renet
/
SaiTLS
10
1
Fork 0
Code Issues 3 Pull Requests Releases Wiki Activity

poll: init

master
occheung 2020-11-23 17:16:07 +08:00
parent 47f2229feb
commit c22ff413da
11 changed files with 334 additions and 199 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Cargo.toml
View File

@ -76,6 +76,11 @@ version = "0.9.0"
default-features = false
features = []
[dependencies.managed]
version = "0.8.0"
default-features = false
features = [ "alloc" ]
[dependencies.simple_logger]
version = "1.11.0"
optional = true

29
src/buffer.rs
View File

@ -30,10 +30,6 @@ impl<'a> TlsBuffer<'a> {
}
}
pub(crate) fn get_size(&self) -> usize {
self.index.clone().into_inner()
}
pub(crate) fn write(&mut self, data: &[u8]) -> Result<()> {
let mut index = self.index.borrow_mut();
if (self.buffer.len() - *index) < data.len() {
@ -55,31 +51,6 @@ impl<'a> TlsBuffer<'a> {
Ok(())
}
pub(crate) fn read_u8(&mut self) -> Result<u8> {
let mut index = self.index.borrow_mut();
if (self.buffer.len() - *index) < 1 {
return Err(Error::Exhausted);
}
let data = self.buffer[*index];
*index += 1;
Ok(data)
}
pub(crate) fn read_all(self) -> &'a [u8] {
&self.buffer[self.index.into_inner()..]
}
pub(crate) fn read_slice(&self, length: usize) -> Result<&[u8]> {
let mut index = self.index.borrow_mut();
if (self.buffer.len() - *index) < length {
return Err(Error::Exhausted);
}
let next_index = *index + length;
let slice = &self.buffer[*index..next_index];
*index = next_index;
Ok(slice)
}
pub(crate) fn enqueue_tls_repr(&mut self, tls_repr: TlsRepr<'a>) -> Result<()> {
self.write_u8(tls_repr.content_type.into())?;
self.write_u16(tls_repr.version.into())?;

6
src/certificate.rs
View File

@ -7,7 +7,6 @@ use chrono::{DateTime, FixedOffset};
use crate::parse::parse_asn1_der_rsa_public_key;
use crate::parse::parse_rsa_ssa_pss_parameters;
use crate::parse::parse_ecdsa_signature;
use crate::parse::parse_asn1_der_oid;
use crate::Error as TlsError;
@ -19,10 +18,9 @@ use sha1::{Sha1, Digest};
use sha2::{Sha224, Sha256, Sha384, Sha512};
use rsa::{PublicKey, RSAPublicKey, PaddingScheme, BigUint, Hash};
use p256::ecdsa::signature::{Verifier, DigestVerifier};
use p256::ecdsa::signature::{Verifier};
use alloc::vec::Vec;
use heapless::{ Vec as HeaplessVec, consts::* };
use byteorder::{ByteOrder, NetworkEndian};
@ -1234,7 +1232,7 @@ fn wrap_up_verification(
// require_explicit_policy is 0, set explicit_policy_state to be 0
if let ExtensionValue::PolicyConstraints {
require_explicit_policy,
inhibit_policy_mapping
..
} = &extension.extension_value {
if require_explicit_policy.is_some() {
if require_explicit_policy.unwrap() == 0 {

2
src/fake_rng.rs
View File

@ -5,7 +5,7 @@
// Anyway, the RSAPublicKey::verify() method does NOT care about random at all :)
use rand_core::{RngCore, Error};
use byteorder::{ByteOrder, NetworkEndian, BigEndian};
use byteorder::{ByteOrder, NetworkEndian};
pub struct FakeRandom {}

33
src/lib.rs
View File

@ -11,6 +11,7 @@ pub mod session;
pub mod certificate;
pub mod fake_rng;
pub mod oid;
pub mod set;
// TODO: Implement errors
// Details: Encapsulate smoltcp & nom errors
@ -29,3 +30,35 @@ pub enum Error {
CertificatePolicyError,
CertificateVersionError,
}
impl From<smoltcp::Error> for Error {
fn from(error: smoltcp::Error) -> Self {
Self::PropagatedError(error)
}
}
pub trait TlsRng: rand_core::RngCore + rand_core::CryptoRng {}
use smoltcp as net;
use net::socket::SocketSet;
use net::iface::EthernetInterface;
use net::time::Instant;
use net::phy::Device;
use crate::tls::TlsSocket;
use crate::set::TlsSocketSet;
// One-call function for polling all sockets within socket set
pub fn poll<DeviceT>(
sockets: &mut SocketSet,
tls_sockets: &mut TlsSocketSet,
iface: &mut EthernetInterface<DeviceT>,
now: Instant
) -> Result<bool, Error>
where
DeviceT: for<'d> Device<'d>
{
tls_sockets.polled_by(sockets)?;
iface.poll(sockets, now).map_err(Error::PropagatedError)
}

