kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull-Requests 0 Releases 0 Wiki Aktivität
Quellcode durchsuchen

Test the high-order bit in X25519. 

This schism came up in passing again, and I realized we never added a
TLS-level test for this. Fix that.

Change-Id: I10f910bb5a975d6b3b73d99e7412ade35654fddb
Reviewed-on: https://boringssl-review.googlesource.com/27224
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
kris/onging/CECPQ3_patch15
David Benjamin vor 6 Jahren
committed by CQ bot account: commit-bot@chromium.org
Ursprung
56ea9e2769
Commit
56b1a8efa6
3 geänderte Dateien mit 25 neuen und 1 gelöschten Zeilen
Geteilte Ansicht
Diff-Optionen
Statistiken anzeigen Patch-Datei herunterladen Vergleichs-Datei herunterladen
  1. +4
    -0
      ssl/test/runner/common.go
  2. +5
    -1
      ssl/test/runner/key_agreement.go
  3. +16
    -0
      ssl/test/runner/runner.go

+ 4
- 0
ssl/test/runner/common.go Datei anzeigen

@@ -1576,6 +1576,10 @@ type ProtocolBugs struct {
// ExpectRSAPSSSupport specifies the level of RSA-PSS support expected
// from the peer.
ExpectRSAPSSSupport RSAPSSSupport

// SetX25519HighBit, if true, causes X25519 key shares to set their
// high-order bit.
SetX25519HighBit bool
}

func (c *Config) serverInit() {


+ 5
- 1
ssl/test/runner/key_agreement.go Datei anzeigen

@@ -302,6 +302,7 @@ func (e *ellipticECDHCurve) finish(peerKey []byte) (preMasterSecret []byte, err
// x25519ECDHCurve implements ecdhCurve with X25519.
type x25519ECDHCurve struct {
privateKey [32]byte
setHighBit bool
}

func (e *x25519ECDHCurve) offer(rand io.Reader) (publicKey []byte, err error) {
@@ -311,6 +312,9 @@ func (e *x25519ECDHCurve) offer(rand io.Reader) (publicKey []byte, err error) {
}
var out [32]byte
curve25519.ScalarBaseMult(&out, &e.privateKey)
if e.setHighBit {
out[31] |= 0x80
}
return out[:], nil
}

@@ -354,7 +358,7 @@ func curveForCurveID(id CurveID, config *Config) (ecdhCurve, bool) {
case CurveP521:
return &ellipticECDHCurve{curve: elliptic.P521(), sendCompressed: config.Bugs.SendCompressedCoordinates}, true
case CurveX25519:
return &x25519ECDHCurve{}, true
return &x25519ECDHCurve{setHighBit: config.Bugs.SetX25519HighBit}, true
default:
return nil, false
}


+ 16
- 0
ssl/test/runner/runner.go Datei anzeigen

@@ -11017,6 +11017,22 @@ func addCurveTests() {
shouldFail: true,
expectedError: ":ERROR_PARSING_EXTENSION:",
})

// Implementations should mask off the high order bit in X25519.
testCases = append(testCases, testCase{
name: "SetX25519HighBit",
config: Config{
CipherSuites: []uint16{
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_AES_128_GCM_SHA256,
},
CurvePreferences: []CurveID{CurveX25519},
Bugs: ProtocolBugs{
SetX25519HighBit: true,
},
},
})
}

func addTLS13RecordTests() {


Verfassen Vorschau
Laden…
Abbrechen
Speichern