Compare commits
3 Commits
3bd54d682a
...
9aeecc968e
| Author | SHA1 | Date | |
|---|---|---|---|
| 9aeecc968e | |||
| 89086a18e2 | |||
| 57ff74c183 |
@ -37,9 +37,9 @@ pub struct TBSCertificate<'a> {
|
||||
pub version: Version,
|
||||
pub serial_number: &'a [u8],
|
||||
pub signature: AlgorithmIdentifier<'a>,
|
||||
pub issuer: &'a [u8],
|
||||
pub issuer: Name<'a>,
|
||||
pub validity: Validity<'a>,
|
||||
pub subject: &'a [u8],
|
||||
pub subject: Name<'a>,
|
||||
pub subject_public_key_info: SubjectPublicKeyInfo<'a>,
|
||||
pub issuer_unique_id: Option<&'a [u8]>,
|
||||
pub subject_unique_id: Option<&'a [u8]>,
|
||||
@ -106,7 +106,9 @@ pub enum ExtensionValue<'a> {
|
||||
},
|
||||
|
||||
// Permitted subtrees and excluded subtrees are not implemented
|
||||
// SubjectAlternativeName,
|
||||
SubjectAlternativeName {
|
||||
general_names: Vec<GeneralName<'a>>,
|
||||
},
|
||||
|
||||
BasicConstraints {
|
||||
is_ca: bool,
|
||||
@ -141,6 +143,25 @@ pub enum ExtensionValue<'a> {
|
||||
Unrecognized,
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone)]
|
||||
pub enum GeneralName<'a> {
|
||||
OtherName {
|
||||
type_id: &'a [u8],
|
||||
value: &'a [u8],
|
||||
},
|
||||
RFC822Name(&'a [u8]),
|
||||
DNSName(&'a [u8]),
|
||||
X400Address(&'a [u8]),
|
||||
DirectoryName(&'a [u8]),
|
||||
EDIPartyName{
|
||||
name_assigner: &'a [u8],
|
||||
party_name: &'a [u8],
|
||||
},
|
||||
URI(&'a [u8]),
|
||||
IPAddress(&'a [u8]),
|
||||
RegisteredID(&'a [u8]),
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone)]
|
||||
pub struct PolicyInformation<'a> {
|
||||
pub id: &'a [u8],
|
||||
@ -153,6 +174,17 @@ pub struct AlgorithmIdentifier<'a> {
|
||||
pub parameters: &'a [u8],
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone)]
|
||||
pub struct Name<'a> {
|
||||
pub relative_distinguished_name: Vec<AttributeTypeAndValue<'a>>
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone)]
|
||||
pub struct AttributeTypeAndValue<'a> {
|
||||
pub attribute_type: &'a [u8], // OID
|
||||
pub attribute_value: &'a str,
|
||||
}
|
||||
|
||||
impl<'a> Certificate<'a> {
|
||||
// General return public key method
|
||||
pub(crate) fn get_cert_public_key(&self) -> Result<CertificatePublicKey, ()> {
|
||||
@ -224,6 +256,18 @@ impl<'a> Certificate<'a> {
|
||||
// Validate signature of self-signed certificate
|
||||
// Do not be confused with TLS Certificate Verify
|
||||
pub fn validate_self_signed_signature(&self) -> Result<(), TlsError> {
|
||||
let cert_public_key = self.get_cert_public_key()
|
||||
.map_err(|_| TlsError::SignatureValidationError)?;
|
||||
self.validate_signature_with_trusted(&cert_public_key)
|
||||
}
|
||||
|
||||
// Validate signature of certificate signed by some CA's public key
|
||||
// Do not be confused with TLS Certificate Verify
|
||||
pub fn validate_signature_with_trusted(
|
||||
&self,
|
||||
trusted_public_key: &CertificatePublicKey
|
||||
) -> Result<(), TlsError>
|
||||
{
|
||||
let sig_alg = self.signature_algorithm.algorithm;
|
||||
|
||||
// Prepare hash value
|
||||
@ -232,9 +276,7 @@ impl<'a> Certificate<'a> {
|
||||
let padding = PaddingScheme::new_pkcs1v15_sign(Some(Hash::SHA1));
|
||||
let hashed = Sha1::digest(self.tbs_certificate_encoded);
|
||||
let sig = self.signature_value;
|
||||
self.get_cert_public_key()
|
||||
.map_err(|_| TlsError::SignatureValidationError)?
|
||||
.get_rsa_public_key()
|
||||
trusted_public_key.get_rsa_public_key()
|
||||
.map_err(|_| TlsError::SignatureValidationError)?
|
||||
.verify(padding, &hashed, sig)
|
||||
.map_err(|_| TlsError::SignatureValidationError)
|
||||
@ -244,9 +286,7 @@ impl<'a> Certificate<'a> {
|
||||
let padding = PaddingScheme::new_pkcs1v15_sign(Some(Hash::SHA2_224));
|
||||
let hashed = Sha224::digest(self.tbs_certificate_encoded);
|
||||
let sig = self.signature_value;
|
||||
self.get_cert_public_key()
|
||||
.map_err(|_| TlsError::SignatureValidationError)?
|
||||
.get_rsa_public_key()
|
||||
trusted_public_key.get_rsa_public_key()
|
||||
.map_err(|_| TlsError::SignatureValidationError)?
|
||||
.verify(padding, &hashed, sig)
|
||||
.map_err(|_| TlsError::SignatureValidationError)
|
||||
@ -256,9 +296,7 @@ impl<'a> Certificate<'a> {
|
||||
let padding = PaddingScheme::new_pkcs1v15_sign(Some(Hash::SHA2_256));
|
||||
let hashed = Sha256::digest(self.tbs_certificate_encoded);
|
||||
let sig = self.signature_value;
|
||||
self.get_cert_public_key()
|
||||
.map_err(|_| TlsError::SignatureValidationError)?
|
||||
.get_rsa_public_key()
|
||||
trusted_public_key.get_rsa_public_key()
|
||||
.map_err(|_| TlsError::SignatureValidationError)?
|
||||
.verify(padding, &hashed, sig)
|
||||
.map_err(|_| TlsError::SignatureValidationError)
|
||||
@ -268,9 +306,7 @@ impl<'a> Certificate<'a> {
|
||||
let padding = PaddingScheme::new_pkcs1v15_sign(Some(Hash::SHA2_384));
|
||||
let hashed = Sha384::digest(self.tbs_certificate_encoded);
|
||||
let sig = self.signature_value;
|
||||
self.get_cert_public_key()
|
||||
.map_err(|_| TlsError::SignatureValidationError)?
|
||||
.get_rsa_public_key()
|
||||
trusted_public_key.get_rsa_public_key()
|
||||
.map_err(|_| TlsError::SignatureValidationError)?
|
||||
.verify(padding, &hashed, sig)
|
||||
.map_err(|_| TlsError::SignatureValidationError)
|
||||
@ -280,9 +316,7 @@ impl<'a> Certificate<'a> {
|
||||
let padding = PaddingScheme::new_pkcs1v15_sign(Some(Hash::SHA2_512));
|
||||
let hashed = Sha512::digest(self.tbs_certificate_encoded);
|
||||
let sig = self.signature_value;
|
||||
self.get_cert_public_key()
|
||||
.map_err(|_| TlsError::SignatureValidationError)?
|
||||
.get_rsa_public_key()
|
||||
trusted_public_key.get_rsa_public_key()
|
||||
.map_err(|_| TlsError::SignatureValidationError)?
|
||||
.verify(padding, &hashed, sig)
|
||||
.map_err(|_| TlsError::SignatureValidationError)
|
||||
@ -300,9 +334,7 @@ impl<'a> Certificate<'a> {
|
||||
);
|
||||
let hashed = Sha1::digest(self.tbs_certificate_encoded);
|
||||
let sig = self.signature_value;
|
||||
self.get_cert_public_key()
|
||||
.map_err(|_| TlsError::SignatureValidationError)?
|
||||
.get_rsa_public_key()
|
||||
trusted_public_key.get_rsa_public_key()
|
||||
.map_err(|_| TlsError::SignatureValidationError)?
