Remove dependency on cloudflare circl

auth.go

@@ -15,9 +15,6 @@ import (
 	"fmt"
 	"hash"
 	"io"
-
-	circlPki "github.com/cloudflare/circl/pki"
-	circlSign "github.com/cloudflare/circl/sign"
 )
 
 // verifyHandshakeSignature verifies a signature against pre-hashed
@@ -58,20 +55,7 @@ func verifyHandshakeSignature(sigType uint8, pubkey crypto.PublicKey, hashFunc c
 			return err
 		}
 	default:
-		// [UTLS SECTION BEGINS]
-		// Ported from cloudflare/go
-		scheme := circlSchemeBySigType(sigType)
-		if scheme == nil {
-			return errors.New("internal error: unknown signature type")
-		}
-		pubKey, ok := pubkey.(circlSign.PublicKey)
-		if !ok {
-			return fmt.Errorf("expected a %s public key, got %T", scheme.Name(), pubkey)
-		}
-		if !scheme.Verify(pubKey, signed, sig, nil) {
-			return fmt.Errorf("%s verification failure", scheme.Name())
-		}
-		// [UTLS SECTION ENDS]
+		return errors.New("internal error: unknown signature type")
 	}
 	return nil
 }
@@ -122,18 +106,7 @@ func typeAndHashFromSignatureScheme(signatureAlgorithm SignatureScheme) (sigType
 	case Ed25519:
 		sigType = signatureEd25519
 	default:
-		// [UTLS SECTION BEGINS]
-		// Ported from cloudflare/go
-		scheme := circlPki.SchemeByTLSID(uint(signatureAlgorithm))
-		if scheme == nil {
-			return 0, 0, fmt.Errorf("unsupported signature algorithm: %v", signatureAlgorithm)
-		}
-		sigType = sigTypeByCirclScheme(scheme)
-		if sigType == 0 {
-			return 0, 0, fmt.Errorf("circl scheme %s not supported",
-				scheme.Name())
-		}
-		// [UTLS SECTION ENDS]
+		return 0, 0, fmt.Errorf("unsupported signature algorithm: %v", signatureAlgorithm)
 	}
 	switch signatureAlgorithm {
 	case PKCS1WithSHA1, ECDSAWithSHA1:
@@ -147,14 +120,7 @@ func typeAndHashFromSignatureScheme(signatureAlgorithm SignatureScheme) (sigType
 	case Ed25519:
 		hash = directSigning
 	default:
-		// [UTLS SECTION BEGINS]
-		// Ported from cloudflare/go
-		scheme := circlPki.SchemeByTLSID(uint(signatureAlgorithm))
-		if scheme == nil {
-			return 0, 0, fmt.Errorf("unsupported signature algorithm: %v", signatureAlgorithm)
-		}
-		hash = directSigning
-		// [UTLS SECTION ENDS]
+		return 0, 0, fmt.Errorf("unsupported signature algorithm: %v", signatureAlgorithm)
 	}
 	return sigType, hash, nil
 }
@@ -174,11 +140,6 @@ func legacyTypeAndHashFromPublicKey(pub crypto.PublicKey) (sigType uint8, hash c
 		// full signature, and not even OpenSSL bothers with the
 		// complexity, so we can't even test it properly.
 		return 0, 0, fmt.Errorf("tls: Ed25519 public keys are not supported before TLS 1.2")
-	// [UTLS SECTION BEGINS]
-	// Ported from cloudflare/go
-	case circlSign.PublicKey:
-		return 0, 0, fmt.Errorf("tls: circl public keys are not supported before TLS 1.2")
-	// [UTLS SECTION ENDS]
 	default:
 		return 0, 0, fmt.Errorf("tls: unsupported public key: %T", pub)
 	}
@@ -249,16 +210,6 @@ func signatureSchemesForCertificate(version uint16, cert *Certificate) []Signatu
 		}
 	case ed25519.PublicKey:
 		sigAlgs = []SignatureScheme{Ed25519}
-	// [UTLS SECTION BEGINS]
-	// Ported from cloudflare/go
-	case circlSign.PublicKey:
-		scheme := pub.Scheme()
-		tlsScheme, ok := scheme.(circlPki.TLSScheme)
-		if !ok {
-			return nil
-		}
-		sigAlgs = []SignatureScheme{SignatureScheme(tlsScheme.TLSIdentifier())}
-	// [UTLS SECTION ENDS]
 	default:
 		return nil
 	}

auth_test.go

@@ -8,7 +8,6 @@ import (
 	"crypto"
 	"testing"
 
