From c47d4001033f68212d2847b3074a0bdda990342e Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 4 Sep 2013 11:20:57 +0200 Subject: Prepare support for EdDSA. * src/cipher.h (PUBKEY_FLAG_EDDSA): New. * cipher/pubkey.c (pubkey_verify): Repalce args CMP and OPAQUEV by CTX. Pass flags and hash algo to the verify function. Change all verify functions to accept these args. (sexp_data_to_mpi): Implement new flag "eddsa". (gcry_pk_verify): Pass CTX instead of the compare function to pubkey_verify. * cipher/ecc.c (sign): Rename to sign_ecdsa. Change all callers. (verify): Rename to verify_ecdsa. Change all callers. (sign_eddsa, verify_eddsa): New stub functions. (ecc_sign): Divert to sign_ecdsa or sign_eddsa. (ecc_verify): Divert to verify_ecdsa or verify_eddsa. --- doc/gcrypt.texi | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) (limited to 'doc/gcrypt.texi') diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 770a2451..4c8cdb15 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -2364,6 +2364,7 @@ Here, the data to be signed is directly given as an @var{MPI}. @noindent For DSA the input data is expected in this format: + @example (data (flags raw) @@ -2411,11 +2412,28 @@ S-expression returned is: @end example Where @var{r-mpi} and @var{s-mpi} are the result of the DSA sign -operation. For Elgamal signing (which is slow, yields large numbers -and probably is not as secure as the other algorithms), the same format is -used with "elg" replacing "dsa"; for ECDSA signing, the same format is used +operation. + +For Elgamal signing (which is slow, yields large numbers and probably +is not as secure as the other algorithms), the same format is used +with "elg" replacing "dsa"; for ECDSA signing, the same format is used with "ecdsa" replacing "dsa". +For the EdDSA algorithm (cf. Ed25515) the required input parameters are: + +@example +(data + (flags eddsa) + (hash-algo sha-512) + (value @var{message})) +@end example + +Note that the @var{message} may be of any length; hashing is part of +the algorithm. Using a large data block for @var{message} is not +suggested; in that case the used protocol should better require that a +hash of the message is used as input to the EdDSA algorithm. + + @end deftypefun @c end gcry_pk_sign -- cgit v1.2.1