Sign/verify by digest update, StreamVerifier refactoring #583
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This struct can be use to implement verifiers with incremental updates
These allow signing/verifying a non-prehashed message but don't require the whole message to be provided at once.
This allows it to use the same implementation as non-stream signature verification.
Closed
robjtede
approved these changes
Sep 12, 2023
robjtede
reviewed
Nov 1, 2023
| @@ -34,6 +34,7 @@ Entries are listed in reverse chronological order per undeprecated major series. | |||
| * Add `pkcs` feature to support PKCS #8 (de)serialization of `SigningKey` and `VerifyingKey` | |||
| * Add `fast` feature to include basepoint tables | |||
| * Add tests for validation criteria | |||
| * Add `SigningKey::verify_stream()`, and `VerifyingKey::verify_stream()` | |||
There was a problem hiding this comment.
this entry should probably be moved up out of the 2.0.0 section
|
I didn't end up having much time but looks like the original branch went forward 🎉 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This replaces dalek-cryptography/ed25519-dalek#304
Rebases #556
@mkj wrote:
I'd like to be able to sign/verify non-prehash signatures without the whole message in memory. The use case is for running on no_std embedded where the message is serialized directly into the sha512 digest. It's for SSH protocol so I can't use ed25519 prehashed.
The
StreamVerifierpull request #542 provides similar functionality, though streaming is only possible for verify (signing needs two passes). Instead I've addedraw_sign_byupdate()andraw_verify_byupdate()that take a closure to update the message digest.I've included the
StreamVerifiercommit from #542 and movedrecompute_Rinto its own structRCompute. That lets all the verifier options use the same code path._byupdateisn't the best name, but other names I came up with would get confused with prehashed methods. I'm open to other suggestions.