signature: add MultipartSigner and MultipartVerifier
#1880
Conversation
|
If we are to support such messages, we probably should do it in separate methods or maybe even in a separate trait. |
I will go ahead and move it into a separate method then. I don't think a separate trait is necessary as the |
daxpedda
changed the title
signature: use &[&[u8]] for messagessignature: use Iterator<Item = AsRef<[u8]> for messages
|
I went ahead and added a Will update the other PRs today and see how it looks before moving this out of draft again. |
daxpedda
changed the title
signature: use Iterator<Item = AsRef<[u8]> for messagessignature: use Iterator<Item: AsRef<[u8]> for messages
|
This adds a lot of code surface but really doesn’t add any new functionality. We already support IUF signing via Where I guess this could maybe help are for constructions that don’t fit into a strictly IUF API like streaming Ed25519 (non-Ed25519ph) or ML-DSA with external mu. But it’s unclear to me we can build traits which actually abstract over such APIs. If we could, I guess this would be close, but that should probably be the design rationale. |
|
Also note that the original proposed |
|
FWIW, here's discussion on this sort of API for Ed25519. It was actually removed from this PR, but prior to that, it was suggested to use |
The intention is not a streaming interface, but a streaming interface would address the problem here indeed as well.
Ah right ... I forgot why I had planned it with So if the approach with Just to clarify: the intention here is to support non-contiguous byte slices for Ed25519/448, ML-DSA and SLH-DSA. |
|
I agree with the earlier comments that this should be a new trait, like I think it would probably also be good to get everything prototyped in PRs to those crates first before we merge, so we know it's actually a good abstraction. |
I added support for ML-DSA and SLH-DSA in RustCrypto/signatures#981. I'm happy to make a PR to the Just my 2¢: if you take a look at RustCrypto/signatures#981, the changes are pretty minimal. I really don't believe that going from |
|
@daxpedda if you look at dalek-cryptography/curve25519-dalek#735, the same cannot be said of Ed25519. I don't want to force signature implementations to have to implement this interface as their only possible choice. We can't even guarantee this interface is possible for all signature algorithms (at least in an unbuffered, |
daxpedda
changed the title
signature: use Iterator<Item: AsRef<[u8]> for messagessignature: use &[&[u8]] for messages
|
Alright, that was easier than expected, so let me say this:
I still think it should be a separate trait to keep it out of the way. |
|
Sounds good, on it! |
|
Let me know what you think. We may want to implement traits on demand, for OPAQUE I will only need |
|
Should I add a |
|
I went ahead and did both: removed |
|
Implementation for ML-DSA and SLH-DSA done in RustCrypto/signatures#982. I hope that dalek-cryptography/curve25519-dalek#763 was sufficient, so I will wait until we are ready to upgrade RustCrypto dependencies there before I make a PR. Probably dalek-cryptography/curve25519-dalek#735 will be relevant as well, as that could be used to implement the Let me know if there is something else you want me to implement/explore/discuss. |
daxpedda
changed the title
signature: use &[&[u8]] for messagessignature: add MultiPartSigner and MultiPartVerifier
|
@daxpedda regarding |
|
FYI: the blanket implementation didn't work because I can't bind Will go ahead and make the PR in |
|
Yeah, just go ahead and hand write impls for now |
daxpedda
changed the title
signature: add MultiPartSigner and MultiPartVerifiersignature: add MultipartSigner and MultipartVerifier
|
Done: RustCrypto/signatures#982. Let me know if you want me to implement it for any other specific crate or for the complete rest. |
|
I went ahead and implemented it for the remaining crates. |
Implementation of `MultipartSigner` and `MultipartVerifier` added in RustCrypto/traits#1880.
This PR adds new traits for multipart messages:
MultipartSigner,RandomizedMultipartSigner,RandomizedMultipartSignerMutandMultipartVerifier.The idea here is to allow non-contiguous bytes to be passed, which is necessary when the message has to be constructed from multiple sources without wanting to allocate memory for a contiguous message. E.g. for
no_stdenvironments or when the message is rather big but pre-hashing is not applicable, e.g. PureEdDSA, ML-DSA or SLH-DSA.I know this is a rather big breaking change, so let me know what you think!
These new traits can be implemented by a bunch of crates:
ecdsa: ImplementMultipartSigner/Verifiersignatures#982ml-dsa: ImplementMultipartSigner/Verifiersignatures#982slh-dsa: ImplementMultipartSigner/Verifiersignatures#982bign256: ImplementMultipartSigner/Verifierelliptic-curves#1221sm2: ImplementMultipartSigner/Verifierelliptic-curves#1221k256: ImplementMultipartSigner/Verifierelliptic-curves#1221dsa: ImplementMultipartSigner/Verifiersignatures#982lms: ImplementMultipartSigner/Verifiersignatures#982rsa: ImplementMultipartSign/VerifyRSA#525ed25519-dalek: ImplementMultipartSigner/Verifierdalek-cryptography/curve25519-dalek#764Resolves RustCrypto/signatures#959.