crypto/tls: add support for Ed25519 certificates in TLS 1.2 and 1.3

Support for Ed25519 certificates was added in CL 175478, this wires them up into the TLS stack according to RFC 8422 (TLS 1.2) and RFC 8446 (TLS 1.3). RFC 8422 also specifies support for TLS 1.0 and 1.1, and I initially implemented that, but even OpenSSL doesn't take the complexity, so I just dropped it. It would have required keeping a buffer of the handshake transcript in order to do the direct Ed25519 signatures. We effectively need to support TLS 1.2 because it shares ClientHello signature algorithms with TLS 1.3. While at it, reordered the advertised signature algorithms in the rough order we would want to use them, also based on what curves have fast constant-time implementations. Client and client auth tests changed because of the change in advertised signature algorithms in ClientHello and CertificateRequest. Fixes #25355 Change-Id: I9fdd839afde4fd6b13fcbc5cc7017fd8c35085ee Reviewed-on: https://go-review.googlesource.com/c/go/+/177698 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Adam Langley <agl@golang.org>
2025-04-03 20:17:36 +03:00 · 2019-05-16 19:13:29 -04:00 · 2019-05-16 19:13:29 -04:00 · 28958b0da6
commit 28958b0da6
parent 6c11745f0b
84 changed files with 4977 additions and 3938 deletions
--- a/testdata/Client-TLSv12-X25519-ECDHE
+++ b/testdata/Client-TLSv12-X25519-ECDHE
@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 f2 01 00 00  ee 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 00 f4 01 00 00  f0 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@ -7,20 +7,20 @@
 00000050  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
 00000060  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
 00000070  c0 12 00 0a 00 05 c0 11  c0 07 13 01 13 03 13 02  |................|
-00000080  01 00 00 73 00 05 00 05  01 00 00 00 00 00 0a 00  |...s............|
-00000090  04 00 02 00 1d 00 0b 00  02 01 00 00 0d 00 18 00  |................|
-000000a0  16 08 04 08 05 08 06 04  01 04 03 05 01 05 03 06  |................|
-000000b0  01 06 03 02 01 02 03 ff  01 00 01 00 00 12 00 00  |................|
-000000c0  00 2b 00 09 08 03 04 03  03 03 02 03 01 00 33 00  |.+............3.|
-000000d0  26 00 24 00 1d 00 20 2f  e5 7d a3 47 cd 62 43 15  |&.$... /.}.G.bC.|
-000000e0  28 da ac 5f bb 29 07 30  ff f6 84 af c4 cf c2 ed  |(.._.).0........|
-000000f0  90 99 5f 58 cb 3b 74                              |.._X.;t|
+00000080  01 00 00 75 00 05 00 05  01 00 00 00 00 00 0a 00  |...u............|
+00000090  04 00 02 00 1d 00 0b 00  02 01 00 00 0d 00 1a 00  |................|
+000000a0  18 08 04 04 03 08 07 08  05 08 06 04 01 05 01 06  |................|
+000000b0  01 05 03 06 03 02 01 02  03 ff 01 00 01 00 00 12  |................|
+000000c0  00 00 00 2b 00 09 08 03  04 03 03 03 02 03 01 00  |...+............|
+000000d0  33 00 26 00 24 00 1d 00  20 2f e5 7d a3 47 cd 62  |3.&.$... /.}.G.b|
+000000e0  43 15 28 da ac 5f bb 29  07 30 ff f6 84 af c4 cf  |C.(.._.).0......|
+000000f0  c2 ed 90 99 5f 58 cb 3b  74                       |...._X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 59 02 00 00  55 03 03 14 f0 64 fb 80  |....Y...U....d..|
-00000010  40 49 f6 48 a5 65 9d e1  2e 37 c3 f7 b9 27 fe 6b  |@I.H.e...7...'.k|
-00000020  de 49 93 da 97 0d 59 c5  a8 5d 42 20 f9 10 79 a2  |.I....Y..]B ..y.|
-00000030  e6 33 e8 eb 6c 7d 3b 1d  e2 e9 3e df 5f 5a 40 d5  |.3..l};...>._Z@.|
-00000040  a2 0d c7 35 f2 db a1 e0  1f 90 bb 6b c0 2f 00 00  |...5.......k./..|
+00000000  16 03 03 00 59 02 00 00  55 03 03 e0 c7 ce be 3a  |....Y...U......:|
+00000010  a6 34 5f b7 c5 ec f1 f3  09 df 4d db 39 60 71 93  |.4_.......M.9`q.|
+00000020  db 7c 30 e0 81 93 f0 19  57 6b 6b 20 9e 4b e2 1e  |.|0.....Wkk .K..|
+00000030  27 8d d3 f6 0c f3 3d bc  67 3e 79 33 fd c9 cc 55  |'.....=.g>y3...U|
+00000040  36 55 a5 aa 89 94 fe b2  51 cf 24 56 c0 2f 00 00  |6U......Q.$V./..|
 00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
 00000060  03 02 59 0b 00 02 55 00  02 52 00 02 4f 30 82 02  |..Y...U..R..O0..|
