I'd like to be able to sign/verify non-prehash signatures without the whole message in memory. The use case is for running on no_std embedded where the message is serialized directly into the sha512 digest. It's for SSH protocol so I can't use ed25519 prehashed.
The StreamVerifier pull request https://github.com/dalek-cryptography/curve25519-dalek/pull/542 provides similar functionality, though streaming is only possible for verify (signing needs two passes). Instead I've added raw_sign_byupdate() and raw_verify_byupdate() that take a closure to update the message digest.
This replaces https://github.com/dalek-cryptography/ed25519-dalek/pull/304 Rebases #556
@mkj wrote:
I'd like to be able to sign/verify non-prehash signatures without the whole message in memory. The use case is for running on no_std embedded where the message is serialized directly into the sha512 digest. It's for SSH protocol so I can't use ed25519 prehashed.
The
StreamVerifier
pull request https://github.com/dalek-cryptography/curve25519-dalek/pull/542 provides similar functionality, though streaming is only possible for verify (signing needs two passes). Instead I've addedraw_sign_byupdate()
andraw_verify_byupdate()
that take a closure to update the message digest.I've included the
StreamVerifier
commit from https://github.com/dalek-cryptography/curve25519-dalek/pull/542 and movedrecompute_R
into its own structRCompute
. That lets all the verifier options use the same code path._byupdate
isn't the best name, but other names I came up with would get confused with prehashed methods. I'm open to other suggestions.