196
src/main.rs
View File

@ -81,7 +81,7 @@ fn main() {
// tls_socket.tls_connect(&mut sockets).unwrap();
simple_logger::SimpleLogger::new().init().unwrap();
let (_, certificate) = parse_asn1_der_certificate(&RSA_PSS_SELF_CERT).unwrap();
// let (_, certificate) = parse_asn1_der_certificate(&RSA_PSS_SELF_CERT).unwrap();
// println!("Certificate print: {:?}", certificate);
// let modulus = [
@ -101,12 +101,10 @@ fn main() {
// certificate.validate_signature_with_trusted(&ca_public_key).unwrap();
// println!("Certificate should be trusted");
certificate.validate_self_signed_signature().unwrap();
println!("Certificate should be trusted");
// certificate.validate_self_signed_signature().unwrap();
// println!("Certificate should be trusted");
/*
let mut certificate_vec = Vec::new();
let name = parse_asn1_der_name(&SELF_SIGNED_WITH_SAN_ISSUER).unwrap().1;
let public_key = certificate.get_cert_public_key().unwrap();
@ -154,18 +152,18 @@ fn main() {
excluded_name
).unwrap();
*/
let google_end_entity_certificate = parse_asn1_der_certificate(
&GOOGLE_END_ENTITY_CERT
).unwrap().1;
// let google_end_entity_certificate = parse_asn1_der_certificate(
// &GOOGLE_END_ENTITY_CERT
// ).unwrap().1;
let google_root_ca_certificate = parse_asn1_der_certificate(
&GOOGLE_ROOT_CERT
).unwrap().1;
// let google_root_ca_certificate = parse_asn1_der_certificate(
// &GOOGLE_ROOT_CERT
// ).unwrap().1;
google_end_entity_certificate.validate_signature_with_trusted(
&google_root_ca_certificate.get_cert_public_key().unwrap()
).unwrap();
log::info!("End entity certificate verified");
// google_end_entity_certificate.validate_signature_with_trusted(
// &google_root_ca_certificate.get_cert_public_key().unwrap()
// ).unwrap();
// log::info!("End entity certificate verified");
// google_root_ca_certificate.validate_self_signed_signature().unwrap();
// log::info!("root certificate verified");
@ -192,47 +190,73 @@ fn main() {
// excluded_name
// ).unwrap();
use rand_core::{RngCore, OsRng};
use rsa::PublicKey;
use rsa::BigUint;
use smoltcp_tls::fake_rng::FakeRandom;
// use rand_core::{RngCore, OsRng};
// use rsa::PublicKey;
// use rsa::BigUint;
// use smoltcp_tls::fake_rng::FakeRandom;
let mut prime_vec = std::vec::Vec::new();
prime_vec.extend_from_slice(&[
BigUint::from_bytes_be(&CLIENT_PRIME_1),
BigUint::from_bytes_be(&CLIENT_PRIME_2)
]);
let rsa_client_private_key = rsa::RSAPrivateKey::from_components(
BigUint::from_bytes_be(&CLIENT_PRIVATE_KEY_MOD),
BigUint::from_bytes_be(&CLIENT_PRIVATE_KEY_EXP),
BigUint::from_bytes_be(&CLIENT_PRIVATE_KEY_PMOD),
prime_vec
// let mut prime_vec = std::vec::Vec::new();
// prime_vec.extend_from_slice(&[
// BigUint::from_bytes_be(&CLIENT_PRIME_1),
// BigUint::from_bytes_be(&CLIENT_PRIME_2)
// ]);
// let rsa_client_private_key = rsa::RSAPrivateKey::from_components(
// BigUint::from_bytes_be(&CLIENT_PRIVATE_KEY_MOD),
// BigUint::from_bytes_be(&CLIENT_PRIVATE_KEY_EXP),
// BigUint::from_bytes_be(&CLIENT_PRIVATE_KEY_PMOD),
// prime_vec
// );
// let public_key_from_conversion = rsa_client_private_key.to_public_key();
// let rsa_client_public_key =
// rsa::RSAPublicKey::from_pkcs1(&CLIENT_PUBLIC_KEY).unwrap();
// println!("Public key from conversion: {:?}", public_key_from_conversion);
// println!("Public key from certificate: {:?}", rsa_client_public_key);
// println!("Public key are the same: {:?}",
// public_key_from_conversion == rsa_client_public_key);
// let checked_hash = sha2::Sha256::new()
// .chain(&[0x20; 64])
// .chain("TLS 1.3, client CertificateVerify")
// .chain(&[0])
// .chain(&CLIENT_TRANSCRIPT_HASH)
// .finalize();
// let padding = rsa::PaddingScheme::new_pss_with_salt::<sha2::Sha256, OsRng>(OsRng, 32);
// let sign = rsa_client_private_key.sign(padding, &checked_hash).unwrap();
// println!("Signature with salt: {:X?}", sign);
// let padding = rsa::PaddingScheme::new_pss_with_salt::<sha2::Sha256, OsRng>(OsRng, 222);
// rsa_client_public_key.verify(padding, &checked_hash, &sign).unwrap();
// println!("Signature verified");
use ed25519_dalek::Verifier;
let ed25519_public_key = ed25519_dalek::PublicKey::from_bytes(
&ED25519_SERVER_PUBLIC_KEY
).unwrap();
let ed25519_signature = ed25519_dalek::Signature::new(
ED25519_SIGNATURE
);
let public_key_from_conversion = rsa_client_private_key.to_public_key();
let rsa_client_public_key =
rsa::RSAPublicKey::from_pkcs1(&CLIENT_PUBLIC_KEY).unwrap();
println!("Public key from conversion: {:?}", public_key_from_conversion);
println!("Public key from certificate: {:?}", rsa_client_public_key);
println!("Public key are the same: {:?}",
public_key_from_conversion == rsa_client_public_key);
let checked_hash = sha2::Sha256::new()
let mut message_vec = std::vec::Vec::new();
message_vec.extend_from_slice(&[0x20; 64]);
message_vec.extend_from_slice(b"TLS 1.3, server CertificateVerify");
message_vec.extend_from_slice(&[0]);
message_vec.extend_from_slice(&CLIENT_TRANSCRIPT_HASH);
println!("Length of verify message: {:?}", message_vec.len());
let checked_hash = sha2::Sha512::new()
.chain(&[0x20; 64])
.chain("TLS 1.3, client CertificateVerify")
.chain("TLS 1.3, server CertificateVerify")
.chain(&[0])
.chain(&CLIENT_TRANSCRIPT_HASH)
.finalize();
let padding = rsa::PaddingScheme::new_pss_with_salt::<sha2::Sha256, OsRng>(OsRng, 32);
let sign = rsa_client_private_key.sign(padding, &checked_hash).unwrap();
.chain(&CLIENT_TRANSCRIPT_HASH);
println!("Signature with salt: {:X?}", sign);
let padding = rsa::PaddingScheme::new_pss_with_salt::<sha2::Sha256, OsRng>(OsRng, 222);
rsa_client_public_key.verify(padding, &checked_hash, &sign).unwrap();
println!("Signature verified");
ed25519_public_key.verify(&message_vec, &ed25519_signature).unwrap();
ed25519_public_key.verify_prehashed(checked_hash, None, &ed25519_signature).unwrap();
}
const RSA_PSS_CERT: [u8; 0x3AB] =
@ -249,9 +273,6 @@ const RSA_PKCS_CERT: [u8; 0x03AB] =
const ECDSA_P256_CERT: [u8; 0x0219] =
hex_literal::hex!("30820215308201bba003020102021441d0428ae91b87ccb66e64cf3bdbd96ef0871630300a06082a8648ce3d0403023060310b30090603550406130255533113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c74643119301706092a864886f70d010901160a68656c6c6f776f726c64301e170d3230313130353033313932325a170d3330313130333033313932325a3060310b30090603550406130255533113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c74643119301706092a864886f70d010901160a68656c6c6f776f726c643059301306072a8648ce3d020106082a8648ce3d03010703420004d22bf2abba402fa10f6d97f941465d5966a965cc8f288bb7920e8c9e8c50607ef3a0a183916913ed9f4dfb42452fe972a2a5ac7a2f4443ef2a0012a481957d10a3533051301d0603551d0e041604147383be1d07af30366a8c3c377d048759f802e885301f0603551d230418301680147383be1d07af30366a8c3c377d048759f802e885300f0603551d130101ff040530030101ff300a06082a8648ce3d0403020348003045022100c048d13d28a811a67262d1593ea0f4af51812751632d391b7d85666fcd5e591702202b1a2db620b764ff61a7be0808069518c75d1bed60c1e9c98debfa98d7a23134");
