parser: certificate full impl
This commit is contained in:
parent
4b37146f96
commit
1261b36b8f
|
@ -12,7 +12,6 @@ num_enum = { version = "0.5.1", default-features = false }
|
|||
log = "0.4.11"
|
||||
generic-array = "0.14.4"
|
||||
heapless = "0.5.6"
|
||||
asn1_der = { version = "0.7.1", features = [ "native_types", "no_std" ] }
|
||||
|
||||
[dependencies.aes-gcm]
|
||||
version = "0.8.0"
|
||||
|
@ -59,6 +58,10 @@ features = []
|
|||
version = "1.11.0"
|
||||
optional = true
|
||||
|
||||
[dependencies.rand]
|
||||
version = "0.7.3"
|
||||
optional = true
|
||||
|
||||
[features]
|
||||
default = []
|
||||
std_logger = ["simple_logger"]
|
||||
std = [ "simple_logger", "rand" ]
|
71
src/main.rs
71
src/main.rs
|
@ -19,12 +19,11 @@ use sha2::{ Digest, Sha256, Sha384, Sha512 };
|
|||
use heapless::Vec;
|
||||
use hkdf::Hkdf;
|
||||
|
||||
use rand::rngs::OsRng;
|
||||
|
||||
use smoltcp_tls::key::*;
|
||||
use smoltcp_tls::buffer::TlsBuffer;
|
||||
|
||||
use smoltcp_tls::certificate::*;
|
||||
|
||||
use asn1_der::DerObject;
|
||||
use smoltcp_tls::parse::*;
|
||||
|
||||
struct CountingRng(u64);
|
||||
|
@ -79,54 +78,44 @@ fn main() {
|
|||
// tls_socket.tls_connect(&mut sockets).unwrap();
|
||||
simple_logger::SimpleLogger::new().init().unwrap();
|
||||
|
||||
// let (rest, result) = parse_asn1_der_extension(&KEY_USAGE).unwrap();
|
||||
// let (rest, result) = parse_asn1_der_certificate(&CERTIFICATE).unwrap();
|
||||
// println!(
|
||||
// "{:X?}\n{:X?}",
|
||||
// rest,
|
||||
// result
|
||||
// );
|
||||
use rsa::RSAPublicKey;
|
||||
use rsa::BigUint;
|
||||
use rsa::PaddingScheme;
|
||||
use rsa::Hash;
|
||||
use rsa::PublicKey;
|
||||
|
||||
// let (rest, result) = parse_asn1_der_extension(&EXTENDED_KEY_USAGE).unwrap();
|
||||
// println!(
|
||||
// "{:X?}\n{:X?}",
|
||||
// rest,
|
||||
// result
|
||||
// );
|
||||
let mut rng = OsRng;
|
||||
let public_key = RSAPublicKey::new(
|
||||
BigUint::from_bytes_be(&PUBLIC_KEY),
|
||||
BigUint::from_bytes_be(&[01, 00 ,01])
|
||||
).unwrap();
|
||||
println!("{:X?}", public_key);
|
||||
|
||||
// let (rest, result) = parse_asn1_der_extensions(&EXTENSIONS).unwrap();
|
||||
// println!(
|
||||
// "{:X?}\n{:X?}",
|
||||
// rest,
|
||||
// result
|
||||
// );
|
||||
let hash = sha2::Sha256::new().chain(&CERTIFICATE[4..(0x209+8)]).finalize();
|
||||
println!("Hash: {:X?}", hash);
|
||||
|
||||
let (rest, result) = parse_asn1_der_certificate(&CERTIFICATE).unwrap();
|
||||
println!(
|
||||
"{:X?}\n{:X?}",
|
||||
rest,
|
||||
result
|
||||
);
|
||||
let padding = PaddingScheme::new_pkcs1v15_sign(Some(Hash::SHA2_256));
|
||||
println!("Sig Verify: {:?}", public_key.verify(padding, &hash, &SIGNATURE));
|
||||
}
|
||||
|
||||
const CERT: [u8; 805] = [
|
||||
0x30, 0x82, 0x03, 0x21, 0x30, 0x82, 0x02, 0x09, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x15, 0x5a, 0x92, 0xad, 0xc2, 0x04, 0x8f, 0x90, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x22, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x45, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x38, 0x31, 0x30, 0x30, 0x35, 0x30, 0x31, 0x33, 0x38, 0x31, 0x37, 0x5a, 0x17, 0x0d, 0x31, 0x39, 0x31, 0x30, 0x30, 0x35, 0x30, 0x31, 0x33, 0x38, 0x31, 0x37, 0x5a, 0x30, 0x2b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x13, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x75, 0x6c, 0x66, 0x68, 0x65, 0x69, 0x6d, 0x2e, 0x6e, 0x65, 0x74, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc4, 0x80, 0x36, 0x06, 0xba, 0xe7, 0x47, 0x6b, 0x08, 0x94, 0x04, 0xec, 0xa7, 0xb6, 0x91, 0x04, 0x3f, 0xf7, 0x92, 0xbc, 0x19, 0xee, 0xfb, 0x7d, 0x74, 0xd7, 0xa8, 0x0d, 0x00, 0x1e, 0x7b, 0x4b, 0x3a, 0x4a, 0xe6, 0x0f, 0xe8, 0xc0, 0x71, 0xfc, 0x73, 0xe7, 0x02, 0x4c, 0x0d, 0xbc, 0xf4, 0xbd, 0xd1, 0x1d, 0x39, 0x6b, 0xba, 0x70, 0x46, 0x4a, 0x13, 0xe9, 0x4a, 0xf8, 0x3d, 0xf3, 0xe1, 0x09, 0x59, 0x54, 0x7b, 0xc9, 0x55, 0xfb, 0x41, 0x2d, 0xa3, 0x76, 0x52, 0x11, 0xe1, 0xf3, 0xdc, 0x77, 0x6c, 0xaa, 0x53, 0x37, 0x6e, 0xca, 0x3a, 0xec, 0xbe, 0xc3, 0xaa, 0xb7, 0x3b, 0x31, 0xd5, 0x6c, 0xb6, 0x52, 0x9c, 0x80, 0x98, 0xbc, 0xc9, 0xe0, 0x28, 0x18, 0xe2, 0x0b, 0xf7, 0xf8, 0xa0, 0x3a, 0xfd, 0x17, 0x04, 0x50, 0x9e, 0xce, 0x79, 0xbd, 0x9f, 0x39, 0xf1, 0xea, 0x69, 0xec, 0x47, 0x97, 0x2e, 0x83, 0x0f, 0xb5, 0xca, 0x95, 0xde, 0x95, 0xa1, 0xe6, 0x04, 0x22, 0xd5, 0xee, 0xbe, 0x52, 0x79, 0x54, 0xa1, 0xe7, 0xbf, 0x8a, 0x86, 0xf6, 0x46, 0x6d, 0x0d, 0x9f, 0x16, 0x95, 0x1a, 0x4c, 0xf7, 0xa0, 0x46, 0x92, 0x59, 0x5c, 0x13, 0x52, 0xf2, 0x54, 0x9e, 0x5a, 0xfb, 0x4e, 0xbf, 0xd7, 0x7a, 0x37, 0x95, 0x01, 0x44, 0xe4, 0xc0, 0x26, 0x87, 0x4c, 0x65, 0x3e, 0x40, 0x7d, 0x7d, 0x23, 0x07, 0x44, 0x01, 0xf4, 0x84, 0xff, 0xd0, 0x8f, 0x7a, 0x1f, 0xa0, 0x52, 0x10, 0xd1, 0xf4, 0xf0, 0xd5, 0xce, 0x79, 0x70, 0x29, 0x32, 0xe2, 0xca, 0xbe, 0x70, 0x1f, 0xdf, 0xad, 0x6b, 0x4b, 0xb7, 0x11, 0x01, 0xf4, 0x4b, 0xad, 0x66, 0x6a, 0x11, 0x13, 0x0f, 0xe2, 0xee, 0x82, 0x9e, 0x4d, 0x02, 0x9d, 0xc9, 0x1c, 0xdd, 0x67, 0x16, 0xdb, 0xb9, 0x06, 0x18, 0x86, 0xed, 0xc1, 0xba, 0x94, 0x21, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x52, 0x30, 0x50, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x05, 0xa0, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x89, 0x4f, 0xde, 0x5b, 0xcc, 0x69, 0xe2, 0x52, 0xcf, 0x3e, 0xa3, 0x00, 0xdf, 0xb1, 0x97, 0xb8, 0x1d, 0xe1, 0xc1, 0x46, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x59, 0x16, 0x45, 0xa6, 0x9a, 0x2e, 0x37, 0x79, 0xe4, 0xf6, 0xdd, 0x27, 0x1a, 0xba, 0x1c, 0x0b, 0xfd, 0x6c, 0xd7, 0x55, 0x99, 0xb5, 0xe7, 0xc3, 0x6e, 0x53, 0x3e, 0xff, 0x36, 0x59, 0x08, 0x43, 0x24, 0xc9, 0xe7, 0xa5, 0x04, 0x07, 0x9d, 0x39, 0xe0, 0xd4, 0x29, 0x87, 0xff, 0xe3, 0xeb, 0xdd, 0x09, 0xc1, 0xcf, 0x1d, 0x91, 0x44, 0x55, 0x87, 0x0b, 0x57, 0x1d, 0xd1, 0x9b, 0xdf, 0x1d, 0x24, 0xf8, 0xbb, 0x9a, 0x11, 0xfe, 0x80, 0xfd, 0x59, 0x2b, 0xa0, 0x39, 0x8c, 0xde, 0x11, 0xe2, 0x65, 0x1e, 0x61, 0x8c, 0xe5, 0x98, 0xfa, 0x96, 0xe5, 0x37, 0x2e, 0xef, 0x3d, 0x24, 0x8a, 0xfd, 0xe1, 0x74, 0x63, 0xeb, 0xbf, 0xab, 0xb8, 0xe4, 0xd1, 0xab, 0x50, 0x2a, 0x54, 0xec, 0x00, 0x64, 0xe9, 0x2f, 0x78, 0x19, 0x66, 0x0d, 0x3f, 0x27, 0xcf, 0x20, 0x9e, 0x66, 0x7f, 0xce, 0x5a, 0xe2, 0xe4, 0xac, 0x99, 0xc7, 0xc9, 0x38, 0x18, 0xf8, 0xb2, 0x51, 0x07, 0x22, 0xdf, 0xed, 0x97, 0xf3, 0x2e, 0x3e, 0x93, 0x49, 0xd4, 0xc6, 0x6c, 0x9e, 0xa6, 0x39, 0x6d, 0x74, 0x44, 0x62, 0xa0, 0x6b, 0x42, 0xc6, 0xd5, 0xba, 0x68, 0x8e, 0xac, 0x3a, 0x01, 0x7b, 0xdd, 0xfc, 0x8e, 0x2c, 0xfc, 0xad, 0x27, 0xcb, 0x69, 0xd3, 0xcc, 0xdc, 0xa2, 0x80, 0x41, 0x44, 0x65, 0xd3, 0xae, 0x34, 0x8c, 0xe0, 0xf3, 0x4a, 0xb2, 0xfb, 0x9c, 0x61, 0x83, 0x71, 0x31, 0x2b, 0x19, 0x10, 0x41, 0x64, 0x1c, 0x23, 0x7f, 0x11, 0xa5, 0xd6, 0x5c, 0x84, 0x4f, 0x04, 0x04, 0x84, 0x99, 0x38, 0x71, 0x2b, 0x95, 0x9e, 0xd6, 0x85, 0xbc, 0x5c, 0x5d, 0xd6, 0x45, 0xed, 0x19, 0x90, 0x94, 0x73, 0x40, 0x29, 0x26, 0xdc, 0xb4, 0x0e, 0x34, 0x69, 0xa1, 0x59, 0x41, 0xe8, 0xe2, 0xcc, 0xa8, 0x4b, 0xb6, 0x08, 0x46, 0x36, 0xa0
|
||||
];
|
||||
|
||||
const KEY_USAGE: [u8; 16] = [
|
||||
0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x05, 0xa0
|
||||
];
|
||||
|
||||
const EXTENDED_KEY_USAGE: [u8; 31] = [
|
||||
0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04,
|
||||
0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01,
|
||||
0x05, 0x05, 0x07, 0x03, 0x02, 0x06, 0x08, 0x2b,
|
||||
0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01
|
||||
];
|
||||
|
||||
const EXTENSIONS: [u8; 360] = [
|
||||
0xa3, 0x52, 0x30, 0x50, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x05, 0xa0, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x89, 0x4f, 0xde, 0x5b, 0xcc, 0x69, 0xe2, 0x52, 0xcf, 0x3e, 0xa3, 0x00, 0xdf, 0xb1, 0x97, 0xb8, 0x1d, 0xe1, 0xc1, 0x46, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x59, 0x16, 0x45, 0xa6, 0x9a, 0x2e, 0x37, 0x79, 0xe4, 0xf6, 0xdd, 0x27, 0x1a, 0xba, 0x1c, 0x0b, 0xfd, 0x6c, 0xd7, 0x55, 0x99, 0xb5, 0xe7, 0xc3, 0x6e, 0x53, 0x3e, 0xff, 0x36, 0x59, 0x08, 0x43, 0x24, 0xc9, 0xe7, 0xa5, 0x04, 0x07, 0x9d, 0x39, 0xe0, 0xd4, 0x29, 0x87, 0xff, 0xe3, 0xeb, 0xdd, 0x09, 0xc1, 0xcf, 0x1d, 0x91, 0x44, 0x55, 0x87, 0x0b, 0x57, 0x1d, 0xd1, 0x9b, 0xdf, 0x1d, 0x24, 0xf8, 0xbb, 0x9a, 0x11, 0xfe, 0x80, 0xfd, 0x59, 0x2b, 0xa0, 0x39, 0x8c, 0xde, 0x11, 0xe2, 0x65, 0x1e, 0x61, 0x8c, 0xe5, 0x98, 0xfa, 0x96, 0xe5, 0x37, 0x2e, 0xef, 0x3d, 0x24, 0x8a, 0xfd, 0xe1, 0x74, 0x63, 0xeb, 0xbf, 0xab, 0xb8, 0xe4, 0xd1, 0xab, 0x50, 0x2a, 0x54, 0xec, 0x00, 0x64, 0xe9, 0x2f, 0x78, 0x19, 0x66, 0x0d, 0x3f, 0x27, 0xcf, 0x20, 0x9e, 0x66, 0x7f, 0xce, 0x5a, 0xe2, 0xe4, 0xac, 0x99, 0xc7, 0xc9, 0x38, 0x18, 0xf8, 0xb2, 0x51, 0x07, 0x22, 0xdf, 0xed, 0x97, 0xf3, 0x2e, 0x3e, 0x93, 0x49, 0xd4, 0xc6, 0x6c, 0x9e, 0xa6, 0x39, 0x6d, 0x74, 0x44, 0x62, 0xa0, 0x6b, 0x42, 0xc6, 0xd5, 0xba, 0x68, 0x8e, 0xac, 0x3a, 0x01, 0x7b, 0xdd, 0xfc, 0x8e, 0x2c, 0xfc, 0xad, 0x27, 0xcb, 0x69, 0xd3, 0xcc, 0xdc, 0xa2, 0x80, 0x41, 0x44, 0x65, 0xd3, 0xae, 0x34, 0x8c, 0xe0, 0xf3, 0x4a, 0xb2, 0xfb, 0x9c, 0x61, 0x83, 0x71, 0x31, 0x2b, 0x19, 0x10, 0x41, 0x64, 0x1c, 0x23, 0x7f, 0x11, 0xa5, 0xd6, 0x5c, 0x84, 0x4f, 0x04, 0x04, 0x84, 0x99, 0x38, 0x71, 0x2b, 0x95, 0x9e, 0xd6, 0x85, 0xbc, 0x5c, 0x5d, 0xd6, 0x45, 0xed, 0x19, 0x90, 0x94, 0x73, 0x40, 0x29, 0x26, 0xdc, 0xb4, 0x0e, 0x34, 0x69, 0xa1, 0x59, 0x41, 0xe8, 0xe2, 0xcc, 0xa8, 0x4b, 0xb6, 0x08, 0x46, 0x36, 0xa0
|
||||
];
|
||||
|
||||
const CERTIFICATE: [u8; 0x325] = [
|
||||
0x30, 0x82, 0x03, 0x21, 0x30, 0x82, 0x02, 0x09, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x15, 0x5a, 0x92, 0xad, 0xc2, 0x04, 0x8f, 0x90, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x22, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x45, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x38, 0x31, 0x30, 0x30, 0x35, 0x30, 0x31, 0x33, 0x38, 0x31, 0x37, 0x5a, 0x17, 0x0d, 0x31, 0x39, 0x31, 0x30, 0x30, 0x35, 0x30, 0x31, 0x33, 0x38, 0x31, 0x37, 0x5a, 0x30, 0x2b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x13, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x75, 0x6c, 0x66, 0x68, 0x65, 0x69, 0x6d, 0x2e, 0x6e, 0x65, 0x74, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc4, 0x80, 0x36, 0x06, 0xba, 0xe7, 0x47, 0x6b, 0x08, 0x94, 0x04, 0xec, 0xa7, 0xb6, 0x91, 0x04, 0x3f, 0xf7, 0x92, 0xbc, 0x19, 0xee, 0xfb, 0x7d, 0x74, 0xd7, 0xa8, 0x0d, 0x00, 0x1e, 0x7b, 0x4b, 0x3a, 0x4a, 0xe6, 0x0f, 0xe8, 0xc0, 0x71, 0xfc, 0x73, 0xe7, 0x02, 0x4c, 0x0d, 0xbc, 0xf4, 0xbd, 0xd1, 0x1d, 0x39, 0x6b, 0xba, 0x70, 0x46, 0x4a, 0x13, 0xe9, 0x4a, 0xf8, 0x3d, 0xf3, 0xe1, 0x09, 0x59, 0x54, 0x7b, 0xc9, 0x55, 0xfb, 0x41, 0x2d, 0xa3, 0x76, 0x52, 0x11, 0xe1, 0xf3, 0xdc, 0x77, 0x6c, 0xaa, 0x53, 0x37, 0x6e, 0xca, 0x3a, 0xec, 0xbe, 0xc3, 0xaa, 0xb7, 0x3b, 0x31, 0xd5, 0x6c, 0xb6, 0x52, 0x9c, 0x80, 0x98, 0xbc, 0xc9, 0xe0, 0x28, 0x18, 0xe2, 0x0b, 0xf7, 0xf8, 0xa0, 0x3a, 0xfd, 0x17, 0x04, 0x50, 0x9e, 0xce, 0x79, 0xbd, 0x9f, 0x39, 0xf1, 0xea, 0x69, 0xec, 0x47, 0x97, 0x2e, 0x83, 0x0f, 0xb5, 0xca, 0x95, 0xde, 0x95, 0xa1, 0xe6, 0x04, 0x22, 0xd5, 0xee, 0xbe, 0x52, 0x79, 0x54, 0xa1, 0xe7, 0xbf, 0x8a, 0x86, 0xf6, 0x46, 0x6d, 0x0d, 0x9f, 0x16, 0x95, 0x1a, 0x4c, 0xf7, 0xa0, 0x46, 0x92, 0x59, 0x5c, 0x13, 0x52, 0xf2, 0x54, 0x9e, 0x5a, 0xfb, 0x4e, 0xbf, 0xd7, 0x7a, 0x37, 0x95, 0x01, 0x44, 0xe4, 0xc0, 0x26, 0x87, 0x4c, 0x65, 0x3e, 0x40, 0x7d, 0x7d, 0x23, 0x07, 0x44, 0x01, 0xf4, 0x84, 0xff, 0xd0, 0x8f, 0x7a, 0x1f, 0xa0, 0x52, 0x10, 0xd1, 0xf4, 0xf0, 0xd5, 0xce, 0x79, 0x70, 0x29, 0x32, 0xe2, 0xca, 0xbe, 0x70, 0x1f, 0xdf, 0xad, 0x6b, 0x4b, 0xb7, 0x11, 0x01, 0xf4, 0x4b, 0xad, 0x66, 0x6a, 0x11, 0x13, 0x0f, 0xe2, 0xee, 0x82, 0x9e, 0x4d, 0x02, 0x9d, 0xc9, 0x1c, 0xdd, 0x67, 0x16, 0xdb, 0xb9, 0x06, 0x18, 0x86, 0xed, 0xc1, 0xba, 0x94, 0x21, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x52, 0x30, 0x50, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x05, 0xa0, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x89, 0x4f, 0xde, 0x5b, 0xcc, 0x69, 0xe2, 0x52, 0xcf, 0x3e, 0xa3, 0x00, 0xdf, 0xb1, 0x97, 0xb8, 0x1d, 0xe1, 0xc1, 0x46, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x59, 0x16, 0x45, 0xa6, 0x9a, 0x2e, 0x37, 0x79, 0xe4, 0xf6, 0xdd, 0x27, 0x1a, 0xba, 0x1c, 0x0b, 0xfd, 0x6c, 0xd7, 0x55, 0x99, 0xb5, 0xe7, 0xc3, 0x6e, 0x53, 0x3e, 0xff, 0x36, 0x59, 0x08, 0x43, 0x24, 0xc9, 0xe7, 0xa5, 0x04, 0x07, 0x9d, 0x39, 0xe0, 0xd4, 0x29, 0x87, 0xff, 0xe3, 0xeb, 0xdd, 0x09, 0xc1, 0xcf, 0x1d, 0x91, 0x44, 0x55, 0x87, 0x0b, 0x57, 0x1d, 0xd1, 0x9b, 0xdf, 0x1d, 0x24, 0xf8, 0xbb, 0x9a, 0x11, 0xfe, 0x80, 0xfd, 0x59, 0x2b, 0xa0, 0x39, 0x8c, 0xde, 0x11, 0xe2, 0x65, 0x1e, 0x61, 0x8c, 0xe5, 0x98, 0xfa, 0x96, 0xe5, 0x37, 0x2e, 0xef, 0x3d, 0x24, 0x8a, 0xfd, 0xe1, 0x74, 0x63, 0xeb, 0xbf, 0xab, 0xb8, 0xe4, 0xd1, 0xab, 0x50, 0x2a, 0x54, 0xec, 0x00, 0x64, 0xe9, 0x2f, 0x78, 0x19, 0x66, 0x0d, 0x3f, 0x27, 0xcf, 0x20, 0x9e, 0x66, 0x7f, 0xce, 0x5a, 0xe2, 0xe4, 0xac, 0x99, 0xc7, 0xc9, 0x38, 0x18, 0xf8, 0xb2, 0x51, 0x07, 0x22, 0xdf, 0xed, 0x97, 0xf3, 0x2e, 0x3e, 0x93, 0x49, 0xd4, 0xc6, 0x6c, 0x9e, 0xa6, 0x39, 0x6d, 0x74, 0x44, 0x62, 0xa0, 0x6b, 0x42, 0xc6, 0xd5, 0xba, 0x68, 0x8e, 0xac, 0x3a, 0x01, 0x7b, 0xdd, 0xfc, 0x8e, 0x2c, 0xfc, 0xad, 0x27, 0xcb, 0x69, 0xd3, 0xcc, 0xdc, 0xa2, 0x80, 0x41, 0x44, 0x65, 0xd3, 0xae, 0x34, 0x8c, 0xe0, 0xf3, 0x4a, 0xb2, 0xfb, 0x9c, 0x61, 0x83, 0x71, 0x31, 0x2b, 0x19, 0x10, 0x41, 0x64, 0x1c, 0x23, 0x7f, 0x11, 0xa5, 0xd6, 0x5c, 0x84, 0x4f, 0x04, 0x04, 0x84, 0x99, 0x38, 0x71, 0x2b, 0x95, 0x9e, 0xd6, 0x85, 0xbc, 0x5c, 0x5d, 0xd6, 0x45, 0xed, 0x19, 0x90, 0x94, 0x73, 0x40, 0x29, 0x26, 0xdc, 0xb4, 0x0e, 0x34, 0x69, 0xa1, 0x59, 0x41, 0xe8, 0xe2, 0xcc, 0xa8, 0x4b, 0xb6, 0x08, 0x46, 0x36, 0xa0
|
||||
];
|
||||
|
||||
const PUBLIC_KEY: [u8; 256] = [
|
||||
0xc4, 0x80, 0x36, 0x06, 0xba, 0xe7, 0x47, 0x6b, 0x08, 0x94, 0x04, 0xec, 0xa7, 0xb6, 0x91, 0x04, 0x3f, 0xf7, 0x92, 0xbc, 0x19, 0xee, 0xfb, 0x7d, 0x74, 0xd7, 0xa8, 0x0d, 0x00, 0x1e, 0x7b, 0x4b, 0x3a, 0x4a, 0xe6, 0x0f, 0xe8, 0xc0, 0x71, 0xfc, 0x73, 0xe7, 0x02, 0x4c, 0x0d, 0xbc, 0xf4, 0xbd, 0xd1, 0x1d, 0x39, 0x6b, 0xba, 0x70, 0x46, 0x4a, 0x13, 0xe9, 0x4a, 0xf8, 0x3d, 0xf3, 0xe1, 0x09, 0x59, 0x54, 0x7b, 0xc9, 0x55, 0xfb, 0x41, 0x2d, 0xa3, 0x76, 0x52, 0x11, 0xe1, 0xf3, 0xdc, 0x77, 0x6c, 0xaa, 0x53, 0x37, 0x6e, 0xca, 0x3a, 0xec, 0xbe, 0xc3, 0xaa, 0xb7, 0x3b, 0x31, 0xd5, 0x6c, 0xb6, 0x52, 0x9c, 0x80, 0x98, 0xbc, 0xc9, 0xe0, 0x28, 0x18, 0xe2, 0x0b, 0xf7, 0xf8, 0xa0, 0x3a, 0xfd, 0x17, 0x04, 0x50, 0x9e, 0xce, 0x79, 0xbd, 0x9f, 0x39, 0xf1, 0xea, 0x69, 0xec, 0x47, 0x97, 0x2e, 0x83, 0x0f, 0xb5, 0xca, 0x95, 0xde, 0x95, 0xa1, 0xe6, 0x04, 0x22, 0xd5, 0xee, 0xbe, 0x52, 0x79, 0x54, 0xa1, 0xe7, 0xbf, 0x8a, 0x86, 0xf6, 0x46, 0x6d, 0x0d, 0x9f, 0x16, 0x95, 0x1a, 0x4c, 0xf7, 0xa0, 0x46, 0x92, 0x59, 0x5c, 0x13, 0x52, 0xf2, 0x54, 0x9e, 0x5a, 0xfb, 0x4e, 0xbf, 0xd7, 0x7a, 0x37, 0x95, 0x01, 0x44, 0xe4, 0xc0, 0x26, 0x87, 0x4c, 0x65, 0x3e, 0x40, 0x7d, 0x7d, 0x23, 0x07, 0x44, 0x01, 0xf4, 0x84, 0xff, 0xd0, 0x8f, 0x7a, 0x1f, 0xa0, 0x52, 0x10, 0xd1, 0xf4, 0xf0, 0xd5, 0xce, 0x79, 0x70, 0x29, 0x32, 0xe2, 0xca, 0xbe, 0x70, 0x1f, 0xdf, 0xad, 0x6b, 0x4b, 0xb7, 0x11, 0x01, 0xf4, 0x4b, 0xad, 0x66, 0x6a, 0x11, 0x13, 0x0f, 0xe2, 0xee, 0x82, 0x9e, 0x4d, 0x02, 0x9d, 0xc9, 0x1c, 0xdd, 0x67, 0x16, 0xdb, 0xb9, 0x06, 0x18, 0x86, 0xed, 0xc1, 0xba, 0x94, 0x21
|
||||
];
|
||||
|
||||
const SIGNATURE: [u8; 256] = [
|
||||
0x59, 0x16, 0x45, 0xa6, 0x9a, 0x2e, 0x37, 0x79, 0xe4, 0xf6, 0xdd, 0x27, 0x1a, 0xba, 0x1c, 0x0b, 0xfd, 0x6c, 0xd7, 0x55, 0x99, 0xb5, 0xe7, 0xc3, 0x6e, 0x53, 0x3e, 0xff, 0x36, 0x59, 0x08, 0x43, 0x24, 0xc9, 0xe7, 0xa5, 0x04, 0x07, 0x9d, 0x39, 0xe0, 0xd4, 0x29, 0x87, 0xff, 0xe3, 0xeb, 0xdd, 0x09, 0xc1, 0xcf, 0x1d, 0x91, 0x44, 0x55, 0x87, 0x0b, 0x57, 0x1d, 0xd1, 0x9b, 0xdf, 0x1d, 0x24, 0xf8, 0xbb, 0x9a, 0x11, 0xfe, 0x80, 0xfd, 0x59, 0x2b, 0xa0, 0x39, 0x8c, 0xde, 0x11, 0xe2, 0x65, 0x1e, 0x61, 0x8c, 0xe5, 0x98, 0xfa, 0x96, 0xe5, 0x37, 0x2e, 0xef, 0x3d, 0x24, 0x8a, 0xfd, 0xe1, 0x74, 0x63, 0xeb, 0xbf, 0xab, 0xb8, 0xe4, 0xd1, 0xab, 0x50, 0x2a, 0x54, 0xec, 0x00, 0x64, 0xe9, 0x2f, 0x78, 0x19, 0x66, 0x0d, 0x3f, 0x27, 0xcf, 0x20, 0x9e, 0x66, 0x7f, 0xce, 0x5a, 0xe2, 0xe4, 0xac, 0x99, 0xc7, 0xc9, 0x38, 0x18, 0xf8, 0xb2, 0x51, 0x07, 0x22, 0xdf, 0xed, 0x97, 0xf3, 0x2e, 0x3e, 0x93, 0x49, 0xd4, 0xc6, 0x6c, 0x9e, 0xa6, 0x39, 0x6d, 0x74, 0x44, 0x62, 0xa0, 0x6b, 0x42, 0xc6, 0xd5, 0xba, 0x68, 0x8e, 0xac, 0x3a, 0x01, 0x7b, 0xdd, 0xfc, 0x8e, 0x2c, 0xfc, 0xad, 0x27, 0xcb, 0x69, 0xd3, 0xcc, 0xdc, 0xa2, 0x80, 0x41, 0x44, 0x65, 0xd3, 0xae, 0x34, 0x8c, 0xe0, 0xf3, 0x4a, 0xb2, 0xfb, 0x9c, 0x61, 0x83, 0x71, 0x31, 0x2b, 0x19, 0x10, 0x41, 0x64, 0x1c, 0x23, 0x7f, 0x11, 0xa5, 0xd6, 0x5c, 0x84, 0x4f, 0x04, 0x04, 0x84, 0x99, 0x38, 0x71, 0x2b, 0x95, 0x9e, 0xd6, 0x85, 0xbc, 0x5c, 0x5d, 0xd6, 0x45, 0xed, 0x19, 0x90, 0x94, 0x73, 0x40, 0x29, 0x26, 0xdc, 0xb4, 0x0e, 0x34, 0x69, 0xa1, 0x59, 0x41, 0xe8, 0xe2, 0xcc, 0xa8, 0x4b, 0xb6, 0x08, 0x46, 0x36, 0xa0
|
||||
];
|
||||
|
||||
const VERIFY_SIGNATURE: [u8; 256] = [
|
||||
0x17, 0xfe, 0xb5, 0x33, 0xca, 0x6d, 0x00, 0x7d, 0x00, 0x58, 0x25, 0x79, 0x68, 0x42, 0x4b, 0xbc, 0x3a, 0xa6, 0x90, 0x9e, 0x9d, 0x49, 0x55, 0x75, 0x76, 0xa5, 0x20, 0xe0, 0x4a, 0x5e, 0xf0, 0x5f, 0x0e, 0x86, 0xd2, 0x4f, 0xf4, 0x3f, 0x8e, 0xb8, 0x61, 0xee, 0xf5, 0x95, 0x22, 0x8d, 0x70, 0x32, 0xaa, 0x36, 0x0f, 0x71, 0x4e, 0x66, 0x74, 0x13, 0x92, 0x6e, 0xf4, 0xf8, 0xb5, 0x80, 0x3b, 0x69, 0xe3, 0x55, 0x19, 0xe3, 0xb2, 0x3f, 0x43, 0x73, 0xdf, 0xac, 0x67, 0x87, 0x06, 0x6d, 0xcb, 0x47, 0x56, 0xb5, 0x45, 0x60, 0xe0, 0x88, 0x6e, 0x9b, 0x96, 0x2c, 0x4a, 0xd2, 0x8d, 0xab, 0x26, 0xba, 0xd1, 0xab, 0xc2, 0x59, 0x16, 0xb0, 0x9a, 0xf2, 0x86, 0x53, 0x7f, 0x68, 0x4f, 0x80, 0x8a, 0xef, 0xee, 0x73, 0x04, 0x6c, 0xb7, 0xdf, 0x0a, 0x84, 0xfb, 0xb5, 0x96, 0x7a, 0xca, 0x13, 0x1f, 0x4b, 0x1c, 0xf3, 0x89, 0x79, 0x94, 0x03, 0xa3, 0x0c, 0x02, 0xd2, 0x9c, 0xbd, 0xad, 0xb7, 0x25, 0x12, 0xdb, 0x9c, 0xec, 0x2e, 0x5e, 0x1d, 0x00, 0xe5, 0x0c, 0xaf, 0xcf, 0x6f, 0x21, 0x09, 0x1e, 0xbc, 0x4f, 0x25, 0x3c, 0x5e, 0xab, 0x01, 0xa6, 0x79, 0xba, 0xea, 0xbe, 0xed, 0xb9, 0xc9, 0x61, 0x8f, 0x66, 0x00, 0x6b, 0x82, 0x44, 0xd6, 0x62, 0x2a, 0xaa, 0x56, 0x88, 0x7c, 0xcf, 0xc6, 0x6a, 0x0f, 0x38, 0x51, 0xdf, 0xa1, 0x3a, 0x78, 0xcf, 0xf7, 0x99, 0x1e, 0x03, 0xcb, 0x2c, 0x3a, 0x0e, 0xd8, 0x7d, 0x73, 0x67, 0x36, 0x2e, 0xb7, 0x80, 0x5b, 0x00, 0xb2, 0x52, 0x4f, 0xf2, 0x98, 0xa4, 0xda, 0x48, 0x7c, 0xac, 0xde, 0xaf, 0x8a, 0x23, 0x36, 0xc5, 0x63, 0x1b, 0x3e, 0xfa, 0x93, 0x5b, 0xb4, 0x11, 0xe7, 0x53, 0xca, 0x13, 0xb0, 0x15, 0xfe, 0xc7, 0xe4, 0xa7, 0x30, 0xf1, 0x36, 0x9f, 0x9e
|
||||
];
|
||||
|
|
169
src/parse.rs
169
src/parse.rs
|
@ -32,12 +32,6 @@ use crate::certificate::{
|
|||
use core::convert::TryFrom;
|
||||
use core::convert::TryInto;
|
||||
|
||||
use asn1_der::{
|
||||
DerObject,
|
||||
typed::{ DerEncodable, DerDecodable },
|
||||
Asn1DerError,
|
||||
};
|
||||
|
||||
use alloc::vec::Vec;
|
||||
|
||||
pub(crate) fn parse_tls_repr(bytes: &[u8]) -> IResult<&[u8], TlsRepr> {
|
||||
|
@ -80,6 +74,40 @@ pub(crate) fn parse_tls_repr(bytes: &[u8]) -> IResult<&[u8], TlsRepr> {
|
|||
Ok((rest, repr))
|
||||
}
|
||||
|
||||
// Convert TlsInnerPlainText in RFC 8446 into Handshake
|
||||
// Diff from regular handshake:
|
||||
// 1. Handshake can coalesced into a larger TLS record
|
||||
// 2. Content type and zero paddings at the end
|
||||
pub(crate) fn parse_inner_plaintext_for_handshake(bytes: &[u8]) -> IResult<&[u8], Vec<HandshakeRepr>> {
|
||||
let mut remaining_bytes = bytes;
|
||||
let mut handshake_vec: Vec<HandshakeRepr> = Vec::new();
|
||||
|
||||
while true {
|
||||
// Perform check on the number of remaining bytes
|
||||
// Case 1: At most 4 bytes left, then that must be the content type of the TLS record
|
||||
// Assert that it is indeed handshake (0x16)
|
||||
// Case 2: More than 4 byte left, then that must either be
|
||||
// 2.1: Another handshake representation
|
||||
// 2.2: Content type | Zero padding, which can be detected by 0 length
|
||||
if remaining_bytes.len() <= 4 ||
|
||||
NetworkEndian::read_u24(&remaining_bytes[1..4]) == 0 {
|
||||
complete(
|
||||
preceded(
|
||||
tag(&[0x16]),
|
||||
take_till(|byte| byte != 0x00)
|
||||
)
|
||||
)(remaining_bytes)?;
|
||||
return Ok((&[], handshake_vec));
|
||||
}
|
||||
|
||||
let (rem, handshake_repr) = parse_handshake(remaining_bytes)?;
|
||||
remaining_bytes = rem;
|
||||
handshake_vec.push(handshake_repr);
|
||||
}
|
||||
|
||||
unreachable!()
|
||||
}
|
||||
|
||||
// TODO: Redo EE
|
||||
// Not very appropriate to classify EE as proper handshake
|
||||
// It may include multiple handshakes
|
||||
|
@ -106,31 +134,26 @@ pub(crate) fn parse_handshake(bytes: &[u8]) -> IResult<&[u8], HandshakeRepr> {
|
|||
Ok((rest, repr))
|
||||
},
|
||||
EncryptedExtensions => {
|
||||
// Split data into EE and the last TLS content byte
|
||||
let (tls_content_byte, ee_data) = take(repr.length)(rest)?;
|
||||
|
||||
// Process TLS content byte.
|
||||
complete(
|
||||
tag(&[0x16])
|
||||
)(tls_content_byte)?;
|
||||
|
||||
// Process EE
|
||||
let (rest, handshake_data) = parse_encrypted_extensions(
|
||||
ee_data
|
||||
rest
|
||||
)?;
|
||||
repr.handshake_data = HandshakeData::EncryptedExtensions(
|
||||
handshake_data
|
||||
);
|
||||
|
||||
// Verify that all bytes are comsumed
|
||||
complete(
|
||||
take(0_usize)
|
||||
)(rest)?;
|
||||
|
||||
Ok((&[], repr))
|
||||
Ok((rest, repr))
|
||||
},
|
||||
Certificate => {
|
||||
todo!()
|
||||
// Process Certificate
|
||||
let (rest, handshake_data) = parse_handshake_certificate(
|
||||
rest
|
||||
)?;
|
||||
repr.handshake_data = HandshakeData::Certificate(
|
||||
handshake_data
|
||||
);
|
||||
|
||||
Ok((rest, repr))
|
||||
}
|
||||
_ => todo!()
|
||||
}
|
||||
|
@ -227,17 +250,107 @@ fn parse_encrypted_extensions(bytes: &[u8]) -> IResult<&[u8], EncryptedExtension
|
|||
|
||||
// Force completeness. The entire slice is meant to be processed.
|
||||
complete(
|
||||
preceded(
|
||||
take(0_usize),
|
||||
// There may be zeroes beyond the content_type
|
||||
// Take "0" out until no more chaining zeros are found
|
||||
take_till(|byte| byte == 0)
|
||||
)
|
||||
take(0_usize)
|
||||
)(rest)?;
|
||||
|
||||
Ok((rest, encrypted_extensions))
|
||||
}
|
||||
|
||||
fn parse_handshake_certificate(bytes: &[u8]) -> IResult<&[u8], Certificate> {
|
||||
let (rest, certificate_request_context_length) = take(1_usize)(bytes)?;
|
||||
let certificate_request_context_length = certificate_request_context_length[0];
|
||||
|
||||
let (rest, certificate_request_context) = take(
|
||||
certificate_request_context_length
|
||||
)(rest)?;
|
||||
|
||||
let (mut rest, certificate_list_length) = take(3_usize)(rest)?;
|
||||
let certificate_list_length = NetworkEndian::read_u24(certificate_list_length);
|
||||
|
||||
let mut certificate_struct = Certificate {
|
||||
certificate_request_context_length,
|
||||
certificate_request_context,
|
||||
certificate_list_length,
|
||||
certificate_list: Vec::new()
|
||||
};
|
||||
|
||||
let mut certificate_list_length_counter: i32 = i32::try_from(certificate_list_length).unwrap();
|
||||
while certificate_list_length_counter > 0 {
|
||||
let (rem, (certificate_entry_length, certificate_entry)) =
|
||||
parse_handshake_certificate_entry(rest)?;
|
||||
|
||||
certificate_list_length_counter -= i32::try_from(certificate_entry_length).unwrap();
|
||||
rest = rem;
|
||||
certificate_struct.certificate_list.push(certificate_entry);
|
||||
}
|
||||
|
||||
Ok((
|
||||
rest,
|
||||
certificate_struct
|
||||
))
|
||||
|
||||
}
|
||||
|
||||
fn parse_handshake_certificate_entry(bytes: &[u8]) -> IResult<&[u8], (u32, CertificateEntry)> {
|
||||
let (rest, (cert_entry_info_size, cert_entry_info)) =
|
||||
parse_handshake_certificate_entry_info(bytes)?;
|
||||
|
||||
let (mut rest, extensions_length) = take(2_usize)(rest)?;
|
||||
let extensions_length = NetworkEndian::read_u16(extensions_length);
|
||||
|
||||
let mut extension_vec: Vec<Extension> = Vec::new();
|
||||
let mut extension_length_counter: i32 = extensions_length.into();
|
||||
while extension_length_counter > 0 {
|
||||
let (rem, extension) = parse_extension(rest, HandshakeType::ServerHello)?;
|
||||
rest = rem;
|
||||
extension_length_counter -= i32::try_from(extension.get_length()).unwrap();
|
||||
|
||||
// Todo:: Proper error
|
||||
if extension_length_counter < 0 {
|
||||
todo!()
|
||||
}
|
||||
|
||||
extension_vec.push(extension);
|
||||
}
|
||||
|
||||
Ok((
|
||||
rest,
|
||||
(
|
||||
u32::try_from(extensions_length).unwrap() + 2 + cert_entry_info_size,
|
||||
CertificateEntry {
|
||||
certificate_entry_info: cert_entry_info,
|
||||
extensions_length,
|
||||
extensions: extension_vec
|
||||
}
|
||||
)
|
||||
))
|
||||
}
|
||||
|
||||
fn parse_handshake_certificate_entry_info(bytes: &[u8]) -> IResult<&[u8], (u32, CertificateEntryInfo)> {
|
||||
// Only supports X.509 certificate
|
||||
// No negotiation for other certificate types in prior
|
||||
let (rest, cert_data_length) = take(3_usize)(bytes)?;
|
||||
let cert_data_length = NetworkEndian::read_u24(cert_data_length);
|
||||
|
||||
// Take the portion of bytes indicated by cert_data_length, and parse as
|
||||
// X509 certificate.
