[Swan-dev] GSOC Project: Extend RFC-7427 to support EdDSA

[Paul Wouters]

On Thu, 18 Mar 2021, Rishabh Kumar wrote:

Hi Rishabh,

> I am Rishabh Kumar, a Master's student from the Indian Institute of Technology, Hyderabad. I am working on the proposal of the project idea " Extend RFC-7427 Signature Authentication support to IKEv2 with
> EdDSA support". I have gone through the codebase of past GSOC projects where the support was added for RSA and ECDSA and I have two queries in this regard,

It would be great to get that support in libreswan. Be aware that there
might be two places for this. One for the certificate authentication and
one for the AUTH payload in IKE_AUTH (IKEv2 only)

> 1. Through EdDSA, we can sign messages of arbitrary size so prehashing of the message is not required. Also, prehashing is not recommended. Is there any use case where an EdDSA version with message
> prehashing would be required or should libreswan support only the version without prehashing.

I would expect the related RFC's to be clear on this. If not, we could
probably contact the authors or the IPsec Working Group on this.

> 2. Since libreswan is dependent on NSS for algorithm implementation, EdDSA support has to be added in the NSS itself. Would it be fine if I start working on this. Maybe add this feature in NSS before GSOC.

That would in itself be an entire project. the NSS requirements are very
high due to its security. Eg anything implemented would have to be
constant time for example. You should talk to Robert Relyea (rrelyea at redhat.com )
to see what he knows about the state of eddsa in NSS and what the plans
and/or requirements are.

Paul