const ED25519_CERT: [u8; 0x0187] =
hex_literal::hex!("30820183308201350214644c27b38f4bd515d9c06f72609ed50844499917300506032b65703064310b30090603550406130255533113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c7464311d301b06035504030c146578616d706c65732e756c666865696d2e6e6574301e170d3230313130353035313435365a170d3232313030363035313435365a3064310b30090603550406130255533113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c7464311d301b06035504030c146578616d706c65732e756c666865696d2e6e6574302a300506032b6570032100be9d2a3f45d7bd86a6fba8acf3dc58d1241e4272f100c81779bc43e96b779515300506032b6570034100b7017b76d0f9f6f58f7bb28de5459c127a3a539ed73997dcd42a0e0484d5768d42b5f5b0e275c99b856124b20983b2dca66dec380b15b5425f9ccf87a3dc5700");
const CA_SIGNED_CERT: [u8; 0x0356] =
hex_literal::hex!(
"308203523082023a02146048517ee55aabd1e8f2bd7db1d91e679708e644300d06092a864886f70d01010b05003067310b30090603550406130255533113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c74643120301e06035504030c176578616d706c65732e63612e756c666865696d2e6e6574301e170d3230313130363034323035305a170d3230313230363034323035305a3064310b30090603550406130255533113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c7464311d301b06035504030c146578616d706c65732e756c666865696d2e6e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100b2940671bfe7ace7416ba9d34018c229588e9d4eed8bd6623e44ab1239e8f1f0de9050b2f485a98e63f5b483330fb0b5abaeb33d11889033b0b684bf34696d28206bb361782c4b106a8d47874cbbdf971b5ab887bca508bccf250a1a811cee078464638e441941347d4c8885ac9b59d9fc9636276912b04d9e3ab29bd8ad319572ae54f0b6145c4d675a78607dcc4793a4d432f1c2a41ea29dd4f7262b6fe472dfaea51aca992b4624e73fa9901fa364fc5b721052ef3187e659d58d2706770d365380a7ebab6caac5b23271c01531fdf95368ee48af5383035f249be7c18f50ce9e52877558efe4b2e29f61328396e2a3b5e71309ad13d93d6ba3d5c3eb2b650203010001300d06092a864886f70d01010b0500038201010063c9ab0f5d2e164513e8e74b656ae4f48dd004c3ead9f1026b7741cbf02bb0efcf19e0fbf8a788dae059a2393167f016bafc0e3efd5c5b4c43079b6506eb67f17f44f9591503c7d1fdb77bf631894817393ea82610ad5106d23ec6bf1a6d96d749f05c0136cd71256617a51fe862529aee4a37d5f456dc7da8b220ff10ede4e87bc63e4589b3f81133a7f82ab900419e8a2d802d59e99cfbbd268702efd17616168b45b5211da0e644c29dcb92dbbf32b43586bbab05deb0261771605c52836363bd28ff9853d44436349f5ba11f2640bc9c42688e0d5eb6cac9f3f5e5f98652fa4f4ba52604371ec45f09d678e31d463285a4b3734f587f35a339920544f476"
@ -277,28 +298,63 @@ const GOOGLE_END_ENTITY_CERT: [u8; 0x0974] =
"3082097030820858a00302010202103c8415c8e1e38e7702000000007fd492300d06092a864886f70d01010b05003042310b3009060355040613025553311e301c060355040a1315476f6f676c65205472757374205365727669636573311330110603550403130a47545320434120314f31301e170d3230313032383136313833365a170d3231303132303136313833365a3066310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731133011060355040a130a476f6f676c65204c4c433115301306035504030c0c2a2e676f6f676c652e636f6d3059301306072a8648ce3d020106082a8648ce3d03010703420004928f17ebaacb747f1c091d80bab6397cefca2ceed75053a05a196074295add702ed9298d45937515d53026c4ae3bdede339607b42b7525ad2713f1eb455208a6a382070730820703300e0603551d0f0101ff04040302078030130603551d25040c300a06082b06010505070301300c0603551d130101ff04023000301d0603551d0e04160414c2f35a502b0f66ccd7cf4ce9f687b6203f0d3b7c301f0603551d2304183016801498d1f86e10ebcf9bec609f18901ba0eb7d09fd2b306806082b06010505070101045c305a302b06082b06010505073001861f687474703a2f2f6f6373702e706b692e676f6f672f677473316f31636f7265302b06082b06010505073002861f687474703a2f2f706b692e676f6f672f677372322f475453314f312e637274308204c20603551d11048204b9308204b5820c2a2e676f6f676c652e636f6d820d2a2e616e64726f69642e636f6d82162a2e617070656e67696e652e676f6f676c652e636f6d82092a2e62646e2e64657682122a2e636c6f75642e676f6f676c652e636f6d82182a2e63726f7764736f757263652e676f6f676c652e636f6d82182a2e64617461636f6d707574652e676f6f676c652e636f6d82062a2e672e636f820e2a2e6763702e677674322e636f6d82112a2e67637063646e2e677674312e636f6d820a2a2e67677068742e636e820e2a2e676b65636e617070732e636e82162a2e676f6f676c652d616e616c79746963732e636f6d820b2a2e676f6f676c652e6361820b2a2e676f6f676c652e636c820e2a2e676f6f676c652e636f2e696e820e2a2e676f6f676c652e636f2e6a70820e2a2e676f6f676c652e636f2e756b820f2a2e676f6f676c652e636f6d2e6172820f2a2e676f6f676c652e636f6d2e6175820f2a2e676f6f676c652e636f6d2e6272820f2a2e676f6f676c652e636f6d2e636f820f2a2e676f6f676c652e636f6d2e6d78820f2a2e676f6f676c652e636f6d2e7472820f2a2e676f6f676c652e636f6d2e766e820b2a2e676f6f676c652e6465820b2a2e676f6f676c652e6573820b2a2e676f6f676c652e6672820b2a2e676f6f676c652e6875820b2a2e676f6f676c652e6974820b2a2e676f6f676c652e6e6c820b2a2e676f6f676c652e706c820b2a2e676f6f676c652e707482122a2e676f6f676c656164617069732e636f6d820f2a2e676f6f676c65617069732e636e82112a2e676f6f676c65636e617070732e636e82142a2e676f6f676c65636f6d6d657263652e636f6d82112a2e676f6f676c65766964656f2e636f6d820c2a2e677374617469632e636e820d2a2e677374617469632e636f6d82122a2e67737461746963636e617070732e636e820a2a2e677674312e636f6d820a2a2e677674322e636f6d82142a2e6d65747269632e677374617469632e636f6d820c2a2e75726368696e2e636f6d82102a2e75726c2e676f6f676c652e636f6d82132a2e776561722e676b65636e617070732e636e82162a2e796f75747562652d6e6f636f6f6b69652e636f6d820d2a2e796f75747562652e636f6d82162a2e796f7574756265656475636174696f6e2e636f6d82112a2e796f75747562656b6964732e636f6d82072a2e79742e6265820b2a2e7974696d672e636f6d821a616e64726f69642e636c69656e74732e676f6f676c652e636f6d820b616e64726f69642e636f6d821b646576656c6f7065722e616e64726f69642e676f6f676c652e636e821c646576656c6f706572732e616e64726f69642e676f6f676c652e636e8204672e636f820867677068742e636e820c676b65636e617070732e636e8206676f6f2e676c8214676f6f676c652d616e616c79746963732e636f6d820a676f6f676c652e636f6d820f676f6f676c65636e617070732e636e8212676f6f676c65636f6d6d657263652e636f6d8218736f757263652e616e64726f69642e676f6f676c652e636e820a75726368696e2e636f6d820a7777772e676f6f2e676c8208796f7574752e6265820b796f75747562652e636