mirrors/utls
1
0
Fork 0
mirror of https://github.com/refraction-networking/utls.git synced 2025-04-04 04:27:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

crypto/tls: add support for Ed25519 certificates in TLS 1.2 and 1.3

Browse source 
Support for Ed25519 certificates was added in CL 175478, this wires them
up into the TLS stack according to RFC 8422 (TLS 1.2) and RFC 8446 (TLS 1.3).

RFC 8422 also specifies support for TLS 1.0 and 1.1, and I initially
implemented that, but even OpenSSL doesn't take the complexity, so I
just dropped it. It would have required keeping a buffer of the
handshake transcript in order to do the direct Ed25519 signatures. We
effectively need to support TLS 1.2 because it shares ClientHello
signature algorithms with TLS 1.3.

While at it, reordered the advertised signature algorithms in the rough
order we would want to use them, also based on what curves have fast
constant-time implementations.

Client and client auth tests changed because of the change in advertised
signature algorithms in ClientHello and CertificateRequest.

Fixes #25355

Change-Id: I9fdd839afde4fd6b13fcbc5cc7017fd8c35085ee
Reviewed-on: https://go-review.googlesource.com/c/go/+/177698
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
This commit is contained in:
Filippo Valsorda 2019-05-16 19:13:29 -04:00
parent 6c11745f0b
commit 28958b0da6
84 changed files with 4977 additions and 3938 deletions
Download patch file Download diff file Expand all files Collapse all files

