renet
/
SaiTLS
10
1
Fork 0
Code Issues 3 Pull Requests Releases Wiki Activity

fix: some warning

This commit is contained in:
occheung 2020-11-02 17:19:02 +08:00
parent 0a8ce3fd4c
commit 3d566b22e7
9 changed files with 44 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Cargo.toml
View File

@ -45,6 +45,11 @@ version = "0.5.0"
default-features = false default-features = false
features = [ "ecdh", "ecdsa", "arithmetic" ] features = [ "ecdh", "ecdsa", "arithmetic" ]
[dependencies.ed25519-dalek]
version = "1.0.1"
default-features = false
features = [ "u64_backend" ]
# Fetch from master, for "no_std" + "alloc" combination # Fetch from master, for "no_std" + "alloc" combination
[dependencies.rsa] [dependencies.rsa]
git = "https://github.com/RustCrypto/RSA.git" git = "https://github.com/RustCrypto/RSA.git"
@ -56,6 +61,11 @@ version = "5.1.2"
default-features = false default-features = false
features = [] features = []
[dependencies.arraydeque]
version = "0.4.5"
default-features = false
features = [ "use_generic_array" ]
[dependencies.simple_logger] [dependencies.simple_logger]
version = "1.11.0" version = "1.11.0"
optional = true optional = true

5
src/buffer.rs
View File

@ -1,11 +1,10 @@
use core::cell::RefCell; use core::cell::RefCell;
use core::convert::{ TryInto, TryFrom };
use smoltcp::{ Result, Error }; use smoltcp::{ Result, Error };
use alloc::vec::Vec; use alloc::vec::Vec;
use byteorder::{ByteOrder, NetworkEndian, BigEndian}; use byteorder::{ByteOrder, NetworkEndian};
use crate::tls_packet::*; use crate::tls_packet::*;
use crate::key::*; use crate::key::*;
@ -181,7 +180,7 @@ impl<'a> TlsBuffer<'a> {
} }
}, },
KeyShareEntry(k) => { KeyShareEntry(k) => {
let mut key_share_entry_into = |buffer: &mut TlsBuffer, entry: crate::tls_packet::KeyShareEntry| { let key_share_entry_into = |buffer: &mut TlsBuffer, entry: crate::tls_packet::KeyShareEntry| {
buffer.write_u16(entry.group.into())?; buffer.write_u16(entry.group.into())?;
buffer.write_u16(entry.length)?; buffer.write_u16(entry.length)?;
buffer.write(entry.key_exchange.as_slice()) buffer.write(entry.key_exchange.as_slice())

6
src/certificate.rs
View File

@ -1,7 +1,6 @@
use num_enum::IntoPrimitive; use num_enum::IntoPrimitive;
use num_enum::TryFromPrimitive; use num_enum::TryFromPrimitive;
use crate::parse::parse_asn1_der_object;
use crate::parse::parse_asn1_der_rsa_public_key; use crate::parse::parse_asn1_der_rsa_public_key;
use crate::Error as TlsError; use crate::Error as TlsError;
@ -32,6 +31,7 @@ pub struct TBSCertificate<'a> {
pub extensions: Extensions<'a>, pub extensions: Extensions<'a>,
} }
#[allow(non_camel_case_types)]
#[derive(Debug, PartialEq, Eq, Clone, Copy, IntoPrimitive, TryFromPrimitive)] #[derive(Debug, PartialEq, Eq, Clone, Copy, IntoPrimitive, TryFromPrimitive)]
#[repr(u8)] #[repr(u8)]
pub enum Version { pub enum Version {
@ -147,7 +147,6 @@ pub fn validate_root_certificate(cert: &Certificate) -> Result<bool, TlsError> {
let mut hasher = Sha1::new(); let mut hasher = Sha1::new();
hasher.update(cert.tbs_certificate_encoded); hasher.update(cert.tbs_certificate_encoded);
// TODO: invoke method to get public key
let (_, (modulus, exponent)) = parse_asn1_der_rsa_public_key( let (_, (modulus, exponent)) = parse_asn1_der_rsa_public_key(
cert.tbs_certificate.subject_public_key_info.subject_public_key cert.tbs_certificate.subject_public_key_info.subject_public_key
).map_err(|_| TlsError::ParsingError)?; ).map_err(|_| TlsError::ParsingError)?;
@ -165,9 +164,6 @@ pub fn validate_root_certificate(cert: &Certificate) -> Result<bool, TlsError> {
); );
Ok(verify_result.is_ok()) Ok(verify_result.is_ok())
} }
_ => {
todo!()
}
} }
} }

4
src/key.rs
View File

@ -1,8 +1,8 @@
use hkdf::Hkdf; use hkdf::Hkdf;
use sha2::{ Digest, Sha256, Sha384, Sha512 }; use sha2::Digest;
use sha2::digest::{BlockInput, FixedOutput, Reset, Update}; use sha2::digest::{BlockInput, FixedOutput, Reset, Update};
use generic_array::{ GenericArray, ArrayLength }; use generic_array::{ GenericArray, ArrayLength };
use heapless::{ String, Vec, consts::* }; use heapless::{ String, consts::* };
use crate::buffer::TlsBuffer; use crate::buffer::TlsBuffer;

2
src/lib.rs
View File

@ -11,8 +11,6 @@ pub mod session;
pub mod certificate; pub mod certificate;
pub mod fake_rng; pub mod fake_rng;
use nom::error::ParseError;
// TODO: Implement errors // TODO: Implement errors
// Details: Encapsulate smoltcp & nom errors // Details: Encapsulate smoltcp & nom errors
#[derive(Debug, Clone)] #[derive(Debug, Clone)]

11
src/parse.rs
View File

@ -6,12 +6,9 @@ use nom::combinator::complete;
use nom::combinator::opt; use nom::combinator::opt;
use nom::sequence::preceded; use nom::sequence::preceded;
use nom::sequence::tuple; use nom::sequence::tuple;
use nom::error::make_error;
use nom::error::ErrorKind; use nom::error::ErrorKind;
use smoltcp::Error;
use smoltcp::Result;
use byteorder::{ByteOrder, NetworkEndian, BigEndian}; use byteorder::{ByteOrder, NetworkEndian};
use crate::tls_packet::*; use crate::tls_packet::*;
@ -83,7 +80,7 @@ pub(crate) fn parse_inner_plaintext_for_handshake(bytes: &[u8]) -> IResult<&[u8]
let mut remaining_bytes = bytes; let mut remaining_bytes = bytes;
let mut handshake_vec: Vec<HandshakeRepr> = Vec::new(); let mut handshake_vec: Vec<HandshakeRepr> = Vec::new();
while true { loop {
// Perform check on the number of remaining bytes // Perform check on the number of remaining bytes
// Case 1: At most 4 bytes left, then that must be the content type of the TLS record // Case 1: At most 4 bytes left, then that must be the content type of the TLS record
// Assert that it is indeed handshake (0x16) // Assert that it is indeed handshake (0x16)
@ -115,8 +112,6 @@ pub(crate) fn parse_inner_plaintext_for_handshake(bytes: &[u8]) -> IResult<&[u8]
remaining_bytes = rem; remaining_bytes = rem;
handshake_vec.push(handshake_repr); handshake_vec.push(handshake_repr);
} }
unreachable!()
} }
// Input: The entire inner plaintext including TLS record // Input: The entire inner plaintext including TLS record
@ -281,7 +276,7 @@ fn parse_server_hello(bytes: &[u8]) -> IResult<&[u8], HandshakeData> {
// } TLSInnerPlaintext; // } TLSInnerPlaintext;
fn parse_encrypted_extensions(bytes: &[u8]) -> IResult<&[u8], EncryptedExtensions> { fn parse_encrypted_extensions(bytes: &[u8]) -> IResult<&[u8], EncryptedExtensions> {
let (mut rest, extension_length) = take(2_usize)(bytes)?; let (rest, extension_length) = take(2_usize)(bytes)?;
let extension_length: u16 = NetworkEndian::read_u16(extension_length); let extension_length: u16 = NetworkEndian::read_u16(extension_length);
let mut extension_length_counter: i32 = extension_length.into(); let mut extension_length_counter: i32 = extension_length.into();
let mut extension_vec: Vec<Extension> = Vec::new(); let mut extension_vec: Vec<Extension> = Vec::new();

14
src/session.rs
View File

@ -7,15 +7,10 @@ use chacha20poly1305::ChaCha20Poly1305;
use ccm::Ccm; use ccm::Ccm;
use hkdf::Hkdf; use hkdf::Hkdf;
use generic_array::GenericArray; use generic_array::GenericArray;
use byteorder::{ByteOrder, NetworkEndian, BigEndian}; use byteorder::{ByteOrder, NetworkEndian};
use rsa::{RSAPublicKey, PublicKey, PaddingScheme, Hash as RSAHash}; use rsa::{RSAPublicKey, PublicKey, PaddingScheme, Hash as RSAHash};
use hmac::{ Hmac, Mac, NewMac }; use hmac::{ Hmac, Mac, NewMac };
use rand_core::RngCore;
use core::convert::AsRef;
use core::cell::RefCell;
use crate::tls::TlsState; use crate::tls::TlsState;
use crate::tls_packet::CipherSuite; use crate::tls_packet::CipherSuite;
use crate::key::*; use crate::key::*;
@ -505,12 +500,15 @@ impl Session {
// Handle Ed25519 and p256 separately // Handle Ed25519 and p256 separately
// These 2 algorithms have a mandated hash function // These 2 algorithms have a mandated hash function
if signature_algorithm == SignatureScheme::ecdsa_secp256r1_sha256 || if signature_algorithm == SignatureScheme::ecdsa_secp256r1_sha256
signature_algorithm == SignatureScheme::ed25519
{ {
todo!() todo!()
} }
if signature_algorithm == SignatureScheme::ed25519 {
todo!()
}
// Get verification hash, and verify the signature // Get verification hash, and verify the signature
use crate::tls_packet::SignatureScheme::*; use crate::tls_packet::SignatureScheme::*;

