[gnutls-devel] GnuTLS | pk: implement deterministic ECDSA/DSA for provable signing (!1051)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Tue Aug 6 10:57:51 CEST 2019
Daiki Ueno commented on a discussion on lib/crypto-backend.h: https://gitlab.com/gnutls/gnutls/merge_requests/1051#note_200585519
> int (*sign) (gnutls_pk_algorithm_t, gnutls_datum_t * signature,
> const gnutls_datum_t * data,
> const gnutls_pk_params_st *priv,
> - const gnutls_x509_spki_st *sign);
> + const gnutls_x509_spki_st *sign,
> + unsigned int flags);
I realized that the current code is not correct when hash algorithm doesn't match the q parameter. To support these exceptional cases we also need to propagate hash algorithm to `_wrap_nettle_pk_sign()`.
Maybe extending `gnutls_x509_spki_st` (or wrapping it in a new struct) would be simpler to implement it.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1051#note_200585519
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190806/93adf8c0/attachment-0001.html>
More information about the Gnutls-devel
mailing list