-
Notifications
You must be signed in to change notification settings - Fork 224
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add hazmat
module with ExpandedSecretKey
, raw_sign
, raw_sign_prehashed
#299
Conversation
My preference would be to stick the |
That looks good. Will do |
@rozbb if you do extract a |
Fyi, I made such a library (you can find it here), and I would appreciate if this PR made it into 2.0, as I previously relied on |
@rozbb gentle ping, are you expecting to finish this soon? Alternatively, could we maybe get a patch release on x25519-dalek with the zeroize dependency unpinned? It seems like it causes a new problem once every week 😢 |
@jplatte I apologize, I've been swamped at work lately. I will definitely get to this this week. The existing PR is pretty close to the finish line so it shouldn't take long. |
Ok, I think all concerns should be addressed, pending 1 unresolved conversation. To address #298, I brought back |
raw_sign
and raw_sign_prehashed
hazmat
module with ExpandedSecretKey
, raw_sign
, raw_sign_prehashed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From my point of view this is all we need and looks great. Thanks a lot for bringing back ExpandedSecretKey
as well.
Alright, @tarcieri ready to review. Sorry for the huge edits. This weirdly affected a lot of things. |
One nit on |
Co-authored-by: Tony Arcieri <bascule@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good now, although for bonus points an ExpandedSecretKey::from_slice
method and/or TryFrom<&[u8]>
impl would be nice.
Good idea, thanks! |
Any plans for the next (pre-)release? :) |
Seconded :) |
It's blocked on dalek-cryptography/curve25519-dalek#531 |
It's out |
This splits out the signing functionality we have into two new functions. Nothing changes underlyingly. The only difference is now users can use
raw_sign()
andraw_sign_prehashed()
if you enable theraw_sign
feature (anddigest
feature as well for the latter).Also this renames
ExpandedSecretKey::nonce
tohash_prefix
, because that's what it is, and it is absolutely used more than once.Fixes #298.
Why expose these functions
Our removal of the public
ExpandedSecretKey
API in #205 made it impossible for users to sign using anExpandedSecretKey
. The only way to sign now isSigningKey::sign
. The issue here is that some downstream users, as noted in #298, never actually saved theirSigningKey
, and only saved theExpandedSecretKey
. You cannot recover aSigningKey
from anExpandedSecretKey
, since the former is the seed whose hash is expanded to the latter. Thus, it is necessary to expose some lower-level way of computing signatures. There were a few levels of abstraction we could have picked here, and I'm open to suggestions.Separately, and I don't know how important this is, but these functions would allow someone to build BIP32-Ed25519 on top of this library, since
scalar
andhash_prefix
are explicit inputs to theraw_sign()
function.