[Swan-dev] GSOC Project: Extend RFC-7427 to support EdDSA

[Rishabh Kumar]

Hello Paul,

It would be great to get that support in libreswan. Be aware that there
>
might be two places for this. One for the certificate authentication and
>
one for the AUTH payload in IKE_AUTH (IKEv2 only)


I will ensure that changes are made for certificate authentication as well
as for AUTH payload.

I would expect the related RFC's to be clear on this. If not, we could
>
probably contact the authors or the IPsec Working Group on this.


RFC 8420 mentioned that variants supporting prehashing are not
recommended.

That would in itself be an entire project. the NSS requirements are very
>
high due to its security. Eg anything implemented would have to be
>
constant time for example. You should talk to Robert Relyea (
> rrelyea at redhat.com )
>
to see what he knows about the state of eddsa in NSS and what the plans
>
and/or requirements are.
>

I have checked with Robert regarding the plans for the implementation of
EdDSA. He is happy to review the patch but there are no plans for
implementing it. I have gone through the requirements shared by him for
adding EdDSA support to NSS. The task appears feasible to me and I think if
started now can be completed within one and a half month probably before
the GSOC coding period starts. Let me know your thoughts about it.

Regards,


On Thu, Mar 18, 2021 at 2:21 AM Paul Wouters <paul at nohats.ca> wrote:

> On Thu, 18 Mar 2021, Rishabh Kumar wrote:
>
> Hi Rishabh,
>
> > I am Rishabh Kumar, a Master's student from the Indian Institute of
> Technology, Hyderabad. I am working on the proposal of the project idea "
> Extend RFC-7427 Signature Authentication support to IKEv2 with
> > EdDSA support". I have gone through the codebase of past GSOC projects
> where the support was added for RSA and ECDSA and I have two queries in
> this regard,
>
> It would be great to get that support in libreswan. Be aware that there
> might be two places for this. One for the certificate authentication and
> one for the AUTH payload in IKE_AUTH (IKEv2 only)
>
> > 1. Through EdDSA, we can sign messages of arbitrary size so prehashing
> of the message is not required. Also, prehashing is not recommended. Is
> there any use case where an EdDSA version with message
> > prehashing would be required or should libreswan support only the
> version without prehashing.
>
> I would expect the related RFC's to be clear on this. If not, we could
> probably contact the authors or the IPsec Working Group on this.
>
> > 2. Since libreswan is dependent on NSS for algorithm implementation,
> EdDSA support has to be added in the NSS itself. Would it be fine if I
> start working on this. Maybe add this feature in NSS before GSOC.
>
> That would in itself be an entire project. the NSS requirements are very
> high due to its security. Eg anything implemented would have to be
> constant time for example. You should talk to Robert Relyea (
> rrelyea at redhat.com )
> to see what he knows about the state of eddsa in NSS and what the plans
> and/or requirements are.
>
> Paul
>

-- 


Disclaimer:- This footer text is to convey that this email is sent by one 
of the users of IITH. So, do not mark it as SPAM.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20210320/68628e52/attachment.html>