 00000070  4b 30 82 01 b4 a0 03 02  01 02 02 09 00 e8 f0 9d  |K0..............|
@ -60,33 +60,33 @@
 00000290  77 8d 0c 1c f1 0f a1 d8  40 83 61 c9 4c 72 2b 9d  |w.......@.a.Lr+.|
 000002a0  ae db 46 06 06 4d f4 c1  b3 3e c0 d1 bd 42 d4 db  |..F..M...>...B..|
 000002b0  fe 3d 13 60 84 5c 21 d3  3b e9 fa e7 16 03 03 00  |.=.`.\!.;.......|
-000002c0  ac 0c 00 00 a8 03 00 1d  20 45 79 ac ef 3b d5 3e  |........ Ey..;.>|
-000002d0  81 e1 7d 8a 9e 94 b3 d8  15 49 3c 2a 71 0a 31 74  |..}......I<*q.1t|
-000002e0  2b 7a cc f7 5d 2d 72 d5  60 08 04 00 80 d1 63 69  |+z..]-r.`.....ci|
-000002f0  e9 5f 99 c1 43 18 29 04  39 f2 ec 2b d8 dc e6 59  |._..C.).9..+...Y|
-00000300  80 ff 27 f9 96 39 de 2c  26 9c f0 15 39 fa 42 ba  |..'..9.,&...9.B.|
-00000310  80 d8 1b f6 64 07 e4 2e  b3 1e ce 20 51 59 82 97  |....d...... QY..|
-00000320  a1 2f d5 3f 18 05 12 12  1e aa cf 29 93 34 89 18  |./.?.......).4..|
-00000330  0b 19 e0 30 21 5f ce c2  75 58 a1 aa 98 44 cb c0  |...0!_..uX...D..|
-00000340  08 db 6e c5 95 9c a7 f5  a2 30 c7 9d 9d 31 1d a1  |..n......0...1..|
-00000350  b8 3f 05 b8 13 b6 89 a8  3c 78 fe ae e5 6f 2a 91  |.?......<x...o*.|
-00000360  35 14 95 c5 89 4c 1e 68  2d 18 9b 36 81 16 03 03  |5....L.h-..6....|
+000002c0  ac 0c 00 00 a8 03 00 1d  20 9b 73 58 2f 9a aa 8b  |........ .sX/...|
+000002d0  3e 80 1c b1 8e e5 d4 54  c2 d0 b1 94 16 86 e2 4b  |>......T.......K|
+000002e0  9c ab d7 ce 2c e5 26 20  04 08 04 00 80 d8 c0 18  |....,.& ........|
+000002f0  90 8e 06 d8 d6 4c af a1  ae 5e ca 4b a1 18 bb 31  |.....L...^.K...1|
+00000300  f5 3a 75 c3 d7 73 69 a7  e0 0f 8e f2 c5 92 0a bd  |.:u..si.........|
+00000310  7f 91 36 6c 01 c3 eb 08  9a 3b 25 2c bd 86 88 05  |..6l.....;%,....|
+00000320  64 e0 38 5b 75 01 10 1f  1b d5 34 09 04 2e 34 6d  |d.8[u.....4...4m|
+00000330  71 d2 6c b6 f3 7a 1e ed  a9 9d 28 60 13 fc 02 6f  |q.l..z....(`...o|
+00000340  f6 17 99 52 7b 19 60 e5  a6 11 d4 b3 4c 52 03 b5  |...R{.`.....LR..|
+00000350  3e 28 91 c6 66 87 25 df  10 c6 cf b9 5f 92 0e d7  |>(..f.%....._...|
+00000360  b6 19 f0 19 b9 f6 e9 e9  24 74 35 3b c6 16 03 03  |........$t5;....|
 00000370  00 04 0e 00 00 00                                 |......|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 28 00 00 00  00 00 00 00 00 b5 c1 dc  |....(...........|
-00000040  8e c0 bc 78 74 a7 c6 36  23 67 55 5d bc 82 db 77  |...xt..6#gU]...w|
-00000050  85 d8 76 c8 98 65 63 8e  f2 47 0b 5b 10           |..v..ec..G.[.|
+00000030  16 03 03 00 28 00 00 00  00 00 00 00 00 01 e4 5a  |....(..........Z|
+00000040  e9 dc dd 98 cd 5f d2 d2  eb 84 12 c9 96 ca 91 d7  |....._..........|
+00000050  ae f4 db 44 a4 37 f3 a3  b2 8d db ed 3d           |...D.7......=|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 6e 20 eb fc d1  |..........(n ...|
-00000010  a1 0e 6c a5 d9 6c ab fc  4d 0e f3 f0 61 84 2d 14  |..l..l..M...a.-.|
-00000020  06 53 eb 69 18 b3 e3 f1  32 e8 19 00 5e 74 97 e5  |.S.i....2...^t..|
-00000030  98 a7 8a                                          |...|
+00000000  14 03 03 00 01 01 16 03  03 00 28 c2 2d 32 ba 46  |..........(.-2.F|
+00000010  27 8d 87 13 7f b9 49 04  64 2f 6e cc 32 81 f8 3c  |'.....I.d/n.2..<|
+00000020  7f 0f 19 13 5c 11 33 a1  05 5f 91 bc 97 30 64 84  |....\.3.._...0d.|
+00000030  57 69 90                                          |Wi.|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 32 91 ac  |.............2..|
-00000010  63 b8 71 f1 26 18 ac 15  45 58 6c 60 18 77 bc 5c  |c.q.&...EXl`.w.\|
-00000020  ff 5b cd 15 03 03 00 1a  00 00 00 00 00 00 00 02  |.[..............|
-00000030  ad 89 71 22 f0 e0 61 3e  2b f7 d9 da 96 34 51 72  |..q"..a>+....4Qr|
-00000040  c9 be                                             |..|
+00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 fd 0f a5  |................|
+00000010  74 98 c4 98 ee 67 74 d4  c1 d4 fe d3 c7 e2 1b 2c  |t....gt........,|
+00000020  e5 3c be 15 03 03 00 1a  00 00 00 00 00 00 00 02  |.<..............|
+00000030  f8 d4 60 41 13 6a 9c e3  0e 56 e2 ab 96 45 7e 06  |..`A.j...V...E~.|
+00000040  87 63                                             |.c|