<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi all,</p>
<p>I am working on providing a new Public Key method that will
handle Composite Keys (i.e., multiple keys with different algos -
e.g., one RSA and one EC) and Composite Signatures (i.e.,
multiple signatures generated with the corresponding Composite
Keys). In particular, I would like to be able to add a method that
will, in turn, call the methods supported by the different keys
that form the COMPOSITE_PKEY structure.<br>
</p>
<p>I have looked around how to do it and I am a bit confused about
how to proceed as there are some conflicting implementations for
different algorithms.</p>
<p>Here's some high-level questions related to the EVP_PKEY
interface, in particular:</p>
<ul>
<li><b>EVP_PKEY_ASN1_METHOD vs. EVP_PKEY_METHOD </b>- when these
two different types of methods are used? Shall both be
implemented?<br>
<br>
</li>
<li><b>After providing the implementation for the ameth/pmeth, how
does the integration work with openssl?</b> In particular,
should I add them to the list of the default ameth/pmeth
supported? Here's some more specific questions:<br>
<br>
</li>
<ul>
<li>It seems there is an <b>app_method stack</b> of
EVP_PKEY_ASN1_METHOD - how do I add the method there (in case
I will use a user-level - i.e., not integrated into OpenSSL
code - approach by using the functions in the
crypto/asn1/ameth_lib.c file). Will the EVP_PKEY_asn1_add0()
function call be sufficient?<br>
<br>
</li>
<li>It seems there is an standard_methods stack of
EVP_PKEY_ASN1_METHOD - how do I add the method there if we
need to have a more tight integration with the core of the
library (in case we can not do our proof-of-concept without
touching the openssl's code / requiring a fork)<br>
<br>
</li>
</ul>
<li><b>COMPOSITE_PKEY struct and COMPOSITE_PKEY_CTX struct.</b> I
noticed that, for example, both RSA and EC implement some form
of _CTX and _PKEY structures. Are these used only internally or
should they be implemented and integrated with the METHOD(s) ?<br>
<br>
</li>
<li><b>Given the above is implemented correctly - will this enable
the use of the method for processing signatures with the new
(pseudo-)algorithm for different structures (e.g., CRLs, X509,
X509_REQ, OCSP_REQ, OCSP_RESP, etc.)</b> ? I see that there is
some sort of different usages that can be implemented in the
CTRL of the ameth (e.g., rsa_pkey_ctrl), however this seems to
be targeted to the following operations:<br>
<blockquote> ASN1_PKEY_CTRL_PKCS7_SIGN<br>
ASN1_PKEY_CTRL_PKCS7_ENCRYPT<br>
ASN1_PKEY_CTRL_CMS_SIGN<br>
ASN1_PKEY_CTRL_CMS_ENVELOPE<br>
ASN1_PKEY_CTRL_CMS_RI_TYPE<br>
ASN1_PKEY_CTRL_DEFAULT_MD_NID</blockquote>
</li>
<li>Last but not least, since the EVP_PKEY has a union that points
to the internal key (i.e., crypto/internal/evp_int.h -
evp_pkey_st) where, besides the rsa, dsa, dh, and ec pointers, a
void * ptr is defined. Shall I use that pointer to reference the
composite_pkey_st (at least for the user-space implementation) ?</li>
</ul>
<p>Thanks for any help for understanding all these details... :D</p>
<p>Cheers,<br>
Max<br>
</p>
<div class="moz-signature">-- <br>
<div style="color: black; margin-top: 10px;"> Best Regards,
<div style="margin-top: 5px; margin-left: 0px; "> Massimiliano
Pala, Ph.D.<br>
OpenCA Labs Director<br>
</div>
<img src="cid:part1.4AB991FC.41045963@openca.org"
style="vertical-align: 0px; margin-top: 10px; margin-left:
0px;" alt="OpenCA Logo" class=""><br>
</div>
</div>
</body>
</html>