @@ impl ED25519Public {
 
 fn eddsa_digest(signature_r: &[u8], public_key: &[u8], msg: &[u8]) -> Vec<u8>
 {
-    let mut ctx = Sha512::new();
+    let mut ctx = SHA512::new();
-    ctx.input(signature_r);
+    ctx.update(signature_r);
-    ctx.input(public_key);
+    ctx.update(public_key);
-    ctx.input(msg);
+    ctx.update(msg);
-    ctx.result().as_slice().to_vec()
+    ctx.finalize()
 }
 
 fn digest_scalar(digest: &[u8]) -> Vec<u8> {

src/hmac.rs

@@ -18,7 +18,7 @@
 //! you want to use by using your standard turbofish:
 //! 
 //! ```rust
-//! use simple_crypto::hmac2::HMAC;
+//! use simple_crypto::hmac::HMAC;
 //! use simple_crypto::sha::SHA256;
 //! 
 //! let key = [0,1,2,3,4]; // very secure
@@ -34,7 +34,7 @@
 //! incremental mode as well as just do it all at once, as follows:
 //! 
 //! ```rust
-//! use simple_crypto::hmac2::HMAC;
+//! use simple_crypto::hmac::HMAC;
 //! use simple_crypto::sha::SHA256;
 //! 
 //! let key = [0,1,2,3,4]; // like my suitcase
@@ -63,7 +63,7 @@
 /// incremental mode as well as just do it all at once, as follows:
 /// 
 /// ```rust
-/// use simple_crypto::hmac2::HMAC;
+/// use simple_crypto::hmac::HMAC;
 /// use simple_crypto::sha::SHA256;
 /// 
 /// let key = [0,1,2,3,4]; // like my suitcase
@@ -83,13 +83,14 @@
 /// ```
 use super::Hash;
 
-pub struct HMAC<H: Hash> {
+#[derive(Clone)]
+pub struct HMAC<H: Hash + Clone> {
     ipad_hash: H,
     opad_hash: H,
     result: Option<Vec<u8>>
 }
 
-impl<H: Hash> HMAC<H> {
+impl<H: Hash + Clone> HMAC<H> {
     /// Generate a new HMAC construction for the provide underlying hash
     /// function, and prep it to start taking input via the `update`
     /// method.

src/lib.rs

@@ -13,15 +13,11 @@ extern crate base64;
 extern crate byteorder;
 extern crate chrono;
 extern crate cryptonum;
-extern crate digest;
-extern crate hmac;
 extern crate num;
 #[cfg(test)]
 #[macro_use]
 extern crate quickcheck;
 extern crate rand;
-extern crate sha1;
-extern crate sha2;
 #[macro_use]
 extern crate simple_asn1;
 
@@ -47,7 +43,7 @@ pub mod ssh;
 pub mod shake;
 /// The `hmac` module provides support for keyed-hash message authentication,
 /// or HMAC, based on any of the hash functions defined in this module.
-pub mod hmac2;
+pub mod hmac;
 /// The `x509` module supports parsing and generating x.509 certificates, as
 /// used by TLS and others.
 pub mod x509;

src/rsa/mod.rs

@@ -22,12 +22,11 @@
 //! 
 //! ```rust
 //! extern crate cryptonum;
-//! extern crate sha2;
 //! 
 //! use simple_crypto::rsa::RSAKeyPair;
 //! use simple_crypto::rsa::SIGNING_HASH_SHA256;
 //! use simple_crypto::rsa::OAEPParams;
-//! use sha2::Sha256;
+//! use simple_crypto::sha::SHA256;
 //! use cryptonum::unsigned::U2048;
 //! 
 //! // Generate a new RSA with key size 2048. (This is an acceptable but
@@ -45,7 +44,7 @@
 //!
 //! // We can also use RSA public keys to encrypt data, which can then be
 //! // decrypted by the private key.
-//! let params = OAEPParams::<Sha256>::new(String::from("example!"));
+//! let params = OAEPParams::<SHA256>::new(String::from("example!"));
 //! let cipher = kp.public.encrypt(&params, &msg).expect("Encryption error");
 //! let msg2 = kp.private.decrypt(&params, &cipher).expect("Decryption error");
 //! assert_eq!(msg, msg2);

src/rsa/oaep.rs

@@ -1,16 +1,16 @@
 use byteorder::{BigEndian,ByteOrder};
-use digest::{Digest,FixedOutput};
+use sha::Hash;
 use std::marker::PhantomData;
 
