Implement MultipartSigner/Verifier
#982
Conversation
|
It would be good to add it to (Maybe we can add a macro to write impls for types which impl |
daxpedda
force-pushed
the
multi-part-sign-verify
branch
from
5c3f521 to
ea896d2
Compare
|
Done. Just leaving a list of potentially other applicable implementations:
|
|
There's also |
|
Just a thought I had: we could expose the new private functions in ML-DSA and SLH-DSA as |
Let me know if you want me to add if there as well. |
daxpedda
changed the title
MultiPartSigner/Verifier for ML-DSA and SLH-DSAMultipartSigner/Verifier for ML-DSA and SLH-DSA
daxpedda
changed the title
MultipartSigner/Verifier for ML-DSA and SLH-DSAMultipartSigner/Verifier
This PR adds new traits for multipart messages: `MultipartSigner`, `RandomizedMultipartSigner`, `RandomizedMultipartSignerMut` and `MultipartVerifier`. The idea here is to allow non-contiguous bytes to be passed, which is necessary when the message has to be constructed from multiple sources without wanting to allocate memory for a contiguous message. E.g. for `no_std` environments or when the message is rather big but pre-hashing is not applicable, e.g. PureEdDSA, ML-DSA or SLH-DSA. I know this is a rather big breaking change, so let me know what you think! These new traits can be implemented by a bunch of crates: - [x] `ecdsa`: RustCrypto/signatures#982 - [x] `ml-dsa`: RustCrypto/signatures#982 - [x] `slh-dsa`: RustCrypto/signatures#982 - [x] `bign256`: RustCrypto/elliptic-curves#1221 - [x] `sm2`: RustCrypto/elliptic-curves#1221 - [x] `k256`: RustCrypto/elliptic-curves#1221 - [x] `dsa`: RustCrypto/signatures#982 - [x] `lms`: RustCrypto/signatures#982 - [x] `rsa`: RustCrypto/RSA#525 - [ ] `ed25519-dalek` Resolves RustCrypto/signatures#959.
| fn message_representative(tr: &[u8], Mp: &[&[&[u8]]]) -> B64 { | ||
| let mut h = H::default().absorb(tr); | ||
|
|
||
| for m in Mp { | ||
| for m in Mp.iter().copied().flatten() { |
There was a problem hiding this comment.
Hmm, is the &[&[&[u8]]] really necessary here?
There was a problem hiding this comment.
We have to prefix the message with a couple of things: a tag (0), a context length and the context (&[u8]) itself. Unfortunately you can't concat stuff to an existing &[&[u8]], so this is what I went for.
We could add a prefix: &[&[u8]] parameter instead. Another alternative would be to change it to a impl Iterator<Item = &[u8]>, then we can Iterator::chain() stuff to each other.
Let me know if you prefer any of these alternatives.
Implementation of
MultipartSignerandMultipartVerifieradded in RustCrypto/traits#1880.The implementation in ML-DSA and SLH-DSA is not ideal. Basically all the relevant functions are public and only take
&[u8]. So instead of changing public functions, I just moved the implementation of those functions into private functions that take&[&[u8]]. Let me know if you want me to solve this in any other way.