[gnutls-help] ECDH internal functions and FIPS140-2 mode
Nicolas Mora
nicolas at babelouest.org
Sun Feb 21 23:39:18 CET 2021
Hello,
I'd like to use ECDH key agreement with GnuTLS. As far as I can see,
there is no public function to generate a shared secret with ECC keys.
In lib/nettle/pk.c [1], the ECDH functions are defined if ENABLE_FIPS140
is defined.
According to thee documentation [2], FIPS140-2 mode is not available
without adding configure option –enable-fips140-mode.
In an old message on this ML [3], it was offered these functions to be
exported in the normal API, but this message wasn't answered, and the
ecdh functions are still private and available only with FIPS140-2 mode.
I'd like to make a feature request for the ECDH functions to be
available in the normal API, even in non FIPS140-2 mode. Would it be
possible in a future version?
Thanks in advance
/Nicolas
[1] https://gitlab.com/gnutls/gnutls/-/blob/master/lib/nettle/pk.c
[2] https://www.gnutls.org/manual/html_node/FIPS140_002d2-mode.html
[3] https://lists.gnupg.org/pipermail/gnutls-help/2019-November/004580.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xFE82139440BD22B9.asc
Type: application/pgp-keys
Size: 3066 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20210221/0bd77641/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20210221/0bd77641/attachment.sig>
More information about the Gnutls-help
mailing list