Skip to content

Commit b8c41e9

Browse files
nihiloidmingyech
nihiloid
authored and
mingyech
committed
feat: enhanced generateRandomizedSpec() with randomized keyShare and curveIDs
1 parent 5490d70 commit b8c41e9

File tree

2 files changed

+14
-5
lines changed

2 files changed

+14
-5
lines changed

u_common.go

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -684,6 +684,7 @@ type Weights struct {
684684
Extensions_Append_Reneg float64
685685
Extensions_Append_EMS float64
686686
FirstKeyShare_Set_CurveP256 float64
687+
KeyShare_Append_RandomGroups float64
687688
Extensions_Append_ALPS float64
688689
}
689690

@@ -704,7 +705,8 @@ var DefaultWeights = Weights{
704705
Extensions_Append_SCT: 0.46,
705706
Extensions_Append_Reneg: 0.75,
706707
Extensions_Append_EMS: 0.77,
707-
FirstKeyShare_Set_CurveP256: 0.25,
708+
FirstKeyShare_Set_CurveP256: 0.00, // legacy setting
709+
KeyShare_Append_RandomGroups: 0.50,
708710
Extensions_Append_ALPS: 0.33,
709711
}
710712

u_parrots.go

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -3053,6 +3053,9 @@ func generateRandomizedSpec(
30533053
points := SupportedPointsExtension{SupportedPoints: []byte{pointFormatUncompressed}}
30543054

30553055
curveIDs := []CurveID{}
3056+
if r.FlipWeightedCoin(id.Weights.CurveIDs_Append_X25519) && p.TLSVersMax == VersionTLS13 {
3057+
curveIDs = append(curveIDs, X25519MLKEM768)
3058+
}
30563059
if r.FlipWeightedCoin(id.Weights.CurveIDs_Append_X25519) || p.TLSVersMax == VersionTLS13 {
30573060
curveIDs = append(curveIDs, X25519)
30583061
}
@@ -3104,11 +3107,15 @@ func generateRandomizedSpec(
31043107
ks := KeyShareExtension{[]KeyShare{
31053108
{Group: X25519}, // the key for the group will be generated later
31063109
}}
3107-
if r.FlipWeightedCoin(id.Weights.FirstKeyShare_Set_CurveP256) {
3108-
// do not ADD second keyShare because crypto/tls does not support multiple ecdheParams
3109-
// TODO: add it back when they implement multiple keyShares, or implement it oursevles
3110-
// ks.KeyShares = append(ks.KeyShares, KeyShare{Group: CurveP256})
3110+
if r.FlipWeightedCoin(id.Weights.FirstKeyShare_Set_CurveP256) { // legacy setting, not used by default
31113111
ks.KeyShares[0].Group = CurveP256
3112+
} else {
3113+
if r.FlipWeightedCoin(id.Weights.KeyShare_Append_RandomGroups) {
3114+
ks.KeyShares = append(ks.KeyShares, KeyShare{Group: CurveP256})
3115+
}
3116+
if r.FlipWeightedCoin(id.Weights.KeyShare_Append_RandomGroups) {
3117+
ks.KeyShares = append([]KeyShare{{Group: X25519MLKEM768}}, ks.KeyShares...)
3118+
}
31123119
}
31133120
pskExchangeModes := PSKKeyExchangeModesExtension{[]uint8{pskModeDHE}}
31143121
supportedVersionsExt := SupportedVersionsExtension{

0 commit comments

Comments
 (0)