Revert "external/boringssl: Sync to 81080a729af568f7b5fde92b9170cc17065027c9."

This reverts commit f8d8b73da16aa9f2fdda401a46b4f86a83016712. Reason for revert: Breaks buildsdk_tools_cross_win Change-Id: I3bac24f78d165dfa7f89b878cc2277281fd8f1ab
author: Pete Bentley <prb@google.com> 2019-08-08 14:53:19 +0000
committer: Pete Bentley <prb@google.com> 2019-08-08 14:53:19 +0000
commit: 228bd6249d17f351ea66508b3ec3112ed1cbdf30 (patch)
tree: b178584cd6074879284532ebf5f91db100ff119c /src/ssl/test/runner/key_agreement.go
parent: f8d8b73da16aa9f2fdda401a46b4f86a83016712 (diff)
download: boringssl-228bd6249d17f351ea66508b3ec3112ed1cbdf30.tar.gz
1 files changed, 2 insertions, 97 deletions
diff --git a/src/ssl/test/runner/key_agreement.go b/src/ssl/test/runner/key_agreement.go
index f4789b66..13e78bc4 100644
--- a/src/ssl/test/runner/key_agreement.go
+++ b/src/ssl/test/runner/key_agreement.go
@@ -19,7 +19,6 @@ import (
 	"boringssl.googlesource.com/boringssl/ssl/test/runner/curve25519"
 	"boringssl.googlesource.com/boringssl/ssl/test/runner/ed25519"
 	"boringssl.googlesource.com/boringssl/ssl/test/runner/hrss"
-	"boringssl.googlesource.com/boringssl/ssl/test/runner/sike"
 )
 
 type keyType int
@@ -434,98 +433,6 @@ func (e *cecpq2Curve) finish(peerKey []byte) (preMasterSecret []byte, err error)
 	return preMasterSecret, nil
 }
 
-// cecpq2BCurve implements CECPQ2b, which is SIKE combined with X25519.
-type cecpq2BCurve struct {
-	// Both public key and shared secret size
-	x25519PrivateKey [32]byte
-	sikePrivateKey   *sike.PrivateKey
-}
-
-func (e *cecpq2BCurve) offer(rand io.Reader) (publicKey []byte, err error) {
-	if _, err = io.ReadFull(rand, e.x25519PrivateKey[:]); err != nil {
-		return nil, err
-	}
-
-	var x25519Public [32]byte
-	curve25519.ScalarBaseMult(&x25519Public, &e.x25519PrivateKey)
-
-	e.sikePrivateKey = sike.NewPrivateKey(sike.KeyVariant_SIKE)
-	if err = e.sikePrivateKey.Generate(rand); err != nil {
-		return nil, err
-	}
-
-	sikePublic := e.sikePrivateKey.GeneratePublicKey().Export()
-	var ret []byte
-	ret = append(ret, x25519Public[:]...)
-	ret = append(ret, sikePublic...)
-	return ret, nil
-}
-
-func (e *cecpq2BCurve) accept(rand io.Reader, peerKey []byte) (publicKey []byte, preMasterSecret []byte, err error) {
-	if len(peerKey) != 32+sike.Params.PublicKeySize {
-		return nil, nil, errors.New("tls: bad length CECPQ2b offer")
-	}
-
-	if _, err = io.ReadFull(rand, e.x25519PrivateKey[:]); err != nil {
-		return nil, nil, err
-	}
-
-	var x25519Shared, x25519PeerKey, x25519Public [32]byte
-	copy(x25519PeerKey[:], peerKey)
-	curve25519.ScalarBaseMult(&x25519Public, &e.x25519PrivateKey)
-	curve25519.ScalarMult(&x25519Shared, &e.x25519PrivateKey, &x25519PeerKey)
-
-	// Per RFC 7748, reject the all-zero value in constant time.
-	var zeros [32]byte
-	if subtle.ConstantTimeCompare(zeros[:], x25519Shared[:]) == 1 {
-		return nil, nil, errors.New("tls: X25519 value with wrong order")
-	}
-
-	var sikePubKey = sike.NewPublicKey(sike.KeyVariant_SIKE)
-	if err = sikePubKey.Import(peerKey[32:]); err != nil {
-		// should never happen as size was already checked
-		return nil, nil, errors.New("tls: implementation error")
-	}
-	sikeCiphertext, sikeShared, err := sike.Encapsulate(rand, sikePubKey)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	publicKey = append(publicKey, x25519Public[:]...)
-	publicKey = append(publicKey, sikeCiphertext...)
-	preMasterSecret = append(preMasterSecret, x25519Shared[:]...)
-	preMasterSecret = append(preMasterSecret, sikeShared...)
-
-	return publicKey, preMasterSecret, nil
-}
-
-func (e *cecpq2BCurve) finish(peerKey []byte) (preMasterSecret []byte, err error) {
-	if len(peerKey) != 32+(sike.Params.PublicKeySize+sike.Params.MsgLen) {
-		return nil, errors.New("tls: bad length CECPQ2b reply")
-	}
-
-	var x25519Shared, x25519PeerKey [32]byte
-	copy(x25519PeerKey[:], peerKey)
-	curve25519.ScalarMult(&x25519Shared, &e.x25519PrivateKey, &x25519PeerKey)
-
-	// Per RFC 7748, reject the all-zero value in constant time.
-	var zeros [32]byte
-	if subtle.ConstantTimeCompare(zeros[:], x25519Shared[:]) == 1 {
-		return nil, errors.New("tls: X25519 value with wrong order")
-	}
-
-	var sikePubKey = e.sikePrivateKey.GeneratePublicKey()
-	sikeShared, err := sike.Decapsulate(e.sikePrivateKey, sikePubKey, peerKey[32:])
-	if err != nil {
-		return nil, errors.New("tls: invalid SIKE ciphertext")
-	}
-
-	preMasterSecret = append(preMasterSecret, x25519Shared[:]...)
-	preMasterSecret = append(preMasterSecret, sikeShared...)
-
-	return preMasterSecret, nil
-}
-
 func curveForCurveID(id CurveID, config *Config) (ecdhCurve, bool) {
 	switch id {
 	case CurveP224:
@@ -540,8 +447,6 @@ func curveForCurveID(id CurveID, config *Config) (ecdhCurve, bool) {
 		return &x25519ECDHCurve{setHighBit: config.Bugs.SetX25519HighBit}, true
 	case CurveCECPQ2:
 		return &cecpq2Curve{}, true
-	case CurveCECPQ2b:
-		return &cecpq2BCurve{}, true
 	default:
 		return nil, false
 	}
@@ -689,8 +594,8 @@ func (ka *ecdheKeyAgreement) generateServerKeyExchange(config *Config, cert *Cer
 
 NextCandidate:
 	for _, candidate := range preferredCurves {
-		if isPqGroup(candidate) && version < VersionTLS13 {
-			// CECPQ2 and CECPQ2b is TLS 1.3-only.
+		if candidate == CurveCECPQ2 && version < VersionTLS13 {
+			// CECPQ2 is TLS 1.3-only.
 			continue
 		}
author	Pete Bentley <prb@google.com>	2019-08-08 14:53:19 +0000
committer	Pete Bentley <prb@google.com>	2019-08-08 14:53:19 +0000
commit	228bd6249d17f351ea66508b3ec3112ed1cbdf30 (patch)
tree	b178584cd6074879284532ebf5f91db100ff119c /src/ssl/test/runner/key_agreement.go
parent	f8d8b73da16aa9f2fdda401a46b4f86a83016712 (diff)
download	boringssl-228bd6249d17f351ea66508b3ec3112ed1cbdf30.tar.gz