Add post-quantum experiment signal extension.
When testing HRSS-SXY and SIKE, we also want a control group. However,
how are clients to indicate that they're part of the 1/3 of the
experiment population that's not advertising CECPQ? And how are servers
to indicate that they would have negotiated CECPQ2 / 2b if only the
client had asked?
This change adds a temporary signaling extension to solve these issues.
Change-Id: Ic087a09149ef10141568b734396981ae97950a9b
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/36725
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/ssl/internal.h b/ssl/internal.h
index bc17af9..2598058 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -2254,6 +2254,10 @@
// token_binding_negotiated is set if Token Binding was negotiated.
bool token_binding_negotiated : 1;
+ // pq_experimental_signal_seen is true if the peer was observed
+ // sending/echoing the post-quantum experiment signal.
+ bool pq_experiment_signal_seen : 1;
+
// hs_buf is the buffer of handshake data to process.
UniquePtr<BUF_MEM> hs_buf;
@@ -2584,6 +2588,11 @@
// jdk11_workaround is whether to disable TLS 1.3 for JDK 11 clients, as a
// workaround for https://bugs.openjdk.java.net/browse/JDK-8211806.
bool jdk11_workaround : 1;
+
+ // pq_experiment_signal indicates that an empty extension should be sent
+ // (for clients) or echoed (for servers) to indicate participation in an
+ // experiment of post-quantum key exchanges.
+ bool pq_experiment_signal : 1;
};
// From RFC 8446, used in determining PSK modes.
