Skip to content

Commit

Permalink
Add dummy key agreement with codepoint 0xfe33 (#162)
Browse files Browse the repository at this point in the history
DummyKex is a key agreeement similar in size but purposefully incompatible with
X25519. The goal is to have a key agreement that servers will not support, so
we can test HelloRetryRquest.
  • Loading branch information
bwesterb committed May 7, 2024
1 parent 26b33f8 commit 048a673
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 0 deletions.
8 changes: 8 additions & 0 deletions src/crypto/tls/cfkem.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ import (
"fmt"
"io"

"github.com/cloudflare/circl/hpke"
"github.com/cloudflare/circl/kem"
"github.com/cloudflare/circl/kem/hybrid"
)
Expand All @@ -42,6 +43,11 @@ var (
X25519Kyber768Draft00Old = CurveID(0xfe31)
P256Kyber768Draft00 = CurveID(0xfe32)
invalidCurveID = CurveID(0)

// A key agreeement similar in size but purposefully incompatible with
// X25519. The goal is to have a key agreement that servers will not
// support, so we can test HelloRetryRquest.
DummyKex = CurveID(0xfe33)
)

func singleClientKeySharePrivateFor(ks clientKeySharePrivate, group CurveID) singleClientKeySharePrivate {
Expand All @@ -58,6 +64,8 @@ func curveIdToCirclScheme(id CurveID) kem.Scheme {
return hybrid.Kyber768X25519()
case P256Kyber768Draft00:
return hybrid.P256Kyber768Draft00()
case DummyKex:
return hpke.KEM_X25519_HKDF_SHA256.Scheme()
}
return nil
}
Expand Down
1 change: 1 addition & 0 deletions src/crypto/tls/cfkem_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,7 @@ func TestHybridKEX(t *testing.T) {
X25519Kyber768Draft00,
X25519Kyber768Draft00Old,
P256Kyber768Draft00,
DummyKex,
} {
run(curveID, true, true, false, false)
run(curveID, true, false, false, false)
Expand Down

0 comments on commit 048a673

Please sign in to comment.