Skip to content

Instantly share code, notes, and snippets.

@AZ-X

AZ-X/quiz-CECPQ2.md

Last active May 12, 2021 10:51
Show Gist options
  • Save AZ-X/f4640e5e9cd17b059e5e7a09d9ad26fa to your computer and use it in GitHub Desktop.
Save AZ-X/f4640e5e9cd17b059e5e7a09d9ad26fa to your computer and use it in GitHub Desktop.
Download ZIP
CECPQ2 support for golang 1.16
Raw
quiz-CECPQ2.md

quiz

insert

==>

const ( CurveCECPQ2 CurveID = 16696 )

type cecpq2CurveParameters struct { privateKey []byte publicKey []byte hrssPrivateKey hrss.PrivateKey }

func (p *cecpq2CurveParameters) CurveID() CurveID { return CurveCECPQ2 }

func (p *cecpq2CurveParameters) PublicKey() []byte { return p.publicKey[:] }

func (p *cecpq2CurveParameters) SharedKey(peerPublicKey []byte) []byte { if len(peerPublicKey) != curve25519.ScalarSize+hrss.CiphertextSize { return nil } sharedKey, err := curve25519.X25519(p.privateKey, peerPublicKey[:curve25519.ScalarSize]) if err != nil { return nil }

hrssShared, ok := p.hrssPrivateKey.Decap(peerPublicKey[curve25519.ScalarSize:])
if !ok {
	return nil
}

return append(sharedKey, hrssShared...)

}

find the section in the 'same file' & insert

==>

"crypto/tls/hrss"

==>

if curveID == CurveCECPQ2 {
	privateKey := make([]byte, curve25519.ScalarSize)
	if _, err := io.ReadFull(rand, privateKey); err != nil {
		return nil, err
	}
	publicKey, err := curve25519.X25519(privateKey, curve25519.Basepoint)
	hrssPrivateKey := hrss.GenerateKey(rand)
	hrssPublic := hrssPrivateKey.PublicKey.Marshal()
	publicKey = append(publicKey, hrssPublic...)
	if err != nil {
		return nil, err
	}
	return &cecpq2CurveParameters{privateKey: privateKey, publicKey: publicKey, hrssPrivateKey: hrssPrivateKey,}, nil
}

create (borrow it from boring and never return it back)

==>

hrss.go

find & replace

curveID != X25519

==>

curveID != X25519 && curveID != CurveCECPQ2

handle general selection of curve group for TLS1.3

==>

out of scope

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment