crypto/tls: add support for Ed25519 certificates in TLS 1.2 and 1.3

Support for Ed25519 certificates was added in CL 175478, this wires them up into the TLS stack according to RFC 8422 (TLS 1.2) and RFC 8446 (TLS 1.3). RFC 8422 also specifies support for TLS 1.0 and 1.1, and I initially implemented that, but even OpenSSL doesn't take the complexity, so I just dropped it. It would have required keeping a buffer of the handshake transcript in order to do the direct Ed25519 signatures. We effectively need to support TLS 1.2 because it shares ClientHello signature algorithms with TLS 1.3. While at it, reordered the advertised signature algorithms in the rough order we would want to use them, also based on what curves have fast constant-time implementations. Client and client auth tests changed because of the change in advertised signature algorithms in ClientHello and CertificateRequest. Fixes #25355 Change-Id: I9fdd839afde4fd6b13fcbc5cc7017fd8c35085ee Reviewed-on: https://go-review.googlesource.com/c/go/+/177698 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Adam Langley <agl@golang.org>
2025-04-03 20:17:36 +03:00 · 2019-05-16 19:13:29 -04:00 · 2019-05-16 19:13:29 -04:00 · 28958b0da6
commit 28958b0da6
parent 6c11745f0b
84 changed files with 4977 additions and 3938 deletions
--- a/testdata/Client-TLSv12-RenegotiationRejected
+++ b/testdata/Client-TLSv12-RenegotiationRejected
@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 f8 01 00 00  f4 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 00 fa 01 00 00  f6 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@ -7,20 +7,20 @@
 00000050  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
 00000060  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
 00000070  c0 12 00 0a 00 05 c0 11  c0 07 13 01 13 03 13 02  |................|
-00000080  01 00 00 79 00 05 00 05  01 00 00 00 00 00 0a 00  |...y............|
+00000080  01 00 00 7b 00 05 00 05  01 00 00 00 00 00 0a 00  |...{............|
 00000090  0a 00 08 00 1d 00 17 00  18 00 19 00 0b 00 02 01  |................|
-000000a0  00 00 0d 00 18 00 16 08  04 08 05 08 06 04 01 04  |................|
-000000b0  03 05 01 05 03 06 01 06  03 02 01 02 03 ff 01 00  |................|
-000000c0  01 00 00 12 00 00 00 2b  00 09 08 03 04 03 03 03  |.......+........|
-000000d0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
-000000e0  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
-000000f0  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
+000000a0  00 00 0d 00 1a 00 18 08  04 04 03 08 07 08 05 08  |................|
+000000b0  06 04 01 05 01 06 01 05  03 06 03 02 01 02 03 ff  |................|
+000000c0  01 00 01 00 00 12 00 00  00 2b 00 09 08 03 04 03  |.........+......|
