poll: init

2020-11-23 17:16:07 +08:00 · 2020-11-23 17:16:07 +08:00 · c22ff413da
parent 47f2229feb
commit c22ff413da
11 changed files with 334 additions and 199 deletions
--- a/Cargo.toml
+++ b/Cargo.toml
@ -76,6 +76,11 @@ version = "0.9.0"
 default-features = false
 features = []
 [dependencies.managed]
 version = "0.8.0"
 default-features = false
 features = [ "alloc" ]
 [dependencies.simple_logger]
 version = "1.11.0"
 optional = true
--- a/src/buffer.rs
+++ b/src/buffer.rs
@ -30,10 +30,6 @@ impl<'a> TlsBuffer<'a> {
        }
    }
    pub(crate) fn get_size(&self) -> usize {
        self.index.clone().into_inner()
    }
    pub(crate) fn write(&mut self, data: &[u8]) -> Result<()> {
        let mut index = self.index.borrow_mut();
        if (self.buffer.len() - *index) < data.len() {
@ -55,31 +51,6 @@ impl<'a> TlsBuffer<'a> {
        Ok(())
    }
    pub(crate) fn read_u8(&mut self) -> Result<u8> {
        let mut index = self.index.borrow_mut();
        if (self.buffer.len() - *index) < 1 {
            return Err(Error::Exhausted);
        }
        let data = self.buffer[*index];
        *index += 1;
        Ok(data)
    }
    pub(crate) fn read_all(self) -> &'a [u8] {
        &self.buffer[self.index.into_inner()..]
    }
    pub(crate) fn read_slice(&self, length: usize) -> Result<&[u8]> {
        let mut index = self.index.borrow_mut();
        if (self.buffer.len() - *index) < length {
            return Err(Error::Exhausted);
        }
        let next_index = *index + length;
        let slice = &self.buffer[*index..next_index];
        *index = next_index;
        Ok(slice)
    }
    pub(crate) fn enqueue_tls_repr(&mut self, tls_repr: TlsRepr<'a>) -> Result<()> {
        self.write_u8(tls_repr.content_type.into())?;
        self.write_u16(tls_repr.version.into())?;
--- a/src/certificate.rs
+++ b/src/certificate.rs
@ -7,7 +7,6 @@ use chrono::{DateTime, FixedOffset};
 use crate::parse::parse_asn1_der_rsa_public_key;
 use crate::parse::parse_rsa_ssa_pss_parameters;
 use crate::parse::parse_ecdsa_signature;
 use crate::parse::parse_asn1_der_oid;
 use crate::Error as TlsError;
@ -19,10 +18,9 @@ use sha1::{Sha1, Digest};
 use sha2::{Sha224, Sha256, Sha384, Sha512};
 use rsa::{PublicKey, RSAPublicKey, PaddingScheme, BigUint, Hash};
-use p256::ecdsa::signature::{Verifier, DigestVerifier};
+use p256::ecdsa::signature::{Verifier};
 use alloc::vec::Vec;
 use heapless::{ Vec as HeaplessVec, consts::* };
 use byteorder::{ByteOrder, NetworkEndian};
@ -1234,7 +1232,7 @@ fn wrap_up_verification(
        // require_explicit_policy is 0, set explicit_policy_state to be 0
        if let ExtensionValue::PolicyConstraints {
            require_explicit_policy,
-            inhibit_policy_mapping
+            ..
        } = &extension.extension_value {
            if require_explicit_policy.is_some() {
                if require_explicit_policy.unwrap() == 0 {
--- a/src/fake_rng.rs
+++ b/src/fake_rng.rs
@ -5,7 +5,7 @@
 // Anyway, the RSAPublicKey::verify() method does NOT care about random at all :)
 use rand_core::{RngCore, Error};
-use byteorder::{ByteOrder, NetworkEndian, BigEndian};
+use byteorder::{ByteOrder, NetworkEndian};
 pub struct FakeRandom {}
--- a/src/lib.rs
+++ b/src/lib.rs
@ -11,6 +11,7 @@ pub mod session;
 pub mod certificate;
 pub mod fake_rng;
 pub mod oid;
 pub mod set;
 // TODO: Implement errors
 // Details: Encapsulate smoltcp & nom errors
@ -29,3 +30,35 @@ pub enum Error {
    CertificatePolicyError,
    CertificateVersionError,
 }
 impl From<smoltcp::Error> for Error {
    fn from(error: smoltcp::Error) -> Self {
        Self::PropagatedError(error)
    }
 }
 pub trait TlsRng: rand_core::RngCore + rand_core::CryptoRng {}
 use smoltcp as net;
 use net::socket::SocketSet;
 use net::iface::EthernetInterface;
 use net::time::Instant;
 use net::phy::Device;
 use crate::tls::TlsSocket;
 use crate::set::TlsSocketSet;
 // One-call function for polling all sockets within socket set
 pub fn poll<DeviceT>(
    sockets: &mut SocketSet,
    tls_sockets: &mut TlsSocketSet,
    iface: &mut EthernetInterface<DeviceT>,
    now: Instant
 ) -> Result<bool, Error>
 where
    DeviceT: for<'d> Device<'d>
 {
    tls_sockets.polled_by(sockets)?;
    iface.poll(sockets, now).map_err(Error::PropagatedError)
 }
--- a/src/main.rs
+++ b/src/main.rs
@ -81,7 +81,7 @@ fn main() {
 //    tls_socket.tls_connect(&mut sockets).unwrap();
    simple_logger::SimpleLogger::new().init().unwrap();
-    let (_, certificate) = parse_asn1_der_certificate(&RSA_PSS_SELF_CERT).unwrap();
+    // let (_, certificate) = parse_asn1_der_certificate(&RSA_PSS_SELF_CERT).unwrap();
    // println!("Certificate print: {:?}", certificate);
    // let modulus = [
@ -101,12 +101,10 @@ fn main() {
    // certificate.validate_signature_with_trusted(&ca_public_key).unwrap();
    // println!("Certificate should be trusted");
-    certificate.validate_self_signed_signature().unwrap();
+    // certificate.validate_self_signed_signature().unwrap();
-    println!("Certificate should be trusted");
+    // println!("Certificate should be trusted");
 /*
    let mut certificate_vec = Vec::new();
    let name = parse_asn1_der_name(&SELF_SIGNED_WITH_SAN_ISSUER).unwrap().1;
    let public_key = certificate.get_cert_public_key().unwrap();
@ -154,18 +152,18 @@ fn main() {
        excluded_name
    ).unwrap();
 */
-    let google_end_entity_certificate = parse_asn1_der_certificate(
+    // let google_end_entity_certificate = parse_asn1_der_certificate(
-        &GOOGLE_END_ENTITY_CERT
+    //     &GOOGLE_END_ENTITY_CERT
-    ).unwrap().1;
+    // ).unwrap().1;
-    let google_root_ca_certificate = parse_asn1_der_certificate(
+    // let google_root_ca_certificate = parse_asn1_der_certificate(
-        &GOOGLE_ROOT_CERT
+    //     &GOOGLE_ROOT_CERT
-    ).unwrap().1;
+    // ).unwrap().1;
-    google_end_entity_certificate.validate_signature_with_trusted(
+    // google_end_entity_certificate.validate_signature_with_trusted(
-        &google_root_ca_certificate.get_cert_public_key().unwrap()
+    //     &google_root_ca_certificate.get_cert_public_key().unwrap()
-    ).unwrap();
+    // ).unwrap();
-    log::info!("End entity certificate verified");
+    // log::info!("End entity certificate verified");
    // google_root_ca_certificate.validate_self_signed_signature().unwrap();
    // log::info!("root certificate verified");
@ -192,47 +190,73 @@ fn main() {
 //         excluded_name
 //     ).unwrap();
-    use rand_core::{RngCore, OsRng};
+    // use rand_core::{RngCore, OsRng};
-    use rsa::PublicKey;
+    // use rsa::PublicKey;
-    use rsa::BigUint;
+    // use rsa::BigUint;
-    use smoltcp_tls::fake_rng::FakeRandom;
+    // use smoltcp_tls::fake_rng::FakeRandom;
-    let mut prime_vec = std::vec::Vec::new();
+    // let mut prime_vec = std::vec::Vec::new();
-    prime_vec.extend_from_slice(&[
+    // prime_vec.extend_from_slice(&[
-        BigUint::from_bytes_be(&CLIENT_PRIME_1),
+    //     BigUint::from_bytes_be(&CLIENT_PRIME_1),
-        BigUint::from_bytes_be(&CLIENT_PRIME_2)