-	circlPki "github.com/cloudflare/circl/pki"
 	"github.com/refraction-networking/utls/internal/fips140tls"
 )
 
@@ -169,7 +168,7 @@ func TestSupportedSignatureAlgorithms(t *testing.T) {
 		if sigType == 0 {
 			t.Errorf("%v: missing signature type", sigAlg)
 		}
-		if hash == 0 && sigAlg != Ed25519 && circlPki.SchemeByTLSID(uint(sigAlg)) == nil { // [UTLS] ported from cloudflare/go
+		if hash == 0 && sigAlg != Ed25519 {
 			t.Errorf("%v: missing hash", sigAlg)
 		}
 	}

common.go

@@ -316,11 +316,6 @@ type ConnectionState struct {
 	// testingOnlyCurveID is the selected CurveID, or zero if an RSA exchanges
 	// is performed.
 	testingOnlyCurveID CurveID
-
-	// ECHRetryConfigs contains the ECH retry configurations sent by the server in
-	// EncryptedExtensions message. It is only populated if the server sent the
-	// ech extension in EncryptedExtensions message.
-	ECHRetryConfigs []ECHConfig // [uTLS]
 }
 
 // ExportKeyingMaterial returns length bytes of exported key material in a new
@@ -919,17 +914,6 @@ type Config struct {
 	// autoSessionTicketKeys is like sessionTicketKeys but is owned by the
 	// auto-rotation logic. See Config.ticketKeys.
 	autoSessionTicketKeys []ticketKey
-
-	// ECHConfigs contains the ECH configurations to be used by the ECH
-	// extension if any.
-	// It could either be distributed by the server in EncryptedExtensions
-	// message or out-of-band.
-	//
-	// If ECHConfigs is nil and an ECH extension is present, GREASEd ECH
-	// extension will be sent.
-	//
-	// If GREASE ECH extension is present, this field will be ignored.
-	ECHConfigs []ECHConfig // [uTLS]
 }
 
 // EncryptedClientHelloKey holds a private key that is associated
@@ -1036,7 +1020,6 @@ func (c *Config) Clone() *Config {
 		autoSessionTicketKeys:               c.autoSessionTicketKeys,
 
 		PreferSkipResumptionOnNilExtension: c.PreferSkipResumptionOnNilExtension, // [UTLS]
-		ECHConfigs:                         c.ECHConfigs,                         // [uTLS]
 	}
 }
 

generate_cert.go

@@ -25,9 +25,6 @@ import (
 	"os"
 	"strings"
 	"time"
-
-	circlSign "github.com/cloudflare/circl/sign"
-	circlSchemes "github.com/cloudflare/circl/sign/schemes"
 )
 
 var (
@@ -38,7 +35,6 @@ var (
 	rsaBits    = flag.Int("rsa-bits", 2048, "Size of RSA key to generate. Ignored if --ecdsa-curve is set")
 	ecdsaCurve = flag.String("ecdsa-curve", "", "ECDSA curve to use to generate a key. Valid values are P224, P256 (recommended), P384, P521")
 	ed25519Key = flag.Bool("ed25519", false, "Generate an Ed25519 key")
-	circlKey   = flag.String("circl", "", "Generate a key supported by Circl") // [UTLS] ported from cloudflare/go
 )
 
 func publicKey(priv any) any {
@@ -49,11 +45,6 @@ func publicKey(priv any) any {
 		return &k.PublicKey
 	case ed25519.PrivateKey:
 		return k.Public().(ed25519.PublicKey)
-	// [UTLS SECTION BEGINS]
-	// Ported from cloudflare/go
-	case circlSign.PrivateKey:
-		return k.Public()
-	// [UTLS SECTION ENDS]
 	default:
 		return nil
 	}
@@ -72,15 +63,6 @@ func main() {
 	case "":
 		if *ed25519Key {
 			_, priv, err = ed25519.GenerateKey(rand.Reader)
-			// [UTLS SECTION BEGINS]
-			// Ported from cloudflare/go
-		} else if *circlKey != "" {
-			scheme := circlSchemes.ByName(*circlKey)
-			if scheme == nil {
-				log.Fatalf("No such Circl scheme: %s", *circlKey)
-			}
-			_, priv, err = scheme.GenerateKey()
-			// [UTLS SECTION ENDS]
 		} else {
 			priv, err = rsa.GenerateKey(rand.Reader, *rsaBits)
 		}

go.mod

@@ -9,7 +9,6 @@ retract (
 
 require (
 	github.com/andybalholm/brotli v1.0.6
-	github.com/cloudflare/circl v1.5.0
 	github.com/klauspost/compress v1.17.4
 	golang.org/x/crypto v0.36.0
 	golang.org/x/net v0.38.0

go.sum

@@ -1,7 +1,5 @@
 github.com/andybalholm/brotli v1.0.6 h1:Yf9fFpf49Zrxb9NlQaluyE92/+X7UVHlhMNJN2sxfOI=
 github.com/andybalholm/brotli v1.0.6/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
-github.com/cloudflare/circl v1.5.0 h1:hxIWksrX6XN5a1L2TI/h53AGPhNHoUBo+TD1ms9+pys=
-github.com/cloudflare/circl v1.5.0/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
 github.com/klauspost/compress v1.17.4 h1:Ej5ixsIri7BrIjBkRZLTo6ghwrEtHFk7ijlczPW4fZ4=
 github.com/klauspost/compress v1.17.4/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM=
 golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=

handshake_client.go

@@ -27,8 +27,6 @@ import (
 	"github.com/refraction-networking/utls/internal/fips140tls"
 	"github.com/refraction-networking/utls/internal/hpke"
 	"github.com/refraction-networking/utls/internal/tls13"
-
-	circlSign "github.com/cloudflare/circl/sign"
 )
 
 type clientHandshakeState struct {
@@ -1220,7 +1218,7 @@ func (c *Conn) verifyServerCertificate(certificates [][]byte) error {
 	}
 
 	switch certs[0].PublicKey.(type) {
-	case *rsa.PublicKey, *ecdsa.PublicKey, ed25519.PublicKey, circlSign.PublicKey: // [UTLS] ported from cloudflare/go
+	case *rsa.PublicKey, *ecdsa.PublicKey, ed25519.PublicKey:
 		break
 	default:
 		c.sendAlert(alertUnsupportedCertificate)

handshake_client_tls13.go

@@ -850,7 +850,7 @@ func (hs *clientHandshakeStateTLS13) readServerCertificate() error {
 	}
 
 	// See RFC 8446, Section 4.4.3.
-	if !isSupportedSignatureAlgorithm(certVerify.signatureAlgorithm, c.config.supportedSignatureAlgorithms()) { // [UTLS] ported from cloudflare/go
+	if !isSupportedSignatureAlgorithm(certVerify.signatureAlgorithm, supportedSignatureAlgorithms()) {
 		c.sendAlert(alertIllegalParameter)
 		return errors.New("tls: certificate used with invalid signature algorithm")
 	}

handshake_server.go

@@ -19,8 +19,6 @@ import (
 	"time"
 
 	"github.com/refraction-networking/utls/internal/byteorder"
-
-	circlSign "github.com/cloudflare/circl/sign"
 )
 
 // serverHandshakeState contains details of a server handshake in progress.
@@ -643,7 +641,7 @@ func (hs *serverHandshakeState) doFullHandshake() error {
 		}
 		if c.vers >= VersionTLS12 {
 			certReq.hasSignatureAlgorithm = true
-			certReq.supportedSignatureAlgorithms = c.config.supportedSignatureAlgorithms() // [UTLS] ported from cloudflare/go
+			certReq.supportedSignatureAlgorithms = supportedSignatureAlgorithms()
 		}
 
 		// An empty list of certificateAuthorities signals to
@@ -972,7 +970,7 @@ func (c *Conn) processCertsFromClient(certificate Certificate) error {
 
 	if len(certs) > 0 {
 		switch certs[0].PublicKey.(type) {
-		case *ecdsa.PublicKey, *rsa.PublicKey, ed25519.PublicKey, circlSign.PublicKey: // [UTLS] ported from cloudflare/go
+		case *ecdsa.PublicKey, *rsa.PublicKey, ed25519.PublicKey:
 		default:
 			c.sendAlert(alertUnsupportedCertificate)
 			return fmt.Errorf("tls: client certificate contains an unsupported public key of type %T", certs[0].PublicKey)

handshake_server_tls13.go

@@ -833,7 +833,7 @@ func (hs *serverHandshakeStateTLS13) sendServerCertificate() error {
 		certReq := new(certificateRequestMsgTLS13)
 		certReq.ocspStapling = true
 		certReq.scts = true
-		certReq.supportedSignatureAlgorithms = c.config.supportedSignatureAlgorithms() // [UTLS] ported from cloudflare/go
+		certReq.supportedSignatureAlgorithms = supportedSignatureAlgorithms()
 		if c.config.ClientCAs != nil {
 			certReq.certificateAuthorities = c.config.ClientCAs.Subjects()
 		}
@@ -1089,7 +1089,7 @@ func (hs *serverHandshakeStateTLS13) readClientCertificate() error {
 		}
 
