[gnutls-devel] GnuTLS | crypto-selftests-pk.c: Use deterministic signatures in test_known_sig() (e106439e)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Mar 13 11:33:02 CET 2020




Anderson Sasaki commented on a discussion on lib/crypto-selftests-pk.c: https://gitlab.com/gnutls/gnutls/-/commit/e106439ebaba996413765e3a535b6fc9d59c00d1#note_304477131

>  #ifdef ENABLE_NON_SUITEB_CURVES
> -		PK_KNOWN_TEST(GNUTLS_PK_EC, 0,
> +		PK_KNOWN_TEST(GNUTLS_PK_EC,
>  			      GNUTLS_CURVE_TO_BITS
>  			      (GNUTLS_ECC_CURVE_SECP192R1),
>  			      GNUTLS_DIG_SHA256, ecdsa_secp192r1_privkey,
> -			      ecdsa_secp192r1_sig);
> +			      ecdsa_secp192r1_sig, GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE);
>  
> -		PK_KNOWN_TEST(GNUTLS_PK_EC, 0,
> +		PK_KNOWN_TEST(GNUTLS_PK_EC,
>  			      GNUTLS_CURVE_TO_BITS
>  			      (GNUTLS_ECC_CURVE_SECP224R1),
>  			      GNUTLS_DIG_SHA256, ecdsa_secp224r1_privkey,
> -			      ecdsa_secp224r1_sig);
> +			      ecdsa_secp224r1_sig, GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE);

I'm confused by this comment. This whole effort of using deterministic signatures during the self-test started with the objective of avoiding calling ``getrandom()`` during POST. In previous communication, you wrote that wouldn't be a problem to use the deterministic signatures from RFC 6979 for testing ECDSA/DSA algorithms.

Note that the test also executes the pairwise-consistency test by verifying the generated signature, although the signature uses a deterministic scheme to compute k.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/commit/e106439ebaba996413765e3a535b6fc9d59c00d1#note_304477131
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200313/3dbf9cc7/attachment-0001.html>


More information about the Gnutls-devel mailing list