Closed
Conversation
Reinstate Ed25519 algorithm to curv25519.c this is largely just a copy of the code from BoringSSL with some adjustments so it compiles under OpenSSL.
Rename and change ED25519_keypair_from_seed to ED25519_public_from_private to be consistent with X25519 API. Modidy ED25519_sign to take separate public key argument instead of requiring it to follow the private key.
Make X25519 key method more flexible by removing hard coding of NID_X25519 OID. Since the parameters and key syntax between ED25519 and X25519 are almost identical they can share a lot of common code.
Since ED25519 doesn't use EVP_Digest* it needs custom sign/verify routines to handle ASN.1 signatures.
Add Ed25519 certificate verify test using certificate from draft-ietf-curdle-pkix-04 and custom generated root certificate.
Contributor
Author
|
Note: I'll look into adding a message sign/verify version of this which will avoid the special cases. Updated PR coming soon... |
Contributor
Author
|
Note: TLS support will be a separate PR. |
Contributor
Author
|
Closing this for now.. will open a new PR with a different approach. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Checklist
This adds support for Ed25519 sign and verify including ASN.1 sign/verify
The low level code is taken from the code we initially cut out from the BoringSSL import, modified slightly to fit the current curve25519.c and to make the API a little more consistent with the X25519 version.
WIP because this uses a new technique for signing (pass the message to be signed directly to EVP_PKEY_sign) and the low level code needs some more scrutiny.