renet
/
SaiTLS
10
1
Fork 0
Code Issues 3 Pull Requests Releases Wiki Activity

cert: fix ed25519

This commit is contained in:
occheung 2020-11-20 14:54:36 +08:00
parent 7597e41859
commit 47f2229feb
2 changed files with 23 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
src/session.rs
View File

@ -613,19 +613,23 @@ impl<'a> Session<'a> {
// Usual procedures: update hash
self.hash.update(cert_verify_slice);
// At last, update client state
self.state = TlsState::WAIT_FINISHED;
return;
}
// ED25519 only accepts PureEdDSA implementation
if signature_algorithm == SignatureScheme::ed25519 {
let verify_hash = Sha512::new()
.chain(&[0x20; 64])
.chain("TLS 1.3, server CertificateVerify")
.chain(&[0])
.chain(&transcript_hash);
// 64 bytes of 0x20
// 33 bytes of text
// 1 byte of 0
// potentially 48 bytes of transcript hash
// 146 bytes in total
let mut verify_message: Vec<u8, U146> = Vec::new();
verify_message.extend_from_slice(&[0x20; 64]).unwrap();
verify_message.extend_from_slice(b"TLS 1.3, server CertificateVerify").unwrap();
verify_message.extend_from_slice(&[0]).unwrap();
verify_message.extend_from_slice(&transcript_hash).unwrap();
let ed25519_signature = ed25519_dalek::Signature::try_from(
signature
).unwrap();
@ -633,15 +637,13 @@ impl<'a> Session<'a> {
.unwrap()
.get_ed25519_public_key()
.unwrap()
.verify_prehashed(verify_hash, None, &ed25519_signature)
.verify_strict(&verify_message, &ed25519_signature)
.unwrap();
// Usual procedures: update hash
self.hash.update(cert_verify_slice);
// At last, update client state
self.state = TlsState::WAIT_FINISHED;
return;
}
@ -709,7 +711,6 @@ impl<'a> Session<'a> {
.verify(
padding, &verify_hash, signature
);
log::info!("Algorithm {:?} Certificate verify: {:?}", signature_algorithm, verify_result);
if verify_result.is_err() {
todo!()
}
@ -1174,7 +1175,6 @@ impl<'a> Session<'a> {
} else {
unreachable!()
};
log::info!("Client Transcript Hash: {:?}", transcript_hash);
use crate::tls_packet::SignatureScheme::*;
// RSA signature must be with PSS padding scheme
@ -1299,11 +1299,12 @@ impl<'a> Session<'a> {
},
CertificatePrivateKey::ED25519 { cert_eddsa_key } => {
let verify_hash = sha2::Sha512::new()
.chain(&[0x20; 64])
.chain("TLS 1.3, client CertificateVerify")
.chain(&[0x00])
.chain(&transcript_hash);
// Similar to server CertificateVerify
let mut verify_message: Vec<u8, U146> = Vec::new();
verify_message.extend_from_slice(&[0x20; 64]).unwrap();
verify_message.extend_from_slice(b"TLS 1.3, client CertificateVerify").unwrap();
verify_message.extend_from_slice(&[0]).unwrap();
verify_message.extend_from_slice(&transcript_hash).unwrap();
// Ed25519 requires a key-pair to sign
// Get public key from certificate
@ -1326,10 +1327,10 @@ impl<'a> Session<'a> {
&keypair_bytes
).unwrap();
use ed25519_dalek::Signer;
let sig_vec = alloc::vec::Vec::from(
ed25519_keypair
.sign_prehashed(verify_hash, None)
.unwrap()
.sign(&verify_message)
.as_ref()
);

4
src/tls.rs
View File

@ -731,7 +731,7 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
// Verify that the signature is indeed correct
TlsState::WAIT_CV => {
// Ensure that it is CertificateVerify
// let might_be_cert_verify = handshake_vec.remove(0);
log::info!("Got certificate verify");
let might_be_cert_verify = repr.handshake.take().unwrap();
if might_be_cert_verify.get_msg_type() != HandshakeType::CertificateVerify {
// Process the other handshakes in "handshake_vec"
@ -745,9 +745,11 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
might_be_cert_verify.length + 4
)(handshake_slice)
.map_err(|_| Error::Unrecognized)?;
log::info!("about to verify");
// Perform verification, update TLS state if successful
let (sig_alg, signature) = might_be_cert_verify.get_signature().unwrap();
log::info!("Got signature");
{
self.session.borrow_mut()
.client_update_for_wait_cv(