rsapss: fix salt & random
This commit is contained in:
parent
9e5a9266fc
commit
50cf99b5e4
|
@ -90,4 +90,4 @@ optional = true
|
|||
|
||||
[features]
|
||||
default = []
|
||||
std = [ "rand", "hex-literal", "simple_logger" ]
|
||||
std = [ "rand", "hex-literal", "simple_logger", "rsa/default" ]
|
||||
|
|
|
@ -5,8 +5,9 @@
|
|||
// Anyway, the RSAPublicKey::verify() method does NOT care about random at all :)
|
||||
|
||||
use rand_core::{RngCore, Error};
|
||||
use byteorder::{ByteOrder, NetworkEndian, BigEndian};
|
||||
|
||||
pub (crate) struct FakeRandom {}
|
||||
pub struct FakeRandom {}
|
||||
|
||||
impl RngCore for FakeRandom {
|
||||
fn next_u32(&mut self) -> u32 {
|
||||
|
@ -23,3 +24,44 @@ impl RngCore for FakeRandom {
|
|||
Ok(())
|
||||
}
|
||||
}
|
||||
|
||||
// A construct to allow a random slice to be generated in advance and buffered
|
||||
// The generated value will then be returned deterministically
|
||||
// Motivation:
|
||||
// This is to prevent the use of static mutable reference, thus unsafe function calls
|
||||
// A TLS socket is not meant to be a singleton
|
||||
|
||||
use generic_array::GenericArray;
|
||||
use generic_array::ArrayLength;
|
||||
|
||||
pub struct OneTimeRandom<Size: ArrayLength<u8>> {
|
||||
stored_slice: GenericArray<u8, Size>
|
||||
}
|
||||
|
||||
impl<Size: ArrayLength<u8>> OneTimeRandom<Size> {
|
||||
pub fn new(slice: &[u8]) -> Self {
|
||||
let mut stored_slice: GenericArray<u8, Size> = Default::default();
|
||||
&stored_slice[..(slice.len())].clone_from_slice(slice);
|
||||
Self {
|
||||
stored_slice
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl<Size: ArrayLength<u8>> RngCore for OneTimeRandom<Size> {
|
||||
fn next_u32(&mut self) -> u32 {
|
||||
NetworkEndian::read_u32(&self.stored_slice)
|
||||
}
|
||||
|
||||
fn next_u64(&mut self) -> u64 {
|
||||
NetworkEndian::read_u64(&self.stored_slice)
|
||||
}
|
||||
|
||||
fn fill_bytes(&mut self, dest: &mut [u8]) {
|
||||
dest.clone_from_slice(&self.stored_slice[..(dest.len())]);
|
||||
}
|
||||
|
||||
fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), Error> {
|
||||
Ok(self.fill_bytes(dest))
|
||||
}
|
||||
}
|
||||
|
|
70
src/main.rs
70
src/main.rs
|
@ -82,7 +82,7 @@ fn main() {
|
|||
simple_logger::SimpleLogger::new().init().unwrap();
|
||||
|
||||
let (_, certificate) = parse_asn1_der_certificate(&RSA_PSS_SELF_CERT).unwrap();
|
||||
println!("Certificate print: {:?}", certificate);
|
||||
// println!("Certificate print: {:?}", certificate);
|
||||
|
||||
// let modulus = [
|
||||
