[gnutls-devel] GnuTLS | DH and ECDH keys tests (!990)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri May 17 22:27:30 CEST 2019

> @nmav i am not sure we do not need the test, as y comes for the peer, so we should probably still check it in TLS1.3 ?

In TLS1.3 only safe groups are supported, and this check is about whether the public key is on the correct subgroup. That makes sense for general groups, but in safe groups there are only 3 subgroups, the one generated by `1`, by `-1` and by `q`. 1 generates itself only, and -1 generates itself and 1. Thus by the check that `1 < y < p-1` we already ensure that y is generated by none of these groups. The test on whether y is generated by `q` is now superfluous because there is no other subgroup but q.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/990#note_171696297
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190517/8e1b06cc/attachment-0001.html>

More information about the Gnutls-devel mailing list