search

dalek-cryptography / curve25519-dalek

A pure-Rust implementation of group operations on Ristretto and Curve25519
Other
853 stars 422 forks source link

Sign/verify by digest update, StreamVerifier refactoring #583

Closed pinkforest closed 4 months ago

pinkforest commented 10 months ago

This replaces https://github.com/dalek-cryptography/ed25519-dalek/pull/304 Rebases #556

@mkj wrote:

I'd like to be able to sign/verify non-prehash signatures without the whole message in memory. The use case is for running on no_std embedded where the message is serialized directly into the sha512 digest. It's for SSH protocol so I can't use ed25519 prehashed.

The StreamVerifier pull request https://github.com/dalek-cryptography/curve25519-dalek/pull/542 provides similar functionality, though streaming is only possible for verify (signing needs two passes). Instead I've added raw_sign_byupdate() and raw_verify_byupdate() that take a closure to update the message digest.

I've included the StreamVerifier commit from https://github.com/dalek-cryptography/curve25519-dalek/pull/542 and moved recompute_R into its own struct RCompute. That lets all the verifier options use the same code path.

_byupdate isn't the best name, but other names I came up with would get confused with prehashed methods. I'm open to other suggestions.

pinkforest commented 4 months ago

I didn't end up having much time but looks like the original branch went forward :tada: