[gnutls-devel] GnuTLS | Draft: Single shot signing (!2066)

[Read-only notification of GnuTLS library development activities]

Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2066

Project:Branches: dueno/gnutls:wip/dueno/single-shot-signing to gnutls/gnutls:master
Author:   Daiki Ueno



<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

This makes the single-shot signing behavior (on the contrary to prehashed) the primary signing interface of crypto-backend.

* pk: rely on single-shot signing behavior of crypto backend

Now that hashing is done in crypto backend by default, stop doing that
at the abstract key API level and just pass the original data to
crypto backend. This also removes privkey_sign_and_hash_data as it
would be identical to privkey_sign_raw_data.

* pk, nettle: use and honor GNUTLS_PK_FLAG_PREHASHED

This sets GNUTLS_PK_FLAG_PREHASHED to signing parameters where
appropriate, and make the nettle crypto backend respect the flag.

* crypto-backend: add GNUTLS_PK_FLAG_PREHASHED flag

The flag indicates that the input to .sign and .verify backend
functions are provided with hashed data, instead of the entire data.

* algorithms: move no_prehashed flag from pubkey to sign

That way we can add prehashed signing algorithms without adding the
corresponding pubkey algorithms.

* pk: move DigestInfo encoding into crypto backend

Previously, the conversion of hash into PKCS#1 DigestInfo was done in
the abstract key API. To give the crypto backend, such as nettle and
PKCS#11, move the logic there.

* pk: inline pk_hash_data

This function is only used by privkey_sign_and_hash_data, where it
provides a wrapper around _gnutls_hash_fast. Better inline it at the
caller and avoid pre-allocation of the buffer.

* nettle: fix comment indentation

These were a left-over when we previously reformatted the code using
GNU indent; clang-format doesn't take into account of comments.

## Checklist
 * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2066
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20260212/26421e93/attachment.html>