// 0x00, 0xe1, 0x64, 0x42, 0x1f, 0x32, 0x2c, 0xa2, 0x81, 0x3a, 0x6f, 0x9d, 0x4e, 0x6d, 0xa7, 0xc9, 0xed, 0xb9, 0x47, 0x3e, 0xd8, 0x98, 0xe6, 0xba, 0xab, 0x07, 0x93, 0xb3, 0xc5, 0x80, 0x62, 0x7e, 0xb7, 0xe3, 0x9a, 0xfb, 0x9c, 0xf4, 0x0c, 0xc7, 0x49, 0x08, 0x73, 0x45, 0xe8, 0x94, 0xff, 0xb1, 0xe7, 0x52, 0xb6, 0x77, 0xa7, 0x53, 0x49, 0x0b, 0xf3, 0xe6, 0x13, 0x4a, 0x79, 0xd7, 0xef, 0x53, 0x7c, 0x8d, 0x84, 0x5b, 0xf3, 0x30, 0x6d, 0x4d, 0x43, 0x14, 0xa0, 0xc9, 0x8b, 0x86, 0x17, 0x16, 0x8a, 0x09, 0x60, 0xa9, 0xdb, 0x76, 0x8f, 0x5c, 0x58, 0x92, 0xf3, 0x63, 0xdb, 0x39, 0x82, 0xa7, 0x4a, 0x79, 0x08, 0x29, 0x1d, 0x94, 0x3c, 0xec, 0x11, 0x46, 0x70, 0xf8, 0xd1, 0xe4, 0xc2, 0x6f, 0x9d, 0x40, 0x8d, 0x8a, 0x29, 0x2e, 0x2b, 0x82, 0xd6, 0x1b, 0x0f, 0xbd, 0x49, 0xe4, 0xc9, 0xfb, 0xc3, 0x81, 0x29, 0x7f, 0x99, 0x07, 0x99, 0x5a, 0x28, 0x46, 0xf7, 0xdd, 0xca, 0xb2, 0x4c, 0xce, 0x21, 0x01, 0x24, 0xfc, 0xfe, 0x8f, 0xea, 0x73, 0x36, 0x39, 0xdf, 0xa0, 0x6c, 0x43, 0xf5, 0x3c, 0x74, 0xb3, 0x17, 0x00, 0xfd, 0xb4, 0xa2, 0x82, 0x1e, 0xed, 0xdf, 0x22, 0x2a, 0x35, 0x6d, 0xf7, 0x8a, 0x4d, 0xc8, 0x19, 0xb9, 0xd3, 0x88, 0x29, 0x10, 0x8e, 0xae, 0x30, 0xf2, 0x23, 0xce, 0x3b, 0xce, 0xe0, 0x7c, 0x5e, 0x52, 0xa1, 0x1f, 0xc1, 0x59, 0xcc, 0x14, 0xf6, 0x6f, 0xf1, 0xa6, 0xbb, 0xfd, 0x9b, 0x66, 0x96, 0x89, 0xbb, 0xd4, 0x0b, 0x9e, 0x5f, 0xac, 0xf0, 0x1d, 0x88, 0xa6, 0x27, 0x53, 0x48, 0xf2, 0x12, 0x54, 0x43, 0xf8, 0x92, 0x42, 0xcd, 0x6e, 0x00, 0x54, 0x67, 0x55, 0x6f, 0xfa, 0x38, 0x30, 0x7b, 0xea, 0xaa, 0x85, 0x9b, 0x31, 0xbf, 0x78, 0xb8, 0x2a, 0x97, 0x77, 0xd0, 0x23
|
||||
|
@ -191,6 +191,48 @@ fn main() {
|
|||
// permitted_name,
|
||||
// excluded_name
|
||||
// ).unwrap();
|
||||
|
||||
use rand_core::{RngCore, OsRng};
|
||||
use rsa::PublicKey;
|
||||
use rsa::BigUint;
|
||||
use smoltcp_tls::fake_rng::FakeRandom;
|
||||
|
||||
let mut prime_vec = std::vec::Vec::new();
|
||||
prime_vec.extend_from_slice(&[
|
||||
BigUint::from_bytes_be(&CLIENT_PRIME_1),
|
||||
BigUint::from_bytes_be(&CLIENT_PRIME_2)
|
||||
]);
|
||||
let rsa_client_private_key = rsa::RSAPrivateKey::from_components(
|
||||
BigUint::from_bytes_be(&CLIENT_PRIVATE_KEY_MOD),
|
||||
BigUint::from_bytes_be(&CLIENT_PRIVATE_KEY_EXP),
|
||||
BigUint::from_bytes_be(&CLIENT_PRIVATE_KEY_PMOD),
|
||||
prime_vec
|
||||
);
|
||||
let public_key_from_conversion = rsa_client_private_key.to_public_key();
|
||||
let rsa_client_public_key =
|
||||
rsa::RSAPublicKey::from_pkcs1(&CLIENT_PUBLIC_KEY).unwrap();
|
||||
|
||||
println!("Public key from conversion: {:?}", public_key_from_conversion);
|
||||
println!("Public key from certificate: {:?}", rsa_client_public_key);
|
||||
println!("Public key are the same: {:?}",
|
||||
public_key_from_conversion == rsa_client_public_key);
|
||||
|
||||
let checked_hash = sha2::Sha256::new()
|
||||
.chain(&[0x20; 64])
|
||||
.chain("TLS 1.3, client CertificateVerify")
|
||||
.chain(&[0])
|
||||
.chain(&CLIENT_TRANSCRIPT_HASH)
|