f6d8214796f7574756265656475636174696f6e2e636f6d820f796f75747562656b6964732e636f6d820579742e626530210603551d20041a30183008060667810c010202300c060a2b06010401d67902050330330603551d1f042c302a3028a026a0248622687474703a2f2f63726c2e706b692e676f6f672f475453314f31636f72652e63726c30820104060a2b06010401d6790204020481f50481f200f0007700f65c942fd1773022145418083094568ee34d131933bfdf0c2f200bcc4ef164e3000001757037f6230000040300483046022100aac1f73dd8213ad0f7cacfb97830908dd1bf945331fde26b369992cd52731ef1022100bcaa58c50418f910ac3aab1b9f4963c86a8abe79a4ce751ad9489008ae8db433007500eec095ee8d72640f92e3c3b91bc712a3696a097b4b6a1a1438e647b2cbedc5f9000001757037f675000004030046304402203534f394062ad3c22a3ee6b4fc4515824331e758179dbc003d1b30714858e7a802206b2f82038e90b0b1497a50adfa02edabc14c72a68f29ef8beebcdeb3aa79c5f9300d06092a864886f70d01010b05000382010100483bacd4bcba6181eaae86db235942cf84c89dd91ec973525eb46a0582b6fad7ef02124c94521e5d92272a4f87f82a23804adacc08f9da02f7f9b4a25f7d3c819a215b9b8f9308b943b0cd6c9121ecb6f9bd6491c20ec8c149fd171a5c13d17cf6bf1b7cfb2031016637d0daa2ce2f419d498abfdde0eb200c0586068789cbbaea3dd6b9e9e6ba124c6c4e9bf00c5bc79df57f91b849a6a8340883b5d2e1a3b00f86b7c56b34ef740a80ebce142c4973241934a5f257b406e4d2159ae0c27a70a88e8e3036b40611234fa7ece6dff1a5ed0dbc118a361879f0f26b6497cc17b36e2750c92ac0e64db12e5a2ac4142a5ca135ef6ea90f82c20a0eb4b4ed1a31d1"
);
const CLIENT_TRANSCRIPT_HASH: [u8; 32] = [37, 135, 142, 217, 184, 116, 6, 86, 229, 163, 82, 51, 108, 168, 135, 99, 87, 101, 215, 44, 94, 5, 177, 160, 153, 125, 39, 51, 148, 67, 140, 70];
const CLIENT_TRANSCRIPT_HASH: [u8; 32] = [
5, 239, 110, 246, 212, 104, 147, 254, 10, 254, 220, 186, 72, 150, 231, 253, 175, 122, 37, 139, 210, 236, 93, 228, 182, 78, 233, 143, 251, 57, 188, 36
];
const CLIENT_PUBLIC_KEY: [u8; 0x010E] =
// const CLIENT_PUBLIC_KEY: [u8; 0x010E] =
// hex_literal::hex!(
// "3082010a0282010100c24c615adad1640c2e39e295c460f2c795370cfb21cca519f9e6baf15645ca0b256ef8f318491baab9dc7196360b393bc35320354887d6cc822cf6e9d2eacc7fecf8d8e73f0f09bf131a5919e9e9c81e2aecf06d55be1720290853d4f1086b3e103d54d2b454d7c32abce433f6115d267bba246f68847463dfd1d6be904eb18d56885565d6fcf8a60386fc73b5450777e00485ae94d22096afc458d7fbd7c469dd861cab7b914715e093c4f1cc399e5a53010c2b65d5cc3d60fccc2cc5d8b3faa5fefaab551f1de1a93a19a15be9adb3a5c96d2e525a9f696174e6e772857e536b462a61c69a87710b74172c4b318f4842e7d27f7b6e0cbf3f983e3564ab80070203010001"
// );
// const CLIENT_SIGNATURE: [u8; 256] =
// hex_literal::hex!(
// "954ced7ddc8fdccbaeb83ee9b3a26a01c37cc74bfcb82b3b181c28ae06588f763cfc491b6869b74968fd7ae017360d8eeaa5bfb69d9c0e3524f14790422f7ccbc9a609880800c5076d6383865cd47986eff4d379bf554b86963ce4bc4706262f48932fd5fa16e73149c1c960f19f5e8d1a8dc5898a9e2de5c0d79a8a0017349f379d23683eec83a07f01c3b83cb4d0f66ae0672efc9723bed0296a82046232dc533988a253bd2b109074172735bad06b98c3863033d2d11ea2d0efc7a3db52c94d2e452882e87559a0e9036768dbc380189b89323294a03ef229943be3fa17095c5a220386c695cf279bc88ff1b017897cbcb231658937eef82adb9a17479429"
// );
// const CLIENT_PRIVATE_KEY_MOD: &'static [u8] = &[
// 0x00, 0xc2, 0x4c, 0x61, 0x5a, 0xda, 0xd1, 0x64, 0x0c, 0x2e, 0x39, 0xe2, 0x95, 0xc4, 0x60, 0xf2, 0xc7, 0x95, 0x37, 0x0c, 0xfb, 0x21, 0xcc, 0xa5, 0x19, 0xf9, 0xe6, 0xba, 0xf1, 0x56, 0x45, 0xca, 0x0b, 0x25, 0x6e, 0xf8, 0xf3, 0x18, 0x49, 0x1b, 0xaa, 0xb9, 0xdc, 0x71, 0x96, 0x36, 0x0b, 0x39, 0x3b, 0xc3, 0x53, 0x20, 0x35, 0x48, 0x87, 0xd6, 0xcc, 0x82, 0x2c, 0xf6, 0xe9, 0xd2, 0xea, 0xcc, 0x7f, 0xec, 0xf8, 0xd8, 0xe7, 0x3f, 0x0f, 0x09, 0xbf, 0x13, 0x1a, 0x59, 0x19, 0xe9, 0xe9, 0xc8, 0x1e, 0x2a, 0xec, 0xf0, 0x6d, 0x55, 0xbe, 0x17, 0x20, 0x29, 0x08, 0x53, 0xd4, 0xf1, 0x08, 0x6b, 0x3e, 0x10, 0x3d, 0x54, 0xd2, 0xb4, 0x54, 0xd7, 0xc3, 0x2a, 0xbc, 0xe4, 0x33, 0xf6, 0x11, 0x5d, 0x26, 0x7b, 0xba, 0x24, 0x6f, 0x68, 0x84, 0x74, 0x63, 0xdf, 0xd1, 0xd6, 0xbe, 0x90, 0x4e, 0xb1, 0x8d, 0x56, 0x88, 0x55, 0x65, 0xd6, 0xfc, 0xf8, 0xa6, 0x03, 0x86, 0xfc, 0x73, 0xb5, 0x45, 0x07, 0x77, 0xe0, 0x04, 0x85, 0xae, 0x94, 0xd2, 0x20, 0x96, 0xaf, 0xc4, 0x58, 0xd7, 0xfb, 0xd7, 0xc4, 0x69, 0xdd, 0x86, 0x1c, 0xab, 0x7b, 0x91, 0x47, 0x15, 0xe0, 0x93, 0xc4, 0xf1, 0xcc, 0x39, 0x9e, 0x5a, 0x53, 0x01, 0x0c, 0x2b, 0x65, 0xd5, 0xcc, 0x3d, 0x60, 0xfc, 0xcc, 0x2c, 0xc5, 0xd8, 0xb3, 0xfa, 0xa5, 0xfe, 0xfa, 0xab, 0x55, 0x1f, 0x1d, 0xe1, 0xa9, 0x3a, 0x19, 0xa1, 0x5b, 0xe9, 0xad, 0xb3, 0xa5, 0xc9, 0x6d, 0x2e, 0x52, 0x5a, 0x9f, 0x69, 0x61, 0x74, 0xe6, 0xe7, 0x72, 0x85, 0x7e, 0x53, 0x6b, 0x46, 0x2a, 0x61, 0xc6, 0x9a, 0x87, 0x71, 0x0b, 0x74, 0x17, 0x2c, 0x4b, 0x31, 0x8f, 0x48, 0x42, 0xe7, 0xd2, 0x7f, 0x7b, 0x6e, 0x0c, 0xbf, 0x3f, 0x98, 0x3e, 0x35, 0x64, 0xab, 0x80, 0x07
// ];
// const CLIENT_PRIVATE_KEY_EXP: &'static [u8] = &[0x01, 0x00, 0x01];
// const CLIENT_PRIVATE_KEY_PMOD: &'static [u8] = &[
// 0x61, 0x95, 0x60, 0xf3, 0xf3, 0xa0, 0x64, 0xa2, 0x25, 0x79, 0x57, 0x0e, 0xa7, 0x21, 0x95, 0xed, 0x9d, 0x48, 0x97, 0xd1, 0x6d, 0x49, 0x4d, 0xc6, 0x7d, 0x17, 0x5f, 0xde, 0xa3, 0xd8, 0xcb, 0x3f, 0xcb, 0xde, 0x2f, 0x54, 0x50, 0x67, 0x2f, 0x69, 0x10, 0x8d, 0xe1, 0xd2, 0x72, 0x74, 0x32, 0x9b, 0x8c, 0x5f, 0x2c, 0x76, 0xf6, 0x65, 0x9b, 0x00, 0xfd, 0x84, 0x3d, 0xc2, 0x73, 0xf7, 0x0f, 0x1c, 0x54, 0xd5, 0x2a, 0x83, 0x01, 0xcd, 0xb8, 0xb4, 0x69, 0x90, 0xbb, 0x1d, 0x63, 0xb8, 0xd1, 0x94, 0x2d, 0x34, 0xf1, 0x0f, 0xc8, 0x97, 0x7f, 0x1f, 0xdc, 0xdb, 0xdc, 0xd6, 0xbe, 0xf3, 0xde, 0x80, 0xbe, 0x41, 0x3f, 0x5f, 0xcf, 0xc8, 0x28, 0xd1, 0x51, 0x9e, 0xaa, 0xf2, 0x59, 0xec, 0xa0, 0x9f, 0x1a, 0x57, 0x03, 0xc3, 0x9c, 0x77, 0xa1, 0xc9, 0x23, 0x79, 0x4d, 0x64, 0x4a, 0x2f, 0xeb, 0xc5, 0xd3, 0x38, 0x2c, 0x6d, 0xf6, 0xa6, 0xa9, 0xe7, 0x0a, 0x79, 0x05, 0xfa, 0x2a, 0x85, 0xc5, 0x9d, 0xf4, 0x91, 0xef, 0x34, 0xad, 0xb5, 0x64, 0xc5, 0x75, 0x8a, 0x36, 0x8f, 0x95, 0x25, 0xe9, 0x71, 0x0d, 0xa8, 0xe1, 0xea, 0xc3, 0xb4, 0xaa, 0xe7, 0x54, 0x54, 0xef, 0x72, 0x12, 0xa5, 0x14, 0x27, 0xec, 0x70, 0x12, 0x14, 0xdf, 0x65, 0xb3, 0xf5, 0xbc, 0x91, 0xe1, 0x36, 0x31, 0x1a, 0xdf, 0x7d, 0x58, 0x05, 0xb6, 0xe3, 0x48, 0xf2, 0x42, 0x89, 0x25, 0x29, 0x42, 0x0b, 0x5d, 0x8d, 0x0b, 0x76, 0x28, 0x0f, 0xaf, 0x56, 0x22, 0x94, 0x12, 0x8f, 0x76, 0x91, 0x49, 0xa6, 0xa4, 0xe3, 0x54, 0x17, 0x9e, 0xeb, 0xa6, 0x1b, 0xe5, 0x97, 0xde, 0x4e, 0x29, 0x8d, 0x7d, 0x5c, 0x18, 0x34, 0x29, 0x21, 0xd2, 0x7d, 0x14, 0x0b, 0xa1, 0x49, 0xb5, 0xe0, 0xc6, 0x30, 0x31, 0x80, 0xdc, 0x6a, 0x59, 0xb9
// ];
// const CLIENT_PRIME_1: &'static [u8] = &[