+    //     BigUint::from_bytes_be(&CLIENT_PRIME_2)
-    ]);
+    // ]);
-    let rsa_client_private_key = rsa::RSAPrivateKey::from_components(
+    // let rsa_client_private_key = rsa::RSAPrivateKey::from_components(
-        BigUint::from_bytes_be(&CLIENT_PRIVATE_KEY_MOD),
+    //     BigUint::from_bytes_be(&CLIENT_PRIVATE_KEY_MOD),
-        BigUint::from_bytes_be(&CLIENT_PRIVATE_KEY_EXP),
+    //     BigUint::from_bytes_be(&CLIENT_PRIVATE_KEY_EXP),
-        BigUint::from_bytes_be(&CLIENT_PRIVATE_KEY_PMOD),
+    //     BigUint::from_bytes_be(&CLIENT_PRIVATE_KEY_PMOD),
-        prime_vec
+    //     prime_vec
    // );
    // let public_key_from_conversion = rsa_client_private_key.to_public_key();
    // let rsa_client_public_key = 
    //     rsa::RSAPublicKey::from_pkcs1(&CLIENT_PUBLIC_KEY).unwrap();
    // println!("Public key from conversion: {:?}", public_key_from_conversion);
    // println!("Public key from certificate: {:?}", rsa_client_public_key);
    // println!("Public key are the same: {:?}",
    //     public_key_from_conversion == rsa_client_public_key);
    // let checked_hash = sha2::Sha256::new()
    //     .chain(&[0x20; 64])
    //     .chain("TLS 1.3, client CertificateVerify")
    //     .chain(&[0])
    //     .chain(&CLIENT_TRANSCRIPT_HASH)
    //     .finalize();
    // let padding = rsa::PaddingScheme::new_pss_with_salt::<sha2::Sha256, OsRng>(OsRng, 32);
    // let sign = rsa_client_private_key.sign(padding, &checked_hash).unwrap();
    // println!("Signature with salt: {:X?}", sign);
    // let padding = rsa::PaddingScheme::new_pss_with_salt::<sha2::Sha256, OsRng>(OsRng, 222);
    // rsa_client_public_key.verify(padding, &checked_hash, &sign).unwrap();
    // println!("Signature verified");
    use ed25519_dalek::Verifier;
    let ed25519_public_key = ed25519_dalek::PublicKey::from_bytes(
        &ED25519_SERVER_PUBLIC_KEY
    ).unwrap();
    let ed25519_signature = ed25519_dalek::Signature::new(
        ED25519_SIGNATURE
    );
    let public_key_from_conversion = rsa_client_private_key.to_public_key();
    let rsa_client_public_key = 
        rsa::RSAPublicKey::from_pkcs1(&CLIENT_PUBLIC_KEY).unwrap();
-    println!("Public key from conversion: {:?}", public_key_from_conversion);
+    let mut message_vec = std::vec::Vec::new();
-    println!("Public key from certificate: {:?}", rsa_client_public_key);
+    message_vec.extend_from_slice(&[0x20; 64]);
-    println!("Public key are the same: {:?}",
+    message_vec.extend_from_slice(b"TLS 1.3, server CertificateVerify");
-        public_key_from_conversion == rsa_client_public_key);
+    message_vec.extend_from_slice(&[0]);
-    
+    message_vec.extend_from_slice(&CLIENT_TRANSCRIPT_HASH);
-    let checked_hash = sha2::Sha256::new()
+    println!("Length of verify message: {:?}", message_vec.len());
    let checked_hash = sha2::Sha512::new()
        .chain(&[0x20; 64])
-        .chain("TLS 1.3, client CertificateVerify")
+        .chain("TLS 1.3, server CertificateVerify")
        .chain(&[0])
-        .chain(&CLIENT_TRANSCRIPT_HASH)
+        .chain(&CLIENT_TRANSCRIPT_HASH);
        .finalize();
    let padding = rsa::PaddingScheme::new_pss_with_salt::<sha2::Sha256, OsRng>(OsRng, 32);
    let sign = rsa_client_private_key.sign(padding, &checked_hash).unwrap();
-    println!("Signature with salt: {:X?}", sign);
+    ed25519_public_key.verify(&message_vec, &ed25519_signature).unwrap();
-
+    ed25519_public_key.verify_prehashed(checked_hash, None, &ed25519_signature).unwrap();
    let padding = rsa::PaddingScheme::new_pss_with_salt::<sha2::Sha256, OsRng>(OsRng, 222);
    rsa_client_public_key.verify(padding, &checked_hash, &sign).unwrap();
    println!("Signature verified");
 }
 const RSA_PSS_CERT: [u8; 0x3AB] =
@ -249,9 +273,6 @@ const RSA_PKCS_CERT: [u8; 0x03AB] =
 const ECDSA_P256_CERT: [u8; 0x0219] =
    hex_literal::hex!("30820215308201bba003020102021441d0428ae91b87ccb66e64cf3bdbd96ef0871630300a06082a8648ce3d0403023060310b30090603550406130255533113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c74643119301706092a864886f70d010901160a68656c6c6f776f726c64301e170d3230313130353033313932325a170d3330313130333033313932325a3060310b30090603550406130255533113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c74643119301706092a864886f70d010901160a68656c6c6f776f726c643059301306072a8648ce3d020106082a8648ce3d03010703420004d22bf2abba402fa10f6d97f941465d5966a965cc8f288bb7920e8c9e8c50607ef3a0a183916913ed9f4dfb42452fe972a2a5ac7a2f4443ef2a0012a481957d10a3533051301d0603551d0e041604147383be1d07af30366a8c3c377d048759f802e885301f0603551d230418301680147383be1d07af30366a8c3c377d048759f802e885300f0603551d130101ff040530030101ff300a06082a8648ce3d0403020348003045022100c048d13d28a811a67262d1593ea0f4af51812751632d391b7d85666fcd5e591702202b1a2db620b764ff61a7be0808069518c75d1bed60c1e9c98debfa98d7a23134");
 const ED25519_CERT: [u8; 0x0187] =
    hex_literal::hex!("30820183308201350214644c27b38f4bd515d9c06f72609ed50844499917300506032b65703064310b30090603550406130255533113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c7464311d301b06035504030c146578616d706c65732e756c666865696d2e6e6574301e170d3230313130353035313435365a170d3232313030363035313435365a3064310b30090603550406130255533113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c7464311d301b06035504030c146578616d706c65732e756c666865696d2e6e6574302a300506032b6570032100be9d2a3f45d7bd86a6fba8acf3dc58d1241e4272f100c81779bc43e96b779515300506032b6570034100b7017b76d0f9f6f58f7bb28de5459c127a3a539ed73997dcd42a0e0484d5768d42b5f5b0e275c99b856124b20983b2dca66dec380b15b5425f9ccf87a3dc5700");
 const CA_SIGNED_CERT: [u8; 0x0356] =
    hex_literal::hex!(
        "308203523082023a02146048517ee55aabd1e8f2bd7db1d91e679708e644300d06092a864886f70d01010b05003067310b30090603550406130255533113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c74643120301e06035504030c176578616d706c65732e63612e756c666865696d2e6e6574301e170d3230313130363034323035305a170d3230313230363034323035305a3064310b30090603550406130255533113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c7464311d301b06035504030c146578616d706c65732e756c666865696d2e6e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100b2940671bfe7ace7416ba9d34018c229588e9d4eed8bd6623e44ab1239e8f1f0de9050b2f485a98e63f5b483330fb0b5abaeb33d11889033b0b684bf34696d28206bb361782c4b106a8d47874cbbdf971b5ab887bca508bccf250a1a811cee078464638e441941347d4c8885ac9b59d9fc9636276912b04d9e3ab29bd8ad319572ae54f0b6145c4d675a78607dcc4793a4d432f1c2a41ea29dd4f7262b6fe472dfaea51aca992b4624e73fa9901fa364fc5b721052ef3187e659d58d2706770d365380a7ebab6caac5b23271c01531fdf95368ee48af5383035f249be7c18f50ce9e52877558efe4b2e29f61328396e2a3b5e71309ad13d93d6ba3d5c3eb2b650203010001300d06092a864886f70d01010b0500038201010063c9ab0f5d2e164513e8e74b656ae4f48dd004c3ead9f1026b7741cbf02bb0efcf19e0fbf8a788dae059a2393167f016bafc0e3efd5c5b4c43079b6506eb67f17f44f9591503c7d1fdb77bf631894817393ea82610ad5106d23ec6bf1a6d96d749f05c0136cd71256617a51fe862529aee4a37d5f456dc7da8b220ff10ede4e87bc63e4589b3f81133a7f82ab900419e8a2d802d59e99cfbbd268702efd17616168b45b5211da0e644c29dcb92dbbf32b43586bbab05deb0261771605c52836363bd28ff9853d44436349f5ba11f2640bc9c42688e0d5eb6cac9f3f5e5f98652fa4f4ba52604371ec45f09d678e31d463285a4b3734f587f35a339920544f476"