|
||||
.verify(padding, &hashed, sig)
|
||||
.map_err(|_| TlsError::SignatureValidationError)
|
||||
@ -315,9 +347,7 @@ impl<'a> Certificate<'a> {
|
||||
);
|
||||
let hashed = Sha224::digest(self.tbs_certificate_encoded);
|
||||
let sig = self.signature_value;
|
||||
self.get_cert_public_key()
|
||||
.map_err(|_| TlsError::SignatureValidationError)?
|
||||
.get_rsa_public_key()
|
||||
trusted_public_key.get_rsa_public_key()
|
||||
.map_err(|_| TlsError::SignatureValidationError)?
|
||||
.verify(padding, &hashed, sig)
|
||||
.map_err(|_| TlsError::SignatureValidationError)
|
||||
@ -330,9 +360,7 @@ impl<'a> Certificate<'a> {
|
||||
);
|
||||
let hashed = Sha256::digest(self.tbs_certificate_encoded);
|
||||
let sig = self.signature_value;
|
||||
self.get_cert_public_key()
|
||||
.map_err(|_| TlsError::SignatureValidationError)?
|
||||
.get_rsa_public_key()
|
||||
trusted_public_key.get_rsa_public_key()
|
||||
.map_err(|_| TlsError::SignatureValidationError)?
|
||||
.verify(padding, &hashed, sig)
|
||||
.map_err(|_| TlsError::SignatureValidationError)
|
||||
@ -345,9 +373,7 @@ impl<'a> Certificate<'a> {
|
||||
);
|
||||
let hashed = Sha384::digest(self.tbs_certificate_encoded);
|
||||
let sig = self.signature_value;
|
||||
self.get_cert_public_key()
|
||||
.map_err(|_| TlsError::SignatureValidationError)?
|
||||
.get_rsa_public_key()
|
||||
trusted_public_key.get_rsa_public_key()
|
||||
.map_err(|_| TlsError::SignatureValidationError)?
|
||||
.verify(padding, &hashed, sig)
|
||||
.map_err(|_| TlsError::SignatureValidationError)
|
||||
@ -360,9 +386,7 @@ impl<'a> Certificate<'a> {
|
||||
);
|
||||
let hashed = Sha512::digest(self.tbs_certificate_encoded);
|
||||
let sig = self.signature_value;
|
||||
self.get_cert_public_key()
|
||||
.map_err(|_| TlsError::SignatureValidationError)?
|
||||
.get_rsa_public_key()
|
||||
trusted_public_key.get_rsa_public_key()
|
||||
.map_err(|_| TlsError::SignatureValidationError)?
|
||||
.verify(padding, &hashed, sig)
|
||||
.map_err(|_| TlsError::SignatureValidationError)
|
||||
@ -379,9 +403,7 @@ impl<'a> Certificate<'a> {
|
||||
.map_err(|_| TlsError::SignatureValidationError)?;
|
||||
let sig = p256::ecdsa::Signature::from_asn1(self.signature_value)
|
||||
.map_err(|_| TlsError::SignatureValidationError)?;
|
||||
self.get_cert_public_key()
|
||||
.map_err(|_| TlsError::SignatureValidationError)?
|
||||
.get_ecdsa_secp256r1_sha256_verify_key()
|
||||
trusted_public_key.get_ecdsa_secp256r1_sha256_verify_key()
|
||||
.map_err(|_| TlsError::SignatureValidationError)?
|
||||
.verify(self.tbs_certificate_encoded, &sig)
|
||||
.map_err(|_| TlsError::SignatureValidationError)
|
||||
@ -393,16 +415,13 @@ impl<'a> Certificate<'a> {
|
||||
self.signature_value
|
||||
).map_err(|_| TlsError::SignatureValidationError)?;
|
||||
log::info!("Ed25519 signature: {:?}", sig);
|
||||
self.get_cert_public_key()
|
||||
.map_err(|_| TlsError::SignatureValidationError)?
|
||||
.get_ed25519_public_key()
|
||||
trusted_public_key.get_ed25519_public_key()
|
||||
.map_err(|_| TlsError::SignatureValidationError)?
|
||||
.verify_strict(self.tbs_certificate_encoded, &sig)
|
||||
.map_err(|_| TlsError::SignatureValidationError)
|
||||
}
|
||||
},
|
||||
|
||||
_ => todo!()
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
63
src/main.rs
63
src/main.rs
@ -78,44 +78,31 @@ fn main() {
|
||||
// tls_socket.tls_connect(&mut sockets).unwrap();
|
||||
simple_logger::SimpleLogger::new().init().unwrap();
|
||||
|
||||
let (_, certificate) = parse_asn1_der_certificate(&ED25519_CERT).unwrap();
|
||||
let (_, certificate) = parse_asn1_der_certificate(&SELF_SIGNED_WITH_SAN).unwrap();
|
||||
println!("Certificate print: {:?}", certificate);
|
||||
|
||||
let modulus = [
|
||||
0x00, 0xe1, 0x64, 0x42, 0x1f, 0x32, 0x2c, 0xa2, 0x81, 0x3a, 0x6f, 0x9d, 0x4e, 0x6d, 0xa7, 0xc9, 0xed, 0xb9, 0x47, 0x3e, 0xd8, 0x98, 0xe6, 0xba, 0xab, 0x07, 0x93, 0xb3, 0xc5, 0x80, 0x62, 0x7e, 0xb7, 0xe3, 0x9a, 0xfb, 0x9c, 0xf4, 0x0c, 0xc7, 0x49, 0x08, 0x73, 0x45, 0xe8, 0x94, 0xff, 0xb1, 0xe7, 0x52, 0xb6, 0x77, 0xa7, 0x53, 0x49, 0x0b, 0xf3, 0xe6, 0x13, 0x4a, 0x79, 0xd7, 0xef, 0x53, 0x7c, 0x8d, 0x84, 0x5b, 0xf3, 0x30, 0x6d, 0x4d, 0x43, 0x14, 0xa0, 0xc9, 0x8b, 0x86, 0x17, 0x16, 0x8a, 0x09, 0x60, 0xa9, 0xdb, 0x76, 0x8f, 0x5c, 0x58, 0x92, 0xf3, 0x63, 0xdb, 0x39, 0x82, 0xa7, 0x4a, 0x79, 0x08, 0x29, 0x1d, 0x94, 0x3c, 0xec, 0x11, 0x46, 0x70, 0xf8, 0xd1, 0xe4, 0xc2, 0x6f, 0x9d, 0x40, 0x8d, 0x8a, 0x29, 0x2e, 0x2b, 0x82, 0xd6, 0x1b, 0x0f, 0xbd, 0x49, 0xe4, 0xc9, 0xfb, 0xc3, 0x81, 0x29, 0x7f, 0x99, 0x07, 0x99, 0x5a, 0x28, 0x46, 0xf7, 0xdd, 0xca, 0xb2, 0x4c, 0xce, 0x21, 0x01, 0x24, 0xfc, 0xfe, 0x8f, 0xea, 0x73, 0x36, 0x39, 0xdf, 0xa0, 0x6c, 0x43, 0xf5, 0x3c, 0x74, 0xb3, 0x17, 0x00, 0xfd, 0xb4, 0xa2, 0x82, 0x1e, 0xed, 0xdf, 0x22, 0x2a, 0x35, 0x6d, 0xf7, 0x8a, 0x4d, 0xc8, 0x19, 0xb9, 0xd3, 0x88, 0x29, 0x10, 0x8e, 0xae, 0x30, 0xf2, 0x23, 0xce, 0x3b, 0xce, 0xe0, 0x7c, 0x5e, 0x52, 0xa1, 0x1f, 0xc1, 0x59, 0xcc, 0x14, 0xf6, 0x6f, 0xf1, 0xa6, 0xbb, 0xfd, 0x9b, 0x66, 0x96, 0x89, 0xbb, 0xd4, 0x0b, 0x9e, 0x5f, 0xac, 0xf0, 0x1d, 0x88, 0xa6, 0x27, 0x53, 0x48, 0xf2, 0x12, 0x54, 0x43, 0xf8, 0x92, 0x42, 0xcd, 0x6e, 0x00, 0x54, 0x67, 0x55, 0x6f, 0xfa, 0x38, 0x30, 0x7b, 0xea, 0xaa, 0x85, 0x9b, 0x31, 0xbf, 0x78, 0xb8, 0x2a, 0x97, 0x77, 0xd0, 0x23
|
||||
];
|
||||
|
||||
let exponent = [1, 0, 1];
|
||||
|
||||
let rsa_public_key = rsa::RSAPublicKey::new(
|
||||
rsa::BigUint::from_bytes_be(&modulus),
|
||||
rsa::BigUint::from_bytes_be(&exponent)
|
||||
).unwrap();
|
||||
|
||||
let ca_public_key = smoltcp_tls::session::CertificatePublicKey::RSA {
|
||||
cert_rsa_public_key: rsa_public_key
|
||||
};
|
||||
|
||||
// certificate.validate_signature_with_trusted(&ca_public_key).unwrap();
|
||||
// println!("Certificate should be trusted");
|
||||
|
||||
certificate.validate_self_signed_signature().unwrap();
|
||||
|
||||
}
|
||||
|
||||
const CLIENT_HELLO: [u8; 0xCA] = [
|
||||
0x01, 0x00, 0x00, 0xc6, 0x03, 0x03, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff, 0x00, 0x06, 0x13, 0x01, 0x13, 0x02, 0x13, 0x03, 0x01, 0x00, 0x00, 0x77, 0x00, 0x00, 0x00, 0x18, 0x00, 0x16, 0x00, 0x00, 0x13, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x75, 0x6c, 0x66, 0x68, 0x65, 0x69, 0x6d, 0x2e, 0x6e, 0x65, 0x74, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x0d, 0x00, 0x14, 0x00, 0x12, 0x04, 0x03, 0x08, 0x04, 0x04, 0x01, 0x05, 0x03, 0x08, 0x05, 0x05, 0x01, 0x08, 0x06, 0x06, 0x01, 0x02, 0x01, 0x00, 0x33, 0x00, 0x26, 0x00, 0x24, 0x00, 0x1d, 0x00, 0x20, 0x35, 0x80, 0x72, 0xd6, 0x36, 0x58, 0x80, 0xd1, 0xae, 0xea, 0x32, 0x9a, 0xdf, 0x91, 0x21, 0x38, 0x38, 0x51, 0xed, 0x21, 0xa2, 0x8e, 0x3b, 0x75, 0xe9, 0x65, 0xd0, 0xd2, 0xcd, 0x16, 0x62, 0x54, 0x00, 0x2d, 0x00, 0x02, 0x01, 0x01, 0x00, 0x2b, 0x00, 0x03, 0x02, 0x03, 0x04
|
||||
];
|
||||
|
||||
const SERVER_HELLO: [u8; 0x7A] = [
|
||||
0x02, 0x00, 0x00, 0x76, 0x03, 0x03, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x20, 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff, 0x13, 0x01, 0x00, 0x00, 0x2e, 0x00, 0x33, 0x00, 0x24, 0x00, 0x1d, 0x00, 0x20, 0x9f, 0xd7, 0xad, 0x6d, 0xcf, 0xf4, 0x29, 0x8d, 0xd3, 0xf9, 0x6d, 0x5b, 0x1b, 0x2a, 0xf9, 0x10, 0xa0, 0x53, 0x5b, 0x14, 0x88, 0xd7, 0xf8, 0xfa, 0xbb, 0x34, 0x9a, 0x98, 0x28, 0x80, 0xb6, 0x15, 0x00, 0x2b, 0x00, 0x02, 0x03, 0x04
|
||||
];
|
||||
|
||||
const ENCRYPTED_EXTENSION: [u8; 6] = [0x08, 0x00, 0x00, 0x02, 0x00, 0x00];
|
||||
|
||||
const MANY20: [u8; 64] = [0x20; 64];
|
||||
|
||||
const CONTEXT_STRING: &'static str = "TLS 1.3, server CertificateVerify";
|
||||
|
||||
const SINGLE_ZERO_BYTE: [u8; 1] = [0];
|
||||
|
||||
const CERTIFICATE: [u8; 818] = [
|
||||
0x0b, 0x00, 0x03, 0x2e, 0x00, 0x00, 0x03, 0x2a, 0x00, 0x03, 0x25, 0x30, 0x82, 0x03, 0x21, 0x30, 0x82, 0x02, 0x09, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x15, 0x5a, 0x92, 0xad, 0xc2, 0x04, 0x8f, 0x90, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x22, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x45, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x38, 0x31, 0x30, 0x30, 0x35, 0x30, 0x31, 0x33, 0x38, 0x31, 0x37, 0x5a, 0x17, 0x0d, 0x31, 0x39, 0x31, 0x30, 0x30, 0x35, 0x30, 0x31, 0x33, 0x38, 0x31, 0x37, 0x5a, 0x30, 0x2b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x13, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x75, 0x6c, 0x66, 0x68, 0x65, 0x69, 0x6d, 0x2e, 0x6e, 0x65, 0x74, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc4, 0x80, 0x36, 0x06, 0xba, 0xe7, 0x47, 0x6b, 0x08, 0x94, 0x04, 0xec, 0xa7, 0xb6, 0x91, 0x04, 0x3f, 0xf7, 0x92, 0xbc, 0x19, 0xee, 0xfb, 0x7d, 0x74, 0xd7, 0xa8, 0x0d, 0x00, 0x1e, 0x7b, 0x4b, 0x3a, 0x4a, 0xe6, 0x0f, 0xe8, 0xc0, 0x71, 0xfc, 0x73, 0xe7, 0x02, 0x4c, 0x0d, 0xbc, 0xf4, 0xbd, 0xd1, 0x1d, 0x39, 0x6b, 0xba, 0x70, 0x46, 0x4a, 0x13, 0xe9, 0x4a, 0xf8, 0x3d, 0xf3, 0xe1, 0x09, 0x59, 0x54, 0x7b, 0xc9, 0x55, 0xfb, 0x41, 0x2d, 0xa3, 0x76, 0x52, 0x11, 0xe1, 0xf3, 0xdc, 0x77, 0x6c, 0xaa, 0x53, 0x37, 0x6e, 0xca, 0x3a, 0xec, 0xbe, 0xc3, 0xaa, 0xb7, 0x3b, 0x31, 0xd5, 0x6c, 0xb6, 0x52, 0x9c, 0x80, 0x98, 0xbc, 0xc9, 0xe0, 0x28, 0x18, 0xe2, 0x0b, 0xf7, 0xf8, 0xa0, 0x3a, 0xfd, 0x17, 0x04, 0x50, 0x9e, 0xce, 0x79, 0xbd, 0x9f, 0x39, 0xf1, 0xea, 0x69, 0xec, 0x47, 0x97, 0x2e, 0x83, 0x0f, 0xb5, 0xca, 0x95, 0xde, 0x95, 0xa1, 0xe6, 0x04, 0x22, 0xd5, 0xee, 0xbe, 0x52, 0x79, 0x54, 0xa1, 0xe7, 0xbf, 0x8a, 0x86, 0xf6, 0x46, 0x6d, 0x0d, 0x9f, 0x16, 0x95, 0x1a, 0x4c, 0xf7, 0xa0, 0x46, 0x92, 0x59, 0x5c, 0x13, 0x52, 0xf2, 0x54, 0x9e, 0x5a, 0xfb, 0x4e, 0xbf, 0xd7, 0x7a, 0x37, 0x95, 0x01, 0x44, 0xe4, 0xc0, 0x26, 0x87, 0x4c, 0x65, 0x3e, 0x40, 0x7d, 0x7d, 0x23, 0x07, 0x44, 0x01, 0xf4, 0x84, 0xff, 0xd0, 0x8f, 0x7a, 0x1f, 0xa0, 0x52, 0x10, 0xd1, 0xf4, 0xf0, 0xd5, 0xce, 0x79, 0x70, 0x29, 0x32, 0xe2, 0xca, 0xbe, 0x70, 0x1f, 0xdf, 0xad, 0x6b, 0x4b, 0xb7, 0x11, 0x01, 0xf4, 0x4b, 0xad, 0x66, 0x6a, 0x11, 0x13, 0x0f, 0xe2, 0xee, 0x82, 0x9e, 0x4d, 0x02, 0x9d, 