hash: fix, exclude content byte
parent
ccc257aeb9
commit
e55b2e266b
|
|
@ -1776,7 +1776,13 @@ impl<'a> Session<'a> {
|
|||
CertificatePrivateKey::ECDSA_SECP256R1_SHA256 { cert_signing_key } => {
|
||||
let verify_hash = sha2::Sha256::new()
|
||||
.chain(&[0x20; 64])
|
||||
.chain("TLS 1.3, client CertificateVerify")
|
||||
.chain({
|
||||
match role {
|
||||
TlsRole::Client => "TLS 1.3, client CertificateVerify",
|
||||
TlsRole::Server => "TLS 1.3, server CertificateVerify",
|
||||
_ => unreachable!()
|
||||
}
|
||||
})
|
||||
.chain(&[0x00])
|
||||
.chain(&transcript_hash);
|
||||
|
||||
|
|
@ -1795,7 +1801,13 @@ impl<'a> Session<'a> {
|
|||
// Similar to server CertificateVerify
|
||||
let mut verify_message: Vec<u8, U146> = Vec::new();
|
||||
verify_message.extend_from_slice(&[0x20; 64]).unwrap();
|
||||
verify_message.extend_from_slice(b"TLS 1.3, client CertificateVerify").unwrap();
|
||||
verify_message.extend_from_slice({
|
||||
match role {
|
||||
TlsRole::Client => b"TLS 1.3, client CertificateVerify",
|
||||
TlsRole::Server => b"TLS 1.3, server CertificateVerify",
|
||||
_ => unreachable!()
|
||||
}
|
||||
}).unwrap();
|
||||
verify_message.extend_from_slice(&[0]).unwrap();
|
||||
verify_message.extend_from_slice(&transcript_hash).unwrap();
|
||||
|
||||
|
|
|
|||
13
src/tls.rs
13
src/tls.rs
|
|
@ -512,7 +512,7 @@ impl<'s> TlsSocket<'s> {
|
|||
{
|
||||
let mut session = self.session.borrow_mut();
|
||||
session.server_update_for_encrypted_extension(
|
||||
&inner_plaintext
|
||||
&inner_plaintext[..(inner_plaintext_length-1)]
|
||||
);
|
||||
}
|
||||
|
||||
|
|
@ -580,11 +580,11 @@ impl<'s> TlsSocket<'s> {
|
|||
};
|
||||
|
||||
self.send_application_slice(sockets, &mut inner_plaintext.clone())?;
|
||||
|
||||
let inner_plaintext_length = inner_plaintext.len();
|
||||
// Update session
|
||||
{
|
||||
self.session.borrow_mut()
|
||||
.server_update_for_sent_certificate(&inner_plaintext);
|
||||
.server_update_for_sent_certificate(&inner_plaintext[..(inner_plaintext_length-1)]);
|
||||
}
|
||||
|
||||
// Construct and send certificate verify
|
||||
|
|
@ -624,10 +624,11 @@ impl<'s> TlsSocket<'s> {
|
|||
&mut inner_plaintext.clone()
|
||||
)?;
|
||||
|
||||
let inner_plaintext_length = inner_plaintext.len();
|
||||
{
|
||||
self.session.borrow_mut()
|
||||
.server_update_for_sent_certificate_verify(
|
||||
&inner_plaintext[..]
|
||||
&inner_plaintext[..(inner_plaintext_length-1)]
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
@ -1381,15 +1382,11 @@ impl<'s> TlsSocket<'s> {
|
|||
// TODO: Rename this function. It is only good for client finished
|
||||
fn send_application_slice(&self, sockets: &mut SocketSet, slice: &mut [u8]) -> Result<()> {
|
||||
let mut tcp_socket = sockets.get::<TcpSocket>(self.tcp_handle);
|
||||
log::info!("Got socket");
|
||||
if !tcp_socket.can_send() {
|
||||
return Err(Error::Illegal);
|
||||
}
|
||||
|
||||
log::info!("Socket usable");
|
||||
// Borrow session in advance
|
||||
let mut session = self.session.borrow_mut();
|
||||
log::info!("Got session");
|
||||
|
||||
// Pre-compute TLS record layer as associated_data
|
||||
let mut associated_data: [u8; 5] = [0x17, 0x03, 0x03, 0x00, 0x00];
|
||||
|
|
|
|||
Loading…
Reference in New Issue