> [li...@kaiser.cx - Mon Jun 22 22:13:42 2009]: > > Steve, all, > > > The new pkey API was designed to avoid tieing digests to signature > > algorithms (e.g. sha1 can now be used to handle RSA and DSA signatures). > > i.e. you're going to remove the pkey_type field in the EVP_MD structure? >
Well that can stay for compatibility reasons. The actual "link" was that before 1.0.0 you could only sign using EVP_sha1() with RSA keys, DSA keys needed a bogus EVP_dss1() "clone" digest. Similarly for other digests and public key algorithms needed this stuff. There were horrible hacks all over the place to switch to the correct bogus digest type. That's gone now. > > Having looked through the API and standards it seems this can't be > > avoided without some extensions to the EVP_PKEY API. > > Some unsorted thoughts: > > RSA_PKEY_CTX already contains the required fields to store some of the PSS > parameters. The mask generation function and its parameters are missing. > The low-level routines have MGF1 hard-coded, the digest for MGF1 must be > the same as for the entire PSS. This is not a big limitation. > > An RSA key in an X.509 certificate looks exactly the same, no matter if > the signature is PKCSv1.5 or PSS. > Well there is also a PSS key type which is RSA+restrictions defined in PKCS#1 2.0. That's an RSA key that can *only* be used with PSS. > The decision table in obj_xref.txt seems to be the problem. This doesn't > work for PSS, you can't determine the digest without parsing the PSS > parameters. > Yes, probably will need a special value for the digest type NID_undef for example which means "the public key algorithm method will work out the digest type". > We'll need a way to set these parameters in the EVP_PKEY_CTX or > RSA_PKEY_CTX respectively. I've (ab)used the md_ctrl function for this. > Could we just add a similar function pointer directly to the > EVP_PKEY_CTX structure? > That's what I'm considering. We pass (say) a NULL for the digest type in EVP_DigestVerifyInit() and call a ctrl in the associated public key method to let it decide which digest and parameters to use. The functionality isn't in EVP_DigestVerifyInit() yet it just uses a "default" digest if NULL is passed in. > > Do you have some examples of certificates signed with PSS? They would be > > useful for testing purposes. > > I've uploaded sample certificates to > > http://www.kaiser.cx/x509Pss.html > Thanks. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