0xc9, 0x1c, 0xdd, 0x67, 0x16, 0xdb, 0xb9, 0x06, 0x18, 0x86, 0xed, 0xc1, 0xba, 0x94, 0x21, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x52, 0x30, 0x50, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x05, 0xa0, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x89, 0x4f, 0xde, 0x5b, 0xcc, 0x69, 0xe2, 0x52, 0xcf, 0x3e, 0xa3, 0x00, 0xdf, 0xb1, 0x97, 0xb8, 0x1d, 0xe1, 0xc1, 0x46, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x59, 0x16, 0x45, 0xa6, 0x9a, 0x2e, 0x37, 0x79, 0xe4, 0xf6, 0xdd, 0x27, 0x1a, 0xba, 0x1c, 0x0b, 0xfd, 0x6c, 0xd7, 0x55, 0x99, 0xb5, 0xe7, 0xc3, 0x6e, 0x53, 0x3e, 0xff, 0x36, 0x59, 0x08, 0x43, 0x24, 0xc9, 0xe7, 0xa5, 0x04, 0x07, 0x9d, 0x39, 0xe0, 0xd4, 0x29, 0x87, 0xff, 0xe3, 0xeb, 0xdd, 0x09, 0xc1, 0xcf, 0x1d, 0x91, 0x44, 0x55, 0x87, 0x0b, 0x57, 0x1d, 0xd1, 0x9b, 0xdf, 0x1d, 0x24, 0xf8, 0xbb, 0x9a, 0x11, 0xfe, 0x80, 0xfd, 0x59, 0x2b, 0xa0, 0x39, 0x8c, 0xde, 0x11, 0xe2, 0x65, 0x1e, 0x61, 0x8c, 0xe5, 0x98, 0xfa, 0x96, 0xe5, 0x37, 0x2e, 0xef, 0x3d, 0x24, 0x8a, 0xfd, 0xe1, 0x74, 0x63, 0xeb, 0xbf, 0xab, 0xb8, 0xe4, 0xd1, 0xab, 0x50, 0x2a, 0x54, 0xec, 0x00, 0x64, 0xe9, 0x2f, 0x78, 0x19, 0x66, 0x0d, 0x3f, 0x27, 0xcf, 0x20, 0x9e, 0x66, 0x7f, 0xce, 0x5a, 0xe2, 0xe4, 0xac, 0x99, 0xc7, 0xc9, 0x38, 0x18, 0xf8, 0xb2, 0x51, 0x07, 0x22, 0xdf, 0xed, 0x97, 0xf3, 0x2e, 0x3e, 0x93, 0x49, 0xd4, 0xc6, 0x6c, 0x9e, 0xa6, 0x39, 0x6d, 0x74, 0x44, 0x62, 0xa0, 0x6b, 0x42, 0xc6, 0xd5, 0xba, 0x68, 0x8e, 0xac, 0x3a, 0x01, 0x7b, 0xdd, 0xfc, 0x8e, 0x2c, 0xfc, 0xad, 0x27, 0xcb, 0x69, 0xd3, 0xcc, 0xdc, 0xa2, 0x80, 0x41, 0x44, 0x65, 0xd3, 0xae, 0x34, 0x8c, 0xe0, 0xf3, 0x4a, 0xb2, 0xfb, 0x9c, 0x61, 0x83, 0x71, 0x31, 0x2b, 0x19, 0x10, 0x41, 0x64, 0x1c, 0x23, 0x7f, 0x11, 0xa5, 0xd6, 0x5c, 0x84, 0x4f, 0x04, 0x04, 0x84, 0x99, 0x38, 0x71, 0x2b, 0x95, 0x9e, 0xd6, 0x85, 0xbc, 0x5c, 0x5d, 0xd6, 0x45, 0xed, 0x19, 0x90, 0x94, 0x73, 0x40, 0x29, 0x26, 0xdc, 0xb4, 0x0e, 0x34, 0x69, 0xa1, 0x59, 0x41, 0xe8, 0xe2, 0xcc, 0xa8, 0x4b, 0xb6, 0x08, 0x46, 0x36, 0xa0, 0x00, 0x00
|
||||
];
|
||||
|
||||
const PUBLIC_KEY: [u8; 256] = [
|
||||
0xc4, 0x80, 0x36, 0x06, 0xba, 0xe7, 0x47, 0x6b, 0x08, 0x94, 0x04, 0xec, 0xa7, 0xb6, 0x91, 0x04, 0x3f, 0xf7, 0x92, 0xbc, 0x19, 0xee, 0xfb, 0x7d, 0x74, 0xd7, 0xa8, 0x0d, 0x00, 0x1e, 0x7b, 0x4b, 0x3a, 0x4a, 0xe6, 0x0f, 0xe8, 0xc0, 0x71, 0xfc, 0x73, 0xe7, 0x02, 0x4c, 0x0d, 0xbc, 0xf4, 0xbd, 0xd1, 0x1d, 0x39, 0x6b, 0xba, 0x70, 0x46, 0x4a, 0x13, 0xe9, 0x4a, 0xf8, 0x3d, 0xf3, 0xe1, 0x09, 0x59, 0x54, 0x7b, 0xc9, 0x55, 0xfb, 0x41, 0x2d, 0xa3, 0x76, 0x52, 0x11, 0xe1, 0xf3, 0xdc, 0x77, 0x6c, 0xaa, 0x53, 0x37, 0x6e, 0xca, 0x3a, 0xec, 0xbe, 0xc3, 0xaa, 0xb7, 0x3b, 0x31, 0xd5, 0x6c, 0xb6, 0x52, 0x9c, 0x80, 0x98, 0xbc, 0xc9, 0xe0, 0x28, 0x18, 0xe2, 0x0b, 0xf7, 0xf8, 0xa0, 0x3a, 0xfd, 0x17, 0x04, 0x50, 0x9e, 0xce, 0x79, 0xbd, 0x9f, 0x39, 0xf1, 0xea, 0x69, 0xec, 0x47, 0x97, 0x2e, 0x83, 0x0f, 0xb5, 0xca, 0x95, 0xde, 0x95, 0xa1, 0xe6, 0x04, 0x22, 0xd5, 0xee, 0xbe, 0x52, 0x79, 0x54, 0xa1, 0xe7, 0xbf, 0x8a, 0x86, 0xf6, 0x46, 0x6d, 0x0d, 0x9f, 0x16, 0x95, 0x1a, 0x4c, 0xf7, 0xa0, 0x46, 0x92, 0x59, 0x5c, 0x13, 0x52, 0xf2, 0x54, 0x9e, 0x5a, 0xfb, 0x4e, 0xbf, 0xd7, 0x7a, 0x37, 0x95, 0x01, 0x44, 0xe4, 0xc0, 0x26, 0x87, 0x4c, 0x65, 0x3e, 0x40, 0x7d, 0x7d, 0x23, 0x07, 0x44, 0x01, 0xf4, 0x84, 0xff, 0xd0, 0x8f, 0x7a, 0x1f, 0xa0, 0x52, 0x10, 0xd1, 0xf4, 0xf0, 0xd5, 0xce, 0x79, 0x70, 0x29, 0x32, 0xe2, 0xca, 0xbe, 0x70, 0x1f, 0xdf, 0xad, 0x6b, 0x4b, 0xb7, 0x11, 0x01, 0xf4, 0x4b, 0xad, 0x66, 0x6a, 0x11, 0x13, 0x0f, 0xe2, 0xee, 0x82, 0x9e, 0x4d, 0x02, 0x9d, 0xc9, 0x1c, 0xdd, 0x67, 0x16, 0xdb, 0xb9, 0x06, 0x18, 0x86, 0xed, 0xc1, 0xba, 0x94, 0x21
|
||||
];
|
||||
|
||||
const SIGNATURE: [u8; 256] = [
|
||||
0x59, 0x16, 0x45, 0xa6, 0x9a, 0x2e, 0x37, 0x79, 0xe4, 0xf6, 0xdd, 0x27, 0x1a, 0xba, 0x1c, 0x0b, 0xfd, 0x6c, 0xd7, 0x55, 0x99, 0xb5, 0xe7, 0xc3, 0x6e, 0x53, 0x3e, 0xff, 0x36, 0x59, 0x08, 0x43, 0x24, 0xc9, 0xe7, 0xa5, 0x04, 0x07, 0x9d, 0x39, 0xe0, 0xd4, 0x29, 0x87, 0xff, 0xe3, 0xeb, 0xdd, 0x09, 0xc1, 0xcf, 0x1d, 0x91, 0x44, 0x55, 0x87, 0x0b, 0x57, 0x1d, 0xd1, 0x9b, 0xdf, 0x1d, 0x24, 0xf8, 0xbb, 0x9a, 0x11, 0xfe, 0x80, 0xfd, 0x59, 0x2b, 0xa0, 0x39, 0x8c, 0xde, 0x11, 0xe2, 0x65, 0x1e, 0x61, 0x8c, 0xe5, 0x98, 0xfa, 0x96, 0xe5, 0x37, 0x2e, 0xef, 0x3d, 0x24, 0x8a, 0xfd, 0xe1, 0x74, 0x63, 0xeb, 0xbf, 0xab, 0xb8, 0xe4, 0xd1, 0xab, 0x50, 0x2a, 0x54, 0xec, 0x00, 0x64, 0xe9, 0x2f, 0x78, 0x19, 0x66, 0x0d, 0x3f, 0x27, 0xcf, 0x20, 0x9e, 0x66, 0x7f, 0xce, 0x5a, 0xe2, 0xe4, 0xac, 0x99, 0xc7, 0xc9, 0x38, 0x18, 0xf8, 0xb2, 0x51, 0x07, 0x22, 0xdf, 0xed, 0x97, 0xf3, 0x2e, 0x3e, 0x93, 0x49, 0xd4, 0xc6, 0x6c, 0x9e, 0xa6, 0x39, 0x6d, 0x74, 0x44, 0x62, 0xa0, 0x6b, 0x42, 0xc6, 0xd5, 0xba, 0x68, 0x8e, 0xac, 0x3a, 0x01, 0x7b, 0xdd, 0xfc, 0x8e, 0x2c, 0xfc, 0xad, 0x27, 0xcb, 0x69, 0xd3, 0xcc, 0xdc, 0xa2, 0x80, 0x41, 0x44, 0x65, 0xd3, 0xae, 0x34, 0x8c, 0xe0, 0xf3, 0x4a, 0xb2, 0xfb, 0x9c, 0x61, 0x83, 0x71, 0x31, 0x2b, 0x19, 0x10, 0x41, 0x64, 0x1c, 0x23, 0x7f, 0x11, 0xa5, 0xd6, 0x5c, 0x84, 0x4f, 0x04, 0x04, 0x84, 0x99, 0x38, 0x71, 0x2b, 0x95, 0x9e, 0xd6, 0x85, 0xbc, 0x5c, 0x5d, 0xd6, 0x45, 0xed, 0x19, 0x90, 0x94, 0x73, 0x40, 0x29, 0x26, 0xdc, 0xb4, 0x0e, 0x34, 0x69, 0xa1, 0x59, 0x41, 0xe8, 0xe2, 0xcc, 0xa8, 0x4b, 0xb6, 0x08, 0x46, 0x36, 0xa0
