[haiku-development] Re: Design for signed packages

  • From: Jonathan Schleifer <js-haiku-development@xxxxxxxxxxx>
  • To: haiku-development@xxxxxxxxxxxxx
  • Date: Sat, 22 Mar 2014 22:55:34 +0100

Am 22.03.2014 um 22:37 schrieb Jonathan Schleifer 
<js-haiku-development@xxxxxxxxxxx>:

> Am 22.03.2014 um 22:28 schrieb Jonathan Schleifer 
> <js-haiku-development@xxxxxxxxxxx>:
> 
>>> signature will be an Ed25519 signature of the SHA-256 hash of the 
>>> uncompressed heap.
> 
> Actually, that doesn't make any sense and it slipped me while reading over 
> it. Looking at the implementation of Ed25519, it already seems to do the 
> hashing, so it will be just the Ed25519 signature of the uncompressed heap, 
> of course.

Looking some more at it: It copies the whole message, so either we need to 
change the reference implementation to not do that, or use my original approach 
and hash first. The message it signs is of variable length and I could not find 
a maximum length, so in theory, it should work if we patch it to not copy the 
message. I'll try to contact djb and ask him what he thinks is the right 
approach.

--
Jonathan

Other related posts: