[gnutls-devel] GnuTLS | optional: Add support for ed448 (#128)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Sat Mar 14 05:33:08 CET 2020

Peter Dettman commented:

Currently Ed448 peer certificates don't pass (TLS peer) verification. The underlying reason is that the Ed448 hash is SHAKE-256:

`{.name = "EdDSA-Ed448", ..., .hash = GNUTLS_DIG_SHAKE_256, ...}`

but SHAKE-256 has no output_size specified:

`{.name = "SHAKE-256", .oid = HASH_OID_SHAKE_256, .id = GNUTLS_MAC_SHAKE_256, .block_size = 136}`

so I assume output_size is defaulting to 0, which leads to (gnutls-serv 3.6.12 when Ed448 client cert presented, verification enabled):

> |<2>| GNUTLS_SEC_PARAM_LOW: certificate's signature hash strength is unacceptable (is 0 bits, needed 80)

Incidentally, I also noticed that tests/sign-is-secure.c is not covering Ed448 because the loop bound is off-by-1:

`for (i=1;i<GNUTLS_SIGN_MAX;i++)`

GNUTLS_SIGN_MAX (== GNUTLS_SIGN_EDDSA_ED448) should be included in the loop.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/128#note_304892538
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200314/a273e441/attachment.html>

More information about the Gnutls-devel mailing list