dsa: implement Signer and Verifier using SHA-256 as default
#559
Conversation
cobratbq
force-pushed
the
implement-signer-verifier
branch
from
213426d to
2549009
Compare
|
I suppose that it might be better to add a |
You are right. I investigated this earlier. There are cascading effects involved, due to currently the generic type being completely absent. I do not want to go there now for its structural changes. It involves some deriving of hash functions from component lengths, for the cases of reading signatures from byte-sequences. Regardless, those changes are orthogonal in nature, so they need not block this contribution if you are interested. Incidentally, how do you cope with backwards-incompatible changes? Such as those discussed in #520, and as you mentioned just now. |
We can bump the minor version, as the crate is still 0.x That said, you should be able to add a generic digest type parameter with a default of e.g. |
Just checking: you are referring to the use of |
|
@cobratbq that would be for controlling the digest function used to prehash the message, not for RFC6979 specifically (which is an opaque, internal detail from a user-facing perspective) |
|
@cobratbq I was thinking about |
|
I do not get how you see this being done:
|
|
@cobratbq again, you an add a |
|
Ok, and as we can see, the quick-and-dirty doesn't seem to work. |
tarcieri
changed the title
tarcieri
changed the title
Signer and Verifier using SHA-256 as default
|
This is fine for now. I'm going to release this, and then work on the proposed changes for @cobratbq if you'd like to propose any breaking changes to the traits, this will be the only opportunity in the immediate future to do so. |
I don't have anything meaningful right now. My exploration brought me into type-safety-complications, and -- as you know -- these things can be solved in a variety of ways. One thing to point out for consideration: the ECDSA |
|
The What we might consider is redesigning It'd be good to open an issue with the problems you'd like to see solved. |
|
@cobratbq ideally what I think would be nice as a pattern for tying the digest algorithm to the signature at the type level is leveraging const generics ala something like: This allows specifying what algorithm should be used without tying it to a concrete implementation, which makes it possible to plug in things like wrappers for hardware cryptographic accelerators so long as they claim to support the correct OID for a particular algorithm. You can then bound on e.g. |
In follow-up of discussion in #520: a minimal implementation for
SignerandVerifierusing SHA-256 for digests. The issue discusses possible options of introducing the OID, however this is not part of this implementation.