fix: mismatch cipher, ee parse
This commit is contained in:
parent
38bf1d3c3b
commit
f6ff5cc431
|
@ -107,6 +107,9 @@ impl<'a> TlsBuffer<'a> {
|
||||||
HandshakeData::ClientHello(client_hello) => {
|
HandshakeData::ClientHello(client_hello) => {
|
||||||
self.enqueue_client_hello(client_hello)
|
self.enqueue_client_hello(client_hello)
|
||||||
}
|
}
|
||||||
|
HandshakeData::ServerHello(server_hello) => {
|
||||||
|
self.euqueue_server_hello(server_hello)
|
||||||
|
}
|
||||||
_ => {
|
_ => {
|
||||||
Err(Error::Unrecognized)
|
Err(Error::Unrecognized)
|
||||||
}
|
}
|
||||||
|
@ -128,6 +131,17 @@ impl<'a> TlsBuffer<'a> {
|
||||||
self.enqueue_extensions(client_hello.extensions)
|
self.enqueue_extensions(client_hello.extensions)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fn euqueue_server_hello(&mut self, server_hello: ServerHello<'a>) -> Result<()> {
|
||||||
|
self.write_u16(server_hello.version.into())?;
|
||||||
|
self.write(&server_hello.random)?;
|
||||||
|
self.write_u8(server_hello.session_id_echo_length)?;
|
||||||
|
self.write(&server_hello.session_id_echo)?;
|
||||||
|
self.write_u16(server_hello.cipher_suite.into())?;
|
||||||
|
self.write_u8(server_hello.compression_method)?;
|
||||||
|
self.write_u16(server_hello.extension_length)?;
|
||||||
|
self.enqueue_extensions(server_hello.extensions)
|
||||||
|
}
|
||||||
|
|
||||||
fn enqueue_extensions(&mut self, extensions: Vec<Extension>) -> Result<()> {
|
fn enqueue_extensions(&mut self, extensions: Vec<Extension>) -> Result<()> {
|
||||||
for extension in extensions {
|
for extension in extensions {
|
||||||
self.write_u16(extension.extension_type.into())?;
|
self.write_u16(extension.extension_type.into())?;
|
||||||
|
|
File diff suppressed because one or more lines are too long
101
src/main.rs
101
src/main.rs
|
@ -22,8 +22,6 @@ use hkdf::Hkdf;
|
||||||
use smoltcp_tls::key::*;
|
use smoltcp_tls::key::*;
|
||||||
use smoltcp_tls::buffer::TlsBuffer;
|
use smoltcp_tls::buffer::TlsBuffer;
|
||||||
|
|
||||||
mod encrypted;
|
|
||||||
use encrypted::ENCRYPTED_DATA;
|
|
||||||
|
|
||||||
struct CountingRng(u64);
|
struct CountingRng(u64);
|
||||||
|
|
||||||
|
@ -76,24 +74,32 @@ fn main() {
|
||||||
|
|
||||||
// tls_socket.tls_connect(&mut sockets).unwrap();
|
// tls_socket.tls_connect(&mut sockets).unwrap();
|
||||||
|
|
||||||
let psk: [u8; 32] = [0; 32];
|
let hello_hash = {
|
||||||
let early_secret = Hkdf::<Sha256>::new(None, &psk);
|
Sha384::new()
|
||||||
|
.chain(&CLIENT_HELLO)
|
||||||
|
.chain(&SERVER_HELLO)
|
||||||
|
.finalize()
|
||||||
|
};
|
||||||
|
println!("Hash: {:?}", hello_hash);
|
||||||
|
|
||||||
|
let psk: [u8; 48] = [0; 48];
|
||||||
|
let early_secret = Hkdf::<Sha384>::new(None, &psk);
|
||||||
let derived_secret = derive_secret(
|
let derived_secret = derive_secret(
|
||||||
&early_secret,
|
&early_secret,
|
||||||
"derived",
|
"derived",
|
||||||
Sha256::new().chain("")
|
Sha384::new().chain("")
|
||||||
);
|
);
|
||||||
let (handshake_secret, handshake_secret_hkdf) = Hkdf::<Sha256>::extract(
|
let (handshake_secret, handshake_secret_hkdf) = Hkdf::<Sha384>::extract(
|
||||||
Some(&derived_secret),
|
Some(&derived_secret),
|
||||||
&SHARED_SECRET
|
&SHARED_SECRET
|
||||||
);
|
);
|
||||||
let client_handshake_traffic_secret = {
|
