feat(api)!: Make SignKM accept generic crypto.Signer

9elements / converged-security-suite

Converged Security Suite for Intel & AMD platform security features

https://www.9esec.io

BSD 3-Clause "New" or "Revised" License

58 stars 15 forks source link

feat(api)!: Make SignKM accept generic crypto.Signer #392

Open werwurm opened 2 months ago

werwurm commented 2 months ago

Accepting crypto.PrivateKey uneccessarily restricts this library to software crypto algorithms provided by the golang crypto packages. By allowing the more generic crypto.Signer interface alternative implementations, e.g., backed by HSMs, can be supported.

werwurm commented 2 months ago

I realize that this changes the API. It could be hidden by adding new API, e.g., SignKMGeneric. Let me know what you think.

Also, to really make use of this change, the fiano back end needs to be changed. Which I have proposed here [1] [2]

[1] https://github.com/linuxboot/fiano/issues/421 [2] https://github.com/linuxboot/fiano/pull/420

walterchris commented 2 months ago

Could you satisfy the linter? :)

werwurm commented 2 months ago

Could you satisfy the linter? :)

Sure thing. I hope this fixes it. commitlint is new to me. So bare with me, please. Is the final commit message constructed from the pull request or from the commit on the feature branch?

walterchris commented 2 months ago

We will rebase and cherry pick the commits - so no squash here :)