70
testdata/Client-TLSv12-ECDHE-RSA-CHACHA20-POLY1305 vendored
View file

@ -1,24 +1,24 @@
>>> Flow 1 (client to server)
00000000 16 03 01 00 ce 01 00 00 ca 03 03 00 00 00 00 00 |................|
00000000 16 03 01 00 d0 01 00 00 cc 03 03 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 08 cc a8 |................|
00000050 13 01 13 03 13 02 01 00 00 79 00 05 00 05 01 00 |.........y......|
00000050 13 01 13 03 13 02 01 00 00 7b 00 05 00 05 01 00 |.........{......|
00000060 00 00 00 00 0a 00 0a 00 08 00 1d 00 17 00 18 00 |................|
00000070 19 00 0b 00 02 01 00 00 0d 00 18 00 16 08 04 08 |................|
00000080 05 08 06 04 01 04 03 05 01 05 03 06 01 06 03 02 |................|
00000090 01 02 03 ff 01 00 01 00 00 12 00 00 00 2b 00 09 |.............+..|
000000a0 08 03 04 03 03 03 02 03 01 00 33 00 26 00 24 00 |..........3.&.$.|
000000b0 1d 00 20 2f e5 7d a3 47 cd 62 43 15 28 da ac 5f |.. /.}.G.bC.(.._|
000000c0 bb 29 07 30 ff f6 84 af c4 cf c2 ed 90 99 5f 58 |.).0.........._X|
000000d0 cb 3b 74 |.;t|
00000070 19 00 0b 00 02 01 00 00 0d 00 1a 00 18 08 04 04 |................|
00000080 03 08 07 08 05 08 06 04 01 05 01 06 01 05 03 06 |................|
00000090 03 02 01 02 03 ff 01 00 01 00 00 12 00 00 00 2b |...............+|
000000a0 00 09 08 03 04 03 03 03 02 03 01 00 33 00 26 00 |............3.&.|
000000b0 24 00 1d 00 20 2f e5 7d a3 47 cd 62 43 15 28 da |$... /.}.G.bC.(.|
000000c0 ac 5f bb 29 07 30 ff f6 84 af c4 cf c2 ed 90 99 |._.).0..........|
000000d0 5f 58 cb 3b 74 |_X.;t|
>>> Flow 2 (server to client)
00000000 16 03 03 00 59 02 00 00 55 03 03 94 bf 96 6e 08 |....Y...U.....n.|
00000010 c5 59 6f b5 bc 22 4b 73 4a ba 5f f4 ea 2b 77 1d |.Yo.."KsJ._..+w.|
00000020 f4 6d 45 46 51 3d 0b 60 d8 6b 4e 20 00 4b 00 f8 |.mEFQ=.`.kN .K..|
00000030 a2 81 c9 1c 44 4f 90 73 ea c7 88 70 d9 56 d9 27 |....DO.s...p.V.'|
00000040 c5 0e e2 42 f0 bb 33 73 08 f1 12 ed cc a8 00 00 |...B..3s........|
00000000 16 03 03 00 59 02 00 00 55 03 03 4e fb dc 04 6f |....Y...U..N...o|
00000010 5a 52 37 a3 55 58 26 e5 cd a0 67 4c 0f 87 1a 3a |ZR7.UX&...gL...:|
00000020 f6 84 33 2f 2e 52 d0 48 7c 5b 64 20 6e d0 bc ca |..3/.R.H|[d n...|
00000030 c9 a5 87 8d 99 c5 ec 85 84 89 f0 22 ab 63 55 f4 |...........".cU.|
00000040 70 d7 02 93 b5 fe d7 38 fb c1 b2 da cc a8 00 00 |p......8........|
00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..|
00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............|
@ -58,31 +58,31 @@
00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.|
000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..|
000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......|
000002c0 ac 0c 00 00 a8 03 00 1d 20 cd 60 09 2c c1 3b d6 |........ .`.,.;.|
000002d0 3b d1 c2 3c 9f 30 81 bb 6b 47 a3 cd 26 48 f4 41 |;..<.0..kG..&H.A|
000002e0 c0 d4 36 57 05 33 93 f8 75 08 04 00 80 9a 67 4b |..6W.3..u.....gK|
000002f0 36 41 f9 c1 5c 80 67 9d 0d bc 64 f1 0d 08 e1 9f |6A..\.g...d.....|
00000300 85 88 44 e3 bc c9 b7 f4 86 ec 5c 79 e6 2c ac 07 |..D.......\y.,..|
00000310 e9 cd 6a 7e 68 41 67 71 34 cb c5 13 7c ec 1a 73 |..j~hAgq4...|..s|
00000320 f8 30 da 08 d0 14 c6 4b e4 11 ac c6 34 f9 2f ca |.0.....K....4./.|
00000330 b4 81 35 76 17 9e 7b 4c f3 f7 ac 6d d3 d8 f7 7c |..5v..{L...m...||
00000340 70 b8 36 fa cc 85 fb 15 8e 82 c6 50 0e 90 c0 39 |p.6........P...9|
00000350 13 d9 02 b1 ae 17 ea 63 c4 e8 21 c2 c0 eb 5c 63 |.......c..!...\c|
00000360 e4 43 c5 1e ae 01 ee 64 23 42 b2 2a 52 16 03 03 |.C.....d#B.*R...|
000002c0 ac 0c 00 00 a8 03 00 1d 20 fc 4b 92 ab d2 cb 4f |........ .K....O|
000002d0 61 aa 86 12 1a 1d 75 be 31 dd b8 ee 6c a6 db bd |a.....u.1...l...|
000002e0 0b ea b2 d5 27 49 42 eb 5a 08 04 00 80 02 ad 71 |....'IB.Z......q|
000002f0 e2 e8 f6 44 3c a6 18 6f 76 ee 9a eb 0e d9 ff cb |...D<..ov.......|
00000300 6d 1e 64 dd 29 1d 8c c8 f6 14 40 c0 12 46 74 4c |m.d.).....@..FtL|
00000310 41 2d 71 5f 9c b7 86 0b fc 66 1e 14 cb 26 d0 d7 |A-q_.....f...&..|
00000320 21 b4 bd c2 04 38 77 90 6a f0 01 18 bd 1c 17 45 |!....8w.j......E|
00000330 7e 38 46 4c 2e 97 ba 11 01 1f 20 cc df f2 6b 5b |~8FL...... ...k[|
00000340 a7 29 c0 52 52 9c 2f 23 bd 1c 72 c2 f2 99 d1 dc |.).RR./#..r.....|
00000350 6a 6c ac 8e 87 8a 00 74 47 2e 99 8d 3f 79 04 60 |jl.....tG...?y.`|
00000360 5e dc ba 86 1c f4 f9 03 22 38 96 a7 b3 16 03 03 |^......."8......|
00000370 00 04 0e 00 00 00 |......|
>>> Flow 3 (client to server)
00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.|
00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....|
00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......|
00000030 16 03 03 00 20 8f 97 a6 c4 c1 81 4e 87 8c 17 3a |.... ......N...:|
00000040 6b 85 ad 17 6c 5c 14 b6 84 6b 7e a8 c1 ed 2e 6b |k...l\...k~....k|
00000050 fc e8 8f 8b 84 |.....|
00000030 16 03 03 00 20 0a 17 ee 70 8c 50 24 7c 00 b9 6f |.... ...p.P$|..o|
00000040 82 71 ed 2b 8c 0b 4b ff bb 38 bc 12 7e 0c a5 3e |.q.+..K..8..~..>|
00000050 71 a2 ad f8 52 |q...R|
>>> Flow 4 (server to client)
00000000 14 03 03 00 01 01 16 03 03 00 20 51 59 b7 f0 cf |.......... QY...|
00000010 07 d4 9a 45 15 b6 2f dd 03 5e 46 f9 c8 87 dc 99 |...E../..^F.....|
00000020 d2 56 cd 95 f9 3e 2e 42 19 2e e3 |.V...>.B...|
00000000 14 03 03 00 01 01 16 03 03 00 20 e9 87 55 12 a8 |.......... ..U..|
00000010 ad 68 42 0c 60 12 be 2f 2c e5 00 2d 01 cf 86 a2 |.hB.`../,..-....|
00000020 1b 06 b3 86 bf 88 48 73 7a d3 cc |......Hsz..|
>>> Flow 5 (client to server)
00000000 17 03 03 00 16 6d 16 3b 26 a8 60 d8 2c 9f 08 42 |.....m.;&.`.,..B|
00000010 51 bb 2a 58 c3 3b 42 cb 59 46 02 15 03 03 00 12 |Q.*X.;B.YF......|
00000020 1e c6 5e 68 40 58 9c df 5e 11 a3 c2 1e 50 11 d4 |..^h@X..^....P..|
00000030 ff 17 |..|
00000000 17 03 03 00 16 96 75 4c c6 ba b1 ad ae 2f 44 9d |......uL...../D.|
00000010 10 c3 ef e5 dc fb 0a 3e af 6b 6a 15 03 03 00 12 |.......>.kj.....|
00000020 30 13 8f e5 a1 0f 38 67 b9 53 4e 6a 66 ec ee 45 |0.....8g.SNjf..E|
00000030 c2 b2 |..|