@ -277,28 +298,63 @@ const GOOGLE_END_ENTITY_CERT: [u8; 0x0974] =
        "3082097030820858a00302010202103c8415c8e1e38e7702000000007fd492300d06092a864886f70d01010b05003042310b3009060355040613025553311e301c060355040a1315476f6f676c65205472757374205365727669636573311330110603550403130a47545320434120314f31301e170d3230313032383136313833365a170d3231303132303136313833365a3066310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731133011060355040a130a476f6f676c65204c4c433115301306035504030c0c2a2e676f6f676c652e636f6d3059301306072a8648ce3d020106082a8648ce3d03010703420004928f17ebaacb747f1c091d80bab6397cefca2ceed75053a05a196074295add702ed9298d45937515d53026c4ae3bdede339607b42b7525ad2713f1eb455208a6a382070730820703300e0603551d0f0101ff04040302078030130603551d25040c300a06082b06010505070301300c0603551d130101ff04023000301d0603551d0e04160414c2f35a502b0f66ccd7cf4ce9f687b6203f0d3b7c301f0603551d2304183016801498d1f86e10ebcf9bec609f18901ba0eb7d09fd2b306806082b06010505070101045c305a302b06082b06010505073001861f687474703a2f2f6f6373702e706b692e676f6f672f677473316f31636f7265302b06082b06010505073002861f687474703a2f2f706b692e676f6f672f677372322f475453314f312e637274308204c20603551d11048204b9308204b5820c2a2e676f6f676c652e636f6d820d2a2e616e64726f69642e636f6d82162a2e617070656e67696e652e676f6f676c652e636f6d82092a2e62646e2e64657682122a2e636c6f75642e676f6f676c652e636f6d82182a2e63726f7764736f757263652e676f6f676c652e636f6d82182a2e64617461636f6d707574652e676f6f676c652e636f6d82062a2e672e636f820e2a2e6763702e677674322e636f6d82112a2e67637063646e2e677674312e636f6d820a2a2e67677068742e636e820e2a2e676b65636e617070732e636e82162a2e676f6f676c652d616e616c79746963732e636f6d820b2a2e676f6f676c652e6361820b2a2e676f6f676c652e636c820e2a2e676f6f676c652e636f2e696e820e2a2e676f6f676c652e636f2e6a70820e2a2e676f6f676c652e636f2e756b820f2a2e676f6f676c652e636f6d2e6172820f2a2e676f6f676c652e636f6d2e6175820f2a2e676f6f676c652e636f6d2e6272820f2a2e676f6f676c652e636f6d2e636f820f2a2e676f6f676c652e636f6d2e6d78820f2a2e676f6f676c652e636f6d2e7472820f2a2e676f6f676c652e636f6d2e766e820b2a2e676f6f676c652e6465820b2a2e676f6f676c652e6573820b2a2e676f6f676c652e6672820b2a2e676f6f676c652e6875820b2a2e676f6f676c652e6974820b2a2e676f6f676c652e6e6c820b2a2e676f6f676c652e706c820b2a2e676f6f676c652e707482122a2e676f6f676c656164617069732e636f6d820f2a2e676f6f676c65617069732e636e82112a2e676f6f676c65636e617070732e636e82142a2e676f6f676c65636f6d6d657263652e636f6d82112a2e676f6f676c65766964656f2e636f6d820c2a2e677374617469632e636e820d2a2e677374617469632e636f6d82122a2e67737461746963636e617070732e636e820a2a2e677674312e636f6d820a2a2e677674322e636f6d82142a2e6d65747269632e677374617469632e636f6d820c2a2e75726368696e2e636f6d82102a2e75726c2e676f6f676c652e636f6d82132a2e776561722e676b65636e617070732e636e82162a2e796f75747562652d6e6f636f6f6b69652e636f6d820d2a2e796f75747562652e636f6d82162a2e796f7574756265656475636174696f6e2e636f6d82112a2e796f75747562656b6964732e636f6d82072a2e79742e6265820b2a2e7974696d672e636f6d821a616e64726f69642e636c69656e74732e676f6f676c652e636f6d820b616e64726f69642e636f6d821b646576656c6f7065722e616e64726f69642e676f6f676c652e636e821c646576656c6f706572732e616e64726f69642e676f6f676c652e636e8204672e636f820867677068742e636e820c676b65636e617070732e636e8206676f6f2e676c8214676f6f676c652d616e616c79746963732e636f6d820a676f6f676c652e636f6d820f676f6f676c65636e617070732e636e8212676f6f676c65636f6d6d657263652e636f6d8218736f757263652e616e64726f69642e676f6f676c652e636e820a75726368696e2e636f6d820a7777772e676f6f2e676c8208796f7574752e6265820b796f75747562652e636f6d8214796f7574756265656475636174696f6e2e636f6d820f796f75747562656b6964732e636f6d820579742e626530210603551d20041a30183008060667810c010202300c060a2b06010401d67902050330330603551d1f042c302a3028a026a0248622687474703a2f2f63726c2e706b692e676f6f672f475453314f31636f72652e63726c30820104060a2b06010401d6790204020481f50481f200f0007700f65c942fd1773022145418083094568ee34d131933bfdf0c2f200bcc4ef164e3000001757037f6230000040300483046022100aac1f73dd8213ad0f7cacfb97830908dd1bf945331fde26b369992cd52731ef1022100bcaa58c50418f910ac3aab1b9f4963c86a8abe79a4ce751ad9489008ae8db433007500eec095ee8d72640f92e3c3b91bc712a3696a097b4b6a1a1438e647b2cbedc5f9000001757037f675000004030046304402203534f394062ad3c22a3ee6b4fc4515824331e758179dbc003d1b30714858e7a802206b2f82038e90b0b1497a50adfa02edabc14c72a68f29ef8beebcdeb3aa79c5f9300d06092a864886f70d01010b05000382010100483bacd4bcba6181eaae86db235942cf84c89dd91ec973525eb46a0582b6fad7ef02124c94521e5d92272a4f87f82a23804adacc08f9da02f7f9b4a25f7d3c819a215b9b8f9308b943b0cd6c9121ecb6f9bd6491c20ec8c149fd171a5c13d17cf6bf1b7cfb2031016637d0daa2ce2f419d498abfdde0eb200c0586068789cbbaea3dd6b9e9e6ba124c6c4e9bf00c5bc79df57f91b849a6a8340883b5d2e1a3b00f86b7c56b34ef740a80ebce142c4973241934a5f257b406e4d2159ae0c27a70a88e8e3036b40611234fa7ece6dff1a5ed0dbc118a361879f0f26b6497cc17b36e2750c92ac0e64db12e5a2ac4142a5ca135ef6ea90f82c20a0eb4b4ed1a31d1"
    );
-const CLIENT_TRANSCRIPT_HASH: [u8; 32] = [37, 135, 142, 217, 184, 116, 6, 86, 229, 163, 82, 51, 108, 168, 135, 99, 87, 101, 215, 44, 94, 5, 177, 160, 153, 125, 39, 51, 148, 67, 140, 70];
+const CLIENT_TRANSCRIPT_HASH: [u8; 32] = [
    5, 239, 110, 246, 212, 104, 147, 254, 10, 254, 220, 186, 72, 150, 231, 253, 175, 122, 37, 139, 210, 236, 93, 228, 182, 78, 233, 143, 251, 57, 188, 36
 ];
-const CLIENT_PUBLIC_KEY: [u8; 0x010E] =
+// const CLIENT_PUBLIC_KEY: [u8; 0x010E] =
 //     hex_literal::hex!(
 //         "3082010a0282010100c24c615adad1640c2e39e295c460f2c795370cfb21cca519f9e6baf15645ca0b256ef8f318491baab9dc7196360b393bc35320354887d6cc822cf6e9d2eacc7fecf8d8e73f0f09bf131a5919e9e9c81e2aecf06d55be1720290853d4f1086b3e103d54d2b454d7c32abce433f6115d267bba246f68847463dfd1d6be904eb18d56885565d6fcf8a60386fc73b5450777e00485ae94d22096afc458d7fbd7c469dd861cab7b914715e093c4f1cc399e5a53010c2b65d5cc3d60fccc2cc5d8b3faa5fefaab551f1de1a93a19a15be9adb3a5c96d2e525a9f696174e6e772857e536b462a61c69a87710b74172c4b318f4842e7d27f7b6e0cbf3f983e3564ab80070203010001"
 //     );
 // const CLIENT_SIGNATURE: [u8; 256] =
 //     hex_literal::hex!(
 //         "954ced7ddc8fdccbaeb83ee9b3a26a01c37cc74bfcb82b3b181c28ae06588f763cfc491b6869b74968fd7ae017360d8eeaa5bfb69d9c0e3524f14790422f7ccbc9a609880800c5076d6383865cd47986eff4d379bf554b86963ce4bc4706262f48932fd5fa16e73149c1c960f19f5e8d1a8dc5898a9e2de5c0d79a8a0017349f379d23683eec83a07f01c3b83cb4d0f66ae0672efc9723bed0296a82046232dc533988a253bd2b109074172735bad06b98c3863033d2d11ea2d0efc7a3db52c94d2e452882e87559a0e9036768dbc380189b89323294a03ef229943be3fa17095c5a220386c695cf279bc88ff1b017897cbcb231658937eef82adb9a17479429"
 //     );
 // const CLIENT_PRIVATE_KEY_MOD: &'static [u8] = &[
 //     0x00, 0xc2, 0x4c, 0x61, 0x5a, 0xda, 0xd1, 0x64, 0x0c, 0x2e, 0x39, 0xe2, 0x95, 0xc4, 0x60, 0xf2, 0xc7, 0x95, 0x37, 0x0c, 0xfb, 0x21, 0xcc, 0xa5, 0x19, 0xf9, 0xe6, 0xba, 0xf1, 0x56, 0x45, 0xca, 0x0b, 0x25, 0x6e, 0xf8, 0xf3, 0x18, 0x49, 0x1b, 0xaa, 0xb9, 0xdc, 0x71, 0x96, 0x36, 0x0b, 0x39, 0x3b, 0xc3, 0x53, 0x20, 0x35, 0x48, 0x87, 0xd6, 0xcc, 0x82, 0x2c, 0xf6, 0xe9, 0xd2, 0xea, 0xcc, 0x7f, 0xec, 0xf8, 0xd8, 0xe7, 0x3f, 0x0f, 0x09, 0xbf, 0x13, 0x1a, 0x59, 0x19, 0xe9, 0xe9, 0xc8, 0x1e, 0x2a, 0xec, 0xf0, 0x6d, 0x55, 0xbe, 0x17, 0x20, 0x29, 0x08, 0x53, 0xd4, 0xf1, 0x08, 0x6b, 0x3e, 0x10, 0x3d, 0x54, 0xd2, 0xb4, 0x54, 0xd7, 0xc3, 0x2a, 0xbc, 0xe4, 0x33, 0xf6, 0x11, 0x5d, 0x26, 0x7b, 0xba, 0x24, 0x6f, 0x68, 0x84, 0x74, 0x63, 0xdf, 0xd1, 0xd6, 0xbe, 0x90, 0x4e, 0xb1, 0x8d, 0x56, 0x88, 0x55, 0x65, 0xd6, 0xfc, 0xf8, 0xa6, 0x03, 0x86, 0xfc, 0x73, 0xb5, 0x45, 0x07, 0x77, 0xe0, 0x04, 0x85, 0xae, 0x94, 0xd2, 0x20, 0x96, 0xaf, 0xc4, 0x58, 0xd7, 0xfb, 0xd7, 0xc4, 0x69, 0xdd, 0x86, 0x1c, 0xab, 0x7b, 0x91, 0x47, 0x15, 0xe0, 0x93, 0xc4, 0xf1, 0xcc, 0x39, 0x9e, 0x5a, 0x53, 0x01, 0x0c, 0x2b, 0x65, 0xd5, 0xcc, 0x3d, 0x60, 0xfc, 0xcc, 0x2c, 0xc5, 0xd8, 0xb3, 0xfa, 0xa5, 0xfe, 0xfa, 0xab, 0x55, 0x1f, 0x1d, 0xe1, 0xa9, 0x3a, 0x19, 0xa1, 0x5b, 0xe9, 0xad, 0xb3, 0xa5, 0xc9, 0x6d, 0x2e, 0x52, 0x5a, 0x9f, 0x69, 0x61, 0x74, 0xe6, 0xe7, 0x72, 0x85, 0x7e, 0x53, 0x6b, 0x46, 0x2a, 0x61, 0xc6, 0x9a, 0x87, 0x71, 0x0b, 0x74, 0x17, 0x2c, 0x4b, 0x31, 0x8f, 0x48, 0x42, 0xe7, 0xd2, 0x7f, 0x7b, 0x6e, 0x0c, 0xbf, 0x3f, 0x98, 0x3e, 0x35, 0x64, 0xab, 0x80, 0x07
 // ];
 // const CLIENT_PRIVATE_KEY_EXP: &'static [u8] = &[0x01, 0x00, 0x01];
 // const CLIENT_PRIVATE_KEY_PMOD: &'static [u8] = &[
 //     0x61, 0x95, 0x60, 0xf3, 0xf3, 0xa0, 0x64, 0xa2, 0x25, 0x79, 0x57, 0x0e, 0xa7, 0x21, 0x95, 0xed, 0x9d, 0x48, 0x97, 0xd1, 0x6d, 0x49, 0x4d, 0xc6, 0x7d, 0x17, 0x5f, 0xde, 0xa3, 0xd8, 0xcb, 0x3f, 0xcb, 0xde, 0x2f, 0x54, 0x50, 0x67, 0x2f, 0x69, 0x10, 0x8d, 0xe1, 0xd2, 0x72, 0x74, 0x32, 0x9b, 0x8c, 0x5f, 0x2c, 0x76, 0xf6, 0x65, 0x9b, 0x00, 0xfd, 0x84, 0x3d, 0xc2, 0x73, 0xf7, 0x0f, 0x1c, 0x54, 0xd5, 0x2a, 0x83, 0x01, 0xcd, 0xb8, 0xb4, 0x69, 0x90, 0xbb, 0x1d, 0x63, 0xb8, 0xd1, 0x94, 0x2d, 0x34, 0xf1, 0x0f, 0xc8, 0x97, 0x7f, 0x1f, 0xdc, 0xdb, 0xdc, 0xd6, 0xbe, 0xf3, 0xde, 0x80, 0xbe, 0x41, 0x3f, 0x5f, 0xcf, 0xc8, 0x28, 0xd1, 0x51, 0x9e, 0xaa, 0xf2, 0x59, 0xec, 0xa0, 0x9f, 0x1a, 0x57, 0x03, 0xc3, 0x9c, 0x77, 0xa1, 0xc9, 0x23, 0x79, 0x4d, 0x64, 0x4a, 0x2f, 0xeb, 0xc5, 0xd3, 0x38, 0x2c, 0x6d, 0xf6, 0xa6, 0xa9, 0xe7, 0x0a, 0x79, 0x05, 0xfa, 0x2a, 0x85, 0xc5, 0x9d, 0xf4, 0x91, 0xef, 0x34, 0xad, 0xb5, 0x64, 0xc5, 0x75, 0x8a, 0x36, 0x8f, 0x95, 0x25, 0xe9, 0x71, 0x0d, 0xa8, 0xe1, 0xea, 0xc3, 0xb4, 0xaa, 0xe7, 0x54, 0x54, 0xef, 0x72, 0x12, 0xa5, 0x14, 0x27, 0xec, 0x70, 0x12, 0x14, 0xdf, 0x65, 0xb3, 0xf5, 0xbc, 0x91, 0xe1, 0x36, 0x31, 0x1a, 0xdf, 0x7d, 0x58, 0x05, 0xb6, 0xe3, 0x48, 0xf2, 0x42, 0x89, 0x25, 0x29, 0x42, 0x0b, 0x5d, 0x8d, 0x0b, 0x76, 0x28, 0x0f, 0xaf, 0x56, 0x22, 0x94, 0x12, 0x8f, 0x76, 0x91, 0x49, 0xa6, 0xa4, 0xe3, 0x54, 0x17, 0x9e, 0xeb, 0xa6, 0x1b, 0xe5, 0x97, 0xde, 0x4e, 0x29, 0x8d, 0x7d, 0x5c, 0x18, 0x34, 0x29, 0x21, 0xd2, 0x7d, 0x14, 0x0b, 0xa1, 0x49, 0xb5, 0xe0, 0xc6, 0x30, 0x31, 0x80, 0xdc, 0x6a, 0x59, 0xb9
 // ];
 // const CLIENT_PRIME_1: &'static [u8] = &[
 //     0x00, 0xec, 0xe1, 0x6f, 0x5d, 0x7a, 0xed, 0x7b, 0x1a, 0xac, 0xce, 0x02, 0x91, 0xb4, 0x07, 0xcf, 0xc4, 0x2b, 0xcf, 0x2a, 0x37, 0x59, 0x43, 0x46, 0x1a, 0x55, 0xc2, 0x13, 0x89, 0x3c, 0xd5, 0xd6, 0xef, 0xed, 0x12, 0x9f, 0xc3, 0x36, 0x95, 0xd2, 0x6e, 0xf7, 0xca, 0x62, 0x9c, 0x71, 0x3d, 0x78, 0x3a, 0x4c, 0xe2, 0x5d, 0x07, 0x6e, 0x67, 0x53, 0xc3, 0xe7, 0x02, 0x58, 0x34, 0x25, 0xab, 0x67, 0xd4, 0x35, 0x92, 0x26, 0x4a, 0x3f, 0x1b, 0xc4, 0x43, 0xcd, 0x71, 0x3a, 0x8f, 0x9a, 0x2e, 0x44, 0xf6, 0x5a, 0x40, 0xf8, 0x32, 0x11, 0x39, 0xd4, 0x31, 0x35, 0xa1, 0xd7, 0x2d, 0x5d, 0xa5, 0xed, 0x24, 0x53, 0x32, 0xce, 0xb6, 0xb6, 0x12, 0xc6, 0xeb, 0xfd, 0x5b, 0x86, 0x21, 0xf7, 0xaf, 0x2e, 0x29, 0xb0, 0xed, 0x4d, 0x71, 0x3e, 0x82, 0x28, 0x74, 0xd5, 0x64, 0x59, 0xba, 0xa6, 0x59, 0xd7, 0x9b
 // ];
 // const CLIENT_PRIME_2: &'static [u8] = &[
 //     0x00, 0xd1, 0xfb, 0x16, 0x0c, 0xf0, 0xa3, 0x9a, 0x56, 0xdc, 0x3d, 0x82, 0xc6, 0x69, 0xed, 0x1d, 0x6a, 0x6f, 0xf9, 0xf0, 0x27, 0x3f, 0x96, 0x15, 0x39, 0x30, 0x84, 0x93, 0x75, 0x67, 0x31, 0xc9, 0x55, 0x84, 0x14, 0x13, 0x54, 0x39, 0xc1, 0x7c, 0x02, 0x77, 0x2b, 0x56, 0x49, 0x2c, 0xca, 0xe5, 0x16, 0xb5, 0xa1, 0x22, 0x49, 0xd6, 0xfa, 0x96, 0xd7, 0xb8, 0xaf, 0x34, 0xd3, 0x00, 0xc0, 0x42, 0x2f, 0x73, 0x0d, 0xb1, 0xd0, 0xc8, 0x11, 0xc6, 0x16, 0x79, 0xde, 0x83, 0xcd, 0x53, 0x21, 0x9b, 0x58, 0xc5, 0xee, 0x35, 0x55, 0xb6, 0x8f, 0x83, 0xc9, 0x23, 0x15, 0x98, 0xe0, 0xb5, 0x6f, 0x3a, 0x3d, 0x0c, 0x06, 0xa8, 0x32, 0x16, 0x0f, 0xde, 0x66, 0xad, 0x44, 0x76, 0xcd, 0x4a, 0x7a, 0x3d, 0xcb, 0x2c, 0x83, 0x3e, 0xf7, 0x50, 0x94, 0xa2, 0x2b, 0x61, 0xb5, 0xb6, 0x02, 0x01, 0x24, 0x7e, 0x05
 // ];
 const ECDSA_SECRET_KEY: &'static [u8] = &[
    0xea, 0x5e, 0x74, 0xf3, 0xc3, 0x67, 0x11, 0x10, 0x00, 0x20, 0x3d, 0xc8, 0x92, 0xcd, 0x7a, 0x8a, 0x08, 0x44, 0x70, 0x9d, 0x1c, 0x3c, 0xab, 0xf0, 0x93, 0x3c, 0x3e, 0x86, 0xf0, 0x0e, 0x7d, 0xcd
 ];
 const ECDSA_CERT: [u8; 0x222] =
    hex_literal::hex!(
-        "3082010a0282010100c24c615adad1640c2e39e295c460f2c795370cfb21cca519f9e6baf15645ca0b256ef8f318491baab9dc7196360b393bc35320354887d6cc822cf6e9d2eacc7fecf8d8e73f0f09bf131a5919e9e9c81e2aecf06d55be1720290853d4f1086b3e103d54d2b454d7c32abce433f6115d267bba246f68847463dfd1d6be904eb18d56885565d6fcf8a60386fc73b5450777e00485ae94d22096afc458d7fbd7c469dd861cab7b914715e093c4f1cc399e5a53010c2b65d5cc3d60fccc2cc5d8b3faa5fefaab551f1de1a93a19a15be9adb3a5c96d2e525a9f696174e6e772857e536b462a61c69a87710b74172c4b318f4842e7d27f7b6e0cbf3f983e3564ab80070203010001"
+        "3082021e308201c3a00302010202146b18959728cd6e0ea7e3c88fa3c29e2d4cf99c53300a06082a8648ce3d0403023064310b3009060355040613025345310b300906035504080c025256310b300906035504070c024552310b3009060355040a0c024345310b3009060355040b0c025254310b300906035504030c0249463114301206092a864886f70d01090116056963616e74301e170d3230313132303032333731365a170d3231313132303032333731365a3064310b3009060355040613025345310b300906035504080c025256310b300906035504070c024552310b3009060355040a0c024345310b3009060355040b0c025254310b300906035504030c0249463114301206092a864886f70d01090116056963616e743059301306072a8648ce3d020106082a8648ce3d03010703420004742011a6c8a16fe55fa1cad99cf72aed1e18929600d53dd76fd2a0d6a998f1095db1e3acde327d1263d7c43e2be4c836d142c81d8db3126a66c27356a5a0ab40a3533051301d0603551d0e04160414a8fc25f0f59cdf827a1b0cade3dd5b17f109d115301f0603551d23041830168014a8fc25f0f59cdf827a1b0cade3dd5b17f109d115300f0603551d130101ff040530030101ff300a06082a8648ce3d0403020349003046022100a6f72139e2340f026b1bb22a0c9711bcd1dd39cc3e863fb866c6464a5a62eddd022100a19cb4884563818501574bf637e682b7c971d717fa6b00bcb75b9f05eb44e805"
    );
-const CLIENT_SIGNATURE: [u8; 256] =
+const ED25519_SECRET_KEY: [u8; 32] = 
    hex_literal::hex!(
-        "954ced7ddc8fdccbaeb83ee9b3a26a01c37cc74bfcb82b3b181c28ae06588f763cfc491b6869b74968fd7ae017360d8eeaa5bfb69d9c0e3524f14790422f7ccbc9a609880800c5076d6383865cd47986eff4d379bf554b86963ce4bc4706262f48932fd5fa16e73149c1c960f19f5e8d1a8dc5898a9e2de5c0d79a8a0017349f379d23683eec83a07f01c3b83cb4d0f66ae0672efc9723bed0296a82046232dc533988a253bd2b109074172735bad06b98c3863033d2d11ea2d0efc7a3db52c94d2e452882e87559a0e9036768dbc380189b89323294a03ef229943be3fa17095c5a220386c695cf279bc88ff1b017897cbcb231658937eef82adb9a17479429"