 /// Parameters for OAEP encryption and decryption: a hash function to use as
 /// part of the message generation function (MGF1, if you're curious),
 /// and any labels you want to include as part of the encryption.
-pub struct OAEPParams<H: Default + Digest + FixedOutput> {
+pub struct OAEPParams<H: Hash> {
     pub label: String,
     phantom: PhantomData<H>
 }
 
-impl<H: Default + Digest + FixedOutput> OAEPParams<H> {
+impl<H: Hash> OAEPParams<H> {
     pub fn new(label: String)
         -> OAEPParams<H>
     {
@@ -18,11 +18,11 @@ impl<H: Default + Digest + FixedOutput> OAEPParams<H> {
     }
 
     pub fn hash_len(&self) -> usize {
-        H::default().fixed_result().as_slice().len()
+        H::hash(&[]).len()
     }
 
     pub fn hash(&self, input: &[u8]) -> Vec<u8> {
-        H::digest(input).as_slice().to_vec()
+        H::hash(input)
     }
 
     pub fn mgf1(&self, input: &[u8], len: usize) -> Vec<u8> {
@@ -32,10 +32,10 @@ impl<H: Default + Digest + FixedOutput> OAEPParams<H> {
         while res.len() < len {
             let mut buffer = [0; 4];
             BigEndian::write_u32(&mut buffer, counter);
-            let mut digest = H::default();
+            let mut digest = H::new();
-            digest.input(input);
+            digest.update(input);
-            digest.input(&buffer);
+            digest.update(&buffer);
-            let chunk = digest.fixed_result();
+            let chunk = digest.finalize();
             res.extend_from_slice(chunk.as_slice());
             counter = counter + 1;
         }

src/rsa/private.rs

@@ -1,9 +1,9 @@
 use cryptonum::unsigned::*;
-use digest::{Digest,FixedOutput};
 use rsa::core::{RSAMode,drop0s,pkcs1_pad,xor_vecs};
 use rsa::errors::RSAError;
 use rsa::oaep::OAEPParams;
 use rsa::signing_hashes::SigningHash;
+use sha::Hash;
 
 /// An RSA private key. Useful for signing messages and decrypting encrypted
 /// content.
@@ -61,9 +61,8 @@ macro_rules! generate_rsa_private
             /// method to encrypt/decrypt a shared symmetric key, like an
             /// AES key. That way, you only do this operation (which is
             /// SO SLOW) for a relatively small amount of data.
-            pub fn decrypt<H>(&self, oaep: &OAEPParams<H>, msg: &[u8])
+            pub fn decrypt<H: Hash>(&self, oaep: &OAEPParams<H>, msg: &[u8])
                 -> Result<Vec<u8>,RSAError>
-             where H: Default + Digest + FixedOutput
             {
                 let mut res = Vec::new();
 
@@ -83,10 +82,8 @@ macro_rules! generate_rsa_private
                 c.modexp(&self.d, &self.nu)
             }
 
-            fn oaep_decrypt<H>(&self, oaep: &OAEPParams<H>, c: &[u8])
+            fn oaep_decrypt<H: Hash>(&self, oaep: &OAEPParams<H>, c: &[u8])
                 -> Result<Vec<u8>,RSAError>
-             where
-              H: Default + Digest + FixedOutput
             {
                 let byte_len = $size / 8;
                 // Step 1b
@@ -204,10 +201,10 @@ macro_rules! decrypt_test_body {
             let privkey = RSAPrivateKey{ nu: nu, d: d };
             let lstr = String::from_utf8(lbytes.clone()).unwrap();
             let message = match usize::from($num::from_bytes(hbytes)) {
-                224 => privkey.decrypt(&OAEPParams::<Sha224>::new(lstr), &cbytes),
+                224 => privkey.decrypt(&OAEPParams::<SHA224>::new(lstr), &cbytes),
-                256 => privkey.decrypt(&OAEPParams::<Sha256>::new(lstr), &cbytes),
+                256 => privkey.decrypt(&OAEPParams::<SHA256>::new(lstr), &cbytes),
-                384 => privkey.decrypt(&OAEPParams::<Sha384>::new(lstr), &cbytes),
+                384 => privkey.decrypt(&OAEPParams::<SHA384>::new(lstr), &cbytes),
-                512 => privkey.decrypt(&OAEPParams::<Sha512>::new(lstr), &cbytes),
+                512 => privkey.decrypt(&OAEPParams::<SHA512>::new(lstr), &cbytes),
                 x   => panic!("Unknown hash number: {}", x)
             };
             assert!(message.is_ok());
@@ -225,7 +222,7 @@ macro_rules! generate_tests {
             use super::*;
             use testing::run_test;
             use rsa::signing_hashes::*;
-            use sha2::{Sha224,Sha256,Sha384,Sha512};
+            use sha::{SHA224,SHA256,SHA384,SHA512};
 
             #[test]
             fn sign() {
@@ -246,7 +243,7 @@ macro_rules! generate_tests {
             use super::*;
             use testing::run_test;
             use rsa::signing_hashes::*;
-            use sha2::{Sha224,Sha256,Sha384,Sha512};
+            use sha::{SHA224,SHA256,SHA384,SHA512};
 
             #[ignore]
             #[test]

src/rsa/public.rs

@@ -1,11 +1,11 @@
 use cryptonum::unsigned::*;
-use digest::{Digest,FixedOutput};
 use rand::Rng;
 use rand::rngs::OsRng;
 use rsa::core::{RSAMode,decode_biguint,pkcs1_pad,xor_vecs};
 use rsa::errors::RSAError;
 use rsa::oaep::OAEPParams;
 use rsa::signing_hashes::SigningHash;
+use sha::Hash;
 use simple_asn1::{ASN1Block,ASN1DecodeErr,ASN1EncodeErr,
                   ASN1Class,FromASN1,ToASN1};
 #[cfg(test)]
@@ -200,7 +200,7 @@ macro_rules! generate_rsa_public
                 -> Result<Vec<u8>,RSAError>
              where
               G: Rng,
-              H: Default + Digest + FixedOutput
+              H: Hash
             {
                 let byte_len = $size / 8;
                 let mut res = Vec::new();
@@ -224,10 +224,8 @@ macro_rules! generate_rsa_public
             /// with that symmetric key.
             ///
             /// This variant will just use the system RNG for its randomness.
-            pub fn encrypt<H>(&self,oaep:&OAEPParams<H>,msg:&[u8])
+            pub fn encrypt<H: Hash>(&self,oaep:&OAEPParams<H>,msg:&[u8])
                 -> Result<Vec<u8>,RSAError>
-             where
-              H: Default + Digest + FixedOutput
             {
                 let mut g = OsRng::new()?;
                 self.encrypt_rng(&mut g, oaep, msg)
@@ -245,7 +243,7 @@ macro_rules! generate_rsa_public
                 -> Result<Vec<u8>,RSAError>
              where
               G: Rng,
-              H: Default + Digest + FixedOutput
+              H: Hash
             {
                 let byte_len = $size / 8;
                 // Step 1b
@@ -450,18 +448,18 @@ macro_rules! encrypt_test_body {
             let privkey = RSAPrivateKey{ nu: nu, d: d };
             let lstr = String::from_utf8(lbytes.clone()).unwrap();
             let cipher = match usize::from($num::from_bytes(hbytes)) {
-                224 => pubkey.encrypt(&OAEPParams::<Sha224>::new(lstr.clone()), mbytes),
+                224 => pubkey.encrypt(&OAEPParams::<SHA224>::new(lstr.clone()), mbytes),
-                256 => pubkey.encrypt(&OAEPParams::<Sha256>::new(lstr.clone()), mbytes),
+                256 => pubkey.encrypt(&OAEPParams::<SHA256>::new(lstr.clone()), mbytes),
-                384 => pubkey.encrypt(&OAEPParams::<Sha384>::new(lstr.clone()), mbytes),
+                384 => pubkey.encrypt(&OAEPParams::<SHA384>::new(lstr.clone()), mbytes),
-                512 => pubkey.encrypt(&OAEPParams::<Sha512>::new(lstr.clone()), mbytes),
+                512 => pubkey.encrypt(&OAEPParams::<SHA512>::new(lstr.clone()), mbytes),
                 x   => panic!("Unknown hash number: {}", x)
             };
             assert!(cipher.is_ok());
             let message = match usize::from($num::from_bytes(hbytes)) {
-                224 => privkey.decrypt(&OAEPParams::<Sha224>::new(lstr), &cipher.unwrap()),
+                224 => privkey.decrypt(&OAEPParams::<SHA224>::new(lstr), &cipher.unwrap()),
-                256 => privkey.decrypt(&OAEPParams::<Sha256>::new(lstr), &cipher.unwrap()),
+                256 => privkey.decrypt(&OAEPParams::<SHA256>::new(lstr), &cipher.unwrap()),
-                384 => privkey.decrypt(&OAEPParams::<Sha384>::new(lstr), &cipher.unwrap()),
+                384 => privkey.decrypt(&OAEPParams::<SHA384>::new(lstr), &cipher.unwrap()),
-                512 => privkey.decrypt(&OAEPParams::<Sha512>::new(lstr), &cipher.unwrap()),
+                512 => privkey.decrypt(&OAEPParams::<SHA512>::new(lstr), &cipher.unwrap()),
                 x   => panic!("Unknown hash number: {}", x)
             };
             assert!(message.is_ok());
@@ -480,7 +478,7 @@ macro_rules! generate_tests {
             use testing::run_test;
             use rsa::private::*;
             use rsa::signing_hashes::*;
-            use sha2::{Sha224,Sha256,Sha384,Sha512};
+            use sha::{SHA224,SHA256,SHA384,SHA512};
 
