Unify ring signature/verification constants #850
Comments
briansmith
changed the title
Those are all intentional decisions. We support a minimal set of functionality and wait for important use cases to justify expanding the API. In the case of I'm going to close this issue because it seems to be based on the premise that we should be able to generate every kind of signature that we accept. However, we intentionally don't do that. Some kinds of signatures we accept only for legacy reasons. |
One of the confusing parts of
ring::Signatureis that the set of supported verification algorithms is not the set of supported signing algorithms. Specifically,P384_SHA256andP256_SHA384signatures can be verified but not createdRSA_PKCS1_2048_8192_SHA384but not withRSA_PKCS1_3072_8192_SHA384.This difference in support leads to a fairly large API surface in the
signaturemodule. I.E.RSA_PSS_2048_8192_SHA{256|384|512}andRSA_PSS_SHA{256|384|512}ECDSA_P256_SHA256_ASN1andECDSA_P256_SHA256_ASN1_SIGNINGMy proposal to fix this issue would be to:
RSA_PKCS1_3072_8192_SHA384(as it is inconsistent with the rest of the API).P256_SHA384support entirely (I could not find any uses in the wild).P384_SHA256signing (this is all we need, see Add more variants of ECDSA / SHA2 signing #801 (comment))ECDSA_P256_SHA256_FIXED_SIGNINGECDSA_P256_SHA256_ASN1_SIGNINGECDSA_P384_SHA384_FIXED_SIGNINGECDSA_P384_SHA384_ASN1_SIGNINGRSA_PKCS1_2048_8192_SHA1RSA_PKCS1_2048_8192_SHA256RSA_PKCS1_2048_8192_SHA384RSA_PKCS1_2048_8192_SHA512RSA_PSS_2048_8192_SHA256RSA_PSS_2048_8192_SHA384RSA_PSS_2048_8192_SHA512Note that this unification would not preclude, for example, having a
RSA_PKCS1_SHA1constant that only supported verification and not signing. It would just allowRSA_PKCS1_SHA256to work for both verification and singing.The text was updated successfully, but these errors were encountered: