From 18fee46bade16ff2754cfe64484dd7fd55083288 Mon Sep 17 00:00:00 2001
From: David Palm <dvdplm@gmail.com>
Date: Wed, 15 May 2019 10:14:38 +0200
Subject: [PATCH 1/7] Store an Hmac in KeyInner

This changes `verify` to take ownership of the inner value, which is backwards incompatible.
---
 parity-crypto/src/hmac/mod.rs  | 39 +++++++++++++++++-----------------
 parity-crypto/src/hmac/test.rs |  5 ++---
 2 files changed, 21 insertions(+), 23 deletions(-)

diff --git a/parity-crypto/src/hmac/mod.rs b/parity-crypto/src/hmac/mod.rs
index 44f24d911..928ae94ce 100644
--- a/parity-crypto/src/hmac/mod.rs
+++ b/parity-crypto/src/hmac/mod.rs
@@ -44,19 +44,20 @@ impl<T> Deref for Signature<T> {
 pub struct SigKey<T>(KeyInner, PhantomData<T>);
 
 enum KeyInner {
-	Sha256(GenericArray<u8, U64>),
-	Sha512(GenericArray<u8, U128>),
+	Sha256(rhmac::Hmac<rsha2::Sha256>),
+	Sha512(rhmac::Hmac<rsha2::Sha512>),
 }
 
 impl SigKey<Sha256> {
 	pub fn sha256(key: &[u8]) -> SigKey<Sha256> {
-		SigKey(KeyInner::Sha256(*GenericArray::from_slice(key)), PhantomData)
+		SigKey(KeyInner::Sha256(Hmac::<rsha2::Sha256>::new_varkey(key).unwrap()), PhantomData)
 	}
 }
 
 impl SigKey<Sha512> {
 	pub fn sha512(key: &[u8]) -> SigKey<Sha512> {
-		SigKey(KeyInner::Sha512(*GenericArray::from_slice(key)), PhantomData)
+		SigKey(KeyInner::Sha512(Hmac::<rsha2::Sha512>::new_varkey(key).unwrap()), PhantomData)
+
 	}
 }
 
@@ -78,8 +79,8 @@ enum SignerInner {
 impl<T> Signer<T> {
 	pub fn with(key: &SigKey<T>) -> Signer<T> {
 		match &key.0 {
-			KeyInner::Sha256(k) => Signer(SignerInner::Sha256(Hmac::new(k)), PhantomData),
-			KeyInner::Sha512(k) => Signer(SignerInner::Sha512(Hmac::new(k)), PhantomData),
+			KeyInner::Sha256(k) => Signer(SignerInner::Sha256(k.clone()), PhantomData),
+			KeyInner::Sha512(k) => Signer(SignerInner::Sha512(k.clone()), PhantomData),
 		}
 	}
 
@@ -103,29 +104,27 @@ pub struct VerifyKey<T>(KeyInner, PhantomData<T>);
 
 impl VerifyKey<Sha256> {
 	pub fn sha256(key: &[u8]) -> VerifyKey<Sha256> {
-		VerifyKey(KeyInner::Sha256(*GenericArray::from_slice(key)), PhantomData)
+		VerifyKey(KeyInner::Sha256(Hmac::<rsha2::Sha256>::new_varkey(key).unwrap()), PhantomData)
 	}
 }
 
 impl VerifyKey<Sha512> {
 	pub fn sha512(key: &[u8]) -> VerifyKey<Sha512> {
-		VerifyKey(KeyInner::Sha512(*GenericArray::from_slice(key)), PhantomData)
+		VerifyKey(KeyInner::Sha512(Hmac::<rsha2::Sha512>::new_varkey(key).unwrap()), PhantomData)
 	}
 }
 
 /// Verify HMAC signature of `data`.
-pub fn verify<T>(k: &VerifyKey<T>, data: &[u8], sig: &[u8]) -> bool {
-	match &k.0 {
-		KeyInner::Sha256(k) => {
-			let mut ctxt = Hmac::<rsha2::Sha256>::new(k);
-			ctxt.input(data);
-			ctxt.verify(sig).is_ok()
-		}
-		KeyInner::Sha512(k) => {
-			let mut ctxt = Hmac::<rsha2::Sha512>::new(k);
-			ctxt.input(data);
-			ctxt.verify(sig).is_ok()
-		}
+pub fn verify<T>(k: VerifyKey<T>, data: &[u8], sig: &[u8]) -> bool {
+	match k.0 {
+		KeyInner::Sha256(mut ctx) => {
+			ctx.input(data);
+			ctx.verify(sig).is_ok();
+		},
+		KeyInner::Sha512(mut ctx) => {
+			ctx.input(data);
+			ctx.verify(sig).is_ok();
+		},
 	}
 }
 
diff --git a/parity-crypto/src/hmac/test.rs b/parity-crypto/src/hmac/test.rs
index a04e247e5..25c3af62c 100644
--- a/parity-crypto/src/hmac/test.rs
+++ b/parity-crypto/src/hmac/test.rs
@@ -43,7 +43,6 @@ fn simple_mac_and_verify() {
 	assert_eq!(&sig2[..], &sign(&sig_key2, &big_input[..])[..]);
 	let verif_key1 = VerifyKey::sha256(&key1[..]);
 	let verif_key2 = VerifyKey::sha512(&key2[..]);
-	assert!(verify(&verif_key1, &input[..], &sig1[..]));
-	assert!(verify(&verif_key2, &big_input[..], &sig2[..]));
-
+	assert!(verify(verif_key1, &input[..], &sig1[..]));
+	assert!(verify(verif_key2, &big_input[..], &sig2[..]));
 }

From e727b3f9b73624a51bd30b225382dd0ee5a7434c Mon Sep 17 00:00:00 2001
From: David Palm <dvdplm@gmail.com>
Date: Wed, 15 May 2019 10:21:14 +0200
Subject: [PATCH 2/7] =?UTF-8?q?Clone=20the=20Hmac=20when=20verifying=20?=
 =?UTF-8?q?=E2=80=93=20restore=20original=20API?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 parity-crypto/src/hmac/mod.rs  | 18 ++++++++++--------
 parity-crypto/src/hmac/test.rs |  4 ++--
 2 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/parity-crypto/src/hmac/mod.rs b/parity-crypto/src/hmac/mod.rs
index 928ae94ce..211cef426 100644
--- a/parity-crypto/src/hmac/mod.rs
+++ b/parity-crypto/src/hmac/mod.rs
@@ -115,15 +115,17 @@ impl VerifyKey<Sha512> {
 }
 
 /// Verify HMAC signature of `data`.
-pub fn verify<T>(k: VerifyKey<T>, data: &[u8], sig: &[u8]) -> bool {
-	match k.0 {
-		KeyInner::Sha256(mut ctx) => {
-			ctx.input(data);
-			ctx.verify(sig).is_ok();
+pub fn verify<T>(key: &VerifyKey<T>, data: &[u8], sig: &[u8]) -> bool {
+	match &key.0 {
+		KeyInner::Sha256(ctx) => {
+			let mut ctx2 = ctx.clone();
+			ctx2.input(data);
+			ctx2.verify(sig).is_ok();
 		},
-		KeyInner::Sha512(mut ctx) => {
-			ctx.input(data);
-			ctx.verify(sig).is_ok();
+		KeyInner::Sha512(ctx) => {
+			let mut ctx2 = ctx.clone();
+			ctx2.input(data);
+			ctx2.verify(sig).is_ok();
 		},
 	}
 }
diff --git a/parity-crypto/src/hmac/test.rs b/parity-crypto/src/hmac/test.rs
index 25c3af62c..930d1e105 100644
--- a/parity-crypto/src/hmac/test.rs
+++ b/parity-crypto/src/hmac/test.rs
@@ -43,6 +43,6 @@ fn simple_mac_and_verify() {
 	assert_eq!(&sig2[..], &sign(&sig_key2, &big_input[..])[..]);
 	let verif_key1 = VerifyKey::sha256(&key1[..]);
 	let verif_key2 = VerifyKey::sha512(&key2[..]);
-	assert!(verify(verif_key1, &input[..], &sig1[..]));
-	assert!(verify(verif_key2, &big_input[..], &sig2[..]));
+	assert!(verify(&verif_key1, &input[..], &sig1[..]));
+	assert!(verify(&verif_key2, &big_input[..], &sig2[..]));
 }

From 64ab797ce6893d0ddd554095bc28032505d52c83 Mon Sep 17 00:00:00 2001
From: David Palm <dvdplm@gmail.com>
Date: Wed, 15 May 2019 10:33:25 +0200
Subject: [PATCH 3/7] Store key bytes in KeyInner

---
 parity-crypto/src/hmac/mod.rs | 33 ++++++++++++++++-----------------
 1 file changed, 16 insertions(+), 17 deletions(-)

diff --git a/parity-crypto/src/hmac/mod.rs b/parity-crypto/src/hmac/mod.rs
index 211cef426..740e8b1c5 100644
--- a/parity-crypto/src/hmac/mod.rs
+++ b/parity-crypto/src/hmac/mod.rs
@@ -44,20 +44,19 @@ impl<T> Deref for Signature<T> {
 pub struct SigKey<T>(KeyInner, PhantomData<T>);
 
 enum KeyInner {
-	Sha256(rhmac::Hmac<rsha2::Sha256>),
-	Sha512(rhmac::Hmac<rsha2::Sha512>),
+	Sha256(Vec<u8>),
+	Sha512(Vec<u8>),
 }
 
