diff options
author | Pete Bentley <prb@google.com> | 2019-08-08 14:53:19 +0000 |
---|---|---|
committer | Pete Bentley <prb@google.com> | 2019-08-08 14:53:19 +0000 |
commit | 228bd6249d17f351ea66508b3ec3112ed1cbdf30 (patch) | |
tree | b178584cd6074879284532ebf5f91db100ff119c /src/ssl/test/runner/key_agreement.go | |
parent | f8d8b73da16aa9f2fdda401a46b4f86a83016712 (diff) | |
download | boringssl-228bd6249d17f351ea66508b3ec3112ed1cbdf30.tar.gz |
Revert "external/boringssl: Sync to 81080a729af568f7b5fde92b9170cc17065027c9."
This reverts commit f8d8b73da16aa9f2fdda401a46b4f86a83016712.
Reason for revert: Breaks buildsdk_tools_cross_win
Change-Id: I3bac24f78d165dfa7f89b878cc2277281fd8f1ab
Diffstat (limited to 'src/ssl/test/runner/key_agreement.go')
-rw-r--r-- | src/ssl/test/runner/key_agreement.go | 99 |
1 files changed, 2 insertions, 97 deletions
diff --git a/src/ssl/test/runner/key_agreement.go b/src/ssl/test/runner/key_agreement.go index f4789b66..13e78bc4 100644 --- a/src/ssl/test/runner/key_agreement.go +++ b/src/ssl/test/runner/key_agreement.go @@ -19,7 +19,6 @@ import ( "boringssl.googlesource.com/boringssl/ssl/test/runner/curve25519" "boringssl.googlesource.com/boringssl/ssl/test/runner/ed25519" "boringssl.googlesource.com/boringssl/ssl/test/runner/hrss" - "boringssl.googlesource.com/boringssl/ssl/test/runner/sike" ) type keyType int @@ -434,98 +433,6 @@ func (e *cecpq2Curve) finish(peerKey []byte) (preMasterSecret []byte, err error) return preMasterSecret, nil } -// cecpq2BCurve implements CECPQ2b, which is SIKE combined with X25519. -type cecpq2BCurve struct { - // Both public key and shared secret size - x25519PrivateKey [32]byte - sikePrivateKey *sike.PrivateKey -} - -func (e *cecpq2BCurve) offer(rand io.Reader) (publicKey []byte, err error) { - if _, err = io.ReadFull(rand, e.x25519PrivateKey[:]); err != nil { - return nil, err - } - - var x25519Public [32]byte - curve25519.ScalarBaseMult(&x25519Public, &e.x25519PrivateKey) - - e.sikePrivateKey = sike.NewPrivateKey(sike.KeyVariant_SIKE) - if err = e.sikePrivateKey.Generate(rand); err != nil { - return nil, err - } - - sikePublic := e.sikePrivateKey.GeneratePublicKey().Export() - var ret []byte - ret = append(ret, x25519Public[:]...) - ret = append(ret, sikePublic...) - return ret, nil -} - -func (e *cecpq2BCurve) accept(rand io.Reader, peerKey []byte) (publicKey []byte, preMasterSecret []byte, err error) { - if len(peerKey) != 32+sike.Params.PublicKeySize { - return nil, nil, errors.New("tls: bad length CECPQ2b offer") - } - - if _, err = io.ReadFull(rand, e.x25519PrivateKey[:]); err != nil { - return nil, nil, err - } - - var x25519Shared, x25519PeerKey, x25519Public [32]byte - copy(x25519PeerKey[:], peerKey) - curve25519.ScalarBaseMult(&x25519Public, &e.x25519PrivateKey) - curve25519.ScalarMult(&x25519Shared, &e.x25519PrivateKey, &x25519PeerKey) - - // Per RFC 7748, reject the all-zero value in constant time. - var zeros [32]byte - if subtle.ConstantTimeCompare(zeros[:], x25519Shared[:]) == 1 { - return nil, nil, errors.New("tls: X25519 value with wrong order") - } - - var sikePubKey = sike.NewPublicKey(sike.KeyVariant_SIKE) - if err = sikePubKey.Import(peerKey[32:]); err != nil { - // should never happen as size was already checked - return nil, nil, errors.New("tls: implementation error") - } - sikeCiphertext, sikeShared, err := sike.Encapsulate(rand, sikePubKey) - if err != nil { - return nil, nil, err - } - - publicKey = append(publicKey, x25519Public[:]...) - publicKey = append(publicKey, sikeCiphertext...) - preMasterSecret = append(preMasterSecret, x25519Shared[:]...) - preMasterSecret = append(preMasterSecret, sikeShared...) - - return publicKey, preMasterSecret, nil -} - -func (e *cecpq2BCurve) finish(peerKey []byte) (preMasterSecret []byte, err error) { - if len(peerKey) != 32+(sike.Params.PublicKeySize+sike.Params.MsgLen) { - return nil, errors.New("tls: bad length CECPQ2b reply") - } - - var x25519Shared, x25519PeerKey [32]byte - copy(x25519PeerKey[:], peerKey) - curve25519.ScalarMult(&x25519Shared, &e.x25519PrivateKey, &x25519PeerKey) - - // Per RFC 7748, reject the all-zero value in constant time. - var zeros [32]byte - if subtle.ConstantTimeCompare(zeros[:], x25519Shared[:]) == 1 { - return nil, errors.New("tls: X25519 value with wrong order") - } - - var sikePubKey = e.sikePrivateKey.GeneratePublicKey() - sikeShared, err := sike.Decapsulate(e.sikePrivateKey, sikePubKey, peerKey[32:]) - if err != nil { - return nil, errors.New("tls: invalid SIKE ciphertext") - } - - preMasterSecret = append(preMasterSecret, x25519Shared[:]...) - preMasterSecret = append(preMasterSecret, sikeShared...) - - return preMasterSecret, nil -} - func curveForCurveID(id CurveID, config *Config) (ecdhCurve, bool) { switch id { case CurveP224: @@ -540,8 +447,6 @@ func curveForCurveID(id CurveID, config *Config) (ecdhCurve, bool) { return &x25519ECDHCurve{setHighBit: config.Bugs.SetX25519HighBit}, true case CurveCECPQ2: return &cecpq2Curve{}, true - case CurveCECPQ2b: - return &cecpq2BCurve{}, true default: return nil, false } @@ -689,8 +594,8 @@ func (ka *ecdheKeyAgreement) generateServerKeyExchange(config *Config, cert *Cer NextCandidate: for _, candidate := range preferredCurves { - if isPqGroup(candidate) && version < VersionTLS13 { - // CECPQ2 and CECPQ2b is TLS 1.3-only. + if candidate == CurveCECPQ2 && version < VersionTLS13 { + // CECPQ2 is TLS 1.3-only. continue } |