+        "352e033b544cd58930fd154e1e8cf8711ed18a4f637afabe05521f474f7ffa21"
    );
-const CLIENT_PRIVATE_KEY_MOD: &'static [u8] = &[
+const ED25519_CERT: [u8; 0x01c7] = [
-    0x00, 0xc2, 0x4c, 0x61, 0x5a, 0xda, 0xd1, 0x64, 0x0c, 0x2e, 0x39, 0xe2, 0x95, 0xc4, 0x60, 0xf2, 0xc7, 0x95, 0x37, 0x0c, 0xfb, 0x21, 0xcc, 0xa5, 0x19, 0xf9, 0xe6, 0xba, 0xf1, 0x56, 0x45, 0xca, 0x0b, 0x25, 0x6e, 0xf8, 0xf3, 0x18, 0x49, 0x1b, 0xaa, 0xb9, 0xdc, 0x71, 0x96, 0x36, 0x0b, 0x39, 0x3b, 0xc3, 0x53, 0x20, 0x35, 0x48, 0x87, 0xd6, 0xcc, 0x82, 0x2c, 0xf6, 0xe9, 0xd2, 0xea, 0xcc, 0x7f, 0xec, 0xf8, 0xd8, 0xe7, 0x3f, 0x0f, 0x09, 0xbf, 0x13, 0x1a, 0x59, 0x19, 0xe9, 0xe9, 0xc8, 0x1e, 0x2a, 0xec, 0xf0, 0x6d, 0x55, 0xbe, 0x17, 0x20, 0x29, 0x08, 0x53, 0xd4, 0xf1, 0x08, 0x6b, 0x3e, 0x10, 0x3d, 0x54, 0xd2, 0xb4, 0x54, 0xd7, 0xc3, 0x2a, 0xbc, 0xe4, 0x33, 0xf6, 0x11, 0x5d, 0x26, 0x7b, 0xba, 0x24, 0x6f, 0x68, 0x84, 0x74, 0x63, 0xdf, 0xd1, 0xd6, 0xbe, 0x90, 0x4e, 0xb1, 0x8d, 0x56, 0x88, 0x55, 0x65, 0xd6, 0xfc, 0xf8, 0xa6, 0x03, 0x86, 0xfc, 0x73, 0xb5, 0x45, 0x07, 0x77, 0xe0, 0x04, 0x85, 0xae, 0x94, 0xd2, 0x20, 0x96, 0xaf, 0xc4, 0x58, 0xd7, 0xfb, 0xd7, 0xc4, 0x69, 0xdd, 0x86, 0x1c, 0xab, 0x7b, 0x91, 0x47, 0x15, 0xe0, 0x93, 0xc4, 0xf1, 0xcc, 0x39, 0x9e, 0x5a, 0x53, 0x01, 0x0c, 0x2b, 0x65, 0xd5, 0xcc, 0x3d, 0x60, 0xfc, 0xcc, 0x2c, 0xc5, 0xd8, 0xb3, 0xfa, 0xa5, 0xfe, 0xfa, 0xab, 0x55, 0x1f, 0x1d, 0xe1, 0xa9, 0x3a, 0x19, 0xa1, 0x5b, 0xe9, 0xad, 0xb3, 0xa5, 0xc9, 0x6d, 0x2e, 0x52, 0x5a, 0x9f, 0x69, 0x61, 0x74, 0xe6, 0xe7, 0x72, 0x85, 0x7e, 0x53, 0x6b, 0x46, 0x2a, 0x61, 0xc6, 0x9a, 0x87, 0x71, 0x0b, 0x74, 0x17, 0x2c, 0x4b, 0x31, 0x8f, 0x48, 0x42, 0xe7, 0xd2, 0x7f, 0x7b, 0x6e, 0x0c, 0xbf, 0x3f, 0x98, 0x3e, 0x35, 0x64, 0xab, 0x80, 0x07
+    0x30, 0x82, 0x01, 0xc3, 0x30, 0x82, 0x01, 0x75, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x7d, 0x0d, 0x16, 0xcc, 0x44, 0x3e, 0xd7, 0x1d, 0x67, 0xc6, 0xa3, 0x42, 0x38, 0xd8, 0x38, 0xcd, 0x34, 0xe9, 0x96, 0x28, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x30, 0x57, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x02, 0x49, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x02, 0x4e, 0x54, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x02, 0x43, 0x45, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x04, 0x52, 0x54, 0x49, 0x46, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09, 0x69, 0x63, 0x61, 0x74, 0x65, 0x2e, 0x6e, 0x65, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x30, 0x31, 0x31, 0x32, 0x30, 0x30, 0x34, 0x32, 0x33, 0x34, 0x34, 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x31, 0x31, 0x32, 0x30, 0x30, 0x34, 0x32, 0x33, 0x34, 0x34, 0x5a, 0x30, 0x57, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x02, 0x49, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x02, 0x4e, 0x54, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x02, 0x43, 0x45, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x04, 0x52, 0x54, 0x49, 0x46, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09, 0x69, 0x63, 0x61, 0x74, 0x65, 0x2e, 0x6e, 0x65, 0x74, 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00, 0xdc, 0x3a, 0xe2, 0xdd, 0xf4, 0x06, 0x5e, 0x99, 0x3f, 0x18, 0x4c, 0x35, 0x68, 0x7e, 0xf6, 0x21, 0x3b, 0x20, 0xe4, 0x7e, 0x7f, 0x55, 0x56, 0x2c, 0xa5, 0xcb, 0xfe, 0x2b, 0x33, 0x0a, 0x28, 0xc5, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x63, 0xc3, 0xa0, 0xaf, 0xc6, 0xb6, 0xe4, 0xb3, 0x17, 0x01, 0x65, 0x96, 0x80, 0xfd, 0xf8, 0x24, 0x72, 0xbc, 0xf6, 0x48, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x63, 0xc3, 0xa0, 0xaf, 0xc6, 0xb6, 0xe4, 0xb3, 0x17, 0x01, 0x65, 0x96, 0x80, 0xfd, 0xf8, 0x24, 0x72, 0xbc, 0xf6, 0x48, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x41, 0x00, 0xd8, 0x4f, 0x75, 0x3e, 0x8a, 0x67, 0xec, 0x27, 0x0f, 0xa1, 0xb6, 0xb8, 0x7a, 0x01, 0x69, 0x6b, 0xa8, 0x5f, 0xad, 0xaa, 0x50, 0xc4, 0x6c, 0x7f, 0xe4, 0x7c, 0x1b, 0x61, 0x15, 0xd7, 0xa5, 0xf9, 0x63, 0xf5, 0xc5, 0x2f, 0xb1, 0xa7, 0x96, 0x9a, 0x0d, 0x21, 0x02, 0x50, 0x4f, 0xc6, 0x65, 0xe5, 0x83, 0x4b, 0x49, 0x9c, 0x3f, 0x3a, 0xc2, 0xbd, 0x85, 0xe0, 0x57, 0x44, 0x47, 0x44, 0xe4, 0x0d
 ];
 const CLIENT_PRIVATE_KEY_EXP: &'static [u8] = &[0x01, 0x00, 0x01];
 const CLIENT_PRIVATE_KEY_PMOD: &'static [u8] = &[
    0x61, 0x95, 0x60, 0xf3, 0xf3, 0xa0, 0x64, 0xa2, 0x25, 0x79, 0x57, 0x0e, 0xa7, 0x21, 0x95, 0xed, 0x9d, 0x48, 0x97, 0xd1, 0x6d, 0x49, 0x4d, 0xc6, 0x7d, 0x17, 0x5f, 0xde, 0xa3, 0xd8, 0xcb, 0x3f, 0xcb, 0xde, 0x2f, 0x54, 0x50, 0x67, 0x2f, 0x69, 0x10, 0x8d, 0xe1, 0xd2, 0x72, 0x74, 0x32, 0x9b, 0x8c, 0x5f, 0x2c, 0x76, 0xf6, 0x65, 0x9b, 0x00, 0xfd, 0x84, 0x3d, 0xc2, 0x73, 0xf7, 0x0f, 0x1c, 0x54, 0xd5, 0x2a, 0x83, 0x01, 0xcd, 0xb8, 0xb4, 0x69, 0x90, 0xbb, 0x1d, 0x63, 0xb8, 0xd1, 0x94, 0x2d, 0x34, 0xf1, 0x0f, 0xc8, 0x97, 0x7f, 0x1f, 0xdc, 0xdb, 0xdc, 0xd6, 0xbe, 0xf3, 0xde, 0x80, 0xbe, 0x41, 0x3f, 0x5f, 0xcf, 0xc8, 0x28, 0xd1, 0x51, 0x9e, 0xaa, 0xf2, 0x59, 0xec, 0xa0, 0x9f, 0x1a, 0x57, 0x03, 0xc3, 0x9c, 0x77, 0xa1, 0xc9, 0x23, 0x79, 0x4d, 0x64, 0x4a, 0x2f, 0xeb, 0xc5, 0xd3, 0x38, 0x2c, 0x6d, 0xf6, 0xa6, 0xa9, 0xe7, 0x0a, 0x79, 0x05, 0xfa, 0x2a, 0x85, 0xc5, 0x9d, 0xf4, 0x91, 0xef, 0x34, 0xad, 0xb5, 0x64, 0xc5, 0x75, 0x8a, 0x36, 0x8f, 0x95, 0x25, 0xe9, 0x71, 0x0d, 0xa8, 0xe1, 0xea, 0xc3, 0xb4, 0xaa, 0xe7, 0x54, 0x54, 0xef, 0x72, 0x12, 0xa5, 0x14, 0x27, 0xec, 0x70, 0x12, 0x14, 0xdf, 0x65, 0xb3, 0xf5, 0xbc, 0x91, 0xe1, 0x36, 0x31, 0x1a, 0xdf, 0x7d, 0x58, 0x05, 0xb6, 0xe3, 0x48, 0xf2, 0x42, 0x89, 0x25, 0x29, 0x42, 0x0b, 0x5d, 0x8d, 0x0b, 0x76, 0x28, 0x0f, 0xaf, 0x56, 0x22, 0x94, 0x12, 0x8f, 0x76, 0x91, 0x49, 0xa6, 0xa4, 0xe3, 0x54, 0x17, 0x9e, 0xeb, 0xa6, 0x1b, 0xe5, 0x97, 0xde, 0x4e, 0x29, 0x8d, 0x7d, 0x5c, 0x18, 0x34, 0x29, 0x21, 0xd2, 0x7d, 0x14, 0x0b, 0xa1, 0x49, 0xb5, 0xe0, 0xc6, 0x30, 0x31, 0x80, 0xdc, 0x6a, 0x59, 0xb9
 ];
 const CLIENT_PRIME_1: &'static [u8] = &[
    0x00, 0xec, 0xe1, 0x6f, 0x5d, 0x7a, 0xed, 0x7b, 0x1a, 0xac, 0xce, 0x02, 0x91, 0xb4, 0x07, 0xcf, 0xc4, 0x2b, 0xcf, 0x2a, 0x37, 0x59, 0x43, 0x46, 0x1a, 0x55, 0xc2, 0x13, 0x89, 0x3c, 0xd5, 0xd6, 0xef, 0xed, 0x12, 0x9f, 0xc3, 0x36, 0x95, 0xd2, 0x6e, 0xf7, 0xca, 0x62, 0x9c, 0x71, 0x3d, 0x78, 0x3a, 0x4c, 0xe2, 0x5d, 0x07, 0x6e, 0x67, 0x53, 0xc3, 0xe7, 0x02, 0x58, 0x34, 0x25, 0xab, 0x67, 0xd4, 0x35, 0x92, 0x26, 0x4a, 0x3f, 0x1b, 0xc4, 0x43, 0xcd, 0x71, 0x3a, 0x8f, 0x9a, 0x2e, 0x44, 0xf6, 0x5a, 0x40, 0xf8, 0x32, 0x11, 0x39, 0xd4, 0x31, 0x35, 0xa1, 0xd7, 0x2d, 0x5d, 0xa5, 0xed, 0x24, 0x53, 0x32, 0xce, 0xb6, 0xb6, 0x12, 0xc6, 0xeb, 0xfd, 0x5b, 0x86, 0x21, 0xf7, 0xaf, 0x2e, 0x29, 0xb0, 0xed, 0x4d, 0x71, 0x3e, 0x82, 0x28, 0x74, 0xd5, 0x64, 0x59, 0xba, 0xa6, 0x59, 0xd7, 0x9b
 ];
 const CLIENT_PRIME_2: &'static [u8] = &[
