From 50cf99b5e47f4786a15ff54eb4036ec1f4bc8a81 Mon Sep 17 00:00:00 2001 From: occheung Date: Thu, 19 Nov 2020 13:04:02 +0800 Subject: [PATCH] rsapss: fix salt & random --- Cargo.toml | 2 +- src/fake_rng.rs | 44 ++++++++++++++++++++++++++++++- src/main.rs | 70 ++++++++++++++++++++++++++++++++++++++++++++++++- src/session.rs | 34 ++++++++++++++++-------- src/tls.rs | 3 +-- 5 files changed, 137 insertions(+), 16 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 05ddfa9..4cf30ea 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -90,4 +90,4 @@ optional = true [features] default = [] -std = [ "rand", "hex-literal", "simple_logger" ] +std = [ "rand", "hex-literal", "simple_logger", "rsa/default" ] diff --git a/src/fake_rng.rs b/src/fake_rng.rs index c658d44..e11f2f8 100644 --- a/src/fake_rng.rs +++ b/src/fake_rng.rs @@ -5,8 +5,9 @@ // Anyway, the RSAPublicKey::verify() method does NOT care about random at all :) use rand_core::{RngCore, Error}; +use byteorder::{ByteOrder, NetworkEndian, BigEndian}; -pub (crate) struct FakeRandom {} +pub struct FakeRandom {} impl RngCore for FakeRandom { fn next_u32(&mut self) -> u32 { @@ -23,3 +24,44 @@ impl RngCore for FakeRandom { Ok(()) } } + +// A construct to allow a random slice to be generated in advance and buffered +// The generated value will then be returned deterministically +// Motivation: +// This is to prevent the use of static mutable reference, thus unsafe function calls +// A TLS socket is not meant to be a singleton + +use generic_array::GenericArray; +use generic_array::ArrayLength; + +pub struct OneTimeRandom> { + stored_slice: GenericArray +} + +impl> OneTimeRandom { + pub fn new(slice: &[u8]) -> Self { + let mut stored_slice: GenericArray = Default::default(); + &stored_slice[..(slice.len())].clone_from_slice(slice); + Self { + stored_slice + } + } +} + +impl> RngCore for OneTimeRandom { + fn next_u32(&mut self) -> u32 { + NetworkEndian::read_u32(&self.stored_slice) + } + + fn next_u64(&mut self) -> u64 { + NetworkEndian::read_u64(&self.stored_slice) + } + + fn fill_bytes(&mut self, dest: &mut [u8]) { + dest.clone_from_slice(&self.stored_slice[..(dest.len())]); + } + + fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), Error> { + Ok(self.fill_bytes(dest)) + } +} diff --git a/src/main.rs b/src/main.rs index c2bed53..49ffa89 100644 --- a/src/main.rs +++ b/src/main.rs @@ -82,7 +82,7 @@ fn main() { simple_logger::SimpleLogger::new().init().unwrap(); let (_, certificate) = parse_asn1_der_certificate(&RSA_PSS_SELF_CERT).unwrap(); - println!("Certificate print: {:?}", certificate); + // println!