mirror of
https://github.com/MariaDB/server.git
synced 2025-01-27 01:04:19 +01:00
353f904ea9
apply the fix from MXS-4686 |
||
---|---|---|
.. | ||
ref10 | ||
client_ed25519.c | ||
CMakeLists.txt | ||
common.h | ||
crypto_hash_sha512.h | ||
crypto_int32.h | ||
crypto_int64.h | ||
crypto_sign.h | ||
crypto_uint32.h | ||
crypto_uint64.h | ||
crypto_verify.h | ||
crypto_verify_32.h | ||
ed25519-t.c | ||
README | ||
server_ed25519.c |
This plugin uses public domain ed25519 code by Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, Bo-Yin Yang. It is "ref10" implementation from the SUPERCOP: https://bench.cr.yp.to/supercop.html OpenSSH also uses ed25519 from SUPERCOP, but "ref" implementation. There are four ed25519 implementations in SUPERCOP, ref10 is faster then ref, and there are two that are even faster, written in amd64 assembler. Benchmarks are here: https://bench.cr.yp.to/impl-sign/ed25519.html ============================== MariaDB changes: API functions were simplified to better fit our use case: * crypto_sign_open() does not return the verified message, only the result of the verification (passed/failed) * no secret key is generated explicitly, user specified password is used as a source of randomness instead (SHA512("user password")). * lengths are not returned, where they're known in advance (e.g. from crypto_sign()). * crypto_sign() does not take the public key as an argument, but generates it on the fly (we used to generate public key before crypto_sign(), doing it internally avoids double work). See the changes done in this commit.