||||
.finalize();
|
||||
|
||||
let padding = rsa::PaddingScheme::new_pss_with_salt::<sha2::Sha256, OsRng>(OsRng, 32);
|
||||
let sign = rsa_client_private_key.sign(padding, &checked_hash).unwrap();
|
||||
|
||||
println!("Signature with salt: {:X?}", sign);
|
||||
|
||||
let padding = rsa::PaddingScheme::new_pss_with_salt::<sha2::Sha256, OsRng>(OsRng, 222);
|
||||
rsa_client_public_key.verify(padding, &checked_hash, &sign).unwrap();
|
||||
|
||||
println!("Signature verified");
|
||||
}
|
||||
|
||||
const RSA_PSS_CERT: [u8; 0x3AB] =
|
||||
|
@ -234,3 +276,29 @@ const GOOGLE_END_ENTITY_CERT: [u8; 0x0974] =
|
|||
hex_literal::hex!(
|
||||
"3082097030820858a00302010202103c8415c8e1e38e7702000000007fd492300d06092a864886f70d01010b05003042310b3009060355040613025553311e301c060355040a1315476f6f676c65205472757374205365727669636573311330110603550403130a47545320434120314f31301e170d3230313032383136313833365a170d3231303132303136313833365a3066310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731133011060355040a130a476f6f676c65204c4c433115301306035504030c0c2a2e676f6f676c652e636f6d3059301306072a8648ce3d020106082a8648ce3d03010703420004928f17ebaacb747f1c091d80bab6397cefca2ceed75053a05a196074295add702ed9298d45937515d53026c4ae3bdede339607b42b7525ad2713f1eb455208a6a382070730820703300e0603551d0f0101ff04040302078030130603551d25040c300a06082b06010505070301300c0603551d130101ff04023000301d0603551d0e04160414c2f35a502b0f66ccd7cf4ce9f687b6203f0d3b7c301f0603551d2304183016801498d1f86e10ebcf9bec609f18901ba0eb7d09fd2b306806082b06010505070101045c305a302b06082b06010505073001861f687474703a2f2f6f6373702e706b692e676f6f672f677473316f31636f7265302b06082b06010505073002861f687474703a2f2f706b692e676f6f672f677372322f475453314f312e637274308204c20603551d11048204b9308204b5820c2a2e676f6f676c652e636f6d820d2a2e616e64726f69642e636f6d82162a2e617070656e67696e652e676f6f676c652e636f6d82092a2e62646e2e64657682122a2e636c6f75642e676f6f676c652e636f6d82182a2e63726f7764736f757263652e676f6f676c652e636f6d82182a2e64617461636f6d707574652e676f6f676c652e636f6d82062a2e672e636f820e2a2e6763702e677674322e636f6d82112a2e67637063646e2e677674312e636f6d820a2a2e67677068742e636e820e2a2e676b65636e617070732e636e82162a2e676f6f676c652d616e616c79746963732e636f6d820b2a2e676f6f676c652e6361820b2a2e676f6f676c652e636c820e2a2e676f6f676c652e636f2e696e820e2a2e676f6f676c652e636f2e6a70820e2a2e676f6f676c652e636f2e756b820f2a2e676f6f676c652e636f6d2e6172820f2a2e676f6f676c652e636f6d2e6175820f2a2e676f6f676c652e636f6d2e6272820f2a2e676f6f676c652e636f6d2e636f820f2a2e676f6f676c652e636f6d2e6d78820f2a2e676f6f676c652e636f6d2e7472820f2a2e676f6f676c652e636f6d2e766e820b2a2e676f6f676c652e6465820b2a2e676f6f676c652e6573820b2a2e676f6f676c652e6672820b2a2e676f6f676c652e6875820b2a2e676f6f676c652e6974820b2a2e676f6f676c652e6e6c820b2a2e676f6f676c652e706c820b2a2e676f6f676c652e707482122a2e676f6f676c656164617069732e636f6d820f2a2e676f6f676c65617069732e636e82112a2e676f6f676c65636e617070732e636e82142a2e676f6f676c65636f6d6d657263652e636f6d82112a2e676f6f676c65766964656f2e636f6d820c2a2e677374617469632e636e820d2a2e677374617469632e636f6d82122a2e67737461746963636e617070732e636e820a2a2e677674312e636f6d820a2a2e677674322e636f6d82142a2e6d65747269632e677374617469632e636f6d820c2a2e75726368696e2e636f6d82102a2e75726c2e676f6f676c652e636f6d82132a2e776561722e676b65636e617070732e636e82162a2e796f75747562652d6e6f636f6f6b69652e636f6d820d2a2e796f75747562652e636f6d82162a2e796f7574756265656475636174696f6e2e636f6d82112a2e796f75747562656b6964732e636f6d82072a2e79742e6265820b2a2e7974696d672e636f6d821a616e64726f69642e636c69656e74732e676f6f676c652e636f6d820b616e64726f69642e636f6d821b646576656c6f7065722e616e64726f69642e676f6f676c652e636e821c646576656c6f706572732e616e64726f69642e676f6f676c652e636e8204672e636f820867677068742e636e820c676b65636e617070732e636e8206676f6f2e676c8214676f6f676c652d616e616c79746963732e636f6d820a676f6f676c652e636f6d820f676f6f676c65636e617070732e636e8212676f6f676c65636f6d6d657263652e636f6d8218736f757263652e616e64726f69642e676f6f676c652e636e820a75726368696e2e636f6d820a7777772e676f6f2e676c8208796f7574752e6265820b796f75747562652e636f6d8214796f7574756265656475636174696f6e2e636f6d820f796f75747562656b6964732e636f6d820579742e626530210603551d20041a30183008060667810c010202300c060a2b06010401d67902050330330603551d1f042c302a3028a026a0248622687474703a2f2f63726c2e706b692e676f6f672f475453314f31636f72652e63726c30820104060a2b06010401d6790204020481f50481f200f0007700f65c942fd1773022145418083094568ee34d131933bfdf0c2f200bcc4ef164e3000001757037f6230000040300483046022100aac1f73dd8213ad0f7cacfb97830908dd1bf945331fde26b369992cd52731ef1022100bcaa58c50418f910ac3aab1b9f4963c86a8abe79a4ce751ad9489008ae8db433007500eec095ee8d72640f92e3c3b91bc712a3696a097b4b6a1a1438e647b2cbedc5f9000001757037f675000004030046304402203534f394062ad3c22a3ee6b4fc4515824331e758179dbc003d1b30714858e7a802206b2f82038e90b0b1497a50adfa02edabc14c72a68f29ef8beebcdeb3aa79c5f9300d06092a864886f70d01010b05000382010100483bacd4bcba6181eaae86db235942cf84c89dd91ec973525eb46a0582b6fad7ef02124c94521e5d92272a4f87f82a23804adacc08f9da02f7f9b4a25f7d3c819a215b9b8f9308b943b0cd6c9121ecb6f9bd6491c20ec8c149fd171a5c13d17cf6bf1b7cfb2031016637d0daa2ce2f419d498abfdde0eb200c0586068789cbbaea3dd6b9e9e6ba124c6c4e9bf00c5bc79df57f91b849a6a8340883b5d2e1a3b00f86b7c56b34ef740a80ebce142c4973241934a5f257b406e4d2159ae0c27a70a88e8e3036b40611234fa7ece6dff1a5ed0dbc118a361879f0f26b6497cc17b36e2750c92ac0e64db12e5a2ac4142a5ca135ef6ea90f82c20a0eb4b4ed1a31d1"
|
||||
);
|
||||
|
||||
const CLIENT_TRANSCRIPT_HASH: [u8; 32] = [37, 135, 142, 217, 184, 116, 6, 86, 229, 163, 82, 51, 108, 168, 135, 99, 87, 101, 215, 44, 94, 5, 177, 160, 153, 125, 39, 51, 148, 67, 140, 70];
|
||||
|
||||
const CLIENT_PUBLIC_KEY: [u8; 0x010E] =
|
||||
hex_literal::hex!(
|
||||
"3082010a0282010100c24c615adad1640c2e39e295c460f2c795370cfb21cca519f9e6baf15645ca0b256ef8f318491baab9dc7196360b393bc35320354887d6cc822cf6e9d2eacc7fecf8d8e73f0f09bf131a5919e9e9c81e2aecf06d55be1720290853d4f1086b3e103d54d2b454d7c32abce433f6115d267bba246f68847463dfd1d6be904eb18d56885565d6fcf8a60386fc73b5450777e00485ae94d22096afc458d7fbd7c469dd861cab7b914715e093c4f1cc399e5a53010c2b65d5cc3d60fccc2cc5d8b3faa5fefaab551f1de1a93a19a15be9adb3a5c96d2e525a9f696174e6e772857e536b462a61c69a87710b74172c4b318f4842e7d27f7b6e0cbf3f983e3564ab80070203010001"
|
||||
);
|
||||
|
||||
const CLIENT_SIGNATURE: [u8; 256] =
|
||||
hex_literal::hex!(
|
||||
"954ced7ddc8fdccbaeb83ee9b3a26a01c37cc74bfcb82b3b181c28ae06588f763cfc491b6869b74968fd7ae017360d8eeaa5bfb69d9c0e3524f14790422f7ccbc9a609880800c5076d6383865cd47986eff4d379bf554b86963ce4bc4706262f48932fd5fa16e73149c1c960f19f5e8d1a8dc5898a9e2de5c0d79a8a0017349f379d23683eec83a07f01c3b83cb4d0f66ae0672efc9723bed0296a82046232dc533988a253bd2b109074172735bad06b98c3863033d2d11ea2d0efc7a3db52c94d2e452882e87559a0e9036768dbc380189b89323294a03ef229943be3fa17095c5a220386c695cf279bc88ff1b017897cbcb231658937eef82adb9a17479429"
|
||||
);
|
||||
|
||||
const CLIENT_PRIVATE_KEY_MOD: &'static [u8] = &[
|
||||
0x00, 0xc2, 0x4c, 0x61, 0x5a, 0xda, 0xd1, 0x64, 0x0c, 0x2e, 0x39, 0xe2, 0x95, 0xc4, 0x60, 0xf2, 0xc7, 0x95, 0x37, 0x0c, 0xfb, 0x21, 0xcc, 0xa5, 0x19, 0xf9, 0xe6, 0xba, 0xf1, 0x56, 0x45, 0xca, 0x0b, 0x25, 0x6e, 0xf8, 0xf3, 0x18, 0x49, 0x1b, 0xaa, 0xb9, 0xdc, 0x71, 0x96, 0x36, 0x0b, 0x39, 0x3b, 0xc3, 0x53, 0x20, 0x35, 0x48, 0x87, 0xd6, 0xcc, 0x82, 0x2c, 0xf6, 0xe9, 0xd2, 0xea, 0xcc, 0x7f, 0xec, 0xf8, 0xd8, 0xe7, 0x3f, 0x0f, 0x09, 0xbf, 0x13, 0x1a, 0x59, 0x19, 0xe9, 0xe9, 0xc8, 0x1e, 0x2a, 0xec, 0xf0, 0x6d, 0x55, 0xbe, 0x17, 0x20, 0x29, 0x08, 0x53, 0xd4, 0xf1, 0x08, 0x6b, 0x3e, 0x10, 0x3d, 0x54, 0xd2, 0xb4, 0x54, 0xd7, 0xc3, 0x2a, 0xbc, 0xe4, 0x33, 0xf6, 0x11, 0x5d, 0x26, 0x7b, 0xba, 0x24, 0x6f, 0x68, 0x84, 0x74, 0x63, 0xdf, 0xd1, 0xd6, 0xbe, 0x90, 0x4e, 0xb1, 0x8d, 0x56, 0x88, 0x55, 0x65, 0xd6, 0xfc, 0xf8, 0xa6, 0x03, 0x86, 0xfc, 0x73, 0xb5, 0x45, 0x07, 0x77, 0xe0, 0x04, 0x85, 0xae, 0x94, 0xd2, 0x20, 0x96, 0xaf, 0xc4, 0x58, 0xd7, 0xfb, 0xd7, 0xc4, 0x69, 0xdd, 0x86, 0x1c, 0xab, 0x7b, 0x91, 0x47, 0x15, 0xe0, 0x93, 0xc4, 0xf1, 0xcc, 0x39, 0x9e, 0x5a, 0x53, 0x01, 0x0c, 0x2b, 0x65, 0xd5, 0xcc, 0x3d, 0x60, 0xfc, 0xcc, 0x2c, 0xc5, 0xd8, 0xb3, 0xfa, 0xa5, 0xfe, 0xfa, 0xab, 0x55, 0x1f, 0x1d, 0xe1, 0xa9, 0x3a, 0x19, 0xa1, 0x5b, 0xe9, 0xad, 0xb3, 0xa5, 0xc9, 0x6d, 0x2e, 0x52, 0x5a, 0x9f, 0x69, 0x61, 0x74, 0xe6, 0xe7, 0x72, 0x85, 0x7e, 0x53, 0x6b, 0x46, 0x2a, 0x61, 0xc6, 0x9a, 0x87, 0x71, 0x0b, 0x74, 0x17, 0x2c, 0x4b, 0x31, 0x8f, 0x48, 0x42, 0xe7, 0xd2, 0x7f, 0x7b, 0x6e, 0x0c, 0xbf, 0x3f, 0x98, 0x3e, 0x35, 0x64, 0xab, 0x80, 0x07
|
||||
];
|
||||
const CLIENT_PRIVATE_KEY_EXP: &'static [u8] = &[0x01, 0x00, 0x01];
|
||||
const CLIENT_PRIVATE_KEY_PMOD: &'static [u8] = &[
|
||||
0x61, 0x95, 0x60, 0xf3, 0xf3, 0xa0, 0x64, 0xa2, 0x25, 0x79, 0x57, 0x0e, 0xa7, 0x21, 0x95, 0xed, 0x9d, 0x48, 0x97, 0xd1, 0x6d, 0x49, 0x4d, 0xc6, 0x7d, 0x17, 0x5f, 0xde, 0xa3, 0xd8, 0xcb, 0x3f, 0xcb, 0xde, 0x2f, 0x54, 0x50, 0x67, 0x2f, 0x69, 0x10, 0x8d, 0xe1, 0xd2, 0x72, 0x74, 0x32, 0x9b, 0x8c, 0x5f, 0x2c, 0x76, 0xf6, 0x65, 0x9b, 0x00, 0xfd, 0x84, 0x3d, 0xc2, 0x73, 0xf7, 0x0f, 0x1c, 0x54, 0xd5, 0x2a, 0x83, 0x01, 0xcd, 0xb8, 0xb4, 0x69, 0x90, 0xbb, 0x1d, 0x63, 0xb8, 0xd1, 0x94, 0x2d, 0x34, 0xf1, 0x0f, 0xc8, 0x97, 0x7f, 0x1f, 0xdc, 0xdb, 0xdc, 0xd6, 0xbe, 0xf3, 0xde, 0x80, 0xbe, 0x41, 0x3f, 0x5f, 0xcf, 0xc8, 0x28, 0xd1, 0x51, 0x9e, 0xaa, 0xf2, 0x59, 0xec, 0xa0, 0x9f, 0x1a, 0x57, 0x03, 0xc3, 0x9c, 0x77, 0xa1, 0xc9, 0x23, 0x79, 0x4d, 0x64, 0x4a, 0x2f, 0xeb, 0xc5, 0xd3, 0x38, 0x2c, 0x6d, 0xf6, 0xa6, 0xa9, 0xe7, 0x0a, 0x79, 0x05, 0xfa, 0x2a, 0x85, 0xc5, 0x9d, 0xf4, 0x91, 0xef, 0x34, 0xad, 0xb5, 0x64, 0xc5, 0x75, 0x8a, 0x36, 0x8f, 0x95, 0x25, 0xe9, 0x71, 0x0d, 0xa8, 0xe1, 0xea, 0xc3, 0xb4, 0xaa, 0xe7, 0x54, 0x54, 0xef, 0x72, 0x12, 0xa5, 0x14, 0x27, 0xec, 0x70, 0x12, 0x14, 0xdf, 0x65, 0xb3, 0xf5, 0xbc, 0x91, 0xe1, 0x36, 0x31, 0x1a, 0xdf, 0x7d, 0x58, 0x05, 0xb6, 0xe3, 0x48, 0xf2, 0x42, 0x89, 0x25, 0x29, 0x42, 0x0b, 0x5d, 0x8d, 0x0b, 0x76, 0x28, 0x0f, 0xaf, 0x56, 0x22, 0x94, 0x12, 0x8f, 0x76, 0x91, 0x49, 0xa6, 0xa4, 0xe3, 0x54, 0x17, 0x9e, 0xeb, 0xa6, 0x1b, 0xe5, 0x97, 0xde, 0x4e, 0x29, 0x8d, 0x7d, 0x5c, 0x18, 0x34, 0x29, 0x21, 0xd2, 0x7d, 0x14, 0x0b, 0xa1, 0x49, 0xb5, 0xe0, 0xc6, 0x30, 0x31, 0x80, 0xdc, 0x6a, 0x59, 0xb9
|
||||
];
|
||||
const CLIENT_PRIME_1: &'static [u8] = &[
|
||||
0x00, 0xec, 0xe1, 0x6f, 0x5d, 0x7a, 0xed, 0x7b, 0x1a, 0xac, 0xce, 0x02, 0x91, 0xb4, 0x07, 0xcf, 0xc4, 0x2b, 0xcf, 0x2a, 0x37, 0x59, 0x43, 0x46, 0x1a, 0x55, 0xc2, 0x13, 0x89, 0x3c, 0xd5, 0xd6, 0xef, 0xed, 0x12, 0x9f, 0xc3, 0x36, 0x95, 0xd2, 0x6e, 0xf7, 0xca, 0x62, 0x9c, 0x71, 0x3d, 0x78, 0x3a, 0x4c, 0xe2, 0x5d, 0x07, 0x6e, 0x67, 0x53, 0xc3, 0xe7, 0x02, 0x58, 0x34, 0x25, 0xab, 0x67, 0xd4, 0x35, 0x92, 0x26, 0x4a, 0x3f, 0x1b, 0xc4, 0x43, 0xcd, 0x71, 0x3a, 0x8f, 0x9a, 0x2e, 0x44, 0xf6, 0x5a, 0x40, 0xf8, 0x32, 0x11, 0x39, 0xd4, 0x31, 0x35, 0xa1, 0xd7, 0x2d, 0x5d, 0xa5, 0xed, 0x24, 0x53, 0x32, 0xce, 0xb6, 0xb6, 0x12, 0xc6, 0xeb, 0xfd, 0x5b, 0x86, 0x21, 0xf7, 0xaf, 0x2e, 0x29, 0xb0, 0xed, 0x4d, 0x71, 0x3e, 0x82, 0x28, 0x74, 0xd5, 0x64, 0x59, 0xba, 0xa6, 0x59, 0xd7, 0x9b
|
||||
];
|
||||
const CLIENT_PRIME_2: &'static [u8] = &[
|
||||
0x00, 0xd1, 0xfb, 0x16, 0x0c, 0xf0, 0xa3, 0x9a, 0x56, 0xdc, 0x3d, 0x82, 0xc6, 0x69, 0xed, 0x1d, 0x6a, 0x6f, 0xf9, 0xf0, 0x27, 0x3f, 0x96, 0x15, 0x39, 0x30, 0x84, 0x93, 0x75, 0x67, 0x31, 0xc9, 0x55, 0x84, 0x14, 0x13, 0x54, 0x39, 0xc1, 0x7c, 0x02, 0x77, 0x2b, 0x56, 0x49, 0x2c, 0xca, 0xe5, 0x16, 0xb5, 0xa1, 0x22, 0x49, 0xd6, 0xfa, 0x96, 0xd7, 0xb8, 0xaf, 0x34, 0xd3, 0x00, 0xc0, 0x42, 0x2f, 0x73, 0x0d, 0xb1, 0xd0, 0xc8, 0x11, 0xc6, 0x16, 0x79, 0xde, 0x83, 0xcd, 0x53, 0x21, 0x9b, 0x58, 0xc5, 0xee, 0x35, 0x55, 0xb6, 0x8f, 0x83, 0xc9, 0x23, 0x15, 0x98, 0xe0, 0xb5, 0x6f, 0x3a, 0x3d, 0x0c, 0x06, 0xa8, 0x32, 0x16, 0x0f, 0xde, 0x66, 0xad, 0x44, 0x76, 0xcd, 0x4a, 0x7a, 0x3d, 0xcb, 0x2c, 0x83, 0x3e, 0xf7, 0x50, 0x94, 0xa2, 0x2b, 0x61, 0xb5, 0xb6, 0x02, 0x01, 0x24, 0x7e, 0x05
|
||||
];
|
||||
|
|
|
@ -16,7 +16,7 @@ use crate::tls_packet::CipherSuite;
|
|||
use crate::key::*;
|
||||
use crate::tls_packet::SignatureScheme;
|
||||
use crate::Error;
|
||||
use crate::fake_rng::FakeRandom;
|
||||
use crate::fake_rng::{FakeRandom, OneTimeRandom};
|
||||
|
||||
use core::convert::TryFrom;
|
||||
|
||||
|
@ -795,8 +795,6 @@ impl<'a> Session<'a> {
|
|||
self.hash.get_sha256_clone().unwrap()
|
||||
);
|
||||
|
||||
log::info!("Server traffic secret: {:?}", server_application_traffic_secret);
|
||||
|
||||
self.client_application_traffic_secret.replace(
|
||||
Vec::from_slice(&client_application_traffic_secret).unwrap()
|
||||
);
|
||||
|
@ -1150,7 +1148,7 @@ impl<'a> Session<'a> {
|
|||
}
|
||||
}
|
||||
|
||||
pub(crate) fn get_client_certificate_verify_signature(&self)
|
||||
pub(crate) fn get_client_certificate_verify_signature<R: rand_core::RngCore>(&self, rng: &mut R)
|
||||
-> (crate::tls_packet::SignatureScheme, alloc::vec::Vec<u8>)
|
||||
{
|
||||
if let Some((private_key, client_certificate)) = &self.cert_private_key {
|
||||
|
@ -1162,47 +1160,61 @@ impl<'a> Session<'a> {
|
|||
} else {
|
||||
unreachable!()
|
||||
};
|
||||
log::info!("Client Transcript Hash: {:?}", transcript_hash);
|
||||
|
||||
use crate::tls_packet::SignatureScheme::*;
|
||||
// RSA signature must be with PSS padding scheme
|
||||
let get_rsa_padding_scheme = |sig_alg: SignatureScheme|
|
||||
let mut get_rsa_padding_scheme = |sig_alg: SignatureScheme|
|
||||
-> (SignatureScheme, PaddingScheme)
|
||||
{
|
||||
match sig_alg {
|
||||
rsa_pkcs1_sha256 => {
|
||||
let mut salt_buffer: [u8; 32] = [0; 32];
|
||||
rng.fill_bytes(&mut salt_buffer);
|
||||
let one_time_rng = OneTimeRandom::new(&salt_buffer);
|
||||
(
|
||||
rsa_pss_rsae_sha256,
|
||||
PaddingScheme::new_pkcs1v15_sign(Some(RSAHash::SHA2_256))