// 0x00, 0xec, 0xe1, 0x6f, 0x5d, 0x7a, 0xed, 0x7b, 0x1a, 0xac, 0xce, 0x02, 0x91, 0xb4, 0x07, 0xcf, 0xc4, 0x2b, 0xcf, 0x2a, 0x37, 0x59, 0x43, 0x46, 0x1a, 0x55, 0xc2, 0x13, 0x89, 0x3c, 0xd5, 0xd6, 0xef, 0xed, 0x12, 0x9f, 0xc3, 0x36, 0x95, 0xd2, 0x6e, 0xf7, 0xca, 0x62, 0x9c, 0x71, 0x3d, 0x78, 0x3a, 0x4c, 0xe2, 0x5d, 0x07, 0x6e, 0x67, 0x53, 0xc3, 0xe7, 0x02, 0x58, 0x34, 0x25, 0xab, 0x67, 0xd4, 0x35, 0x92, 0x26, 0x4a, 0x3f, 0x1b, 0xc4, 0x43, 0xcd, 0x71, 0x3a, 0x8f, 0x9a, 0x2e, 0x44, 0xf6, 0x5a, 0x40, 0xf8, 0x32, 0x11, 0x39, 0xd4, 0x31, 0x35, 0xa1, 0xd7, 0x2d, 0x5d, 0xa5, 0xed, 0x24, 0x53, 0x32, 0xce, 0xb6, 0xb6, 0x12, 0xc6, 0xeb, 0xfd, 0x5b, 0x86, 0x21, 0xf7, 0xaf, 0x2e, 0x29, 0xb0, 0xed, 0x4d, 0x71, 0x3e, 0x82, 0x28, 0x74, 0xd5, 0x64, 0x59, 0xba, 0xa6, 0x59, 0xd7, 0x9b
// ];
// const CLIENT_PRIME_2: &'static [u8] = &[
// 0x00, 0xd1, 0xfb, 0x16, 0x0c, 0xf0, 0xa3, 0x9a, 0x56, 0xdc, 0x3d, 0x82, 0xc6, 0x69, 0xed, 0x1d, 0x6a, 0x6f, 0xf9, 0xf0, 0x27, 0x3f, 0x96, 0x15, 0x39, 0x30, 0x84, 0x93, 0x75, 0x67, 0x31, 0xc9, 0x55, 0x84, 0x14, 0x13, 0x54, 0x39, 0xc1, 0x7c, 0x02, 0x77, 0x2b, 0x56, 0x49, 0x2c, 0xca, 0xe5, 0x16, 0xb5, 0xa1, 0x22, 0x49, 0xd6, 0xfa, 0x96, 0xd7, 0xb8, 0xaf, 0x34, 0xd3, 0x00, 0xc0, 0x42, 0x2f, 0x73, 0x0d, 0xb1, 0xd0, 0xc8, 0x11, 0xc6, 0x16, 0x79, 0xde, 0x83, 0xcd, 0x53, 0x21, 0x9b, 0x58, 0xc5, 0xee, 0x35, 0x55, 0xb6, 0x8f, 0x83, 0xc9, 0x23, 0x15, 0x98, 0xe0, 0xb5, 0x6f, 0x3a, 0x3d, 0x0c, 0x06, 0xa8, 0x32, 0x16, 0x0f, 0xde, 0x66, 0xad, 0x44, 0x76, 0xcd, 0x4a, 0x7a, 0x3d, 0xcb, 0x2c, 0x83, 0x3e, 0xf7, 0x50, 0x94, 0xa2, 0x2b, 0x61, 0xb5, 0xb6, 0x02, 0x01, 0x24, 0x7e, 0x05
// ];
const ECDSA_SECRET_KEY: &'static [u8] = &[
0xea, 0x5e, 0x74, 0xf3, 0xc3, 0x67, 0x11, 0x10, 0x00, 0x20, 0x3d, 0xc8, 0x92, 0xcd, 0x7a, 0x8a, 0x08, 0x44, 0x70, 0x9d, 0x1c, 0x3c, 0xab, 0xf0, 0x93, 0x3c, 0x3e, 0x86, 0xf0, 0x0e, 0x7d, 0xcd
];
const ECDSA_CERT: [u8; 0x222] =
hex_literal::hex!(
"3082010a0282010100c24c615adad1640c2e39e295c460f2c795370cfb21cca519f9e6baf15645ca0b256ef8f318491baab9dc7196360b393bc35320354887d6cc822cf6e9d2eacc7fecf8d8e73f0f09bf131a5919e9e9c81e2aecf06d55be1720290853d4f1086b3e103d54d2b454d7c32abce433f6115d267bba246f68847463dfd1d6be904eb18d56885565d6fcf8a60386fc73b5450777e00485ae94d22096afc458d7fbd7c469dd861cab7b914715e093c4f1cc399e5a53010c2b65d5cc3d60fccc2cc5d8b3faa5fefaab551f1de1a93a19a15be9adb3a5c96d2e525a9f696174e6e772857e536b462a61c69a87710b74172c4b318f4842e7d27f7b6e0cbf3f983e3564ab80070203010001"
"3082021e308201c3a00302010202146b18959728cd6e0ea7e3c88fa3c29e2d4cf99c53300a06082a8648ce3d0403023064310b3009060355040613025345310b300906035504080c025256310b300906035504070c024552310b3009060355040a0c024345310b3009060355040b0c025254310b300906035504030c0249463114301206092a864886f70d01090116056963616e74301e170d3230313132303032333731365a170d3231313132303032333731365a3064310b3009060355040613025345310b300906035504080c025256310b300906035504070c024552310b3009060355040a0c024345310b3009060355040b0c025254310b300906035504030c0249463114301206092a864886f70d01090116056963616e743059301306072a8648ce3d020106082a8648ce3d03010703420004742011a6c8a16fe55fa1cad99cf72aed1e18929600d53dd76fd2a0d6a998f1095db1e3acde327d1263d7c43e2be4c836d142c81d8db3126a66c27356a5a0ab40a3533051301d0603551d0e04160414a8fc25f0f59cdf827a1b0cade3dd5b17f109d115301f0603551d23041830168014a8fc25f0f59cdf827a1b0cade3dd5b17f109d115300f0603551d130101ff040530030101ff300a06082a8648ce3d0403020349003046022100a6f72139e2340f026b1bb22a0c9711bcd1dd39cc3e863fb866c6464a5a62eddd022100a19cb4884563818501574bf637e682b7c971d717fa6b00bcb75b9f05eb44e805"
);
const CLIENT_SIGNATURE: [u8; 256] =
const ED25519_SECRET_KEY: [u8; 32] =
hex_literal::hex!(
"954ced7ddc8fdccbaeb83ee9b3a26a01c37cc74bfcb82b3b181c28ae06588f763cfc491b6869b74968fd7ae017360d8eeaa5bfb69d9c0e3524f14790422f7ccbc9a609880800c5076d6383865cd47986eff4d379bf554b86963ce4bc4706262f48932fd5fa16e73149c1c960f19f5e8d1a8dc5898a9e2de5c0d79a8a0017349f379d23683eec83a07f01c3b83cb4d0f66ae0672efc9723bed0296a82046232dc533988a253bd2b109074172735bad06b98c3863033d2d11ea2d0efc7a3db52c94d2e452882e87559a0e9036768dbc380189b89323294a03ef229943be3fa17095c5a220386c695cf279bc88ff1b017897cbcb231658937eef82adb9a17479429"
"352e033b544cd58930fd154e1e8cf8711ed18a4f637afabe05521f474f7ffa21"
);
const CLIENT_PRIVATE_KEY_MOD: &'static [u8] = &[
0x00, 0xc2, 0x4c, 0x61, 0x5a, 0xda, 0xd1, 0x64, 0x0c, 0x2e, 0x39, 0xe2, 0x95, 0xc4, 0x60, 0xf2, 0xc7, 0x95, 0x37, 0x0c, 0xfb, 0x21, 0xcc, 0xa5, 0x19, 0xf9, 0xe6, 0xba, 0xf1, 0x56, 0x45, 0xca, 0x0b, 0x25, 0x6e, 0xf8, 0xf3, 0x18, 0x49, 0x1b, 0xaa, 0xb9, 0xdc, 0x71, 0x96, 0x36, 0x0b, 0x39, 0x3b, 0xc3, 0x53, 0x20, 0x35, 0x48, 0x87, 0xd6, 0xcc, 0x82, 0x2c, 0xf6, 0xe9, 0xd2, 0xea, 0xcc, 0x7f, 0xec, 0xf8, 0xd8, 0xe7, 0x3f, 0x0f, 0x09, 0xbf, 0x13, 0x1a, 0x59, 0x19, 0xe9, 0xe9, 0xc8, 0x1e, 0x2a, 0xec, 0xf0, 0x6d, 0x55, 0xbe, 0x17, 0x20, 0x29, 0x08, 0x53, 0xd4, 0xf1, 0x08, 0x6b, 0x3e, 0x10, 0x3d, 0x54, 0xd2, 0xb4, 0x54, 0xd7, 0xc3, 0x2a, 0xbc, 0xe4, 0x33, 0xf6, 0x11, 0x5d, 0x26, 0x7b, 0xba, 0x24, 0x6f, 0x68, 0x84, 0x74, 0x63, 0xdf, 0xd1, 0xd6, 0xbe, 0x90, 0x4e, 0xb1, 0x8d, 0x56, 0x88, 0x55, 0x65, 0xd6, 0xfc, 0xf8, 0xa6, 0x03, 0x86, 0xfc, 0x73, 0xb5, 0x45, 0x07, 0x77, 0xe0, 0x04, 0x85, 0xae, 0x94, 0xd2, 0x20, 0x96, 0xaf, 0xc4, 0x58, 0xd7, 0xfb, 0xd7, 0xc4, 0x69, 0xdd, 0x86, 0x1c, 0xab, 0x7b, 0x91, 0x47, 0x15, 0xe0, 0x93, 0xc4, 0xf1, 0xcc, 0x39, 0x9e, 0x5a, 0x53, 0x01, 0x0c, 0x2b, 0x65, 0xd5, 0xcc, 0x3d, 0x60, 0xfc, 0xcc, 0x2c, 0xc5, 0xd8, 0xb3, 0xfa, 0xa5, 0xfe, 0xfa, 0xab, 0x55, 0x1f, 0x1d, 0xe1, 0xa9, 0x3a, 0x19, 0xa1, 0x5b, 0xe9, 0xad, 0xb3, 0xa5, 0xc9, 0x6d, 0x2e, 0x52, 0x5a, 0x9f, 0x69, 0x61, 0x74, 0xe6, 0xe7, 0x72, 0x85, 0x7e, 0x53, 0x6b, 0x46, 0x2a, 0x61, 0xc6, 0x9a, 0x87, 0x71, 0x0b, 0x74, 0x17, 0x2c, 0x4b, 0x31, 0x8f, 0x48, 0x42, 0xe7, 0xd2, 0x7f, 0x7b, 0x6e, 0x0c, 0xbf, 0x3f, 0x98, 0x3e, 0x35, 0x64, 0xab, 0x80, 0x07
];
const CLIENT_PRIVATE_KEY_EXP: &'static [u8] = &[0x01, 0x00, 0x01];
const CLIENT_PRIVATE_KEY_PMOD: &'static [u8] = &[
0x61, 0x95, 0x60, 0xf3, 0xf3, 0xa0, 0x64, 0xa2, 0x25, 0x79, 0x57, 0x0e, 0xa7, 0x21, 0x95, 0xed, 0x9d, 0x48, 0x97, 0xd1, 0x6d, 0x49, 0x4d, 0xc6, 0x7d, 0x17, 0x5f, 0xde, 0xa3, 0xd8, 0xcb, 0x3f, 0xcb, 0xde, 0x2f, 0x54, 0x50, 0x67, 0x2f, 0x69, 0x10, 0x8d, 0xe1, 0xd2, 0x72, 0x74, 0x32, 0x9b, 0x8c, 0x5f, 0x2c, 0x76, 0xf6, 0x65, 0x9b, 0x00, 0xfd, 0x84, 0x3d, 0xc2, 0x73, 0xf7, 0x0f, 0x1c, 0x54, 0xd5, 0x2a, 0x83, 0x01, 0xcd, 0xb8, 0xb4, 0x69, 0x90, 0xbb, 0x1d, 0x63, 0xb8, 0xd1, 0x94, 0x2d, 0x34, 0xf1, 0x0f, 0xc8, 0x97, 0x7f, 0x1f, 0xdc, 0xdb, 0xdc, 0xd6, 0xbe, 0xf3, 0xde, 0x80, 0xbe, 0x41, 0x3f, 0x5f, 0xcf, 0xc8, 0x28, 0xd1, 0x51, 0x9e, 0xaa, 0xf2, 0x59, 0xec, 0xa0, 0x9f, 0x1a, 0x57, 0x03, 0xc3, 0x9c, 0x77, 0xa1, 0xc9, 0x23, 0x79, 0x4d, 0x64, 0x4a, 0x2f, 0xeb, 0xc5, 0xd3, 0x38, 0x2c, 0x6d, 0xf6, 0xa6, 0xa9, 0xe7, 0x0a, 0x79, 0x05, 0xfa, 0x2a, 0x85, 0xc5, 0x9d, 0xf4, 0x91, 0xef, 0x34, 0xad, 0xb5, 0x64, 0xc5, 0x75, 0x8a, 0x36, 0x8f, 0x95, 0x25, 0xe9, 0x71, 0x0d, 0xa8, 0xe1, 0xea, 0xc3, 0xb4, 0xaa, 0xe7, 0x54, 0x54, 0xef, 0x72, 0x12, 0xa5, 0x14, 0x27, 0xec, 0x70, 0x12, 0x14, 0xdf, 0x65, 0xb3, 0xf5, 0xbc, 0x91, 0xe1, 0x36, 0x31, 0x1a, 0xdf, 0x7d, 0x58, 0x05, 0xb6, 0xe3, 0x48, 0xf2, 0x42, 0x89, 0x25, 0x29, 0x42, 0x0b, 0x5d, 0x8d, 0x0b, 0x76, 0x28, 0x0f, 0xaf, 0x56, 0x22, 0x94, 0x12, 0x8f, 0x76, 0x91, 0x49, 0xa6, 0xa4, 0xe3, 0x54, 0x17, 0x9e, 0xeb, 0xa6, 0x1b, 0xe5, 0x97, 0xde, 0x4e, 0x29, 0x8d, 0x7d, 0x5c, 0x18, 0x34, 0x29, 0x21, 0xd2, 0x7d, 0x14, 0x0b, 0xa1, 0x49, 0xb5, 0xe0, 0xc6, 0x30, 0x31, 0x80, 0xdc, 0x6a, 0x59, 0xb9
];
const CLIENT_PRIME_1: &'static [u8] = &[
0x00, 0xec, 0xe1, 0x6f, 0x5d, 0x7a, 0xed, 0x7b, 0x1a, 0xac, 0xce, 0x02, 0x91, 0xb4, 0x07, 0xcf, 0xc4, 0x2b, 0xcf, 0x2a, 0x37, 0x59, 0x43, 0x46, 0x1a, 0x55, 0xc2, 0x13, 0x89, 0x3c, 0xd5, 0xd6, 0xef, 0xed, 0x12, 0x9f, 0xc3, 0x36, 0x95, 0xd2, 0x6e, 0xf7, 0xca, 0x62, 0x9c, 0x71, 0x3d, 0x78, 0x3a, 0x4c, 0xe2, 0x5d, 0x07, 0x6e, 0x67, 0x53, 0xc3, 0xe7, 0x02, 0x58, 0x34, 0x25, 0xab, 0x67, 0xd4, 0x35, 0x92, 0x26, 0x4a, 0x3f, 0x1b, 0xc4, 0x43, 0xcd, 0x71, 0x3a, 0x8f, 0x9a, 0x2e, 0x44, 0xf6, 0x5a, 0x40, 0xf8, 0x32, 0x11, 0x39, 0xd4, 0x31, 0x35, 0xa1, 0xd7, 0x2d, 0x5d, 0xa5, 0xed, 0x24, 0x53, 0x32, 0xce, 0xb6, 0xb6, 0x12, 0xc6, 0xeb, 0xfd, 0x5b, 0x86, 0x21, 0xf7, 0xaf, 0x2e, 0x29, 0xb0, 0xed, 0x4d, 0x71, 0x3e, 0x82, 0x28, 0x74, 0xd5, 0x64, 0x59, 0xba, 0xa6, 0x59, 0xd7, 0x9b
];
const CLIENT_PRIME_2: &'static [u8] = &[
0x00, 0xd1, 0xfb, 0x16, 0x0c, 0xf0, 0xa3, 0x9a, 0x56, 0xdc, 0x3d, 0x82, 0xc6, 0x69, 0xed, 0x1d, 0x6a, 0x6f, 0xf9, 0xf0, 0x27, 0x3f, 0x96, 0x15, 0x39, 0x30, 0x84, 0x93, 0x75, 0x67, 0x31, 0xc9, 0x55, 0x84, 0x14, 0x13, 0x54, 0x39, 0xc1, 0x7c, 0x02, 0x77, 0x2b, 0x56, 0x49, 0x2c, 0xca, 0xe5, 0x16, 0xb5, 0xa1, 0x22, 0x49, 0xd6, 0xfa, 0x96, 0xd7, 0xb8, 0xaf, 0x34, 0xd3, 0x00, 0xc0, 0x42, 0x2f, 0x73, 0x0d, 0xb1, 0xd0, 0xc8, 0x11, 0xc6, 0x16, 0x79, 0xde, 0x83, 0xcd, 0x53, 0x21, 0x9b, 0x58, 0xc5, 0xee, 0x35, 0x55, 0xb6, 0x8f, 0x83, 0xc9, 0x23, 0x15, 0x98, 0xe0, 0xb5, 0x6f, 0x3a, 0x3d, 0x0c, 0x06, 0xa8, 0x32, 0x16, 0x0f, 0xde, 0x66, 0xad, 0x44, 0x76, 0xcd, 0x4a, 0x7a, 0x3d, 0xcb, 0x2c, 0x83, 0x3e, 0xf7, 0x50, 0x94, 0xa2, 0x2b, 0x61, 0xb5, 0xb6, 0x02, 0x01, 0x24, 0x7e, 0x05
const ED25519_CERT: [u8; 0x01c7] = [
0x30, 0x82, 0x01, 0xc3, 0x30, 0x82, 0x01, 0x75, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x7d, 0x0d, 0x16, 0xcc, 0x44, 0x3e, 0xd7, 0x1d, 0x67, 0xc6, 0xa3, 0x42, 0x38, 0xd8, 0x38, 0xcd, 0x34, 0xe9, 0x96, 0x28, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x30, 0x57, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x02, 0x49, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x02, 0x4e, 0x54, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x02, 0x43, 0x45, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x04, 0x52, 0x54, 0x49, 0x46, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09, 0x69, 0x63, 0x61, 0x74, 0x65, 0x2e, 0x6e, 0x65, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x30, 0x31, 0x31, 0x32, 0x30, 0x30, 0x34, 0x32, 0x33, 0x34, 0x34, 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x31, 0x31, 0x32, 0x30, 0x30, 0x34, 0x32, 0x33, 0x34, 0x34, 0x5a, 0x30, 0x57, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x02, 0x49, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x02, 0x4e, 0x54, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x02, 0x43, 0x45, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x04, 0x52, 0x54, 0x49, 0x46, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09, 0x69, 0x63, 0x61, 0x74, 0x65, 0x2e, 0x6e, 0x65, 0x74, 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00, 0xdc, 0x3a, 0xe2, 0xdd, 0xf4, 0x06, 0x5e, 0x99, 0x3f, 0x18, 0x4c, 0x35, 0x68, 0x7e, 0xf6, 0x21, 0x3b, 0x20, 0xe4, 0x7e, 0x7f, 0x55, 0x56, 0x2c, 0xa5, 0xcb, 0xfe, 0x2b, 0x33, 0x0a, 0x28, 0xc5, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x63, 0xc3, 0xa0, 0xaf, 0xc6, 0xb6, 0xe4, 0xb3, 0x17, 0x01, 0x65, 0x96, 0x80, 0xfd, 0xf8, 0x24, 0x72, 0xbc, 0xf6, 0x48, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x63, 0xc3, 0xa0, 0xaf, 0xc6, 0xb6, 0xe4, 0xb3, 0x17, 0x01, 0x65, 0x96, 0x80, 0xfd, 0xf8, 0x24, 0x72, 0xbc, 0xf6, 0x48, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x41, 0x00, 0xd8, 0x4f, 0x75, 0x3e, 0x8a, 0x67, 0xec, 0x27, 0x0f, 0xa1, 0xb6, 0xb8, 0x7a, 0x01, 0x69, 0x6b, 0xa8, 0x5f, 0xad, 0xaa, 0x50, 0xc4, 0x6c, 0x7f, 0xe4, 0x7c, 0x1b, 0x61, 0x15, 0xd7, 0xa5, 0xf9, 0x63, 0xf5, 0xc5, 0x2f, 0xb1, 0xa7, 0x96, 0x9a, 0x0d, 0x21, 0x02, 0x50, 0x4f, 0xc6, 0x65, 0xe5, 0x83, 0x4b, 0x49, 0x9c, 0x3f, 0x3a, 0xc2, 0xbd, 0x85, 0xe0, 0x57, 0x44, 0x47, 0x44, 0xe4, 0x0d
];
const ED25519_SERVER_CERT: [u8; 0x1eb] =
hex_literal::hex!(
"308201e730820199a0030201020214177072ca219b9b453f4cd2095142ef88569022ac300506032b65703069310b3009060355040613025345310b300906035504080c025256310b300906035504070c024552310d300b060355040a0c04434552543110300e060355040b0c0749464943415445311f301d06035504030c1678656432353531392e746573742e636572742e70656d301e170d3230313132303034333330385a170d3231313132303034333330385a3069310b3009060355040613025345310b300906035504080c025256310b300906035504070c024552310d300b060355040a0c04434552543110300e060355040b0c0749464943415445311f301d06035504030c1678656432353531392e746573742e636572742e70656d302a300506032b65700321005cc3542eceecf9379348f5c4e18aa29b6e92547b0e35730857c1ce8508a043e0a3533051301d0603551d0e04160414c8bbbe74e4e3a76d757f31696518ced30cabc474301f0603551d23041830168014c8bbbe74e4e3a76d757f31696518ced30cabc474300f0603551d130101ff040530030101ff300506032b6570034100312c6935aab53c87cef4505a2051c5b86d6e11539fffc51d2e9c7807db626186f22f13eca0a5cf7f3e41e40e07b14a11ed39ba04af80adcaf69a7444ae8f1304"
);
const ED25519_SERVER_PUBLIC_KEY: [u8; 32] =
hex_literal::hex!(
"5cc3542eceecf9379348f5c4e18aa29b6e92547b0e35730857c1ce8508a043e0"
);
const ED25519_SIGNATURE: [u8; 64] =
hex_literal::hex!(
"e9988fcc188fbe85a66929634badb47c5b765c3c6087a7e44b41efda1fdcd0baf67ded6159a5af6d396ca59439de8907160fc729a42ed50e69a3f54abe6dad0c"
);

7
src/parse.rs
View File

@ -7,10 +7,8 @@ use nom::combinator::opt;
use nom::sequence::preceded;
use nom::sequence::tuple;
use nom::error::ErrorKind;
use nom::character::complete::digit0;
use nom::character::is_digit;
use chrono::{DateTime, FixedOffset, TimeZone};
use chrono::{DateTime, FixedOffset};
use heapless::{String, consts::*};
use byteorder::{ByteOrder, NetworkEndian};
@ -21,7 +19,6 @@ use crate::certificate::{
Certificate as Asn1DerCertificate,
Version as Asn1DerVersion,
AlgorithmIdentifier as Asn1DerAlgId,
Time as Asn1DerTime,
Validity as Asn1DerValidity,
SubjectPublicKeyInfo as Asn1DerSubjectPublicKeyInfo,
Extensions as Asn1DerExtensions,
@ -71,7 +68,7 @@ pub(crate) fn parse_tls_repr(bytes: &[u8]) -> IResult<&[u8], (&[u8], TlsRepr)> {
use crate::tls_packet::TlsContentType::*;
match repr.content_type {
Handshake => {
let (rest, handshake) = complete(
let (_, handshake) = complete(
parse_handshake
)(bytes)?;
repr.handshake = Some(handshake);

19
src/session.rs
View File

@ -512,7 +512,7 @@ impl<'a> Session<'a> {
// Determine the supplied client certificate indeed has an
// acceptable signature algorithm
let mut private_key_algorithm_acceptable = false;
if let Some((private_key, cert)) = &self.cert_private_key {
if let Some((private_key, _cert)) = &self.cert_private_key {
if let CertificatePrivateKey::RSA {..} = private_key {
for sig_alg in signature_algorithms.iter() {
use crate::tls_packet::SignatureScheme::*;
@ -1412,6 +1412,7 @@ impl<'a> Session<'a> {
self.server_application_nonce.as_ref().unwrap(),
self.server_application_cipher.as_ref().unwrap()
)},
TlsRole::Unknown => unreachable!()
};
// Calculate XOR'ed nonce
@ -1443,6 +1444,7 @@ impl<'a> Session<'a> {
self.server_handshake_nonce.as_ref().unwrap(),
self.server_handshake_cipher.as_ref().unwrap()
)},
TlsRole::Unknown => unreachable!()
};
// Calculate XOR'ed nonce
@ -1474,6 +1476,7 @@ impl<'a> Session<'a> {
self.server_handshake_nonce.as_ref().unwrap(),
self.server_handshake_cipher.as_ref().unwrap()
)},
TlsRole::Unknown => unreachable!()
};
// Calculate XOR'ed nonce
@ -1508,6 +1511,7 @@ impl<'a> Session<'a> {
self.client_application_nonce.as_ref().unwrap(),
self.client_application_cipher.as_ref().unwrap()
)},
TlsRole::Unknown => unreachable!()
};
// Calculate XOR'ed nonce
@ -1545,6 +1549,7 @@ impl<'a> Session<'a> {
self.server_handshake_nonce.as_ref().unwrap(),
self.server_handshake_cipher.as_ref().unwrap()
)},
TlsRole::Unknown => unreachable!()
};
// Calculate XOR'ed nonce
@ -1579,6 +1584,7 @@ impl<'a> Session<'a> {
self.server_handshake_nonce.as_ref().unwrap(),
self.server_handshake_cipher.as_ref().unwrap()
)},
TlsRole::Unknown => unreachable!()
};
// Calculate XOR'ed nonce
@ -1606,12 +1612,21 @@ impl<'a> Session<'a> {
pub(crate) fn increment_server_sequence_number(&mut self) {
self.server_sequence_number += 1;
}
pub(crate) fn get_session_role(&self) -> TlsRole {
self.role
}
pub(crate) fn becomes_client(&mut self) {
self.role = TlsRole::Client;
}
}
#[derive(Debug, PartialEq, Eq, Clone, Copy)]
pub(crate) enum TlsRole {
Client,
Server,
Unknown,
}
#[derive(Debug, Clone)]
@ -1814,6 +1829,7 @@ impl Cipher {
}
}
#[allow(non_camel_case_types)]
#[derive(Debug, Clone)]
pub enum CertificatePublicKey {
RSA {
@ -1853,6 +1869,7 @@ impl CertificatePublicKey {
}
}
#[allow(non_camel_case_types)]
pub enum CertificatePrivateKey {
RSA {
cert_rsa_private_key: rsa::RSAPrivateKey

82
src/set.rs Normal file
View File

@ -0,0 +1,82 @@
use smoltcp as net;
use managed::ManagedSlice;
use crate::tls::TlsSocket;
use net::socket::SocketSetItem;
use net::socket::SocketSet;
use net::socket::SocketHandle;
use net::socket::Socket;
use net::socket::TcpSocket;
use net::socket::AnySocket;
use net::socket::SocketRef;
use net::iface::EthernetInterface;
use net::time::Instant;
use net::phy::Device;
use core::convert::From;
use core::cell::RefCell;
use alloc::vec::Vec;
pub struct TlsSocketSet<'a> {
tls_sockets: ManagedSlice<'a, Option<TlsSocket<'a>>>
}
#[derive(Clone, Copy, Debug)]
pub struct TlsSocketHandle(usize);
impl<'a> TlsSocketSet<'a> {
pub fn new<T>(tls_sockets: T) -> Self
where
T: Into<ManagedSlice<'a, Option<TlsSocket<'a>>>>
{
Self {
tls_sockets: tls_sockets.into()
}
}
pub fn add(&mut self, socket: TlsSocket<'a>) -> TlsSocketHandle
{
for (index, slot) in self.tls_sockets.iter_mut().enumerate() {
if slot.is_none() {
*slot = Some(socket);
return TlsSocketHandle(index);
}
}
match self.tls_sockets {
ManagedSlice::Borrowed(_) => {
panic!("adding a socket to a full array")
}
ManagedSlice::Owned(ref mut sockets) => {
sockets.push(Some(socket));
let index = sockets.len() - 1;
return TlsSocketHandle(index);
}
}
}
pub fn get(&mut self, handle: TlsSocketHandle) -> &mut TlsSocket<'a> {
self.tls_sockets[handle.0].as_mut().unwrap()
}
pub(crate) fn polled_by(
&mut self,
sockets: &mut SocketSet
) -> smoltcp::Result<bool>
{
for socket in self.tls_sockets.iter_mut() {
if socket.is_some() {
log::info!("Found TLS");
socket.as_mut()
.unwrap()
.update_handshake(sockets)?;
log::info!("Updated TLS");
}
}
Ok(true)
}
}

