crypto/tls: add support for Ed25519 certificates in TLS 1.2 and 1.3

Support for Ed25519 certificates was added in CL 175478, this wires them up into the TLS stack according to RFC 8422 (TLS 1.2) and RFC 8446 (TLS 1.3). RFC 8422 also specifies support for TLS 1.0 and 1.1, and I initially implemented that, but even OpenSSL doesn't take the complexity, so I just dropped it. It would have required keeping a buffer of the handshake transcript in order to do the direct Ed25519 signatures. We effectively need to support TLS 1.2 because it shares ClientHello signature algorithms with TLS 1.3. While at it, reordered the advertised signature algorithms in the rough order we would want to use them, also based on what curves have fast constant-time implementations. Client and client auth tests changed because of the change in advertised signature algorithms in ClientHello and CertificateRequest. Fixes #25355 Change-Id: I9fdd839afde4fd6b13fcbc5cc7017fd8c35085ee Reviewed-on: https://go-review.googlesource.com/c/go/+/177698 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Adam Langley <agl@golang.org>
author: Filippo Valsorda <filippo@golang.org> 2019-05-16 19:13:29 -0400
committer: Filippo Valsorda <filippo@golang.org> 2019-05-17 16:13:45 +0000
commit: f35338582d0e0e7047fa45be3cb8064c43c50f25 (patch)
tree: 591f08ef243b8afb1ff450b1277b5ba726080f30 /src/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-ECDSA
parent: ee551846fa015a04aaa55e44e8d9b6647156e301 (diff)
download: go-f35338582d0e0e7047fa45be3cb8064c43c50f25.tar.xz
1 files changed, 51 insertions, 51 deletions
diff --git a/src/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-ECDSA b/src/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-ECDSA
index 14ed93ca09..641ab1bd15 100644
--- a/src/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-ECDSA
+++ b/src/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-ECDSA
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 f8 01 00 00  f4 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 00 fa 01 00 00  f6 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,20 +7,20 @@
 00000050  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
 00000060  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
 00000070  c0 12 00 0a 00 05 c0 11  c0 07 13 01 13 03 13 02  |................|
-00000080  01 00 00 79 00 05 00 05  01 00 00 00 00 00 0a 00  |...y............|
+00000080  01 00 00 7b 00 05 00 05  01 00 00 00 00 00 0a 00  |...{............|
 00000090  0a 00 08 00 1d 00 17 00  18 00 19 00 0b 00 02 01  |................|
-000000a0  00 00 0d 00 18 00 16 08  04 08 05 08 06 04 01 04  |................|
-000000b0  03 05 01 05 03 06 01 06  03 02 01 02 03 ff 01 00  |................|
-000000c0  01 00 00 12 00 00 00 2b  00 09 08 03 04 03 03 03  |.......+........|
-000000d0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
-000000e0  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
-000000f0  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
+000000a0  00 00 0d 00 1a 00 18 08  04 04 03 08 07 08 05 08  |................|
+000000b0  06 04 01 05 01 06 01 05  03 06 03 02 01 02 03 ff  |................|
+000000c0  01 00 01 00 00 12 00 00  00 2b 00 09 08 03 04 03  |.........+......|
+000000d0  03 03 02 03 01 00 33 00  26 00 24 00 1d 00 20 2f  |......3.&.$... /|
+000000e0  e5 7d a3 47 cd 62 43 15  28 da ac 5f bb 29 07 30  |.}.G.bC.(.._.).0|
+000000f0  ff f6 84 af c4 cf c2 ed  90 99 5f 58 cb 3b 74     |.........._X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 01 00 59 02 00 00  55 03 01 04 4a 64 8e 4f  |....Y...U...Jd.O|
-00000010  f1 4e 06 19 e2 cb b8 92  93 7b f5 ec 1b 0e 30 8e  |.N.......{....0.|
-00000020  1f 89 6c a1 28 e7 87 7f  9e 9e 19 20 cf aa b7 1f  |..l.(...... ....|
-00000030  77 43 26 3e 15 5e 67 68  0d a6 a3 b1 25 e5 63 27  |wC&>.^gh....%.c'|
-00000040  00 f9 59 23 e0 a3 1c d7  49 e9 dc b3 c0 09 00 00  |..Y#....I.......|
+00000000  16 03 01 00 59 02 00 00  55 03 01 3b 4c b9 76 d2  |....Y...U..;L.v.|
+00000010  c3 d1 ea 81 71 1a 10 e1  b1 69 5c 54 c2 df 17 0a  |....q....i\T....|
+00000020  de 41 cb d1 69 c3 9a da  90 fd 25 20 1e 02 11 16  |.A..i.....% ....|
+00000030  ab 66 13 56 3d 94 00 a9  80 7c d8 57 12 99 1c 5f  |.f.V=....|.W..._|
+00000040  7a b2 02 8c 23 f3 76 b8  59 5e 16 dd c0 09 00 00  |z...#.v.Y^......|
 00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
 00000060  01 02 0e 0b 00 02 0a 00  02 07 00 02 04 30 82 02  |.............0..|
 00000070  00 30 82 01 62 02 09 00  b8 bf 2d 47 a0 d2 eb f4  |.0..b.....-G....|
@@ -55,20 +55,20 @@
 00000240  13 83 0d 94 06 bb d4 37  7a f6 ec 7a c9 86 2e dd  |.......7z..z....|
 00000250  d7 11 69 7f 85 7c 56 de  fb 31 78 2b e4 c7 78 0d  |..i..|V..1x+..x.|
 00000260  ae cb be 9e 4e 36 24 31  7b 6a 0f 39 95 12 07 8f  |....N6$1{j.9....|
-00000270  2a 16 03 01 00 b4 0c 00  00 b0 03 00 1d 20 6c 3b  |*............ l;|
-00000280  3f 6b 18 21 57 c4 df bf  3d ac 92 ee bc 99 0b 2f  |?k.!W...=....../|
-00000290  d5 b3 f5 ff 5f 6c 6b 33  db a9 7c 02 f8 4c 00 8a  |...._lk3..|..L..|
-000002a0  30 81 87 02 42 00 8e 15  e5 bb dc f5 3d c6 10 d7  |0...B.......=...|
-000002b0  67 54 3d 80 b5 6a 4d 69  f1 2c fe 99 bc 32 e1 ab  |gT=..jMi.,...2..|
-000002c0  42 c0 7d f2 5d e0 d6 22  95 58 25 5e 63 ba f0 9c  |B.}.]..".X%^c...|
-000002d0  9f 29 91 c9 a9 42 99 ab  b0 4f ed a9 42 8e 1f 3a  |.)...B...O..B..:|
-000002e0  44 34 48 d9 5a dd 9b 02  41 44 21 e1 54 b5 a3 e7  |D4H.Z...AD!.T...|
-000002f0  0a 57 45 52 ae 9d b5 fe  45 8a 3f 8b e7 50 e8 01  |.WER....E.?..P..|
-00000300  8c 26 27 85 f4 ef 80 30  7e d6 d8 27 4f d5 5e 9d  |.&'....0~..'O.^.|
-00000310  7b 65 1a c6 5a ab 57 17  3f 6e 5c 66 aa cd 46 bc  |{e..Z.W.?n\f..F.|
-00000320  5d 32 db a5 48 f8 f8 35  11 8b 16 03 01 00 0a 0d  |]2..H..5........|
-00000330  00 00 06 03 01 02 40 00  00 16 03 01 00 04 0e 00  |......@.........|
-00000340  00 00                                             |..|