 impl SigKey<Sha256> {
 	pub fn sha256(key: &[u8]) -> SigKey<Sha256> {
-		SigKey(KeyInner::Sha256(Hmac::<rsha2::Sha256>::new_varkey(key).unwrap()), PhantomData)
+		SigKey(KeyInner::Sha256(key.to_vec()), PhantomData)
 	}
 }
 
 impl SigKey<Sha512> {
 	pub fn sha512(key: &[u8]) -> SigKey<Sha512> {
-		SigKey(KeyInner::Sha512(Hmac::<rsha2::Sha512>::new_varkey(key).unwrap()), PhantomData)
-
+		SigKey(KeyInner::Sha512(key.to_vec()), PhantomData)
 	}
 }
 
@@ -79,8 +78,8 @@ enum SignerInner {
 impl<T> Signer<T> {
 	pub fn with(key: &SigKey<T>) -> Signer<T> {
 		match &key.0 {
-			KeyInner::Sha256(k) => Signer(SignerInner::Sha256(k.clone()), PhantomData),
-			KeyInner::Sha512(k) => Signer(SignerInner::Sha512(k.clone()), PhantomData),
+			KeyInner::Sha256(key_bytes) => Signer(SignerInner::Sha256(Hmac::<rsha2::Sha256>::new_varkey(key_bytes).unwrap()), PhantomData),
+			KeyInner::Sha512(key_bytes) => Signer(SignerInner::Sha512(Hmac::<rsha2::Sha512>::new_varkey(key_bytes).unwrap()), PhantomData),
 		}
 	}
 
@@ -104,28 +103,28 @@ pub struct VerifyKey<T>(KeyInner, PhantomData<T>);
 
 impl VerifyKey<Sha256> {
 	pub fn sha256(key: &[u8]) -> VerifyKey<Sha256> {
-		VerifyKey(KeyInner::Sha256(Hmac::<rsha2::Sha256>::new_varkey(key).unwrap()), PhantomData)
+		VerifyKey(KeyInner::Sha256(key.to_vec()), PhantomData)
 	}
 }
 
 impl VerifyKey<Sha512> {
 	pub fn sha512(key: &[u8]) -> VerifyKey<Sha512> {
-		VerifyKey(KeyInner::Sha512(Hmac::<rsha2::Sha512>::new_varkey(key).unwrap()), PhantomData)
+		VerifyKey(KeyInner::Sha512(key.to_vec()), PhantomData)
 	}
 }
 
 /// Verify HMAC signature of `data`.
 pub fn verify<T>(key: &VerifyKey<T>, data: &[u8], sig: &[u8]) -> bool {
 	match &key.0 {
-		KeyInner::Sha256(ctx) => {
-			let mut ctx2 = ctx.clone();
-			ctx2.input(data);
-			ctx2.verify(sig).is_ok();
+		KeyInner::Sha256(key_bytes) => {
+			let mut ctx = Hmac::<rsha2::Sha256>::new_varkey(key_bytes).unwrap();
+			ctx.input(data);
+			ctx.verify(sig).is_ok()
 		},
-		KeyInner::Sha512(ctx) => {
-			let mut ctx2 = ctx.clone();
-			ctx2.input(data);
-			ctx2.verify(sig).is_ok();
+		KeyInner::Sha512(key_bytes) => {
+			let mut ctx = Hmac::<rsha2::Sha512>::new_varkey(key_bytes).unwrap();
+			ctx.input(data);
+			ctx.verify(sig).is_ok()
 		},
 	}
 }

From 8dbd10b5e3a30e330aca5757669f9742924d3412 Mon Sep 17 00:00:00 2001
From: David Palm <dvdplm@gmail.com>
Date: Wed, 15 May 2019 10:40:19 +0200
Subject: [PATCH 4/7] Unused import

---
 parity-crypto/src/hmac/mod.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/parity-crypto/src/hmac/mod.rs b/parity-crypto/src/hmac/mod.rs
index 740e8b1c5..9119c7588 100644
--- a/parity-crypto/src/hmac/mod.rs
+++ b/parity-crypto/src/hmac/mod.rs
@@ -15,7 +15,7 @@
 // along with Parity.  If not, see <http://www.gnu.org/licenses/>.
 
 use digest::{Sha256, Sha512};
-use rdigest::generic_array::{GenericArray, typenum::U32, typenum::U64, typenum::U128};
+use rdigest::generic_array::{GenericArray, typenum::U32, typenum::U64};
 use rhmac::{Hmac, Mac as _};
 use rsha2;
 use std::marker::PhantomData;

From f8ff8722949373bcd6a0fbc97393f929999a489f Mon Sep 17 00:00:00 2001
From: David Palm <dvdplm@gmail.com>
Date: Wed, 15 May 2019 12:44:45 +0200
Subject: [PATCH 5/7] s/unwrap/expect with proof

---
 parity-crypto/src/hmac/mod.rs | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/parity-crypto/src/hmac/mod.rs b/parity-crypto/src/hmac/mod.rs
index 9119c7588..6fcb43402 100644
--- a/parity-crypto/src/hmac/mod.rs
+++ b/parity-crypto/src/hmac/mod.rs
@@ -78,8 +78,23 @@ enum SignerInner {
 impl<T> Signer<T> {
 	pub fn with(key: &SigKey<T>) -> Signer<T> {
 		match &key.0 {
-			KeyInner::Sha256(key_bytes) => Signer(SignerInner::Sha256(Hmac::<rsha2::Sha256>::new_varkey(key_bytes).unwrap()), PhantomData),
-			KeyInner::Sha512(key_bytes) => Signer(SignerInner::Sha512(Hmac::<rsha2::Sha512>::new_varkey(key_bytes).unwrap()), PhantomData),
+			KeyInner::Sha256(key_bytes) => {
+				Signer(
+					SignerInner::Sha256(
+						Hmac::<rsha2::Sha256>::new_varkey(key_bytes)
+							.expect("always returns Ok; qed")
+					),
+					PhantomData
+				)
+			},
+			KeyInner::Sha512(key_bytes) => {
+				Signer(
+					SignerInner::Sha512(
+						Hmac::<rsha2::Sha512>::new_varkey(key_bytes)
+							.expect("always returns Ok; qed")
+					), PhantomData
+				)
+			},
 		}
 	}
 

From 610c5256ee4fff6a01ffeca5f0a40634dbb40cf3 Mon Sep 17 00:00:00 2001
From: David Palm <dvdplm@gmail.com>
Date: Wed, 15 May 2019 13:50:07 +0200
Subject: [PATCH 6/7] More s/unwrap/expect

---
 parity-crypto/src/hmac/mod.rs | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/parity-crypto/src/hmac/mod.rs b/parity-crypto/src/hmac/mod.rs
index 6fcb43402..d5902102b 100644
--- a/parity-crypto/src/hmac/mod.rs
+++ b/parity-crypto/src/hmac/mod.rs
@@ -132,12 +132,14 @@ impl VerifyKey<Sha512> {
 pub fn verify<T>(key: &VerifyKey<T>, data: &[u8], sig: &[u8]) -> bool {
 	match &key.0 {
 		KeyInner::Sha256(key_bytes) => {
-			let mut ctx = Hmac::<rsha2::Sha256>::new_varkey(key_bytes).unwrap();
+			let mut ctx = Hmac::<rsha2::Sha256>::new_varkey(key_bytes)
+				.expect("always returns Ok; qed");
 			ctx.input(data);
 			ctx.verify(sig).is_ok()
 		},
 		KeyInner::Sha512(key_bytes) => {
-			let mut ctx = Hmac::<rsha2::Sha512>::new_varkey(key_bytes).unwrap();
+			let mut ctx = Hmac::<rsha2::Sha512>::new_varkey(key_bytes)
+				.expect("always returns Ok; qed");
 			ctx.input(data);
 			ctx.verify(sig).is_ok()
 		},

From 20e8f69b092833f4720f1101827689c3bc563974 Mon Sep 17 00:00:00 2001
From: David Palm <dvdplm@gmail.com>
Date: Wed, 15 May 2019 13:51:50 +0200
Subject: [PATCH 7/7] Derive Debug for digests and signatures

---
 parity-crypto/src/digest.rs   | 3 +++
 parity-crypto/src/hmac/mod.rs | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/parity-crypto/src/digest.rs b/parity-crypto/src/digest.rs
index 40bafe145..34e27fa0d 100644
--- a/parity-crypto/src/digest.rs
+++ b/parity-crypto/src/digest.rs
@@ -63,8 +63,11 @@ pub fn ripemd160(data: &[u8]) -> Digest<Ripemd160> {
 	hasher.finish()
 }
 
+#[derive(Debug)]
 pub enum Sha256 {}
+#[derive(Debug)]
 pub enum Sha512 {}
+#[derive(Debug)]
 pub enum Ripemd160 {}
 
 /// Stateful digest computation.
diff --git a/parity-crypto/src/hmac/mod.rs b/parity-crypto/src/hmac/mod.rs
index d5902102b..674539994 100644
--- a/parity-crypto/src/hmac/mod.rs
+++ b/parity-crypto/src/hmac/mod.rs
@@ -22,8 +22,10 @@ use std::marker::PhantomData;
 use std::ops::Deref;
 
 /// HMAC signature.
+#[derive(Debug)]
 pub struct Signature<T>(HashInner, PhantomData<T>);
 
+#[derive(Debug)]
 enum HashInner {
 	Sha256(GenericArray<u8, U32>),
 	Sha512(GenericArray<u8, U64>),