    0x00, 0xd1, 0xfb, 0x16, 0x0c, 0xf0, 0xa3, 0x9a, 0x56, 0xdc, 0x3d, 0x82, 0xc6, 0x69, 0xed, 0x1d, 0x6a, 0x6f, 0xf9, 0xf0, 0x27, 0x3f, 0x96, 0x15, 0x39, 0x30, 0x84, 0x93, 0x75, 0x67, 0x31, 0xc9, 0x55, 0x84, 0x14, 0x13, 0x54, 0x39, 0xc1, 0x7c, 0x02, 0x77, 0x2b, 0x56, 0x49, 0x2c, 0xca, 0xe5, 0x16, 0xb5, 0xa1, 0x22, 0x49, 0xd6, 0xfa, 0x96, 0xd7, 0xb8, 0xaf, 0x34, 0xd3, 0x00, 0xc0, 0x42, 0x2f, 0x73, 0x0d, 0xb1, 0xd0, 0xc8, 0x11, 0xc6, 0x16, 0x79, 0xde, 0x83, 0xcd, 0x53, 0x21, 0x9b, 0x58, 0xc5, 0xee, 0x35, 0x55, 0xb6, 0x8f, 0x83, 0xc9, 0x23, 0x15, 0x98, 0xe0, 0xb5, 0x6f, 0x3a, 0x3d, 0x0c, 0x06, 0xa8, 0x32, 0x16, 0x0f, 0xde, 0x66, 0xad, 0x44, 0x76, 0xcd, 0x4a, 0x7a, 0x3d, 0xcb, 0x2c, 0x83, 0x3e, 0xf7, 0x50, 0x94, 0xa2, 0x2b, 0x61, 0xb5, 0xb6, 0x02, 0x01, 0x24, 0x7e, 0x05
 ];
 const ED25519_SERVER_CERT: [u8; 0x1eb] =
    hex_literal::hex!(
        "308201e730820199a0030201020214177072ca219b9b453f4cd2095142ef88569022ac300506032b65703069310b3009060355040613025345310b300906035504080c025256310b300906035504070c024552310d300b060355040a0c04434552543110300e060355040b0c0749464943415445311f301d06035504030c1678656432353531392e746573742e636572742e70656d301e170d3230313132303034333330385a170d3231313132303034333330385a3069310b3009060355040613025345310b300906035504080c025256310b300906035504070c024552310d300b060355040a0c04434552543110300e060355040b0c0749464943415445311f301d06035504030c1678656432353531392e746573742e636572742e70656d302a300506032b65700321005cc3542eceecf9379348f5c4e18aa29b6e92547b0e35730857c1ce8508a043e0a3533051301d0603551d0e04160414c8bbbe74e4e3a76d757f31696518ced30cabc474301f0603551d23041830168014c8bbbe74e4e3a76d757f31696518ced30cabc474300f0603551d130101ff040530030101ff300506032b6570034100312c6935aab53c87cef4505a2051c5b86d6e11539fffc51d2e9c7807db626186f22f13eca0a5cf7f3e41e40e07b14a11ed39ba04af80adcaf69a7444ae8f1304"
    );
 const ED25519_SERVER_PUBLIC_KEY: [u8; 32] =
    hex_literal::hex!(
        "5cc3542eceecf9379348f5c4e18aa29b6e92547b0e35730857c1ce8508a043e0"
    );
 const ED25519_SIGNATURE: [u8; 64] =
    hex_literal::hex!(
        "e9988fcc188fbe85a66929634badb47c5b765c3c6087a7e44b41efda1fdcd0baf67ded6159a5af6d396ca59439de8907160fc729a42ed50e69a3f54abe6dad0c"
    );
--- a/src/parse.rs
+++ b/src/parse.rs
@ -7,10 +7,8 @@ use nom::combinator::opt;
 use nom::sequence::preceded;
 use nom::sequence::tuple;
 use nom::error::ErrorKind;
 use nom::character::complete::digit0;
 use nom::character::is_digit;
-use chrono::{DateTime, FixedOffset, TimeZone};
+use chrono::{DateTime, FixedOffset};
 use heapless::{String, consts::*};
 use byteorder::{ByteOrder, NetworkEndian};
@ -21,7 +19,6 @@ use crate::certificate::{
    Certificate                 as Asn1DerCertificate,
    Version                     as Asn1DerVersion,
    AlgorithmIdentifier         as Asn1DerAlgId,
    Time                        as Asn1DerTime,
    Validity                    as Asn1DerValidity,
    SubjectPublicKeyInfo        as Asn1DerSubjectPublicKeyInfo,
    Extensions                  as Asn1DerExtensions,
@ -71,7 +68,7 @@ pub(crate) fn parse_tls_repr(bytes: &[u8]) -> IResult<&[u8], (&[u8], TlsRepr)> {
        use crate::tls_packet::TlsContentType::*;
        match repr.content_type {
            Handshake => {
-                let (rest, handshake) = complete(
+                let (_, handshake) = complete(
                    parse_handshake
                )(bytes)?;
                repr.handshake = Some(handshake);
--- a/src/session.rs
+++ b/src/session.rs
@ -512,7 +512,7 @@ impl<'a> Session<'a> {
        // Determine the supplied client certificate indeed has an
        // acceptable signature algorithm
        let mut private_key_algorithm_acceptable = false;
-        if let Some((private_key, cert)) = &self.cert_private_key {
+        if let Some((private_key, _cert)) = &self.cert_private_key {
            if let CertificatePrivateKey::RSA {..} = private_key {
                for sig_alg in signature_algorithms.iter() {
                    use crate::tls_packet::SignatureScheme::*;
@ -1412,6 +1412,7 @@ impl<'a> Session<'a> {
                self.server_application_nonce.as_ref().unwrap(),
                self.server_application_cipher.as_ref().unwrap()
            )},
            TlsRole::Unknown => unreachable!()
        };
        // Calculate XOR'ed nonce
@ -1443,6 +1444,7 @@ impl<'a> Session<'a> {
                self.server_handshake_nonce.as_ref().unwrap(),
                self.server_handshake_cipher.as_ref().unwrap()
            )},
            TlsRole::Unknown => unreachable!()
        };
        // Calculate XOR'ed nonce
@ -1474,6 +1476,7 @@ impl<'a> Session<'a> {
                self.server_handshake_nonce.as_ref().unwrap(),
                self.server_handshake_cipher.as_ref().unwrap()
            )},
            TlsRole::Unknown => unreachable!()
        };
        // Calculate XOR'ed nonce
@ -1508,6 +1511,7 @@ impl<'a> Session<'a> {
                self.client_application_nonce.as_ref().unwrap(),
                self.client_application_cipher.as_ref().unwrap()
            )},
            TlsRole::Unknown => unreachable!()
        };
        // Calculate XOR'ed nonce
@ -1545,6 +1549,7 @@ impl<'a> Session<'a> {
                self.server_handshake_nonce.as_ref().unwrap(),
                self.server_handshake_cipher.as_ref().unwrap()
            )},
            TlsRole::Unknown => unreachable!()
        };
        // Calculate XOR'ed nonce
@ -1579,6 +1584,7 @@ impl<'a> Session<'a> {
                self.server_handshake_nonce.as_ref().unwrap(),
                self.server_handshake_cipher.as_ref().unwrap()
            )},
            TlsRole::Unknown => unreachable!()
        };
        // Calculate XOR'ed nonce
@ -1606,12 +1612,21 @@ impl<'a> Session<'a> {
    pub(crate) fn increment_server_sequence_number(&mut self) {
        self.server_sequence_number += 1;
    }
    pub(crate) fn get_session_role(&self) -> TlsRole {
        self.role
    }
    pub(crate) fn becomes_client(&mut self) {
        self.role = TlsRole::Client;
    }
 }
 #[derive(Debug, PartialEq, Eq, Clone, Copy)]
 pub(crate) enum TlsRole {
    Client,
    Server,
    Unknown,
 }
 #[derive(Debug, Clone)]
@ -1814,6 +1829,7 @@ impl Cipher {
    }
 }
 #[allow(non_camel_case_types)]
 #[derive(Debug, Clone)]
 pub enum CertificatePublicKey {
    RSA {
@ -1853,6 +1869,7 @@ impl CertificatePublicKey {
    }
 }
 #[allow(non_camel_case_types)]
 pub enum CertificatePrivateKey {
    RSA {
        cert_rsa_private_key: rsa::RSAPrivateKey
--- a/src/set.rs
+++ b/src/set.rs
@ -0,0 +1,82 @@
 use smoltcp as net;
 use managed::ManagedSlice;
 use crate::tls::TlsSocket;
 use net::socket::SocketSetItem;
 use net::socket::SocketSet;
 use net::socket::SocketHandle;
 use net::socket::Socket;
 use net::socket::TcpSocket;
 use net::socket::AnySocket;
 use net::socket::SocketRef;
 use net::iface::EthernetInterface;
 use net::time::Instant;
 use net::phy::Device;
 use core::convert::From;
 use core::cell::RefCell;
 use alloc::vec::Vec;
 pub struct TlsSocketSet<'a> {
    tls_sockets: ManagedSlice<'a, Option<TlsSocket<'a>>>
 }
 #[derive(Clone, Copy, Debug)]
 pub struct TlsSocketHandle(usize);
 impl<'a> TlsSocketSet<'a> {
    pub fn new<T>(tls_sockets: T) -> Self
    where
        T: Into<ManagedSlice<'a, Option<TlsSocket<'a>>>>
    {
        Self {
            tls_sockets: tls_sockets.into()
        }
