state: client cert/verify init

This commit is contained in:
occheung 2020-11-18 17:39:27 +08:00
parent f0bf1e979d
commit 9e5a9266fc
3 changed files with 642 additions and 49 deletions

View File

@ -68,6 +68,7 @@ fn main() {
rx_buffer,
tx_buffer,
&mut RNG,
None
)
};

View File

@ -1,4 +1,4 @@
use p256::{ EncodedPoint, ecdh::EphemeralSecret };
use p256::{ EncodedPoint, ecdh::EphemeralSecret, ecdsa::signature::DigestVerifier };
use heapless::{ Vec, consts::* };
use sha2::{ Digest, Sha256, Sha384, Sha512, digest::FixedOutput };
use aes_gcm::{ Aes128Gcm, Aes256Gcm, aes::Aes128 };
@ -18,9 +18,11 @@ use crate::tls_packet::SignatureScheme;
use crate::Error;
use crate::fake_rng::FakeRandom;
use core::convert::TryFrom;
type Aes128Ccm = Ccm<Aes128, U16, U12>;
pub(crate) struct Session {
pub(crate) struct Session<'a> {
state: TlsState,
role: TlsRole,
// Session ID for this session
@ -59,14 +61,22 @@ pub(crate) struct Session {
// Reset to 0 on rekey AND key exchange
// TODO: Force rekey if sequence number need to wrap (very low priority)
client_sequence_number: u64,
server_sequence_number: u64,
pub server_sequence_number: u64,
// Certificate public key
// For Handling CertificateVerify
cert_public_key: Option<CertificatePublicKey>,
// Client certificate and its private key
cert_private_key: Option<(CertificatePrivateKey, alloc::vec::Vec<&'a [u8]>)>,
// Flag for noting the need to send client certificate
// Client must cent Certificate extension iff server requested it
need_send_client_cert: bool,
client_cert_verify_sig_alg: Option<crate::tls_packet::SignatureScheme>,
}
impl Session {
pub(crate) fn new(role: TlsRole) -> Self {
impl<'a> Session<'a> {
pub(crate) fn new(role: TlsRole, certificate_with_key: Option<(
CertificatePrivateKey, alloc::vec::Vec<&'a [u8]>
)>) -> Self {
let hash = Hash::Undetermined {
sha256: Sha256::new(),
sha384: Sha384::new(),
@ -93,7 +103,10 @@ impl Session {
server_application_nonce: None,
client_sequence_number: 0,
server_sequence_number: 0,
cert_public_key: None
cert_public_key: None,
cert_private_key: certificate_with_key,
need_send_client_cert: false,
client_cert_verify_sig_alg: None
}
}
@ -129,14 +142,6 @@ impl Session {
if self.state != TlsState::WAIT_SH || self.role != TlsRole::Client {
todo!()
}
// Generate ECDHE shared secret
// Remove private secret
// let ecdhe_shared_secret =
// self.ecdhe_secret
// .take()
// .unwrap()
// .diffie_hellman(&encoded_point)
// .unwrap();
let mut shared_secret_bytes: [u8; 32] = [0; 32];
if encoded_point.is_some() {
@ -496,6 +501,72 @@ impl Session {
self.state = TlsState::WAIT_CERT_CR;
}
pub(crate) fn client_update_for_certificate_request(
&mut self,
cert_request_slice: &[u8],
signature_algorithms: &[crate::tls_packet::SignatureScheme]
) {
self.hash.update(cert_request_slice);
// Note the need of sending client certificate
self.need_send_client_cert = true;
// Determine the supplied client certificate indeed has an
// acceptable signature algorithm
let mut private_key_algorithm_acceptable = false;
if let Some((private_key, cert)) = &self.cert_private_key {
if let CertificatePrivateKey::RSA {..} = private_key {
for sig_alg in signature_algorithms.iter() {
