Niels Möller writes:
> Daiki Ueno writes:
>
>> I have a slight feeling that the current API is not easy to use, as the
>> caller needs to instantiate both hash and HMAC contexts, as there are no
>> correlations between the two:
>
> On a more abstract level, are there any reasonable usecases for having
> one hash function for processing the message, and a different underlying
> hash function for the hmac used to produce the deterministic nonce?
Not that I know of. The RFC mandates the same hash function to be used
in both for processing the message and generating a nonce.
>> What would you say to introducing a specialized API, something like the
>> following?
>>
>> void
>> ecdsa_sha256_sign_deterministic (const struct ecc_scalar *key,
>>size_t length,
>>const uint8_t *message,
>>struct dsa_signature *signature);
>
> I think that could sense, but we also need an advertised api function
> that takes the digest as input, for applications that want to process
> the message using multiple _update calls.
I agree, that's a valid use-case. Perhaps this might suffice:
/* Sign DIGEST with KEY using deterministic nonce generation.
*
* DIGEST must be of the same length of SHA-256 output, that is 32
* octets long. */
void
ecdsa_sha256_sign_deterministic (const struct ecc_scalar *key,
const uint8_t *digest,
struct dsa_signature *signature);
Regards,
--
Daiki Ueno
___
nettle-bugs mailing list -- nettle-bugs@lists.lysator.liu.se
To unsubscribe send an email to nettle-bugs-le...@lists.lysator.liu.se