|
||||
];
|
||||
|
||||
const VERIFY_SIGNATURE: [u8; 256] = [
|
||||
0x17, 0xfe, 0xb5, 0x33, 0xca, 0x6d, 0x00, 0x7d, 0x00, 0x58, 0x25, 0x79, 0x68, 0x42, 0x4b, 0xbc, 0x3a, 0xa6, 0x90, 0x9e, 0x9d, 0x49, 0x55, 0x75, 0x76, 0xa5, 0x20, 0xe0, 0x4a, 0x5e, 0xf0, 0x5f, 0x0e, 0x86, 0xd2, 0x4f, 0xf4, 0x3f, 0x8e, 0xb8, 0x61, 0xee, 0xf5, 0x95, 0x22, 0x8d, 0x70, 0x32, 0xaa, 0x36, 0x0f, 0x71, 0x4e, 0x66, 0x74, 0x13, 0x92, 0x6e, 0xf4, 0xf8, 0xb5, 0x80, 0x3b, 0x69, 0xe3, 0x55, 0x19, 0xe3, 0xb2, 0x3f, 0x43, 0x73, 0xdf, 0xac, 0x67, 0x87, 0x06, 0x6d, 0xcb, 0x47, 0x56, 0xb5, 0x45, 0x60, 0xe0, 0x88, 0x6e, 0x9b, 0x96, 0x2c, 0x4a, 0xd2, 0x8d, 0xab, 0x26, 0xba, 0xd1, 0xab, 0xc2, 0x59, 0x16, 0xb0, 0x9a, 0xf2, 0x86, 0x53, 0x7f, 0x68, 0x4f, 0x80, 0x8a, 0xef, 0xee, 0x73, 0x04, 0x6c, 0xb7, 0xdf, 0x0a, 0x84, 0xfb, 0xb5, 0x96, 0x7a, 0xca, 0x13, 0x1f, 0x4b, 0x1c, 0xf3, 0x89, 0x79, 0x94, 0x03, 0xa3, 0x0c, 0x02, 0xd2, 0x9c, 0xbd, 0xad, 0xb7, 0x25, 0x12, 0xdb, 0x9c, 0xec, 0x2e, 0x5e, 0x1d, 0x00, 0xe5, 0x0c, 0xaf, 0xcf, 0x6f, 0x21, 0x09, 0x1e, 0xbc, 0x4f, 0x25, 0x3c, 0x5e, 0xab, 0x01, 0xa6, 0x79, 0xba, 0xea, 0xbe, 0xed, 0xb9, 0xc9, 0x61, 0x8f, 0x66, 0x00, 0x6b, 0x82, 0x44, 0xd6, 0x62, 0x2a, 0xaa, 0x56, 0x88, 0x7c, 0xcf, 0xc6, 0x6a, 0x0f, 0x38, 0x51, 0xdf, 0xa1, 0x3a, 0x78, 0xcf, 0xf7, 0x99, 0x1e, 0x03, 0xcb, 0x2c, 0x3a, 0x0e, 0xd8, 0x7d, 0x73, 0x67, 0x36, 0x2e, 0xb7, 0x80, 0x5b, 0x00, 0xb2, 0x52, 0x4f, 0xf2, 0x98, 0xa4, 0xda, 0x48, 0x7c, 0xac, 0xde, 0xaf, 0x8a, 0x23, 0x36, 0xc5, 0x63, 0x1b, 0x3e, 0xfa, 0x93, 0x5b, 0xb4, 0x11, 0xe7, 0x53, 0xca, 0x13, 0xb0, 0x15, 0xfe, 0xc7, 0xe4, 0xa7, 0x30, 0xf1, 0x36, 0x9f, 0x9e
|
||||
];
|
||||
|
||||
const RSA_PSS_CERT: [u8; 0x3AB] =
|
||||
hex_literal::hex!("308203a73082028fa00302010202146642be8f709457f9cd6eed72051c240a5565138c300d06092a864886f70d01010a30003063310b30090603550406130255533113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c7464311c301a06035504030c136578616d706c652e756c666865696d2e6e6574301e170d3230313130343039313535325a170d3231313130343039313535325a3063310b30090603550406130255533113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c7464311c301a06035504030c136578616d706c652e756c666865696d2e6e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100b5a347b654ca0bad8d56990e70aa7411b78dedc9fd9a6760ee936ea01486238538dbc4d0bc95a1a5f060b6296ba67001f103cfd918ad1ec33a1a680d4e8283a24300391e9a53cd6641fc51f0a984c3cd16542b934a0ec8c3447782542628320d6c24988cf0b7b19bbaba91f1999968def724d8e65b624fbb9826208aece1ee90badda7c6b8a97fc4085299f9d32661a06bc67d2d662e0efcee1df5b6dc1d02e56929d8976441456d0fe50314c9861e9845f75f5dc2ca9828089b5d4bd109d1e8ada8986c5bd68ee004a7bfcb932768023e11fe8e299b25b8774ed8bdbb0f644ddaa83df1ff4e84bfc18d3b815decb5ca4f1db1125df98dba94e4ef5570ec5a510203010001a3533051301d0603551d0e04160414050928eff30f3094f01ddb09f1d7a9193addf854301f0603551d23041830168014050928eff30f3094f01ddb09f1d7a9193addf854300f0603551d130101ff040530030101ff300d06092a864886f70d01010a300003820101002d14281587dc33d4559e77852d17fade1a9f3f0e5af847bde80c921be360d6e3b598dfb50aad706de3832841798b66736b9296a83c06e0078dceabc39760a5bf5eb7a7287859b22e9beb7ebb928b99034d155fd12307ee541ea53979bb8afb62db233dfcf1e16afea5eac33817b8cbb13841cb89e9b65a5a4b08a6c6e3d1e0036bc9576b90cf62437e3ef985f02b88be4e6863068c9bc45dd473763f4cdcfc3bfb8a90d7b3225b67a3a39c6ac446de55596dc135221b4383773ddd9efdcca48f389af9c1c0547e0ada1c14153fc38e02c95e4c37da45af1e6d3b0a6cafb603d95a1c887384b476caf60783835a150ee7fd22b6838ce19adcb2e59572c6349703");
|
||||
|
||||
@ -127,3 +114,13 @@ const ECDSA_P256_CERT: [u8; 0x0219] =
|
||||
|
||||
const ED25519_CERT: [u8; 0x0187] =
|
||||
hex_literal::hex!("30820183308201350214644c27b38f4bd515d9c06f72609ed50844499917300506032b65703064310b30090603550406130255533113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c7464311d301b06035504030c146578616d706c65732e756c666865696d2e6e6574301e170d3230313130353035313435365a170d3232313030363035313435365a3064310b30090603550406130255533113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c7464311d301b06035504030c146578616d706c65732e756c666865696d2e6e6574302a300506032b6570032100be9d2a3f45d7bd86a6fba8acf3dc58d1241e4272f100c81779bc43e96b779515300506032b6570034100b7017b76d0f9f6f58f7bb28de5459c127a3a539ed73997dcd42a0e0484d5768d42b5f5b0e275c99b856124b20983b2dca66dec380b15b5425f9ccf87a3dc5700");
|
||||
|
||||
const CA_SIGNED_CERT: [u8; 0x0356] =
|
||||
hex_literal::hex!(
|
||||
