renet/SaiTLS
10
1
Fork 0
Code Issues 3 Pull Requests Releases Wiki Activity

cert: fix ed25519

Browse Source
This commit is contained in:
occheung 2020-11-20 14:54:36 +08:00
parent 7597e41859
commit 47f2229feb
2 changed files with 23 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
src/session.rs
View File

@ -613,19 +613,23 @@ impl<'a> Session<'a> {
// Usual procedures: update hash // Usual procedures: update hash
self.hash.update(cert_verify_slice); self.hash.update(cert_verify_slice);
// At last, update client state // At last, update client state
self.state = TlsState::WAIT_FINISHED; self.state = TlsState::WAIT_FINISHED;
return; return;
} }
// ED25519 only accepts PureEdDSA implementation
if signature_algorithm == SignatureScheme::ed25519 { if signature_algorithm == SignatureScheme::ed25519 {
let verify_hash = Sha512::new() // 64 bytes of 0x20
.chain(&[0x20; 64]) // 33 bytes of text
.chain("TLS 1.3, server CertificateVerify") // 1 byte of 0
.chain(&[0]) // potentially 48 bytes of transcript hash
.chain(&transcript_hash); // 146 bytes in total
let mut verify_message: Vec<u8, U146> = Vec::new();
verify_message.extend_from_slice(&[0x20; 64]).unwrap();
verify_message.extend_from_slice(b"TLS 1.3, server CertificateVerify").unwrap();
verify_message.extend_from_slice(&[0]).unwrap();
verify_message.extend_from_slice(&transcript_hash).unwrap();
let ed25519_signature = ed25519_dalek::Signature::try_from( let ed25519_signature = ed25519_dalek::Signature::try_from(
signature signature
).unwrap(); ).unwrap();
@ -633,15 +637,13 @@ impl<'a> Session<'a> {
.unwrap() .unwrap()
.get_ed25519_public_key() .get_ed25519_public_key()
.unwrap() .unwrap()
.verify_prehashed(verify_hash, None, &ed25519_signature) .verify_strict(&verify_message, &ed25519_signature)
.unwrap(); .unwrap();
// Usual procedures: update hash // Usual procedures: update hash
self.hash.update(cert_verify_slice); self.hash.update(cert_verify_slice);
// At last, update client state // At last, update client state
self.state = TlsState::WAIT_FINISHED; self.state = TlsState::WAIT_FINISHED;
return; return;
} }
@ -709,7 +711,6 @@ impl<'a> Session<'a> {
.verify( .verify(
padding, &verify_hash, signature padding, &verify_hash, signature
); );
log::info!("Algorithm {:?} Certificate verify: {:?}", signature_algorithm, verify_result);
if verify_result.is_err() { if verify_result.is_err() {
todo!() todo!()
} }
@ -1174,7 +1175,6 @@ impl<'a> Session<'a> {
} else { } else {
unreachable!() unreachable!()
}; };
log::info!("Client Transcript Hash: {:?}", transcript_hash);
use crate::tls_packet::SignatureScheme::*; use crate::tls_packet::SignatureScheme::*;
// RSA signature must be with PSS padding scheme // RSA signature must be with PSS padding scheme
@ -1299,11 +1299,12 @@ impl<'a> Session<'a> {
}, },
CertificatePrivateKey::ED25519 { cert_eddsa_key } => { CertificatePrivateKey::ED25519 { cert_eddsa_key } => {
let verify_hash = sha2::Sha512::new() // Similar to server CertificateVerify
.chain(&[0x20; 64]) let mut verify_message: Vec<u8, U146> = Vec::new();
.chain("TLS 1.3, client CertificateVerify") verify_message.extend_from_slice(&[0x20; 64]).unwrap();
.chain(&[0x00]) verify_message.extend_from_slice(b"TLS 1.3, client CertificateVerify").unwrap();
.chain(&transcript_hash); verify_message.extend_from_slice(&[0]).unwrap();
verify_message.extend_from_slice(&transcript_hash).unwrap();
// Ed25519 requires a key-pair to sign // Ed25519 requires a key-pair to sign
// Get public key from certificate // Get public key from certificate
@ -1326,10 +1327,10 @@ impl<'a> Session<'a> {
&keypair_bytes &keypair_bytes
).unwrap(); ).unwrap();
use ed25519_dalek::Signer;
let sig_vec = alloc::vec::Vec::from( let sig_vec = alloc::vec::Vec::from(
ed25519_keypair ed25519_keypair
.sign_prehashed(verify_hash, None) .sign(&verify_message)
.unwrap()
.as_ref() .as_ref()
); );

4
src/tls.rs
View File

@ -731,7 +731,7 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
// Verify that the signature is indeed correct // Verify that the signature is indeed correct
TlsState::WAIT_CV => { TlsState::WAIT_CV => {
// Ensure that it is CertificateVerify // Ensure that it is CertificateVerify
// let might_be_cert_verify = handshake_vec.remove(0); log::info!("Got certificate verify");
let might_be_cert_verify = repr.handshake.take().unwrap(); let might_be_cert_verify = repr.handshake.take().unwrap();
if might_be_cert_verify.get_msg_type() != HandshakeType::CertificateVerify { if might_be_cert_verify.get_msg_type() != HandshakeType::CertificateVerify {
// Process the other handshakes in "handshake_vec" // Process the other handshakes in "handshake_vec"
@ -745,9 +745,11 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
might_be_cert_verify.length + 4 might_be_cert_verify.length + 4
)(handshake_slice) )(handshake_slice)
.map_err(|_| Error::Unrecognized)?; .map_err(|_| Error::Unrecognized)?;
log::info!("about to verify");
// Perform verification, update TLS state if successful // Perform verification, update TLS state if successful
let (sig_alg, signature) = might_be_cert_verify.get_signature().unwrap(); let (sig_alg, signature) = might_be_cert_verify.get_signature().unwrap();
log::info!("Got signature");
{ {
self.session.borrow_mut() self.session.borrow_mut()
.client_update_for_wait_cv( .client_update_for_wait_cv(