             #[test]
             fn new() { new_test_body!($mod, $num, $bar, $num64, $size); }
@@ -501,7 +499,7 @@ macro_rules! generate_tests {
             use testing::run_test;
             use rsa::private::*;
             use rsa::signing_hashes::*;
-            use sha2::{Sha224,Sha256,Sha384,Sha512};
+            use sha::{SHA224,SHA256,SHA384,SHA512};
 
             #[ignore]
             #[test]

src/rsa/signing_hashes.rs

@@ -1,6 +1,4 @@
-use digest::Digest;
+use sha::{Hash,SHA1,SHA224,SHA256,SHA384,SHA512};
-use sha1::Sha1;
-use sha2::{Sha224,Sha256,Sha384,Sha512};
 use std::fmt;
 
 /// A hash that can be used to sign a message.
@@ -28,13 +26,9 @@ impl fmt::Debug for SigningHash {
 pub static SIGNING_HASH_NULL: SigningHash = SigningHash {
     name: "NULL",
     ident: &[],
-    run: nohash
+    run: |x| { x.to_vec() }
 };
 
-fn nohash(i: &[u8]) -> Vec<u8> {
-    i.to_vec()
-}
-
 /// Sign a hash based on SHA1. You shouldn't use this unless you're using
 /// very small keys, and this is the only one available to you. Even then,
 /// why are you using such small keys?!
@@ -42,13 +36,9 @@ pub static SIGNING_HASH_SHA1: SigningHash = SigningHash {
     name: "SHA1",
     ident: &[0x30,0x21,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,
              0x02,0x1a,0x05,0x00,0x04,0x14],
-    run: runsha1
+    run: |x| { SHA1::hash(x) }
 };
 
-fn runsha1(i: &[u8]) -> Vec<u8> {
-    Sha1::digest(i).as_slice().to_vec()
-}
-
 /// Sign a hash based on SHA2-224. This is the first reasonable choice
 /// we've come across, and is useful when you have smaller RSA key sizes.
 /// I wouldn't recommend it, though.
@@ -57,26 +47,18 @@ pub static SIGNING_HASH_SHA224: SigningHash = SigningHash {
     ident: &[0x30,0x2d,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,
              0x01,0x65,0x03,0x04,0x02,0x04,0x05,0x00,0x04,
              0x1c],
-    run: runsha224
+    run: |x| { SHA224::hash(x) }
 };
 
-fn runsha224(i: &[u8]) -> Vec<u8> {
-    Sha224::digest(i).as_slice().to_vec()
-}
-
 /// Sign a hash based on SHA2-256. The first one I'd recommend!
 pub static SIGNING_HASH_SHA256: SigningHash = SigningHash {
     name: "SHA256",
     ident: &[0x30,0x31,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,
              0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0x04,
              0x20],
-    run: runsha256
+    run: |x| { SHA256::hash(x) }
 };
 
-fn runsha256(i: &[u8]) -> Vec<u8> {
-    Sha256::digest(i).as_slice().to_vec()
-}
-
 /// Sign a hash based on SHA2-384. Approximately 50% better than
 /// SHA-256.
 pub static SIGNING_HASH_SHA384: SigningHash = SigningHash {
@@ -84,13 +66,9 @@ pub static SIGNING_HASH_SHA384: SigningHash = SigningHash {
     ident: &[0x30,0x41,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,
              0x01,0x65,0x03,0x04,0x02,0x02,0x05,0x00,0x04,
              0x30],
-    run: runsha384
+    run: |x| { SHA384::hash(x) }
 };
 
-fn runsha384(i: &[u8]) -> Vec<u8> {
-    Sha384::digest(i).as_slice().to_vec()
-}
-
 /// Sign a hash based on SHA2-512. At this point, you're getting a bit
 /// silly. But if you want to through 8kbit RSA keys with a 512 bit SHA2
 /// signing hash, we're totally behind you.
@@ -99,11 +77,5 @@ pub static SIGNING_HASH_SHA512: SigningHash = SigningHash {
     ident: &[0x30,0x51,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,
              0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,0x04,
              0x40],
-    run: runsha512
+    run: |x| { SHA512::hash(x) }
 };
-
-fn runsha512(i: &[u8]) -> Vec<u8> {
-    Sha512::digest(i).as_slice().to_vec()
-}
-
-

src/sha/sha1.rs

@@ -21,6 +21,7 @@ use sha::shared::calculate_k;
 /// // ... and they should be the same
 /// assert_eq!(result_incremental,result_direct);
 /// ```
+#[derive(Clone)]
 pub struct SHA1 {
     state: [u32; 5],
     buffer: Vec<u8>,

src/sha/sha2.rs

@@ -21,6 +21,7 @@ use super::super::Hash;
 /// // ... and they should be the same
 /// assert_eq!(result_incremental,result_direct);
 /// ```
+#[derive(Clone)]
 pub struct SHA224 {
     state: SHA256State
 }
@@ -80,6 +81,7 @@ impl Hash for SHA224 {
 /// // ... and they should be the same
 /// assert_eq!(result_incremental,result_direct);
 /// ```
+#[derive(Clone)]
 pub struct SHA256 {
     state: SHA256State
 }
@@ -140,6 +142,7 @@ impl Hash for SHA256 {
 /// // ... and they should be the same
 /// assert_eq!(result_incremental,result_direct);
 /// ```
+#[derive(Clone)]
 pub struct SHA384 {
     state: SHA512State
 }
@@ -200,6 +203,7 @@ impl Hash for SHA384 {
 /// // ... and they should be the same
 /// assert_eq!(result_incremental,result_direct);
 /// ```
+#[derive(Clone)]
 pub struct SHA512 {
     state: SHA512State
 }
@@ -267,6 +271,7 @@ macro_rules! lsig256_1 {
     };
 }
 
+#[derive(Clone)]
 struct SHA256State {
     state: [u32; 8],
     buffer: Vec<u8>,
@@ -525,6 +530,7 @@ macro_rules! process_u64_block {
     }};
 }
 
+#[derive(Clone)]
 struct SHA512State {
     state: [u64; 8],
     buffer: Vec<u8>,

src/sha/sha3.rs

@@ -1,5 +1,6 @@
 use super::super::Hash;
 
+#[derive(Clone)]
 pub(crate) struct Keccak {
     rate_in_bytes: usize,
     rate_in_longs: usize,
@@ -244,6 +245,7 @@ impl Keccak {
 /// // ... and they should be the same
 /// assert_eq!(result_incremental,result_direct);
 /// ```
+#[derive(Clone)]
 pub struct SHA3_224 {
     state: Keccak
 }
@@ -335,6 +337,7 @@ mod sha224 {
 /// // ... and they should be the same
 /// assert_eq!(result_incremental,result_direct);
 /// ```
+#[derive(Clone)]
 pub struct SHA3_256 {
     state: Keccak
 }
@@ -427,6 +430,7 @@ mod sha256 {
 /// // ... and they should be the same
 /// assert_eq!(result_incremental,result_direct);
 /// ```
+#[derive(Clone)]
 pub struct SHA3_384 {
     state: Keccak
 }
@@ -523,6 +527,7 @@ mod sha384 {
 /// // ... and they should be the same
 /// assert_eq!(result_incremental,result_direct);
 /// ```
+#[derive(Clone)]
 pub struct SHA3_512 {
     state: Keccak
 }

src/ssh/mod.rs

@@ -220,7 +220,7 @@ use ed25519::ED25519KeyPair;
 #[cfg(test)]
 use rsa::{RSAPair,RSAPublic,SIGNING_HASH_SHA256};
 #[cfg(test)]
-use sha2::Sha256;
+use sha::SHA256;
 
 #[cfg(test)]
 #[test]
@@ -235,10 +235,10 @@ fn dsa_examples() {
             Ok((keypair, comment)) => {
                 let buffer = [0,1,2,3,4,6,2];
                 let _ : DSAKeyPair<L1024N160> = keypair;
-                let sig = keypair.private.sign::<Sha256>(&buffer);
+                let sig = keypair.private.sign::<SHA256>(&buffer);
-                assert!(keypair.public.verify::<Sha256>(&buffer, &sig));
+                assert!(keypair.public.verify::<SHA256>(&buffer, &sig));
                 let buffer2 = [0,1,2,3,4,6,5];
-                assert!(!keypair.public.verify::<Sha256>(&buffer2, &sig));
+                assert!(!keypair.public.verify::<SHA256>(&buffer2, &sig));
                 match encode_ssh(&keypair, &comment) {
                     Err(e2) => assert!(false, format!("render error: {:?}", e2)),
                     Ok(encodedstr) => {
@@ -345,16 +345,16 @@ fn ecdsa_examples() {
                     ECDSAPair::P224(_,_) =>
                         assert!(false, "Somehow got a P224 in read test"),
                     ECDSAPair::P256(ref pu, ref pr) => {
-                        let sig = pr.sign::<Sha256>(&buffer);
+                        let sig = pr.sign::<SHA256>(&buffer);
-                        assert!(pu.verify::<Sha256>(&buffer, &sig));
+                        assert!(pu.verify::<SHA256>(&buffer, &sig));
                     }
                     ECDSAPair::P384(ref pu, ref pr) => {
-                        let sig = pr.sign::<Sha256>(&buffer);
+                        let sig = pr.sign::<SHA256>(&buffer);
-                        assert!(pu.verify::<Sha256>(&buffer, &sig));
+                        assert!(pu.verify::<SHA256>(&buffer, &sig));
                     }
                     ECDSAPair::P521(ref pu, ref pr) => {
-                        let sig = pr.sign::<Sha256>(&buffer);
+                        let sig = pr.sign::<SHA256>(&buffer);
-                        assert!(pu.verify::<Sha256>(&buffer, &sig));
+                        assert!(pu.verify::<SHA256>(&buffer, &sig));
                     }
                 }
                 // encode this, parse it again

src/x509/mod.rs

@@ -9,8 +9,7 @@ mod validity;
 use dsa::DSAPublic;
 use ecdsa::ECDSAPublic;
 use rsa::{SIGNING_HASH_SHA1,SIGNING_HASH_SHA224,SIGNING_HASH_SHA256,SIGNING_HASH_SHA384,SIGNING_HASH_SHA512};
-use sha1::Sha1;
+use sha::{SHA1,SHA224,SHA256,SHA384,SHA512};
-use sha2::{Sha224,Sha256,Sha384,Sha512};
 use simple_asn1::{ASN1Block,FromASN1,der_decode,from_der};
 pub use x509::validity::Validity;
 pub use x509::algident::{AlgorithmIdentifier,HashAlgorithm,PublicKeyInfo};
@@ -137,10 +136,10 @@ fn check_signature(alg: &AlgorithmIdentifier,
             let dsa_sig = der_decode(&sig)?;
             match alg.hash {
                 HashAlgorithm::SHA1
-                    if key.verify::<Sha1>(block, &dsa_sig) => Ok(()),
+                    if key.verify::<SHA1>(block, &dsa_sig) => Ok(()),
                 HashAlgorithm::SHA224
-                    if key.verify::<Sha224>(block, &dsa_sig) => Ok(()),
+                    if key.verify::<SHA224>(block, &dsa_sig) => Ok(()),
-                HashAlgorithm::SHA256 if key.verify::<Sha256>(block, &dsa_sig) =>
+                HashAlgorithm::SHA256 if key.verify::<SHA256>(block, &dsa_sig) =>
                         Ok(()),
                 _                     =>
                     Err(X509ParseError::InvalidSignatureHash)
@@ -150,10 +149,10 @@ fn check_signature(alg: &AlgorithmIdentifier,
             let dsa_sig = der_decode(&sig)?;
             match alg.hash {
                 HashAlgorithm::SHA1
-                    if key.verify::<Sha1>(block, &dsa_sig) => Ok(()),
+                    if key.verify::<SHA1>(block, &dsa_sig) => Ok(()),
                 HashAlgorithm::SHA224
-                    if key.verify::<Sha224>(block, &dsa_sig) => Ok(()),
+                    if key.verify::<SHA224>(block, &dsa_sig) => Ok(()),
-                HashAlgorithm::SHA256 if key.verify::<Sha256>(block, &dsa_sig) =>
+                HashAlgorithm::SHA256 if key.verify::<SHA256>(block, &dsa_sig) =>
                         Ok(()),
                 _                     =>
                     Err(X509ParseError::InvalidSignatureHash)
@@ -163,10 +162,10 @@ fn check_signature(alg: &AlgorithmIdentifier,
             let dsa_sig = der_decode(&sig)?;
             match alg.hash {
                 HashAlgorithm::SHA1
-                    if key.verify::<Sha1>(block, &dsa_sig) => Ok(()),
+                    if key.verify::<SHA1>(block, &dsa_sig) => Ok(()),
                 HashAlgorithm::SHA224
-                    if key.verify::<Sha224>(block, &dsa_sig) => Ok(()),
+                    if key.verify::<SHA224>(block, &dsa_sig) => Ok(()),
-                HashAlgorithm::SHA256 if key.verify::<Sha256>(block, &dsa_sig) =>
+                HashAlgorithm::SHA256 if key.verify::<SHA256>(block, &dsa_sig) =>
                         Ok(()),
                 _                     =>
                     Err(X509ParseError::InvalidSignatureHash)
@@ -176,10 +175,10 @@ fn check_signature(alg: &AlgorithmIdentifier,
             let dsa_sig = der_decode(&sig)?;
             match alg.hash {
                 HashAlgorithm::SHA1
-                    if key.verify::<Sha1>(block, &dsa_sig) => Ok(()),
+                    if key.verify::<SHA1>(block, &dsa_sig) => Ok(()),
                 HashAlgorithm::SHA224
-                    if key.verify::<Sha224>(block, &dsa_sig) => Ok(()),
+                    if key.verify::<SHA224>(block, &dsa_sig) => Ok(()),
-                HashAlgorithm::SHA256 if key.verify::<Sha256>(block, &dsa_sig) =>
+                HashAlgorithm::SHA256 if key.verify::<SHA256>(block, &dsa_sig) =>
                         Ok(()),
                 _                     =>
                     Err(X509ParseError::InvalidSignatureHash)
@@ -188,11 +187,11 @@ fn check_signature(alg: &AlgorithmIdentifier,
         (PublicKeyInfo::ECDSA, &X509PublicKey::ECDSA(ECDSAPublic::P192(ref key))) => {
             let ecdsa_sig = der_decode(&sig)?;
             match alg.hash {
-                HashAlgorithm::SHA1   if key.verify::<Sha1>(block, &ecdsa_sig)   => Ok(()),
+                HashAlgorithm::SHA1   if key.verify::<SHA1>(block, &ecdsa_sig)   => Ok(()),
-                HashAlgorithm::SHA224 if key.verify::<Sha224>(block, &ecdsa_sig) => Ok(()),
+                HashAlgorithm::SHA224 if key.verify::<SHA224>(block, &ecdsa_sig) => Ok(()),
-                HashAlgorithm::SHA256 if key.verify::<Sha256>(block, &ecdsa_sig) => Ok(()),
+                HashAlgorithm::SHA256 if key.verify::<SHA256>(block, &ecdsa_sig) => Ok(()),
-                HashAlgorithm::SHA384 if key.verify::<Sha384>(block, &ecdsa_sig) => Ok(()),
+                HashAlgorithm::SHA384 if key.verify::<SHA384>(block, &ecdsa_sig) => Ok(()),
-                HashAlgorithm::SHA512 if key.verify::<Sha512>(block, &ecdsa_sig) => Ok(()),
+                HashAlgorithm::SHA512 if key.verify::<SHA512>(block, &ecdsa_sig) => Ok(()),
                 _ =>
                     Err(X509ParseError::InvalidSignatureHash)
             }