123
src/tls.rs
View File

@ -3,6 +3,7 @@ use smoltcp::socket::TcpState;
use smoltcp::socket::SocketHandle;
use smoltcp::socket::SocketSet;
use smoltcp::socket::TcpSocketBuffer;
use smoltcp::socket::SocketRef;
use smoltcp::wire::IpEndpoint;
use smoltcp::Result;
use smoltcp::Error;
@ -20,7 +21,6 @@ use core::cell::RefCell;
use rand_core::{RngCore, CryptoRng};
use p256::{EncodedPoint, ecdh::EphemeralSecret};
use ccm::consts::*;
use aes_gcm::AeadInPlace;
use nom::bytes::complete::take;
use nom::error::ErrorKind;
@ -52,20 +52,19 @@ pub(crate) enum TlsState {
CONNECTED,
}
// TODO: Group up all session_specific parameters into a separate structure
pub struct TlsSocket<'s, R: RngCore + CryptoRng>
pub struct TlsSocket<'s>
{
tcp_handle: SocketHandle,
rng: R,
rng: &'s mut dyn crate::TlsRng,
session: RefCell<Session<'s>>,
}
impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
impl<'s> TlsSocket<'s> {
pub fn new<'a, 'b, 'c>(
sockets: &mut SocketSet<'a, 'b, 'c>,
rx_buffer: TcpSocketBuffer<'b>,
tx_buffer: TcpSocketBuffer<'b>,
rng: R,
rng: &'s mut dyn crate::TlsRng,
certificate_with_key: Option<(
crate::session::CertificatePrivateKey,
Vec<&'s [u8]>
@ -76,6 +75,23 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
{
let tcp_socket = TcpSocket::new(rx_buffer, tx_buffer);
let tcp_handle = sockets.add(tcp_socket);
TlsSocket {
tcp_handle,
rng,
session: RefCell::new(
Session::new(TlsRole::Unknown, certificate_with_key)
),
}
}
pub fn from_tcp_handle(
tcp_handle: SocketHandle,
rng: &'s mut dyn crate::TlsRng,
certificate_with_key: Option<(
crate::session::CertificatePrivateKey,
Vec<&'s [u8]>
)>
) -> Self {
TlsSocket {
tcp_handle,
rng,
@ -85,7 +101,7 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
}
}
pub fn tcp_connect<T, U>(
pub fn connect<T, U>(
&mut self,
sockets: &mut SocketSet,
remote_endpoint: T,
@ -95,32 +111,33 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
T: Into<IpEndpoint>,
U: Into<IpEndpoint>,
{
// Start TCP handshake
let mut tcp_socket = sockets.get::<TcpSocket>(self.tcp_handle);
if tcp_socket.state() == TcpState::Established {
Ok(())
} else {
tcp_socket.connect(remote_endpoint, local_endpoint)
}
tcp_socket.connect(remote_endpoint, local_endpoint)?;
// Permit TLS handshake as well
let mut session = self.session.borrow_mut();
session.becomes_client();
Ok(())
}
pub fn tls_connect<DeviceT>(
&mut self,
iface: &mut EthernetInterface<DeviceT>,
sockets: &mut SocketSet,
now: Instant
) -> Result<bool>
where
DeviceT: for<'d> Device<'d>
{
// Check tcp_socket connectivity
pub fn update_handshake(&mut self, sockets: &mut SocketSet) -> Result<bool> {
// Check TCP socket
{
let mut tcp_socket = sockets.get::<TcpSocket>(self.tcp_handle);
tcp_socket.set_keep_alive(Some(smoltcp::time::Duration::from_millis(1000)));
if tcp_socket.state() != TcpState::Established {
log::info!("TCP not established");
return Ok(false);
}
}
// Check TLS session state
{
let role = self.session.borrow().get_session_role();
if role != crate::session::TlsRole::Client {
return Ok(true);
}
}
// Handle TLS handshake through TLS states
let tls_state = {
self.session.borrow().get_tls_state()
@ -193,19 +210,17 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
self.session.borrow().need_to_send_client_certificate()
};
if need_to_send_client_cert {
let (certificates_total_length, mut buffer_vec) = {
let mut session = self.session.borrow_mut();
let (certificates_total_length, buffer_vec) = {
let session = self.session.borrow();
let mut buffer_vec: Vec<u8> = Vec::new();
let certificates = session
.get_private_certificate_slices()
.clone();
// Handshake level, client certificate byte followed by length (u24)
let mut handshake_header: [u8; 4] = [11, 0, 0, 0];
// Certificate struct:
// request_context = X509: 0 (u8),
// certificate_list to be determined (u24)
let mut certificate_header: [u8; 4] = [0, 0, 0, 0];
let mut certificates_total_length: u32 = 0;
// Append place holder bytes (8 of them) in the buffer vector
@ -229,10 +244,9 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
);
// Update length in Certificate struct
certificates_total_length += (
certificates_total_length +=
// cert_data (len & data) AND extension (len & data)
3 + certificate_length + 2 + 0
);
3 + certificate_length + 2 + 0;
buffer_vec.extend_from_slice(&cert_data_length);
buffer_vec.extend_from_slice(cert);
@ -347,12 +361,12 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
.client_update_for_server_connected(&inner_plaintext[..(inner_plaintext_length-1)]);
}
_ => todo!()
// There is no need to care about handshake if it was completed
TlsState::CONNECTED => {
return Ok(true);
}
}
// Poll the network interface
iface.poll(sockets, now);
// Read for TLS packet
// Proposition: Decouple all data from TLS record layer before processing
// Recouple a brand new TLS record wrapper
@ -731,7 +745,6 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
// Verify that the signature is indeed correct
TlsState::WAIT_CV => {
// Ensure that it is CertificateVerify
log::info!("Got certificate verify");
let might_be_cert_verify = repr.handshake.take().unwrap();
if might_be_cert_verify.get_msg_type() != HandshakeType::CertificateVerify {
// Process the other handshakes in "handshake_vec"
@ -745,11 +758,9 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
might_be_cert_verify.length + 4
)(handshake_slice)
.map_err(|_| Error::Unrecognized)?;
log::info!("about to verify");
// Perform verification, update TLS state if successful
let (sig_alg, signature) = might_be_cert_verify.get_signature().unwrap();
log::info!("Got signature");
{
self.session.borrow_mut()
.client_update_for_wait_cv(
@ -772,7 +783,7 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
// Take out the portion for server Finished
// Length of handshake header is 4
let (handshake_slice, server_finished_slice) =
let (_handshake_slice, server_finished_slice) =
take::<_, _, (&[u8], ErrorKind)>(
might_be_server_finished.length + 4
)(handshake_slice)
@ -793,31 +804,6 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
Ok(())
}
// Generic inner send method, through TCP socket
fn send_tls_repr(&self, sockets: &mut SocketSet, tls_repr: TlsRepr) -> Result<()> {
let mut tcp_socket = sockets.get::<TcpSocket>(self.tcp_handle);
if !tcp_socket.can_send() {
return Err(Error::Illegal);
}
let mut array = [0; 2048];
let mut buffer = TlsBuffer::new(&mut array);
buffer.enqueue_tls_repr(tls_repr)?;
let buffer_size = buffer.get_size();
// Force send to return if send is unsuccessful
// Only update sequence number if the send is successful
tcp_socket.send_slice(buffer.into())
.and_then(
|size| if size == buffer_size {
Ok(())
} else {
Err(Error::Truncated)
}
)?;
self.session.borrow_mut().increment_client_sequence_number();
Ok(())
}
// Generic inner send method for buffer IO, through TCP socket
// Usage: Push a slice representation of ONE TLS packet
// This function will only increment sequence number by 1
@ -940,12 +926,16 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
(record_length + 5),
(
(record_length + 5),
provided_data_capacity < (record_length + 5)
provided_data_capacity >= (record_length + 5)
)
)
}
)?;
if !acceptable {
return Ok(0);
}
// let recv_slice_size = tcp_socket.recv_slice(data)?;
// Encrypted data need a TLS record wrapper (5 bytes)
@ -1038,4 +1028,9 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
Ok(())
}
pub fn get_tcp_handle(&self) -> SocketHandle {
self.tcp_handle
}
}

31
src/tls_packet.rs
View File

@ -76,14 +76,6 @@ impl<'a> TlsRepr<'a> {
self
}
pub(crate) fn change_cipher_spec(mut self) -> Self {
self.content_type = TlsContentType::ChangeCipherSpec;
self.version = TlsVersion::Tls12;
self.length = 1;
self.payload = Some((&[1]).to_vec());
self
}
// TODO: Consider replace all these boolean function
// into a single function that returns the HandshakeType.
pub(crate) fn is_server_hello(&self) -> bool {
@ -112,12 +104,6 @@ impl<'a> TlsRepr<'a> {
}
}
}
pub(crate) fn is_application_data(&self) -> bool {
self.content_type == TlsContentType::ApplicationData &&
self.handshake.is_none() &&
self.payload.is_some()
}
}
#[derive(Debug, PartialEq, Eq, Clone, Copy, IntoPrimitive, TryFromPrimitive)]
@ -385,8 +371,6 @@ impl<'a> ClientHello<'a> {
list.push(NamedGroup::x25519);
list.push(NamedGroup::secp256r1);
let length = list.len()*2;
// Use the list to generate all key shares and store in a vec
let mut client_shares = Vec::new();
let mut client_shares_length = 0;
@ -590,10 +574,10 @@ pub(crate) enum SupportedVersions {
impl SupportedVersions {
pub(crate) fn get_length(&self) -> usize {
match self {
Self::ClientHello { length, versions } => {
Self::ClientHello { length, .. } => {
usize::try_from(*length).unwrap() + 1
}
Self::ServerHello { selected_version } => 2
Self::ServerHello { .. } => 2
}
}
}
@ -713,8 +697,8 @@ pub(crate) enum KeyShareEntryContent {
impl KeyShareEntryContent {
pub(crate) fn get_length(&self) -> usize {
match self {
Self::KeyShareClientHello { length, client_shares } => 2 + usize::try_from(*length).unwrap(),
Self::KeyShareHelloRetryRequest { selected_group } => 2,
Self::KeyShareClientHello { length, .. } => 2 + usize::try_from(*length).unwrap(),
Self::KeyShareHelloRetryRequest { .. } => 2,
Self::KeyShareServerHello { server_share } => server_share.get_length(),
}
}
@ -760,12 +744,9 @@ pub(crate) enum CertificateEntryInfo<'a> {
impl<'a> CertificateEntryInfo<'a> {
pub(crate) fn get_certificate(&self) -> &Asn1DerCertificate {
match self {
CertificateEntryInfo::RawPublicKey {
ASN1_subjectPublicKeyInfo_length,
ASN1_subjectPublicKeyInfo
} => todo!(),
CertificateEntryInfo::RawPublicKey { .. } => todo!(),
CertificateEntryInfo::X509 {
cert_data_length, cert_data
cert_data, ..
} => &cert_data
}
}