Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ed25519 needs SignStream and VerifyStream functions #796

Closed
noloader opened this issue Feb 11, 2019 · 0 comments
Closed

ed25519 needs SignStream and VerifyStream functions #796

noloader opened this issue Feb 11, 2019 · 0 comments

Comments

@noloader
Copy link
Collaborator

noloader commented Feb 11, 2019
edited
Loading

Current ed25519 signing and verification does not lend itself to signing large messages, like a 4.4 GB file (a typical LiveCD ISO). Pre-hashing the message could allow existential forgeries, so we probably want to avoid letting users hash the message M' = H(M) and then using M' as the message to be signed or verified.

That leaves us two choices. First, modify ed25519 signing and verification for RFC 8032's ed25519ph. Second, add a stream overload that reads through the stream in blocks and feeds it to the hash by repeatedly calling Update in place of Update(m, mlen).

I don't want to modify things for RFC 8032 just yet. It looks like the IETF changed the algorithm beyond using dom2 and PH(M), if I am parsing the RFC sections 5.1.6 and 5.1.7 correctly.

I think that leaves the overload that takes an istream in place of byte* message, size_t messageLength.
noloader added a commit to noloader/cryptopp that referenced this issue Feb 11, 2019
@noloader
Add SignStream and VerifyStream functions (GH weidai11#796)
7143da6
noloader added a commit to noloader/cryptopp that referenced this issue Feb 11, 2019
@noloader
Add SignStream and VerifyStream functions (GH weidai11#796)
c127395
noloader added a commit to noloader/cryptopp that referenced this issue Feb 11, 2019
@noloader
Add SignStream and VerifyStream tests (GH weidai11#796)
2d3e19d
noloader added a commit that referenced this issue Feb 11, 2019
@noloader
Add ed25519 SignStream and VerifyStream functions (GH #796, PR #797)
0ca4c41
@noloader noloader changed the title ed25519 needs a SignStream and VerifyStream overload ed25519 needs a SignStream and VerifyStream functions Feb 11, 2019
@noloader noloader changed the title ed25519 needs a SignStream and VerifyStream functions ed25519 needs SignStream and VerifyStream functions Feb 11, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@noloader