mirrors/utls
1
0
Fork 0
mirror of https://github.com/refraction-networking/utls.git synced 2025-04-04 20:47:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

src/vendor,crypto/tls: update to latest x/crypto and use new X25519 API

Browse source 
Change-Id: Icd5006e37861d892a5f3d4397c3826179c1b12ad
Reviewed-on: https://go-review.googlesource.com/c/go/+/206657
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
This commit is contained in:
Filippo Valsorda 2019-11-11 20:37:50 -05:00
parent 8010a411f4
commit affd11bcb1
1 changed files with 16 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

39
key_schedule.go
View file

@ -7,14 +7,14 @@ package tls
import ( import (
"crypto/elliptic" "crypto/elliptic"
"crypto/hmac" "crypto/hmac"
"crypto/subtle"
"errors" "errors"
"golang.org/x/crypto/cryptobyte"
"golang.org/x/crypto/curve25519"
"golang.org/x/crypto/hkdf"
"hash" "hash"
"io" "io"
"math/big" "math/big"
"golang.org/x/crypto/cryptobyte"
"golang.org/x/crypto/curve25519"
"golang.org/x/crypto/hkdf"
) )
// This file contains the functions necessary to compute the TLS 1.3 key // This file contains the functions necessary to compute the TLS 1.3 key
@ -111,12 +111,15 @@ type ecdheParameters interface {
func generateECDHEParameters(rand io.Reader, curveID CurveID) (ecdheParameters, error) { func generateECDHEParameters(rand io.Reader, curveID CurveID) (ecdheParameters, error) {
if curveID == X25519 { if curveID == X25519 {
p := &x25519Parameters{} privateKey := make([]byte, curve25519.ScalarSize)
if _, err := io.ReadFull(rand, p.privateKey[:]); err != nil { if _, err := io.ReadFull(rand, privateKey); err != nil {
return nil, err return nil, err
} }
curve25519.ScalarBaseMult(&p.publicKey, &p.privateKey) publicKey, err := curve25519.X25519(privateKey, curve25519.Basepoint)
return p, nil if err != nil {
return nil, err
}
return &x25519Parameters{privateKey: privateKey, publicKey: publicKey}, nil
} }
curve, ok := curveForCurveID(curveID) curve, ok := curveForCurveID(curveID)
@ -178,8 +181,8 @@ func (p *nistParameters) SharedKey(peerPublicKey []byte) []byte {
} }
type x25519Parameters struct { type x25519Parameters struct {
privateKey [32]byte privateKey []byte
publicKey [32]byte publicKey []byte
} }
func (p *x25519Parameters) CurveID() CurveID { func (p *x25519Parameters) CurveID() CurveID {
@ -191,19 +194,9 @@ func (p *x25519Parameters) PublicKey() []byte {
} }
func (p *x25519Parameters) SharedKey(peerPublicKey []byte) []byte { func (p *x25519Parameters) SharedKey(peerPublicKey []byte) []byte {
if len(peerPublicKey) != 32 { sharedKey, err := curve25519.X25519(p.privateKey, peerPublicKey)
if err != nil {
return nil return nil
} }
return sharedKey
var theirPublicKey, sharedKey [32]byte
copy(theirPublicKey[:], peerPublicKey)
curve25519.ScalarMult(&sharedKey, &p.privateKey, &theirPublicKey)
// Check for low-order inputs. See RFC 8422, Section 5.11.
var allZeroes [32]byte
if subtle.ConstantTimeCompare(allZeroes[:], sharedKey[:]) == 1 {
return nil
}
return sharedKey[:]
} }