[gnutls-devel] GnuTLS | optional: Add support for ed448 (#128)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Sat Mar 14 05:33:08 CET 2020
Peter Dettman commented:
Currently Ed448 peer certificates don't pass (TLS peer) verification. The underlying reason is that the Ed448 hash is SHAKE-256:
`{.name = "EdDSA-Ed448", ..., .hash = GNUTLS_DIG_SHAKE_256, ...}`
but SHAKE-256 has no output_size specified:
`{.name = "SHAKE-256", .oid = HASH_OID_SHAKE_256, .id = GNUTLS_MAC_SHAKE_256, .block_size = 136}`
so I assume output_size is defaulting to 0, which leads to (gnutls-serv 3.6.12 when Ed448 client cert presented, verification enabled):
> |<2>| GNUTLS_SEC_PARAM_LOW: certificate's signature hash strength is unacceptable (is 0 bits, needed 80)
Incidentally, I also noticed that tests/sign-is-secure.c is not covering Ed448 because the loop bound is off-by-1:
`for (i=1;i<GNUTLS_SIGN_MAX;i++)`
GNUTLS_SIGN_MAX (== GNUTLS_SIGN_EDDSA_ED448) should be included in the loop.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/128#note_304892538
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200314/a273e441/attachment.html>
More information about the Gnutls-devel
mailing list