Issue 6775043: code review 6775043: crypto/tls: add support for ECDH ECDSA

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Issue 6775043: code review 6775043: crypto/tls: add support for ECDH ECDSA

Can't Edit
Can't Publish+Mail
Start Review

Created:
11 years, 5 months ago by jsing

Modified:
11 years, 4 months ago

Reviewers:
agl1

CC:
golang-dev

Visibility:
Public.

Description

crypto/tls: add support for ECDH ECDSA Add support for ECDH ECDSA (RFC4492). ECDH ECDSA implements a TLS key agreement where the client generates an ephemeral EC public/private key pair and signs it. The pre-master secret is then calculated using ECDH. Alternatively a fixed client EC public/private key pair can be used.

Patch Set 1 : diff -r d9896259d8e5 https://go.googlecode.com/hg/ #

Patch Set 2 : diff -r f440e65f93fe https://go.googlecode.com/hg/ #

Patch Set 3 : diff -r f2755950769b https://go.googlecode.com/hg/ #

Patch Set 4 : diff -r 107e46216b58 https://go.googlecode.com/hg/ #

Patch Set 5 : diff -r 107e46216b58 https://go.googlecode.com/hg/ #

Patch Set 6 : diff -r ffd1e075c260 https://go.googlecode.com/hg/ #

Patch Set 7 : diff -r ffd1e075c260 https://go.googlecode.com/hg/ #

Total comments: 4

Created: 11 years, 4 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+1002 lines, -52 lines)			Patch
M	src/pkg/crypto/crypto.go	View	1 2 3 4	1 chunk	+3 lines, -0 lines	0 comments	Download
M	src/pkg/crypto/tls/cipher_suites.go	View		3 chunks	+20 lines, -8 lines	1 comment	Download
M	src/pkg/crypto/tls/common.go	View	1	2 chunks	+7 lines, -1 line	2 comments	Download
M	src/pkg/crypto/tls/handshake_client.go	View	1 2 3 4 5 6	7 chunks	+39 lines, -11 lines	1 comment	Download
M	src/pkg/crypto/tls/handshake_client_test.go	View	1 2 3	4 chunks	+197 lines, -6 lines	0 comments	Download
M	src/pkg/crypto/tls/handshake_server.go	View	1 2 3 4 5 6	7 chunks	+43 lines, -8 lines	0 comments	Download
M	src/pkg/crypto/tls/handshake_server_test.go	View	1 2 3	16 chunks	+602 lines, -17 lines	0 comments	Download
M	src/pkg/crypto/tls/key_agreement.go	View	1 2 3	3 chunks	+91 lines, -1 line	0 comments	Download

Messages

Total messages: 2

Expand All Messages | Collapse All Messages

jsing

Hello agl@golang.org (cc: golang-dev@googlegroups.com), I'd like you to review this change to https://go.googlecode.com/hg/

11 years, 4 months ago (2012-11-24 16:14:42 UTC) #1

agl1

11 years, 4 months ago (2012-11-26 15:33:06 UTC) #2

I stopped the review at this point.

Fixed ECDH is a very obscure corner of TLS that very little supports.
Client-auth with fixed ECDH is basically unheard of.

I'm hesitant that we want the cost of code this odd. Are you sure that you don't
want ECDHE_ECDSA?

https://codereview.appspot.com/6775043/diff/17001/src/pkg/crypto/tls/cipher_s...
File src/pkg/crypto/tls/cipher_suites.go (right):

https://codereview.appspot.com/6775043/diff/17001/src/pkg/crypto/tls/cipher_s...
src/pkg/crypto/tls/cipher_suites.go:59: {TLS_ECDH_ECDSA_WITH_RC4_128_SHA, 16,
20, 0, ecdhECDSAKA, true, cipherRC4, macSHA1},
ECDH_ECDSA, not ECDHE_ECDSA? That's a very obscure ciphersuite and probably not
what you wanted.

https://codereview.appspot.com/6775043/diff/17001/src/pkg/crypto/tls/common.go
File src/pkg/crypto/tls/common.go (right):

https://codereview.appspot.com/6775043/diff/17001/src/pkg/crypto/tls/common.g...
src/pkg/crypto/tls/common.go:99: certTypeRSAFixedECDH   = 65 // A certificate
containing an ECDH-capable public key, signed with RSA.
"A certificate containing an ECDH public value, signed with RSA"

https://codereview.appspot.com/6775043/diff/17001/src/pkg/crypto/tls/common.g...
src/pkg/crypto/tls/common.go:100: certTypeECDSAFixedECDH = 66 // A certificate
containing an ECDH-capable public key, signed with ECDSA.
ditto, but with ECDSA of course.

https://codereview.appspot.com/6775043/diff/17001/src/pkg/crypto/tls/handshak...
File src/pkg/crypto/tls/handshake_client.go (right):

https://codereview.appspot.com/6775043/diff/17001/src/pkg/crypto/tls/handshak...
src/pkg/crypto/tls/handshake_client.go:199: case certTypeECDSAFixedECDH:
client auth with fixed ECDH is even more obscure than fixed ECDH server-side!

Expand All Messages | Collapse All Messages