 		// See RFC 8446, Section 4.4.3.
-		if !isSupportedSignatureAlgorithm(certVerify.signatureAlgorithm, c.config.supportedSignatureAlgorithms()) { // [UTLS] ported from cloudflare/go
+		if !isSupportedSignatureAlgorithm(certVerify.signatureAlgorithm, supportedSignatureAlgorithms()) {
 			c.sendAlert(alertIllegalParameter)
 			return errors.New("tls: client certificate used with invalid signature algorithm")
 		}

key_agreement.go

@@ -130,7 +130,7 @@ func md5SHA1Hash(slices [][]byte) []byte {
 // the sigType (for earlier TLS versions). For Ed25519 signatures, which don't
 // do pre-hashing, it returns the concatenation of the slices.
 func hashForServerKeyExchange(sigType uint8, hashFunc crypto.Hash, version uint16, slices ...[]byte) []byte {
-	if sigType == signatureEd25519 || circlSchemeBySigType(sigType) != nil { // [UTLS] ported from cloudflare/go
+	if sigType == signatureEd25519 {
 		var signed []byte
 		for _, slice := range slices {
 			signed = append(signed, slice...)

prf.go

@@ -225,11 +225,11 @@ func (h finishedHash) serverSum(masterSecret []byte) []byte {
 // hashForClientCertificate returns the handshake messages so far, pre-hashed if
 // necessary, suitable for signing by a TLS client certificate.
 func (h finishedHash) hashForClientCertificate(sigType uint8, hashAlg crypto.Hash) []byte {
-	if (h.version >= VersionTLS12 || sigType == signatureEd25519 || circlSchemeBySigType(sigType) != nil) && h.buffer == nil { // [UTLS] ported from cloudflare/go
+	if (h.version >= VersionTLS12 || sigType == signatureEd25519) && h.buffer == nil {
 		panic("tls: handshake hash for a client certificate requested after discarding the handshake buffer")
 	}
 
-	if sigType == signatureEd25519 || circlSchemeBySigType(sigType) != nil { // [UTLS] ported from cloudflare/go
+	if sigType == signatureEd25519 {
 		return h.buffer
 	}
 

tls.go

@@ -25,8 +25,6 @@ import (
 	"net"
 	"os"
 	"strings"
-
-	circlSign "github.com/cloudflare/circl/sign"
 )
 
 // Server returns a new TLS server side connection
@@ -345,20 +343,6 @@ func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (Certificate, error) {
 		if !bytes.Equal(priv.Public().(ed25519.PublicKey), pub) {
 			return fail(errors.New("tls: private key does not match public key"))
 		}
-	// [UTLS SECTION BEGINS]
-	// Ported from cloudflare/go
-	case circlSign.PublicKey:
-		priv, ok := cert.PrivateKey.(circlSign.PrivateKey)
-		if !ok {
-			return fail(errors.New("tls: private key type does not match public key type"))
-		}
-		pkBytes, err := priv.Public().(circlSign.PublicKey).MarshalBinary()
-		pkBytes2, err2 := pub.MarshalBinary()
-
-		if err != nil || err2 != nil || !bytes.Equal(pkBytes, pkBytes2) {
-			return fail(errors.New("tls: private key does not match public key"))
-		}
-	// [UTLS SECTION ENDS]
 	default:
 		return fail(errors.New("tls: unknown public key algorithm"))
 	}
@@ -375,7 +359,7 @@ func parsePrivateKey(der []byte) (crypto.PrivateKey, error) {
 	}
 	if key, err := x509.ParsePKCS8PrivateKey(der); err == nil {
 		switch key := key.(type) {
-		case *rsa.PrivateKey, *ecdsa.PrivateKey, ed25519.PrivateKey, circlSign.PrivateKey: // [uTLS] ported from cloudflare/go
+		case *rsa.PrivateKey, *ecdsa.PrivateKey, ed25519.PrivateKey:
 			return key, nil
 		default:
 			return nil, errors.New("tls: found unknown private key type in PKCS#8 wrapping")