[gnutls-devel] GnuTLS | crypto-selftests-pk.c: Use deterministic signatures in test_known_sig() (e106439e)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Fri Mar 13 11:33:02 CET 2020
Anderson Sasaki commented on a discussion on lib/crypto-selftests-pk.c: https://gitlab.com/gnutls/gnutls/-/commit/e106439ebaba996413765e3a535b6fc9d59c00d1#note_304477131
> #ifdef ENABLE_NON_SUITEB_CURVES
> - PK_KNOWN_TEST(GNUTLS_PK_EC, 0,
> + PK_KNOWN_TEST(GNUTLS_PK_EC,
> GNUTLS_CURVE_TO_BITS
> (GNUTLS_ECC_CURVE_SECP192R1),
> GNUTLS_DIG_SHA256, ecdsa_secp192r1_privkey,
> - ecdsa_secp192r1_sig);
> + ecdsa_secp192r1_sig, GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE);
>
> - PK_KNOWN_TEST(GNUTLS_PK_EC, 0,
> + PK_KNOWN_TEST(GNUTLS_PK_EC,
> GNUTLS_CURVE_TO_BITS
> (GNUTLS_ECC_CURVE_SECP224R1),
> GNUTLS_DIG_SHA256, ecdsa_secp224r1_privkey,
> - ecdsa_secp224r1_sig);
> + ecdsa_secp224r1_sig, GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE);
I'm confused by this comment. This whole effort of using deterministic signatures during the self-test started with the objective of avoiding calling ``getrandom()`` during POST. In previous communication, you wrote that wouldn't be a problem to use the deterministic signatures from RFC 6979 for testing ECDSA/DSA algorithms.
Note that the test also executes the pairwise-consistency test by verifying the generated signature, although the signature uses a deterministic scheme to compute k.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/commit/e106439ebaba996413765e3a535b6fc9d59c00d1#note_304477131
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200313/3dbf9cc7/attachment-0001.html>
More information about the Gnutls-devel
mailing list