Page MenuHome GnuPG

ntbtls: use of shorter hash for ECC
Testing, NormalPublic

Description

Need to check the TLS protocol spec., but it seems that rejecting shorter hash algo for ECC may be wrong.

The point in question is:

diff --git a/src/pkglue.c b/src/pkglue.c
index af8cf92..44de028 100644
--- a/src/pkglue.c
+++ b/src/pkglue.c
@@ -152,8 +152,10 @@ _ntbtls_pk_verify (x509_cert_t chain, pk_algo_t pk_alg, md_algo_t md_alg,
           {
             debug_msg (1, "a %u bit hash is not valid for a %u bit ECC key",
                        (unsigned int)hashlen*8, qbits);
+#if 0
             err = gpg_error (GPG_ERR_DIGEST_ALGO);
             goto leave;
+#endif
           }
 
         if (hashlen > qbits/8)

I ran the command ntbtls-cli --debug 999 dev.gnupg.org which has ECDSA key with NIST P-384, and it fails without the change above.

Related Objects

Event Timeline

gniibe triaged this task as Normal priority.Jul 6 2022, 6:57 AM
gniibe created this task.

There is a description: https://datatracker.ietf.org/doc/html/rfc8422#section-5.10

It seems that it's OK to use SHA256 for ECDSA with secpr384 (as dev.gnupg.org does).

So, I'm going to remove the restriction from NtbTLS.

gniibe added a project: Restricted Project.Jul 8 2022, 9:53 AM

Pushed the change.

werner changed the task status from Open to Testing.Sep 22 2022, 10:53 AM
werner removed a project: Restricted Project.
werner added a project: Restricted Project.Mon, Sep 18, 4:03 PM
werner added a subscriber: werner.

Well, even out new versions.gnupg.org uses a shorter hash. Better get that released asap.

werner moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Mon, Sep 18, 4:03 PM