("Certificate print: {:?}", certificate); // let modulus = [ // 0x00, 0xe1, 0x64, 0x42, 0x1f, 0x32, 0x2c, 0xa2, 0x81, 0x3a, 0x6f, 0x9d, 0x4e, 0x6d, 0xa7, 0xc9, 0xed, 0xb9, 0x47, 0x3e, 0xd8, 0x98, 0xe6, 0xba, 0xab, 0x07, 0x93, 0xb3, 0xc5, 0x80, 0x62, 0x7e, 0xb7, 0xe3, 0x9a, 0xfb, 0x9c, 0xf4, 0x0c, 0xc7, 0x49, 0x08, 0x73, 0x45, 0xe8, 0x94, 0xff, 0xb1, 0xe7, 0x52, 0xb6, 0x77, 0xa7, 0x53, 0x49, 0x0b, 0xf3, 0xe6, 0x13, 0x4a, 0x79, 0xd7, 0xef, 0x53, 0x7c, 0x8d, 0x84, 0x5b, 0xf3, 0x30, 0x6d, 0x4d, 0x43, 0x14, 0xa0, 0xc9, 0x8b, 0x86, 0x17, 0x16, 0x8a, 0x09, 0x60, 0xa9, 0xdb, 0x76, 0x8f, 0x5c, 0x58, 0x92, 0xf3, 0x63, 0xdb, 0x39, 0x82, 0xa7, 0x4a, 0x79, 0x08, 0x29, 0x1d, 0x94, 0x3c, 0xec, 0x11, 0x46, 0x70, 0xf8, 0xd1, 0xe4, 0xc2, 0x6f, 0x9d, 0x40, 0x8d, 0x8a, 0x29, 0x2e, 0x2b, 0x82, 0xd6, 0x1b, 0x0f, 0xbd, 0x49, 0xe4, 0xc9, 0xfb, 0xc3, 0x81, 0x29, 0x7f, 0x99, 0x07, 0x99, 0x5a, 0x28, 0x46, 0xf7, 0xdd, 0xca, 0xb2, 0x4c, 0xce, 0x21, 0x01, 0x24, 0xfc, 0xfe, 0x8f, 0xea, 0x73, 0x36, 0x39, 0xdf, 0xa0, 0x6c, 0x43, 0xf5, 0x3c, 0x74, 0xb3, 0x17, 0x00, 0xfd, 0xb4, 0xa2, 0x82, 0x1e, 0xed, 0xdf, 0x22, 0x2a, 0x35, 0x6d, 0xf7, 0x8a, 0x4d, 0xc8, 0x19, 0xb9, 0xd3, 0x88, 0x29, 0x10, 0x8e, 0xae, 0x30, 0xf2, 0x23, 0xce, 0x3b, 0xce, 0xe0, 0x7c, 0x5e, 0x52, 0xa1, 0x1f, 0xc1, 0x59, 0xcc, 0x14, 0xf6, 0x6f, 0xf1, 0xa6, 0xbb, 0xfd, 0x9b, 0x66, 0x96, 0x89, 0xbb, 0xd4, 0x0b, 0x9e, 0x5f, 0xac, 0xf0, 0x1d, 0x88, 0xa6, 0x27, 0x53, 0x48, 0xf2, 0x12, 0x54, 0x43, 0xf8, 0x92, 0x42, 0xcd, 0x6e, 0x00, 0x54, 0x67, 0x55, 0x6f, 0xfa, 0x38, 0x30, 0x7b, 0xea, 0xaa, 0x85, 0x9b, 0x31, 0xbf, 0x78, 0xb8, 0x2a, 0x97, 0x77, 0xd0, 0x23 @@ -191,6 +191,48 @@ fn main() { // permitted_name, // excluded_name // ).unwrap(); + + use rand_core::{RngCore, OsRng}; + use rsa::PublicKey; + use rsa::BigUint; + use smoltcp_tls::fake_rng::FakeRandom; + + let mut prime_vec = std::vec::Vec::new(); + prime_vec.extend_from_slice(&[ + BigUint::from_bytes_be(&CLIENT_PRIME_1), + BigUint::from_bytes_be(&CLIENT_PRIME_2) + ]); + let rsa_client_private_key = rsa::RSAPrivateKey::from_components( + BigUint::from_bytes_be(&CLIENT_PRIVATE_KEY_MOD), + BigUint::from_bytes_be(&CLIENT_PRIVATE_KEY_EXP), + BigUint::from_bytes_be(&CLIENT_PRIVATE_KEY_PMOD), + prime_vec + ); + let public_key_from_conversion = rsa_client_private_key.to_public_key(); + let rsa_client_public_key = + rsa::RSAPublicKey::from_pkcs1(&CLIENT_PUBLIC_KEY).unwrap(); + + println!("Public key from conversion: {:?}", public_key_from_conversion); + println!("Public key from certificate: {:?}", rsa_client_public_key); + println!("Public key are the same: {:?