    }
    pub fn add(&mut self, socket: TlsSocket<'a>) -> TlsSocketHandle
    {
        for (index, slot) in self.tls_sockets.iter_mut().enumerate() {
            if slot.is_none() {
                *slot = Some(socket);
                return TlsSocketHandle(index);
            }
        }
        match self.tls_sockets {
            ManagedSlice::Borrowed(_) => {
                panic!("adding a socket to a full array")
            }
            ManagedSlice::Owned(ref mut sockets) => {
                sockets.push(Some(socket));
                let index = sockets.len() - 1;
                return TlsSocketHandle(index);
            }
        }
    }
    pub fn get(&mut self, handle: TlsSocketHandle) -> &mut TlsSocket<'a> {
        self.tls_sockets[handle.0].as_mut().unwrap()
    }
    pub(crate) fn polled_by(
        &mut self,
        sockets: &mut SocketSet
    ) -> smoltcp::Result<bool>
    {
        for socket in self.tls_sockets.iter_mut() {
            if socket.is_some() {
                log::info!("Found TLS");
                socket.as_mut()
                    .unwrap()
                    .update_handshake(sockets)?;
                log::info!("Updated TLS");
            }
        }
        Ok(true)
    }
 }
--- a/src/tls.rs
+++ b/src/tls.rs
@ -3,6 +3,7 @@ use smoltcp::socket::TcpState;
 use smoltcp::socket::SocketHandle;
 use smoltcp::socket::SocketSet;
 use smoltcp::socket::TcpSocketBuffer;
 use smoltcp::socket::SocketRef;
 use smoltcp::wire::IpEndpoint;
 use smoltcp::Result;
 use smoltcp::Error;
@ -20,7 +21,6 @@ use core::cell::RefCell;
 use rand_core::{RngCore, CryptoRng};
 use p256::{EncodedPoint, ecdh::EphemeralSecret};
 use ccm::consts::*;
 use aes_gcm::AeadInPlace;
 use nom::bytes::complete::take;
 use nom::error::ErrorKind;
@ -52,20 +52,19 @@ pub(crate) enum TlsState {
    CONNECTED,
 }
-// TODO: Group up all session_specific parameters into a separate structure
+pub struct TlsSocket<'s>
 pub struct TlsSocket<'s, R: RngCore + CryptoRng>
 {
    tcp_handle: SocketHandle,
-    rng: R,
+    rng: &'s mut dyn crate::TlsRng,
    session: RefCell<Session<'s>>,
 }
-impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
+impl<'s> TlsSocket<'s> {
    pub fn new<'a, 'b, 'c>(
        sockets: &mut SocketSet<'a, 'b, 'c>,
        rx_buffer: TcpSocketBuffer<'b>,
        tx_buffer: TcpSocketBuffer<'b>,
-        rng: R,
+        rng: &'s mut dyn crate::TlsRng,
        certificate_with_key: Option<(
            crate::session::CertificatePrivateKey,
            Vec<&'s [u8]>
@ -76,6 +75,23 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
    {
        let tcp_socket = TcpSocket::new(rx_buffer, tx_buffer);
        let tcp_handle = sockets.add(tcp_socket);
        TlsSocket {
            tcp_handle,
            rng,
            session: RefCell::new(
                Session::new(TlsRole::Unknown, certificate_with_key)
            ),
        }
    }
    pub fn from_tcp_handle(
        tcp_handle: SocketHandle,
        rng: &'s mut dyn crate::TlsRng,
        certificate_with_key: Option<(
            crate::session::CertificatePrivateKey,
            Vec<&'s [u8]>
        )>
    ) -> Self {
        TlsSocket {
            tcp_handle,
            rng,
@ -85,7 +101,7 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
        }
    }
-    pub fn tcp_connect<T, U>(
+    pub fn connect<T, U>(
        &mut self,
        sockets: &mut SocketSet,
        remote_endpoint: T,
@ -95,32 +111,33 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
        T: Into<IpEndpoint>,
        U: Into<IpEndpoint>,
    {
        // Start TCP handshake
        let mut tcp_socket = sockets.get::<TcpSocket>(self.tcp_handle);
-        if tcp_socket.state() == TcpState::Established {
+        tcp_socket.connect(remote_endpoint, local_endpoint)?;
-            Ok(())
+
-        } else {
+        // Permit TLS handshake as well
-            tcp_socket.connect(remote_endpoint, local_endpoint)
+        let mut session = self.session.borrow_mut();
-        }
+        session.becomes_client();
        Ok(())
    }
-    pub fn tls_connect<DeviceT>(
+    pub fn update_handshake(&mut self, sockets: &mut SocketSet) -> Result<bool> {
-        &mut self,
+        // Check TCP socket
        iface: &mut EthernetInterface<DeviceT>,
        sockets: &mut SocketSet,
        now: Instant
    ) -> Result<bool>
    where
        DeviceT: for<'d> Device<'d>
    {
        // Check tcp_socket connectivity
        {
            let mut tcp_socket = sockets.get::<TcpSocket>(self.tcp_handle);
            tcp_socket.set_keep_alive(Some(smoltcp::time::Duration::from_millis(1000)));
            if tcp_socket.state() != TcpState::Established {
                log::info!("TCP not established");
                return Ok(false);
            }
        }
-
+        // Check TLS session state
        {
            let role = self.session.borrow().get_session_role();
            if role != crate::session::TlsRole::Client {
                return Ok(true);
            }
        }
        // Handle TLS handshake through TLS states
        let tls_state = {
            self.session.borrow().get_tls_state()
@ -193,19 +210,17 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
                    self.session.borrow().need_to_send_client_certificate()
                };
                if need_to_send_client_cert {
-                    let (certificates_total_length, mut buffer_vec) = {
+                    let (certificates_total_length, buffer_vec) = {
-                        let mut session = self.session.borrow_mut();
+                        let session = self.session.borrow();
                        let mut buffer_vec: Vec<u8> = Vec::new();
                        let certificates = session
                            .get_private_certificate_slices()
                            .clone();
                        // Handshake level, client certificate byte followed by length (u24)
                        let mut handshake_header: [u8; 4] = [11, 0, 0, 0];
                        // Certificate struct:
                        // request_context = X509: 0 (u8),
                        // certificate_list to be determined (u24)
                        let mut certificate_header: [u8; 4] = [0, 0, 0, 0];
                        let mut certificates_total_length: u32 = 0;
                        // Append place holder bytes (8 of them) in the buffer vector
@ -229,10 +244,9 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
                                );
                                // Update length in Certificate struct
-                                certificates_total_length += (
+                                certificates_total_length += 
                                    // cert_data (len & data) AND extension (len & data)
-                                    3 + certificate_length + 2 + 0
+                                    3 + certificate_length + 2 + 0;
                                );
                                buffer_vec.extend_from_slice(&cert_data_length);
