pkcs11 message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Groups - Post Quantum Signatures Multipart solution 2 uploaded
- From: Robert Relyea<rrelyea@redhat.com>
- To: <pkcs11@lists.oasis-open.org>
- Date: Thu, 4 May 2023 17:36:12 +0000 (UTC)
Submitter's message
The second option is to create a new C_VerifySignatureInit which includes the signature. If we add this function, I've suggested that all Mechanisms that support C_VerifyInit also support C_VerifySignatureInit(). The only difference is when the signature is supplied.
This one comes with some suboptions: how do we handle that the signature is passed to C_VerifySignatureInit() and C_Verify() and C_VerifyFinal().
We can ignore the one passed in C_Verify/C_VerifyFinal.
We can require the one passed in C_Verify/C_VerifyFinal to be NULL.
We can require the one passed in C_Verify/C_VerifyFinal to match the signature passed in C_VerifySignatureInit (with and without enforcement)
We must be explicit on this semantic in the spec.
We have the same options in the previous case, but in that case the signature is a mechanism parameter, so it's more of a side thing.
We could also make a full set:
C_VerifySignatureInit(), C_VerifySignatureUpdate, C_VerifySignature() and C_VerifySignatureFinal(). In that case the latter 2 would not take signatures, bypassing the whole thing
Note: we can adopt both option 1 (mechanism parameters) and option 2 (C_VerifySignatureInit). In that case we should make sure handling of the two sources of signatures is the same.
-- Mr. Robert Relyea
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]