Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sign/verify by digest update, StreamVerifier refactoring #304

Draft
wants to merge 5 commits into
base: main
Choose a base branch
from
Draft

Sign/verify by digest update, StreamVerifier refactoring #304

wants to merge 5 commits into from

Conversation

mkj
Copy link

@mkj mkj commented Jun 12, 2023

I'd like to be able to sign/verify non-prehash signatures without the whole message in memory. The use case is for running on no_std embedded where the message is serialized directly into the sha512 digest. It's for SSH protocol so I can't use ed25519 prehashed.

There's the existing work in #196 for StreamVerifier, but that can't be extended to signing since signing needs two passes. Instead I've added raw_sign_byupdate() and raw_verify_byupdate() that take a closure to update the message digest.

As suggested in #196 (comment) I've moved recompute_R into its own struct and made StreamVerifier use it too.

Would something like this be reasonable to add? I'm open to other suggestions on how achieve the same thing.

(I only just noticed ComputeR is a bit of a silly looking name, that could change. Likewise _byupdate isn't the best name, but other names I came up with would get confused with prehashed methods).

@mkj mkj mentioned this pull request Jun 12, 2023
Closed
4 tasks
mkj and others added 5 commits June 12, 2023 23:01
@mkj
Replace recompute_R with a separate ComputeR
9d96265 
This struct can be use to implement verifiers with incremental updates
@mkj
Add raw_sign_byupdate and raw_verify_byupdate
a447cf6 
These allow signing/verifying a non-prehashed message
but don't require the whole message to be provided at once.
@mkj
Tests for raw_sign_byupdate, raw_verify_byupdate
f42d325
@robjtede @mkj
Add StreamVerifier
915fb7d
@mkj
Make StreamVerifier use ComputeR
f1b7303 
This allows it to use the same implementation as non-stream signature
verification.
@mkj mkj mentioned this pull request Jul 31, 2023
Open
@tarcieri
Copy link
Contributor

This crate has an interesting API for signing incrementally: https://docs.rs/ec25519/latest/ec25519/struct.SecretKey.html#method.sign_incremental

@pinkforest pinkforest mentioned this pull request Sep 12, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mkj @tarcieri @robjtede