Actually I would dump 1-pass signatures.
The way I would implement multiple signatures is to use one of the
subpackets to indicate nesting in the existing signature structure.
How large is a signature packet? The largest you can think of. 3K
with a 8K RSA key and lots of subpackets? Most hash contexts are a
significant fraction of that size, and you will need to create them to
hash streams which is why they are there in the first place.
So I would do something like:
PacketParse(hashctx) {
...
switch (packettype)
...
Sigparse:
numsigs=0
do {
read sig header
malloc buffer[numsigs]
read sig into buffer
extract hashalg and antinest
setup hashcontext[numsigs]
numsigs++;
} while antinest
/* will use sigparse case recursively for nested sigs */
PacketParse(hashcontext,numsigs)
while( numsigs > 0 ) {
finish hashing and verify signature using buffer[numsigs]
dealloc buffer[numsigs]
numsigs--;
}
}
or you can have PacketParse not hash sig packets if they have the antinest
flag set, but hash all others and it would be a purely recursive
implementation and the buffer and hashcontext need not be arrays.
Even for true 1pass sigs, you have to set up a lot of structure.
Is adding the half parsed signature packet really going to bloat things
that much over what you have to do (much less what you actually do) with
normal sig packets?
Dumping 1 pass sigs would make things uniform and by changing the topology
of the implementation it could still handle signatures as streams.
--- reply to tzeruch - at - ceddec - dot - com ---