| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aXSxI9dxfAJ0tj14@kernel.org>
Date: Sat, 24 Jan 2026 13:46:43 +0200
From: Jarkko Sakkinen <jarkko@...nel.org>
To: David Howells <dhowells@...hat.com>
Cc: Lukas Wunner <lukas@...ner.de>, Ignat Korchagin <ignat@...udflare.com>,
Herbert Xu <herbert@...dor.apana.org.au>,
Eric Biggers <ebiggers@...nel.org>,
Luis Chamberlain <mcgrof@...nel.org>,
Petr Pavlu <petr.pavlu@...e.com>,
Daniel Gomez <da.gomez@...nel.org>,
Sami Tolvanen <samitolvanen@...gle.com>,
"Jason A . Donenfeld" <Jason@...c4.com>,
Ard Biesheuvel <ardb@...nel.org>,
Stephan Mueller <smueller@...onox.de>, linux-crypto@...r.kernel.org,
keyrings@...r.kernel.org, linux-modules@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v13 02/12] pkcs7: Allow the signing algo to calculate the
digest itself
On Wed, Jan 21, 2026 at 12:31:35PM +0000, David Howells wrote:
> Jarkko Sakkinen <jarkko@...nel.org> wrote:
>
> > I'd use the wording you used already in commit message, which
> > factors more descriptive than what you have here. E.g., name
> > it "external_digest".
>
> ML-DSA uses "external" to mean that the caller does the
> digestion/hashing/XOF-ing/whatever Eric wants to call it, but the caller also
> has to put other stuff into the digest/hash/XOF/thing that then gets passed to
> ML-DSA if it does this.
>
> For added confusion, the NIST FIPS tests seem to consider what this patch does
> as 'external' but an "external mu" as 'internal':
>
> "tgId": 1,
> "testType": "AFT",
> "parameterSet": "ML-DSA-44",
> "signatureInterface": "external",
> "preHash": "pure",
>
> vs:
>
> "tgId": 7,
> "testType": "AFT",
> "parameterSet": "ML-DSA-44",
> "signatureInterface": "internal",
> "externalMu": true,
>
> I haven't come up with a better name that particularly describes this. Maybe
> use "no_prehash" or "algo_takes_hash" or "algo_takes_data"?
>
> Maybe better than using a true/false value, use an enum?
>
> enum public_key_hash {
> ALGO_SIGNS_HASH, /* RSA, ECDSA, ... */
> ALGO_SIGNS_DATA, /* MLDSA, ... */
> };
I think this would be better idea, as it makes the states more explicit.
And I was actually considering to suggest enum so yeah, I'm on board
with this suggestion.
>
> David
>
BR, Jarkko
Powered by blists - more mailing lists