Re: [PATCH v13 02/12] pkcs7: Allow the signing algo to calculate the digest itself

Next message: Mark Rutland: "Re: [PATCH v4 3/3] randomize_kstack: Unify random source across arches"
Previous message: David Hildenbrand (Red Hat): "Re: [PATCH v2 0/8] Introduce a huge-page pre-zeroing mechanism"
In reply to: Eric Biggers: "Re: [PATCH v13 02/12] pkcs7: Allow the signing algo to calculate the digest itself"
Next in thread: David Howells: "[PATCH v13 03/12] pkcs7: Allow direct signing of data with ML-DSA"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: David Howells

Date: Wed Jan 21 2026 - 07:38:38 EST

Jarkko Sakkinen <jarkko@xxxxxxxxxx> wrote:

> I'd use the wording you used already in commit message, which
> factors more descriptive than what you have here. E.g., name
> it "external_digest".

ML-DSA uses "external" to mean that the caller does the
digestion/hashing/XOF-ing/whatever Eric wants to call it, but the caller also
has to put other stuff into the digest/hash/XOF/thing that then gets passed to
ML-DSA if it does this.

For added confusion, the NIST FIPS tests seem to consider what this patch does
as 'external' but an "external mu" as 'internal':

"tgId": 1,
"testType": "AFT",
"parameterSet": "ML-DSA-44",
"signatureInterface": "external",
"preHash": "pure",

vs:

"tgId": 7,
"testType": "AFT",
"parameterSet": "ML-DSA-44",
"signatureInterface": "internal",
"externalMu": true,

I haven't come up with a better name that particularly describes this. Maybe
use "no_prehash" or "algo_takes_hash" or "algo_takes_data"?

Maybe better than using a true/false value, use an enum?

enum public_key_hash {
ALGO_SIGNS_HASH, /* RSA, ECDSA, ... */
ALGO_SIGNS_DATA, /* MLDSA, ... */
};

David