"308203523082023a02146048517ee55aabd1e8f2bd7db1d91e679708e644300d06092a864886f70d01010b05003067310b30090603550406130255533113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c74643120301e06035504030c176578616d706c65732e63612e756c666865696d2e6e6574301e170d3230313130363034323035305a170d3230313230363034323035305a3064310b30090603550406130255533113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c7464311d301b06035504030c146578616d706c65732e756c666865696d2e6e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100b2940671bfe7ace7416ba9d34018c229588e9d4eed8bd6623e44ab1239e8f1f0de9050b2f485a98e63f5b483330fb0b5abaeb33d11889033b0b684bf34696d28206bb361782c4b106a8d47874cbbdf971b5ab887bca508bccf250a1a811cee078464638e441941347d4c8885ac9b59d9fc9636276912b04d9e3ab29bd8ad319572ae54f0b6145c4d675a78607dcc4793a4d432f1c2a41ea29dd4f7262b6fe472dfaea51aca992b4624e73fa9901fa364fc5b721052ef3187e659d58d2706770d365380a7ebab6caac5b23271c01531fdf95368ee48af5383035f249be7c18f50ce9e52877558efe4b2e29f61328396e2a3b5e71309ad13d93d6ba3d5c3eb2b650203010001300d06092a864886f70d01010b0500038201010063c9ab0f5d2e164513e8e74b656ae4f48dd004c3ead9f1026b7741cbf02bb0efcf19e0fbf8a788dae059a2393167f016bafc0e3efd5c5b4c43079b6506eb67f17f44f9591503c7d1fdb77bf631894817393ea82610ad5106d23ec6bf1a6d96d749f05c0136cd71256617a51fe862529aee4a37d5f456dc7da8b220ff10ede4e87bc63e4589b3f81133a7f82ab900419e8a2d802d59e99cfbbd268702efd17616168b45b5211da0e644c29dcb92dbbf32b43586bbab05deb0261771605c52836363bd28ff9853d44436349f5ba11f2640bc9c42688e0d5eb6cac9f3f5e5f98652fa4f4ba52604371ec45f09d678e31d463285a4b3734f587f35a339920544f476"
|
||||
);
|
||||
|
||||
const SELF_SIGNED_WITH_SAN: [u8; 0x03E8] =
|
||||
hex_literal::hex!(
|
||||
"308203e4308202cca00302010202145e88e088cb38c6b2b61eb94eae6d2c2429382148300d06092a864886f70d01010b05003070310b3009060355040613025553310b300906035504080c0256413111300f06035504070c08536f6d654369747931123010060355040a0c094d79436f6d70616e7931133011060355040b0c0a4d794469766973696f6e3118301606035504030c0f7777772e636f6d70616e792e636f6d301e170d3230313130363039303230345a170d3232313130363039303230345a3070310b3009060355040613025553310b300906035504080c0256413111300f06035504070c08536f6d654369747931123010060355040a0c094d79436f6d70616e7931133011060355040b0c0a4d794469766973696f6e3118301606035504030c0f7777772e636f6d70616e792e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100e1d7d8ddb3ec0e334e7d8e5aff8272384e755488e887b1ac9c520a95fbfb75aff84e5d5bab76fe397d0bd73e9bf5358824ecf26c2040f4f04ccff04e60e5469294fb2b18fa8533d8826d1cac977d37f0673fb102fa583e78cb965271f66160b86889acf7add28804eeaeff385084961c3e60dda38f83dd7f37eead28dfedd715fbc57512e9f7c0b297eea2ad752483bc09d9dfd7d8466a5de3f875bb5b9a86b6f0cc4853bab323c0e31369d36f4e230d498198d800f2fefdc70525e5e8785262d90e67c442dc1c92ea22239dbdb0f5915b0e9ac05fd23a755e92030af606b0bf738bd5d9e7416c278785066057a3a828030229a5e6ec8f1a561fa6d4b03473650203010001a3763074300b0603551d0f04040302043030130603551d25040c300a06082b0601050507030130500603551d1104493047820f7777772e636f6d70616e792e6e6574820b636f6d70616e792e636f6d820b636f6d70616e792e6e6574810b626f6240636f6d70616e79810d616c69636540636f6d70616e79300d06092a864886f70d01010b050003820101008ee6ca325376df41ca6858c5ab6bc2d82d20b8d20bd7a6a007a62047f67e4c5988dc60e6e313a3d4456c87ac9b7d064af61012d9e5e630839471255166fb3f2de460dbf2ff88f2b26d385e605c7f47f8bd0a34e1ab4726e82642c5eba7e2b49a05c829704618362341ce02dca477b76e6d8919a4ec568aafa581a710220c7101d686f36f381b1851c06ed9f2c3de26befb95ea653dc7429c0abe8dd66b2328d7b41222b06237840835a15073d3f314c0d84b812fe7829e42da8174dac600845bf367685c5607196c2bcc06aad54eec531d93cfb6fea7995d65272cab575faaac7c9029a312e664ef0d3880fa4e0acaeee4c144ffb994a64118713def59360f6c"
|
||||
);
|
||||
|
||||
@ -72,6 +72,7 @@ pub const CERT_POLICIES: &'static [u8] = &[85, 29, 32];
|
||||
pub const CERT_BASIC_CONSTRAINTS: &'static [u8] = &[85, 29, 19]; // 2.5.29.19
|
||||
pub const CERT_EXT_KEY_USAGE: &'static [u8] = &[85, 29, 37]; // 2.5.29.37
|
||||
pub const CERT_INHIBIT_ANY_POLICY: &'static [u8] = &[85, 29, 54]; // 2.5.29.54
|
||||
pub const CERT_SUBJECTALTNAME: &'static [u8] = &[85, 29, 17]; // 2.5.29.17
|
||||
// Extended Key Extensions
|
||||
pub const ANY_EXTENDED_KEY_USAGE: &'static [u8] = &[85, 29, 37, 0]; // 2.5.29.37.0
|
||||
pub const ID_KP_SERVER_AUTH: &'static [u8] = &[43, 6, 1, 5, 5, 7, 3, 1]; // 1.3.6.1.5.5.7.3.1
|
||||
@ -79,4 +80,4 @@ pub const ID_KP_CLIENT_AUTH: &'static [u8] = &[43, 6, 1, 5, 5, 7, 3,
|
||||
pub const ID_KP_CODE_SIGNING: &'static [u8] = &[43, 6, 1, 5, 5, 7, 3, 3]; // 1.3.6.1.5.5.7.3.3
|
||||
pub const ID_KP_EMAIL_PROTECTION: &'static [u8] = &[43, 6, 1, 5, 5, 7, 3, 4]; // 1.3.6.1.5.5.7.3.4
|
||||
pub const ID_KP_TIME_STAMPING: &'static [u8] = &[43, 6, 1, 5, 5, 7, 3, 8]; // 1.3.6.1.5.5.7.3.8
|
||||
pub const ID_KP_OCSP_SIGNING: &'static [u8] = &[43, 6, 1, 5, 5, 7, 3, 9];
|
||||
pub const ID_KP_OCSP_SIGNING: &'static [u8] = &[43, 6, 1, 5, 5, 7, 3, 9];
|
||||
202
src/parse.rs
202
src/parse.rs
@ -24,6 +24,9 @@ use crate::certificate::{
|
||||
ExtensionValue as Asn1DerExtensionValue,
|
||||
PolicyInformation as Asn1DerPolicyInformation,
|
||||
TBSCertificate as Asn1DerTBSCertificate,
|
||||
Name as Asn1DerName,
|
||||
AttributeTypeAndValue as Asn1DerAttribute,
|
||||
GeneralName as Asn1DerGeneralName
|
||||
};
|
||||
|
||||
use crate::oid;
|
||||
@ -656,9 +659,9 @@ pub fn parse_asn1_der_tbs_certificate(bytes: &[u8]) -> IResult<&[u8], Asn1DerTBS
|
||||
opt(parse_asn1_der_version),
|
||||
parse_asn1_der_serial_number,
|
||||
parse_asn1_der_algorithm_identifier,
|
||||
parse_asn1_der_sequence,
|
||||
parse_asn1_der_name,
|
||||
parse_asn1_der_validity,
|
||||
parse_asn1_der_sequence,
|
||||
parse_asn1_der_name,
|
||||
parse_asn1_der_subject_key_public_info,
|
||||
opt(parse_asn1_der_bit_string),
|
||||
opt(parse_asn1_der_bit_string),
|
||||
@ -748,13 +751,24 @@ pub fn parse_asn1_der_boolean(bytes: &[u8]) -> IResult<&[u8], bool> {
|
||||
// SEQUENCE: tag: 0x30
|
||||
pub fn parse_asn1_der_sequence(bytes: &[u8]) -> IResult<&[u8], &[u8]> {
|
||||
let (rest, (tag_val, _, value)) = parse_asn1_der_object(bytes)?;
|
||||
// Verify the tag is indeed 0x03
|
||||
// Verify the tag is indeed 0x30
|
||||
if tag_val != 0x30 {
|
||||
return Err(nom::Err::Failure((&[], ErrorKind::Verify)));
|
||||
}
|
||||
Ok((rest, value))
|
||||
}
|
||||
|
||||
// SET: tag: 0x31
|
||||
pub fn parse_asn1_der_set(bytes: &[u8]) -> IResult<&[u8], &[u8]> {
|
||||
let (rest, (tag_val, _, value)) = parse_asn1_der_object(bytes)?;
|
||||
// Verify the tag is indeed 0x31
|
||||
if tag_val != 0x31 {
|
||||
return Err(nom::Err::Failure((&[], ErrorKind::Verify)));
|
||||
}
|
||||
|
||||
Ok((rest, value))
|
||||
}
|
||||
|
||||
// CertificateSerialNumber: alias of INTEGER
|
||||
pub fn parse_asn1_der_serial_number(bytes: &[u8]) -> IResult<&[u8], &[u8]> {
|
||||
parse_asn1_der_integer(bytes)
|
||||
@ -770,8 +784,6 @@ pub fn parse_asn1_der_algorithm_identifier(bytes: &[u8]) -> IResult<&[u8], Asn1D
|
||||
}
|
||||
// Parse OID, leave the rest as optionl parameters
|
||||
let (optional_param, oid) = parse_asn1_der_oid(value)?;
|
||||
log::info!("OID: {:X?}", oid);
|
||||
log::info!("Optional parameter: {:X?}", optional_param);
|
||||
|
||||
Ok((
|
||||
rest,
|
||||
@ -792,6 +804,55 @@ pub fn parse_asn1_der_oid(bytes: &[u8]) -> IResult<&[u8], &[u8]> {
|
||||
Ok((rest, value))
|
||||
}
|
||||
|
||||
// Parser for Name, applicable to issuer and subject field of TBS cert.
|
||||
pub fn parse_asn1_der_name(bytes: &[u8]) -> IResult<&[u8], Asn1DerName> {
|
||||
let (rest, mut rdn_sequence) = parse_asn1_der_sequence(bytes)?;
|
||||
let mut attributes_vec: Vec<Asn1DerAttribute> = Vec::new();
|
||||
|
||||
while rdn_sequence.len() != 0 {
|
||||
let (rem, attribute) = parse_asn1_der_attribute_type_and_value(
|
||||
rdn_sequence
|
||||
)?;
|
||||
rdn_sequence = rem;
|
||||
attributes_vec.push(attribute);
|
||||
}
|
||||
|
||||
Ok((
|
||||
rest,
|
||||
Asn1DerName {
|
||||
relative_distinguished_name: attributes_vec
|
||||
}
|
||||
))
|
||||
}
|
||||
|
||||
// Parser for AttributeTypeAndValue struct, typically wrapped inside Name struct
|
||||
pub fn parse_asn1_der_attribute_type_and_value(bytes: &[u8]) -> IResult<&[u8], Asn1DerAttribute> {
|
||||
let (rest, set) = parse_asn1_der_set(bytes)?;
|
||||
let (_, attribute) = complete(
|
||||
parse_asn1_der_sequence
|
||||
)(set)?;
|
||||
|
||||
let (_, (oid, (tag_val, _, value))) = complete(
|
||||
tuple((
|
||||
parse_asn1_der_oid,
|
||||
parse_asn1_der_object
|
||||
))
|
||||
)(attribute)?;
|
||||
|
||||
// Verify that tag_val is either "PrintableString or UTF8String"
|
||||
if tag_val != 0x13 && tag_val != 0x0C {
|
||||
return Err(nom::Err::Error((bytes, ErrorKind::Verify)));
|
||||
}
|
||||
|
||||
Ok((
|
||||
rest,
|
||||
Asn1DerAttribute {
|
||||
attribute_type: oid,
|
||||
attribute_value: core::str::from_utf8(value).unwrap()
|
||||
}
|
||||
))
|
||||
}
|
||||
|
||||
// Parser for Time Validity Sequence Structure (0x30)
|
||||
pub fn parse_asn1_der_validity(bytes: &[u8]) -> IResult<&[u8], Asn1DerValidity> {
|
||||
let (rest, (tag_val, _, value)) = parse_asn1_der_object(bytes)?;
|
||||
@ -937,6 +998,12 @@ pub fn parse_asn1_der_extension(bytes: &[u8]) -> IResult<&[u8], Asn1DerExtension
|
||||
)(rem_ext_data)?;
|
||||
extension_value
|
||||
},
|
||||
oid::CERT_SUBJECTALTNAME => {
|
||||
let (_, extension_value) = complete(
|
||||
parse_asn1_der_subject_alternative_name
|
||||
)(rem_ext_data)?;
|
||||
extension_value
|
||||
}
|
||||
// TODO: Parse extension value for recognized extensions
|
||||
_ => Asn1DerExtensionValue::Unrecognized
|
||||
};
|
||||
@ -975,6 +1042,131 @@ pub fn parse_asn1_der_key_usage(bytes: &[u8]) -> IResult<&[u8], Asn1DerExtension
|
||||
))
|
||||
}
|
||||
|
||||
// Parser for Subject Alternative Name
|
||||
pub fn parse_asn1_der_subject_alternative_name(bytes: &[u8]) -> IResult<&[u8], Asn1DerExtensionValue> {
|
||||
let (_, mut names) = complete(
|
||||
parse_asn1_der_sequence
|
||||
)(bytes)?;
|
||||
|
||||
let mut general_names: Vec<Asn1DerGeneralName> = Vec::new();
|
||||
|
||||
while names.len() != 0 {
|
||||
let (rest, (tag_val, _, name_value)) = parse_asn1_der_object(names)?;
|
