Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

COSEAuthVerify #36

Open
russhousley opened this issue Jun 21, 2020 · 4 comments
Open

COSEAuthVerify #36

russhousley opened this issue Jun 21, 2020 · 4 comments

Comments

@russhousley
Copy link

For Ed256 and HSS-LMS, the signature validation routine needs the public key, the buffer that contains the (supposedly) signed content, the signature value, and the signature algorithm identifier. I suggest that this be the API for all signature validation, and in the ES256 case, the SHA-256 have value can be computed inside the ES256_verify function.
@bremoran
Copy link
Collaborator

It looks like the only difference between the current API and the one you've suggested is whether COSEAuthVerify does the lookup of the public key. Is that right?

@russhousley
Copy link
Author

Yes, I think so. I have not written code yet for HSS-LMS, but that seems right.

@bremoran
Copy link
Collaborator

Do you think that the signature verification functions need the algorithm ID?

@russhousley
Copy link
Author

No, I do not think so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bremoran @russhousley