                                buffer_vec.extend_from_slice(cert);
@ -347,12 +361,12 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
                    .client_update_for_server_connected(&inner_plaintext[..(inner_plaintext_length-1)]);
            }
-            _ => todo!()
+            // There is no need to care about handshake if it was completed
            TlsState::CONNECTED => {
                return Ok(true);
            }
        }
        // Poll the network interface
        iface.poll(sockets, now);
        // Read for TLS packet
        // Proposition: Decouple all data from TLS record layer before processing
        //      Recouple a brand new TLS record wrapper
@ -731,7 +745,6 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
            // Verify that the signature is indeed correct
            TlsState::WAIT_CV => {
                // Ensure that it is CertificateVerify
                log::info!("Got certificate verify");
                let might_be_cert_verify = repr.handshake.take().unwrap();
                if might_be_cert_verify.get_msg_type() != HandshakeType::CertificateVerify {
                    // Process the other handshakes in "handshake_vec"
@ -745,11 +758,9 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
                        might_be_cert_verify.length + 4
                    )(handshake_slice)
                        .map_err(|_| Error::Unrecognized)?;
                log::info!("about to verify");
                // Perform verification, update TLS state if successful
                let (sig_alg, signature) = might_be_cert_verify.get_signature().unwrap();
                log::info!("Got signature");
                {
                    self.session.borrow_mut()
                        .client_update_for_wait_cv(
@ -772,7 +783,7 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
                // Take out the portion for server Finished
                // Length of handshake header is 4
-                let (handshake_slice, server_finished_slice) = 
+                let (_handshake_slice, server_finished_slice) = 
                    take::<_, _, (&[u8], ErrorKind)>(
                        might_be_server_finished.length + 4
                    )(handshake_slice)
@ -793,31 +804,6 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
        Ok(())
    }
    // Generic inner send method, through TCP socket
    fn send_tls_repr(&self, sockets: &mut SocketSet, tls_repr: TlsRepr) -> Result<()> {
        let mut tcp_socket = sockets.get::<TcpSocket>(self.tcp_handle);
        if !tcp_socket.can_send() {
            return Err(Error::Illegal);
        }
        let mut array = [0; 2048];
        let mut buffer = TlsBuffer::new(&mut array);
        buffer.enqueue_tls_repr(tls_repr)?;
        let buffer_size = buffer.get_size();
        // Force send to return if send is unsuccessful
        // Only update sequence number if the send is successful
        tcp_socket.send_slice(buffer.into())
            .and_then(
                |size| if size == buffer_size {
                    Ok(())
                } else {
                    Err(Error::Truncated)
                }
            )?;
        self.session.borrow_mut().increment_client_sequence_number();
        Ok(())
    }
    // Generic inner send method for buffer IO, through TCP socket
    // Usage: Push a slice representation of ONE TLS packet
    // This function will only increment sequence number by 1
@ -940,12 +926,16 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
                    (record_length + 5),
                    (
                        (record_length + 5),
-                        provided_data_capacity < (record_length + 5)
+                        provided_data_capacity >= (record_length + 5)
                    )
                )
            }
        )?;
        if !acceptable {
            return Ok(0);
        }
        // let recv_slice_size = tcp_socket.recv_slice(data)?;
        // Encrypted data need a TLS record wrapper (5 bytes)
@ -1038,4 +1028,9 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
        Ok(())
    }
    pub fn get_tcp_handle(&self) -> SocketHandle {
        self.tcp_handle
    }
 }
--- a/src/tls_packet.rs
+++ b/src/tls_packet.rs
@ -76,14 +76,6 @@ impl<'a> TlsRepr<'a> {
        self
    }
    pub(crate) fn change_cipher_spec(mut self) -> Self {
        self.content_type = TlsContentType::ChangeCipherSpec;
        self.version = TlsVersion::Tls12;
        self.length = 1;
        self.payload = Some((&[1]).to_vec());
        self
    }
    // TODO: Consider replace all these boolean function
    // into a single function that returns the HandshakeType.
    pub(crate) fn is_server_hello(&self) -> bool {
@ -112,12 +104,6 @@ impl<'a> TlsRepr<'a> {
            }
        }
    }
    pub(crate) fn is_application_data(&self) -> bool {
        self.content_type == TlsContentType::ApplicationData &&
        self.handshake.is_none() &&
        self.payload.is_some()
    }
 }
 #[derive(Debug, PartialEq, Eq, Clone, Copy, IntoPrimitive, TryFromPrimitive)]
@ -385,8 +371,6 @@ impl<'a> ClientHello<'a> {
        list.push(NamedGroup::x25519);
        list.push(NamedGroup::secp256r1);
        let length = list.len()*2;
        // Use the list to generate all key shares and store in a vec
        let mut client_shares = Vec::new();
        let mut client_shares_length = 0;
@ -590,10 +574,10 @@ pub(crate) enum SupportedVersions {
 impl SupportedVersions {
    pub(crate) fn get_length(&self) -> usize {
        match self {
-            Self::ClientHello { length, versions } => {
+            Self::ClientHello { length, .. } => {
                usize::try_from(*length).unwrap() + 1
            }
-            Self::ServerHello { selected_version } => 2
+            Self::ServerHello { .. } => 2
        }
    }
 }
@ -713,8 +697,8 @@ pub(crate) enum KeyShareEntryContent {
 impl KeyShareEntryContent {
    pub(crate) fn get_length(&self) -> usize {
        match self {
-            Self::KeyShareClientHello { length, client_shares } => 2 + usize::try_from(*length).unwrap(),
+            Self::KeyShareClientHello { length, .. } => 2 + usize::try_from(*length).unwrap(),
-            Self::KeyShareHelloRetryRequest { selected_group } => 2,
+            Self::KeyShareHelloRetryRequest { .. } => 2,
            Self::KeyShareServerHello { server_share } => server_share.get_length(),
        }
    }
@ -760,12 +744,9 @@ pub(crate) enum CertificateEntryInfo<'a> {
 impl<'a> CertificateEntryInfo<'a> {
    pub(crate) fn get_certificate(&self) -> &Asn1DerCertificate {
        match self {
-            CertificateEntryInfo::RawPublicKey {
+            CertificateEntryInfo::RawPublicKey { .. } => todo!(),
                ASN1_subjectPublicKeyInfo_length,
                ASN1_subjectPublicKeyInfo
            } => todo!(),
            CertificateEntryInfo::X509 {
-                cert_data_length, cert_data
+                cert_data, ..
            } => &cert_data
        }
    }