Niels Möller nisse@lysator.liu.se writes:
Daiki Ueno ueno@gnu.org writes:
I have a slight feeling that the current API is not easy to use, as the caller needs to instantiate both hash and HMAC contexts, as there are no correlations between the two:
On a more abstract level, are there any reasonable usecases for having one hash function for processing the message, and a different underlying hash function for the hmac used to produce the deterministic nonce?
Not that I know of. The RFC mandates the same hash function to be used in both for processing the message and generating a nonce.
What would you say to introducing a specialized API, something like the following?
void ecdsa_sha256_sign_deterministic (const struct ecc_scalar *key, size_t length, const uint8_t *message, struct dsa_signature *signature);
I think that could sense, but we also need an advertised api function that takes the digest as input, for applications that want to process the message using multiple _update calls.
I agree, that's a valid use-case. Perhaps this might suffice:
/* Sign DIGEST with KEY using deterministic nonce generation. * * DIGEST must be of the same length of SHA-256 output, that is 32 * octets long. */ void ecdsa_sha256_sign_deterministic (const struct ecc_scalar *key, const uint8_t *digest, struct dsa_signature *signature);
Regards,