+000000d0  03 03 02 03 01 00 33 00  26 00 24 00 1d 00 20 2f  |......3.&.$... /|
+000000e0  e5 7d a3 47 cd 62 43 15  28 da ac 5f bb 29 07 30  |.}.G.bC.(.._.).0|
+000000f0  ff f6 84 af c4 cf c2 ed  90 99 5f 58 cb 3b 74     |.........._X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 59 02 00 00  55 03 03 e0 77 db d2 ca  |....Y...U...w...|
-00000010  46 29 bc ce 1a ee 39 d0  58 35 74 c0 1f 17 86 c0  |F)....9.X5t.....|
-00000020  a8 58 ad b6 e3 f5 e0 80  ae 71 43 20 cd a1 49 bb  |.X.......qC ..I.|
-00000030  94 bc fc 26 a5 56 ea dc  9d 9a b4 ee c7 70 fa 72  |...&.V.......p.r|
-00000040  04 c1 d8 e2 a9 63 24 9a  07 18 a5 fa cc a8 00 00  |.....c$.........|
+00000000  16 03 03 00 59 02 00 00  55 03 03 9c d0 eb d6 42  |....Y...U......B|
+00000010  2e ff 6e 5a 19 33 6d 12  97 56 56 2b f5 1b 86 c8  |..nZ.3m..VV+....|
+00000020  38 83 59 37 ac 17 46 ed  73 53 43 20 e4 94 9b 71  |8.Y7..F.sSC ...q|
+00000030  f4 94 d9 d9 3a a1 e1 99  1e b4 a5 55 46 88 e0 0a  |....:......UF...|
+00000040  af 0a 0e ff 81 10 e2 e0  63 21 ae 2a cc a8 00 00  |........c!.*....|
 00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
 00000060  03 02 59 0b 00 02 55 00  02 52 00 02 4f 30 82 02  |..Y...U..R..O0..|
 00000070  4b 30 82 01 b4 a0 03 02  01 02 02 09 00 e8 f0 9d  |K0..............|
@ -60,36 +60,36 @@
 00000290  77 8d 0c 1c f1 0f a1 d8  40 83 61 c9 4c 72 2b 9d  |w.......@.a.Lr+.|
 000002a0  ae db 46 06 06 4d f4 c1  b3 3e c0 d1 bd 42 d4 db  |..F..M...>...B..|
 000002b0  fe 3d 13 60 84 5c 21 d3  3b e9 fa e7 16 03 03 00  |.=.`.\!.;.......|
-000002c0  ac 0c 00 00 a8 03 00 1d  20 96 83 76 7c af 6c af  |........ ..v|.l.|
-000002d0  be 20 ec 79 87 9e e0 23  fa 34 78 96 91 30 3b 78  |. .y...#.4x..0;x|
-000002e0  1b 3f 0f 73 b4 45 05 2f  22 08 04 00 80 38 fe 9b  |.?.s.E./"....8..|
-000002f0  e1 c2 82 13 ce 00 c2 0e  08 98 22 d0 4d 86 38 97  |..........".M.8.|
-00000300  c1 78 b9 11 a4 9d af e0  75 d1 c9 dc a1 dc 25 03  |.x......u.....%.|
-00000310  cd ba 15 2e be 0a 61 39  4f 4f d3 48 95 61 3f 2c  |......a9OO.H.a?,|
-00000320  fb e1 63 e7 8f 51 b4 1f  c8 98 f7 3e 23 11 8c 4a  |..c..Q.....>#..J|
-00000330  b4 76 15 cc 83 bd dc 6f  af 0c d9 f1 80 0d 9b a2  |.v.....o........|
-00000340  a3 ac 2f 26 c8 d3 23 94  bc c9 3d fb 44 4e 47 3e  |../&..#...=.DNG>|
-00000350  3b de ce 24 b8 ab 52 f3  5f 26 96 7f e6 a4 ec 9e  |;..$..R._&......|
-00000360  fc 44 4a 1b 73 d1 ea 2a  a9 b9 c8 ba f6 16 03 03  |.DJ.s..*........|
+000002c0  ac 0c 00 00 a8 03 00 1d  20 9b 89 08 0d ea c2 d3  |........ .......|
+000002d0  4f 73 77 a0 e3 0e 1a 68  13 2c 5c a5 ec 39 75 1b  |Osw....h.,\..9u.|
+000002e0  c2 95 fe b8 fe 58 f4 bb  16 08 04 00 80 d4 e8 d3  |.....X..........|
+000002f0  d4 5b 1f ee ff 60 f5 86  b1 f4 06 c0 a8 ab 90 b0  |.[...`..........|
