[gnutls-devel] GnuTLS | algorithms: implement X448 key exchange and Ed448 signature scheme (!984)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Wed Jan 15 11:12:55 CET 2020

Dmitry Baryshkov started a new discussion on lib/auth/ecdhe.c: https://gitlab.com/gnutls/gnutls/merge_requests/984#note_271705185

>  			return gnutls_assert_val(ret);
>  		/* RFC7748 requires to mask the MSB in the final byte */
> -		if (ecurve->id == GNUTLS_ECC_CURVE_X25519) {
> +		if (ecurve->id == GNUTLS_ECC_CURVE_X25519 ||
> +		    ecurve->id == GNUTLS_ECC_CURVE_X448) {
>  			session->key.proto.tls12.ecdh.raw.data[point_size-1] &= 0x7f;

I think this is not correct:

When receiving such an array, implementations of X25519
   (but not X448) MUST mask the most significant bit in the final byte.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/984#note_271705185
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200115/4b730669/attachment.html>

More information about the Gnutls-devel mailing list