+00000270  2a 16 03 01 00 b5 0c 00  00 b1 03 00 1d 20 16 64  |*............ .d|
+00000280  ca 24 70 6f 61 2f 9e 2d  43 0a 73 ac 67 f0 7a e5  |.$poa/.-C.s.g.z.|
+00000290  c7 4e c4 1f ad 13 0d eb  df ff 0d ff a3 27 00 8b  |.N...........'..|
+000002a0  30 81 88 02 42 01 1a 33  8b 88 78 ed 5c c1 56 0d  |0...B..3..x.\.V.|
+000002b0  75 51 69 a0 e7 45 6d ae  b0 67 55 3f be 23 3e 92  |uQi..Em..gU?.#>.|
+000002c0  fe 26 68 a2 30 84 2f b3  33 66 f6 dd 71 67 99 5e  |.&h.0./.3f..qg.^|
+000002d0  1c 6f bf 87 ed 33 a0 87  69 f6 35 65 8d cb 3a 7e  |.o...3..i.5e..:~|
+000002e0  95 a7 a4 40 54 cb 97 02  42 00 a3 fe 50 34 68 9f  |...@T...B...P4h.|
+000002f0  f2 43 98 23 e4 24 ad 36  e9 d3 e0 75 2c 11 46 6c  |.C.#.$.6...u,.Fl|
+00000300  48 33 c5 bc 2d 04 ff cc  bb ec 38 ec f4 b3 55 31  |H3..-.....8...U1|
+00000310  8a 6e 38 a5 6d a0 9c fc  f6 98 75 48 c6 79 53 de  |.n8.m.....uH.yS.|
+00000320  dd 91 49 f0 b6 32 83 45  61 89 4e 16 03 01 00 0a  |..I..2.Ea.N.....|
+00000330  0d 00 00 06 03 01 02 40  00 00 16 03 01 00 04 0e  |.......@........|
+00000340  00 00 00                                          |...|
 >>> Flow 3 (client to server)
 00000000  16 03 01 01 fd 0b 00 01  f9 00 01 f6 00 01 f3 30  |...............0|
 00000010  82 01 ef 30 82 01 58 a0  03 02 01 02 02 10 5c 19  |...0..X.......\.|
@@ -105,29 +105,29 @@
 00000200  e5 35 16 03 01 00 25 10  00 00 21 20 2f e5 7d a3  |.5....%...! /.}.|
 00000210  47 cd 62 43 15 28 da ac  5f bb 29 07 30 ff f6 84  |G.bC.(.._.).0...|
 00000220  af c4 cf c2 ed 90 99 5f  58 cb 3b 74 16 03 01 00  |......._X.;t....|
-00000230  86 0f 00 00 82 00 80 9a  02 82 fb dd 68 e7 91 9f  |............h...|
-00000240  83 12 57 35 23 7c de 88  97 07 a3 b2 67 77 0f c1  |..W5#|......gw..|
-00000250  bd 33 36 b3 ce fb f7 96  26 91 ab dc 96 26 64 fa  |.36.....&....&d.|
-00000260  34 66 31 2b fa 6d 52 60  3e fb a3 87 27 a7 7c ac  |4f1+.mR`>...'.|.|
-00000270  8c 87 ff c5 5e 6f 6f e1  db bf bc 58 3d b3 f6 89  |....^oo....X=...|
-00000280  a0 8e 0b 9d 26 74 68 57  ca e9 c2 ab 79 7b 6a dd  |....&thW....y{j.|
-00000290  c7 89 ef 0d 62 aa 47 7b  67 18 f2 ad 00 98 56 45  |....b.G{g.....VE|
-000002a0  12 ca de 6a d1 1a b5 a9  d2 53 ba 3b 90 a6 cf 69  |...j.....S.;...i|
-000002b0  12 65 32 c2 95 46 01 14  03 01 00 01 01 16 03 01  |.e2..F..........|
-000002c0  00 30 f7 2d b9 19 66 b2  2c 1b 96 08 bc 70 5b f5  |.0.-..f.,....p[.|
-000002d0  6d 58 9e 51 fb b5 3c a6  4f 4a fc 52 1f 10 20 c4  |mX.Q..<.OJ.R.. .|
-000002e0  3f d6 3c 0e 99 e3 1c b5  21 7f 0d fa 08 ec 17 27  |?.<.....!......'|
-000002f0  75 9f                                             |u.|
+00000230  86 0f 00 00 82 00 80 90  68 a8 2f 6f 2b 70 e4 25  |........h./o+p.%|
+00000240  7d fb b7 85 db 44 ec 1a  ad 6d 84 fb 95 21 fa 24  |}....D...m...!.$|
+00000250  7b 31 6a 97 4f 06 ee 87  22 c3 7c 81 70 ed e3 2a  |{1j.O...".|.p..*|
+00000260  d5 2c d1 4e 6d f0 12 52  2f 98 05 08 af 41 fa 87  |.,.Nm..R/....A..|