|
||||
PaddingScheme::new_pss_with_salt::<Sha256, OneTimeRandom<U32>>(one_time_rng, 32)
|
||||
)
|
||||
},
|
||||
rsa_pkcs1_sha384 => {
|
||||
let salt_buffer: [u8; 48] = [0; 48];
|
||||
let one_time_rng = OneTimeRandom::new(&salt_buffer);
|
||||
(
|
||||
rsa_pss_rsae_sha384,
|
||||
PaddingScheme::new_pkcs1v15_sign(Some(RSAHash::SHA2_384))
|
||||
PaddingScheme::new_pss_with_salt::<Sha256, OneTimeRandom<U48>>(one_time_rng, 48)
|
||||
)
|
||||
},
|
||||
rsa_pkcs1_sha512 => {
|
||||
let salt_buffer: [u8; 64] = [0; 64];
|
||||
let one_time_rng = OneTimeRandom::new(&salt_buffer);
|
||||
(
|
||||
rsa_pss_rsae_sha512,
|
||||
PaddingScheme::new_pkcs1v15_sign(Some(RSAHash::SHA2_512))
|
||||
PaddingScheme::new_pss_with_salt::<Sha256, OneTimeRandom<U64>>(one_time_rng, 64)
|
||||
)
|
||||
},
|
||||
rsa_pss_rsae_sha256 | rsa_pss_pss_sha256 => {
|
||||
let salt_buffer: [u8; 32] = [0; 32];
|
||||
let one_time_rng = OneTimeRandom::new(&salt_buffer);
|
||||
(
|
||||
sig_alg,
|
||||
PaddingScheme::new_pss::<Sha256, FakeRandom>(FakeRandom{})
|
||||
PaddingScheme::new_pss_with_salt::<Sha256, OneTimeRandom<U32>>(one_time_rng, 32)
|
||||
)
|
||||
},
|
||||
rsa_pss_rsae_sha384 | rsa_pss_pss_sha384 => {
|
||||
let salt_buffer: [u8; 48] = [0; 48];
|
||||
let one_time_rng = OneTimeRandom::new(&salt_buffer);
|
||||
(
|
||||
sig_alg,
|
||||
PaddingScheme::new_pss::<Sha384, FakeRandom>(FakeRandom{})
|
||||
PaddingScheme::new_pss_with_salt::<Sha256, OneTimeRandom<U48>>(one_time_rng, 48)
|
||||
)
|
||||
},
|
||||
rsa_pss_rsae_sha512 | rsa_pss_pss_sha512 => {
|
||||
let salt_buffer: [u8; 64] = [0; 64];
|
||||
let one_time_rng = OneTimeRandom::new(&salt_buffer);
|
||||
(
|
||||
sig_alg,
|
||||
PaddingScheme::new_pss::<Sha512, FakeRandom>(FakeRandom{})
|
||||
PaddingScheme::new_pss_with_salt::<Sha256, OneTimeRandom<U64>>(one_time_rng, 64)
|
||||
)
|
||||
},
|
||||
_ => unreachable!()
|
||||
|
|
|
@ -292,7 +292,7 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
|
|||
{
|
||||
let session = self.session.borrow();
|
||||
let (sig_alg, signature) = session
|
||||
.get_client_certificate_verify_signature();
|
||||
.get_client_certificate_verify_signature(&mut self.rng);
|
||||
|
||||
let signature_length: u16 = u16::try_from(signature.len()).unwrap();
|
||||
NetworkEndian::write_u24(
|
||||
|
@ -312,7 +312,6 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
|
|||
// Push content byte (handshake: 22)
|
||||
verify_buffer_vec.push(22);
|
||||
|
||||
log::info!("Client CV: {:?}", verify_buffer_vec);
|
||||
self.send_application_slice(sockets, &mut verify_buffer_vec.clone())?;
|
||||
// Update session
|
||||
let cert_verify_len = verify_buffer_vec.len();
|
||||
|
|
Loading…
Reference in New Issue