Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(api)!: Make SignKM accept generic crypto.Signer #392

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat(api)!: Make SignKM accept generic crypto.Signer #392

wants to merge 1 commit into from

Conversation

werwurm
Copy link

@werwurm werwurm commented Sep 6, 2024
edited
Loading

Accepting crypto.PrivateKey uneccessarily restricts this library to software crypto algorithms provided by the golang crypto packages. By allowing the more generic crypto.Signer interface alternative implementations, e.g., backed by HSMs, can be supported.

@werwurm
Copy link
Author

werwurm commented Sep 6, 2024

I realize that this changes the API. It could be hidden by adding new API, e.g., SignKMGeneric. Let me know what you think.

Also, to really make use of this change, the fiano back end needs to be changed. Which I have proposed here [1] [2]

[1] linuxboot/fiano#421
[2] linuxboot/fiano#420

walterchris
walterchris approved these changes Sep 7, 2024
View reviewed changes
Copy link
Collaborator

@walterchris walterchris left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think changing the API here is fine.

@walterchris
Copy link
Collaborator

Could you satisfy the linter? :)

@werwurm werwurm changed the title Make SignKM accept generic crypto.Signer feat(api!: Make SignKM accept generic crypto.Signer Sep 9, 2024
@werwurm werwurm changed the title feat(api!: Make SignKM accept generic crypto.Signer feat(api)!: Make SignKM accept generic crypto.Signer Sep 9, 2024
@werwurm
feat(api)!: Make SignKM accept generic crypto.Signer
6702af9 
Accepting crypto.PrivateKey uneccessarily restricts this library to
software crypto algorithms provided by the golang crypto packages. By
allowing the more generic crypto.Signer interface alternative
implementations, e.g., backed by HSMs, can be supported.

Signed-off-by: Janis Danisevskis <[email protected]>
@werwurm
Copy link
Author

werwurm commented Sep 9, 2024

Could you satisfy the linter? :)

Sure thing. I hope this fixes it. commitlint is new to me. So bare with me, please.
Is the final commit message constructed from the pull request or from the commit on the feature branch?

@walterchris
Copy link
Collaborator

We will rebase and cherry pick the commits - so no squash here :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@walterchris walterchris walterchris approved these changes

@ChriMarMe ChriMarMe Awaiting requested review from ChriMarMe ChriMarMe is a code owner

@zaolin zaolin Awaiting requested review from zaolin zaolin is a code owner

@PatrickRudolph PatrickRudolph Awaiting requested review from PatrickRudolph PatrickRudolph is a code owner

@ArthurHeymans ArthurHeymans Awaiting requested review from ArthurHeymans ArthurHeymans is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@werwurm @walterchris