The `ed25519` v2.2.0 crate bumps the `pkcs8` dependency to v0.10.
This updates `ed25519` to the latest version and updates the PKCS#8
support to use the new API.
Previously it was a 2-tuple containing a `CompressedEdwardsY`
serialization and a decompressed `EdwardsPoint`, however using
`.0` and `.1` for these respectively makes the code hard to read.
This commit changes them to `compressed` and `point`, which as it were
are the names of the local variables used when constructing a
`VerifyingKey`, which improves clarity.
* Added items to changelog for 2.0 release
* Removed unnecessary uses of std in doctests
* Gated `Context` behind `digest`
* Fixed noncompiling doctest when only `digest` is enabled
* README feature flag list mostly done
* Copied changelog to readme
* Redid the malleability section in README
* Added CONTRIBUTING.md
* Bumped version number to 2.0.0-pre.0; small changes to README
* Updated changelog for #277
* Added pem feature description
Co-authored-by: pinkforest(she/her) <36498018+pinkforest@users.noreply.github.com>
* Add `Context` type
Adds a generic type which can be used with `SigningKey` and
`VerifyingKey` for storing a context string value along with the key for
use with `DigestSigner` and `DigestVerifier`.
* Added Context tests, docs, and re-exports
* Added docs about SHA-512 for prehashing; re-re-exported Sha512
Co-authored-by: Tony Arcieri <bascule@gmail.com>
Co-authored-by: Michael Rosenberg <michael@mrosenberg.pub>
The original v2.0.0 release has been yanked.
This release includes a different infallible parsing API which can be
used to eliminate some usages of `unwrap()`.
* Made all signature R comparisons byte-wise
* Use Scalar::from_bits_clamped rather than manually clamping
* Added clippy lints and comments for use of unwrap()
* Clarify use of unused
* Impl `signature::Digest*` traits for Ed25519ph
Adds the following trait impls:
- impl DigestSigner for SigningKey
- impl DigestVerifier for VerifyingKey
These traits can be used to create and verify Ed25519 signatures,
thunking to `SigningKey::sign_prehashed` and
`VerifyingKey::verify_prehashed` respectively.
* Add rustdoc comments for trait impls
* Add on-by-default `fast` crate feature
Disabling the feature reduces overall code size at the cost of
performance, which is useful for e.g. embedded users.
This feature transitively enables the `basepoint-tables` feature in
`curve25519-dalek` where the basepoint tables are actually defined.
* Consolidated a lot of verification code
* Bump `curve25519-dalek`; use `precomputed-tables` feature
The feature name changed in dalek-cryptography/curve25519-dalek#499
Co-authored-by: Michael Rosenberg <michael@mrosenberg.pub>
digest isn't yet stable but we have use it in the public API.
This makes the digest API optional to use in opt-in basis by
feature gating this via an optional digest feature.
API items now feature-gated:
- `pub use ed25519_dalek::Digest`
- `SigningKey::sign_prehashed(D: prehashed_message, ..)`
- `SigningKey::verify_prehashed(D: prehahed_message, ..)`
- `VerifyingKey::verify_prehashed(D: prehashed_message, ..)`
- `VerifyingKey::verify_prehashed_strict(D: prehashed_message, ..)`
Also no longer re-exporting `sha2::Sha512`
Updates to the latest upstream changes in `curve25519-dalek`, including
using the new `EdwardsPoint::mul_base` API.
To keep the build deterministic, this also checks in Cargo.lock, which
pins `curve25519-dalek` to a particular git commit SHA which can be
updated using `cargo update -p curve25519-dalek`.
We can potentially remove `Cargo.lock` again after a crate release.
Calls the inherent `SigningKey::verifying_key` method using `From`
conversions.
This replaces vestigial impl for `SecretKey` which is now an alias for
`[u8; 32]`.
* Fixed bench when `batch` feature is not present
* Added bench build regression test to CI
* Fixed batch build more generally
* Simplified batch cfg gates in benches
* Updated criterion
* Made CI batch-nondeterministic test use nostd
* Fix batch_deterministic build
* Removed bad compile error when batch and batch_deterministic are selected
This enables activating the `alloc` and `std` features without
unnecessarily pulling in optional dependencies like `rand` and `serde`.
It also fixes tests for `--no-default-features` (w\ `--lib` only)
- Add Clippy to CI
- Rename InternalError variants without redundant Error suffix
- Rename to_bytes to as_bytes on well known naming
- Fix Redundant refs
- Fix redundant lifetimes
- Fix late declarations
Change from_bytes methods to take `&[u8; N]` argument (with `N`
appropriate for given type) rather than `&[u8]`. This harmonises
the convention with SigningKey and ed25519::Signature; helps type
inference; and allows users to assert bytes size to be asserted at
compile time.
Creating from a slice is still possible via `TryFrom<&[u8]>` trait.
This is an API breaking change. The simplest way to update existing
code is to replace Foo::from_bytes with Foo::try_from. This should
cover majority of uses.
* Rename `signing` and `verifying` modules
Renames the following modules:
- `keypair` => `signing`
- `public` => `verifying`
Renaming these in an individual commit preserves the commit history.
This is in anticipation of renaming the following per #225:
- `Keypair` => `SigningKey`
- `PublicKey` => `VerifyingKey`
* Rename `Keypair` => `SigningKey`; `PublicKey` => `VerifyingKey`
As proposed in #225, renames key types after their roles:
- `SigningKey` produces signatures
- `VerifyingKey` verifies signatures
The `SecretKey` type is changed to a type alias for `[u8; 32]`, which
matches the RFC8032 definition:
https://www.rfc-editor.org/rfc/rfc8032#section-5.1.5
> The private key is 32 octets (256 bits, corresponding to b) of
> cryptographically secure random data.
Adds optional integration with `ed25519::pkcs8` with support for
decoding/encoding `Keypair` from/to PKCS#8-encoded documents as well as
`PublicKey` from/to SPKI-encoded documents.
Includes test vectors generated for the `ed25519` crate from:
https://github.com/RustCrypto/signatures/tree/master/ed25519/tests/examples
curve25519-dalek:
- Enables `digest` and `rand_core` features
- Removes transitive `nightly`, `simd_backend`, and `std` features
ed25519:
- `AsRef` impl for `Signature` has been removed; uses `to_bytes`
- Uses `try_from` for `InternalSignature` conversion
GitHub Actions runners are not guaranteed to have the necessary CPU
features in order for these tests to work.
Uses a `--target x86_64-unknown-linux-gnu` directive when compiling so
the `target_feature` flags don't apply to build scripts.
- Consolidate `test` jobs: this allows reusing intermediate artifacts
between tests which should improve build times, and also make it
easier to test additional features in the future
- Switch to `dtolnay/rust-toolchain` for setting up toolchain
- Bump checkout to `actions/checkout@3`
- Switch to `run` directives for invoking Cargo: it's more
straightforward to just call Cargo than use a DSL from an unmaintained
action, and eliminates the 3rd party dependency
