[gnutls-devel] GnuTLS | algorithms: implement X448 key exchange and Ed448 signature scheme (!984)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Thu Jan 23 03:22:55 CET 2020

Merge request https://gitlab.com/gnutls/gnutls/merge_requests/984 was reviewed by Nikos Mavrogiannopoulos

Nikos Mavrogiannopoulos started a new discussion on lib/algorithms/mac.c: https://gitlab.com/gnutls/gnutls/merge_requests/984#note_275649509

> +	{.name = "SHAKE-256",
> +	 .oid = HASH_OID_SHAKE_256,
> +	 .id = GNUTLS_MAC_SHAKE_256},

nit: we do not seem to use it anywhere but we don't set block size here although in SHA3 we do.

Nikos Mavrogiannopoulos started a new discussion on tests/privkey-keygen.c: https://gitlab.com/gnutls/gnutls/merge_requests/984#note_275649511

>  		digest = GNUTLS_DIG_SHA512;
> +	else if (algorithm == GNUTLS_PK_EDDSA_ED448)
> +		digest = GNUTLS_DIG_SHAKE_256;

That looks strange given that we do not claim its implementation. I'm not sure what's the best solution here. What about amending its documentation to mention that it is an allowed option on X448 signatures?

Nikos Mavrogiannopoulos started a new discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/merge_requests/984#note_275649513

> +  - popd
> +  - SUBMODULE_NOFETCH=1 ./bootstrap
> +  - PKG_CONFIG_PATH=$NETTLE_DIR/lib64/pkgconfig dash ./configure --cache-file cache/config.cache --disable-gcc-warnings --disable-doc --disable-guile --disable-gost

@lumag Is the disable-gost necessary? Will new versions of nettle work with gnutls or gnutls should have been compiled with `--disable-gost`?

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/984
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200123/179c7b49/attachment.html>

More information about the Gnutls-devel mailing list