nselib: Fix EdDSA in default TLS 1.2 signature_algorithms #2766
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fix the default signature_algorithms extension used for TLS 1.2 to include code points 0x0807 (intrinsic, ed25519) and 0x0808 (intrinsic, ed448) instead of the invalid 0x0407, 0x0408, 0x0607 and 0x0608, combining sha256/sha512 with EdDSA. Quoting RFC 8422: 5.1.3. The signature_algorithms Extension and EdDSA The signature_algorithms extension, defined in Section 7.4.1.4.1 of [RFC5246], advertises the combinations of signature algorithm and hash function that the client supports. The pure (non-prehashed) forms of EdDSA do not hash the data before signing it. For this reason, it does not make sense to combine them with a hash function in the extension. For bits-on-the-wire compatibility with TLS 1.3, we define a new dummy value in the "TLS HashAlgorithm" registry that we call "Intrinsic" (value 8), meaning that hashing is intrinsic to the signature algorithm. To represent ed25519 and ed448 in the signature_algorithms extension, the value shall be (8,7) and (8,8), respectively.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I seem to have lost my commit bit on the Subversion repo (which is fine, kudos for the user lifecycle management), so here's a fix I'd like to see in Nmap:
Fix the default signature_algorithms extension used for TLS 1.2 to include code points 0x0807 (intrinsic, ed25519) and 0x0808 (intrinsic, ed448) instead of the invalid 0x0407, 0x0408, 0x0607 and 0x0608, combining sha256/sha512 with EdDSA.
Quoting RFC 8422: