Compare commits
3 Commits
50cf99b5e4
...
47f2229feb
| Author | SHA1 | Date | |
|---|---|---|---|
| 47f2229feb | |||
| 7597e41859 | |||
| 21234c485d |
@ -932,7 +932,7 @@ pub fn parse_asn1_der_attribute_type_and_value(bytes: &[u8]) -> IResult<&[u8], A
|
||||
)(set)?;
|
||||
|
||||
// Verify that tag_val is either "PrintableString or UTF8String"
|
||||
if tag_val != 0x13 && tag_val != 0x0C {
|
||||
if tag_val != 0x13 && tag_val != 0x0C && tag_val != 0x16 {
|
||||
return Err(nom::Err::Error((bytes, ErrorKind::Verify)));
|
||||
}
|
||||
|
||||
|
||||
@ -610,15 +610,26 @@ impl<'a> Session<'a> {
|
||||
.verify_digest(
|
||||
verify_hash, &ecdsa_signature
|
||||
).unwrap();
|
||||
return
|
||||
|
||||
// Usual procedures: update hash
|
||||
self.hash.update(cert_verify_slice);
|
||||
// At last, update client state
|
||||
self.state = TlsState::WAIT_FINISHED;
|
||||
return;
|
||||
}
|
||||
|
||||
// ED25519 only accepts PureEdDSA implementation
|
||||
if signature_algorithm == SignatureScheme::ed25519 {
|
||||
let verify_hash = Sha512::new()
|
||||
.chain(&[0x20; 64])
|
||||
.chain("TLS 1.3, server CertificateVerify")
|
||||
.chain(&[0])
|
||||
.chain(&transcript_hash);
|
||||
// 64 bytes of 0x20
|
||||
// 33 bytes of text
|
||||
// 1 byte of 0
|
||||
// potentially 48 bytes of transcript hash
|
||||
// 146 bytes in total
|
||||
let mut verify_message: Vec<u8, U146> = Vec::new();
|
||||
verify_message.extend_from_slice(&[0x20; 64]).unwrap();
|
||||
verify_message.extend_from_slice(b"TLS 1.3, server CertificateVerify").unwrap();
|
||||
verify_message.extend_from_slice(&[0]).unwrap();
|
||||
verify_message.extend_from_slice(&transcript_hash).unwrap();
|
||||
let ed25519_signature = ed25519_dalek::Signature::try_from(
|
||||
signature
|
||||
).unwrap();
|
||||
@ -626,9 +637,14 @@ impl<'a> Session<'a> {
|
||||
.unwrap()
|
||||
.get_ed25519_public_key()
|
||||
.unwrap()
|
||||
.verify_prehashed(verify_hash, None, &ed25519_signature)
|
||||
.verify_strict(&verify_message, &ed25519_signature)
|
||||
.unwrap();
|
||||
return
|
||||
|
||||
// Usual procedures: update hash
|
||||
self.hash.update(cert_verify_slice);
|
||||
// At last, update client state
|
||||
self.state = TlsState::WAIT_FINISHED;
|
||||
return;
|
||||
}
|
||||
|
||||
// Get verification hash, and verify the signature
|
||||
@ -695,7 +711,6 @@ impl<'a> Session<'a> {
|
||||
.verify(
|
||||
padding, &verify_hash, signature
|
||||
);
|
||||
log::info!("Algorithm {:?} Certificate verify: {:?}", signature_algorithm, verify_result);
|
||||
if verify_result.is_err() {
|
||||
todo!()
|
||||
}
|
||||
@ -1160,7 +1175,6 @@ impl<'a> Session<'a> {
|
||||
} else {
|
||||
unreachable!()
|
||||
};
|
||||
log::info!("Client Transcript Hash: {:?}", transcript_hash);
|
||||
|
||||
use crate::tls_packet::SignatureScheme::*;
|
||||
// RSA signature must be with PSS padding scheme
|
||||
@ -1275,7 +1289,7 @@ impl<'a> Session<'a> {
|
||||
|
||||
use p256::ecdsa::signature::DigestSigner;
|
||||
let sig_vec = alloc::vec::Vec::from(
|
||||
cert_signing_key.sign_digest(verify_hash).as_ref()
|
||||
cert_signing_key.sign_digest(verify_hash).to_asn1().as_ref()
|
||||
);
|
||||
|
||||
(
|
||||
@ -1285,11 +1299,12 @@ impl<'a> Session<'a> {
|
||||
},
|
||||
|
||||
CertificatePrivateKey::ED25519 { cert_eddsa_key } => {
|
||||
let verify_hash = sha2::Sha512::new()
|
||||
.chain(&[0x20; 64])
|
||||
.chain("TLS 1.3, client CertificateVerify")
|
||||
.chain(&[0x00])
|
||||
.chain(&transcript_hash);
|
||||
// Similar to server CertificateVerify
|
||||
let mut verify_message: Vec<u8, U146> = Vec::new();
|
||||
verify_message.extend_from_slice(&[0x20; 64]).unwrap();
|
||||
verify_message.extend_from_slice(b"TLS 1.3, client CertificateVerify").unwrap();
|
||||
verify_message.extend_from_slice(&[0]).unwrap();
|
||||
verify_message.extend_from_slice(&transcript_hash).unwrap();
|
||||
|
||||
// Ed25519 requires a key-pair to sign
|
||||
// Get public key from certificate
|
||||
@ -1312,10 +1327,10 @@ impl<'a> Session<'a> {
|
||||
&keypair_bytes
|
||||
).unwrap();
|
||||
|
||||
use ed25519_dalek::Signer;
|
||||
let sig_vec = alloc::vec::Vec::from(
|
||||
ed25519_keypair
|
||||
.sign_prehashed(verify_hash, None)
|
||||
.unwrap()
|
||||
.sign(&verify_message)
|
||||
.as_ref()
|
||||
);
|
||||
|
||||
|
||||
18
src/tls.rs
18
src/tls.rs
@ -731,7 +731,7 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
|
||||
// Verify that the signature is indeed correct
|
||||
TlsState::WAIT_CV => {
|
||||
// Ensure that it is CertificateVerify
|
||||
// let might_be_cert_verify = handshake_vec.remove(0);
|
||||
log::info!("Got certificate verify");
|
||||
let might_be_cert_verify = repr.handshake.take().unwrap();
|
||||
if might_be_cert_verify.get_msg_type() != HandshakeType::CertificateVerify {
|
||||
// Process the other handshakes in "handshake_vec"
|
||||
@ -745,15 +745,19 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
|
||||
might_be_cert_verify.length + 4
|
||||
)(handshake_slice)
|
||||
.map_err(|_| Error::Unrecognized)?;
|
||||
log::info!("about to verify");
|
||||
|
||||
// Perform verification, update TLS state if successful
|
||||
let (sig_alg, signature) = might_be_cert_verify.get_signature().unwrap();
|
||||
self.session.borrow_mut()
|
||||
.client_update_for_wait_cv(
|
||||
cert_verify_slice,
|
||||
sig_alg,
|
||||
signature
|
||||
);
|
||||
log::info!("Got signature");
|
||||
{
|
||||
self.session.borrow_mut()
|
||||
.client_update_for_wait_cv(
|
||||
cert_verify_slice,
|
||||
sig_alg,
|
||||
signature
|
||||
);
|
||||
}
|
||||
log::info!("Received CV");
|
||||
},
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user