||||
match tag_val {
|
||||
0x80 => {
|
||||
let (_, seq) = complete(
|
||||
parse_asn1_der_sequence
|
||||
)(name_value)?;
|
||||
let (_, (oid, (inner_tag_val, _, value))) = complete(
|
||||
tuple((
|
||||
parse_asn1_der_oid,
|
||||
parse_asn1_der_object
|
||||
))
|
||||
)(seq)?;
|
||||
if inner_tag_val != 0x80 {
|
||||
return Err(nom::Err::Error((bytes, ErrorKind::Verify)));
|
||||
}
|
||||
general_names.push(
|
||||
Asn1DerGeneralName::OtherName { type_id: oid, value }
|
||||
);
|
||||
},
|
||||
|
||||
0x81 => {
|
||||
general_names.push(
|
||||
Asn1DerGeneralName::RFC822Name(name_value)
|
||||
);
|
||||
},
|
||||
|
||||
0x82 => {
|
||||
general_names.push(
|
||||
Asn1DerGeneralName::DNSName(name_value)
|
||||
);
|
||||
},
|
||||
|
||||
0x83 => {
|
||||
general_names.push(
|
||||
Asn1DerGeneralName::X400Address(name_value)
|
||||
);
|
||||
},
|
||||
|
||||
0x84 => {
|
||||
general_names.push(
|
||||
Asn1DerGeneralName::DirectoryName(name_value)
|
||||
);
|
||||
},
|
||||
|
||||
0x85 => {
|
||||
let (_, seq) = complete(
|
||||
parse_asn1_der_sequence
|
||||
)(name_value)?;
|
||||
let (_, (
|
||||
(name_assigner_tag_val, _, name_assigner),
|
||||
party_name
|
||||
)) = complete(
|
||||
tuple((
|
||||
parse_asn1_der_object,
|
||||
opt(parse_asn1_der_object)
|
||||
))
|
||||
)(seq)?;
|
||||
|
||||
let general_name = if party_name.is_none() && name_assigner_tag_val == 0x81 {
|
||||
Asn1DerGeneralName::EDIPartyName {
|
||||
name_assigner: &[],
|
||||
party_name: name_assigner
|
||||
}
|
||||
} else if party_name.is_some() && name_assigner_tag_val == 0x80 {
|
||||
if let Some((party_name_tag_val, _, party_name_value)) = party_name {
|
||||
if party_name_tag_val == 0x81 {
|
||||
Asn1DerGeneralName::EDIPartyName {
|
||||
name_assigner,
|
||||
party_name: party_name_value
|
||||
}
|
||||
}
|
||||
else {
|
||||
return Err(nom::Err::Error((bytes, ErrorKind::Verify)))
|
||||
}
|
||||
} else {
|
||||
return Err(nom::Err::Error((bytes, ErrorKind::Verify)))
|
||||
}
|
||||
} else {
|
||||
return Err(nom::Err::Error((bytes, ErrorKind::Verify)))
|
||||
};
|
||||
|
||||
general_names.push(
|
||||
general_name
|
||||
);
|
||||
},
|
||||
|
||||
0x86 => {
|
||||
general_names.push(
|
||||
Asn1DerGeneralName::URI(name_value)
|
||||
);
|
||||
},
|
||||
|
||||
0x87 => {
|
||||
general_names.push(
|
||||
Asn1DerGeneralName::IPAddress(name_value)
|
||||
);
|
||||
},
|
||||
|
||||
0x88 => {
|
||||
general_names.push(
|
||||
Asn1DerGeneralName::RegisteredID(name_value)
|
||||
);
|
||||
},
|
||||
|
||||
_ => return Err(nom::Err::Error((bytes, ErrorKind::Verify)))
|
||||
}
|
||||
|
||||
names = rest;
|
||||
}
|
||||
|
||||
Ok((
|
||||
&[],
|
||||
Asn1DerExtensionValue::SubjectAlternativeName { general_names }
|
||||
))
|
||||
}
|
||||
|
||||
// Parser for CertificatePolicies Extension (sequence: 0x30)
|
||||
pub fn parse_asn1_der_certificate_policies(bytes: &[u8]) -> IResult<&[u8], Asn1DerExtensionValue> {
|
||||
let (rest, (tag_val, _, mut value)) = parse_asn1_der_object(bytes)?;
|
||||
|
||||
@ -1481,7 +1481,7 @@ impl Cipher {
|
||||
}
|
||||
}
|
||||
|
||||
pub(crate) enum CertificatePublicKey {
|
||||
pub enum CertificatePublicKey {
|
||||
RSA {
|
||||
cert_rsa_public_key: RSAPublicKey
|
||||
},
|
||||
|
||||
@ -472,10 +472,6 @@ impl<R: 'static + RngCore + CryptoRng> TlsSocket<R> {
|
||||
|
||||
// TODO: Replace this block after implementing a proper
|
||||
// certificate verification procdeure
|
||||
// match validate_root_certificate(cert) {
|
||||
// Ok(true) => {},
|
||||
// _ => panic!("Certificate does not match")
|
||||
// }
|
||||
cert.validate_self_signed_signature().expect("Signature mismatched");
|
||||
|
||||
// Update session TLS state to WAIT_CV
|
||||
|
||||
@ -178,6 +178,19 @@ impl<'a, 'b> HandshakeRepr<'a> {
|
||||
}
|
||||
}
|
||||
|
||||
pub(crate) fn get_all_asn1_der_certificates(&self) -> Result<Vec<&Asn1DerCertificate>, ()> {
|
||||
if self.msg_type != HandshakeType::Certificate {
|
||||
return Err(())
|
||||
};
|
||||
if let HandshakeData::Certificate(
|
||||
cert
|
||||
) = &self.handshake_data {
|
||||
Ok(cert.get_all_certificates())
|
||||
} else {
|
||||
Err(())
|
||||
}
|
||||
}
|
||||
|
||||
pub(crate) fn get_signature(&self) -> Result<(SignatureScheme, &[u8]), ()> {
|
||||
if self.msg_type != HandshakeType::CertificateVerify {
|
||||
return Err(())
|
||||
@ -767,6 +780,14 @@ impl<'a> Certificate<'a> {
|
||||
pub(crate) fn get_certificate(&self, index: usize) -> &Asn1DerCertificate {
|
||||
self.certificate_list[index].get_certificate()
|
||||
}
|
||||
|
||||
pub(crate) fn get_all_certificates(&self) -> Vec<&Asn1DerCertificate> {
|
||||
let mut certificate_vec = Vec::new();
|
||||
for cert_entry in self.certificate_list.iter() {
|
||||
certificate_vec.push(cert_entry.get_certificate())
|
||||
}
|
||||
certificate_vec
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone)]
|
||||
|
||||
Loading…
Reference in New Issue
Block a user