-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto: signing and verifying not supported for ed25519/ed448 #26320
Comments
That would be my preference. Buffering is a performance pitfall and DoS vector. |
I agree with @bnoordhuis. Also, we have a similar behavior for |
Well there will still have to be some kind of buffering (the single chunk) if we're going to allow some compatibility with the existing API. There's also the problem of what users are expected to use for the algorithm name with We could avoid all of this if we added a separate one-shot sign/verify API, but I'm not sure what that would look like or if people would support something like that. |
That's a good question...
You are right, this makes compatibility with our existing APIs difficult. |
/cc @nodejs/collaborators ideas? thoughts? |
I would support a one-shot API. Usually, crypto APIs have a one-shot, and a multi-shot API. I'm also fine if its possible to implement with the restriction of single-call-to-update. That sounds like it might have to involve some unique to ed shenanigans, and would need to allow the 'digest' to be the 'signature algorithm' (like 'pureeddsa-sha512'). How widely used is PureEdDSA? Requiring two passes is pretty unusual. |
It's used by ed25519 (and ed448 for that matter), which is used for modern SSH keys for example. |
These methods are added primarily to allow signing and verifying using Ed25519 and Ed448 keys, which do not support streaming of input data. However, any key type can be used with these new APIs, to allow better performance when only signing/verifying a single chunk. Fixes: nodejs#26320 PR-URL: nodejs#26611 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
These methods are added primarily to allow signing and verifying using Ed25519 and Ed448 keys, which do not support streaming of input data. However, any key type can be used with these new APIs, to allow better performance when only signing/verifying a single chunk. Fixes: #26320 PR-URL: #26611 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
From https://www.openssl.org/docs/manmaster/man7/Ed25519.html:
I'm not sure how we want to implement support for this in node, perhaps with special
algorithm
names forcrypto.createSign()
/crypto.createVerify()
that only permit a single call to.update()
or that buffer all data passed to each.update()
for the one-shot sign/verify at the end?The text was updated successfully, but these errors were encountered: