poll: init
This commit is contained in:
parent
47f2229feb
commit
c22ff413da
@ -76,6 +76,11 @@ version = "0.9.0"
|
|||||||
default-features = false
|
default-features = false
|
||||||
features = []
|
features = []
|
||||||
|
|
||||||
|
[dependencies.managed]
|
||||||
|
version = "0.8.0"
|
||||||
|
default-features = false
|
||||||
|
features = [ "alloc" ]
|
||||||
|
|
||||||
[dependencies.simple_logger]
|
[dependencies.simple_logger]
|
||||||
version = "1.11.0"
|
version = "1.11.0"
|
||||||
optional = true
|
optional = true
|
||||||
|
@ -30,10 +30,6 @@ impl<'a> TlsBuffer<'a> {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
pub(crate) fn get_size(&self) -> usize {
|
|
||||||
self.index.clone().into_inner()
|
|
||||||
}
|
|
||||||
|
|
||||||
pub(crate) fn write(&mut self, data: &[u8]) -> Result<()> {
|
pub(crate) fn write(&mut self, data: &[u8]) -> Result<()> {
|
||||||
let mut index = self.index.borrow_mut();
|
let mut index = self.index.borrow_mut();
|
||||||
if (self.buffer.len() - *index) < data.len() {
|
if (self.buffer.len() - *index) < data.len() {
|
||||||
@ -55,31 +51,6 @@ impl<'a> TlsBuffer<'a> {
|
|||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
pub(crate) fn read_u8(&mut self) -> Result<u8> {
|
|
||||||
let mut index = self.index.borrow_mut();
|
|
||||||
if (self.buffer.len() - *index) < 1 {
|
|
||||||
return Err(Error::Exhausted);
|
|
||||||
}
|
|
||||||
let data = self.buffer[*index];
|
|
||||||
*index += 1;
|
|
||||||
Ok(data)
|
|
||||||
}
|
|
||||||
|
|
||||||
pub(crate) fn read_all(self) -> &'a [u8] {
|
|
||||||
&self.buffer[self.index.into_inner()..]
|
|
||||||
}
|
|
||||||
|
|
||||||
pub(crate) fn read_slice(&self, length: usize) -> Result<&[u8]> {
|
|
||||||
let mut index = self.index.borrow_mut();
|
|
||||||
if (self.buffer.len() - *index) < length {
|
|
||||||
return Err(Error::Exhausted);
|
|
||||||
}
|
|
||||||
let next_index = *index + length;
|
|
||||||
let slice = &self.buffer[*index..next_index];
|
|
||||||
*index = next_index;
|
|
||||||
Ok(slice)
|
|
||||||
}
|
|
||||||
|
|
||||||
pub(crate) fn enqueue_tls_repr(&mut self, tls_repr: TlsRepr<'a>) -> Result<()> {
|
pub(crate) fn enqueue_tls_repr(&mut self, tls_repr: TlsRepr<'a>) -> Result<()> {
|
||||||
self.write_u8(tls_repr.content_type.into())?;
|
self.write_u8(tls_repr.content_type.into())?;
|
||||||
self.write_u16(tls_repr.version.into())?;
|
self.write_u16(tls_repr.version.into())?;
|
||||||
|
@ -7,7 +7,6 @@ use chrono::{DateTime, FixedOffset};
|
|||||||
|
|
||||||
use crate::parse::parse_asn1_der_rsa_public_key;
|
use crate::parse::parse_asn1_der_rsa_public_key;
|
||||||
use crate::parse::parse_rsa_ssa_pss_parameters;
|
use crate::parse::parse_rsa_ssa_pss_parameters;
|
||||||
use crate::parse::parse_ecdsa_signature;
|
|
||||||
use crate::parse::parse_asn1_der_oid;
|
use crate::parse::parse_asn1_der_oid;
|
||||||
|
|
||||||
use crate::Error as TlsError;
|
use crate::Error as TlsError;
|
||||||
@ -19,10 +18,9 @@ use sha1::{Sha1, Digest};
|
|||||||
use sha2::{Sha224, Sha256, Sha384, Sha512};
|
use sha2::{Sha224, Sha256, Sha384, Sha512};
|
||||||
use rsa::{PublicKey, RSAPublicKey, PaddingScheme, BigUint, Hash};
|
use rsa::{PublicKey, RSAPublicKey, PaddingScheme, BigUint, Hash};
|
||||||
|
|
||||||
use p256::ecdsa::signature::{Verifier, DigestVerifier};
|
use p256::ecdsa::signature::{Verifier};
|
||||||
|
|
||||||
use alloc::vec::Vec;
|
use alloc::vec::Vec;
|
||||||
use heapless::{ Vec as HeaplessVec, consts::* };
|
|
||||||
|
|
||||||
use byteorder::{ByteOrder, NetworkEndian};
|
use byteorder::{ByteOrder, NetworkEndian};
|
||||||
|
|
||||||
@ -1234,7 +1232,7 @@ fn wrap_up_verification(
|
|||||||
// require_explicit_policy is 0, set explicit_policy_state to be 0
|
// require_explicit_policy is 0, set explicit_policy_state to be 0
|
||||||
if let ExtensionValue::PolicyConstraints {
|
if let ExtensionValue::PolicyConstraints {
|
||||||
require_explicit_policy,
|
require_explicit_policy,
|
||||||
inhibit_policy_mapping
|
..
|
||||||
} = &extension.extension_value {
|
} = &extension.extension_value {
|
||||||
if require_explicit_policy.is_some() {
|
if require_explicit_policy.is_some() {
|
||||||
if require_explicit_policy.unwrap() == 0 {
|
if require_explicit_policy.unwrap() == 0 {
|
||||||
|
@ -5,7 +5,7 @@
|
|||||||
// Anyway, the RSAPublicKey::verify() method does NOT care about random at all :)
|
// Anyway, the RSAPublicKey::verify() method does NOT care about random at all :)
|
||||||
|
|
||||||
use rand_core::{RngCore, Error};
|
use rand_core::{RngCore, Error};
|
||||||
use byteorder::{ByteOrder, NetworkEndian, BigEndian};
|
use byteorder::{ByteOrder, NetworkEndian};
|
||||||
|
|
||||||
pub struct FakeRandom {}
|
pub struct FakeRandom {}
|
||||||
|
|
||||||
|
33
src/lib.rs
33
src/lib.rs
@ -11,6 +11,7 @@ pub mod session;
|
|||||||
pub mod certificate;
|
pub mod certificate;
|
||||||
pub mod fake_rng;
|
pub mod fake_rng;
|
||||||
pub mod oid;
|
pub mod oid;
|
||||||
|
pub mod set;
|
||||||
|
|
||||||
// TODO: Implement errors
|
// TODO: Implement errors
|
||||||
// Details: Encapsulate smoltcp & nom errors
|
// Details: Encapsulate smoltcp & nom errors
|
||||||
@ -29,3 +30,35 @@ pub enum Error {
|
|||||||
CertificatePolicyError,
|
CertificatePolicyError,
|
||||||
CertificateVersionError,
|
CertificateVersionError,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
impl From<smoltcp::Error> for Error {
|
||||||
|
fn from(error: smoltcp::Error) -> Self {
|
||||||
|
Self::PropagatedError(error)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
pub trait TlsRng: rand_core::RngCore + rand_core::CryptoRng {}
|
||||||
|
|
||||||
|
use smoltcp as net;
|
||||||
|
|
||||||
|
use net::socket::SocketSet;
|
||||||
|
use net::iface::EthernetInterface;
|
||||||
|
use net::time::Instant;
|
||||||
|
use net::phy::Device;
|
||||||
|
|
||||||
|
use crate::tls::TlsSocket;
|
||||||
|
use crate::set::TlsSocketSet;
|
||||||
|
|
||||||
|
// One-call function for polling all sockets within socket set
|
||||||
|
pub fn poll<DeviceT>(
|
||||||
|
sockets: &mut SocketSet,
|
||||||
|
tls_sockets: &mut TlsSocketSet,
|
||||||
|
iface: &mut EthernetInterface<DeviceT>,
|
||||||
|
now: Instant
|
||||||
|
) -> Result<bool, Error>
|
||||||
|
where
|
||||||
|
DeviceT: for<'d> Device<'d>
|
||||||
|
{
|
||||||
|
tls_sockets.polled_by(sockets)?;
|
||||||
|
iface.poll(sockets, now).map_err(Error::PropagatedError)
|
||||||
|
}
|
||||||
|
194
src/main.rs
194
src/main.rs
@ -81,7 +81,7 @@ fn main() {
|
|||||||
// tls_socket.tls_connect(&mut sockets).unwrap();
|
// tls_socket.tls_connect(&mut sockets).unwrap();
|
||||||
simple_logger::SimpleLogger::new().init().unwrap();
|
simple_logger::SimpleLogger::new().init().unwrap();
|
||||||
|
|
||||||
let (_, certificate) = parse_asn1_der_certificate(&RSA_PSS_SELF_CERT).unwrap();
|
// let (_, certificate) = parse_asn1_der_certificate(&RSA_PSS_SELF_CERT).unwrap();
|
||||||
// println!("Certificate print: {:?}", certificate);
|
// println!("Certificate print: {:?}", certificate);
|
||||||
|
|
||||||
// let modulus = [
|
// let modulus = [
|
||||||
@ -101,12 +101,10 @@ fn main() {
|
|||||||
// certificate.validate_signature_with_trusted(&ca_public_key).unwrap();
|
// certificate.validate_signature_with_trusted(&ca_public_key).unwrap();
|
||||||
// println!("Certificate should be trusted");
|
// println!("Certificate should be trusted");
|
||||||
|
|
||||||
certificate.validate_self_signed_signature().unwrap();
|
// certificate.validate_self_signed_signature().unwrap();
|
||||||
println!("Certificate should be trusted");
|
// println!("Certificate should be trusted");
|
||||||
/*
|
/*
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
let mut certificate_vec = Vec::new();
|
let mut certificate_vec = Vec::new();
|
||||||
let name = parse_asn1_der_name(&SELF_SIGNED_WITH_SAN_ISSUER).unwrap().1;
|
let name = parse_asn1_der_name(&SELF_SIGNED_WITH_SAN_ISSUER).unwrap().1;
|
||||||
let public_key = certificate.get_cert_public_key().unwrap();
|
let public_key = certificate.get_cert_public_key().unwrap();
|
||||||
@ -154,18 +152,18 @@ fn main() {
|
|||||||
excluded_name
|
excluded_name
|
||||||
).unwrap();
|
).unwrap();
|
||||||
*/
|
*/
|
||||||
let google_end_entity_certificate = parse_asn1_der_certificate(
|
// let google_end_entity_certificate = parse_asn1_der_certificate(
|
||||||
&GOOGLE_END_ENTITY_CERT
|
// &GOOGLE_END_ENTITY_CERT
|
||||||
).unwrap().1;
|
// ).unwrap().1;
|
||||||
|
|
||||||
let google_root_ca_certificate = parse_asn1_der_certificate(
|
// let google_root_ca_certificate = parse_asn1_der_certificate(
|
||||||
&GOOGLE_ROOT_CERT
|
// &GOOGLE_ROOT_CERT
|
||||||
).unwrap().1;
|
// ).unwrap().1;
|
||||||
|
|
||||||
google_end_entity_certificate.validate_signature_with_trusted(
|
// google_end_entity_certificate.validate_signature_with_trusted(
|
||||||
&google_root_ca_certificate.get_cert_public_key().unwrap()
|
// &google_root_ca_certificate.get_cert_public_key().unwrap()
|
||||||
).unwrap();
|
// ).unwrap();
|
||||||
log::info!("End entity certificate verified");
|
// log::info!("End entity certificate verified");
|
||||||
|
|
||||||
// google_root_ca_certificate.validate_self_signed_signature().unwrap();
|
// google_root_ca_certificate.validate_self_signed_signature().unwrap();
|
||||||
// log::info!("root certificate verified");
|
// log::info!("root certificate verified");
|
||||||
@ -192,47 +190,73 @@ fn main() {
|
|||||||
// excluded_name
|
// excluded_name
|
||||||
// ).unwrap();
|
// ).unwrap();
|
||||||
|
|
||||||
use rand_core::{RngCore, OsRng};
|
// use rand_core::{RngCore, OsRng};
|
||||||
use rsa::PublicKey;
|
// use rsa::PublicKey;
|
||||||
use rsa::BigUint;
|
// use rsa::BigUint;
|
||||||
use smoltcp_tls::fake_rng::FakeRandom;
|
// use smoltcp_tls::fake_rng::FakeRandom;
|
||||||
|
|
||||||
let mut prime_vec = std::vec::Vec::new();
|
// let mut prime_vec = std::vec::Vec::new();
|
||||||
prime_vec.extend_from_slice(&[
|
// prime_vec.extend_from_slice(&[
|
||||||
BigUint::from_bytes_be(&CLIENT_PRIME_1),
|
// BigUint::from_bytes_be(&CLIENT_PRIME_1),
|
||||||
BigUint::from_bytes_be(&CLIENT_PRIME_2)
|
// BigUint::from_bytes_be(&CLIENT_PRIME_2)
|
||||||
]);
|
// ]);
|
||||||
let rsa_client_private_key = rsa::RSAPrivateKey::from_components(
|
// let rsa_client_private_key = rsa::RSAPrivateKey::from_components(
|
||||||
BigUint::from_bytes_be(&CLIENT_PRIVATE_KEY_MOD),
|
// BigUint::from_bytes_be(&CLIENT_PRIVATE_KEY_MOD),
|
||||||
BigUint::from_bytes_be(&CLIENT_PRIVATE_KEY_EXP),
|
// BigUint::from_bytes_be(&CLIENT_PRIVATE_KEY_EXP),
|
||||||
BigUint::from_bytes_be(&CLIENT_PRIVATE_KEY_PMOD),
|
// BigUint::from_bytes_be(&CLIENT_PRIVATE_KEY_PMOD),
|
||||||
prime_vec
|
// prime_vec
|
||||||
|
// );
|
||||||
|
// let public_key_from_conversion = rsa_client_private_key.to_public_key();
|
||||||
|
// let rsa_client_public_key =
|
||||||
|
// rsa::RSAPublicKey::from_pkcs1(&CLIENT_PUBLIC_KEY).unwrap();
|
||||||
|
|
||||||
|
// println!("Public key from conversion: {:?}", public_key_from_conversion);
|
||||||
|
// println!("Public key from certificate: {:?}", rsa_client_public_key);
|
||||||
|
// println!("Public key are the same: {:?}",
|
||||||
|
// public_key_from_conversion == rsa_client_public_key);
|
||||||
|
|
||||||
|
// let checked_hash = sha2::Sha256::new()
|
||||||
|
// .chain(&[0x20; 64])
|
||||||
|
// .chain("TLS 1.3, client CertificateVerify")
|
||||||
|
// .chain(&[0])
|
||||||
|
// .chain(&CLIENT_TRANSCRIPT_HASH)
|
||||||
|
// .finalize();
|
||||||
|
|
||||||
|
// let padding = rsa::PaddingScheme::new_pss_with_salt::<sha2::Sha256, OsRng>(OsRng, 32);
|
||||||
|
// let sign = rsa_client_private_key.sign(padding, &checked_hash).unwrap();
|
||||||
|
|
||||||
|
// println!("Signature with salt: {:X?}", sign);
|
||||||
|
|
||||||
|
// let padding = rsa::PaddingScheme::new_pss_with_salt::<sha2::Sha256, OsRng>(OsRng, 222);
|
||||||
|
// rsa_client_public_key.verify(padding, &checked_hash, &sign).unwrap();
|
||||||
|
|
||||||
|
// println!("Signature verified");
|
||||||
|
|
||||||
|
use ed25519_dalek::Verifier;
|
||||||
|
|
||||||
|
let ed25519_public_key = ed25519_dalek::PublicKey::from_bytes(
|
||||||
|
&ED25519_SERVER_PUBLIC_KEY
|
||||||
|
).unwrap();
|
||||||
|
|
||||||
|
let ed25519_signature = ed25519_dalek::Signature::new(
|
||||||
|
ED25519_SIGNATURE
|
||||||
);
|
);
|
||||||
let public_key_from_conversion = rsa_client_private_key.to_public_key();
|
|
||||||
let rsa_client_public_key =
|
|
||||||
rsa::RSAPublicKey::from_pkcs1(&CLIENT_PUBLIC_KEY).unwrap();
|
|
||||||
|
|
||||||
println!("Public key from conversion: {:?}", public_key_from_conversion);
|
let mut message_vec = std::vec::Vec::new();
|
||||||
println!("Public key from certificate: {:?}", rsa_client_public_key);
|
message_vec.extend_from_slice(&[0x20; 64]);
|
||||||
println!("Public key are the same: {:?}",
|
message_vec.extend_from_slice(b"TLS 1.3, server CertificateVerify");
|
||||||
public_key_from_conversion == rsa_client_public_key);
|
message_vec.extend_from_slice(&[0]);
|
||||||
|
message_vec.extend_from_slice(&CLIENT_TRANSCRIPT_HASH);
|
||||||
|
println!("Length of verify message: {:?}", message_vec.len());
|
||||||
|
|
||||||
let checked_hash = sha2::Sha256::new()
|
let checked_hash = sha2::Sha512::new()
|
||||||
.chain(&[0x20; 64])
|
.chain(&[0x20; 64])
|
||||||
.chain("TLS 1.3, client CertificateVerify")
|
.chain("TLS 1.3, server CertificateVerify")
|
||||||
.chain(&[0])
|
.chain(&[0])
|
||||||
.chain(&CLIENT_TRANSCRIPT_HASH)
|
.chain(&CLIENT_TRANSCRIPT_HASH);
|
||||||
.finalize();
|
|
||||||
|
|
||||||
let padding = rsa::PaddingScheme::new_pss_with_salt::<sha2::Sha256, OsRng>(OsRng, 32);
|
ed25519_public_key.verify(&message_vec, &ed25519_signature).unwrap();
|
||||||
let sign = rsa_client_private_key.sign(padding, &checked_hash).unwrap();
|
ed25519_public_key.verify_prehashed(checked_hash, None, &ed25519_signature).unwrap();
|
||||||
|
|
||||||
println!("Signature with salt: {:X?}", sign);
|
|
||||||
|
|
||||||
let padding = rsa::PaddingScheme::new_pss_with_salt::<sha2::Sha256, OsRng>(OsRng, 222);
|
|
||||||
rsa_client_public_key.verify(padding, &checked_hash, &sign).unwrap();
|
|
||||||
|
|
||||||
println!("Signature verified");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
const RSA_PSS_CERT: [u8; 0x3AB] =
|
const RSA_PSS_CERT: [u8; 0x3AB] =
|
||||||
@ -249,9 +273,6 @@ const RSA_PKCS_CERT: [u8; 0x03AB] =
|
|||||||
const ECDSA_P256_CERT: [u8; 0x0219] =
|
const ECDSA_P256_CERT: [u8; 0x0219] =
|
||||||
hex_literal::hex!("30820215308201bba003020102021441d0428ae91b87ccb66e64cf3bdbd96ef0871630300a06082a8648ce3d0403023060310b30090603550406130255533113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c74643119301706092a864886f70d010901160a68656c6c6f776f726c64301e170d3230313130353033313932325a170d3330313130333033313932325a3060310b30090603550406130255533113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c74643119301706092a864886f70d010901160a68656c6c6f776f726c643059301306072a8648ce3d020106082a8648ce3d03010703420004d22bf2abba402fa10f6d97f941465d5966a965cc8f288bb7920e8c9e8c50607ef3a0a183916913ed9f4dfb42452fe972a2a5ac7a2f4443ef2a0012a481957d10a3533051301d0603551d0e041604147383be1d07af30366a8c3c377d048759f802e885301f0603551d230418301680147383be1d07af30366a8c3c377d048759f802e885300f0603551d130101ff040530030101ff300a06082a8648ce3d0403020348003045022100c048d13d28a811a67262d1593ea0f4af51812751632d391b7d85666fcd5e591702202b1a2db620b764ff61a7be0808069518c75d1bed60c1e9c98debfa98d7a23134");
|
hex_literal::hex!("30820215308201bba003020102021441d0428ae91b87ccb66e64cf3bdbd96ef0871630300a06082a8648ce3d0403023060310b30090603550406130255533113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c74643119301706092a864886f70d010901160a68656c6c6f776f726c64301e170d3230313130353033313932325a170d3330313130333033313932325a3060310b30090603550406130255533113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c74643119301706092a864886f70d010901160a68656c6c6f776f726c643059301306072a8648ce3d020106082a8648ce3d03010703420004d22bf2abba402fa10f6d97f941465d5966a965cc8f288bb7920e8c9e8c50607ef3a0a183916913ed9f4dfb42452fe972a2a5ac7a2f4443ef2a0012a481957d10a3533051301d0603551d0e041604147383be1d07af30366a8c3c377d048759f802e885301f0603551d230418301680147383be1d07af30366a8c3c377d048759f802e885300f0603551d130101ff040530030101ff300a06082a8648ce3d0403020348003045022100c048d13d28a811a67262d1593ea0f4af51812751632d391b7d85666fcd5e591702202b1a2db620b764ff61a7be0808069518c75d1bed60c1e9c98debfa98d7a23134");
|
||||||
|
|
||||||
const ED25519_CERT: [u8; 0x0187] =
|
|
||||||
hex_literal::hex!("30820183308201350214644c27b38f4bd515d9c06f72609ed50844499917300506032b65703064310b30090603550406130255533113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c7464311d301b06035504030c146578616d706c65732e756c666865696d2e6e6574301e170d3230313130353035313435365a170d3232313030363035313435365a3064310b30090603550406130255533113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c7464311d301b06035504030c146578616d706c65732e756c666865696d2e6e6574302a300506032b6570032100be9d2a3f45d7bd86a6fba8acf3dc58d1241e4272f100c81779bc43e96b779515300506032b6570034100b7017b76d0f9f6f58f7bb28de5459c127a3a539ed73997dcd42a0e0484d5768d42b5f5b0e275c99b856124b20983b2dca66dec380b15b5425f9ccf87a3dc5700");
|
|
||||||
|
|
||||||
const CA_SIGNED_CERT: [u8; 0x0356] =
|
const CA_SIGNED_CERT: [u8; 0x0356] =
|
||||||
hex_literal::hex!(
|
hex_literal::hex!(
|
||||||
"308203523082023a02146048517ee55aabd1e8f2bd7db1d91e679708e644300d06092a864886f70d01010b05003067310b30090603550406130255533113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c74643120301e06035504030c176578616d706c65732e63612e756c666865696d2e6e6574301e170d3230313130363034323035305a170d3230313230363034323035305a3064310b30090603550406130255533113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c7464311d301b06035504030c146578616d706c65732e756c666865696d2e6e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100b2940671bfe7ace7416ba9d34018c229588e9d4eed8bd6623e44ab1239e8f1f0de9050b2f485a98e63f5b483330fb0b5abaeb33d11889033b0b684bf34696d28206bb361782c4b106a8d47874cbbdf971b5ab887bca508bccf250a1a811cee078464638e441941347d4c8885ac9b59d9fc9636276912b04d9e3ab29bd8ad319572ae54f0b6145c4d675a78607dcc4793a4d432f1c2a41ea29dd4f7262b6fe472dfaea51aca992b4624e73fa9901fa364fc5b721052ef3187e659d58d2706770d365380a7ebab6caac5b23271c01531fdf95368ee48af5383035f249be7c18f50ce9e52877558efe4b2e29f61328396e2a3b5e71309ad13d93d6ba3d5c3eb2b650203010001300d06092a864886f70d01010b0500038201010063c9ab0f5d2e164513e8e74b656ae4f48dd004c3ead9f1026b7741cbf02bb0efcf19e0fbf8a788dae059a2393167f016bafc0e3efd5c5b4c43079b6506eb67f17f44f9591503c7d1fdb77bf631894817393ea82610ad5106d23ec6bf1a6d96d749f05c0136cd71256617a51fe862529aee4a37d5f456dc7da8b220ff10ede4e87bc63e4589b3f81133a7f82ab900419e8a2d802d59e99cfbbd268702efd17616168b45b5211da0e644c29dcb92dbbf32b43586bbab05deb0261771605c52836363bd28ff9853d44436349f5ba11f2640bc9c42688e0d5eb6cac9f3f5e5f98652fa4f4ba52604371ec45f09d678e31d463285a4b3734f587f35a339920544f476"
|
"308203523082023a02146048517ee55aabd1e8f2bd7db1d91e679708e644300d06092a864886f70d01010b05003067310b30090603550406130255533113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c74643120301e06035504030c176578616d706c65732e63612e756c666865696d2e6e6574301e170d3230313130363034323035305a170d3230313230363034323035305a3064310b30090603550406130255533113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c7464311d301b06035504030c146578616d706c65732e756c666865696d2e6e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100b2940671bfe7ace7416ba9d34018c229588e9d4eed8bd6623e44ab1239e8f1f0de9050b2f485a98e63f5b483330fb0b5abaeb33d11889033b0b684bf34696d28206bb361782c4b106a8d47874cbbdf971b5ab887bca508bccf250a1a811cee078464638e441941347d4c8885ac9b59d9fc9636276912b04d9e3ab29bd8ad319572ae54f0b6145c4d675a78607dcc4793a4d432f1c2a41ea29dd4f7262b6fe472dfaea51aca992b4624e73fa9901fa364fc5b721052ef3187e659d58d2706770d365380a7ebab6caac5b23271c01531fdf95368ee48af5383035f249be7c18f50ce9e52877558efe4b2e29f61328396e2a3b5e71309ad13d93d6ba3d5c3eb2b650203010001300d06092a864886f70d01010b0500038201010063c9ab0f5d2e164513e8e74b656ae4f48dd004c3ead9f1026b7741cbf02bb0efcf19e0fbf8a788dae059a2393167f016bafc0e3efd5c5b4c43079b6506eb67f17f44f9591503c7d1fdb77bf631894817393ea82610ad5106d23ec6bf1a6d96d749f05c0136cd71256617a51fe862529aee4a37d5f456dc7da8b220ff10ede4e87bc63e4589b3f81133a7f82ab900419e8a2d802d59e99cfbbd268702efd17616168b45b5211da0e644c29dcb92dbbf32b43586bbab05deb0261771605c52836363bd28ff9853d44436349f5ba11f2640bc9c42688e0d5eb6cac9f3f5e5f98652fa4f4ba52604371ec45f09d678e31d463285a4b3734f587f35a339920544f476"
|
||||||
@ -277,28 +298,63 @@ const GOOGLE_END_ENTITY_CERT: [u8; 0x0974] =
|
|||||||
"3082097030820858a00302010202103c8415c8e1e38e7702000000007fd492300d06092a864886f70d01010b05003042310b3009060355040613025553311e301c060355040a1315476f6f676c65205472757374205365727669636573311330110603550403130a47545320434120314f31301e170d3230313032383136313833365a170d3231303132303136313833365a3066310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731133011060355040a130a476f6f676c65204c4c433115301306035504030c0c2a2e676f6f676c652e636f6d3059301306072a8648ce3d020106082a8648ce3d03010703420004928f17ebaacb747f1c091d80bab6397cefca2ceed75053a05a196074295add702ed9298d45937515d53026c4ae3bdede339607b42b7525ad2713f1eb455208a6a382070730820703300e0603551d0f0101ff04040302078030130603551d25040c300a06082b06010505070301300c0603551d130101ff04023000301d0603551d0e04160414c2f35a502b0f66ccd7cf4ce9f687b6203f0d3b7c301f0603551d2304183016801498d1f86e10ebcf9bec609f18901ba0eb7d09fd2b306806082b06010505070101045c305a302b06082b06010505073001861f687474703a2f2f6f6373702e706b692e676f6f672f677473316f31636f7265302b06082b06010505073002861f687474703a2f2f706b692e676f6f672f677372322f475453314f312e637274308204c20603551d11048204b9308204b5820c2a2e676f6f676c652e636f6d820d2a2e616e64726f69642e636f6d82162a2e617070656e67696e652e676f6f676c652e636f6d82092a2e62646e2e64657682122a2e636c6f75642e676f6f676c652e636f6d82182a2e63726f7764736f757263652e676f6f676c652e636f6d82182a2e64617461636f6d707574652e676f6f676c652e636f6d82062a2e672e636f820e2a2e6763702e677674322e636f6d82112a2e67637063646e2e677674312e636f6d820a2a2e67677068742e636e820e2a2e676b65636e617070732e636e82162a2e676f6f676c652d616e616c79746963732e636f6d820b2a2e676f6f676c652e6361820b2a2e676f6f676c652e636c820e2a2e676f6f676c652e636f2e696e820e2a2e676f6f676c652e636f2e6a70820e2a2e676f6f676c652e636f2e756b820f2a2e676f6f676c652e636f6d2e6172820f2a2e676f6f676c652e636f6d2e6175820f2a2e676f6f676c652e636f6d2e6272820f2a2e676f6f676c652e636f6d2e636f820f2a2e676f6f676c652e636f6d2e6d78820f2a2e676f6f676c652e636f6d2e7472820f2a2e676f6f676c652e636f6d2e766e820b2a2e676f6f676c652e6465820b2a2e676f6f676c652e6573820b2a2e676f6f676c652e6672820b2a2e676f6f676c652e6875820b2a2e676f6f676c652e6974820b2a2e676f6f676c652e6e6c820b2a2e676f6f676c652e706c820b2a2e676f6f676c652e707482122a2e676f6f676c656164617069732e636f6d820f2a2e676f6f676c65617069732e636e82112a2e676f6f676c65636e617070732e636e82142a2e676f6f676c65636f6d6d657263652e636f6d82112a2e676f6f676c65766964656f2e636f6d820c2a2e677374617469632e636e820d2a2e677374617469632e636f6d82122a2e67737461746963636e617070732e636e820a2a2e677674312e636f6d820a2a2e677674322e636f6d82142a2e6d65747269632e677374617469632e636f6d820c2a2e75726368696e2e636f6d82102a2e75726c2e676f6f676c652e636f6d82132a2e776561722e676b65636e617070732e636e82162a2e796f75747562652d6e6f636f6f6b69652e636f6d820d2a2e796f75747562652e636f6d82162a2e796f7574756265656475636174696f6e2e636f6d82112a2e796f75747562656b6964732e636f6d82072a2e79742e6265820b2a2e7974696d672e636f6d821a616e64726f69642e636c69656e74732e676f6f676c652e636f6d820b616e64726f69642e636f6d821b646576656c6f7065722e616e64726f69642e676f6f676c652e636e821c646576656c6f706572732e616e64726f69642e676f6f676c652e636e8204672e636f820867677068742e636e820c676b65636e617070732e636e8206676f6f2e676c8214676f6f676c652d616e616c79746963732e636f6d820a676f6f676c652e636f6d820f676f6f676c65636e617070732e636e8212676f6f676c65636f6d6d657263652e636f6d8218736f757263652e616e64726f69642e676f6f676c652e636e820a75726368696e2e636f6d820a7777772e676f6f2e676c8208796f7574752e6265820b796f75747562652e636f6d8214796f7574756265656475636174696f6e2e636f6d820f796f75747562656b6964732e636f6d820579742e626530210603551d20041a30183008060667810c010202300c060a2b06010401d67902050330330603551d1f042c302a3028a026a0248622687474703a2f2f63726c2e706b692e676f6f672f475453314f31636f72652e63726c30820104060a2b06010401d6790204020481f50481f200f0007700f65c942fd1773022145418083094568ee34d131933bfdf0c2f200bcc4ef164e3000001757037f6230000040300483046022100aac1f73dd8213ad0f7cacfb97830908dd1bf945331fde26b369992cd52731ef1022100bcaa58c50418f910ac3aab1b9f4963c86a8abe79a4ce751ad9489008ae8db433007500eec095ee8d72640f92e3c3b91bc712a3696a097b4b6a1a1438e647b2cbedc5f9000001757037f675000004030046304402203534f394062ad3c22a3ee6b4fc4515824331e758179dbc003d1b30714858e7a802206b2f82038e90b0b1497a50adfa02edabc14c72a68f29ef8beebcdeb3aa79c5f9300d06092a864886f70d01010b05000382010100483bacd4bcba6181eaae86db235942cf84c89dd91ec973525eb46a0582b6fad7ef02124c94521e5d92272a4f87f82a23804adacc08f9da02f7f9b4a25f7d3c819a215b9b8f9308b943b0cd6c9121ecb6f9bd6491c20ec8c149fd171a5c13d17cf6bf1b7cfb2031016637d0daa2ce2f419d498abfdde0eb200c0586068789cbbaea3dd6b9e9e6ba124c6c4e9bf00c5bc79df57f91b849a6a8340883b5d2e1a3b00f86b7c56b34ef740a80ebce142c4973241934a5f257b406e4d2159ae0c27a70a88e8e3036b40611234fa7ece6dff1a5ed0dbc118a361879f0f26b6497cc17b36e2750c92ac0e64db12e5a2ac4142a5ca135ef6ea90f82c20a0eb4b4ed1a31d1"
|
"3082097030820858a00302010202103c8415c8e1e38e7702000000007fd492300d06092a864886f70d01010b05003042310b3009060355040613025553311e301c060355040a1315476f6f676c65205472757374205365727669636573311330110603550403130a47545320434120314f31301e170d3230313032383136313833365a170d3231303132303136313833365a3066310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731133011060355040a130a476f6f676c65204c4c433115301306035504030c0c2a2e676f6f676c652e636f6d3059301306072a8648ce3d020106082a8648ce3d03010703420004928f17ebaacb747f1c091d80bab6397cefca2ceed75053a05a196074295add702ed9298d45937515d53026c4ae3bdede339607b42b7525ad2713f1eb455208a6a382070730820703300e0603551d0f0101ff04040302078030130603551d25040c300a06082b06010505070301300c0603551d130101ff04023000301d0603551d0e04160414c2f35a502b0f66ccd7cf4ce9f687b6203f0d3b7c301f0603551d2304183016801498d1f86e10ebcf9bec609f18901ba0eb7d09fd2b306806082b06010505070101045c305a302b06082b06010505073001861f687474703a2f2f6f6373702e706b692e676f6f672f677473316f31636f7265302b06082b06010505073002861f687474703a2f2f706b692e676f6f672f677372322f475453314f312e637274308204c20603551d11048204b9308204b5820c2a2e676f6f676c652e636f6d820d2a2e616e64726f69642e636f6d82162a2e617070656e67696e652e676f6f676c652e636f6d82092a2e62646e2e64657682122a2e636c6f75642e676f6f676c652e636f6d82182a2e63726f7764736f757263652e676f6f676c652e636f6d82182a2e64617461636f6d707574652e676f6f676c652e636f6d82062a2e672e636f820e2a2e6763702e677674322e636f6d82112a2e67637063646e2e677674312e636f6d820a2a2e67677068742e636e820e2a2e676b65636e617070732e636e82162a2e676f6f676c652d616e616c79746963732e636f6d820b2a2e676f6f676c652e6361820b2a2e676f6f676c652e636c820e2a2e676f6f676c652e636f2e696e820e2a2e676f6f676c652e636f2e6a70820e2a2e676f6f676c652e636f2e756b820f2a2e676f6f676c652e636f6d2e6172820f2a2e676f6f676c652e636f6d2e6175820f2a2e676f6f676c652e636f6d2e6272820f2a2e676f6f676c652e636f6d2e636f820f2a2e676f6f676c652e636f6d2e6d78820f2a2e676f6f676c652e636f6d2e7472820f2a2e676f6f676c652e636f6d2e766e820b2a2e676f6f676c652e6465820b2a2e676f6f676c652e6573820b2a2e676f6f676c652e6672820b2a2e676f6f676c652e6875820b2a2e676f6f676c652e6974820b2a2e676f6f676c652e6e6c820b2a2e676f6f676c652e706c820b2a2e676f6f676c652e707482122a2e676f6f676c656164617069732e636f6d820f2a2e676f6f676c65617069732e636e82112a2e676f6f676c65636e617070732e636e82142a2e676f6f676c65636f6d6d657263652e636f6d82112a2e676f6f676c65766964656f2e636f6d820c2a2e677374617469632e636e820d2a2e677374617469632e636f6d82122a2e67737461746963636e617070732e636e820a2a2e677674312e636f6d820a2a2e677674322e636f6d82142a2e6d65747269632e677374617469632e636f6d820c2a2e75726368696e2e636f6d82102a2e75726c2e676f6f676c652e636f6d82132a2e776561722e676b65636e617070732e636e82162a2e796f75747562652d6e6f636f6f6b69652e636f6d820d2a2e796f75747562652e636f6d82162a2e796f7574756265656475636174696f6e2e636f6d82112a2e796f75747562656b6964732e636f6d82072a2e79742e6265820b2a2e7974696d672e636f6d821a616e64726f69642e636c69656e74732e676f6f676c652e636f6d820b616e64726f69642e636f6d821b646576656c6f7065722e616e64726f69642e676f6f676c652e636e821c646576656c6f706572732e616e64726f69642e676f6f676c652e636e8204672e636f820867677068742e636e820c676b65636e617070732e636e8206676f6f2e676c8214676f6f676c652d616e616c79746963732e636f6d820a676f6f676c652e636f6d820f676f6f676c65636e617070732e636e8212676f6f676c65636f6d6d657263652e636f6d8218736f757263652e616e64726f69642e676f6f676c652e636e820a75726368696e2e636f6d820a7777772e676f6f2e676c8208796f7574752e6265820b796f75747562652e636f6d8214796f7574756265656475636174696f6e2e636f6d820f796f75747562656b6964732e636f6d820579742e626530210603551d20041a30183008060667810c010202300c060a2b06010401d67902050330330603551d1f042c302a3028a026a0248622687474703a2f2f63726c2e706b692e676f6f672f475453314f31636f72652e63726c30820104060a2b06010401d6790204020481f50481f200f0007700f65c942fd1773022145418083094568ee34d131933bfdf0c2f200bcc4ef164e3000001757037f6230000040300483046022100aac1f73dd8213ad0f7cacfb97830908dd1bf945331fde26b369992cd52731ef1022100bcaa58c50418f910ac3aab1b9f4963c86a8abe79a4ce751ad9489008ae8db433007500eec095ee8d72640f92e3c3b91bc712a3696a097b4b6a1a1438e647b2cbedc5f9000001757037f675000004030046304402203534f394062ad3c22a3ee6b4fc4515824331e758179dbc003d1b30714858e7a802206b2f82038e90b0b1497a50adfa02edabc14c72a68f29ef8beebcdeb3aa79c5f9300d06092a864886f70d01010b05000382010100483bacd4bcba6181eaae86db235942cf84c89dd91ec973525eb46a0582b6fad7ef02124c94521e5d92272a4f87f82a23804adacc08f9da02f7f9b4a25f7d3c819a215b9b8f9308b943b0cd6c9121ecb6f9bd6491c20ec8c149fd171a5c13d17cf6bf1b7cfb2031016637d0daa2ce2f419d498abfdde0eb200c0586068789cbbaea3dd6b9e9e6ba124c6c4e9bf00c5bc79df57f91b849a6a8340883b5d2e1a3b00f86b7c56b34ef740a80ebce142c4973241934a5f257b406e4d2159ae0c27a70a88e8e3036b40611234fa7ece6dff1a5ed0dbc118a361879f0f26b6497cc17b36e2750c92ac0e64db12e5a2ac4142a5ca135ef6ea90f82c20a0eb4b4ed1a31d1"
|
||||||
);
|
);
|
||||||
|
|
||||||
const CLIENT_TRANSCRIPT_HASH: [u8; 32] = [37, 135, 142, 217, 184, 116, 6, 86, 229, 163, 82, 51, 108, 168, 135, 99, 87, 101, 215, 44, 94, 5, 177, 160, 153, 125, 39, 51, 148, 67, 140, 70];
|
const CLIENT_TRANSCRIPT_HASH: [u8; 32] = [
|
||||||
|
5, 239, 110, 246, 212, 104, 147, 254, 10, 254, 220, 186, 72, 150, 231, 253, 175, 122, 37, 139, 210, 236, 93, 228, 182, 78, 233, 143, 251, 57, 188, 36
|
||||||
|
];
|
||||||
|
|
||||||
const CLIENT_PUBLIC_KEY: [u8; 0x010E] =
|
// const CLIENT_PUBLIC_KEY: [u8; 0x010E] =
|
||||||
|
// hex_literal::hex!(
|
||||||
|
// "3082010a0282010100c24c615adad1640c2e39e295c460f2c795370cfb21cca519f9e6baf15645ca0b256ef8f318491baab9dc7196360b393bc35320354887d6cc822cf6e9d2eacc7fecf8d8e73f0f09bf131a5919e9e9c81e2aecf06d55be1720290853d4f1086b3e103d54d2b454d7c32abce433f6115d267bba246f68847463dfd1d6be904eb18d56885565d6fcf8a60386fc73b5450777e00485ae94d22096afc458d7fbd7c469dd861cab7b914715e093c4f1cc399e5a53010c2b65d5cc3d60fccc2cc5d8b3faa5fefaab551f1de1a93a19a15be9adb3a5c96d2e525a9f696174e6e772857e536b462a61c69a87710b74172c4b318f4842e7d27f7b6e0cbf3f983e3564ab80070203010001"
|
||||||
|
// );
|
||||||
|
|
||||||
|
// const CLIENT_SIGNATURE: [u8; 256] =
|
||||||
|
// hex_literal::hex!(
|
||||||
|
// "954ced7ddc8fdccbaeb83ee9b3a26a01c37cc74bfcb82b3b181c28ae06588f763cfc491b6869b74968fd7ae017360d8eeaa5bfb69d9c0e3524f14790422f7ccbc9a609880800c5076d6383865cd47986eff4d379bf554b86963ce4bc4706262f48932fd5fa16e73149c1c960f19f5e8d1a8dc5898a9e2de5c0d79a8a0017349f379d23683eec83a07f01c3b83cb4d0f66ae0672efc9723bed0296a82046232dc533988a253bd2b109074172735bad06b98c3863033d2d11ea2d0efc7a3db52c94d2e452882e87559a0e9036768dbc380189b89323294a03ef229943be3fa17095c5a220386c695cf279bc88ff1b017897cbcb231658937eef82adb9a17479429"
|
||||||
|
// );
|
||||||
|
|
||||||
|
// const CLIENT_PRIVATE_KEY_MOD: &'static [u8] = &[
|
||||||
|
// 0x00, 0xc2, 0x4c, 0x61, 0x5a, 0xda, 0xd1, 0x64, 0x0c, 0x2e, 0x39, 0xe2, 0x95, 0xc4, 0x60, 0xf2, 0xc7, 0x95, 0x37, 0x0c, 0xfb, 0x21, 0xcc, 0xa5, 0x19, 0xf9, 0xe6, 0xba, 0xf1, 0x56, 0x45, 0xca, 0x0b, 0x25, 0x6e, 0xf8, 0xf3, 0x18, 0x49, 0x1b, 0xaa, 0xb9, 0xdc, 0x71, 0x96, 0x36, 0x0b, 0x39, 0x3b, 0xc3, 0x53, 0x20, 0x35, 0x48, 0x87, 0xd6, 0xcc, 0x82, 0x2c, 0xf6, 0xe9, 0xd2, 0xea, 0xcc, 0x7f, 0xec, 0xf8, 0xd8, 0xe7, 0x3f, 0x0f, 0x09, 0xbf, 0x13, 0x1a, 0x59, 0x19, 0xe9, 0xe9, 0xc8, 0x1e, 0x2a, 0xec, 0xf0, 0x6d, 0x55, 0xbe, 0x17, 0x20, 0x29, 0x08, 0x53, 0xd4, 0xf1, 0x08, 0x6b, 0x3e, 0x10, 0x3d, 0x54, 0xd2, 0xb4, 0x54, 0xd7, 0xc3, 0x2a, 0xbc, 0xe4, 0x33, 0xf6, 0x11, 0x5d, 0x26, 0x7b, 0xba, 0x24, 0x6f, 0x68, 0x84, 0x74, 0x63, 0xdf, 0xd1, 0xd6, 0xbe, 0x90, 0x4e, 0xb1, 0x8d, 0x56, 0x88, 0x55, 0x65, 0xd6, 0xfc, 0xf8, 0xa6, 0x03, 0x86, 0xfc, 0x73, 0xb5, 0x45, 0x07, 0x77, 0xe0, 0x04, 0x85, 0xae, 0x94, 0xd2, 0x20, 0x96, 0xaf, 0xc4, 0x58, 0xd7, 0xfb, 0xd7, 0xc4, 0x69, 0xdd, 0x86, 0x1c, 0xab, 0x7b, 0x91, 0x47, 0x15, 0xe0, 0x93, 0xc4, 0xf1, 0xcc, 0x39, 0x9e, 0x5a, 0x53, 0x01, 0x0c, 0x2b, 0x65, 0xd5, 0xcc, 0x3d, 0x60, 0xfc, 0xcc, 0x2c, 0xc5, 0xd8, 0xb3, 0xfa, 0xa5, 0xfe, 0xfa, 0xab, 0x55, 0x1f, 0x1d, 0xe1, 0xa9, 0x3a, 0x19, 0xa1, 0x5b, 0xe9, 0xad, 0xb3, 0xa5, 0xc9, 0x6d, 0x2e, 0x52, 0x5a, 0x9f, 0x69, 0x61, 0x74, 0xe6, 0xe7, 0x72, 0x85, 0x7e, 0x53, 0x6b, 0x46, 0x2a, 0x61, 0xc6, 0x9a, 0x87, 0x71, 0x0b, 0x74, 0x17, 0x2c, 0x4b, 0x31, 0x8f, 0x48, 0x42, 0xe7, 0xd2, 0x7f, 0x7b, 0x6e, 0x0c, 0xbf, 0x3f, 0x98, 0x3e, 0x35, 0x64, 0xab, 0x80, 0x07
|
||||||
|
// ];
|
||||||
|
// const CLIENT_PRIVATE_KEY_EXP: &'static [u8] = &[0x01, 0x00, 0x01];
|
||||||
|
// const CLIENT_PRIVATE_KEY_PMOD: &'static [u8] = &[
|
||||||
|
// 0x61, 0x95, 0x60, 0xf3, 0xf3, 0xa0, 0x64, 0xa2, 0x25, 0x79, 0x57, 0x0e, 0xa7, 0x21, 0x95, 0xed, 0x9d, 0x48, 0x97, 0xd1, 0x6d, 0x49, 0x4d, 0xc6, 0x7d, 0x17, 0x5f, 0xde, 0xa3, 0xd8, 0xcb, 0x3f, 0xcb, 0xde, 0x2f, 0x54, 0x50, 0x67, 0x2f, 0x69, 0x10, 0x8d, 0xe1, 0xd2, 0x72, 0x74, 0x32, 0x9b, 0x8c, 0x5f, 0x2c, 0x76, 0xf6, 0x65, 0x9b, 0x00, 0xfd, 0x84, 0x3d, 0xc2, 0x73, 0xf7, 0x0f, 0x1c, 0x54, 0xd5, 0x2a, 0x83, 0x01, 0xcd, 0xb8, 0xb4, 0x69, 0x90, 0xbb, 0x1d, 0x63, 0xb8, 0xd1, 0x94, 0x2d, 0x34, 0xf1, 0x0f, 0xc8, 0x97, 0x7f, 0x1f, 0xdc, 0xdb, 0xdc, 0xd6, 0xbe, 0xf3, 0xde, 0x80, 0xbe, 0x41, 0x3f, 0x5f, 0xcf, 0xc8, 0x28, 0xd1, 0x51, 0x9e, 0xaa, 0xf2, 0x59, 0xec, 0xa0, 0x9f, 0x1a, 0x57, 0x03, 0xc3, 0x9c, 0x77, 0xa1, 0xc9, 0x23, 0x79, 0x4d, 0x64, 0x4a, 0x2f, 0xeb, 0xc5, 0xd3, 0x38, 0x2c, 0x6d, 0xf6, 0xa6, 0xa9, 0xe7, 0x0a, 0x79, 0x05, 0xfa, 0x2a, 0x85, 0xc5, 0x9d, 0xf4, 0x91, 0xef, 0x34, 0xad, 0xb5, 0x64, 0xc5, 0x75, 0x8a, 0x36, 0x8f, 0x95, 0x25, 0xe9, 0x71, 0x0d, 0xa8, 0xe1, 0xea, 0xc3, 0xb4, 0xaa, 0xe7, 0x54, 0x54, 0xef, 0x72, 0x12, 0xa5, 0x14, 0x27, 0xec, 0x70, 0x12, 0x14, 0xdf, 0x65, 0xb3, 0xf5, 0xbc, 0x91, 0xe1, 0x36, 0x31, 0x1a, 0xdf, 0x7d, 0x58, 0x05, 0xb6, 0xe3, 0x48, 0xf2, 0x42, 0x89, 0x25, 0x29, 0x42, 0x0b, 0x5d, 0x8d, 0x0b, 0x76, 0x28, 0x0f, 0xaf, 0x56, 0x22, 0x94, 0x12, 0x8f, 0x76, 0x91, 0x49, 0xa6, 0xa4, 0xe3, 0x54, 0x17, 0x9e, 0xeb, 0xa6, 0x1b, 0xe5, 0x97, 0xde, 0x4e, 0x29, 0x8d, 0x7d, 0x5c, 0x18, 0x34, 0x29, 0x21, 0xd2, 0x7d, 0x14, 0x0b, 0xa1, 0x49, 0xb5, 0xe0, 0xc6, 0x30, 0x31, 0x80, 0xdc, 0x6a, 0x59, 0xb9
|
||||||
|
// ];
|
||||||
|
// const CLIENT_PRIME_1: &'static [u8] = &[
|
||||||
|
// 0x00, 0xec, 0xe1, 0x6f, 0x5d, 0x7a, 0xed, 0x7b, 0x1a, 0xac, 0xce, 0x02, 0x91, 0xb4, 0x07, 0xcf, 0xc4, 0x2b, 0xcf, 0x2a, 0x37, 0x59, 0x43, 0x46, 0x1a, 0x55, 0xc2, 0x13, 0x89, 0x3c, 0xd5, 0xd6, 0xef, 0xed, 0x12, 0x9f, 0xc3, 0x36, 0x95, 0xd2, 0x6e, 0xf7, 0xca, 0x62, 0x9c, 0x71, 0x3d, 0x78, 0x3a, 0x4c, 0xe2, 0x5d, 0x07, 0x6e, 0x67, 0x53, 0xc3, 0xe7, 0x02, 0x58, 0x34, 0x25, 0xab, 0x67, 0xd4, 0x35, 0x92, 0x26, 0x4a, 0x3f, 0x1b, 0xc4, 0x43, 0xcd, 0x71, 0x3a, 0x8f, 0x9a, 0x2e, 0x44, 0xf6, 0x5a, 0x40, 0xf8, 0x32, 0x11, 0x39, 0xd4, 0x31, 0x35, 0xa1, 0xd7, 0x2d, 0x5d, 0xa5, 0xed, 0x24, 0x53, 0x32, 0xce, 0xb6, 0xb6, 0x12, 0xc6, 0xeb, 0xfd, 0x5b, 0x86, 0x21, 0xf7, 0xaf, 0x2e, 0x29, 0xb0, 0xed, 0x4d, 0x71, 0x3e, 0x82, 0x28, 0x74, 0xd5, 0x64, 0x59, 0xba, 0xa6, 0x59, 0xd7, 0x9b
|
||||||
|
// ];
|
||||||
|
// const CLIENT_PRIME_2: &'static [u8] = &[
|
||||||
|
// 0x00, 0xd1, 0xfb, 0x16, 0x0c, 0xf0, 0xa3, 0x9a, 0x56, 0xdc, 0x3d, 0x82, 0xc6, 0x69, 0xed, 0x1d, 0x6a, 0x6f, 0xf9, 0xf0, 0x27, 0x3f, 0x96, 0x15, 0x39, 0x30, 0x84, 0x93, 0x75, 0x67, 0x31, 0xc9, 0x55, 0x84, 0x14, 0x13, 0x54, 0x39, 0xc1, 0x7c, 0x02, 0x77, 0x2b, 0x56, 0x49, 0x2c, 0xca, 0xe5, 0x16, 0xb5, 0xa1, 0x22, 0x49, 0xd6, 0xfa, 0x96, 0xd7, 0xb8, 0xaf, 0x34, 0xd3, 0x00, 0xc0, 0x42, 0x2f, 0x73, 0x0d, 0xb1, 0xd0, 0xc8, 0x11, 0xc6, 0x16, 0x79, 0xde, 0x83, 0xcd, 0x53, 0x21, 0x9b, 0x58, 0xc5, 0xee, 0x35, 0x55, 0xb6, 0x8f, 0x83, 0xc9, 0x23, 0x15, 0x98, 0xe0, 0xb5, 0x6f, 0x3a, 0x3d, 0x0c, 0x06, 0xa8, 0x32, 0x16, 0x0f, 0xde, 0x66, 0xad, 0x44, 0x76, 0xcd, 0x4a, 0x7a, 0x3d, 0xcb, 0x2c, 0x83, 0x3e, 0xf7, 0x50, 0x94, 0xa2, 0x2b, 0x61, 0xb5, 0xb6, 0x02, 0x01, 0x24, 0x7e, 0x05
|
||||||
|
// ];
|
||||||
|
|
||||||
|
const ECDSA_SECRET_KEY: &'static [u8] = &[
|
||||||
|
0xea, 0x5e, 0x74, 0xf3, 0xc3, 0x67, 0x11, 0x10, 0x00, 0x20, 0x3d, 0xc8, 0x92, 0xcd, 0x7a, 0x8a, 0x08, 0x44, 0x70, 0x9d, 0x1c, 0x3c, 0xab, 0xf0, 0x93, 0x3c, 0x3e, 0x86, 0xf0, 0x0e, 0x7d, 0xcd
|
||||||
|
];
|
||||||
|
|
||||||
|
const ECDSA_CERT: [u8; 0x222] =
|
||||||
hex_literal::hex!(
|
hex_literal::hex!(
|
||||||
"3082010a0282010100c24c615adad1640c2e39e295c460f2c795370cfb21cca519f9e6baf15645ca0b256ef8f318491baab9dc7196360b393bc35320354887d6cc822cf6e9d2eacc7fecf8d8e73f0f09bf131a5919e9e9c81e2aecf06d55be1720290853d4f1086b3e103d54d2b454d7c32abce433f6115d267bba246f68847463dfd1d6be904eb18d56885565d6fcf8a60386fc73b5450777e00485ae94d22096afc458d7fbd7c469dd861cab7b914715e093c4f1cc399e5a53010c2b65d5cc3d60fccc2cc5d8b3faa5fefaab551f1de1a93a19a15be9adb3a5c96d2e525a9f696174e6e772857e536b462a61c69a87710b74172c4b318f4842e7d27f7b6e0cbf3f983e3564ab80070203010001"
|
"3082021e308201c3a00302010202146b18959728cd6e0ea7e3c88fa3c29e2d4cf99c53300a06082a8648ce3d0403023064310b3009060355040613025345310b300906035504080c025256310b300906035504070c024552310b3009060355040a0c024345310b3009060355040b0c025254310b300906035504030c0249463114301206092a864886f70d01090116056963616e74301e170d3230313132303032333731365a170d3231313132303032333731365a3064310b3009060355040613025345310b300906035504080c025256310b300906035504070c024552310b3009060355040a0c024345310b3009060355040b0c025254310b300906035504030c0249463114301206092a864886f70d01090116056963616e743059301306072a8648ce3d020106082a8648ce3d03010703420004742011a6c8a16fe55fa1cad99cf72aed1e18929600d53dd76fd2a0d6a998f1095db1e3acde327d1263d7c43e2be4c836d142c81d8db3126a66c27356a5a0ab40a3533051301d0603551d0e04160414a8fc25f0f59cdf827a1b0cade3dd5b17f109d115301f0603551d23041830168014a8fc25f0f59cdf827a1b0cade3dd5b17f109d115300f0603551d130101ff040530030101ff300a06082a8648ce3d0403020349003046022100a6f72139e2340f026b1bb22a0c9711bcd1dd39cc3e863fb866c6464a5a62eddd022100a19cb4884563818501574bf637e682b7c971d717fa6b00bcb75b9f05eb44e805"
|
||||||
);
|
);
|
||||||
|
|
||||||
const CLIENT_SIGNATURE: [u8; 256] =
|
const ED25519_SECRET_KEY: [u8; 32] =
|
||||||
hex_literal::hex!(
|
hex_literal::hex!(
|
||||||
"954ced7ddc8fdccbaeb83ee9b3a26a01c37cc74bfcb82b3b181c28ae06588f763cfc491b6869b74968fd7ae017360d8eeaa5bfb69d9c0e3524f14790422f7ccbc9a609880800c5076d6383865cd47986eff4d379bf554b86963ce4bc4706262f48932fd5fa16e73149c1c960f19f5e8d1a8dc5898a9e2de5c0d79a8a0017349f379d23683eec83a07f01c3b83cb4d0f66ae0672efc9723bed0296a82046232dc533988a253bd2b109074172735bad06b98c3863033d2d11ea2d0efc7a3db52c94d2e452882e87559a0e9036768dbc380189b89323294a03ef229943be3fa17095c5a220386c695cf279bc88ff1b017897cbcb231658937eef82adb9a17479429"
|
"352e033b544cd58930fd154e1e8cf8711ed18a4f637afabe05521f474f7ffa21"
|
||||||
);
|
);
|
||||||
|
|
||||||
const CLIENT_PRIVATE_KEY_MOD: &'static [u8] = &[
|
const ED25519_CERT: [u8; 0x01c7] = [
|
||||||
0x00, 0xc2, 0x4c, 0x61, 0x5a, 0xda, 0xd1, 0x64, 0x0c, 0x2e, 0x39, 0xe2, 0x95, 0xc4, 0x60, 0xf2, 0xc7, 0x95, 0x37, 0x0c, 0xfb, 0x21, 0xcc, 0xa5, 0x19, 0xf9, 0xe6, 0xba, 0xf1, 0x56, 0x45, 0xca, 0x0b, 0x25, 0x6e, 0xf8, 0xf3, 0x18, 0x49, 0x1b, 0xaa, 0xb9, 0xdc, 0x71, 0x96, 0x36, 0x0b, 0x39, 0x3b, 0xc3, 0x53, 0x20, 0x35, 0x48, 0x87, 0xd6, 0xcc, 0x82, 0x2c, 0xf6, 0xe9, 0xd2, 0xea, 0xcc, 0x7f, 0xec, 0xf8, 0xd8, 0xe7, 0x3f, 0x0f, 0x09, 0xbf, 0x13, 0x1a, 0x59, 0x19, 0xe9, 0xe9, 0xc8, 0x1e, 0x2a, 0xec, 0xf0, 0x6d, 0x55, 0xbe, 0x17, 0x20, 0x29, 0x08, 0x53, 0xd4, 0xf1, 0x08, 0x6b, 0x3e, 0x10, 0x3d, 0x54, 0xd2, 0xb4, 0x54, 0xd7, 0xc3, 0x2a, 0xbc, 0xe4, 0x33, 0xf6, 0x11, 0x5d, 0x26, 0x7b, 0xba, 0x24, 0x6f, 0x68, 0x84, 0x74, 0x63, 0xdf, 0xd1, 0xd6, 0xbe, 0x90, 0x4e, 0xb1, 0x8d, 0x56, 0x88, 0x55, 0x65, 0xd6, 0xfc, 0xf8, 0xa6, 0x03, 0x86, 0xfc, 0x73, 0xb5, 0x45, 0x07, 0x77, 0xe0, 0x04, 0x85, 0xae, 0x94, 0xd2, 0x20, 0x96, 0xaf, 0xc4, 0x58, 0xd7, 0xfb, 0xd7, 0xc4, 0x69, 0xdd, 0x86, 0x1c, 0xab, 0x7b, 0x91, 0x47, 0x15, 0xe0, 0x93, 0xc4, 0xf1, 0xcc, 0x39, 0x9e, 0x5a, 0x53, 0x01, 0x0c, 0x2b, 0x65, 0xd5, 0xcc, 0x3d, 0x60, 0xfc, 0xcc, 0x2c, 0xc5, 0xd8, 0xb3, 0xfa, 0xa5, 0xfe, 0xfa, 0xab, 0x55, 0x1f, 0x1d, 0xe1, 0xa9, 0x3a, 0x19, 0xa1, 0x5b, 0xe9, 0xad, 0xb3, 0xa5, 0xc9, 0x6d, 0x2e, 0x52, 0x5a, 0x9f, 0x69, 0x61, 0x74, 0xe6, 0xe7, 0x72, 0x85, 0x7e, 0x53, 0x6b, 0x46, 0x2a, 0x61, 0xc6, 0x9a, 0x87, 0x71, 0x0b, 0x74, 0x17, 0x2c, 0x4b, 0x31, 0x8f, 0x48, 0x42, 0xe7, 0xd2, 0x7f, 0x7b, 0x6e, 0x0c, 0xbf, 0x3f, 0x98, 0x3e, 0x35, 0x64, 0xab, 0x80, 0x07
|
0x30, 0x82, 0x01, 0xc3, 0x30, 0x82, 0x01, 0x75, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x7d, 0x0d, 0x16, 0xcc, 0x44, 0x3e, 0xd7, 0x1d, 0x67, 0xc6, 0xa3, 0x42, 0x38, 0xd8, 0x38, 0xcd, 0x34, 0xe9, 0x96, 0x28, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x30, 0x57, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x02, 0x49, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x02, 0x4e, 0x54, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x02, 0x43, 0x45, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x04, 0x52, 0x54, 0x49, 0x46, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09, 0x69, 0x63, 0x61, 0x74, 0x65, 0x2e, 0x6e, 0x65, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x30, 0x31, 0x31, 0x32, 0x30, 0x30, 0x34, 0x32, 0x33, 0x34, 0x34, 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x31, 0x31, 0x32, 0x30, 0x30, 0x34, 0x32, 0x33, 0x34, 0x34, 0x5a, 0x30, 0x57, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x02, 0x49, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x02, 0x4e, 0x54, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x02, 0x43, 0x45, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x04, 0x52, 0x54, 0x49, 0x46, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09, 0x69, 0x63, 0x61, 0x74, 0x65, 0x2e, 0x6e, 0x65, 0x74, 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00, 0xdc, 0x3a, 0xe2, 0xdd, 0xf4, 0x06, 0x5e, 0x99, 0x3f, 0x18, 0x4c, 0x35, 0x68, 0x7e, 0xf6, 0x21, 0x3b, 0x20, 0xe4, 0x7e, 0x7f, 0x55, 0x56, 0x2c, 0xa5, 0xcb, 0xfe, 0x2b, 0x33, 0x0a, 0x28, 0xc5, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x63, 0xc3, 0xa0, 0xaf, 0xc6, 0xb6, 0xe4, 0xb3, 0x17, 0x01, 0x65, 0x96, 0x80, 0xfd, 0xf8, 0x24, 0x72, 0xbc, 0xf6, 0x48, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x63, 0xc3, 0xa0, 0xaf, 0xc6, 0xb6, 0xe4, 0xb3, 0x17, 0x01, 0x65, 0x96, 0x80, 0xfd, 0xf8, 0x24, 0x72, 0xbc, 0xf6, 0x48, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x41, 0x00, 0xd8, 0x4f, 0x75, 0x3e, 0x8a, 0x67, 0xec, 0x27, 0x0f, 0xa1, 0xb6, 0xb8, 0x7a, 0x01, 0x69, 0x6b, 0xa8, 0x5f, 0xad, 0xaa, 0x50, 0xc4, 0x6c, 0x7f, 0xe4, 0x7c, 0x1b, 0x61, 0x15, 0xd7, 0xa5, 0xf9, 0x63, 0xf5, 0xc5, 0x2f, 0xb1, 0xa7, 0x96, 0x9a, 0x0d, 0x21, 0x02, 0x50, 0x4f, 0xc6, 0x65, 0xe5, 0x83, 0x4b, 0x49, 0x9c, 0x3f, 0x3a, 0xc2, 0xbd, 0x85, 0xe0, 0x57, 0x44, 0x47, 0x44, 0xe4, 0x0d
|
||||||
];
|
|
||||||
const CLIENT_PRIVATE_KEY_EXP: &'static [u8] = &[0x01, 0x00, 0x01];
|
|
||||||
const CLIENT_PRIVATE_KEY_PMOD: &'static [u8] = &[
|
|
||||||
0x61, 0x95, 0x60, 0xf3, 0xf3, 0xa0, 0x64, 0xa2, 0x25, 0x79, 0x57, 0x0e, 0xa7, 0x21, 0x95, 0xed, 0x9d, 0x48, 0x97, 0xd1, 0x6d, 0x49, 0x4d, 0xc6, 0x7d, 0x17, 0x5f, 0xde, 0xa3, 0xd8, 0xcb, 0x3f, 0xcb, 0xde, 0x2f, 0x54, 0x50, 0x67, 0x2f, 0x69, 0x10, 0x8d, 0xe1, 0xd2, 0x72, 0x74, 0x32, 0x9b, 0x8c, 0x5f, 0x2c, 0x76, 0xf6, 0x65, 0x9b, 0x00, 0xfd, 0x84, 0x3d, 0xc2, 0x73, 0xf7, 0x0f, 0x1c, 0x54, 0xd5, 0x2a, 0x83, 0x01, 0xcd, 0xb8, 0xb4, 0x69, 0x90, 0xbb, 0x1d, 0x63, 0xb8, 0xd1, 0x94, 0x2d, 0x34, 0xf1, 0x0f, 0xc8, 0x97, 0x7f, 0x1f, 0xdc, 0xdb, 0xdc, 0xd6, 0xbe, 0xf3, 0xde, 0x80, 0xbe, 0x41, 0x3f, 0x5f, 0xcf, 0xc8, 0x28, 0xd1, 0x51, 0x9e, 0xaa, 0xf2, 0x59, 0xec, 0xa0, 0x9f, 0x1a, 0x57, 0x03, 0xc3, 0x9c, 0x77, 0xa1, 0xc9, 0x23, 0x79, 0x4d, 0x64, 0x4a, 0x2f, 0xeb, 0xc5, 0xd3, 0x38, 0x2c, 0x6d, 0xf6, 0xa6, 0xa9, 0xe7, 0x0a, 0x79, 0x05, 0xfa, 0x2a, 0x85, 0xc5, 0x9d, 0xf4, 0x91, 0xef, 0x34, 0xad, 0xb5, 0x64, 0xc5, 0x75, 0x8a, 0x36, 0x8f, 0x95, 0x25, 0xe9, 0x71, 0x0d, 0xa8, 0xe1, 0xea, 0xc3, 0xb4, 0xaa, 0xe7, 0x54, 0x54, 0xef, 0x72, 0x12, 0xa5, 0x14, 0x27, 0xec, 0x70, 0x12, 0x14, 0xdf, 0x65, 0xb3, 0xf5, 0xbc, 0x91, 0xe1, 0x36, 0x31, 0x1a, 0xdf, 0x7d, 0x58, 0x05, 0xb6, 0xe3, 0x48, 0xf2, 0x42, 0x89, 0x25, 0x29, 0x42, 0x0b, 0x5d, 0x8d, 0x0b, 0x76, 0x28, 0x0f, 0xaf, 0x56, 0x22, 0x94, 0x12, 0x8f, 0x76, 0x91, 0x49, 0xa6, 0xa4, 0xe3, 0x54, 0x17, 0x9e, 0xeb, 0xa6, 0x1b, 0xe5, 0x97, 0xde, 0x4e, 0x29, 0x8d, 0x7d, 0x5c, 0x18, 0x34, 0x29, 0x21, 0xd2, 0x7d, 0x14, 0x0b, 0xa1, 0x49, 0xb5, 0xe0, 0xc6, 0x30, 0x31, 0x80, 0xdc, 0x6a, 0x59, 0xb9
|
|
||||||
];
|
|
||||||
const CLIENT_PRIME_1: &'static [u8] = &[
|
|
||||||
0x00, 0xec, 0xe1, 0x6f, 0x5d, 0x7a, 0xed, 0x7b, 0x1a, 0xac, 0xce, 0x02, 0x91, 0xb4, 0x07, 0xcf, 0xc4, 0x2b, 0xcf, 0x2a, 0x37, 0x59, 0x43, 0x46, 0x1a, 0x55, 0xc2, 0x13, 0x89, 0x3c, 0xd5, 0xd6, 0xef, 0xed, 0x12, 0x9f, 0xc3, 0x36, 0x95, 0xd2, 0x6e, 0xf7, 0xca, 0x62, 0x9c, 0x71, 0x3d, 0x78, 0x3a, 0x4c, 0xe2, 0x5d, 0x07, 0x6e, 0x67, 0x53, 0xc3, 0xe7, 0x02, 0x58, 0x34, 0x25, 0xab, 0x67, 0xd4, 0x35, 0x92, 0x26, 0x4a, 0x3f, 0x1b, 0xc4, 0x43, 0xcd, 0x71, 0x3a, 0x8f, 0x9a, 0x2e, 0x44, 0xf6, 0x5a, 0x40, 0xf8, 0x32, 0x11, 0x39, 0xd4, 0x31, 0x35, 0xa1, 0xd7, 0x2d, 0x5d, 0xa5, 0xed, 0x24, 0x53, 0x32, 0xce, 0xb6, 0xb6, 0x12, 0xc6, 0xeb, 0xfd, 0x5b, 0x86, 0x21, 0xf7, 0xaf, 0x2e, 0x29, 0xb0, 0xed, 0x4d, 0x71, 0x3e, 0x82, 0x28, 0x74, 0xd5, 0x64, 0x59, 0xba, 0xa6, 0x59, 0xd7, 0x9b
|
|
||||||
];
|
|
||||||
const CLIENT_PRIME_2: &'static [u8] = &[
|
|
||||||
0x00, 0xd1, 0xfb, 0x16, 0x0c, 0xf0, 0xa3, 0x9a, 0x56, 0xdc, 0x3d, 0x82, 0xc6, 0x69, 0xed, 0x1d, 0x6a, 0x6f, 0xf9, 0xf0, 0x27, 0x3f, 0x96, 0x15, 0x39, 0x30, 0x84, 0x93, 0x75, 0x67, 0x31, 0xc9, 0x55, 0x84, 0x14, 0x13, 0x54, 0x39, 0xc1, 0x7c, 0x02, 0x77, 0x2b, 0x56, 0x49, 0x2c, 0xca, 0xe5, 0x16, 0xb5, 0xa1, 0x22, 0x49, 0xd6, 0xfa, 0x96, 0xd7, 0xb8, 0xaf, 0x34, 0xd3, 0x00, 0xc0, 0x42, 0x2f, 0x73, 0x0d, 0xb1, 0xd0, 0xc8, 0x11, 0xc6, 0x16, 0x79, 0xde, 0x83, 0xcd, 0x53, 0x21, 0x9b, 0x58, 0xc5, 0xee, 0x35, 0x55, 0xb6, 0x8f, 0x83, 0xc9, 0x23, 0x15, 0x98, 0xe0, 0xb5, 0x6f, 0x3a, 0x3d, 0x0c, 0x06, 0xa8, 0x32, 0x16, 0x0f, 0xde, 0x66, 0xad, 0x44, 0x76, 0xcd, 0x4a, 0x7a, 0x3d, 0xcb, 0x2c, 0x83, 0x3e, 0xf7, 0x50, 0x94, 0xa2, 0x2b, 0x61, 0xb5, 0xb6, 0x02, 0x01, 0x24, 0x7e, 0x05
|
|
||||||
];
|
];
|
||||||
|
|
||||||
|
const ED25519_SERVER_CERT: [u8; 0x1eb] =
|
||||||
|
hex_literal::hex!(
|
||||||
|
"308201e730820199a0030201020214177072ca219b9b453f4cd2095142ef88569022ac300506032b65703069310b3009060355040613025345310b300906035504080c025256310b300906035504070c024552310d300b060355040a0c04434552543110300e060355040b0c0749464943415445311f301d06035504030c1678656432353531392e746573742e636572742e70656d301e170d3230313132303034333330385a170d3231313132303034333330385a3069310b3009060355040613025345310b300906035504080c025256310b300906035504070c024552310d300b060355040a0c04434552543110300e060355040b0c0749464943415445311f301d06035504030c1678656432353531392e746573742e636572742e70656d302a300506032b65700321005cc3542eceecf9379348f5c4e18aa29b6e92547b0e35730857c1ce8508a043e0a3533051301d0603551d0e04160414c8bbbe74e4e3a76d757f31696518ced30cabc474301f0603551d23041830168014c8bbbe74e4e3a76d757f31696518ced30cabc474300f0603551d130101ff040530030101ff300506032b6570034100312c6935aab53c87cef4505a2051c5b86d6e11539fffc51d2e9c7807db626186f22f13eca0a5cf7f3e41e40e07b14a11ed39ba04af80adcaf69a7444ae8f1304"
|
||||||
|
);
|
||||||
|
|
||||||
|
const ED25519_SERVER_PUBLIC_KEY: [u8; 32] =
|
||||||
|
hex_literal::hex!(
|
||||||
|
"5cc3542eceecf9379348f5c4e18aa29b6e92547b0e35730857c1ce8508a043e0"
|
||||||
|
);
|
||||||
|
|
||||||
|
const ED25519_SIGNATURE: [u8; 64] =
|
||||||
|
hex_literal::hex!(
|
||||||
|
"e9988fcc188fbe85a66929634badb47c5b765c3c6087a7e44b41efda1fdcd0baf67ded6159a5af6d396ca59439de8907160fc729a42ed50e69a3f54abe6dad0c"
|
||||||
|
);
|
||||||
|
@ -7,10 +7,8 @@ use nom::combinator::opt;
|
|||||||
use nom::sequence::preceded;
|
use nom::sequence::preceded;
|
||||||
use nom::sequence::tuple;
|
use nom::sequence::tuple;
|
||||||
use nom::error::ErrorKind;
|
use nom::error::ErrorKind;
|
||||||
use nom::character::complete::digit0;
|
|
||||||
use nom::character::is_digit;
|
|
||||||
|
|
||||||
use chrono::{DateTime, FixedOffset, TimeZone};
|
use chrono::{DateTime, FixedOffset};
|
||||||
use heapless::{String, consts::*};
|
use heapless::{String, consts::*};
|
||||||
|
|
||||||
use byteorder::{ByteOrder, NetworkEndian};
|
use byteorder::{ByteOrder, NetworkEndian};
|
||||||
@ -21,7 +19,6 @@ use crate::certificate::{
|
|||||||
Certificate as Asn1DerCertificate,
|
Certificate as Asn1DerCertificate,
|
||||||
Version as Asn1DerVersion,
|
Version as Asn1DerVersion,
|
||||||
AlgorithmIdentifier as Asn1DerAlgId,
|
AlgorithmIdentifier as Asn1DerAlgId,
|
||||||
Time as Asn1DerTime,
|
|
||||||
Validity as Asn1DerValidity,
|
Validity as Asn1DerValidity,
|
||||||
SubjectPublicKeyInfo as Asn1DerSubjectPublicKeyInfo,
|
SubjectPublicKeyInfo as Asn1DerSubjectPublicKeyInfo,
|
||||||
Extensions as Asn1DerExtensions,
|
Extensions as Asn1DerExtensions,
|
||||||
@ -71,7 +68,7 @@ pub(crate) fn parse_tls_repr(bytes: &[u8]) -> IResult<&[u8], (&[u8], TlsRepr)> {
|
|||||||
use crate::tls_packet::TlsContentType::*;
|
use crate::tls_packet::TlsContentType::*;
|
||||||
match repr.content_type {
|
match repr.content_type {
|
||||||
Handshake => {
|
Handshake => {
|
||||||
let (rest, handshake) = complete(
|
let (_, handshake) = complete(
|
||||||
parse_handshake
|
parse_handshake
|
||||||
)(bytes)?;
|
)(bytes)?;
|
||||||
repr.handshake = Some(handshake);
|
repr.handshake = Some(handshake);
|
||||||
|
@ -512,7 +512,7 @@ impl<'a> Session<'a> {
|
|||||||
// Determine the supplied client certificate indeed has an
|
// Determine the supplied client certificate indeed has an
|
||||||
// acceptable signature algorithm
|
// acceptable signature algorithm
|
||||||
let mut private_key_algorithm_acceptable = false;
|
let mut private_key_algorithm_acceptable = false;
|
||||||
if let Some((private_key, cert)) = &self.cert_private_key {
|
if let Some((private_key, _cert)) = &self.cert_private_key {
|
||||||
if let CertificatePrivateKey::RSA {..} = private_key {
|
if let CertificatePrivateKey::RSA {..} = private_key {
|
||||||
for sig_alg in signature_algorithms.iter() {
|
for sig_alg in signature_algorithms.iter() {
|
||||||
use crate::tls_packet::SignatureScheme::*;
|
use crate::tls_packet::SignatureScheme::*;
|
||||||
@ -1412,6 +1412,7 @@ impl<'a> Session<'a> {
|
|||||||
self.server_application_nonce.as_ref().unwrap(),
|
self.server_application_nonce.as_ref().unwrap(),
|
||||||
self.server_application_cipher.as_ref().unwrap()
|
self.server_application_cipher.as_ref().unwrap()
|
||||||
)},
|
)},
|
||||||
|
TlsRole::Unknown => unreachable!()
|
||||||
};
|
};
|
||||||
|
|
||||||
// Calculate XOR'ed nonce
|
// Calculate XOR'ed nonce
|
||||||
@ -1443,6 +1444,7 @@ impl<'a> Session<'a> {
|
|||||||
self.server_handshake_nonce.as_ref().unwrap(),
|
self.server_handshake_nonce.as_ref().unwrap(),
|
||||||
self.server_handshake_cipher.as_ref().unwrap()
|
self.server_handshake_cipher.as_ref().unwrap()
|
||||||
)},
|
)},
|
||||||
|
TlsRole::Unknown => unreachable!()
|
||||||
};
|
};
|
||||||
|
|
||||||
// Calculate XOR'ed nonce
|
// Calculate XOR'ed nonce
|
||||||
@ -1474,6 +1476,7 @@ impl<'a> Session<'a> {
|
|||||||
self.server_handshake_nonce.as_ref().unwrap(),
|
self.server_handshake_nonce.as_ref().unwrap(),
|
||||||
self.server_handshake_cipher.as_ref().unwrap()
|
self.server_handshake_cipher.as_ref().unwrap()
|
||||||
)},
|
)},
|
||||||
|
TlsRole::Unknown => unreachable!()
|
||||||
};
|
};
|
||||||
|
|
||||||
// Calculate XOR'ed nonce
|
// Calculate XOR'ed nonce
|
||||||
@ -1508,6 +1511,7 @@ impl<'a> Session<'a> {
|
|||||||
self.client_application_nonce.as_ref().unwrap(),
|
self.client_application_nonce.as_ref().unwrap(),
|
||||||
self.client_application_cipher.as_ref().unwrap()
|
self.client_application_cipher.as_ref().unwrap()
|
||||||
)},
|
)},
|
||||||
|
TlsRole::Unknown => unreachable!()
|
||||||
};
|
};
|
||||||
|
|
||||||
// Calculate XOR'ed nonce
|
// Calculate XOR'ed nonce
|
||||||
@ -1545,6 +1549,7 @@ impl<'a> Session<'a> {
|
|||||||
self.server_handshake_nonce.as_ref().unwrap(),
|
self.server_handshake_nonce.as_ref().unwrap(),
|
||||||
self.server_handshake_cipher.as_ref().unwrap()
|
self.server_handshake_cipher.as_ref().unwrap()
|
||||||
)},
|
)},
|
||||||
|
TlsRole::Unknown => unreachable!()
|
||||||
};
|
};
|
||||||
|
|
||||||
// Calculate XOR'ed nonce
|
// Calculate XOR'ed nonce
|
||||||
@ -1579,6 +1584,7 @@ impl<'a> Session<'a> {
|
|||||||
self.server_handshake_nonce.as_ref().unwrap(),
|
self.server_handshake_nonce.as_ref().unwrap(),
|
||||||
self.server_handshake_cipher.as_ref().unwrap()
|
self.server_handshake_cipher.as_ref().unwrap()
|
||||||
)},
|
)},
|
||||||
|
TlsRole::Unknown => unreachable!()
|
||||||
};
|
};
|
||||||
|
|
||||||
// Calculate XOR'ed nonce
|
// Calculate XOR'ed nonce
|
||||||
@ -1606,12 +1612,21 @@ impl<'a> Session<'a> {
|
|||||||
pub(crate) fn increment_server_sequence_number(&mut self) {
|
pub(crate) fn increment_server_sequence_number(&mut self) {
|
||||||
self.server_sequence_number += 1;
|
self.server_sequence_number += 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub(crate) fn get_session_role(&self) -> TlsRole {
|
||||||
|
self.role
|
||||||
|
}
|
||||||
|
|
||||||
|
pub(crate) fn becomes_client(&mut self) {
|
||||||
|
self.role = TlsRole::Client;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Debug, PartialEq, Eq, Clone, Copy)]
|
#[derive(Debug, PartialEq, Eq, Clone, Copy)]
|
||||||
pub(crate) enum TlsRole {
|
pub(crate) enum TlsRole {
|
||||||
Client,
|
Client,
|
||||||
Server,
|
Server,
|
||||||
|
Unknown,
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Debug, Clone)]
|
#[derive(Debug, Clone)]
|
||||||
@ -1814,6 +1829,7 @@ impl Cipher {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[allow(non_camel_case_types)]
|
||||||
#[derive(Debug, Clone)]
|
#[derive(Debug, Clone)]
|
||||||
pub enum CertificatePublicKey {
|
pub enum CertificatePublicKey {
|
||||||
RSA {
|
RSA {
|
||||||
@ -1853,6 +1869,7 @@ impl CertificatePublicKey {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[allow(non_camel_case_types)]
|
||||||
pub enum CertificatePrivateKey {
|
pub enum CertificatePrivateKey {
|
||||||
RSA {
|
RSA {
|
||||||
cert_rsa_private_key: rsa::RSAPrivateKey
|
cert_rsa_private_key: rsa::RSAPrivateKey
|
||||||
|
82
src/set.rs
Normal file
82
src/set.rs
Normal file
@ -0,0 +1,82 @@
|
|||||||
|
use smoltcp as net;
|
||||||
|
|
||||||
|
use managed::ManagedSlice;
|
||||||
|
use crate::tls::TlsSocket;
|
||||||
|
use net::socket::SocketSetItem;
|
||||||
|
use net::socket::SocketSet;
|
||||||
|
use net::socket::SocketHandle;
|
||||||
|
use net::socket::Socket;
|
||||||
|
use net::socket::TcpSocket;
|
||||||
|
use net::socket::AnySocket;
|
||||||
|
use net::socket::SocketRef;
|
||||||
|
use net::iface::EthernetInterface;
|
||||||
|
use net::time::Instant;
|
||||||
|
use net::phy::Device;
|
||||||
|
|
||||||
|
use core::convert::From;
|
||||||
|
use core::cell::RefCell;
|
||||||
|
|
||||||
|
use alloc::vec::Vec;
|
||||||
|
|
||||||
|
pub struct TlsSocketSet<'a> {
|
||||||
|
tls_sockets: ManagedSlice<'a, Option<TlsSocket<'a>>>
|
||||||
|
}
|
||||||
|
|
||||||
|
#[derive(Clone, Copy, Debug)]
|
||||||
|
pub struct TlsSocketHandle(usize);
|
||||||
|
|
||||||
|
impl<'a> TlsSocketSet<'a> {
|
||||||
|
pub fn new<T>(tls_sockets: T) -> Self
|
||||||
|
where
|
||||||
|
T: Into<ManagedSlice<'a, Option<TlsSocket<'a>>>>
|
||||||
|
{
|
||||||
|
Self {
|
||||||
|
tls_sockets: tls_sockets.into()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn add(&mut self, socket: TlsSocket<'a>) -> TlsSocketHandle
|
||||||
|
{
|
||||||
|
for (index, slot) in self.tls_sockets.iter_mut().enumerate() {
|
||||||
|
if slot.is_none() {
|
||||||
|
*slot = Some(socket);
|
||||||
|
return TlsSocketHandle(index);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
match self.tls_sockets {
|
||||||
|
ManagedSlice::Borrowed(_) => {
|
||||||
|
panic!("adding a socket to a full array")
|
||||||
|
}
|
||||||
|
|
||||||
|
ManagedSlice::Owned(ref mut sockets) => {
|
||||||
|
sockets.push(Some(socket));
|
||||||
|
let index = sockets.len() - 1;
|
||||||
|
return TlsSocketHandle(index);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn get(&mut self, handle: TlsSocketHandle) -> &mut TlsSocket<'a> {
|
||||||
|
self.tls_sockets[handle.0].as_mut().unwrap()
|
||||||
|
}
|
||||||
|
|
||||||
|
pub(crate) fn polled_by(
|
||||||
|
&mut self,
|
||||||
|
sockets: &mut SocketSet
|
||||||
|
) -> smoltcp::Result<bool>
|
||||||
|
{
|
||||||
|
for socket in self.tls_sockets.iter_mut() {
|
||||||
|
if socket.is_some() {
|
||||||
|
log::info!("Found TLS");
|
||||||
|
socket.as_mut()
|
||||||
|
.unwrap()
|
||||||
|
.update_handshake(sockets)?;
|
||||||
|
log::info!("Updated TLS");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
Ok(true)
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
121
src/tls.rs
121
src/tls.rs
@ -3,6 +3,7 @@ use smoltcp::socket::TcpState;
|
|||||||
use smoltcp::socket::SocketHandle;
|
use smoltcp::socket::SocketHandle;
|
||||||
use smoltcp::socket::SocketSet;
|
use smoltcp::socket::SocketSet;
|
||||||
use smoltcp::socket::TcpSocketBuffer;
|
use smoltcp::socket::TcpSocketBuffer;
|
||||||
|
use smoltcp::socket::SocketRef;
|
||||||
use smoltcp::wire::IpEndpoint;
|
use smoltcp::wire::IpEndpoint;
|
||||||
use smoltcp::Result;
|
use smoltcp::Result;
|
||||||
use smoltcp::Error;
|
use smoltcp::Error;
|
||||||
@ -20,7 +21,6 @@ use core::cell::RefCell;
|
|||||||
use rand_core::{RngCore, CryptoRng};
|
use rand_core::{RngCore, CryptoRng};
|
||||||
use p256::{EncodedPoint, ecdh::EphemeralSecret};
|
use p256::{EncodedPoint, ecdh::EphemeralSecret};
|
||||||
use ccm::consts::*;
|
use ccm::consts::*;
|
||||||
use aes_gcm::AeadInPlace;
|
|
||||||
|
|
||||||
use nom::bytes::complete::take;
|
use nom::bytes::complete::take;
|
||||||
use nom::error::ErrorKind;
|
use nom::error::ErrorKind;
|
||||||
@ -52,20 +52,19 @@ pub(crate) enum TlsState {
|
|||||||
CONNECTED,
|
CONNECTED,
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: Group up all session_specific parameters into a separate structure
|
pub struct TlsSocket<'s>
|
||||||
pub struct TlsSocket<'s, R: RngCore + CryptoRng>
|
|
||||||
{
|
{
|
||||||
tcp_handle: SocketHandle,
|
tcp_handle: SocketHandle,
|
||||||
rng: R,
|
rng: &'s mut dyn crate::TlsRng,
|
||||||
session: RefCell<Session<'s>>,
|
session: RefCell<Session<'s>>,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
|
impl<'s> TlsSocket<'s> {
|
||||||
pub fn new<'a, 'b, 'c>(
|
pub fn new<'a, 'b, 'c>(
|
||||||
sockets: &mut SocketSet<'a, 'b, 'c>,
|
sockets: &mut SocketSet<'a, 'b, 'c>,
|
||||||
rx_buffer: TcpSocketBuffer<'b>,
|
rx_buffer: TcpSocketBuffer<'b>,
|
||||||
tx_buffer: TcpSocketBuffer<'b>,
|
tx_buffer: TcpSocketBuffer<'b>,
|
||||||
rng: R,
|
rng: &'s mut dyn crate::TlsRng,
|
||||||
certificate_with_key: Option<(
|
certificate_with_key: Option<(
|
||||||
crate::session::CertificatePrivateKey,
|
crate::session::CertificatePrivateKey,
|
||||||
Vec<&'s [u8]>
|
Vec<&'s [u8]>
|
||||||
@ -76,6 +75,23 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
|
|||||||
{
|
{
|
||||||
let tcp_socket = TcpSocket::new(rx_buffer, tx_buffer);
|
let tcp_socket = TcpSocket::new(rx_buffer, tx_buffer);
|
||||||
let tcp_handle = sockets.add(tcp_socket);
|
let tcp_handle = sockets.add(tcp_socket);
|
||||||
|
TlsSocket {
|
||||||
|
tcp_handle,
|
||||||
|
rng,
|
||||||
|
session: RefCell::new(
|
||||||
|
Session::new(TlsRole::Unknown, certificate_with_key)
|
||||||
|
),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn from_tcp_handle(
|
||||||
|
tcp_handle: SocketHandle,
|
||||||
|
rng: &'s mut dyn crate::TlsRng,
|
||||||
|
certificate_with_key: Option<(
|
||||||
|
crate::session::CertificatePrivateKey,
|
||||||
|
Vec<&'s [u8]>
|
||||||
|
)>
|
||||||
|
) -> Self {
|
||||||
TlsSocket {
|
TlsSocket {
|
||||||
tcp_handle,
|
tcp_handle,
|
||||||
rng,
|
rng,
|
||||||
@ -85,7 +101,7 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn tcp_connect<T, U>(
|
pub fn connect<T, U>(
|
||||||
&mut self,
|
&mut self,
|
||||||
sockets: &mut SocketSet,
|
sockets: &mut SocketSet,
|
||||||
remote_endpoint: T,
|
remote_endpoint: T,
|
||||||
@ -95,32 +111,33 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
|
|||||||
T: Into<IpEndpoint>,
|
T: Into<IpEndpoint>,
|
||||||
U: Into<IpEndpoint>,
|
U: Into<IpEndpoint>,
|
||||||
{
|
{
|
||||||
|
// Start TCP handshake
|
||||||
let mut tcp_socket = sockets.get::<TcpSocket>(self.tcp_handle);
|
let mut tcp_socket = sockets.get::<TcpSocket>(self.tcp_handle);
|
||||||
if tcp_socket.state() == TcpState::Established {
|
tcp_socket.connect(remote_endpoint, local_endpoint)?;
|
||||||
|
|
||||||
|
// Permit TLS handshake as well
|
||||||
|
let mut session = self.session.borrow_mut();
|
||||||
|
session.becomes_client();
|
||||||
Ok(())
|
Ok(())
|
||||||
} else {
|
|
||||||
tcp_socket.connect(remote_endpoint, local_endpoint)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn tls_connect<DeviceT>(
|
pub fn update_handshake(&mut self, sockets: &mut SocketSet) -> Result<bool> {
|
||||||
&mut self,
|
// Check TCP socket
|
||||||
iface: &mut EthernetInterface<DeviceT>,
|
|
||||||
sockets: &mut SocketSet,
|
|
||||||
now: Instant
|
|
||||||
) -> Result<bool>
|
|
||||||
where
|
|
||||||
DeviceT: for<'d> Device<'d>
|
|
||||||
{
|
|
||||||
// Check tcp_socket connectivity
|
|
||||||
{
|
{
|
||||||
let mut tcp_socket = sockets.get::<TcpSocket>(self.tcp_handle);
|
let mut tcp_socket = sockets.get::<TcpSocket>(self.tcp_handle);
|
||||||
tcp_socket.set_keep_alive(Some(smoltcp::time::Duration::from_millis(1000)));
|
tcp_socket.set_keep_alive(Some(smoltcp::time::Duration::from_millis(1000)));
|
||||||
if tcp_socket.state() != TcpState::Established {
|
if tcp_socket.state() != TcpState::Established {
|
||||||
|
log::info!("TCP not established");
|
||||||
return Ok(false);
|
return Ok(false);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
// Check TLS session state
|
||||||
|
{
|
||||||
|
let role = self.session.borrow().get_session_role();
|
||||||
|
if role != crate::session::TlsRole::Client {
|
||||||
|
return Ok(true);
|
||||||
|
}
|
||||||
|
}
|
||||||
// Handle TLS handshake through TLS states
|
// Handle TLS handshake through TLS states
|
||||||
let tls_state = {
|
let tls_state = {
|
||||||
self.session.borrow().get_tls_state()
|
self.session.borrow().get_tls_state()
|
||||||
@ -193,19 +210,17 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
|
|||||||
self.session.borrow().need_to_send_client_certificate()
|
self.session.borrow().need_to_send_client_certificate()
|
||||||
};
|
};
|
||||||
if need_to_send_client_cert {
|
if need_to_send_client_cert {
|
||||||
let (certificates_total_length, mut buffer_vec) = {
|
let (certificates_total_length, buffer_vec) = {
|
||||||
let mut session = self.session.borrow_mut();
|
let session = self.session.borrow();
|
||||||
let mut buffer_vec: Vec<u8> = Vec::new();
|
let mut buffer_vec: Vec<u8> = Vec::new();
|
||||||
let certificates = session
|
let certificates = session
|
||||||
.get_private_certificate_slices()
|
.get_private_certificate_slices()
|
||||||
.clone();
|
.clone();
|
||||||
|
|
||||||
// Handshake level, client certificate byte followed by length (u24)
|
// Handshake level, client certificate byte followed by length (u24)
|
||||||
let mut handshake_header: [u8; 4] = [11, 0, 0, 0];
|
|
||||||
// Certificate struct:
|
// Certificate struct:
|
||||||
// request_context = X509: 0 (u8),
|
// request_context = X509: 0 (u8),
|
||||||
// certificate_list to be determined (u24)
|
// certificate_list to be determined (u24)
|
||||||
let mut certificate_header: [u8; 4] = [0, 0, 0, 0];
|
|
||||||
let mut certificates_total_length: u32 = 0;
|
let mut certificates_total_length: u32 = 0;
|
||||||
|
|
||||||
// Append place holder bytes (8 of them) in the buffer vector
|
// Append place holder bytes (8 of them) in the buffer vector
|
||||||
@ -229,10 +244,9 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
|
|||||||
);
|
);
|
||||||
|
|
||||||
// Update length in Certificate struct
|
// Update length in Certificate struct
|
||||||
certificates_total_length += (
|
certificates_total_length +=
|
||||||
// cert_data (len & data) AND extension (len & data)
|
// cert_data (len & data) AND extension (len & data)
|
||||||
3 + certificate_length + 2 + 0
|
3 + certificate_length + 2 + 0;
|
||||||
);
|
|
||||||
|
|
||||||
buffer_vec.extend_from_slice(&cert_data_length);
|
buffer_vec.extend_from_slice(&cert_data_length);
|
||||||
buffer_vec.extend_from_slice(cert);
|
buffer_vec.extend_from_slice(cert);
|
||||||
@ -347,11 +361,11 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
|
|||||||
.client_update_for_server_connected(&inner_plaintext[..(inner_plaintext_length-1)]);
|
.client_update_for_server_connected(&inner_plaintext[..(inner_plaintext_length-1)]);
|
||||||
}
|
}
|
||||||
|
|
||||||
_ => todo!()
|
// There is no need to care about handshake if it was completed
|
||||||
|
TlsState::CONNECTED => {
|
||||||
|
return Ok(true);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Poll the network interface
|
|
||||||
iface.poll(sockets, now);
|
|
||||||
|
|
||||||
// Read for TLS packet
|
// Read for TLS packet
|
||||||
// Proposition: Decouple all data from TLS record layer before processing
|
// Proposition: Decouple all data from TLS record layer before processing
|
||||||
@ -731,7 +745,6 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
|
|||||||
// Verify that the signature is indeed correct
|
// Verify that the signature is indeed correct
|
||||||
TlsState::WAIT_CV => {
|
TlsState::WAIT_CV => {
|
||||||
// Ensure that it is CertificateVerify
|
// Ensure that it is CertificateVerify
|
||||||
log::info!("Got certificate verify");
|
|
||||||
let might_be_cert_verify = repr.handshake.take().unwrap();
|
let might_be_cert_verify = repr.handshake.take().unwrap();
|
||||||
if might_be_cert_verify.get_msg_type() != HandshakeType::CertificateVerify {
|
if might_be_cert_verify.get_msg_type() != HandshakeType::CertificateVerify {
|
||||||
// Process the other handshakes in "handshake_vec"
|
// Process the other handshakes in "handshake_vec"
|
||||||
@ -745,11 +758,9 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
|
|||||||
might_be_cert_verify.length + 4
|
might_be_cert_verify.length + 4
|
||||||
)(handshake_slice)
|
)(handshake_slice)
|
||||||
.map_err(|_| Error::Unrecognized)?;
|
.map_err(|_| Error::Unrecognized)?;
|
||||||
log::info!("about to verify");
|
|
||||||
|
|
||||||
// Perform verification, update TLS state if successful
|
// Perform verification, update TLS state if successful
|
||||||
let (sig_alg, signature) = might_be_cert_verify.get_signature().unwrap();
|
let (sig_alg, signature) = might_be_cert_verify.get_signature().unwrap();
|
||||||
log::info!("Got signature");
|
|
||||||
{
|
{
|
||||||
self.session.borrow_mut()
|
self.session.borrow_mut()
|
||||||
.client_update_for_wait_cv(
|
.client_update_for_wait_cv(
|
||||||
@ -772,7 +783,7 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
|
|||||||
|
|
||||||
// Take out the portion for server Finished
|
// Take out the portion for server Finished
|
||||||
// Length of handshake header is 4
|
// Length of handshake header is 4
|
||||||
let (handshake_slice, server_finished_slice) =
|
let (_handshake_slice, server_finished_slice) =
|
||||||
take::<_, _, (&[u8], ErrorKind)>(
|
take::<_, _, (&[u8], ErrorKind)>(
|
||||||
might_be_server_finished.length + 4
|
might_be_server_finished.length + 4
|
||||||
)(handshake_slice)
|
)(handshake_slice)
|
||||||
@ -793,31 +804,6 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
|
|||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
// Generic inner send method, through TCP socket
|
|
||||||
fn send_tls_repr(&self, sockets: &mut SocketSet, tls_repr: TlsRepr) -> Result<()> {
|
|
||||||
let mut tcp_socket = sockets.get::<TcpSocket>(self.tcp_handle);
|
|
||||||
if !tcp_socket.can_send() {
|
|
||||||
return Err(Error::Illegal);
|
|
||||||
}
|
|
||||||
let mut array = [0; 2048];
|
|
||||||
let mut buffer = TlsBuffer::new(&mut array);
|
|
||||||
buffer.enqueue_tls_repr(tls_repr)?;
|
|
||||||
let buffer_size = buffer.get_size();
|
|
||||||
|
|
||||||
// Force send to return if send is unsuccessful
|
|
||||||
// Only update sequence number if the send is successful
|
|
||||||
tcp_socket.send_slice(buffer.into())
|
|
||||||
.and_then(
|
|
||||||
|size| if size == buffer_size {
|
|
||||||
Ok(())
|
|
||||||
} else {
|
|
||||||
Err(Error::Truncated)
|
|
||||||
}
|
|
||||||
)?;
|
|
||||||
self.session.borrow_mut().increment_client_sequence_number();
|
|
||||||
Ok(())
|
|
||||||
}
|
|
||||||
|
|
||||||
// Generic inner send method for buffer IO, through TCP socket
|
// Generic inner send method for buffer IO, through TCP socket
|
||||||
// Usage: Push a slice representation of ONE TLS packet
|
// Usage: Push a slice representation of ONE TLS packet
|
||||||
// This function will only increment sequence number by 1
|
// This function will only increment sequence number by 1
|
||||||
@ -940,12 +926,16 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
|
|||||||
(record_length + 5),
|
(record_length + 5),
|
||||||
(
|
(
|
||||||
(record_length + 5),
|
(record_length + 5),
|
||||||
provided_data_capacity < (record_length + 5)
|
provided_data_capacity >= (record_length + 5)
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
)?;
|
)?;
|
||||||
|
|
||||||
|
if !acceptable {
|
||||||
|
return Ok(0);
|
||||||
|
}
|
||||||
|
|
||||||
// let recv_slice_size = tcp_socket.recv_slice(data)?;
|
// let recv_slice_size = tcp_socket.recv_slice(data)?;
|
||||||
|
|
||||||
// Encrypted data need a TLS record wrapper (5 bytes)
|
// Encrypted data need a TLS record wrapper (5 bytes)
|
||||||
@ -1038,4 +1028,9 @@ impl<'s, R: RngCore + CryptoRng> TlsSocket<'s, R> {
|
|||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub fn get_tcp_handle(&self) -> SocketHandle {
|
||||||
|
self.tcp_handle
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -76,14 +76,6 @@ impl<'a> TlsRepr<'a> {
|
|||||||
self
|
self
|
||||||
}
|
}
|
||||||
|
|
||||||
pub(crate) fn change_cipher_spec(mut self) -> Self {
|
|
||||||
self.content_type = TlsContentType::ChangeCipherSpec;
|
|
||||||
self.version = TlsVersion::Tls12;
|
|
||||||
self.length = 1;
|
|
||||||
self.payload = Some((&[1]).to_vec());
|
|
||||||
self
|
|
||||||
}
|
|
||||||
|
|
||||||
// TODO: Consider replace all these boolean function
|
// TODO: Consider replace all these boolean function
|
||||||
// into a single function that returns the HandshakeType.
|
// into a single function that returns the HandshakeType.
|
||||||
pub(crate) fn is_server_hello(&self) -> bool {
|
pub(crate) fn is_server_hello(&self) -> bool {
|
||||||
@ -112,12 +104,6 @@ impl<'a> TlsRepr<'a> {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
pub(crate) fn is_application_data(&self) -> bool {
|
|
||||||
self.content_type == TlsContentType::ApplicationData &&
|
|
||||||
self.handshake.is_none() &&
|
|
||||||
self.payload.is_some()
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Debug, PartialEq, Eq, Clone, Copy, IntoPrimitive, TryFromPrimitive)]
|
#[derive(Debug, PartialEq, Eq, Clone, Copy, IntoPrimitive, TryFromPrimitive)]
|
||||||
@ -385,8 +371,6 @@ impl<'a> ClientHello<'a> {
|
|||||||
list.push(NamedGroup::x25519);
|
list.push(NamedGroup::x25519);
|
||||||
list.push(NamedGroup::secp256r1);
|
list.push(NamedGroup::secp256r1);
|
||||||
|
|
||||||
let length = list.len()*2;
|
|
||||||
|
|
||||||
// Use the list to generate all key shares and store in a vec
|
// Use the list to generate all key shares and store in a vec
|
||||||
let mut client_shares = Vec::new();
|
let mut client_shares = Vec::new();
|
||||||
let mut client_shares_length = 0;
|
let mut client_shares_length = 0;
|
||||||
@ -590,10 +574,10 @@ pub(crate) enum SupportedVersions {
|
|||||||
impl SupportedVersions {
|
impl SupportedVersions {
|
||||||
pub(crate) fn get_length(&self) -> usize {
|
pub(crate) fn get_length(&self) -> usize {
|
||||||
match self {
|
match self {
|
||||||
Self::ClientHello { length, versions } => {
|
Self::ClientHello { length, .. } => {
|
||||||
usize::try_from(*length).unwrap() + 1
|
usize::try_from(*length).unwrap() + 1
|
||||||
}
|
}
|
||||||
Self::ServerHello { selected_version } => 2
|
Self::ServerHello { .. } => 2
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -713,8 +697,8 @@ pub(crate) enum KeyShareEntryContent {
|
|||||||
impl KeyShareEntryContent {
|
impl KeyShareEntryContent {
|
||||||
pub(crate) fn get_length(&self) -> usize {
|
pub(crate) fn get_length(&self) -> usize {
|
||||||
match self {
|
match self {
|
||||||
Self::KeyShareClientHello { length, client_shares } => 2 + usize::try_from(*length).unwrap(),
|
Self::KeyShareClientHello { length, .. } => 2 + usize::try_from(*length).unwrap(),
|
||||||
Self::KeyShareHelloRetryRequest { selected_group } => 2,
|
Self::KeyShareHelloRetryRequest { .. } => 2,
|
||||||
Self::KeyShareServerHello { server_share } => server_share.get_length(),
|
Self::KeyShareServerHello { server_share } => server_share.get_length(),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -760,12 +744,9 @@ pub(crate) enum CertificateEntryInfo<'a> {
|
|||||||
impl<'a> CertificateEntryInfo<'a> {
|
impl<'a> CertificateEntryInfo<'a> {
|
||||||
pub(crate) fn get_certificate(&self) -> &Asn1DerCertificate {
|
pub(crate) fn get_certificate(&self) -> &Asn1DerCertificate {
|
||||||
match self {
|
match self {
|
||||||
CertificateEntryInfo::RawPublicKey {
|
CertificateEntryInfo::RawPublicKey { .. } => todo!(),
|
||||||
ASN1_subjectPublicKeyInfo_length,
|
|
||||||
ASN1_subjectPublicKeyInfo
|
|
||||||
} => todo!(),
|
|
||||||
CertificateEntryInfo::X509 {
|
CertificateEntryInfo::X509 {
|
||||||
cert_data_length, cert_data
|
cert_data, ..
|
||||||
} => &cert_data
|
} => &cert_data
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user