}", + public_key_from_conversion == rsa_client_public_key); + + let checked_hash = sha2::Sha256::new() + .chain(&[0x20; 64]) + .chain("TLS 1.3, client CertificateVerify") + .chain(&[0]) + .chain(&CLIENT_TRANSCRIPT_HASH) + .finalize(); + + let padding = rsa::PaddingScheme::new_pss_with_salt::(OsRng, 32); + let sign = rsa_client_private_key.sign(padding, &checked_hash).unwrap(); + + println!("Signature with salt: {:X?}", sign); + + let padding = rsa::PaddingScheme::new_pss_with_salt::(OsRng, 222); + rsa_client_public_key.verify(padding, &checked_hash, &sign).unwrap(); + + println!("Signature verified"); } const RSA_PSS_CERT: [u8; 0x3AB] = @@ -234,3 +276,29 @@ const GOOGLE_END_ENTITY_CERT: [u8; 0x0974] = hex_literal::hex!( "3082097030820858a00302010202103c8415c8e1e38e7702000000007fd492300d06092a864886f70d01010b05003042310b3009060355040613025553311e301c060355040a1315476f6f676c65205472757374205365727669636573311330110603550403130a47545320434120314f31301e170d3230313032383136313833365a170d3231303132303136313833365a3066310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731133011060355040a130a476f6f676c65204c4c433115301306035504030c0c2a2e676f6f676c652e636f6d3059301306072a8648ce3d020106082a8648ce3d03010703420004928f17ebaacb747f1c091d80bab6397cefca2ceed75053a05a196074295add702ed9298d45937515d53026c4ae3bdede339607b42b7525ad2713f1eb455208a6a382070730820703300e0603551d0f0101ff04040302078030130603551d25040c300a06082b06010505070301300c0603551d130101ff04023000301d0603551d0e04160414c2f35a502b0f66ccd7cf4ce9f687b6203f0d3b7c301f0603551d2304183016801498d1f86e10ebcf9bec609f18901ba0eb7d09fd2b306806082b06010505070101045c305a302b06082b06010505073001861f687474703a2f2f6f6373702e706b692e676f6f672f677473316f31636f7265302b06082b06010505073002861f687474703a2f2f706b692e676f6f672f677372322f475453314f312e637274308204c20603551d11048204b9308204b5820c2a2e676f6f676c652e636f6d820d2a2e616e64726f69642e636f6d82162a2e617070656e67696e652e676f6f676c652e636f6d82092a2e62646e2e64657682122a2e636c6f75642e676f6f676c652e636f6d82182a2e63726f7764736f757263652e676f6f676c652e636f6d82182a2e64617461636f6d707574652e676f6f676c652e636f6d82062a2e672e636f820e2a2e6763702e677674322e636f6d82112a2e67637063646e2e677674312e636f6d820a2a2e67677068742e636e820e2a2e676b65636e617070732e636e82162a2e676f6f676c652d616e616c79746963732e636f6d820b2a2e676f6f676c652e6361820b2a2e676f6f676c652e636c820e2a2e676f6f676c652e636f2e696e820e2a2e676f6f676c652e636f2e6a70820e2a2e676f6f676c652e636f2e756b820f2a2e676f6f676c652e636f6d2e6172820f2a2e676f6f676c652e636f6d2e6175820f2a2e676f6f676c652e636f6d2e6272820f2a2e676f6f676c652e636f6d2e636f820f2