security: decouple ECDSA signing and input digesting

named-data-iot / ndn-lite

A lightweight NDN protocol stack with high-level application support including security bootstrapping, access control, trust management, etc.

https://ndn-lite.named-data.net

GNU Lesser General Public License v3.0

44 stars 16 forks source link

security: decouple ECDSA signing and input digesting #14

Closed yoursunny closed 5 years ago

yoursunny commented 5 years ago

As of a4dcb80458dff521ac8767b0e0067c1e14fab98d, ndn_lite_default_ecdsa_sign internally computes a SHA256 digest of the input data before creating a signature over the digest. However, digesting and signing are two different operations and they should be decoupled. The ECC backend should not perform digesting. Instead, the frontend could invoke the SHA256 backend to compute the digest, then invoke ECC backend to sign the digest.

Zhiyi-Zhang commented 5 years ago

I think this has already been solved.