Nikos Mavrogiannopoulos nmav@gnutls.org writes:
On Sat, 2017-05-20 at 22:09 +0200, Niels Möller wrote:
Can we postpone tls-1.0 and tls-1.2 for now, and try to get the more generally useful hkdf in?
Do you mean for the 3.3 release of nettle? Do you have any concerns with including the TLS PRF?
Not sure. But as a somewhat related example, I've never really considered adding the ssh2 key expansion function to nettle (my implementation is the kex_make_key function in https://git.lysator.liu.se/lsh/lsh/blob/master/src/keyexchange.c).
So for now, I think we make better progress by focusing on getting HKDF in reasonably soon, and considering what to do with the other two later.
And regarding nettle-3.3, I guess it's time to try to formulate what the relase objectives should be.
1. Fix the ABI problem (which unfortunately implies an abi break). Some progress, but I don't think I've published my wip branch.
2. Get HKDF in.
3. Possible some othe recently posted GOST code, but I'm afraid it will take some time to work through.
4. Get skein256 in (see skein branch), and possible skein512 too.
5. If we do break the abi for (1), change base64 and base16 apiat the same time, to use char for ascii data and output and uint8_t for binary data, which I think should fix remaining signedness warnigns. Need some trick for in-place processing, possibly using a separate function?
It would be nice to make a relase within a month or two, but my hacking time is a bit limited, so we'd need to prioritize things.
Regards, /Niels