-
Notifications
You must be signed in to change notification settings - Fork 136
DSA: Verifier
trait not implemented
#520
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comments
If you have a while message aggregated inside a byte slice and you want to verify it, you can do the following (replace let is_valid = verifying_key.verify_digest(Sha1::new_with_prefix(data)).is_ok(); This could maybe be added as to the documentation as reference. An implementation of the |
Fair enough, I have to add dsa support after I've done ed25519 and the latter had Thanks a lot for your answer! |
Both sets of traits can be implemented. We should do both unless there’s a complication I’m not thinking of. |
There shouldn't be any complications. The preferred hashing algorithm for DSA is SHA-1, if I'm not mistaken? |
Ugh, well at the very least that should be feature-gated due to the insecurity of SHA-1. Looking for relevant RFCs, I see a lot of Internet-Drafts to update the default hash algorithm for DSA, but none of them actually accepted as standards-track RFCs, e.g. |
RFC 5754 defines DSA with SHA-224 and SHA256. |
I had a quick look at this one. It seems RFC 5754 assumes an identifier is included to indicate what hash algorithm was used. So for a plain signature as used for |
I'd follow what was done for the RSA crate: turn the pub struct Signature {...}
impl signature::Signature for Signature {....}
pub struct SigningKey<D> where D: Digest {...}
impl<D> RandomizedSigner<Signature> for SigningKey<D> where D: Digest {....}
impl<D> RandomizedDigestSigner<Signature> for SigningKey<D> where D: Digest {....}
#[cfg(feature = "hazmat")]
impl<D> RandomizedPrehashSigner<Signature> for SigningKey<D> where D: Digest {....} |
In other words: let the caller code determine used digest algo and pass it as a generic argument. |
@lumag yeah exactly, if I'm reading RFC 5754 correctly it uses a similar OID-based approach to RSA, so we can do the exact same thing and query the OID via I would recommend SHA-256 as the default, as SHA-1 is insecure. |
This does mean that, within the same application, a produced |
@cobratbq I don't follow your complaint. You're arguing that using a generic parameter somehow reduces type safety? Safety around what, and compared to what alternative? |
@tarcieri If I use some |
But that example is using a generic parameter? I still don't follow. One complication in generic code is there are potentially multiple implementations of the same digest which should be treated the same even if they aren't the same type, such as wrappers for cryptographic accelerators. But the where D: AssociatedOid<OID = sha2::Sha256::OID> |
@tarcieri hmmm, I think it does. I get it now. |
PR #559 is a minimal implementation of |
I think this could be closed, as further changes depend on RustCrypto/traits#1141. |
Hi,
I'm in a case where I need to verify a signature done on a whole &[u8] rather than a digest and I see that the relevant method is in the
Verifier
trait but it is not implemented anywhere in thedsa
crate.Is that an oversight or it is something just waiting for a contribution? Or am I missing something?
Regards,
The text was updated successfully, but these errors were encountered: