From c22ff413da521b0544d90f191a55f11846e890ba Mon Sep 17 00:00:00 2001 From: occheung Date: Mon, 23 Nov 2020 17:16:07 +0800 Subject: [PATCH] poll: init --- Cargo.toml | 5 ++ src/buffer.rs | 29 ------- src/certificate.rs | 6 +- src/fake_rng.rs | 2 +- src/lib.rs | 33 ++++++++ src/main.rs | 196 +++++++++++++++++++++++++++++---------------- src/parse.rs | 7 +- src/session.rs | 19 ++++- src/set.rs | 82 +++++++++++++++++++ src/tls.rs | 123 ++++++++++++++-------------- src/tls_packet.rs | 31 ++----- 11 files changed, 334 insertions(+), 199 deletions(-) create mode 100644 src/set.rs diff --git a/Cargo.toml b/Cargo.toml index 4cf30ea..f847384 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -76,6 +76,11 @@ version = "0.9.0" default-features = false features = [] +[dependencies.managed] +version = "0.8.0" +default-features = false +features = [ "alloc" ] + [dependencies.simple_logger] version = "1.11.0" optional = true diff --git a/src/buffer.rs b/src/buffer.rs index e168f8c..2e9f40d 100644 --- a/src/buffer.rs +++ b/src/buffer.rs @@ -30,10 +30,6 @@ impl<'a> TlsBuffer<'a> { } } - pub(crate) fn get_size(&self) -> usize { - self.index.clone().into_inner() - } - pub(crate) fn write(&mut self, data: &[u8]) -> Result<()> { let mut index = self.index.borrow_mut(); if (self.buffer.len() - *index) < data.len() { @@ -55,31 +51,6 @@ impl<'a> TlsBuffer<'a> { Ok(()) } - pub(crate) fn read_u8(&mut self) -> Result { - let mut index = self.index.borrow_mut(); - if (self.buffer.len() - *index) < 1 { - return Err(Error::Exhausted); - } - let data = self.buffer[*index]; - *index += 1; - Ok(data) - } - - pub(crate) fn read_all(self) -> &'a [u8] { - &self.buffer[self.index.into_inner()..] - } - - pub(crate) fn read_slice(&self, length: usize) -> Result<&[u8]> { - let mut index = self.index.borrow_mut(); - if (self.buffer.len() - *index) < length { - return Err(Error::Exhausted); - } - let next_index = *index + length; - let slice = &self.buffer[*index..next_index]; - *index = next_index; - Ok(slice) - } - pub(crate) fn enqueue_tls_repr(&mut self, tls_repr: TlsRepr<'a>) -> Result<()> { self.write_u8(tls_repr.content_type.into())?; self.write_u16(tls_repr.version.into())?; diff --git a/src/certificate.rs b/src/certificate.rs index e01c8d9..6a66c73 100644 --- a/src/certificate.rs +++ b/src/certificate.rs @@ -7,7 +7,6 @@ use chrono::{DateTime, FixedOffset}; use crate::parse::parse_asn1_der_rsa_public_key; use crate::parse::parse_rsa_ssa_pss_parameters; -use crate::parse::parse_ecdsa_signature; use crate::parse::parse_asn1_der_oid; use crate::Error as TlsError; @@ -19,10 +18,9 @@ use sha1::{Sha1, Digest}; use sha2::{Sha224, Sha256, Sha384, Sha512}; use rsa::{PublicKey, RSAPublicKey, PaddingScheme, BigUint, Hash}; -use p256::ecdsa::signature::{Verifier, DigestVerifier}; +use p256::ecdsa::signature::{Verifier}; use alloc::vec::Vec; -use heapless::{ Vec as HeaplessVec, consts::* }; use byteorder::{ByteOrder, NetworkEndian}; @@ -1234,7 +1232,7 @@ fn wrap_up_verification( // require_explicit_policy is 0, set explicit_policy_state to be 0 if let ExtensionValue::PolicyConstraints { require_explicit_policy, - inhibit_policy_mapping + .. } = &extension.extension_value { if require_explicit_policy.is_some() { if require_explicit_policy.unwrap() == 0 { diff --git a/src/fake_rng.rs b/src/fake_rng.rs index e11f2f8..3006afe 100644 --- a/src/fake_rng.rs +++ b/src/fake_rng.rs @@ -5,7 +5,7 @@ // Anyway, the RSAPublicKey::verify() method does NOT care about random at all :) use rand_core::{RngCore, Error}; -use byteorder::{ByteOrder, NetworkEndian, BigEndian}; +use byteorder::{ByteOrder, NetworkEndian}; pub struct FakeRandom {} diff --git a/src/lib.rs b/src/lib.rs index 6488d68..8aa512c 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -11,6 +11,7 @@ pub mod session; pub mod certificate; pub mod fake_rng; pub mod oid; +pub mod set; // TODO: Implement errors // Details: Encapsulate smoltcp & nom errors @@ -29,3 +30,35 @@ pub enum Error { CertificatePolicyError, CertificateVersionError, } + +impl From for Error { + fn from(error: smoltcp::Error) -> Self { + Self::PropagatedError(error) + } +} + +pub trait TlsRng: rand_core::RngCore + rand_core::CryptoRng {} + +use smoltcp as net; + +use net::socket::SocketSet; +use net::iface::EthernetInterface; +use net::time::Instant; +use net::phy::Device; + +use crate::tls::TlsSocket; +use crate::set::TlsSocketSet; + +// One-call function for polling all sockets within socket set +pub fn poll( + sockets: &mut SocketSet, + tls_sockets: &mut TlsSocketSet, + iface: &mut EthernetInterface, + now: Instant +) -> Result +where + DeviceT: for<'d> Device<'d> +{ + tls_sockets.polled_by(sockets)?; + iface.poll(sockets, now).map_err(Error::PropagatedError) +} diff --git a/src/main.rs b/src/main.rs index 49ffa89..16a04cd 100644 --- a/src/main.rs +++ b/src/main.rs @@ -81,7 +81,7 @@ fn main() { // tls_socket.tls_connect(&mut sockets).unwrap(); simple_logger::SimpleLogger::new().init().unwrap(); - let (_, certificate) = parse_asn1_der_certificate(&RSA_PSS_SELF_CERT).unwrap(); + // let (_, certificate) = parse_asn1_der_certificate(&RSA_PSS_SELF_CERT).unwrap(); // println!("Certificate print: {:?}", certificate); // let modulus = [ @@ -101,12 +101,10 @@ fn main() { // certificate.validate_signature_with_trusted(&ca_public_key).unwrap(); // println!("Certificate should be trusted"); - certificate.validate_self_signed_signature().unwrap(); - println!("Certificate should be trusted"); + // certificate.validate_self_signed_signature().unwrap(); + // println!("Certificate should be trusted"); /* - - let mut certificate_vec = Vec::new(); let name = parse_asn1_der_name(&SELF_SIGNED_WITH_SAN_ISSUER).unwrap().1; let public_key = certificate.get_cert_public_key().unwrap(); @@ -154,18 +152,18 @@ fn main() { excluded_name ).unwrap(); */ - let google_end_entity_certificate = parse_asn1_der_certificate( - &GOOGLE_END_ENTITY_CERT - ).unwrap().1; + // let google_end_entity_certificate = parse_asn1_der_certificate( + // &GOOGLE_END_ENTITY_CERT + // ).unwrap().1; - let google_root_ca_certificate = parse_asn1_der_certificate( - &GOOGLE_ROOT_CERT - ).unwrap().1; + // let google_root_ca_certificate = parse_asn1_der_certificate( + // &GOOGLE_ROOT_CERT + // ).unwrap().1; - google_end_entity_certificate.validate_signature_with_trusted( - &google_root_ca_certificate.get_cert_public_key().unwrap() - ).unwrap(); - log::info!("End entity certificate verified"); + // google_end_entity_certificate.validate_signature_with_trusted( + // &google_root_ca_certificate.get_cert_public_key().unwrap() + // ).unwrap(); + // log::info!("End entity certificate verified"); // google_root_ca_certificate.validate_self_signed_signature().unwrap(); // log::info!("root certificate verified"); @@ -192,47 +190,73 @@ fn main() { // excluded_name // ).unwrap(); - use rand_core::{RngCore, OsRng}; - use rsa::PublicKey; - use rsa::BigUint; - use smoltcp_tls::fake_rng::FakeRandom; + // use rand_core::{RngCore, OsRng}; + // use rsa::PublicKey; + // use rsa::BigUint; + // use smoltcp_tls::fake_rng::FakeRandom; - let mut prime_vec = std::vec::Vec::new(); - prime_vec.extend_from_slice(&[ - BigUint::from_bytes_be(&CLIENT_PRIME_1), - BigUint::from_bytes_be(&CLIENT_PRIME_2) - ]); - let rsa_client_private_key = rsa::RSAPrivateKey::from_components( - BigUint::from_bytes_be(&CLIENT_PRIVATE_KEY_MOD), - BigUint::from_bytes_be(&CLIENT_PRIVATE_KEY_EXP), - BigUint::from_bytes_be(&CLIENT_PRIVATE_KEY_PMOD), - prime_vec + // let mut prime_vec = std::vec::Vec::new(); + // prime_vec.extend_from_slice(&[ + // BigUint::from_bytes_be(&CLIENT_PRIME_1), + // BigUint::from_bytes_be(&CLIENT_PRIME_2) + // ]); + // let rsa_client_private_key = rsa::RSAPrivateKey::from_components( + // BigUint::from_bytes_be(&CLIENT_PRIVATE_KEY_MOD), + // BigUint::from_bytes_be(&CLIENT_PRIVATE_KEY_EXP), + // BigUint::from_bytes_be(&CLIENT_PRIVATE_KEY_PMOD), + // prime_vec + // ); + // let public_key_from_conversion = rsa_client_private_key.to_public_key(); + // let rsa_client_public_key = + // rsa::RSAPublicKey::from_pkcs1(&CLIENT_PUBLIC_KEY).unwrap(); + + // println!("Public key from conversion: {:?}", public_key_from_conversion); + // println!("Public key from certificate: {:?}", rsa_client_public_key); + // println!("Public key are the same: {:?}", + // public_key_from_conversion == rsa_client_public_key); + + // let checked_hash = sha2::Sha256::new() + // .chain(&[0x20; 64]) + // .chain("TLS 1.3, client CertificateVerify") + // .chain(&[0]) + // .chain(&CLIENT_TRANSCRIPT_HASH) + // .finalize(); + + // let padding = rsa::PaddingScheme::new_pss_with_salt::(OsRng, 32); + // let sign = rsa_client_private_key.sign(padding, &checked_hash).unwrap(); + + // println!("Signature with salt: {:X?}", sign); + + // let padding = rsa::PaddingScheme::new_pss_with_salt::(OsRng, 222); + // rsa_client_public_key.verify(padding, &checked_hash, &sign).unwrap(); + + // println!("Signature verified"); + + use ed25519_dalek::Verifier; + + let ed25519_public_key = ed25519_dalek::PublicKey::from_bytes( + &ED25519_SERVER_PUBLIC_KEY + ).unwrap(); + + let ed25519_signature = ed25519_dalek::Signature::new( + ED25519_SIGNATURE ); - let public_key_from_conversion = rsa_client_private_key.to_public_key(); - let rsa_client_public_key = - rsa::RSAPublicKey::from_pkcs1(&CLIENT_PUBLIC_KEY).unwrap(); - println!("Public key from conversion: {:?}", public_key_from_conversion); - println!("Public key from certificate: {:?}", rsa_client_public_key); - println!("Public key are the same: {:?}", - public_key_from_conversion == rsa_client_public_key); - - let checked_hash = sha2::Sha256::new() + let mut message_vec = std::vec::Vec::new(); + message_vec.extend_from_slice(&[0x20; 64]); + message_vec.extend_from_slice(b"TLS 1.3, server CertificateVerify"); + message_vec.extend_from_slice(&[0]); + message_vec.extend_from_slice(&CLIENT_TRANSCRIPT_HASH); + println!("Length of verify message: {:?}", message_vec.len()); + + let checked_hash = sha2::Sha512::new() .chain(&[0x20; 64]) - .chain("TLS 1.3, client CertificateVerify") + .chain("TLS 1.3, server CertificateVerify") .chain(&[0]) - .chain(&CLIENT_TRANSCRIPT_HASH) - .finalize(); - - let padding = rsa::PaddingScheme::new_pss_with_salt::(OsRng, 32); - let sign = rsa_client_private_key.sign(padding, &checked_hash).unwrap(); + .chain(&CLIENT_TRANSCRIPT_HASH); - println!("Signature with salt: {:X?}", sign); - - let padding = rsa::PaddingScheme::new_pss_with_salt::(OsRng, 222); - rsa_client_public_key.verify(padding, &checked_hash, &sign).unwrap(); - - println!("Signature verified"); + ed25519_public_key.verify(&message_vec, &ed25519_signature).unwrap(); + ed25519_public_key.verify_prehashed(checked_hash, None, &ed25519_signature).unwrap(); } const RSA_PSS_CERT: [u8; 0x3AB] = @@ -249,9 +273,6 @@ const RSA_PKCS_CERT: [u8; 0x03AB] = const ECDSA_P256_CERT: [u8; 0x0219] = hex_literal::hex!("30820215308201bba003020102021441d0428ae91b87ccb66e64cf3bdbd96ef0871630300a06082a8648ce3d0403023060310b30090603550406130255533113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c74643119301706092a864886f70d010901160a68656c6c6f776f726c64301e170d3230313130353033313932325a170d3330313130333033313932325a3060310b30090603550406130255533113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c74643119301706092a864886f70d010901160a68656c6c6f776f726c643059301306072a8648ce3d020106082a8648ce3d03010703420004d22bf2abba402fa10f6d97f941465d5966a965cc8f288bb7920e8c9e8c50607ef3a0a183916913ed9f4dfb42452fe972a2a5ac7a2f4443ef2a0012a481957d10a3533051301d0603551d0e041604147383be1d07af30366a8c3c377d048759f802e885301f0603551d230418301680147383be1d07af30366a8c3c377d048759f802e885300f0603551d130101ff040530030101ff300a06082a8648ce3d0403020348003045022100c048d13d28a811a67262d1593ea0f4af51812751632d391b7d85666fcd5e591702202b1a2db620b764ff61a7be0808069518c75d1bed60c1e9c98debfa98d7a23134"); -const ED25519_CERT: [u8; 0x0187] = - hex_literal::hex!("30820183308201350214644c27b38f4bd515d9c06f72609ed50844499917300506032b65703064310b30090603550406130255533113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c7464311d301b06035504030c146578616d706c65732e756c666865696d2e6e6574301e170d3230313130353035313435365a170d3232313030363035313435365a3064310b30090603550406130255533113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c7464311d301b06035504030c146578616d706c65732e756c666865696d2e6e6574302a300506032b6570032100be9d2a3f45d7bd86a6fba8acf3dc58d1241e4272f100c81779bc43e96b779515300506032b6570034100b7017b76d0f9f6f58f7bb28de5459c127a3a539ed73997dcd42a0e0484d5768d42b5f5b0e275c99b856124b20983b2dca66dec380b15b5425f9ccf87a3dc5700"); - const CA_SIGNED_CERT: [u8; 0x0356] = hex_literal::hex!