Niels Möller <ni...@lysator.liu.se> writes: > Daiki Ueno <u...@gnu.org> writes: > >> I have a slight feeling that the current API is not easy to use, as the >> caller needs to instantiate both hash and HMAC contexts, as there are no >> correlations between the two: > > On a more abstract level, are there any reasonable usecases for having > one hash function for processing the message, and a different underlying > hash function for the hmac used to produce the deterministic nonce?
Not that I know of. The RFC mandates the same hash function to be used in both for processing the message and generating a nonce. >> What would you say to introducing a specialized API, something like the >> following? >> >> void >> ecdsa_sha256_sign_deterministic (const struct ecc_scalar *key, >> size_t length, >> const uint8_t *message, >> struct dsa_signature *signature); > > I think that could sense, but we also need an advertised api function > that takes the digest as input, for applications that want to process > the message using multiple _update calls. I agree, that's a valid use-case. Perhaps this might suffice: /* Sign DIGEST with KEY using deterministic nonce generation. * * DIGEST must be of the same length of SHA-256 output, that is 32 * octets long. */ void ecdsa_sha256_sign_deterministic (const struct ecc_scalar *key, const uint8_t *digest, struct dsa_signature *signature); Regards, -- Daiki Ueno _______________________________________________ nettle-bugs mailing list -- nettle-bugs@lists.lysator.liu.se To unsubscribe send an email to nettle-bugs-le...@lists.lysator.liu.se