|
||||
let (rest, cert_data) = take(cert_data_length)(rest)?;
|
||||
let (_, cert_data) = complete(
|
||||
parse_asn1_der_certificate
|
||||
)(cert_data)?;
|
||||
|
||||
Ok((
|
||||
rest,
|
||||
(
|
||||
cert_data_length + 3,
|
||||
CertificateEntryInfo::X509 {
|
||||
cert_data_length,
|
||||
cert_data
|
||||
}
|
||||
)
|
||||
))
|
||||
}
|
||||
|
||||
fn parse_extension(bytes: &[u8], handshake_type: HandshakeType) -> IResult<&[u8], Extension> {
|
||||
let extension_type = take(2_usize);
|
||||
let length = take(2_usize);
|
||||
|
|
|
@ -429,6 +429,10 @@ impl Session {
|
|||
self.state = TlsState::WAIT_CERT_CR;
|
||||
}
|
||||
|
||||
pub(crate) fn client_update_for_wait_cert_cr(&mut self) {
|
||||
self.state = TlsState::WAIT_CV;
|
||||
}
|
||||
|
||||
pub(crate) fn verify_session_id_echo(&self, session_id_echo: &[u8]) -> bool {
|
||||
if let Some(session_id_inner) = self.session_id {
|
||||
session_id_inner == session_id_echo
|
||||
|
|
52
src/tls.rs
52
src/tls.rs
|
@ -34,7 +34,7 @@ use alloc::vec::{ self, Vec };
|
|||
|
||||
use crate::Error as TlsError;
|
||||
use crate::tls_packet::*;
|
||||
use crate::parse::{ parse_tls_repr, parse_handshake };
|
||||
use crate::parse::{ parse_tls_repr, parse_handshake, parse_inner_plaintext_for_handshake };
|
||||
use crate::buffer::TlsBuffer;
|
||||
use crate::session::{Session, TlsRole};
|
||||
|
||||
|
@ -164,6 +164,10 @@ impl<R: RngCore + CryptoRng> TlsSocket<R> {
|
|||
// No need to send anything
|
||||
TlsState::WAIT_CERT_CR => {},
|
||||
|
||||
// TLS Client wait for server's certificate cerify
|
||||
// No need to send anything
|
||||
TlsState::WAIT_CV=> {},
|
||||
|
||||
_ => todo!()
|
||||
}
|
||||
|
||||
|
@ -341,32 +345,41 @@ impl<R: RngCore + CryptoRng> TlsSocket<R> {
|
|||
// ExcepytedExtensions are disguised as ApplicationData
|
||||
// Pull out the `payload` from TlsRepr, decrypt as EE
|
||||
let mut payload = repr.payload.take().unwrap();
|
||||
log::info!("Encrypted payload: {:?}", payload);
|
||||
let mut array: [u8; 5] = [0; 5];
|
||||
let mut buffer = TlsBuffer::new(&mut array);
|
||||
buffer.write_u8(repr.content_type.into())?;
|
||||
buffer.write_u16(repr.version.into())?;
|
||||
buffer.write_u16(repr.length)?;
|
||||
let associated_data: &[u8] = buffer.into();
|
||||
log::info!("Associated Data: {:?}", associated_data);
|
||||
{
|
||||
self.session.borrow_mut().decrypt_in_place(
|
||||
associated_data,
|
||||
&mut payload
|
||||
);
|
||||
}
|
||||
log::info!("decrypted EE");
|
||||
log::info!("{:?}", payload);
|
||||
|
||||
// TODO: Parse payload of EE
|
||||
let parse_result = parse_handshake(&payload);
|
||||
let (_, encrypted_extensions_handshake) = parse_result
|
||||
let parse_result = parse_inner_plaintext_for_handshake(&payload);
|
||||
let (_, mut handshake_vec) = parse_result
|
||||
.map_err(|_| Error::Unrecognized)?;
|
||||
|
||||
// Verify that it is indeed an EE
|
||||
let might_be_ee = handshake_vec.remove(0);
|
||||
if might_be_ee.get_msg_type() != HandshakeType::EncryptedExtensions {
|
||||
// Process the other handshakes in "handshake_vec"
|
||||
todo!()
|
||||
}
|
||||
|
||||
// TODO: Process payload
|
||||
|
||||
// Practically, nothing will be done about cookies/server name
|
||||
// Extension processing is therefore skipped
|
||||
log::info!("Parsed EE");
|
||||
self.session.borrow_mut().client_update_for_ee();
|
||||
|
||||
// TODO: Handle in WAIT_CERT_CR if there are still unprocessed handshakes
|
||||
// Ideas: 1. Split off WAIT_CERT_CR handling into a separate function
|
||||
// so WAIT_EE branch can jsut call WAIT_CERT_CR branch
|
||||
// if there are extra handshake unprocessed
|
||||
// 2. Merge state dependent listeners into 1 branch, execute conditionally
|
||||
},
|
||||
|
||||
// In this stage, wait for a certificate from server
|
||||
|
@ -395,7 +408,26 @@ impl<R: RngCore + CryptoRng> TlsSocket<R> {
|
|||
&mut payload
|
||||
);
|
||||
}
|
||||
log::info!("Decrypted payload {:?}", payload);
|
||||
// log::info!("Decrypted payload {:?}", payload);
|
||||
|
||||
// Parse the certificate from TLS payload
|
||||
let parse_result = parse_inner_plaintext_for_handshake(&payload);
|
||||
let (_, mut handshake_vec) = parse_result
|
||||
.map_err(|_| Error::Unrecognized)?;
|
||||
|
||||
log::info!("Decrypted certificate {:X?}", handshake_vec);
|
||||
|
||||
// Verify that it is indeed an Certificate
|
||||
let might_be_ee = handshake_vec.remove(0);
|
||||
if might_be_ee.get_msg_type() != HandshakeType::Certificate {
|
||||
// Process the other handshakes in "handshake_vec"
|
||||
todo!()
|
||||
}
|
||||
|
||||
// TODO: Process Certificate
|
||||
|
||||
// Update session TLS state to WAIT_CV
|
||||
self.session.borrow_mut().client_update_for_wait_cert_cr();
|
||||
},
|
||||
|
||||
_ => {},
|
||||
|
|
|
@ -78,6 +78,8 @@ impl<'a> TlsRepr<'a> {
|
|||
self
|
||||
}
|
||||
|
||||
// TODO: Consider replace all these boolean function
|
||||
// into a single function that returns the HandshakeType.
|
||||
pub(crate) fn is_server_hello(&self) -> bool {
|
||||
self.content_type == TlsContentType::Handshake &&
|
||||
self.payload.is_none() &&
|
||||
|
@ -156,6 +158,10 @@ impl<'a, 'b> HandshakeRepr<'a> {
|
|||
length += u16::try_from(self.handshake_data.get_length()).unwrap();
|
||||
length
|
||||
}
|
||||
|
||||
pub(crate) fn get_msg_type(&self) -> HandshakeType {
|
||||
self.msg_type
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Debug, PartialEq, Eq, Clone, Copy, IntoPrimitive, TryFromPrimitive)]
|
||||
|
@ -658,21 +664,21 @@ pub(crate) enum CertificateEntryInfo<'a> {
|
|||
|
||||
X509 {
|
||||
cert_data_length: u32, // Only 24 bits
|
||||
cert_data: &'a [u8],
|
||||
cert_data: crate::certificate::Certificate<'a>,
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone)]
|
||||
pub(crate) struct CertificateEntry<'a> {
|
||||
certificate_entry_into: CertificateEntryInfo<'a>,
|
||||
extensions_length: u16,
|
||||
extensions: Vec<Extension>,
|
||||
pub(crate) certificate_entry_info: CertificateEntryInfo<'a>,
|
||||
pub(crate) extensions_length: u16,
|
||||
pub(crate) extensions: Vec<Extension>,
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone)]
|
||||
pub(crate) struct Certificate<'a> {
|
||||
certificate_request_context_length: u8, // 0 length unless responding to CERT_REQUEST
|
||||
certificate_request_context: &'a [u8],
|
||||
certificate_list_length: u32, // Only 24 bits
|
||||
certificate_list: &'a [CertificateEntry<'a>],
|
||||
pub(crate) certificate_request_context_length: u8, // 0 length unless responding to CERT_REQUEST
|
||||
pub(crate) certificate_request_context: &'a [u8],
|
||||
pub(crate) certificate_list_length: u32, // Only 24 bits
|
||||
pub(crate) certificate_list: Vec<CertificateEntry<'a>>,
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue