Victor B. Wagner wrote: ...
the fact that EC_KEY doesn't contain a method pointer is intentional as the EC_KEY structure is/should be (ec) method indepent. Method depend information should be stored in the derived objects (i.e ECDSA_DATA and ECDH_DATA).
Yes. Problem is how to pass an information from the PKCS8/X509 parsing to real implementation of method.
If EVP_PKEY structure contains pointer to the method, it is easy.
it does
With EC_KEY there are two possibilities yet:
1. We don't need to distinguish between ECDH and ECDSA during key loading. Given the EVP_PKEY structure which contain nid of algoritm in the
save_type field, we can find out appropriate ECDSA or ECDH method
later.
2. We need to store algorithm specific parameters somewhere. In this case current EVP_PKEY structure is inappropriate for passing information from the PKCS8 to actual method implementation.
please have a look at ec_key_meth_st in ec.h and how it's used in ecdsa_data_st (in ecdsa.h). The type specific key attributes (including a method pointer) are stored in a kind of derived structure (ecdsa_data_st). If you need more information, feel free to ask ;-)
... > >3. To generalize the table of elliptic curves.
In the current version of OpenSSL a set of the supported elliptic curve parameters is hardcoded in crypto/ec/ec_curve.c
We propose to use the lhash table to handle elliptic curve parameters.
I would prefer I linked list instead of lhash
Why? lhash tables are already used in OpenSSL to store various tables. Why invent something new instead of reusing existing infrastructure?
a hash table is good if you want to have a mapping nid -> curve (or, as it's done in crypto/objects, some more keys (nid, sn, ln and oid) -> object) in case of ec curve parameters we got quite a lot of parameters and I'm not so sure which of these should be search keys + I don't think the number of groups ,and hence the performance advantage of lhash, justifies the added complexity (note: this is just my personal opinion).
what parameter do the GOST signatures curve have ? (I guess there's no non-russian description of this alg)
GOST doesn't specify set of parameters.
what does GOST specify ? Doesn't is specifiy certain cryptographic algs to be used for signature generation ?
...
8. Provide callbacks for packing and unpacking of a signature objects
These callbacks already exist in the message digest structure.
ops, I mean a function for the signatureAlgorithm field of a signature
Cheers, Nils ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]