use crate::tls_packet::SignatureScheme::*;
if *sig_alg == rsa_pkcs1_sha256
|| *sig_alg == rsa_pkcs1_sha384
|| *sig_alg == rsa_pkcs1_sha512
|| *sig_alg == rsa_pss_rsae_sha256
|| *sig_alg == rsa_pss_rsae_sha384
|| *sig_alg == rsa_pss_rsae_sha512
|| *sig_alg == rsa_pss_pss_sha256
|| *sig_alg == rsa_pss_pss_sha384
|| *sig_alg == rsa_pss_pss_sha512
{
private_key_algorithm_acceptable = true;
self.client_cert_verify_sig_alg.replace(*sig_alg);
break;
}
}
} else if let CertificatePrivateKey::ECDSA_SECP256R1_SHA256 {..}
= private_key
{
for sig_alg in signature_algorithms.iter() {
use crate::tls_packet::SignatureScheme::*;
if *sig_alg == ecdsa_secp256r1_sha256
{
private_key_algorithm_acceptable = true;
self.client_cert_verify_sig_alg.replace(*sig_alg);
break;
}
}
} else if let CertificatePrivateKey::ED25519 {..} = private_key {
for sig_alg in signature_algorithms.iter() {
use crate::tls_packet::SignatureScheme::*;
if *sig_alg == ed25519
{
private_key_algorithm_acceptable = true;
self.client_cert_verify_sig_alg.replace(*sig_alg);
break;
}
}
}
}
// Dump the private key and certificate if the other side will not take it
if !private_key_algorithm_acceptable {
self.cert_private_key.take();
}
log::info!("client key: {:?}", self.cert_private_key.is_some());
// Move to the next state
self.state = TlsState::WAIT_CERT;
}
pub(crate) fn client_update_for_wait_cert_cr(
&mut self,
cert_slice: &[u8],
@ -525,11 +596,39 @@ impl Session {
// Handle Ed25519 and p256 separately
// These 2 algorithms have a mandated hash function
if signature_algorithm == SignatureScheme::ecdsa_secp256r1_sha256 {
todo!()
let verify_hash = Sha256::new()
.chain(&[0x20; 64])
.chain("TLS 1.3, server CertificateVerify")
.chain(&[0])
.chain(&transcript_hash);
let ecdsa_signature = p256::ecdsa::Signature::from_asn1(signature).unwrap();
self.cert_public_key
.take()
.unwrap()
.get_ecdsa_secp256r1_sha256_verify_key()
.unwrap()
.verify_digest(
verify_hash, &ecdsa_signature
).unwrap();
return
}
if signature_algorithm == SignatureScheme::ed25519 {
todo!()
let verify_hash = Sha512::new()
.chain(&[0x20; 64])
.chain("TLS 1.3, server CertificateVerify")
.chain(&[0])
.chain(&transcript_hash);
let ed25519_signature = ed25519_dalek::Signature::try_from(
signature
).unwrap();
self.cert_public_key.take()
.unwrap()
.get_ed25519_public_key()
.unwrap()
.verify_prehashed(verify_hash, None, &ed25519_signature)
.unwrap();
return
}
// Get verification hash, and verify the signature
@ -696,6 +795,8 @@ impl Session {
self.hash.get_sha256_clone().unwrap()
);
log::info!("Server traffic secret: {:?}", server_application_traffic_secret);
self.client_application_traffic_secret.replace(
Vec::from_slice(&client_application_traffic_secret).unwrap()
);
@ -983,6 +1084,26 @@ impl Session {
self.state = TlsState::SERVER_CONNECTED;
}
pub(crate) fn client_update_for_certificate_in_server_connected(
&mut self,
client_certificate_slice: &[u8]
)
{
// Sequence number is updated by send methods
// No need to change state as client will send everything needed immediately
self.hash.update(client_certificate_slice);
}
pub(crate) fn client_update_for_cert_verify_in_server_connected(
&mut self,
client_certificate_verify_slice: &[u8]
)
{
// Sequence number is updated by send methods
// No need to change state as client will send everything needed immediately
self.hash.update(client_certificate_verify_slice);
}
pub(crate) fn client_update_for_server_connected(
&mut self,
@ -1017,6 +1138,190 @@ impl Session {
self.changed_cipher_spec = true;
}
pub(crate) fn need_to_send_client_certificate(&self) -> bool {
self.need_send_client_cert
}
pub(crate) fn get_private_certificate_slices(&self) -> Option<&alloc::vec::Vec<&[u8]>> {
if let Some((_, cert_vec)) = &self.cert_private_key {
Some(cert_vec)
} else {
None
}
}
pub(crate) fn get_client_certificate_verify_signature(&self)
-> (crate::tls_packet::SignatureScheme, alloc::vec::Vec<u8>)
{
if let Some((private_key, client_certificate)) = &self.cert_private_key {
let transcript_hash: Vec<u8, U64> =
if let Ok(sha256) = self.hash.get_sha256_clone() {
Vec::from_slice(&sha256.finalize()).unwrap()
} else if let Ok(sha384) = self.hash.get_sha384_clone() {
Vec::from_slice(&sha384.finalize()).unwrap()
} else {
unreachable!()
};
use crate::tls_packet::SignatureScheme::*;
// RSA signature must be with PSS padding scheme
let get_rsa_padding_scheme = |sig_alg: SignatureScheme|
-> (SignatureScheme, PaddingScheme)
{
match sig_alg {
rsa_pkcs1_sha256 => {
(
rsa_pss_rsae_sha256,
PaddingScheme::new_pkcs1v15_sign(Some(RSAHash::SHA2_256))
)
},
rsa_pkcs1_sha384 => {
(
rsa_pss_rsae_sha384,
PaddingScheme::new_pkcs1v15_sign(Some(RSAHash::SHA2_384))
)
},
rsa_pkcs1_sha512 => {
(
rsa_pss_rsae_sha512,
PaddingScheme::new_pkcs1v15_sign(Some(RSAHash::SHA2_512))
)
},
rsa_pss_rsae_sha256 | rsa_pss_pss_sha256 => {
(
sig_alg,
PaddingScheme::new_pss::<Sha256, FakeRandom>(FakeRandom{})
)
},
rsa_pss_rsae_sha384 | rsa_pss_pss_sha384 => {
(
sig_alg,
PaddingScheme::new_pss::<Sha384, FakeRandom>(FakeRandom{})
)
},
rsa_pss_rsae_sha512 | rsa_pss_pss_sha512 => {
(
sig_alg,
PaddingScheme::new_pss::<Sha512, FakeRandom>(FakeRandom{})
)
},
_ => unreachable!()
}
};
match private_key {
CertificatePrivateKey::RSA { cert_rsa_private_key } => {
let sig_alg = self.client_cert_verify_sig_alg.unwrap();
let verify_hash: Vec<u8, U64> = match sig_alg {
rsa_pkcs1_sha256 | rsa_pss_rsae_sha256 | rsa_pss_pss_sha256 => {
Vec::from_slice(
&sha2::Sha256::new()
.chain(&[0x20; 64])
.chain("TLS 1.3, client CertificateVerify")
.chain(&[0x00])
.chain(&transcript_hash)
.finalize()
).unwrap()
},
rsa_pkcs1_sha384 | rsa_pss_rsae_sha384 | rsa_pss_pss_sha384 => {
Vec::from_slice(
&sha2::Sha384::new()
.chain(&[0x20; 64])
.chain("TLS 1.3, client CertificateVerify")
.chain(&[0x00])
.chain(&transcript_hash)
.finalize()
).unwrap()
},
rsa_pkcs1_sha512 | rsa_pss_rsae_sha512 | rsa_pss_pss_sha512 => {
Vec::from_slice(
&sha2::Sha512::new()
.chain(&[0x20; 64])
.chain("TLS 1.3, client CertificateVerify")
.chain(&[0x00])
.chain(&transcript_hash)
.finalize()
).unwrap()
},
_ => unreachable!()
};
let (modified_sig_alg, padding) = get_rsa_padding_scheme(sig_alg);
(
modified_sig_alg,
cert_rsa_private_key.sign(
padding, &verify_hash
).unwrap()
)
},
CertificatePrivateKey::ECDSA_SECP256R1_SHA256 { cert_signing_key } => {
let verify_hash = sha2::Sha256::new()
.chain(&[0x20; 64])