+00000270  d1 62 98 6c 06 47 ec 7a  44 e0 7d ae 7a 7d ef 1b  |.b.l.G.zD.}.z}..|
+00000280  d5 2c fa 1b 70 a3 fb 9a  5d 8c 60 b4 44 6a e5 b8  |.,..p...].`.Dj..|
+00000290  80 4c 29 fc f1 2d f1 11  46 81 c4 01 e4 11 2e 05  |.L)..-..F.......|
+000002a0  cb 2b ca d9 4a 14 39 06  93 77 19 db 80 03 82 38  |.+..J.9..w.....8|
+000002b0  e5 c1 0f 11 17 47 a7 14  03 01 00 01 01 16 03 01  |.....G..........|
+000002c0  00 30 a6 68 28 50 75 6d  eb f4 32 c8 a3 57 3f b1  |.0.h(Pum..2..W?.|
+000002d0  37 84 8e 7e 1d 1d 93 7d  9f ec ff ac 1c 8d bf 30  |7..~...}.......0|
+000002e0  d2 b0 0f 3f 02 c3 ef ac  a3 62 94 26 1c 8f 7e 8d  |...?.....b.&..~.|
+000002f0  74 99                                             |t.|
 >>> Flow 4 (server to client)
-00000000  14 03 01 00 01 01 16 03  01 00 30 db ac b4 71 dc  |..........0...q.|
-00000010  92 06 9c fe 87 11 69 eb  a6 4e e9 50 29 6d 06 37  |......i..N.P)m.7|
-00000020  02 73 b8 6d 7e ca 89 02  cf fa ad 0c 7c d0 90 cb  |.s.m~.......|...|
-00000030  af e5 50 68 fc 76 c5 09  a1 a1 d3                 |..Ph.v.....|
+00000000  14 03 01 00 01 01 16 03  01 00 30 80 3e 0d 50 13  |..........0.>.P.|
+00000010  5f 00 ba 2e 47 46 5d 63  1b 72 a8 02 24 1c 3e 1f  |_...GF]c.r..$.>.|
+00000020  ed e2 3a 45 d7 7d 3a f2  33 97 c3 ab 13 9b 0e 4a  |..:E.}:.3......J|
+00000030  04 f0 08 48 ab d3 46 0b  40 7d 5c                 |...H..F.@}\|
 >>> Flow 5 (client to server)
-00000000  17 03 01 00 20 cd b3 a4  99 da 5d 59 36 6f f8 26  |.... .....]Y6o.&|
-00000010  2d b2 4a 47 a1 54 7f b0  b3 df 0d 52 cc 13 7a 8b  |-.JG.T.....R..z.|
-00000020  a3 6a 8b 1f ee 17 03 01  00 20 d6 ab 8a 3e b3 41  |.j....... ...>.A|
-00000030  0a be 61 50 79 19 1a 45  03 c6 b9 b4 84 b2 18 46  |..aPy..E.......F|
-00000040  86 1f c3 b7 78 77 fc 7f  4f 30 15 03 01 00 20 2d  |....xw..O0.... -|
-00000050  c0 f2 71 06 dc 19 9d 88  82 b9 3a 6b be a4 77 98  |..q.......:k..w.|
-00000060  87 32 46 54 27 e4 17 47  8a 83 9c 5a 45 6e 6b     |.2FT'..G...ZEnk|
+00000000  17 03 01 00 20 f7 32 e7  36 4f 77 2f 4a 05 fd 27  |.... .2.6Ow/J..'|
+00000010  19 57 52 f7 8a 0c 7f fb  14 78 b2 06 bf ca 86 73  |.WR......x.....s|
+00000020  32 13 33 04 91 17 03 01  00 20 7e e4 fe c5 6d f7  |2.3...... ~...m.|
+00000030  d4 69 30 57 89 a0 76 70  40 a7 b5 17 74 2f 5d 16  |.i0W..vp@...t/].|
+00000040  c1 19 30 73 f8 37 c4 10  5b b7 15 03 01 00 20 08  |..0s.7..[..... .|
+00000050  41 5e 0b 9f 36 23 bd 9a  09 f7 58 9d a3 d7 26 3a  |A^..6#....X...&:|
+00000060  f4 5e 6b bf 9c d4 6f 0c  d3 9e cd de cb 95 57     |.^k...o.......W|
author	Filippo Valsorda <filippo@golang.org>	2019-05-16 19:13:29 -0400
committer	Filippo Valsorda <filippo@golang.org>	2019-05-17 16:13:45 +0000
commit	f35338582d0e0e7047fa45be3cb8064c43c50f25 (patch)
tree	591f08ef243b8afb1ff450b1277b5ba726080f30 /src/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-ECDSA
parent	ee551846fa015a04aaa55e44e8d9b6647156e301 (diff)
download	go-f35338582d0e0e7047fa45be3cb8064c43c50f25.tar.xz