The original v2.0.0 release has been yanked.
This release includes a different infallible parsing API which can be
used to eliminate some usages of `unwrap()`.
* Made all signature R comparisons byte-wise
* Use Scalar::from_bits_clamped rather than manually clamping
* Added clippy lints and comments for use of unwrap()
* Clarify use of unused
* Impl `signature::Digest*` traits for Ed25519ph
Adds the following trait impls:
- impl DigestSigner for SigningKey
- impl DigestVerifier for VerifyingKey
These traits can be used to create and verify Ed25519 signatures,
thunking to `SigningKey::sign_prehashed` and
`VerifyingKey::verify_prehashed` respectively.
* Add rustdoc comments for trait impls
* Add on-by-default `fast` crate feature
Disabling the feature reduces overall code size at the cost of
performance, which is useful for e.g. embedded users.
This feature transitively enables the `basepoint-tables` feature in
`curve25519-dalek` where the basepoint tables are actually defined.
* Consolidated a lot of verification code
* Bump `curve25519-dalek`; use `precomputed-tables` feature
The feature name changed in dalek-cryptography/curve25519-dalek#499
Co-authored-by: Michael Rosenberg <michael@mrosenberg.pub>
digest isn't yet stable but we have use it in the public API.
This makes the digest API optional to use in opt-in basis by
feature gating this via an optional digest feature.
API items now feature-gated:
- `pub use ed25519_dalek::Digest`
- `SigningKey::sign_prehashed(D: prehashed_message, ..)`
- `SigningKey::verify_prehashed(D: prehahed_message, ..)`
- `VerifyingKey::verify_prehashed(D: prehashed_message, ..)`
- `VerifyingKey::verify_prehashed_strict(D: prehashed_message, ..)`
Also no longer re-exporting `sha2::Sha512`
Updates to the latest upstream changes in `curve25519-dalek`, including
using the new `EdwardsPoint::mul_base` API.
To keep the build deterministic, this also checks in Cargo.lock, which
pins `curve25519-dalek` to a particular git commit SHA which can be
updated using `cargo update -p curve25519-dalek`.
We can potentially remove `Cargo.lock` again after a crate release.
Calls the inherent `SigningKey::verifying_key` method using `From`
conversions.
This replaces vestigial impl for `SecretKey` which is now an alias for
`[u8; 32]`.
* Fixed bench when `batch` feature is not present
* Added bench build regression test to CI
* Fixed batch build more generally
* Simplified batch cfg gates in benches
* Updated criterion
* Made CI batch-nondeterministic test use nostd
* Fix batch_deterministic build
* Removed bad compile error when batch and batch_deterministic are selected
This enables activating the `alloc` and `std` features without
unnecessarily pulling in optional dependencies like `rand` and `serde`.
It also fixes tests for `--no-default-features` (w\ `--lib` only)
- Add Clippy to CI
- Rename InternalError variants without redundant Error suffix
- Rename to_bytes to as_bytes on well known naming
- Fix Redundant refs
- Fix redundant lifetimes
- Fix late declarations
Change from_bytes methods to take `&[u8; N]` argument (with `N`
appropriate for given type) rather than `&[u8]`. This harmonises
the convention with SigningKey and ed25519::Signature; helps type
inference; and allows users to assert bytes size to be asserted at
compile time.
Creating from a slice is still possible via `TryFrom<&[u8]>` trait.
This is an API breaking change. The simplest way to update existing
code is to replace Foo::from_bytes with Foo::try_from. This should
cover majority of uses.
* Rename `signing` and `verifying` modules
Renames the following modules:
- `keypair` => `signing`
- `public` => `verifying`
Renaming these in an individual commit preserves the commit history.
This is in anticipation of renaming the following per #225:
- `Keypair` => `SigningKey`
- `PublicKey` => `VerifyingKey`
* Rename `Keypair` => `SigningKey`; `PublicKey` => `VerifyingKey`
As proposed in #225, renames key types after their roles:
- `SigningKey` produces signatures
- `VerifyingKey` verifies signatures
The `SecretKey` type is changed to a type alias for `[u8; 32]`, which
matches the RFC8032 definition:
https://www.rfc-editor.org/rfc/rfc8032#section-5.1.5
> The private key is 32 octets (256 bits, corresponding to b) of
> cryptographically secure random data.
Adds optional integration with `ed25519::pkcs8` with support for
decoding/encoding `Keypair` from/to PKCS#8-encoded documents as well as
`PublicKey` from/to SPKI-encoded documents.
Includes test vectors generated for the `ed25519` crate from:
https://github.com/RustCrypto/signatures/tree/master/ed25519/tests/examples
curve25519-dalek:
- Enables `digest` and `rand_core` features
- Removes transitive `nightly`, `simd_backend`, and `std` features
ed25519:
- `AsRef` impl for `Signature` has been removed; uses `to_bytes`
- Uses `try_from` for `InternalSignature` conversion
GitHub Actions runners are not guaranteed to have the necessary CPU
features in order for these tests to work.
Uses a `--target x86_64-unknown-linux-gnu` directive when compiling so
the `target_feature` flags don't apply to build scripts.
- Consolidate `test` jobs: this allows reusing intermediate artifacts
between tests which should improve build times, and also make it
easier to test additional features in the future
- Switch to `dtolnay/rust-toolchain` for setting up toolchain
- Bump checkout to `actions/checkout@3`
- Switch to `run` directives for invoking Cargo: it's more
straightforward to just call Cargo than use a DSL from an unmaintained
action, and eliminates the 3rd party dependency
Also bumps these corresponding dependencies which are needed for everything to compile with this update:
* `merlin` v3.0
* `rand` v0.8
* `rand_core` v0.6
* `sha2` v0.10
This fix eliminates a scenario where a user misuses the `ExpandedSecretKey` API
in a way that leaks the user's secret key. In short, if a user sends
`ExpandedSecretKey::sign(sk, msg, pk1)` followed by
`ExpandedSecretKey::sign(sk, msg, pk2)`, where `pk1 != pk2`, a passive
adversary [can easily][0] derive `sk`. To mitigate this, we remove the API
entirely.
[0]: https://github.com/MystenLabs/ed25519-unsafe-libs