.chain("TLS 1.3, client CertificateVerify")
.chain(&[0x00])
.chain(&transcript_hash);
use p256::ecdsa::signature::DigestSigner;
let sig_vec = alloc::vec::Vec::from(
cert_signing_key.sign_digest(verify_hash).as_ref()
);
(
ecdsa_secp256r1_sha256,
sig_vec
)
},
CertificatePrivateKey::ED25519 { cert_eddsa_key } => {
let verify_hash = sha2::Sha512::new()
.chain(&[0x20; 64])
.chain("TLS 1.3, client CertificateVerify")
.chain(&[0x00])
.chain(&transcript_hash);
// Ed25519 requires a key-pair to sign
// Get public key from certificate
let certificate = crate::parse::parse_asn1_der_certificate(
client_certificate[0]
).unwrap().1;
let cert_public_key = certificate
.get_cert_public_key()
.unwrap();
let ed25519_public_key = cert_public_key
.get_ed25519_public_key()
.unwrap();
let mut keypair_bytes: [u8; 64] = [0; 64];
&keypair_bytes[..32].clone_from_slice(cert_eddsa_key.as_bytes());
&keypair_bytes[32..].clone_from_slice(ed25519_public_key.as_bytes());
let ed25519_keypair = ed25519_dalek::Keypair::from_bytes(
&keypair_bytes
).unwrap();
let sig_vec = alloc::vec::Vec::from(
ed25519_keypair
.sign_prehashed(verify_hash, None)
.unwrap()
.as_ref()
);
(
ed25519,
sig_vec
)
}
}
}
else {
// Should definitely NOT be invoking this function
// TODO: Throw error
todo!()
}
}
pub(crate) fn get_client_finished_verify_data(&self) -> Vec<u8, U64> {
if let Ok(sha256) = self.hash.get_sha256_clone() {
let hkdf = Hkdf::<Sha256>::from_prk(
@ -1235,6 +1540,7 @@ impl Session {
associated_data: &[u8],
buffer: &mut [u8]
) -> Result<(), Error> {
let (seq_num, nonce, cipher): (u64, &Vec<u8, U12>, &Cipher) = match self.role {
TlsRole::Server => {(
self.client_sequence_number,
@ -1519,3 +1825,15 @@ impl CertificatePublicKey {
}
}
}
pub enum CertificatePrivateKey {
RSA {
cert_rsa_private_key: rsa::RSAPrivateKey
},
ECDSA_SECP256R1_SHA256 {
cert_signing_key: p256::ecdsa::SigningKey
},
ED25519 {
cert_eddsa_key: ed25519_dalek::SecretKey
}
}

View File

@ -14,6 +14,7 @@ use byteorder::{ByteOrder, NetworkEndian};
use generic_array::GenericArray;
use core::convert::TryFrom;
use core::convert::TryInto;
use core::cell::RefCell;
use rand_core::{RngCore, CryptoRng};
@ -52,19 +53,23 @@ pub(crate) enum TlsState {
}
// TODO: Group up all session_specific parameters into a separate structure
pub struct TlsSocket<R: 'static + RngCore + CryptoRng>
pub struct TlsSocket<'s, R: RngCore + CryptoRng>
{
tcp_handle: SocketHandle,
rng: R,
session: RefCell<Session>,
session: RefCell<Session<'s>>,
}
impl<R: 'static + RngCore + CryptoRng> TlsSocket<R> {
impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
pub fn new<'a, 'b, 'c>(
sockets: &mut SocketSet<'a, 'b, 'c>,
rx_buffer: TcpSocketBuffer<'b>,
tx_buffer: TcpSocketBuffer<'b>,
rng: R,
certificate_with_key: Option<(
crate::session::CertificatePrivateKey,
Vec<&'s [u8]>
)>
) -> Self
where
'b: 'c,
@ -75,7 +80,7 @@ impl<R: 'static + RngCore + CryptoRng> TlsSocket<R> {
tcp_handle,
rng,
session: RefCell::new(
Session::new(TlsRole::Client)
Session::new(TlsRole::Client, certificate_with_key)
),
}
}
@ -162,10 +167,14 @@ impl<R: 'static + RngCore + CryptoRng> TlsSocket<R> {
// TLS client should jump from WAIT_SH directly to WAIT_CERT_CR directly.
TlsState::WAIT_EE => {},
// TLS Client wait for server's certificate
// TLS Client wait for server's certificate/ certificate request
// No need to send anything
TlsState::WAIT_CERT_CR => {},
// TLS Client wait for server's certificate after receiveing a request
// No need to send anything
TlsState::WAIT_CERT => {},
// TLS Client wait for server's certificate cerify
// No need to send anything
TlsState::WAIT_CV => {},
@ -176,7 +185,148 @@ impl<R: 'static + RngCore + CryptoRng> TlsSocket<R> {
TlsState::WAIT_FINISHED => {}
// Send client Finished to end handshake
// Also send certificate and certificate verify before client Finished if
// server sent a CertificateRequest beforehand
TlsState::SERVER_CONNECTED => {
// Certificate & CertificateVerify
let need_to_send_client_cert = {
self.session.borrow().need_to_send_client_certificate()
};
if need_to_send_client_cert {
let (certificates_total_length, mut buffer_vec) = {
let mut session = self.session.borrow_mut();
let mut buffer_vec: Vec<u8> = Vec::new();
let certificates = session
.get_private_certificate_slices()
.clone();
// Handshake level, client certificate byte followed by length (u24)
let mut handshake_header: [u8; 4] = [11, 0, 0, 0];
// Certificate struct:
// request_context = X509: 0 (u8),
// certificate_list to be determined (u24)
let mut certificate_header: [u8; 4] = [0, 0, 0, 0];
let mut certificates_total_length: u32 = 0;
// Append place holder bytes (8 of them) in the buffer vector
// Simpily copy the the headers back into the vector
// when all certificates are appended into the vector
buffer_vec.extend_from_slice(&[11, 0, 0, 0, 0, 0, 0, 0]);
// Certificate Entry struct(s)
if let Some(certificate_list) = certificates {
for cert in certificate_list.iter() {
// cert_data length, to be determined (u24)
let mut cert_data_length: [u8; 3] = [0, 0, 0];
// extensions: no extension needed
let extension: [u8; 2] = [0, 0];
let certificate_length: u32 = u32::try_from(cert.len()).unwrap();
NetworkEndian::write_u24(
&mut cert_data_length,
certificate_length
);
// Update length in Certificate struct
certificates_total_length += (
// cert_data (len & data) AND extension (len & data)
3 + certificate_length + 2 + 0
);
buffer_vec.extend_from_slice(&cert_data_length);
buffer_vec.extend_from_slice(cert);
buffer_vec.extend_from_slice(&extension);
}
}
// Write total certificate length into Certificate struct
NetworkEndian::write_u24(
&mut buffer_vec[5..8],
certificates_total_length
);
// Write the length of the entire handshake
NetworkEndian::write_u24(
&mut buffer_vec[1..4],
// 4 bytes for the Certificate struct header
certificates_total_length + 4
);
// Inner plaintext: record type
buffer_vec.push(22);
(certificates_total_length, buffer_vec)
};
self.send_application_slice(sockets, &mut buffer_vec.clone())?;
// Update session
let buffer_vec_length = buffer_vec.len();
{
self.session.borrow_mut()
.client_update_for_certificate_in_server_connected(
&buffer_vec[..(buffer_vec_length-1)]
);
}
// Send a CertificateVerify as well if any certificates
// were just sent by the client
if certificates_total_length != 0 {
// Serialize CertificateVerify
// Handshake bytes:
// msg_type = 15, CertificateVerify (u8)
// handshake_data_length = to be determined (u24)
// signature algorithm (u16)
// signature_length (u16)
// signature, the rest
let mut verify_buffer_vec: Vec<u8> = Vec::new();
// Leave bytes from Handshake struct as placeholders
verify_buffer_vec.extend_from_slice(&[
15,
0, 0, 0,
0, 0,
0, 0
]);
{
let session = self.session.borrow();
