Test ECDH certificate with unusual KDF parameters
I've been reading through the draft with GREASE in mind, looking for extension points that might or might not be exercised.
One thing i stumbled over was the KDF parameter fields in the ECDH public key format. There are at least four different types of variation that i suspect have never been tested:
- surprising size (which doesn't match the expected version; but also note that sizes of 0 and 0xff are supposedly "reserved")
- any version number other than 1
- unusual choice of digest algorithm
- unusual choice of cipher algorithm (in particular, non-AES algorithms)
It might be nice to try to test variations of these fields across all known curves that are compatible with ECDH, both for encrypting and decrypting.