Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Specify whether DHE public keys are zero-padded. #458

Merged
merged 1 commit into from
May 18, 2016
Merged

Specify whether DHE public keys are zero-padded. #458

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion draft-ietf-tls-tls13.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2625,7 +2625,10 @@ Diffie-Hellman {{DH}} parameters for both clients and servers are encoded in
the opaque key_exchange field of a KeyShareEntry in a KeyShare structure.
The opaque value contains the
Diffie-Hellman public value (dh_Y = g^X mod p),
encoded as a big-endian integer.
encoded as a big-endian integer, padded with zeros to the size of p.

Note: For a given Diffie-Hellman group, the padding results in all public keys
having the same length.

%%% Key Exchange Messages
opaque dh_Y<1..2^16-1>;
Expand Down Expand Up @@ -4180,6 +4183,9 @@ Cryptographic details:
generator (see {{random-number-generation-and-seeding}}) Diffie-Hellman
private values, the ECDSA "k" parameter, and other security-critical values?

- Do you zero-pad Diffie-Hellman public key values to the group size (see
{{ffdhe-param}})?


# Backward Compatibility

Expand Down