( "308203523082023a02146048517ee55aabd1e8f2bd7db1d91e679708e644300d06092a864886f70d01010b05003067310b30090603550406130255533113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c74643120301e06035504030c176578616d706c65732e63612e756c666865696d2e6e6574301e170d3230313130363034323035305a170d3230313230363034323035305a3064310b30090603550406130255533113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c7464311d301b06035504030c146578616d706c65732e756c666865696d2e6e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100b2940671bfe7ace7416ba9d34018c229588e9d4eed8bd6623e44ab1239e8f1f0de9050b2f485a98e63f5b483330fb0b5abaeb33d11889033b0b684bf34696d28206bb361782c4b106a8d47874cbbdf971b5ab887bca508bccf250a1a811cee078464638e441941347d4c8885ac9b59d9fc9636276912b04d9e3ab29bd8ad319572ae54f0b6145c4d675a78607dcc4793a4d432f1c2a41ea29dd4f7262b6fe472dfaea51aca992b4624e73fa9901fa364fc5b721052ef3187e659d58d2706770d365380a7ebab6caac5b23271c01531fdf95368ee48af5383035f249be7c18f50ce9e52877558efe4b2e29f61328396e2a3b5e71309ad13d93d6ba3d5c3eb2b650203010001300d06092a864886f70d01010b0500038201010063c9ab0f5d2e164513e8e74b656ae4f48dd004c3ead9f1026b7741cbf02bb0efcf19e0fbf8a788dae059a2393167f016bafc0e3efd5c5b4c43079b6506eb67f17f44f9591503c7d1fdb77bf631894817393ea82610ad5106d23ec6bf1a6d96d749f05c0136cd71256617a51fe862529aee4a37d5f456dc7da8b220ff10ede4e87bc63e4589b3f81133a7f82ab900419e8a2d802d59e99cfbbd268702efd17616168b45b5211da0e644c29dcb92dbbf32b43586bbab05deb0261771605c52836363bd28ff9853d44436349f5ba11f2640bc9c42688e0d5eb6cac9f3f5e5f98652fa4f4ba52604371ec45f09d678e31d463285a4b3734f587f35a339920544f476" @@ -277,28 +298,63 @@ const GOOGLE_END_ENTITY_CERT: [u8; 0x0974] = "3082097030820858a00302010202103c8415c8e1e38e7702000000007fd492300d06092a864886f70d01010b05003042310b3009060355040613025553311e301c060355040a1315476f6f676c65205472757374205365727669636573311330110603550403130a47545320434120314f31301e170d3230313032383136313833365a170d3231303132303136313833365a3066310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731133011060355040a130a476f6f676c65204c4c433115301306035504030c0c2a2e676f6f676c652e636f6d3059301306072a8648ce3d020106082a8648ce3d03010703420004928f17ebaacb747f1c091d80bab6397cefca2ceed75053a05a196074295add702ed9298d45937515d53026c4ae3bdede339607b42b7525ad2713f1eb455208a6a382070730820703300e0603551d0f0101ff04040302078030130603551d25040c300a06082b06010505070301300c0603551d130101ff04023000301d0603551d0e04160414c2f35a502b0f66ccd7cf4ce9f687b6203f0d3b7c301f0603551d2304183016801498d1f86e10ebcf9bec609f18901ba0eb7d09fd2b306806082b06010505070101045c305a302b06082b06010505073001861f687474703a2f2f6f6373702e706b692e676f6f672f677473316f31636f7265302b06082b06010505073002861f687474703a2f2f706b692e676f6f672f677372322f475453314f312e637274308204c20603551d11048204b9308204b5820c2a2e676f6f676c652e636f6d820d2a2e616e64726f69642e636f6d82162a2e617070656e67696e652e676f6f676c652e636f6d82092a2e62646e2e64657682122a2e636c6f75642e676f6f676c652e636f6d82182a2e63726f7764736f757263652e676f6f676c652e636f6d82182a2e64617461636f6d707574652e676f6f676c652e636f6d82062a2e672e636f820e2a2e6763702e677674322e636f6d82112a2e67637063646e2e677674312e636f6d820a2a2e67677068742e636e820e2a2e676b65636e617070732e636e82162a2e676f6f676c652d616e616c79746963732e636f6d820b2a2e676f6f676c652e6361820b2a2e676f6f676c652e636c820e2a2e676f6f676c652e636f2e696e820e2a2e676f6f676c652e636f2e6a70820e2a2e676f6f676c652e636f2e756b820f2a2e676f6f676c652e636f6d2e6172820f2a2e676f6f676c652e636f6d2e6175820f2a2e676f6f676c652e636f6d2e6272820f2a2e676f6f676c652e636f6d2e636f820f2a2e676f6f676c652e636f6d2e6d78820f2a2e676f6f676c652e636f6d2e7472820f2a2e676f6f676c652e636f6d2e766e820b2a2e676f6f676c652e6465820b2a2e676f6f676c652e6573820b2a2e676f6f676c652e6672820b2a2e676f6f676c652e6875820b2a2e676f6f676c652e6974820b2a2e676f6f676c652e6e6c820b2a2e676f6f676c652e706c820b2a2e676f6f676c652e707482122a2e676f6f676c656164617069732e636f6d820f2a2e676f6f676c65617069732e636e82112a2e676f6f676c65636e617070732e636e82142a2e676f6f676c65636f6d6d657263652e636f6d82112a2e676f6f676c65766964656f2e636f6d820c2a2e677374617469632e636e820d2a2e677374617469632e636f6d82122a2e67737461746963636e617070732e636e820a2a2e677674312e636f6d820a2a2e677674322e636f6d82142a2e6d65747269632e677374617469632e636f6d820c2a2e75726368696e2e636f6d82102a2e75726c2e676f6f676c652e636f6d82132a2e776561722e676b65636e617070732e636e82162a2e796f75747562652d6e6f636f6f6b69652e636f6d820d2a2e796f75747562652e636f6d82162a2e796f7574756265656475636174696f6e2e636f6d82112a2e796f75747562656b6964732e636f6d82072a2e79742e6265820b2a2e7974696d672e636f6d821a616e64726f69642e636c69656e74732e676f6f676c652e636f6d820b616e64726f69642e636f6d821b646576656c6f7065722e616e64726f69642e676f6f676c652e636e821c646576656c6f706572732e616e64726f69642e676f6f676c652e636e8204672e636f820867677068742e636e820c676b65636e617070732e636e8206676f6f2e676c8214676f6f676c652d616e616c79746963732e636f6d820a676f6f676c652e636f6d820f676f6f676c65636e617070732e636e8212676f6f676c65636f6d6d657263652e636f6d8218736f757263652e616e64726f69642e676f6f676c652e636e820a75726368696e2e636f6d820a7777772e676f6f2e676c8208796f7574752e6265820b796f75747562652e636f6d8214796f7574756265656475636174696f6e2e636f6d820f796f75747562656b6964732e636f6d820579742e626530210603551d20041a30183008060667810c010202300c060a2b06010401d67902050330330603551d1f042c302a3028a026a0248622687474703a2f2f63726c2e706b692e676f6f672f475453314f31636f72652e63726c30820104060a2b06010401d6790204020481f50481f200f0007700f65c942fd1773022145418083094568ee34d131933bfdf0c2f200bcc4ef164e3000001757037f6230000040300483046022100aac1f73dd8213ad0f7cacfb97830908dd1bf945331fde26b369992cd52731ef1022100bcaa58c50418f910ac3aab1b9f4963c86a8abe79a4ce751ad9489008ae8db433007500eec095ee8d72640f92e3c3b91bc712a3696a097b4b6a1a1438e647b2cbedc5f9000001757037f675000004030046304402203534f394062ad3c22a3ee6b4fc4515824331e758179dbc003d1b30714858e7a802206b2f82038e90b0b1497a50adfa02edabc14c72a68f29ef8beebcdeb3aa79c5f9300d06092a864886f70d01010b05000382010100483bacd4bcba6181eaae86db235942cf84c89dd91ec973525eb46a0582b6fad7ef02124c94521e5d92272a4f87f82a23804adacc08f9da02f7f9b4a25f7d3c819a215b9b8f9308b943b0cd6c9121ecb6f9bd6491c20ec8c149fd171a5c13d17cf6bf1b7cfb2031016637d0daa2ce2f419d498abfdde0eb200c0586068789cbbaea3dd6b9e9e6ba124c6c4e9bf00c5bc79df57f91b849a6a8340883b5d2e1a3b00f86b7c56b34ef740a80ebce142c4973241934a5f257b406e4d2159ae0c27a70a88e8e3036b40611234fa7ece6dff1a5ed0dbc118a361879f0f26b6497cc17b36e2750c92ac0e64db12e5a2ac4142a5ca135ef6ea90f82c20a0eb4b4ed1a31d1" ); -const CLIENT_TRANSCRIPT_HASH: [u8; 32] = [37, 135, 142, 217, 184, 116, 6, 86, 229, 163, 82, 51, 108, 168, 135, 99, 87, 101, 215, 44, 94, 5, 177, 160, 153, 125, 39, 51, 148, 67, 140, 70]; +const CLIENT_TRANSCRIPT_HASH: [u8; 32] = [ + 5, 239, 110, 246, 212, 104, 147, 254, 10, 254, 220, 186, 72, 150, 231, 253, 175, 122, 37, 139, 210, 236, 93, 228, 182, 78, 233, 143, 251, 57, 188, 36 +]; -const CLIENT_PUBLIC_KEY: [u8; 0x010E] = +// const CLIENT_PUBLIC_KEY: [u8; 0x010E] = +// hex_literal::hex!( +// "3082010a0282010100c24c615adad1640c2e39e295c460f2c795370cfb21cca519f9e6baf15645ca0b256ef8f318491baab9dc7196360b393bc35320354887d6cc822cf6e9d2eacc7fecf8d8e73f0f09bf131a5919e9e9c81e2aecf06d55be1720290853d4f1086b3e103d54d2b454d7c32abce433f6115d267bba246f68847463dfd1d6be904eb18d56885565d6fcf8a60386fc73b5450777e00485ae94d22096afc458d7fbd7c469dd861cab7b914715e093c4f1cc399e5a53010c2b65d5cc3d60fccc2cc5d8b3faa5fefaab551f1de1a93a19a15be9adb3a5c96d2e525a9f696174e6e772857e536b462a61c69a87710b74172c4b318f4842e7d27f7b6e0cbf3f983e3564ab80070203010001" +// ); + +// const CLIENT_SIGNATURE: [u8; 256] = +// hex_literal::hex!( +// "954ced7ddc8fdccbaeb83ee9b3a26a01c37cc74bfcb82b3b181c28ae06588f763cfc491b6869b74968fd7ae017360d8eeaa5bfb69d9c0e3524f14790422f7ccbc9a609880800c5076d6383865cd47986eff4d379bf554b86963ce4bc4706262f48932fd5fa16e73149c1c960f19f5e8d1a8dc5898a9e2de5c0d79a8a0017349f379d23683eec83a07f01c3b83cb4d0f66ae0672efc9723bed0296a82046232dc533988a253bd2b109074172735bad06b98c3863033d2d11ea2d0efc7a3db52c94d2e452882e87559a0e9036768dbc380189b89323294a03ef229943be3fa17095c5a220386c695cf279bc88ff1b017897cbcb231658937eef82adb9a17479429" +// ); + +// const CLIENT_PRIVATE_KEY_MOD: &'static [u8] = &[ +// 0x00, 0xc2, 0x4c, 0x61, 0x5a, 0xda, 0xd1, 0x64, 0x0c, 0x2e, 0x39, 0xe2, 0x95, 0xc4, 0x60, 0xf2, 0xc7, 0x95, 0x37, 0x0c, 0xfb, 0x21, 0xcc, 0xa5, 0x19, 0xf9, 0xe6, 0xba, 0xf1, 0x56, 0x45, 0xca, 0x0b, 0x25, 0x6e, 0xf8, 0xf3, 0x18, 0x49, 0x1b, 0xaa, 0xb9, 0xdc, 0x71, 0x96, 0x36, 0x0b, 0x39, 0x3b, 0xc3, 0x53, 0x20, 0x35, 0x48, 0x87, 0xd6, 0xcc, 0x82, 0x2c, 0xf6, 0xe9, 0xd2, 0xea, 0xcc, 0x7f, 0xec, 0xf8, 0xd8, 0xe7, 0x3f, 0x0f, 0x09, 0xbf, 0x13, 0x1a, 0x59, 0x19, 0xe9, 0xe9, 0xc8, 0x1e, 0x2a, 0xec, 0xf0, 0x6d, 0x55, 0xbe, 0x17, 0x20, 0x29, 0x08, 0x53, 0xd4, 0xf1, 0x08, 0x6b, 0x3e, 0x10, 0x3d, 0x54, 0xd2, 0xb4, 0x54, 0xd7, 0xc3, 0x2a, 0xbc, 0xe4, 0x33, 0xf6, 0x11, 0x5d, 0x26, 0x7b, 0xba, 0x24, 0x6f, 0x68, 0x84, 0x74, 0x63, 0xdf, 0xd1, 0xd6, 0xbe, 0x90, 0x4e, 0xb1, 0x8d, 0x56, 0x88, 0x55, 0x65, 0xd6, 0xfc, 0xf8, 0xa6, 0x03, 0x86, 0xfc, 0x73, 0xb5, 0x45, 0x07, 0x77, 0xe0, 0x04, 0x85, 0xae, 0x94, 0xd2, 0x20, 0x96, 0xaf, 0xc4, 0x58, 0xd7, 0xfb, 0xd7, 0xc4, 0x69, 0xdd, 0x86, 0x1c, 0xab, 0x7b, 0x91, 0x47, 0x15, 0xe0, 0x93, 0xc4, 0xf1, 0xcc, 0x39, 0x9e, 0x5a, 0x53, 0x01, 0x0c, 0x2b, 0x65, 0xd5, 0xcc, 0x3d, 0x60, 0xfc, 0xcc, 0x2c, 0xc5, 0xd8, 0xb3, 0xfa, 0xa5, 0xfe, 0xfa, 0xab, 0x55, 0x1f, 0x1d, 0xe1, 0xa9, 0x3a, 0x19, 0xa1, 0x5b, 0xe9, 0xad, 0xb3, 0xa5, 0xc9, 0x6d, 0x2e, 0x52, 0x5a, 0x9f, 0x69, 0x61, 0x74, 0xe6, 0xe7, 0x72, 0x85, 0x7e, 0x53, 0x6b, 0x46, 0x2a, 0x61, 0xc6, 0x9a, 0x87, 0x71, 0x0b, 0x74, 0x17, 0x2c, 0x4b, 0x31, 0x8f, 0x48, 0x42, 0xe7, 0xd2, 0x7f, 0x7b, 0x6e, 0x0c, 0xbf, 0x3f, 0x98, 0x3e, 0x35, 0x64, 0xab, 0x80, 0x07 +// ]; +// const CLIENT_PRIVATE_KEY_EXP: &'static [u8] = &[0x01, 0x00, 0x01]; +// const CLIENT_PRIVATE_KEY_PMOD: &'static [u8] = &[ +// 0x61, 0x95, 0x60, 0xf3, 0xf3, 0xa0, 0x64, 0xa2, 0x25, 0x79, 0x57, 0x0e, 0xa7, 0x21, 0x95, 0xed, 0x9d, 0x48, 0x97, 0xd1, 0x6d, 0x49, 0x4d, 0xc6, 0x7d, 0x17, 0x5f, 0xde, 0xa3, 0xd8, 0xcb, 0x3f, 0xcb, 0xde, 0x2f, 0x54, 0x50, 0x67, 0x2f, 0x69, 0x10, 0x8d, 0xe1, 0xd2, 0x72, 0x74, 0x32, 0x9b, 0x8c, 0x5f, 0x2c, 0x76, 0xf6, 0x65, 0x9b, 0x00, 0xfd, 0x84, 0x3d, 0xc2, 0x73, 0xf7, 0x0f, 0x1c, 0x54, 0xd5, 0x2a, 0x83, 0x01, 0xcd, 0xb8, 0xb4, 0x69, 0x90, 0xbb, 0x1d, 0x63, 0xb8, 0xd1, 0x94, 0x2d, 0x34, 0xf1, 0x0f, 0xc8, 0x97, 0x7f, 0x1f, 0xdc, 0xdb, 0xdc, 0xd6, 0xbe, 0xf3, 0xde, 0x80, 0xbe, 0x41, 0x3f, 0x5f, 0xcf, 0xc8, 0x28, 0xd1, 0x51, 0x9e, 0xaa, 0xf2, 0x59, 0xec, 0xa0, 0x9f, 0x1a, 0x57, 0x03, 0xc3, 0x9c, 0x77, 0xa1, 0xc9, 0x23, 0x79, 0x4d, 0x64, 0x4a, 0x2f, 0xeb, 0xc5, 0xd3, 0x38, 0x2c, 0x6d, 0xf6, 0xa6, 0xa9, 0xe7, 0x0a, 0x79, 0x05, 0xfa, 0x2a, 0x85, 0xc5, 0x9d, 0xf4, 0x91, 0xef, 0x34, 0xad, 0xb5, 0x64, 0xc5, 0x75, 0x8a, 0x36, 0x8f, 0x95, 0x25, 0xe9, 0x71, 0x0d, 0xa8, 0xe1, 0xea, 0xc3, 0xb4, 0xaa, 0xe7, 0x54, 0x54, 0xef, 0x72, 0x12, 0xa5, 0x14, 0x27, 0xec, 0x70, 0x12, 0x14, 0xdf, 0x65, 0xb3, 0xf5, 0xbc, 0x91, 0xe1, 0x36, 0x31, 0x1a, 0xdf, 0x7d, 0x58, 0x05, 0xb6, 0xe3, 0x48, 0xf2, 0x42, 0x89, 0x25, 0x29, 0x42, 0x0b, 0x5d, 0x8d, 0x0b, 0x76, 0x28, 0x0f, 0xaf, 0x56, 0x22, 0x94, 0x12, 0x8f, 0x76, 0x91, 0x49, 0xa6, 0xa4, 0xe3, 0x54, 0x17, 0x9e, 0xeb, 0xa6, 0x1b, 0xe5, 0x97, 0xde, 0x4e, 0x29, 0x8d, 0x7d, 0x5c, 0x18, 0x34, 0x29, 0x21, 0xd2, 0x7d, 0x14, 0x0b, 0xa1, 0x49, 0xb5, 0xe0, 0xc6, 0x30, 0x31, 0x80, 0xdc, 0x6a, 0x59, 0xb9 +// ]; +// const CLIENT_PRIME_1: &'static [u8] = &[ +// 0x00, 0xec, 0xe1, 0x6f, 0x5d, 0x7a, 0xed, 0x7b, 0x1a, 0xac, 0xce, 0x02, 0x91, 0xb4, 0x07, 0xcf, 0xc4, 0x2b, 0xcf, 0x2a, 0x37, 0x59, 0x43, 0x46, 0x1a, 0x55, 0xc2, 0x13, 0x89, 0x3c, 0xd5, 0xd6, 0xef, 0xed, 0x12, 0x9f, 0xc3, 0x36, 0x95, 0xd2, 0x6e, 0xf7, 0xca, 0x62, 0x9c, 0x71, 0x3d, 0x78, 0x3a, 0x4c, 0xe2, 0x5d, 0x07, 0x6e, 0x67, 0x53, 0xc3, 0xe7, 0x02, 0x58, 0x34, 0x25, 0xab, 0x67, 0xd4, 0x35, 0x92, 0x26, 0x4a, 0x3f, 0x1b, 0xc4, 0x43, 0xcd, 0x71, 0x3a, 0x8f, 0x9a, 0x2e, 0x44, 0xf6, 0x5a, 0x40, 0xf8, 0x32, 0x11, 0x39, 0xd4, 0x31, 0x35, 0xa1, 0xd7, 0x2d, 0x5d, 0xa5, 0xed, 0x24, 0x53, 0x32, 0xce, 0xb6, 0xb6, 0x12, 0xc6, 0xeb, 0xfd, 0x5b, 0x86, 0x21, 0xf7, 0xaf, 0x2e, 0x29, 0xb0, 0xed, 0x4d, 0x71, 0x3e, 0x82, 0x28, 0x74, 0xd5, 0x64, 0x59, 0xba, 0xa6, 0x59, 0xd7, 0x9b +// ]; +// const CLIENT_PRIME_2: &'static [u8] = &[ +// 0x00, 0xd1, 0xfb, 0x16, 0x0c, 0xf0, 0xa3, 0x9a, 0x56, 0xdc, 0x3d, 0x82, 0xc6, 0x69, 0xed, 0x1d, 0x6a, 0x6f, 0xf9, 0xf0, 0x27, 0x3f, 0x96, 0x15, 0x39, 0x30, 0x84, 0x93, 0x75, 0x67, 0x31, 0xc9, 0x55, 0x84, 0x14, 0x13, 0x54, 0x39, 0xc1, 0x7c, 0x02, 0x77, 0x2b, 0x56, 0x49, 0x2c, 0xca, 0xe5, 0x16, 0xb5, 0xa1, 0x22, 0x49, 0xd6, 0xfa, 0x96, 0xd7, 0xb8, 0xaf, 0x34, 0xd3, 0x00, 0xc0, 0x42, 0x2f, 0x73, 0x0d, 0xb1, 0xd0, 0xc8, 0x11, 0xc6, 0x16, 0x79, 0xde, 0x83, 0xcd, 0x53, 0x21, 0x9b, 0x58, 0xc5, 0xee, 0x35, 0x55, 0xb6, 0x8f, 0x83, 0xc9, 0x23, 0x15, 0x98, 0xe0, 0xb5, 0x6f, 0x3a, 0x3d, 0x0c, 0x06, 0xa8, 0x32, 0x16, 0x0f, 0xde, 0x66, 0xad, 0x44, 0x76, 0xcd, 0x4a, 0x7a, 0x3d, 0xcb, 0x2c, 0x83, 0x3e, 0xf7, 0x50, 0x94, 0xa2, 0x2b, 0x61, 0xb5, 0xb6, 0x02, 0x01, 0x24, 0x7e, 0x05 +// ]; + +const ECDSA_SECRET_KEY: &'static [u8] = &[ + 0xea, 0x5e, 0x74, 0xf3, 0xc3, 0x67, 0x11, 0x10, 0x00, 0x20, 0x3d, 0xc8, 0x92, 0xcd, 0x7a, 0x8a, 0x08, 0x44, 0x70, 0x9d, 0x1c, 0x3c, 0xab, 0xf0, 0x93, 0x3c, 0x3e, 0x86, 0xf0, 0x0e, 0x7d, 0xcd +]; + +const ECDSA_CERT: [u8; 0x222] = hex_literal::hex!( - "3082010a0282010100c24c615adad1640c2e39e295c460f2c795370cfb21cca519f9e6baf15645ca0b256ef8f318491baab9dc7196360b393bc35320354887d6cc822cf6e9d2eacc7fecf8d8e73f0f09bf131a5919e9e9c81e2aecf06d55be1720290853d4f1086b3e103d54d2b454d7c32abce433f6115d267bba246f68847463dfd1d6be904eb18d56885565d6fcf8a60386fc73b5450777e00485ae94d22096afc458d7fbd7c469dd861cab7b914715e093c4f1cc399e5a53010c2b65d5cc3d60fccc2cc5d8b3faa5fefaab551f1de1a93a19a15be9adb3a5c96d2e525a9f696174e6e772857e536b462a61c69a87710b74172c4b318f4842e7d27f7b6e0cbf3f983e3564ab80070203010001" + "3082021e308201c3a00302010202146b18959728cd6e0ea7e3c88fa3c29e2d4cf99c53300a06082a8648ce3d0403023064310b3009060355040613025345310b300906035504080c025256310b300906035504070c024552310b3009060355040a0c024345310b3009060355040b0c025254310b300906035504030c0249463114301206092a864886f70d01090116056963616e74301e170d3230313132303032333731365a170d3231313132303032333731365a3064310b3009060355040613025345310b300906035504080c025256310b300906035504070c024552310b3009060355040a0c024345310b3009060355040b0c025254310b300906035504030c0249463114301206092a864886f70d01090116056963616e743059301306072a8648ce3d020106082a8648ce3d03010703420004742011a6c8a16fe55fa1cad99cf72aed1e18929600d53dd76fd2a0d6a998f1095db1e3acde327d1263d7c43e2be4c836d142c81d8db3126a66c27356a5a0ab40a3533051301d0603551d0e04160414a8fc25f0f59cdf827a1b0cade3dd5b17f109d115301f0603551d23041830168014a8fc25f0f59cdf827a1b0cade3dd5b17f109d115300f0603551d130101ff040530030101ff300a06082a8648ce3d0403020349003046022100a6f72139e2340f026b1bb22a0c9711bcd1dd39cc3e863fb866c6464a5a62eddd022100a19cb4884563818501574bf637e682b7c971d717fa6b00bcb75b9f05eb44e805" ); -const CLIENT_SIGNATURE: [u8; 256] = +const ED25519_SECRET_KEY: [u8; 32] = hex_literal::hex!( - "954ced7ddc8fdccbaeb83ee9b3a26a01c37cc74bfcb82b3b181c28ae06588f763cfc491b6869b74968fd7ae017360d8eeaa5bfb69d9c0e3524f14790422f7ccbc9a609880800c5076d6383865cd47986eff4d379bf554b86963ce4bc4706262f48932fd5fa16e73149c1c960f19f5e8d1a8dc5898a9e2de5c0d79a8a0017349f379d23683eec83a07f01c3b83cb4d0f66ae0672efc9723bed0296a82046232dc533988a253bd2b109074172735bad06b98c3863033d2d11ea2d0efc7a3db52c94d2e452882e87559a0e9036768dbc380189b89323294a03ef229943be3fa17095c5a220386c695cf279bc88ff1b017897cbcb231658937eef82adb9a17479429" + "352e033b544cd58930fd154e1e8cf8711ed18a4f637afabe05521f474f7ffa21" ); -const CLIENT_PRIVATE_KEY_MOD: &'static [u8] = &[ - 0x00, 0xc2, 0x4c, 0x61, 0x5a, 0xda, 0xd1, 0x64, 0x0c, 0x2e, 0x39, 0xe2, 0x95, 0xc4, 0x60, 0xf2, 0xc7, 0x95, 0x37, 0x0c, 0xfb, 0x21, 0xcc, 0xa5, 0x19, 0xf9, 0xe6, 0xba, 0xf1, 0x56, 0x45, 0xca, 0x0b, 0x25, 0x6e, 0xf8, 0xf3, 0x18, 0x49, 0x1b, 0xaa, 0xb9, 0xdc, 0x71, 0x96, 0x36, 0x0b, 0x39, 0x3b, 0xc3, 0x53, 0x20, 0x35, 0x48, 0x87, 0xd6, 0xcc, 0x82, 0x2c, 0xf6, 0xe9, 0xd2, 0xea, 0xcc, 0x7f, 0xec, 0xf8, 0xd8, 0xe7, 0x3f, 0x0f, 0x09, 0xbf, 0x13, 0x1a, 0x59, 0x19, 0xe9, 0xe9, 0xc8, 0x1e, 0x2a, 0xec, 0xf0, 0x6d, 0x55, 0xbe, 0x17, 0x20, 0x29, 0x08, 0x53, 0xd4, 0xf1, 0x08, 0x6b, 0x3e, 0x10, 0x3d, 0x54, 0xd2, 0xb4, 0x54, 0xd7, 0xc3, 0x2a, 0xbc, 0xe4, 0x33, 0xf6, 0x11, 0x5d, 0x26, 0x7b, 0xba, 0x24, 0x6f, 0x68, 0x84, 0x74, 0x63, 0xdf, 0xd1, 0xd6, 0xbe, 0x90, 0x4e, 0xb1, 0x8d, 0x56, 0x88, 0x55, 0x65, 0xd6, 0xfc, 0xf8, 0xa6, 0x03, 0x86, 0xfc, 0x73, 0xb5, 0x45, 0x07, 0x77, 0xe0, 0x04, 0x85, 0xae, 0x94, 0xd2, 0x20, 0x96, 0xaf, 0xc4, 0x58, 0xd7, 0xfb, 0xd7, 0xc4, 0x69, 0xdd, 0x86, 0x1c, 0xab, 0x7b, 0x91, 0x47, 0x15, 0xe0, 0x93, 0xc4, 0xf1, 0xcc, 0x39, 0x9e, 0x5a, 0x53, 0x01, 0x0c, 0x2b, 0x65, 0xd5, 0xcc, 0x3d, 0x60, 0xfc, 0xcc, 0x2c, 0xc5, 0xd8, 0xb3, 0xfa, 0xa5, 0xfe, 0xfa, 0xab, 0x55, 0x1f, 0x1d, 0xe1, 0xa9, 0x3a, 0x19, 0xa1, 0x5b, 0xe9, 0xad, 0xb3, 0xa5, 0xc9, 0x6d, 0x2e, 0x52, 0x5a, 0x9f, 0x69, 0x61, 0x74, 0xe6, 0xe7, 0x72, 0x85, 0x7e, 0x53, 0x6b, 0x46, 0x2a, 0x61, 0xc6, 0x9a, 0x87, 0x71, 0x0b, 0x74, 0x17, 0x2c, 0x4b, 0x31, 0x8f, 0x48, 0x42, 0xe7, 0xd2, 0x7f, 0x7b, 0x6e, 0x0c, 0xbf, 0x3f, 0x98, 0x3e, 0x35, 0x64, 0xab, 0x80, 0x07 -]; -const CLIENT_PRIVATE_KEY_EXP: &'static [u8] = &[0x01, 0x00, 0x01]; -const CLIENT_PRIVATE_KEY_PMOD: &'static [u8] = &[ - 0x61, 0x95, 0x60, 0xf3, 0xf3, 0xa0, 0x64, 0xa2, 0x25, 0x79, 0x57, 0x0e, 0xa7, 0x21, 0x95, 0xed, 0x9d, 0x48, 0x97, 0xd1, 0x6d, 0x49, 0x4d, 0xc6, 0x7d, 0x17, 0x5f, 0xde, 0xa3, 0xd8, 0xcb, 0x3f, 0xcb, 0xde, 0x2f, 0x54, 0x50, 0x67, 0x2f, 0x69, 0x10, 0x8d, 0xe1, 0xd2, 0x72, 0x74, 0x32, 0x9b, 0x8c, 0x5f, 0x2c, 0x76, 0xf6, 0x65, 0x9b, 0x00, 0xfd, 0x84, 0x3d, 0xc2, 0x73, 0xf7, 0x0f, 0x1c, 0x54, 0xd5, 0x2a, 0x83, 0x01, 0xcd, 0xb8, 0xb4, 0x69, 0x90, 0xbb, 0x1d, 0x63, 0xb8, 0xd1, 0x94, 0x2d, 0x34, 0xf1, 0x0f, 0xc8, 0x97, 0x7f, 0x1f, 0xdc, 0xdb, 0xdc, 0xd6, 0xbe, 0xf3, 0xde, 0x80, 0xbe, 0x41, 0x3f, 0x5f, 0xcf, 0xc8, 0x28, 0xd1, 0x51, 0x9e, 0xaa, 0xf2, 0x59, 0xec, 0xa0, 0x9f, 0x1a, 0x57, 0x03, 0xc3, 0x9c, 0x77, 0xa1, 0xc9, 0x23, 0x79, 0x4d, 0x64, 0x4a, 0x2f, 0xeb, 0xc5, 0xd3, 0x38, 0x2c, 0x6d, 0xf6, 0xa6, 0xa9, 0xe7, 0x0a, 0x79, 0x05, 0xfa, 0x2a, 0x85, 0xc5, 0x9d, 0xf4, 0x91, 0xef, 0x34, 0xad, 0xb5, 0x64, 0xc5, 0x75, 0x8a, 0x36, 0x8f, 0x95, 0x25, 0xe9, 0x71, 0x0d, 0xa8, 0xe1, 0xea, 0xc3, 0xb4, 0xaa, 0xe7, 0x54, 0x54, 0xef, 0x72, 0x12, 0xa5, 0x14, 0x27, 0xec, 0x70, 0x12, 0x14, 0xdf, 0x65, 0xb3, 0xf5, 0xbc, 0x91, 0xe1, 0x36, 0x31, 0x1a, 0xdf, 0x7d, 0x58, 0x05, 0xb6, 0xe3, 0x48, 0xf2, 0x42, 0x89, 0x25, 0x29, 0x42, 0x0b, 0x5d, 0x8d, 0x0b, 0x76, 0x28, 0x0f, 0xaf, 0x56, 0x22, 0x94, 0x12, 0x8f, 0x76, 0x91, 0x49, 0xa6, 0xa4, 0xe3, 0x54, 0x17, 0x9e, 0xeb, 0xa6, 0x1b, 0xe5, 0x97, 0xde, 0x4e, 0x29, 0x8d, 0x7d, 0x5c, 0x18, 0x34, 0x29, 0x21, 0xd2, 0x7d, 0x14, 0x0b, 0xa1, 0x49, 0xb5, 0xe0, 0xc6, 0x30, 0x31, 0x80, 0xdc, 0x6a, 0x59, 0xb9 -]; -const CLIENT_PRIME_1: &'static [u8] = &[ - 0x00, 0xec, 0xe1, 0x6f, 0x5d, 0x7a, 0xed, 0x7b, 0x1a, 0xac, 0xce, 0x02, 0x91, 0xb4, 0x07, 0xcf, 0xc4, 0x2b, 0xcf, 0x2a, 0x37, 0x59, 0x43, 0x46, 0x1a, 0x55, 0xc2, 0x13, 0x89, 0x3c, 0xd5, 0xd6, 0xef, 0xed, 0x12, 0x9f, 0xc3, 0x36, 0x95, 0xd2, 0x6e, 0xf7, 0xca, 0x62, 0x9c, 0x71, 0x3d, 0x78, 0x3a, 0x4c, 0xe2, 0x5d, 0x07, 0x6e, 0x67, 0x53, 0xc3, 0xe7, 0x02, 0x58, 0x34, 0x25, 0xab, 0x67, 0xd4, 0x35, 0x92, 0x26, 0x4a, 0x3f, 0x1b, 0xc4, 0x43, 0xcd, 0x71, 0x3a, 0x8f, 0x9a, 0x2e, 0x44, 0xf6, 0x5a, 0x40, 0xf8, 0x32, 0x11, 0x39, 0xd4, 0x31, 0x35, 0xa1, 0xd7, 0x2d, 0x5d, 0xa5, 0xed, 0x24, 0x53, 0x32, 0xce, 0xb6, 0xb6, 0x12, 0xc6, 0xeb, 0xfd, 0x5b, 0x86, 0x21, 0xf7, 0xaf, 0x2e, 0x29, 0xb0, 0xed, 0x4d, 0x71, 0x3e, 0x82, 0x28, 0x74, 0xd5, 0x64, 0x59, 0xba, 0xa6, 0x59, 0xd7, 0x9b -]; -const CLIENT_PRIME_2: &'static [u8] = &[ - 0x00, 0xd1, 0xfb, 0x16, 0x0c, 0xf0, 0xa3, 0x9a, 0x56, 0xdc, 0x3d, 0x82, 0xc6, 0x69, 0xed, 0x1d, 0x6a, 0x6f, 0xf9, 0xf0, 0x27, 0x3f, 0x96, 0x15, 0x39, 0x30, 0x84, 0x93, 0x75, 0x67, 0x31, 0xc9, 0x55, 0x84, 0x14, 0x13, 0x54, 0x39, 0xc1, 0x7c, 0x02, 0x77, 0x2b, 0x56, 0x49, 0x2c, 0xca, 0xe5, 0x16, 0xb5, 0xa1, 0x22, 0x49, 0xd6, 0xfa, 0x96, 0xd7, 0xb8, 0xaf, 0x34, 0xd3, 0x00, 0xc0, 0x42, 0x2f, 0x73, 0x0d, 0xb1, 0xd0, 0xc8, 0x11, 0xc6, 0x16, 0x79, 0xde, 0x83, 0xcd, 0x53, 0x21, 0x9b, 0x58, 0xc5, 0xee, 0x35, 0x55, 0xb6, 0x8f, 0x83, 0xc9, 0x23, 0x15, 0x98, 0xe0, 0xb5, 0x6f, 0x3a, 0x3d, 0x0c, 0x06, 0xa8, 0x32, 0x16, 0x0f, 0xde, 0x66, 0xad, 0x44, 0x76, 0xcd, 0x4a, 0x7a, 0x3d, 0xcb, 0x2c, 0x83, 0x3e, 0xf7, 0x50, 0x94, 0xa2, 0x2b, 0x61, 0xb5, 0xb6, 0x02, 0x01, 0x24, 0x7e, 0x05 +const ED25519_CERT: [u8; 0x01c7] = [ + 0x30, 0x82, 0x01, 0xc3, 0x30, 0x82, 0x01, 0x75, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x7d, 0x0d, 0x16, 0xcc, 0x44, 0x3e, 0xd7, 0x1d, 0x67, 0xc6, 0xa3, 0x42, 0x38, 0xd8, 0x38, 0xcd, 0x34, 0xe9, 0x96, 0x28, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x30, 0x57, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x02, 0x49, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x02, 0x4e, 0x54, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x02, 0x43, 0x45, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x04, 0x52, 0x54, 0x49, 0x46, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09, 0x69, 0x63, 0x61, 0x74, 0x65, 0x2e, 0x6e, 0x65, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x30, 0x31, 0x31, 0x32, 0x30, 0x30, 0x34, 0x32, 0x33, 0x34, 0x34, 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x31, 0x31, 0x32, 0x30, 0x30, 0x34, 0x32, 0x33, 0x34, 0x34, 0x5a, 0x30, 0x57, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x02, 0x49, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x02, 0x4e, 0x54, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x02, 0x43, 0x45, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x04, 0x52, 0x54, 0x49, 0x46, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09, 0x69, 0x63, 0x61, 0x74, 0x65, 0x2e, 0x6e, 0x65, 0x74, 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00, 0xdc, 0x3a, 0xe2, 0xdd, 0xf4, 0x06, 0x5e, 0x99, 0x3f, 0x18, 0x4c, 0x35, 0x68, 0x7e, 0xf6, 0x21, 0x3b, 0x20, 0xe4, 0x7e, 0x7f, 0x55, 0x56, 0x2c, 0xa5, 0xcb, 0xfe, 0x2b, 0x33, 0x0a, 0x28, 0xc5, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x63, 0xc3, 0xa0, 0xaf, 0xc6, 0xb6, 0xe4, 0xb3, 0x17, 0x01, 0x65, 0x96, 0x80, 0xfd, 0xf8, 0x24, 0x72, 0xbc, 0xf6, 0x48, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x63, 0xc3, 0xa0, 0xaf, 0xc6, 0xb6, 0xe4, 0xb3, 0x17, 0x01, 0x65, 0x96, 0x80, 0xfd, 0xf8, 0x24, 0x72, 0xbc, 0xf6, 0x48, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x41, 0x00, 0xd8, 0x4f, 0x75, 0x3e, 0x8a, 0x67, 0xec, 0x27, 0x0f, 0xa1, 0xb6, 0xb8, 0x7a, 0x01, 0x69, 0x6b, 0xa8, 0x5f, 0xad, 0xaa, 0x50, 0xc4, 0x6c, 0x7f, 0xe4, 0x7c, 0x1b, 0x61, 0x15, 0xd7, 0xa5, 0xf9, 0x63, 0xf5, 0xc5, 0x2f, 0xb1, 0xa7, 0x96, 0x9a, 0x0d, 0x21, 0x02, 0x50, 0x4f, 0xc6, 0x65, 0xe5, 0x83, 0x4b, 0x49, 0x9c, 0x3f, 0x3a, 0xc2, 0xbd, 0x85, 0xe0, 0x57, 0x44, 0x47, 0x44, 0xe4, 0x0d ]; + +const ED25519_SERVER_CERT: [u8; 0x1eb] = + hex_literal::hex!( + "308201e730820199a0030201020214177072ca219b9b453f4cd2095142ef88569022ac300506032b65703069310b3009060355040613025345310b300906035504080c025256310b300906035504070c024552310d300b060355040a0c04434552543110300e060355040b0c0749464943415445311f301d06035504030c1678656432353531392e746573742e636572742e70656d301e170d3230313132303034333330385a170d3231313132303034333330385a3069310b3009060355040613025345310b300906035504080c025256310b300906035504070c024552310d300b060355040a0c04434552543110300e060355040b0c0749464943415445311f301d06035504030c1678656432353531392e746573742e636572742e70656d302a300506032b65700321005cc3542eceecf9379348f5c4e18aa29b6e92547b0e35730857c1ce8508a043e0a3533051301d0603551d0e04160414c8bbbe74e4e3a76d757f31696518ced30cabc474301f0603551d23041830168014c8bbbe74e4e3a76d757f31696518ced30cabc474300f0603551d130101ff040530030101ff300506032b6570034100312c6935aab53c87cef4505a2051c5b86d6e11539fffc51d2e9c7807db626186f22f13eca0a5cf7f3e41e40e07b14a11ed39ba04af80adcaf69a7444ae8f1304" + ); + +const ED25519_SERVER_PUBLIC_KEY: [u8; 32] = + hex_literal::hex!( + "5cc3542eceecf9379348f5c4e18aa29b6e92547b0e35730857c1ce8508a043e0" + ); + +const ED25519_SIGNATURE: [u8; 64] = + hex_literal::hex!( + "e9988fcc188fbe85a66929634badb47c5b765c3c6087a7e44b41efda1fdcd0baf67ded6159a5af6d396ca59439de8907160fc729a42ed50e69a3f54abe6dad0c" + ); diff --git a/src/parse.rs b/src/parse.rs index ec144f8..0522809 100644 --- a/src/parse.rs +++ b/src/parse.rs @@ -7,10 +7,8 @@ use nom::combinator::opt; use nom::sequence::preceded; use nom::sequence::tuple; use nom::error::ErrorKind; -use nom::character::complete::digit0; -use nom::character::is_digit; -use chrono::{DateTime, FixedOffset, TimeZone}; +use chrono::{DateTime, FixedOffset}; use heapless::{String, consts::*}; use byteorder::{ByteOrder, NetworkEndian}; @@ -21,7 +19,6 @@ use crate::certificate::{ Certificate as Asn1DerCertificate, Version as Asn1DerVersion, AlgorithmIdentifier as Asn1DerAlgId, - Time as Asn1DerTime, Validity as Asn1DerValidity, SubjectPublicKeyInfo as Asn1DerSubjectPublicKeyInfo, Extensions as Asn1DerExtensions, @@ -71,7 +68,7 @@ pub(crate) fn parse_tls_repr(bytes: &[u8]) -> IResult<&[u8], (&[u8], TlsRepr)> { use crate::tls_packet::TlsContentType::*; match repr.content_type { Handshake => { - let (rest, handshake) = complete( + let (_, handshake) = complete( parse_handshake )(bytes)?; repr.handshake = Some(handshake); diff --git a/src/session.rs b/src/session.rs index bd2fbc4..68b6eb6 100644 --- a/src/session.rs +++ b/src/session.rs @@ -512,7 +512,7 @@ impl<'a> Session<'a> { // Determine the supplied client certificate indeed has an // acceptable signature algorithm let mut private_key_algorithm_acceptable = false; - if let Some((private_key, cert)) = &self.cert_private_key { + if let Some((private_key, _cert)) = &self.cert_private_key { if let CertificatePrivateKey::RSA {..} = private_key { for sig_alg in signature_algorithms.iter() { use crate::tls_packet::SignatureScheme::*; @@ -1412,6 +1412,7 @@ impl<'a> Session<'a> { self.server_application_nonce.as_ref().unwrap(), self.server_application_cipher.as_ref().unwrap() )}, + TlsRole::Unknown => unreachable!() }; // Calculate XOR'ed nonce @@ -1443,6 +1444,7 @@ impl<'a> Session<'a> { self.server_handshake_nonce.as_ref().unwrap(), self.server_handshake_cipher.as_ref().unwrap() )}, + TlsRole::Unknown => unreachable!() }; // Calculate XOR'ed nonce @@ -1474,6 +1476,7 @@ impl<'a> Session<'a> { self.server_handshake_nonce.as_ref().unwrap(), self.server_handshake_cipher.as_ref().unwrap() )}, + TlsRole::Unknown => unreachable!() }; // Calculate XOR'ed nonce @@ -1508,6 +1511,7 @@ impl<'a> Session<'a> { self.client_application_nonce.as_ref().unwrap(), self.client_application_cipher.as_ref().unwrap() )}, + TlsRole::Unknown => unreachable!() }; // Calculate XOR'ed nonce @@ -1545,6 +1549,7 @@ impl<'a> Session<'a> { self.server_handshake_nonce.as_ref().unwrap(), self.server_handshake_cipher.as_ref().unwrap() )}, + TlsRole::Unknown => unreachable!() }; // Calculate XOR'ed nonce @@ -1579,6 +1584,7 @@ impl<'a> Session<'a> { self.server_handshake_nonce.as_ref().unwrap(), self.server_handshake_cipher.as_ref().unwrap() )}, + TlsRole::Unknown => unreachable!() }; // Calculate XOR'ed nonce @@ -1606,12 +1612,21 @@ impl<'a> Session<'a> { pub(crate) fn increment_server_sequence_number(&mut self) { self.server_sequence_number += 1; } + + pub(crate) fn get_session_role(&self) -> TlsRole { + self.role + } + + pub(crate) fn becomes_client(&mut self) { + self.role = TlsRole::Client; + } } #[derive(Debug, PartialEq, Eq, Clone, Copy)] pub(crate) enum TlsRole { Client, Server, + Unknown, } #[derive(Debug, Clone)] @@ -1814,6 +1829,7 @@ impl Cipher { } } +#[allow(non_camel_case_types)] #[derive(Debug, Clone)] pub enum CertificatePublicKey { RSA { @@ -1853,6 +1869,7 @@ impl CertificatePublicKey { } } +#[allow(non_camel_case_types)] pub enum CertificatePrivateKey { RSA { cert_rsa_private_key: rsa::RSAPrivateKey diff --git a/src/set.rs b/src/set.rs new file mode 100644 index 0000000..79a1d81 --- /dev/null +++ b/src/set.rs @@ -0,0 +1,82 @@ +use smoltcp as net; + +use managed::ManagedSlice; +use crate::tls::TlsSocket; +use net::socket::SocketSetItem; +use net::socket::SocketSet; +use net::socket::SocketHandle; +use net::socket::Socket; +use net::socket::TcpSocket; +use net::socket::AnySocket; +use net::socket::SocketRef; +use net::iface::EthernetInterface; +use net::time::Instant; +use net::phy::Device; + +use core::convert::From; +use core::cell::RefCell; + +use alloc::vec::Vec; + +pub struct TlsSocketSet<'a> { + tls_sockets: ManagedSlice<'a, Option>> +} + +#[derive(Clone, Copy, Debug)] +pub struct TlsSocketHandle(usize); + +impl<'a> TlsSocketSet<'a> { + pub fn new(tls_sockets: T) -> Self + where + T: Into>>> + { + Self { + tls_sockets: tls_sockets.into() + } + } + + pub fn add(&mut self, socket: TlsSocket<'a>) -> TlsSocketHandle + { + for (index, slot) in self.tls_sockets.iter_mut().enumerate() { + if slot.is_none() { + *slot = Some(socket); + return TlsSocketHandle(index); + } + } + + match self.tls_sockets { + ManagedSlice::Borrowed(_) => { + panic!("adding a socket to a full array") + } + + ManagedSlice::Owned(ref mut sockets) => { + sockets.push(Some(socket)); + let index = sockets.len() - 1; + return TlsSocketHandle(index); + } + } + } + + pub fn get(&mut self, handle: TlsSocketHandle) -> &mut TlsSocket<'a> { + self.tls_sockets[handle.0].as_mut().unwrap() + } + + pub(crate) fn polled_by( + &mut self, + sockets: &mut SocketSet + ) -> smoltcp::Result + { + for socket in self.tls_sockets.iter_mut() { + if socket.is_some() { + log::info!("Found TLS"); + socket.as_mut() + .unwrap() + .update_handshake(sockets)?; + log::info!("Updated TLS"); + } + } + + Ok(true) + } + +} diff --git a/src/tls.rs b/src/tls.rs index b473efb..16b2213 100644 --- a/src/tls.rs +++ b/src/tls.rs @@ -3,6 +3,7 @@ use smoltcp::socket::TcpState; use smoltcp::socket::SocketHandle; use smoltcp::socket::SocketSet; use smoltcp::socket::TcpSocketBuffer; +use smoltcp::socket::SocketRef; use smoltcp::wire::IpEndpoint; use smoltcp::Result; use smoltcp::Error; @@ -20,7 +21,6 @@ use core::cell::RefCell; use rand_core::{RngCore, CryptoRng}; use p256::{EncodedPoint, ecdh::EphemeralSecret}; use ccm::consts::*; -use aes_gcm::AeadInPlace; use nom::bytes::complete::take; use nom::error::ErrorKind; @@ -52,20 +52,19 @@ pub(crate) enum TlsState { CONNECTED, } -// TODO: Group up all session_specific parameters into a separate structure -pub struct TlsSocket<'s, R: RngCore + CryptoRng> +pub struct TlsSocket<'s> { tcp_handle: SocketHandle, - rng: R, + rng: &'s mut dyn crate::TlsRng, session: RefCell>, } -impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> { +impl<'s> TlsSocket<'s> { pub fn new<'a, 'b, 'c>( sockets: &mut SocketSet<'a, 'b, 'c>, rx_buffer: TcpSocketBuffer<'b>, tx_buffer: TcpSocketBuffer<'b>, - rng: R, + rng: &'s mut dyn crate::TlsRng, certificate_with_key: Option<( crate::session::CertificatePrivateKey, Vec<&'s [u8]> @@ -76,6 +75,23 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> { { let tcp_socket = TcpSocket::new(rx_buffer, tx_buffer); let tcp_handle = sockets.add(tcp_socket); + TlsSocket { + tcp_handle, + rng, + session: RefCell::new( + Session::new(TlsRole::Unknown, certificate_with_key) + ), + } + } + + pub fn from_tcp_handle( + tcp_handle: SocketHandle, + rng: &'s mut dyn crate::TlsRng, + certificate_with_key: Option<( + crate::session::CertificatePrivateKey, + Vec<&'s [u8]> + )> + ) -> Self { TlsSocket { tcp_handle, rng, @@ -85,7 +101,7 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> { } } - pub fn tcp_connect( + pub fn connect( &mut self, sockets: &mut SocketSet, remote_endpoint: T, @@ -95,32 +111,33 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> { T: Into, U: Into, { + // Start TCP handshake let mut tcp_socket = sockets.get::(self.tcp_handle); - if tcp_socket.state() == TcpState::Established { - Ok(()) - } else { - tcp_socket.connect(remote_endpoint, local_endpoint) - } + tcp_socket.connect(remote_endpoint, local_endpoint)?; + + // Permit TLS handshake as well + let mut session = self.session.borrow_mut(); + session.becomes_client(); + Ok(()) } - pub fn tls_connect( - &mut self, - iface: &mut EthernetInterface, - sockets: &mut SocketSet, - now: Instant - ) -> Result - where - DeviceT: for<'d> Device<'d> - { - // Check tcp_socket connectivity + pub fn update_handshake(&mut self, sockets: &mut SocketSet) -> Result { + // Check TCP socket { let mut tcp_socket = sockets.get::(self.tcp_handle); tcp_socket.set_keep_alive(Some(smoltcp::time::Duration::from_millis(1000))); if tcp_socket.state() != TcpState::Established { + log::info!