* chore: Release 2.0.0-rc.3
* cargo update -p curve25519-dalek
* Removed some old backend selection prose and env vars
---------
Co-authored-by: Michael Rosenberg <michael@mrosenberg.pub>
* Updated to new curve25519 scalar API
* Made ExpandedSecretKey.scalar_bytes unclamped; clamping occurs in all scalar-point multiplication
* Added legacy compat deprecation notice
* Removed deprecation notice on check_scalar
* Removed unnecessary unwraps
* Added raw_sign() and raw_sign_prehashed() functions
* Renamed `nonce` to `hash_prefix` in signing because it's really not a nonce
* Moved raw signing to hazmat module
* impl From<EdwardsPoint> for VerifyingKey
* Brought back ExpandedSecretKey; made raw_* functions take it as input
* Added remaining features to docs.rs feature set
* Removed redundant ExpandedSecretKey def; made raw signing use a generic CtxDigest
* Implemented raw_verify with generic CtxDigest
* Implemented raw_verify_prehashed with generic MsgDigest and CtxDigest
* Wrote hazmat tests; fixed errors; switched ordering of MsgDigest and CtxDigest
* Updated changelog
* ExpandedSecretKey::from_bytes takes an array and is now infallible
* Add TODO comment for split_array_ref
* Added from_slice and TryFrom<&[u8]> for ExpandedSecretKey
---------
Co-authored-by: Tony Arcieri <bascule@gmail.com>
* Add `Scalar` and `MontgomeryPoint` conversions
- Adds `SigningKey::to_scalar` to extract the private scalar
- Adds `VerifyingKey::to_montgomery` to map the verifying key's
`EdwardsPoint` to a `MontgomeryPoint`
- Also adds corresponding `From<&T>` impls which call the inherent
methods.
This is useful for systems which are keyed using Ed25519 keys which
would like to use X25519 for D-H. Having inherent methods means it's
possible to call these methods without having to import `Scalar` and
`MontgomeryPoint` from `curve25519-dalek`.
This is of course a bit circuitous: we could just multiply `Scalar` by
`EdwardsPoint` and use the resulting `EdwardsPoint` as the D-H shared
secret, however it seems many protocols have adopted this approach of
mapping to `MontgomeryPoint` and using that for the shared secret, since
X25519 is traditionally used for ECDH with Curve25519.
* Add reference to eprint 2021/509
* Basic X25519 Diffie-Hellman test
* Add no_std to CI
* Add serde to no_std feature test
* Try out cargo hack
* No serde - expect success
* Add build for no-default-features
* Exclude default
The `ed25519` v2.2.0 crate bumps the `pkcs8` dependency to v0.10.
This updates `ed25519` to the latest version and updates the PKCS#8
support to use the new API.
Previously it was a 2-tuple containing a `CompressedEdwardsY`
serialization and a decompressed `EdwardsPoint`, however using
`.0` and `.1` for these respectively makes the code hard to read.
This commit changes them to `compressed` and `point`, which as it were
are the names of the local variables used when constructing a
`VerifyingKey`, which improves clarity.
* Added items to changelog for 2.0 release
* Removed unnecessary uses of std in doctests
* Gated `Context` behind `digest`
* Fixed noncompiling doctest when only `digest` is enabled
* README feature flag list mostly done
* Copied changelog to readme
* Redid the malleability section in README
* Added CONTRIBUTING.md
* Bumped version number to 2.0.0-pre.0; small changes to README
* Updated changelog for #277
* Added pem feature description
Co-authored-by: pinkforest(she/her) <36498018+pinkforest@users.noreply.github.com>
* Add `Context` type
Adds a generic type which can be used with `SigningKey` and
`VerifyingKey` for storing a context string value along with the key for
use with `DigestSigner` and `DigestVerifier`.
* Added Context tests, docs, and re-exports
* Added docs about SHA-512 for prehashing; re-re-exported Sha512
Co-authored-by: Tony Arcieri <bascule@gmail.com>
Co-authored-by: Michael Rosenberg <michael@mrosenberg.pub>
The original v2.0.0 release has been yanked.
This release includes a different infallible parsing API which can be
used to eliminate some usages of `unwrap()`.
* Made all signature R comparisons byte-wise
* Use Scalar::from_bits_clamped rather than manually clamping
* Added clippy lints and comments for use of unwrap()
* Clarify use of unused
* Impl `signature::Digest*` traits for Ed25519ph
Adds the following trait impls:
- impl DigestSigner for SigningKey
- impl DigestVerifier for VerifyingKey
These traits can be used to create and verify Ed25519 signatures,
thunking to `SigningKey::sign_prehashed` and
`VerifyingKey::verify_prehashed` respectively.
* Add rustdoc comments for trait impls
* Add on-by-default `fast` crate feature
Disabling the feature reduces overall code size at the cost of
performance, which is useful for e.g. embedded users.
This feature transitively enables the `basepoint-tables` feature in
`curve25519-dalek` where the basepoint tables are actually defined.
* Consolidated a lot of verification code
* Bump `curve25519-dalek`; use `precomputed-tables` feature
The feature name changed in dalek-cryptography/curve25519-dalek#499
Co-authored-by: Michael Rosenberg <michael@mrosenberg.pub>
digest isn't yet stable but we have use it in the public API.
This makes the digest API optional to use in opt-in basis by
feature gating this via an optional digest feature.
API items now feature-gated:
- `pub use ed25519_dalek::Digest`
- `SigningKey::sign_prehashed(D: prehashed_message, ..)`
- `SigningKey::verify_prehashed(D: prehahed_message, ..)`
- `VerifyingKey::verify_prehashed(D: prehashed_message, ..)`
- `VerifyingKey::verify_prehashed_strict(D: prehashed_message, ..)`
Also no longer re-exporting `sha2::Sha512`
Updates to the latest upstream changes in `curve25519-dalek`, including
using the new `EdwardsPoint::mul_base` API.
To keep the build deterministic, this also checks in Cargo.lock, which
pins `curve25519-dalek` to a particular git commit SHA which can be
updated using `cargo update -p curve25519-dalek`.
We can potentially remove `Cargo.lock` again after a crate release.
Calls the inherent `SigningKey::verifying_key` method using `From`
conversions.
This replaces vestigial impl for `SecretKey` which is now an alias for
`[u8; 32]`.
* Fixed bench when `batch` feature is not present
* Added bench build regression test to CI
* Fixed batch build more generally
* Simplified batch cfg gates in benches
* Updated criterion
* Made CI batch-nondeterministic test use nostd
* Fix batch_deterministic build
* Removed bad compile error when batch and batch_deterministic are selected
This enables activating the `alloc` and `std` features without
unnecessarily pulling in optional dependencies like `rand` and `serde`.
It also fixes tests for `--no-default-features` (w\ `--lib` only)
- Add Clippy to CI
- Rename InternalError variants without redundant Error suffix
- Rename to_bytes to as_bytes on well known naming
- Fix Redundant refs
- Fix redundant lifetimes
- Fix late declarations
