andrei/telemt
1
0
Fork 0
mirror of https://github.com/telemt/telemt.git synced 2026-06-20 02:00:09 +07:00
Code Issues Packages Projects Releases Wiki Activity

Syntactic key shares for TLS-F

Browse Source 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
This commit is contained in:
Alexey
2026-06-11 23:12:52 +03:00
parent 9ff48c2028
commit 52a1b66ad7
3 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Cargo.lock
Generated
+1 -1
View File
@@ -2938,7 +2938,7 @@ checksum = "7b2093cf4c8eb1e67749a6762251bc9cd836b6fc171623bd0a9d324d37af2417"
[[package]] [[package]]
name = "telemt" name = "telemt"
version = "3.4.16" version = "3.4.17"
dependencies = [ dependencies = [
"aes", "aes",
"anyhow", "anyhow",
Cargo.toml
+1 -1
View File
@@ -1,6 +1,6 @@
[package] [package]
name = "telemt" name = "telemt"
version = "3.4.16" version = "3.4.17"
edition = "2024" edition = "2024"
[features] [features]
src/protocol/tls.rs
+11 -6
View File
@@ -638,14 +638,19 @@ fn build_server_hello_key_share_for_group(
group: u16, group: u16,
rng: &SecureRandom, rng: &SecureRandom,
) -> Option<ServerHelloKeyShare> { ) -> Option<ServerHelloKeyShare> {
let expected_key_exchange_len = client_hello_key_share_group_len(group)?;
client_hello_key_share_group_entry(handshake, group, expected_key_exchange_len)?;
// FakeTLS clients validate ServerHello shape and digest, not TLS traffic
// secrets, so the response must mirror the offered group without binding to
// the camouflage key bytes embedded in ClientHello.
match group { match group {
TLS_NAMED_GROUP_X25519MLKEM768 => { TLS_NAMED_GROUP_X25519MLKEM768 => Some(ServerHelloKeyShare::new(
let key_exchange = build_x25519mlkem768_server_key_share(handshake, rng)?; group,
Some(ServerHelloKeyShare::new(group, key_exchange)) gen_fake_x25519mlkem768_server_key_share(rng),
} )),
TLS_NAMED_GROUP_X25519 => { TLS_NAMED_GROUP_X25519 => {
let key_exchange = build_x25519_server_key_share(handshake, rng)?; Some(ServerHelloKeyShare::new(group, gen_fake_x25519_key(rng).to_vec()))
Some(ServerHelloKeyShare::new(group, key_exchange))
} }
_ => None, _ => None,
} }