("TCP not established"); return Ok(false); } } - + // Check TLS session state + { + let role = self.session.borrow().get_session_role(); + if role != crate::session::TlsRole::Client { + return Ok(true); + } + } // Handle TLS handshake through TLS states let tls_state = { self.session.borrow().get_tls_state() @@ -193,19 +210,17 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> { self.session.borrow().need_to_send_client_certificate() }; if need_to_send_client_cert { - let (certificates_total_length, mut buffer_vec) = { - let mut session = self.session.borrow_mut(); + let (certificates_total_length, buffer_vec) = { + let session = self.session.borrow(); let mut buffer_vec: Vec = Vec::new(); let certificates = session .get_private_certificate_slices() .clone(); // Handshake level, client certificate byte followed by length (u24) - let mut handshake_header: [u8; 4] = [11, 0, 0, 0]; // Certificate struct: // request_context = X509: 0 (u8), // certificate_list to be determined (u24) - let mut certificate_header: [u8; 4] = [0, 0, 0, 0]; let mut certificates_total_length: u32 = 0; // Append place holder bytes (8 of them) in the buffer vector @@ -229,10 +244,9 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> { ); // Update length in Certificate struct - certificates_total_length += ( + certificates_total_length += // cert_data (len & data) AND extension (len & data) - 3 + certificate_length + 2 + 0 - ); + 3 + certificate_length + 2 + 0; buffer_vec.extend_from_slice(&cert_data_length); buffer_vec.extend_from_slice(cert); @@ -347,12 +361,12 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> { .client_update_for_server_connected(&inner_plaintext[..(inner_plaintext_length-1)]); } - _ => todo!() + // There is no need to care about handshake if it was completed + TlsState::CONNECTED => { + return Ok(true); + } } - // Poll the network interface - iface.poll(sockets, now); - // Read for TLS packet // Proposition: Decouple all data from TLS record layer before processing // Recouple a brand new TLS record wrapper @@ -731,7 +745,6 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> { // Verify that the signature is indeed correct TlsState::WAIT_CV => { // Ensure that it is CertificateVerify - log::info!("Got certificate verify"); let might_be_cert_verify = repr.handshake.take().unwrap(); if might_be_cert_verify.get_msg_type() != HandshakeType::CertificateVerify { // Process the other handshakes in "handshake_vec" @@ -745,11 +758,9 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> { might_be_cert_verify.length + 4 )(handshake_slice) .map_err(|_| Error::Unrecognized)?; - log::info!("about to verify"); // Perform verification, update TLS state if successful let (sig_alg, signature) = might_be_cert_verify.get_signature().unwrap(); - log::info!("Got signature"); { self.session.borrow_mut() .client_update_for_wait_cv( @@ -772,7 +783,7 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> { // Take out the portion for server Finished // Length of handshake header is 4 - let (handshake_slice, server_finished_slice) = + let (_handshake_slice, server_finished_slice) = take::<_, _, (&[u8], ErrorKind)>( might_be_server_finished.length + 4 )(handshake_slice) @@ -793,31 +804,6 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> { Ok(()) } - // Generic inner send method, through TCP socket - fn send_tls_repr(&self, sockets: &mut SocketSet, tls_repr: TlsRepr) -> Result<()> { - let mut tcp_socket = sockets.get::(self.tcp_handle); - if !tcp_socket.can_send() { - return Err(Error::Illegal); - } - let mut array = [0; 2048]; - let mut buffer = TlsBuffer::new(&mut array); - buffer.enqueue_tls_repr(tls_repr)?; - let buffer_size = buffer.get_size(); - - // Force send to return if send is unsuccessful - // Only update sequence number if the send is successful - tcp_socket.send_slice(buffer.into()) - .and_then( - |size| if size == buffer_size { - Ok(()) - } else { - Err(Error::Truncated) - } - )?; - self.session.borrow_mut().increment_client_sequence_number(); - Ok(()) - } - // Generic inner send method for buffer IO, through TCP socket // Usage: Push a slice representation of ONE TLS packet // This function will only increment sequence number by 1 @@ -940,12 +926,16 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> { (record_length + 5), ( (record_length + 5), - provided_data_capacity < (record_length + 5) + provided_data_capacity >= (record_length + 5) ) ) } )?; + if !acceptable { + return Ok(0); + } + // let recv_slice_size = tcp_socket.recv_slice(data)?; // Encrypted data need a TLS record wrapper (5 bytes) @@ -1038,4 +1028,9 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> { Ok(()) } + + pub fn get_tcp_handle(&self) -> SocketHandle { + self.tcp_handle + } + } diff --git a/src/tls_packet.rs b/src/tls_packet.rs index c172e26..a688b06 100644 --- a/src/tls_packet.rs +++ b/src/tls_packet.rs @@ -76,14 +76,6 @@ impl<'a> TlsRepr<'a> { self } - pub(crate) fn change_cipher_spec(mut self) -> Self { - self.content_type = TlsContentType::ChangeCipherSpec; - self.version = TlsVersion::Tls12; - self.length = 1; - self.payload = Some((&[1]).to_vec()); - self - } - // TODO: Consider replace all these boolean function // into a single function that returns the HandshakeType. pub(crate) fn is_server_hello(&self) -> bool { @@ -112,12 +104,6 @@ impl<'a> TlsRepr<'a> { } } } - - pub(crate) fn is_application_data(&self) -> bool { - self.content_type == TlsContentType::ApplicationData && - self.handshake.is_none() && - self.payload.is_some() - } } #[derive(Debug, PartialEq, Eq, Clone, Copy, IntoPrimitive, TryFromPrimitive)] @@ -385,8 +371,6 @@ impl<'a> ClientHello<'a> { list.push(NamedGroup::x25519); list.push(NamedGroup::secp256r1); - let length = list.len()*2; - // Use the list to generate all key shares and store in a vec let mut client_shares = Vec::new(); let mut client_shares_length = 0; @@ -590,10 +574,10 @@ pub(crate) enum SupportedVersions { impl SupportedVersions { pub(crate) fn get_length(&self) -> usize { match self { - Self::ClientHello { length, versions } => { + Self::ClientHello { length, .. } => { usize::try_from(*length).unwrap() + 1 } - Self::ServerHello { selected_version } => 2 + Self::ServerHello { .. } => 2 } } } @@ -713,8 +697,8 @@ pub(crate) enum KeyShareEntryContent { impl KeyShareEntryContent { pub(crate) fn get_length(&self) -> usize { match self { - Self::KeyShareClientHello { length, client_shares } => 2 + usize::try_from(*length).unwrap(), - Self::KeyShareHelloRetryRequest { selected_group } => 2, + Self::KeyShareClientHello { length, .. } => 2 + usize::try_from(*length).unwrap(), + Self::KeyShareHelloRetryRequest { .. } => 2, Self::KeyShareServerHello { server_share } => server_share.get_length(), } } @@ -760,12 +744,9 @@ pub(crate) enum CertificateEntryInfo<'a> { impl<'a> CertificateEntryInfo<'a> { pub(crate) fn get_certificate(&self) -> &Asn1DerCertificate { match self { - CertificateEntryInfo::RawPublicKey { - ASN1_subjectPublicKeyInfo_length, - ASN1_subjectPublicKeyInfo - } => todo!(), + CertificateEntryInfo::RawPublicKey { .. } => todo!(), CertificateEntryInfo::X509 { - cert_data_length, cert_data + cert_data, .. } => &cert_data } }