@@ -200,11 +199,11 @@ fn check_signature(alg: &AlgorithmIdentifier,
         (PublicKeyInfo::ECDSA, &X509PublicKey::ECDSA(ECDSAPublic::P224(ref key))) => {
             let ecdsa_sig = der_decode(&sig)?;
             match alg.hash {
-                HashAlgorithm::SHA1   if key.verify::<Sha1>(block, &ecdsa_sig)   => Ok(()),
+                HashAlgorithm::SHA1   if key.verify::<SHA1>(block, &ecdsa_sig)   => Ok(()),
-                HashAlgorithm::SHA224 if key.verify::<Sha224>(block, &ecdsa_sig) => Ok(()),
+                HashAlgorithm::SHA224 if key.verify::<SHA224>(block, &ecdsa_sig) => Ok(()),
-                HashAlgorithm::SHA256 if key.verify::<Sha256>(block, &ecdsa_sig) => Ok(()),
+                HashAlgorithm::SHA256 if key.verify::<SHA256>(block, &ecdsa_sig) => Ok(()),
-                HashAlgorithm::SHA384 if key.verify::<Sha384>(block, &ecdsa_sig) => Ok(()),
+                HashAlgorithm::SHA384 if key.verify::<SHA384>(block, &ecdsa_sig) => Ok(()),
-                HashAlgorithm::SHA512 if key.verify::<Sha512>(block, &ecdsa_sig) => Ok(()),
+                HashAlgorithm::SHA512 if key.verify::<SHA512>(block, &ecdsa_sig) => Ok(()),
                 _ =>
                     Err(X509ParseError::InvalidSignatureHash)
             }
@@ -212,11 +211,11 @@ fn check_signature(alg: &AlgorithmIdentifier,
         (PublicKeyInfo::ECDSA, &X509PublicKey::ECDSA(ECDSAPublic::P256(ref key))) => {
             let ecdsa_sig = der_decode(&sig)?;
             match alg.hash {
-                HashAlgorithm::SHA1   if key.verify::<Sha1>(block, &ecdsa_sig)   => Ok(()),
+                HashAlgorithm::SHA1   if key.verify::<SHA1>(block, &ecdsa_sig)   => Ok(()),
-                HashAlgorithm::SHA224 if key.verify::<Sha224>(block, &ecdsa_sig) => Ok(()),
+                HashAlgorithm::SHA224 if key.verify::<SHA224>(block, &ecdsa_sig) => Ok(()),
-                HashAlgorithm::SHA256 if key.verify::<Sha256>(block, &ecdsa_sig) => Ok(()),
+                HashAlgorithm::SHA256 if key.verify::<SHA256>(block, &ecdsa_sig) => Ok(()),
-                HashAlgorithm::SHA384 if key.verify::<Sha384>(block, &ecdsa_sig) => Ok(()),
+                HashAlgorithm::SHA384 if key.verify::<SHA384>(block, &ecdsa_sig) => Ok(()),
-                HashAlgorithm::SHA512 if key.verify::<Sha512>(block, &ecdsa_sig) => Ok(()),
+                HashAlgorithm::SHA512 if key.verify::<SHA512>(block, &ecdsa_sig) => Ok(()),
                 _ =>
                     Err(X509ParseError::InvalidSignatureHash)
             }
@@ -224,11 +223,11 @@ fn check_signature(alg: &AlgorithmIdentifier,
         (PublicKeyInfo::ECDSA, &X509PublicKey::ECDSA(ECDSAPublic::P384(ref key))) => {
             let ecdsa_sig = der_decode(&sig)?;
             match alg.hash {
-                HashAlgorithm::SHA1   if key.verify::<Sha1>(block, &ecdsa_sig)   => Ok(()),
+                HashAlgorithm::SHA1   if key.verify::<SHA1>(block, &ecdsa_sig)   => Ok(()),
-                HashAlgorithm::SHA224 if key.verify::<Sha224>(block, &ecdsa_sig) => Ok(()),
+                HashAlgorithm::SHA224 if key.verify::<SHA224>(block, &ecdsa_sig) => Ok(()),
-                HashAlgorithm::SHA256 if key.verify::<Sha256>(block, &ecdsa_sig) => Ok(()),
+                HashAlgorithm::SHA256 if key.verify::<SHA256>(block, &ecdsa_sig) => Ok(()),
-                HashAlgorithm::SHA384 if key.verify::<Sha384>(block, &ecdsa_sig) => Ok(()),
+                HashAlgorithm::SHA384 if key.verify::<SHA384>(block, &ecdsa_sig) => Ok(()),
-                HashAlgorithm::SHA512 if key.verify::<Sha512>(block, &ecdsa_sig) => Ok(()),
+                HashAlgorithm::SHA512 if key.verify::<SHA512>(block, &ecdsa_sig) => Ok(()),
                 _ =>
                     Err(X509ParseError::InvalidSignatureHash)
             }
@@ -236,11 +235,11 @@ fn check_signature(alg: &AlgorithmIdentifier,
         (PublicKeyInfo::ECDSA, &X509PublicKey::ECDSA(ECDSAPublic::P521(ref key))) => {
             let ecdsa_sig = der_decode(&sig)?;
             match alg.hash {
-                HashAlgorithm::SHA1   if key.verify::<Sha1>(block, &ecdsa_sig)   => Ok(()),
+                HashAlgorithm::SHA1   if key.verify::<SHA1>(block, &ecdsa_sig)   => Ok(()),
-                HashAlgorithm::SHA224 if key.verify::<Sha224>(block, &ecdsa_sig) => Ok(()),
+                HashAlgorithm::SHA224 if key.verify::<SHA224>(block, &ecdsa_sig) => Ok(()),
-                HashAlgorithm::SHA256 if key.verify::<Sha256>(block, &ecdsa_sig) => Ok(()),
+                HashAlgorithm::SHA256 if key.verify::<SHA256>(block, &ecdsa_sig) => Ok(()),
-                HashAlgorithm::SHA384 if key.verify::<Sha384>(block, &ecdsa_sig) => Ok(()),
+                HashAlgorithm::SHA384 if key.verify::<SHA384>(block, &ecdsa_sig) => Ok(()),
-                HashAlgorithm::SHA512 if key.verify::<Sha512>(block, &ecdsa_sig) => Ok(()),
+                HashAlgorithm::SHA512 if key.verify::<SHA512>(block, &ecdsa_sig) => Ok(()),
                 _ =>
                     Err(X509ParseError::InvalidSignatureHash)
             }