claucece
commented
1 year ago Hi @bhalleycf !
Thank you for the issue.
This code is part of a NIST submission for PQC Digital Signatures. Because of it, we follow the API requirements that are highlighted here: https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/example%20file/api-notes-pqc-dig-sig-page.pdf and stated here: https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/call-for-proposals-dig-sig-sept-2022.pdf We are compliant with those requirements: the reasoning for it, as far as we know, is that it forces users to verify the signature before looking at the message, which protects against misuse.
There is an internal API in mayo.h(https://github.com/PQCMayo/MAYO-C/blob/main/include/mayo.h).
Based on use cases I may have for Mayo, I have a few suggestions for this library:
1) Provide a detached signature API. Right now the signature API assumes you want to append the signed content to the end of the signature, but often you may just want the signature and not need to repeat the message. 2) Everything that takes unsigned char should also take an allocated length for the unsigned char , and check the length vs. requirements before copying. 3) Having smlen be a only an output of signing isn't very helpful, as you need to know about how big the signature + signed data will be to use it safely, so it would be better if you passed smlen in that could be checked rather than getting smlen set on output. (I suppose you could pass in available and pass out used, though this doesn't seem essential to me.) 4) The type of the length of an unsigned char should be a size_t and not an unsigned long long.