let (sig_alg, signature) = session
.get_client_certificate_verify_signature();
let signature_length: u16 = u16::try_from(signature.len()).unwrap();
NetworkEndian::write_u24(
&mut verify_buffer_vec[1..4],
(signature_length + 4).into()
);
NetworkEndian::write_u16(
&mut verify_buffer_vec[4..6],
sig_alg.try_into().unwrap()
);
NetworkEndian::write_u16(
&mut verify_buffer_vec[6..8],
signature_length
);
verify_buffer_vec.extend_from_slice(&signature);
}
// Push content byte (handshake: 22)
verify_buffer_vec.push(22);
log::info!("Client CV: {:?}", verify_buffer_vec);
self.send_application_slice(sockets, &mut verify_buffer_vec.clone())?;
// Update session
let cert_verify_len = verify_buffer_vec.len();
{
self.session.borrow_mut()
.client_update_for_cert_verify_in_server_connected(
&verify_buffer_vec[..(cert_verify_len-1)]
);
}
}
}
// Client Finished
let inner_plaintext: HeaplessVec<u8, U64> = {
let verify_data = self.session.borrow()
.get_client_finished_verify_data();
@ -192,8 +342,10 @@ impl<R: 'static + RngCore + CryptoRng> TlsSocket<R> {
buffer
};
self.send_application_slice(sockets, &mut inner_plaintext.clone())?;
let inner_plaintext_length = inner_plaintext.len();
self.session.borrow_mut()
.client_update_for_server_connected(&inner_plaintext);
.client_update_for_server_connected(&inner_plaintext[..(inner_plaintext_length-1)]);
}
_ => todo!()
@ -449,12 +601,10 @@ impl<R: 'static + RngCore + CryptoRng> TlsSocket<R> {
// In this stage, wait for a certificate from server
// Parse the certificate and check its content
TlsState::WAIT_CERT_CR => {
// Verify that it is indeed an Certificate
// Verify that it is indeed an Certificate, or CertificateRequest
let might_be_cert = repr.handshake.take().unwrap();
if might_be_cert.get_msg_type() != HandshakeType::Certificate {
// Process the other handshakes in "handshake_vec"
todo!()
}
if might_be_cert.get_msg_type() == HandshakeType::Certificate {
// Process certificates
// let all_certificates = might_be_cert.get_all_asn1_der_certificates().unwrap();
// log::info!("Number of certificates: {:?}", all_certificates.len());
@ -481,6 +631,101 @@ impl<R: 'static + RngCore + CryptoRng> TlsSocket<R> {
cert.get_cert_public_key().unwrap()
);
log::info!("Received WAIT_CERT_CR");
}
else if might_be_cert.get_msg_type() == HandshakeType::CertificateRequest {
// Process signature algorithm extension
// Signature algorithm for the private key of client cert must be included
// within the list of signature algorithms
//
// Client is STRONGLY RECOMMENDED to use a signature algorithm within
// the list of `mandatory to implement` signature algorithms, including:
// rsa_pkcs1_sha256, rsa_pss_rsae_sha256, ecdsa_secp256r1_sha256
//
// Update client state
let cert_req_extensions: &Vec<Extension> = might_be_cert
.get_cert_request_extensions()
.unwrap();
let sig_algs_ext: Option<&crate::tls_packet::Extension>
= cert_req_extensions
.iter()
.find( |&extension| {
extension.extension_type
== crate::tls_packet::ExtensionType::SignatureAlgorithms
}
);
if sig_algs_ext.is_some() {
// Convert extension into SignatureScheme
if let crate::tls_packet::ExtensionData::SignatureAlgorithms(
scheme_list
) = &sig_algs_ext.unwrap().extension_data {
// Update session TLS state to WAIT_CERT
// Length of handshake header is 4
let (_handshake_slice, cert_req_slice) =
take::<_, _, (&[u8], ErrorKind)>(
might_be_cert.length + 4
)(handshake_slice)
.map_err(|_| Error::Unrecognized)?;
self.session.borrow_mut()
.client_update_for_certificate_request(
&cert_req_slice,
&scheme_list.supported_signature_algorithms
