[gnutls-devel] GnuTLS | x509: support encoding of ML-DSA private keys in CHOICE format (!1973)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Fri Jul 4 11:02:51 CEST 2025
Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1973 was reviewed by Alexander Sosedkin
--
Alexander Sosedkin started a new discussion on lib/x509/privkey_pkcs8.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2603089825
> +
> + if (flags & GNUTLS_PKCS_MLDSA_SEED)
> + format |= 1 << 0;
maybe use enum values instead of magic constants?
--
Alexander Sosedkin started a new discussion on lib/x509/privkey_pkcs8.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2603089835
> + ML_DSA_PRIVKEY_FORMAT_SEED,
> + ML_DSA_PRIVKEY_FORMAT_EXPANDED,
> + ML_DSA_PRIVKEY_FORMAT_BOTH
I'd find verifying `ML_DSA_PRIVKEY_FORMAT_BOTH == ML_DSA_PRIVKEY_FORMAT_EXPANDED | ML_DSA_PRIVKEY_FORMAT_SEED` easier if the numbers were spelled out.
--
Alexander Sosedkin started a new discussion on src/certtool-options.json: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2603089842
> + "long-option": "key-format",
> + "description": "Specify the key format to use on key generation",
> + "detail": "This option can be combined with --generate-privkey, to specify\nthe key format to be generated, when the key type is ML-DSA. Valid options are, 'seed', 'expanded', and 'both'.",
Should it error out when the key type is not ML-DSA? Just to reduce confusion and to not support ignoring it when it's not.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250704/0756c8f0/attachment.html>
More information about the Gnutls-devel
mailing list