+00000300  26 15 d5 4e 3f d6 a5 e2  a3 3a e0 0f 9a 92 bd 96  |&..N?....:......|
+00000310  9d 98 15 f3 95 82 a9 5d  9f 1d 9b 4f 2e 77 58 40  |.......]...O.wX@|
+00000320  58 3d fd 8f a6 09 1c fa  61 77 2e 87 df e7 76 8b  |X=......aw....v.|
+00000330  bf f1 dd 29 f8 70 c0 6d  db e5 a0 55 92 77 44 75  |...).p.m...U.wDu|
+00000340  d9 95 a6 17 67 93 47 8e  1f 61 50 65 31 94 d3 79  |....g.G..aPe1..y|
+00000350  5f 25 a6 f0 3e 19 9a c8  ad b9 1a af 5b 50 2c 97  |_%..>.......[P,.|
+00000360  78 1e 71 3a e0 fa 7c 44  1e d1 32 56 4e 16 03 03  |x.q:..|D..2VN...|
 00000370  00 04 0e 00 00 00                                 |......|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 20 f3 a4 06  da e0 55 ed 41 d1 71 2a  |.... .....U.A.q*|
-00000040  d5 aa 00 31 eb 23 23 52  20 43 36 8f 10 70 d3 e0  |...1.##R C6..p..|
-00000050  6d cc 77 f9 68                                    |m.w.h|
+00000030  16 03 03 00 20 88 fe 97  82 bd a7 99 c6 a6 2f c1  |.... ........./.|
+00000040  1a a8 54 8c e5 c6 39 0a  6b 07 9b 1a 05 f4 fb e3  |..T...9.k.......|
+00000050  67 f5 c8 6e 17                                    |g..n.|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 20 f5 84 89 dc 37  |.......... ....7|
-00000010  bf d9 75 10 c2 30 50 9e  2c 71 00 30 46 f3 af 00  |..u..0P.,q.0F...|
-00000020  9c 6c fd 78 2d d1 54 88  98 c4 8a                 |.l.x-.T....|
+00000000  14 03 03 00 01 01 16 03  03 00 20 3b 6d ac 1c 8b  |.......... ;m...|
+00000010  1b 46 3a 4e 03 75 51 9e  99 6e 5a a8 4f 07 91 a3  |.F:N.uQ..nZ.O...|
+00000020  18 2c bf 88 92 17 e5 13  65 a3 6c                 |.,......e.l|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 16 e7 10 a8  74 64 64 01 ea af 4a f2  |........tdd...J.|
-00000010  6a 09 c7 60 49 ba 59 71  bc f6 90                 |j..`I.Yq...|
+00000000  17 03 03 00 16 c7 94 fc  be 3d 73 fd ec ce b2 f6  |.........=s.....|
+00000010  bf 17 bf 52 3e b4 98 39  43 c0 0a                 |...R>..9C..|
 >>> Flow 6 (server to client)
-00000000  16 03 03 00 14 4c ff 21  fb 5d ef 36 28 6f f8 7b  |.....L.!.].6(o.{|
-00000010  c0 08 b6 1b e3 17 c3 6e  49                       |.......nI|
+00000000  16 03 03 00 14 cf 01 f5  e6 eb 60 e3 49 c4 fb 84  |..........`.I...|
+00000010  e1 11 69 e1 91 c0 02 d2  e3                       |..i......|
 >>> Flow 7 (client to server)
-00000000  15 03 03 00 12 ab 44 a2  47 b2 14 a3 5f 40 1b 56  |......D.G..._@.V|
-00000010  d0 f0 3f ea 95 cf aa 15  03 03 00 12 28 1b e3 5f  |..?.........(.._|
-00000020  8c c4 87 b4 d6 28 2f c9  93 30 66 7a 35 ce        |.....(/..0fz5.|
+00000000  15 03 03 00 12 4d 7f de  01 23 f7 3f 0d e6 1a f1  |.....M...#.?....|
+00000010  19 a2 cd 58 1a 25 f5 15  03 03 00 12 95 78 52 00  |...X.%.......xR.|
+00000020  65 aa 6d 77 5a 66 d5 95  c4 5a 9b 1b 05 b2        |e.mwZf...Z....|