Open maxtropets opened 1 day ago
maxtropets
commented
18 hours ago A sketch partially displaying the current state.
I'm confused about a real purpose of having verifying methods in (RSA)KeyPair interface, while we could have KeyPair as a child of PublicKey, so we won't copy verification interface, as well as public_key_der(), public_key_pem, etc.
maxtropets
commented
15 hours ago Suspected #6405 to hide the verify(args..., md) overloads by adding salt_size, but ruled that out, because it turns out the PublicKey::verify(args, md) is not virtual (🤦).
Instead, it has an implementation, which computes a hash of the contents and them calls virtual verify(args, md, hash_out)
However, salt_size shall also be removed, as it doesn't fit the common interface. I'm thinking of some sort of separate params struct/variant to pass depending on the underlying key type, and leave signature and contents as the only interface.
List of problems to solve while refactoring the interface for signature verification
RSAPublicKeyandRSAKeyPairboth defineverify(signature_args..., md_type, salt_length), is it even legit?..RSAKeyPair_OpenSSLimplementsverify(signature_args..., md_type, salt_length), BUTPublicKey_OpenSSLimplementsverify(signature_args..., md_type, hash_bytes&). Here's why JWT authentication uses the wrong verification impl (check comment).salt_lengthissize_t, therefore it's not possible to pass options likeRSA_PSS_SALTLEN_AUTO == -2or other predefined constants. Not sure what's the best way to do it in the interface, it's TBD how different paddings and salt work as per documentation first, but this has to be fixed.