Niels Möller nisse@lysator.liu.se writes:
Daiki Ueno ueno@gnu.org writes:
The attached patch adds support for the deterministic DSA and ECDSA, as defined in RFC 6979, which enables us to use the signing function without randomness.
Thanks, I've had a first read, and added some comments on your MR (https://git.lysator.liu.se/nettle/nettle/-/merge_requests/64).
Thank you; I updated the MR to address those comments.
I have a slight feeling that the current API is not easy to use, as the caller needs to instantiate both hash and HMAC contexts, as there are no correlations between the two:
struct sha256_ctx sha256; sha256_init (&sha256); sha256_update (&sha256, length, message); sha256_digest (&sha256, SHA256_DIGEST_SIZE, digest);
struct hmac_sha256_ctx hmac_sha256; ecdsa_sign_deterministic (&key, &hmac_sha256, &nettle_hmac_sha256, digest, &sig);
What would you say to introducing a specialized API, something like the following?
void ecdsa_sha256_sign_deterministic (const struct ecc_scalar *key, size_t length, const uint8_t *message, struct dsa_signature *signature);
Regards,