a2e676f6f676c652e636f6d2e6d78820f2a2e676f6f676c652e636f6d2e7472820f2a2e676f6f676c652e636f6d2e766e820b2a2e676f6f676c652e6465820b2a2e676f6f676c652e6573820b2a2e676f6f676c652e6672820b2a2e676f6f676c652e6875820b2a2e676f6f676c652e6974820b2a2e676f6f676c652e6e6c820b2a2e676f6f676c652e706c820b2a2e676f6f676c652e707482122a2e676f6f676c656164617069732e636f6d820f2a2e676f6f676c65617069732e636e82112a2e676f6f676c65636e617070732e636e82142a2e676f6f676c65636f6d6d657263652e636f6d82112a2e676f6f676c65766964656f2e636f6d820c2a2e677374617469632e636e820d2a2e677374617469632e636f6d82122a2e67737461746963636e617070732e636e820a2a2e677674312e636f6d820a2a2e677674322e636f6d82142a2e6d65747269632e677374617469632e636f6d820c2a2e75726368696e2e636f6d82102a2e75726c2e676f6f676c652e636f6d82132a2e776561722e676b65636e617070732e636e82162a2e796f75747562652d6e6f636f6f6b69652e636f6d820d2a2e796f75747562652e636f6d82162a2e796f7574756265656475636174696f6e2e636f6d82112a2e796f75747562656b6964732e636f6d82072a2e79742e6265820b2a2e7974696d672e636f6d821a616e64726f69642e636c69656e74732e676f6f676c652e636f6d820b616e64726f69642e636f6d821b646576656c6f7065722e616e64726f69642e676f6f676c652e636e821c646576656c6f706572732e616e64726f69642e676f6f676c652e636e8204672e636f820867677068742e636e820c676b65636e617070732e636e8206676f6f2e676c8214676f6f676c652d616e616c79746963732e636f6d820a676f6f676c652e636f6d820f676f6f676c65636e617070732e636e8212676f6f676c65636f6d6d657263652e636f6d8218736f757263652e616e64726f69642e676f6f676c652e636e820a75726368696e2e636f6d820a7777772e676f6f2e676c8208796f7574752e6265820b796f75747562652e636f6d8214796f7574756265656475636174696f6e2e636f6d820f796f75747562656b6964732e636f6d820579742e626530210603551d20041a30183008060667810c010202300c060a2b06010401d67902050330330603551d1f042c302a3028a026a0248622687474703a2f2f63726c2e706b692e676f6f672f475453314f31636f72652e63726c30820104060a2b06010401d6790204020481f50481f200f0007700f65c942fd1773022145418083094568ee34d131933bfdf0c2f200bcc4ef164e3000001757037f6230000040300483046022100aac1f73dd8213ad0f7cacfb97830908dd1bf945331fde26b369992cd52731ef1022100bcaa58c50418f910ac3aab1b9f4963c86a8abe79a4ce751ad9489008ae8db433007500eec095ee8d72640f92e3c3b91bc712a3696a097b4b6a1a1438e647b2cbedc5f9000001757037f675000004030046304402203534f394062ad3c22a3ee6b4fc4515824331e758179dbc003d1b30714858e7a802206b2f82038e90b0b1497a50adfa02edabc14c72a68f29ef8beebcdeb3aa79c5f9300d06092a864886f70d01010b05000382010100483bacd4bcba6181eaae86db235942cf84c89dd91ec973525eb46a0582b6fad7ef02124c94521e5d92272a4f87f82a23804adacc08f9da02f7f9b4a25f7d3c819a215b9b8f9308b943b0cd6c9121ecb6f9bd6491c20ec8c149fd171a5c13d17cf6bf1b7cfb2031016637d0daa2ce2f419d498abfdde0eb200c0586068789cbbaea3dd6b9e9e6ba124c6c4e9bf00c5bc79df57f91b849a6a8340883b5d2e1a3b00f86b7c56b34ef740a80ebce142c4973241934a5f257b406e4d2159ae0c27a70a88e8e3036b40611234fa7ece6dff1a5ed0dbc118a361879f0f26b6497cc17b36e2750c92ac0e64db12e5a2ac4142a5ca135ef6ea90f82c20a0eb4b4ed1a31d1" ); + +const CLIENT_TRANSCRIPT_HASH: [u8; 32] = [37, 135, 142, 217, 184, 116, 6, 86, 229, 163, 82, 51, 108, 168, 135, 99, 87, 101, 215, 44, 94, 5, 177, 160, 153, 125, 39, 51, 148, 67, 140, 70]; + +const CLIENT_PUBLIC_KEY: [u8; 0x010E] = + hex_literal::hex!( + "3082010a0282010100c24c615adad1640c2e39e295c460f2c795370cfb21cca519f9e6baf15645ca0b256ef8f318491baab9dc7196360b393bc35320354887d6cc822cf6e9d2eacc7fecf8d8e73f0f09bf131a5919e9e9c81e2aecf06d55be1720290853d4f1086b3e103d54d2b454d7c32abce433f6115d267bba246f68847463dfd1d6be904eb18d56885565d6fcf8a60386fc73b5450777e00485ae94d22096afc458d7fbd7c469dd861cab7b914715e093c4f1cc399e5a53010c2b65d5cc3d60fccc2cc5d8b3faa5fefaab551f1de1a93a19a15be9adb3a5c96d2e525a9f696174e6e772857e536b462a61c69a87710b74172c4b318f4842e7d27f7b6e0cbf3f983e3564ab80070203010001" + ); + +const CLIENT_SIGNATURE: [u8; 256] = + hex_literal::hex!( + "954ced7ddc8fdccbaeb83ee9b3a26a01c37cc74bfcb82b3b181c28ae06588f763cfc491b6869b74968fd7ae017360d8eeaa5bfb69d9c0e3524f14790422f7ccbc9a609880800c5076d6383865cd47986eff4d379bf554b86963ce4bc4706262f48932fd5fa16e73149c1c960f19f5e8d1a8dc5898a9e2de5c0d79a8a0017349f379d23683eec83a07f01c3b83cb4d0f66ae0672efc9723bed0296a82046232dc533988a253bd2b109074172735bad06b98c3863033d2d11ea2d0efc7a3db52c94d2e452882e87559a0e9036768dbc380189b89323294a03ef229943be3fa17095c5a220386c695cf279bc88ff1b017897cbcb231658937eef82adb9a17479429" + ); + +const CLIENT_PRIVATE_KEY_MOD: &'static [u8] = &[ + 0x00, 0xc2, 0x4c, 0x61, 0x5a, 0xda, 0xd1, 0x64, 0x0c, 0x2e, 0x39, 0xe2, 0x95, 0xc4, 0x60, 0xf2, 0xc7, 0x95, 0x37, 0x0c, 0xfb, 0x21, 0xcc, 0xa5, 0x19, 0xf9, 0xe6, 0xba, 0xf1, 0x56, 0x45, 0xca, 0x0b, 0x25, 0x6e, 0xf8, 0xf3, 0x18, 0x49, 0x1b, 0xaa, 0xb9, 0xdc, 0x71, 0x96, 0x36, 0x0b, 0x39, 0x3b, 0xc3, 0x53, 0x20, 0x35, 0x48, 0x87, 0xd6, 0xcc, 0x82, 0x2c, 0xf6, 0xe9, 0xd2, 0xea, 0xcc, 0x7f, 0xec, 0xf8, 0xd8, 0xe7, 0x3f, 0x0f, 0x09, 0xbf, 0x13, 0x1a, 0x59, 0x19, 0xe9, 0xe9, 0xc8, 0x1e, 0x2a, 0xec, 0xf0, 0x6d, 0x55, 0xbe, 0x17, 0x20, 0x29, 0x08, 0x53, 0xd4, 0xf1, 0x08, 0x6b, 0x3e, 0x10, 0x3d, 0x54, 0xd2, 0xb4, 0x54, 0xd7, 0xc3, 0x2a, 0xbc, 0xe4, 0x33, 0xf6, 0x11, 0x5d, 0x26, 0x7b, 0xba, 0x24, 0x6f, 0x68, 0x84, 0x74, 0x63, 0xdf, 0xd1, 0xd6, 0xbe, 0x90, 0x4e, 0xb1, 0x8d, 0x56, 0x88, 0x55, 0x65, 0xd6, 0xfc, 0xf8, 0xa6, 0x03, 0x86, 0xfc, 0x73, 0xb5, 0x45, 0x07, 0x77, 0xe0, 0x04, 0x85, 0xae, 0x94, 0xd2, 0x20, 0x96, 0xaf, 0xc4, 0x58, 0xd7, 0xfb, 0xd7, 0xc4, 0x69, 0xdd, 0x86, 0x1c, 0xab, 0x7b, 0x91, 0x47, 0x15, 0xe0, 0x93, 0xc4, 0xf1, 0xcc, 0x39, 0x9e, 0x5a, 0x53, 0x01, 0x0c, 0x2b, 0x65, 0xd5, 0xcc, 0x3d, 0x60, 0xfc, 0xcc, 0x2c, 0xc5, 0xd8, 0xb3, 0xfa, 0xa5, 0xfe, 0xfa, 0xab, 0x55, 0x1f, 0x1d, 0xe1, 0xa9, 0x3a, 0x19, 0xa1, 0x5b, 0xe9, 0xad, 0xb3, 0xa5, 0xc9, 0x6d, 0x2e, 0x52, 0x5a, 0x9f, 0x69, 0x61, 0x74, 0xe6, 0xe7, 0x72, 0x85, 0x7e, 0x53, 0x6b, 0x46, 0x2a, 0x61, 0xc6, 0x9a, 0x87, 0x71, 0x0b, 0x74, 0x17, 0x2c, 0x4b, 0x31, 0x8f, 0x48, 0x42, 0xe7, 0xd2, 0x7f, 0x7b, 0x6e, 0x0c, 0xbf, 0x3f, 0x98, 0x3e, 0x35, 0x64, 0xab, 0x80, 0x07 +]; +const CLIENT_PRIVATE_KEY_EXP: &'static [u8] = &[0x01, 0x00, 0x01]; +const CLIENT_PRIVATE_KEY_PMOD: &'static [u8] = &[ + 0x61, 0x95, 0x60, 0xf3, 0xf3, 0xa0, 0x64, 0xa2, 0x25, 0x79, 0x57, 0x0e, 0xa7, 0x21, 0x95, 0xed, 0x9d, 0x48, 0x97, 0xd1, 0x6d, 0x49, 0x4d, 0xc6, 0x7d, 0x17, 0x5f, 0xde, 0xa3, 0xd8, 0xcb, 0x3f, 0xcb, 0xde, 0x2f, 0x54, 0x50, 0x67, 0x2f, 0x69, 0x10, 0x8d, 0xe1, 0xd2, 0x72, 0x74, 0x32, 0x9b, 0x8c, 0x5f, 0x2c, 0x76, 0xf6, 0x65, 0x9b, 0x00, 0xfd, 0x84, 0x3d, 0xc2, 0x73, 0xf7, 0x0f, 0x1c, 0x54, 0xd5, 0x2a, 0x83, 0x01, 0xcd, 0xb8, 0xb4, 0x69, 0x90, 0xbb, 0x1d, 0x63, 0xb8, 0xd1, 0x94, 0x2d, 0x34, 0xf1, 0x0f, 0xc8, 0x97, 0x7f, 0x1f, 0xdc, 0xdb, 0xdc, 0xd6, 0xbe, 0xf3, 0xde, 0x80, 0xbe, 0x41, 0x3f, 0x5f, 0xcf, 0xc8, 0x28, 0xd1, 0x51, 0x9e, 0xaa, 0xf2, 0x59, 0xec, 0xa0, 0x9f, 0x1a, 0x57, 0x03, 0xc3, 0x9c, 0x77, 0xa1, 0xc9, 0x23, 0x79, 0x4d, 0x64, 0x4a, 0x2f, 0xeb, 0xc5, 0xd3, 0x38, 0x2c, 0x6d, 0xf6, 0xa6, 0xa9, 0xe7, 0x0a, 0x79, 0x05, 0xfa, 0x2a, 0x85, 0xc5, 0x9d, 0xf4, 0x91, 0xef, 0x34, 0xad, 0xb5, 0x64, 0xc5, 0x75, 0x8a, 0x36, 0x8f, 0x95, 0x25, 0xe9, 0x71, 0x0d, 0xa8, 0xe1, 0xea, 0xc3, 0xb4, 0xaa, 0xe7, 0x54, 0x54, 0xef, 0x72, 0x12, 0xa5, 0x14, 0x27, 0xec, 0x70, 0x12, 0x14, 0xdf, 0x65, 0xb3, 0xf5, 0xbc, 0x91, 0xe1, 0x36, 0x31, 0x1a, 0xdf, 0x7d, 0x58, 0x05, 0xb6, 0xe3, 0x48, 0xf2, 0x42, 0x89, 0x25, 0x29, 0x42, 0x0b, 0x5d, 0x8d, 0x0b, 0x76, 0x28, 0x0f, 0xaf, 0x56, 0x22, 0x94, 0x12, 0x8f, 0x76, 0x91, 0x49, 0xa6, 0xa4, 0xe3, 0x54, 0x17, 0x9e, 0xeb, 0xa6, 0x1b, 0xe5, 0x97, 0xde, 0x4e, 0x29, 0x8d, 0x7d, 0x5c, 0x18, 0x34, 0x29, 0x21, 0xd2, 0x7d, 0x14, 0x0b, 0xa1, 0x49, 0xb5, 0xe0, 0xc6, 0x30, 0x31, 0x80, 0xdc, 0x6a, 0x59, 0xb9 +]; +const CLIENT_PRIME_1: &'static [u8] = &[ + 0x00, 0xec, 0xe1, 0x6f, 0x5d, 0x7a, 0xed, 0x7b, 0x1a, 0xac, 0xce, 0x02, 0x91, 0xb4, 0x07, 0xcf, 0xc4, 0x2b, 0xcf, 0x2a, 0x37, 0x59, 0x43, 0x46, 0x1a, 0x55, 0xc2, 0x13, 0x89, 0x3c, 0xd5, 0xd6, 0xef, 0xed, 0x12, 0x9f, 0xc3, 0x36, 0x95, 0xd2, 0x6e, 0xf7, 0xca, 0x62, 0x9c, 0x71, 0x3d, 0x78, 0x3a, 0x4c, 0xe2, 0x5d, 0x07, 0x6e, 0x67, 0x53, 0xc3, 0xe7, 0x02, 0x58, 0x34, 0x25, 0xab, 0x67, 0xd4, 0x35, 0x92, 0x26, 0x4a, 0x3f, 0x1b, 0xc4, 0x43, 0xcd, 0x71, 0x3a, 0x8f, 0x9a, 0x2e, 0x44, 0xf6, 0x5a, 0x40, 0xf8, 0x32, 0x11, 0x39, 0xd4, 0x31, 0x35, 0xa1, 0xd7, 0x2d, 0x5d, 0xa5, 0xed, 0x24, 0x53, 0x32, 0xce, 0xb6, 0xb6, 0x12, 0xc6, 0xeb, 0xfd, 0x5b, 0x86, 0x21, 0xf7, 0xaf, 0x2e, 0x29, 0xb0, 0xed, 0x4d, 0x71, 0x3e, 0x82, 0x28, 0x74, 0xd5, 0x64, 0x59, 0xba, 0xa6, 0x59, 0xd7, 0x9b +]; +const CLIENT_PRIME_2: &'static [u8] = &[ + 0x00, 0xd1, 0xfb, 0x16, 0x0c, 0xf0, 0xa3, 0x9a, 0x56, 0xdc, 0x3d, 0x82, 0xc6, 0x69, 0xed, 0x1d, 0x6a, 0x6f, 0xf9, 0xf0, 0x27, 0x3f, 0x96, 0x15, 0x39, 0x30, 0x84, 0x93, 0x75, 0x67, 0x31, 0xc9, 0x55, 0x84, 0x14, 0x13, 0x54, 0x39, 0xc1, 0x7c, 0x02, 0x77, 0x2b, 0x56, 0x49, 0x2c, 0xca, 0xe5, 0x16, 0xb5, 0xa1, 0x22, 0x49, 0xd6, 0xfa, 0x96, 0xd7, 0xb8, 0xaf, 0x34, 0xd3, 0x00, 0xc0, 0x42, 0x2f, 0x73, 0x0d, 0xb1, 0xd0, 0xc8, 0x11, 0xc6, 0x16, 0x79, 0xde, 0x83, 0xcd, 0x53, 0x21, 0x9b, 0x58, 0xc5, 0xee, 0x35, 0x55, 0xb6, 0x8f, 0x83, 0xc9, 0x23, 0x15, 0x98, 0xe0, 0xb5, 0x6f, 0x3a, 0x3d, 0x0c, 0x06, 0xa8, 0x32, 0x16, 0x0f, 0xde, 0x66, 0xad, 0x44, 0x76, 0xcd, 0x4a, 0x7a, 0x3d, 0xcb, 0x2c, 0x83, 0x3e, 0xf7, 0x50, 0x94, 0xa2, 0x2b, 0x61, 0xb5, 0xb6, 0x02, 0x01, 0x24, 0x7e, 0x05 +]; diff --git a/src/session.rs b/src/session.rs index 78c87d9..fad2839 100644 --- a/src/session.rs +++ b/src/session.rs @@ -16,7 +16,7 @@ use crate::tls_packet::CipherSuite; use crate::key::*; use crate::tls_packet::SignatureScheme; use crate::Error; -use crate::fake_rng::FakeRandom; +use crate::fake_rng::{FakeRandom, OneTimeRandom}; use core::convert::TryFrom; @@ -795,8 +795,6 @@ impl<'a> Session<'a> { self.hash.get_sha256_clone().unwrap() ); - log::info!("Server traffic secret: {:?}", server_application_traffic_secret); - self.client_application_traffic_secret.replace( Vec::from_slice(&client_application_traffic_secret).unwrap() ); @@ -1150,7 +1148,7 @@ impl<'a> Session<'a> { } } - pub(crate) fn get_client_certificate_verify_signature(&self) + pub(crate) fn get_client_certificate_verify_signature(&self, rng: &mut R) -> (crate::tls_packet::SignatureScheme, alloc::vec::Vec) { if let Some((private_key, client_certificate)) = &self.cert_private_key { @@ -1162,47 +1160,61 @@ impl<'a> Session<'a> { } else { unreachable!() }; + log::info!("Client Transcript Hash: {:?}", transcript_hash); use crate::tls_packet::SignatureScheme::*; // RSA signature must be with PSS padding scheme - let get_rsa_padding_scheme = |sig_alg: SignatureScheme| + let mut get_rsa_padding_scheme = |sig_alg: SignatureScheme| -> (SignatureScheme, PaddingScheme) { match sig_alg { rsa_pkcs1_sha256 => { + let mut salt_buffer: [u8; 32] = [0; 32]; + rng.fill_bytes(&mut salt_buffer); + let one_time_rng = OneTimeRandom::new(&salt_buffer); ( rsa_pss_rsae_sha256, - PaddingScheme::new_pkcs1v15_sign(Some(RSAHash::SHA2_256)) + PaddingScheme::new_pss_with_salt::>(one_time_rng, 32) ) }, rsa_pkcs1_sha384 => { + let salt_buffer: [u8; 48] = [0; 48]; + let one_time_rng = OneTimeRandom::new(&salt_buffer); ( rsa_pss_rsae_sha384, - PaddingScheme::new_pkcs1v15_sign(Some(RSAHash::SHA2_384)) + PaddingScheme::new_pss_with_salt::>(one_time_rng, 48) ) }, rsa_pkcs1_sha512 => { + let salt_buffer: [u8; 64] = [0; 64]; + let one_time_rng = OneTimeRandom::new(&salt_buffer); ( rsa_pss_rsae_sha512, - PaddingScheme::new_pkcs1v15_sign(Some(RSAHash::SHA2_512)) + PaddingScheme::new_pss_with_salt::>(one_time_rng, 64) ) }, rsa_pss_rsae_sha256 | rsa_pss_pss_sha256 => { + let salt_buffer: [u8; 32] = [0; 32]; + let one_time_rng = OneTimeRandom::new(&salt_buffer); ( sig_alg, - PaddingScheme::new_pss::(FakeRandom{}) + PaddingScheme::new_pss_with_salt::>(one_time_rng, 32) ) }, rsa_pss_rsae_sha384 | rsa_pss_pss_sha384 => { + let salt_buffer: [u8; 48] = [0; 48]; + let one_time_rng = OneTimeRandom::new(&salt_buffer); ( sig_alg, - PaddingScheme::new_pss::(FakeRandom{}) + PaddingScheme::new_pss_with_salt::>(one_time_rng, 48) ) }, rsa_pss_rsae_sha512 | rsa_pss_pss_sha512 => { + let salt_buffer: [u8; 64] = [0; 64]; + let one_time_rng = OneTimeRandom::new(&salt_buffer); ( sig_alg, - PaddingScheme::new_pss::(FakeRandom{}) + PaddingScheme::new_pss_with_salt::>(one_time_rng, 64) ) }, _ => unreachable!() diff --git a/src/tls.rs b/src/tls.rs index bb18634..3926e21 100644 --- a/src/tls.rs +++ b/src/tls.rs @@ -292,7 +292,7 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> { { let session = self.session.borrow(); let (sig_alg, signature) = session - .get_client_certificate_verify_signature(); + .get_client_certificate_verify_signature(&mut self.rng); let signature_length: u16 = u16::try_from(signature.len()).unwrap(); NetworkEndian::write_u24( @@ -312,7 +312,6 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> { // Push content byte (handshake: 22) verify_buffer_vec.push(22); - log::info!("Client CV: {:?}", verify_buffer_vec); self.send_application_slice(sockets, &mut verify_buffer_vec.clone())?; // Update session let cert_verify_len = verify_buffer_vec.len();