38
src/tls.rs
View File

@ -1,12 +1,8 @@
use smoltcp::socket::TcpSocket; use smoltcp::socket::TcpSocket;
use smoltcp::socket::TcpState; use smoltcp::socket::TcpState;
use smoltcp::socket::Socket;
use smoltcp::socket::AnySocket;
use smoltcp::socket::SocketRef;
use smoltcp::socket::SocketHandle; use smoltcp::socket::SocketHandle;
use smoltcp::socket::SocketSet; use smoltcp::socket::SocketSet;
use smoltcp::socket::TcpSocketBuffer; use smoltcp::socket::TcpSocketBuffer;
use smoltcp::wire::Ipv4Address;
use smoltcp::wire::IpEndpoint; use smoltcp::wire::IpEndpoint;
use smoltcp::Result; use smoltcp::Result;
use smoltcp::Error; use smoltcp::Error;
@ -14,35 +10,26 @@ use smoltcp::iface::EthernetInterface;
use smoltcp::time::Instant; use smoltcp::time::Instant;
use smoltcp::phy::Device; use smoltcp::phy::Device;
use byteorder::{ByteOrder, NetworkEndian, BigEndian}; use byteorder::{ByteOrder, NetworkEndian};
use generic_array::GenericArray; use generic_array::GenericArray;
use core::convert::TryInto;
use core::convert::TryFrom; use core::convert::TryFrom;
use core::cell::RefCell; use core::cell::RefCell;
use rand_core::{RngCore, CryptoRng}; use rand_core::{RngCore, CryptoRng};
use p256::{EncodedPoint, AffinePoint, ecdh::EphemeralSecret, ecdh::SharedSecret}; use p256::{EncodedPoint, ecdh::EphemeralSecret};
use aes_gcm::{Aes128Gcm, Aes256Gcm}; use ccm::consts::*;
use chacha20poly1305::{ChaCha20Poly1305, Key}; use aes_gcm::AeadInPlace;
use ccm::{Ccm, consts::*};
use aes_gcm::aes::Aes128;
use aes_gcm::{AeadInPlace, NewAead};
use sha2::{Sha256, Sha384, Sha512, Digest};
use nom::bytes::complete::take; use nom::bytes::complete::take;
use nom::IResult;
use nom::error::make_error;
use nom::error::ErrorKind; use nom::error::ErrorKind;
use alloc::vec::{ self, Vec }; use alloc::vec::Vec;
use heapless::Vec as HeaplessVec; use heapless::Vec as HeaplessVec;
use crate::Error as TlsError;
use crate::tls_packet::*; use crate::tls_packet::*;
use crate::parse::{ use crate::parse::{
parse_tls_repr, parse_tls_repr,
parse_handshake,
parse_inner_plaintext_for_handshake, parse_inner_plaintext_for_handshake,
get_content_type_inner_plaintext get_content_type_inner_plaintext
}; };
@ -188,7 +175,7 @@ impl<R: 'static + RngCore + CryptoRng> TlsSocket<R> {
// Send client Finished to end handshake // Send client Finished to end handshake
TlsState::SERVER_CONNECTED => { TlsState::SERVER_CONNECTED => {
let mut inner_plaintext: HeaplessVec<u8, U64> = { let inner_plaintext: HeaplessVec<u8, U64> = {
let verify_data = self.session.borrow() let verify_data = self.session.borrow()
.get_client_finished_verify_data(); .get_client_finished_verify_data();
let mut handshake_header: [u8; 4] = [20, 0, 0, 0]; let mut handshake_header: [u8; 4] = [20, 0, 0, 0];
@ -214,13 +201,14 @@ impl<R: 'static + RngCore + CryptoRng> TlsSocket<R> {
iface.poll(sockets, now); iface.poll(sockets, now);
// Read for TLS packet // Read for TLS packet
// Proposition: Decouple all data from TLS record layer before processing
let mut array: [u8; 2048] = [0; 2048]; let mut array: [u8; 2048] = [0; 2048];
let mut tls_repr_vec = self.recv_tls_repr(sockets, &mut array)?; let mut tls_repr_vec = self.recv_tls_repr(sockets, &mut array)?;
// Take the TLS representation out of the vector, // Take the TLS representation out of the vector,
// Process as a queue // Process as a queue
let tls_repr_vec_size = tls_repr_vec.len(); let tls_repr_vec_size = tls_repr_vec.len();
for index in 0..tls_repr_vec_size { for _index in 0..tls_repr_vec_size {
let repr = tls_repr_vec.remove(0); let repr = tls_repr_vec.remove(0);
self.process(repr)?; self.process(repr)?;
} }
@ -398,7 +386,7 @@ impl<R: 'static + RngCore + CryptoRng> TlsSocket<R> {
} }
let parse_result = parse_inner_plaintext_for_handshake(&payload); let parse_result = parse_inner_plaintext_for_handshake(&payload);
let (_, (mut handshake_slice, mut handshake_vec)) = let (_, (handshake_slice, mut handshake_vec)) =
parse_result.map_err(|_| Error::Unrecognized)?; parse_result.map_err(|_| Error::Unrecognized)?;
// Verify that it is indeed an EE // Verify that it is indeed an EE
@ -414,7 +402,7 @@ impl<R: 'static + RngCore + CryptoRng> TlsSocket<R> {
// Extension processing is therefore skipped // Extension processing is therefore skipped
// Update hash of the session, get EE by taking appropriate length of data // Update hash of the session, get EE by taking appropriate length of data
// Length of handshake header is 4 // Length of handshake header is 4
let (handshake_slice, ee_slice) = let (_handshake_slice, ee_slice) =
take::<_, _, (&[u8], ErrorKind)>( take::<_, _, (&[u8], ErrorKind)>(
might_be_ee.length + 4 might_be_ee.length + 4
)(handshake_slice) )(handshake_slice)
@ -483,7 +471,7 @@ impl<R: 'static + RngCore + CryptoRng> TlsSocket<R> {
// Update session TLS state to WAIT_CV // Update session TLS state to WAIT_CV
// Length of handshake header is 4 // Length of handshake header is 4
let (handshake_slice, cert_slice) = let (_handshake_slice, cert_slice) =
take::<_, _, (&[u8], ErrorKind)>( take::<_, _, (&[u8], ErrorKind)>(
might_be_cert.length + 4 might_be_cert.length + 4
)(handshake_slice) )(handshake_slice)
@ -536,7 +524,7 @@ impl<R: 'static + RngCore + CryptoRng> TlsSocket<R> {
// Take out the portion for CertificateVerify // Take out the portion for CertificateVerify
// Length of handshake header is 4 // Length of handshake header is 4
let (handshake_slice, cert_verify_slice) = let (_handshake_slice, cert_verify_slice) =
take::<_, _, (&[u8], ErrorKind)>( take::<_, _, (&[u8], ErrorKind)>(
might_be_cert_verify.length + 4 might_be_cert_verify.length + 4
)(handshake_slice) )(handshake_slice)
@ -714,7 +702,7 @@ impl<R: 'static + RngCore + CryptoRng> TlsSocket<R> {
fn recv_tls_repr<'a>(&'a self, sockets: &mut SocketSet, byte_array: &'a mut [u8]) -> Result<Vec::<TlsRepr>> { fn recv_tls_repr<'a>(&'a self, sockets: &mut SocketSet, byte_array: &'a mut [u8]) -> Result<Vec::<TlsRepr>> {
let mut tcp_socket = sockets.get::<TcpSocket>(self.tcp_handle); let mut tcp_socket = sockets.get::<TcpSocket>(self.tcp_handle);
if !tcp_socket.can_recv() { if !tcp_socket.can_recv() {
return Ok((Vec::new())); return Ok(Vec::new());
} }
let array_size = tcp_socket.recv_slice(byte_array)?; let array_size = tcp_socket.recv_slice(byte_array)?;
let mut vec: Vec<TlsRepr> = Vec::new(); let mut vec: Vec<TlsRepr> = Vec::new();

16
src/tls_packet.rs
View File

@ -1,11 +1,7 @@
use byteorder::{ByteOrder, NetworkEndian, BigEndian};
use num_enum::IntoPrimitive; use num_enum::IntoPrimitive;
use num_enum::TryFromPrimitive; use num_enum::TryFromPrimitive;
use rand_core::RngCore; use p256::{EncodedPoint, ecdh::EphemeralSecret};
use rand_core::CryptoRng;
use p256::{EncodedPoint, AffinePoint, ecdh::{EphemeralSecret, SharedSecret}};
use core::convert::TryFrom; use core::convert::TryFrom;
use core::convert::TryInto; use core::convert::TryInto;
@ -242,7 +238,6 @@ pub(crate) enum HandshakeData<'a> {
EncryptedExtensions(EncryptedExtensions), EncryptedExtensions(EncryptedExtensions),
Certificate(Certificate<'a>), Certificate(Certificate<'a>),
CertificateVerify(CertificateVerify<'a>), CertificateVerify(CertificateVerify<'a>),
FinishedNeedParse,
Finished(Finished<'a>), Finished(Finished<'a>),
} }
@ -250,7 +245,7 @@ impl<'a> HandshakeData<'a> {
pub(crate) fn get_length(&self) -> usize { pub(crate) fn get_length(&self) -> usize {
match self { match self {
HandshakeData::ClientHello(data) => data.get_length(), HandshakeData::ClientHello(data) => data.get_length(),
HandshakeData::ServerHello(data) => todo!(), HandshakeData::ServerHello(_data) => todo!(),
_ => 0, _ => 0,
} }
} }
@ -288,7 +283,7 @@ impl<'a> ClientHello<'a> {
let mut versions = Vec::new(); let mut versions = Vec::new();
versions.push(TlsVersion::Tls13); versions.push(TlsVersion::Tls13);
let mut content = SupportedVersions::ClientHello { let content = SupportedVersions::ClientHello {
length, length,
versions, versions,
}; };
@ -308,7 +303,7 @@ impl<'a> ClientHello<'a> {
pub(crate) fn add_sh_supported_versions(mut self) -> Self { pub(crate) fn add_sh_supported_versions(mut self) -> Self {
let selected_version = TlsVersion::Tls13; let selected_version = TlsVersion::Tls13;
let mut content = SupportedVersions::ServerHello { let content = SupportedVersions::ServerHello {
selected_version selected_version
}; };
@ -570,6 +565,7 @@ pub(crate) struct Cookie {
cookie: Vec<u8>, cookie: Vec<u8>,
} }
#[allow(non_camel_case_types)]
#[derive(Debug, PartialEq, Eq, Clone, Copy, IntoPrimitive, TryFromPrimitive)] #[derive(Debug, PartialEq, Eq, Clone, Copy, IntoPrimitive, TryFromPrimitive)]
#[repr(u16)] #[repr(u16)]
pub(crate) enum SignatureScheme { pub(crate) enum SignatureScheme {
@ -610,6 +606,7 @@ impl SignatureSchemeList {
} }
} }
#[allow(non_camel_case_types)]
#[derive(Debug, PartialEq, Eq, Clone, Copy, IntoPrimitive, TryFromPrimitive)] #[derive(Debug, PartialEq, Eq, Clone, Copy, IntoPrimitive, TryFromPrimitive)]
#[repr(u16)] #[repr(u16)]
pub(crate) enum NamedGroup { pub(crate) enum NamedGroup {
@ -680,6 +677,7 @@ impl KeyShareEntryContent {
} }
} }
#[allow(non_camel_case_types)]
#[derive(Debug, Clone)] #[derive(Debug, Clone)]
#[repr(u16)] #[repr(u16)]
pub(crate) enum NameType { pub(crate) enum NameType {