mirror of
https://github.com/MariaDB/server.git
synced 2025-07-14 07:18:12 +02:00
b9a20752a9
Shows up on test plugins.auth_ed25519. There isn't the import to define uchar so left as unsigned char. |
||
|---|---|---|
| .. | ||
| ref10 | ||
| client_ed25519.c | ||
| CMakeLists.txt | ||
| common.h | ||
| crypto_hash_sha512.h | ||
| crypto_int32.h | ||
| crypto_int64.h | ||
| crypto_sign.h | ||
| crypto_uint32.h | ||
| crypto_uint64.h | ||
| crypto_verify.h | ||
| crypto_verify_32.h | ||
| ed25519-t.c | ||
| README | ||
| server_ed25519.c | ||
This plugin uses public domain ed25519 code
by Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, Bo-Yin Yang.
It is "ref10" implementation from the SUPERCOP:
https://bench.cr.yp.to/supercop.html
OpenSSH also uses ed25519 from SUPERCOP, but "ref" implementation.
There are four ed25519 implementations in SUPERCOP, ref10 is faster then ref,
and there are two that are even faster, written in amd64 assembler.
Benchmarks are here: https://bench.cr.yp.to/impl-sign/ed25519.html
==============================
MariaDB changes:
API functions were simplified to better fit our use case:
* crypto_sign_open() does not return the verified message, only the
result of the verification (passed/failed)
* no secret key is generated explicitly, user specified password is used
as a source of randomness instead (SHA512("user password")).
* lengths are not returned, where they're known in advance
(e.g. from crypto_sign()).
* crypto_sign() does not take the public key as an argument, but
generates it on the fly (we used to generate public key before
crypto_sign(), doing it internally avoids double work).
See the changes done in this commit.