hoelee/cloudflared
1
0
Fork 0
mirror of https://github.com/cloudflare/cloudflared.git synced 2025-07-30 11:00:11 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

RTG-1339 Support post-quantum hybrid key exchange

Browse Source 
Func spec: https://wiki.cfops.it/x/ZcBKHw
This commit is contained in:
Bas Westerbaan
2022-08-24 14:33:10 +02:00
committed by Devin Carr
parent 3e0ff3a771
commit 11cbff4ff7
171 changed files with 15270 additions and 196 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
vendor/github.com/marten-seemann/qtls-go1-19/handshake_server_tls13.go generated vendored
View File

@@ -11,6 +11,7 @@ import (
"crypto/hmac"
"crypto/rsa"
"errors"
"fmt"
"hash"
"io"
"sync/atomic"
@@ -46,6 +47,8 @@ type serverHandshakeStateTLS13 struct {
func (hs *serverHandshakeStateTLS13) handshake() error {
c := hs.c
startTime := time.Now()
if needFIPS() {
return errors.New("tls: internal error: TLS 1.3 reached in FIPS mode")
}
@@ -83,6 +86,12 @@ func (hs *serverHandshakeStateTLS13) handshake() error {
return err
}
raiseCFEvent(&cfEventHandshake{
serverSide: true,
duration: time.Since(startTime),
kex: hs.hello.serverShare.group,
})
atomic.StoreUint32(&c.handshakeStatus, 1)
return nil
@@ -210,17 +219,27 @@ GroupSelection:
clientKeyShare = &hs.clientHello.keyShares[0]
}
if _, ok := curveForCurveID(selectedGroup); selectedGroup != X25519 && !ok {
if _, ok := curveForCurveID(selectedGroup); selectedGroup != X25519 && curveIdToCirclScheme(selectedGroup) == nil && !ok {
c.sendAlert(alertInternalError)
return errors.New("tls: CurvePreferences includes unsupported curve")
}
params, err := generateECDHEParameters(c.config.rand(), selectedGroup)
if err != nil {
c.sendAlert(alertInternalError)
return err
if kem := curveIdToCirclScheme(selectedGroup); kem != nil {
ct, ss, alert, err := encapsulateForKem(kem, c.config.rand(), clientKeyShare.data)
if err != nil {
c.sendAlert(alert)
return fmt.Errorf("%s encap: %w", kem.Name(), err)
}
hs.hello.serverShare = keyShare{group: selectedGroup, data: ct}
hs.sharedKey = ss
} else {
params, err := generateECDHEParameters(c.config.rand(), selectedGroup)
if err != nil {
c.sendAlert(alertInternalError)
return err
}
hs.hello.serverShare = keyShare{group: selectedGroup, data: params.PublicKey()}
hs.sharedKey = params.SharedKey(clientKeyShare.data)
}
hs.hello.serverShare = keyShare{group: selectedGroup, data: params.PublicKey()}
hs.sharedKey = params.SharedKey(clientKeyShare.data)
if hs.sharedKey == nil {
c.sendAlert(alertIllegalParameter)
return errors.New("tls: invalid client key share")
@@ -441,6 +460,8 @@ func (hs *serverHandshakeStateTLS13) sendDummyChangeCipherSpec() error {
func (hs *serverHandshakeStateTLS13) doHelloRetryRequest(selectedGroup CurveID) error {
c := hs.c
raiseCFEvent(&cfEventHRR{serverSide: true})
// The first ClientHello gets double-hashed into the transcript upon a
// HelloRetryRequest. See RFC 8446, Section 4.4.1.
hs.transcript.Write(hs.clientHello.marshal())