);
}
} else {
// Reject connection, CertificateRequest must have
// SignatureAlgorithm extension
todo!()
}
log::info!("Received WAIT_CERT_CR");
}
else {
// Throw alert
todo!()
}
},
// In this stage, server will send a certificate chain
// Verify the certificate
TlsState::WAIT_CERT => {
// Verify that it is indeed an Certificate
let might_be_cert = repr.handshake.take().unwrap();
if might_be_cert.get_msg_type() == HandshakeType::Certificate {
// Process certificates
// let all_certificates = might_be_cert.get_all_asn1_der_certificates().unwrap();
// log::info!("Number of certificates: {:?}", all_certificates.len());
// log::info!("All certificates: {:?}", all_certificates);
// TODO: Process all certificates
let cert = might_be_cert.get_asn1_der_certificate().unwrap();
// TODO: Replace this block after implementing a proper
// certificate verification procdeure
cert.validate_self_signed_signature().expect("Signature mismatched");
// Update session TLS state to WAIT_CV
// Length of handshake header is 4
let (_handshake_slice, cert_slice) =
take::<_, _, (&[u8], ErrorKind)>(
might_be_cert.length + 4
)(handshake_slice)
.map_err(|_| Error::Unrecognized)?;
self.session.borrow_mut()
.client_update_for_wait_cert_cr(
&cert_slice,
cert.get_cert_public_key().unwrap()
);
log::info!("Received WAIT_CERT");
} else {
// Unexpected handshakes
// Throw alert
todo!()
}
},
// In this stage, server will eventually send a CertificateVerify
@ -619,6 +864,7 @@ impl<R: 'static + RngCore + CryptoRng> TlsSocket<R> {
},
_ => return Err(Error::Illegal),
};
NetworkEndian::write_u16(
&mut associated_data[3..5],
auth_tag_length + u16::try_from(slice.len()).unwrap()
@ -671,7 +917,34 @@ impl<R: 'static + RngCore + CryptoRng> TlsSocket<R> {
return Ok(0);
}
let recv_slice_size = tcp_socket.recv_slice(data)?;
// TODO: Use `recv` to receive instead
// Issue with using recv slice:
// Encrypted application data can cramp together into a TCP Segment
// Dequeuing all bytes from the buffer immediately can cause
// 1. Incorrect decryption, hence throwing error, and
// 2. sequence number to go out of sync forever
let (recv_slice_size, acceptable) = tcp_socket.recv(
|buffer| {
// Read the size of the TLS record beforehand
let record_length: usize = NetworkEndian::read_u16(&buffer[3..5]).into();
let provided_data_capacity: usize = data.len();
// Copy the entire byte representation of TLS packet into the
// user-provided buffer, if possible
if provided_data_capacity >= (record_length + 5) {
&data[..(record_length + 5)].clone_from_slice(&buffer[..(record_length + 5)]);
}
(
(record_length + 5),
(
(record_length + 5),
provided_data_capacity < (record_length + 5)
)
)
}
)?;
// let recv_slice_size = tcp_socket.recv_slice(data)?;
// Encrypted data need a TLS record wrapper (5 bytes)
// Authentication tag (16 bytes, for all supported AEADs)
// Content type byte (1 byte)
@ -684,11 +957,12 @@ impl<R: 'static + RngCore + CryptoRng> TlsSocket<R> {
let mut session = self.session.borrow_mut();
let mut associated_data: [u8; 5] = [0; 5];
associated_data.clone_from_slice(&data[..5]);
log::info!("Received encrypted appdata: {:?}", &data[..recv_slice_size]);
// log::info!("Received encrypted appdata: {:?}", &data[..recv_slice_size]);
// Dump association data (TLS Record wrapper)
// Only decrypt application data
// Always increment sequence number after decrpytion
log::info!("Sequence number: {:?}", session.server_sequence_number);
session.decrypt_application_data_in_place(
&associated_data,
&mut data[5..recv_slice_size]