bug: configuration for GREASE ECH parrot for Chrome 120 doesn't match BoringSSL

I have read the part of code in BoringSSL which is for GREASE ECH, as BoringSSL is used by Chrome for it's TLS.   

## Candidate Cipher Suites
BoringSSL only selects AEAD between `AEAD_AES_128_GCM` and `AEAD_CHACHA20_POLY1305` based on hardware support according to code below.     
```cc
  const EVP_HPKE_AEAD *aead =
      has_aes_hw ? EVP_hpke_aes_128_gcm() : EVP_hpke_chacha20_poly1305();
```
https://github.com/google/boringssl/blob/8cacbd93b8788cfb46f6a4d7e11b99c29b3752bd/ssl/encrypted_client_hello.cc#L724

I'm wondering about why utls parrot also candidates `AEAD_AES_256_GCM`. Is this an oversight or something I didn't notice?
```go
{
    KdfId:  dicttls.HKDF_SHA256,
    AeadId: dicttls.AEAD_AES_256_GCM,
},
```
https://github.com/refraction-networking/utls/blob/ed573b3ab42148ba62b3bbb27ef796075baf4797/u_parrots.go#L735C7-L737

## Candidate Payload Lengths
BoringSSL pads payload not only from `128, 160` but `128, 160, 192, 224` according to code below.   
```cc
  const size_t payload_len =
      32 * random_size(128 / 32, 224 / 32) + aead_overhead(aead);
```
https://github.com/google/boringssl/blob/8cacbd93b8788cfb46f6a4d7e11b99c29b3752bd/ssl/encrypted_client_hello.cc#L748

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

bug: configuration for GREASE ECH parrot for Chrome 120 doesn't match BoringSSL #270

Candidate Cipher Suites

Candidate Payload Lengths

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development