Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Does boringssl support Ed25519 certificates? #113

Closed
CMCDragonkai opened this issue Apr 17, 2023 · 3 comments
Closed

Does boringssl support Ed25519 certificates? #113

CMCDragonkai opened this issue Apr 17, 2023 · 3 comments

Comments

@CMCDragonkai
Copy link

I tried generating certificates using step-CLI with:

step certificate create localhost localhost.crt localhost.key --profile self-signed --subtle --no-password --insecure --force --san 127.0.0.1 --san ::1 --not-after 31536000s --kty OKP

And tried plugging into the quiche library and it ended up timing out.

I tried with the other certificates like ECDSA and RSA and they both worked.

Is there something wrong with Ed25519 certificates?
@CMCDragonkai
Copy link
Author

The certificate looks like this:

[nix-shell:~/Projects/js-quic/tmp]$ step certificate inspect ./localhost.crt 
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 282702665785505099193446887406075781478 (0xd4ae8d8d706bf7745c29f8c2f1022166)
    Signature Algorithm: Ed25519
        Issuer: CN=localhost
        Validity
            Not Before: Apr 14 07:54:56 2023 UTC
            Not After : Apr 13 07:54:56 2024 UTC
        Subject: CN=localhost
        Subject Public Key Info:
            Public Key Algorithm: Ed25519
                Public-Key: (32 bit)
                    0b:e1:d4:28:b1:17:83:78:2f:3d:1c:b7:69:17:c9:
                    75:0a:bc:71:1f:12:56:45:ee:84:0a:3e:af:cc:ca:
                    d7:3d
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage:
                Server Authentication, Client Authentication
            X509v3 Subject Key Identifier:
                D1:75:68:12:F7:37:F6:5D:8E:BE:C5:66:EB:7D:D9:F4:C3:6C:1D:A6
            X509v3 Subject Alternative Name:
                IP Address:127.0.0.1, IP Address:::1
    Signature Algorithm: Ed25519
         f5:8c:f9:24:39:a6:d1:71:62:31:01:52:d0:0e:b8:88:a6:ff:
         bd:b6:f3:10:5c:6d:c7:0c:fc:19:f0:6f:78:7a:c0:72:e0:a6:
         61:ed:be:4f:bd:5b:d6:70:7a:4d:5b:7c:74:f4:62:48:13:cb:
         64:4b:10:10:63:aa:14:9d:83:09

@CMCDragonkai
Copy link
Author

Inspecting wireguard I can see the quic server comes back with handshake failure with the CRYPTO_ERROR code of 296.

image

This was referenced Apr 17, 2023
Closed
Closed
@ianopolous ianopolous mentioned this issue Apr 24, 2023
Open
@CMCDragonkai
Copy link
Author

Solved in cloudflare/quiche#1482

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@CMCDragonkai