let client_handshake_traffic_secret = {
|
||||||
let hkdf_label = HkdfLabel {
|
let hkdf_label = HkdfLabel {
|
||||||
length: 32,
|
length: 48,
|
||||||
label_length: 18,
|
label_length: 18,
|
||||||
label: b"tls13 c hs traffic",
|
label: b"tls13 c hs traffic",
|
||||||
context_length: 32,
|
context_length: 48,
|
||||||
context: &HELLO_HASH,
|
context: &hello_hash,
|
||||||
};
|
};
|
||||||
let mut array = [0; 100];
|
let mut array = [0; 100];
|
||||||
let mut buffer = TlsBuffer::new(&mut array);
|
let mut buffer = TlsBuffer::new(&mut array);
|
||||||
|
@ -101,17 +107,18 @@ fn main() {
|
||||||
let info: &[u8] = buffer.into();
|
let info: &[u8] = buffer.into();
|
||||||
|
|
||||||
// Define output key material (OKM), dynamically sized by hash
|
// Define output key material (OKM), dynamically sized by hash
|
||||||
let mut okm: GenericArray<u8, U32> = GenericArray::default();
|
let mut okm: GenericArray<u8, U48> = GenericArray::default();
|
||||||
handshake_secret_hkdf.expand(info, &mut okm).unwrap();
|
handshake_secret_hkdf.expand(info, &mut okm).unwrap();
|
||||||
okm
|
okm
|
||||||
};
|
};
|
||||||
|
|
||||||
let server_handshake_traffic_secret = {
|
let server_handshake_traffic_secret = {
|
||||||
let hkdf_label = HkdfLabel {
|
let hkdf_label = HkdfLabel {
|
||||||
length: 32,
|
length: 48,
|
||||||
label_length: 18,
|
label_length: 18,
|
||||||
label: b"tls13 s hs traffic",
|
label: b"tls13 s hs traffic",
|
||||||
context_length: 32,
|
context_length: 48,
|
||||||
context: &HELLO_HASH,
|
context: &hello_hash,
|
||||||
};
|
};
|
||||||
let mut array = [0; 100];
|
let mut array = [0; 100];
|
||||||
let mut buffer = TlsBuffer::new(&mut array);
|
let mut buffer = TlsBuffer::new(&mut array);
|
||||||
|
@ -119,13 +126,14 @@ fn main() {
|
||||||
let info: &[u8] = buffer.into();
|
let info: &[u8] = buffer.into();
|
||||||
|
|
||||||
// Define output key material (OKM), dynamically sized by hash
|
// Define output key material (OKM), dynamically sized by hash
|
||||||
let mut okm: GenericArray<u8, U32> = GenericArray::default();
|
let mut okm: GenericArray<u8, U48> = GenericArray::default();
|
||||||
handshake_secret_hkdf.expand(info, &mut okm).unwrap();
|
handshake_secret_hkdf.expand(info, &mut okm).unwrap();
|
||||||
okm
|
okm
|
||||||
};
|
};
|
||||||
|
|
||||||
let server_handshake_write_key = {
|
let server_handshake_write_key = {
|
||||||
let hkdf_label = HkdfLabel {
|
let hkdf_label = HkdfLabel {
|
||||||
length: 16,
|
length: 32,
|
||||||
label_length: 9,
|
label_length: 9,
|
||||||
label: b"tls13 key",
|
label: b"tls13 key",
|
||||||
context_length: 0,
|
context_length: 0,
|
||||||
|
@ -136,9 +144,9 @@ fn main() {
|
||||||
buffer.enqueue_hkdf_label(hkdf_label);
|
buffer.enqueue_hkdf_label(hkdf_label);
|
||||||
let info: &[u8] = buffer.into();
|
let info: &[u8] = buffer.into();
|
||||||
|
|
||||||
// Define output key material (OKM), dynamically sized by hash
|
// Define output key material (OKM), dynamically sized by cipher key
|
||||||
let mut okm: GenericArray<u8, U16> = GenericArray::default();
|
let mut okm: GenericArray<u8, U32> = GenericArray::default();
|
||||||
Hkdf::<Sha256>::from_prk(&server_handshake_traffic_secret)
|
Hkdf::<Sha384>::from_prk(&server_handshake_traffic_secret)
|
||||||
.unwrap()
|
.unwrap()
|
||||||
.expand(info, &mut okm);
|
.expand(info, &mut okm);
|
||||||
okm
|
okm
|
||||||
|
@ -158,18 +166,18 @@ fn main() {
|
||||||
|
|
||||||
// Define output key material (OKM), dynamically sized by hash
|
// Define output key material (OKM), dynamically sized by hash
|
||||||
let mut okm: GenericArray<u8, U12> = GenericArray::default();
|
let mut okm: GenericArray<u8, U12> = GenericArray::default();
|
||||||
Hkdf::<Sha256>::from_prk(&server_handshake_traffic_secret)
|
Hkdf::<Sha384>::from_prk(&server_handshake_traffic_secret)
|
||||||
.unwrap()
|
.unwrap()
|
||||||
.expand(info, &mut okm);
|
.expand(info, &mut okm);
|
||||||
okm
|
okm
|
||||||
};
|
};
|
||||||
let cipher: Aes128Gcm = Aes128Gcm::new(&server_handshake_write_key);
|
let cipher: Aes256Gcm = Aes256Gcm::new(&server_handshake_write_key);
|
||||||
let decrypted_data = {
|
let decrypted_data = {
|
||||||
let mut vec: Vec<u8, U2048> = Vec::from_slice(&ENCRYPTED_DATA).unwrap();
|
let mut vec: Vec<u8, U2048> = Vec::from_slice(&CIPHERTEXT).unwrap();
|
||||||
cipher.decrypt_in_place(
|
cipher.decrypt_in_place(
|
||||||
&server_handshake_write_iv,
|
&server_handshake_write_iv,
|
||||||
&[
|
&[
|
||||||
0x17, 0x03, 0x03, 0x04, 0x75
|
0x17, 0x03, 0x03, 0x00, 0x27
|
||||||
],
|
],
|
||||||
&mut vec
|
&mut vec
|
||||||
).unwrap();
|
).unwrap();
|
||||||
|
@ -178,22 +186,47 @@ fn main() {
|
||||||
|
|
||||||
println!("{:x?}", client_handshake_traffic_secret);
|
println!("{:x?}", client_handshake_traffic_secret);
|
||||||
println!("{:x?}", server_handshake_traffic_secret);
|
println!("{:x?}", server_handshake_traffic_secret);
|
||||||
println!("{:x?}", server_handshake_write_key);
|
println!("Server handshake key: {:?}", server_handshake_write_key);
|
||||||
println!("{:x?}", server_handshake_write_iv);
|
println!("Server handshake iv: {:?}", server_handshake_write_iv);
|
||||||
println!("{:x?}", decrypted_data);
|
println!("{:x?}", decrypted_data);
|
||||||
|
println!("Decrypted data length: {:?}", decrypted_data.len());
|
||||||
}
|
}
|
||||||
|
|
||||||
const SHARED_SECRET: [u8; 32] = [
|
const SHARED_SECRET: [u8; 32] = [
|
||||||
0xdf, 0x4a, 0x29, 0x1b, 0xaa, 0x1e, 0xb7, 0xcf,
|
43, 165, 163, 26, 69, 90, 77, 219, 49, 63, 128, 28, 75, 77, 23, 115, 28, 228, 145, 134, 124, 198, 18, 28, 27, 165, 10, 201, 94, 156, 148, 150
|
||||||
0xa6, 0x93, 0x4b, 0x29, 0xb4, 0x74, 0xba, 0xad,
|
|
||||||
0x26, 0x97, 0xe2, 0x9f, 0x1f, 0x92, 0x0d, 0xcc,
|
|
||||||
0x77, 0xc8, 0xa0, 0xa0, 0x88, 0x44, 0x76, 0x24
|
|
||||||
];
|
];
|
||||||
|
|
||||||
const HELLO_HASH: [u8; 32] = [
|
const CLIENT_HELLO: [u8; 0xCB] = [
|
||||||
0xda, 0x75, 0xce, 0x11, 0x39, 0xac, 0x80, 0xda,
|
0x01, 0x00, 0x00, 0xc7, 0x03, 0x03, 0x95, 0x2a, 0xfc, 0xc8, 0xee, 0x76, 0xab, 0xaf, 0x6e, 0x99,
|
||||||
0xe4, 0x04, 0x4d, 0xa9, 0x32, 0x35, 0x0c, 0xf6,
|
0xd0, 0x63, 0x03, 0x0b, 0x7d, 0x5e, 0x44, 0xa2, 0x2d, 0x00, 0x99, 0xb4, 0x10, 0x0b, 0x22, 0x55,
|
||||||
0x5c, 0x97, 0xcc, 0xc9, 0xe3, 0x3f, 0x1e, 0x6f,
|
0xf6, 0xe9, 0x7e, 0xbf, 0xdc, 0xd5, 0x20, 0x81, 0x52, 0xe7, 0x4f, 0x58, 0x54, 0x5a, 0x9f, 0x89,
|
||||||
0x7d, 0x2d, 0x4b, 0x18, 0xb7, 0x36, 0xff, 0xd5
|
0xc1, 0x2b, 0xd5, 0x40, 0x61, 0x53, 0xeb, 0x50, 0x8e, 0x77, 0x3a, 0xa9, 0x44, 0x07, 0x0c, 0x2c,
|
||||||
|
0xab, 0xeb, 0xf5, 0x6b, 0x3d, 0x91, 0x6e, 0x00, 0x08, 0x13, 0x01, 0x13, 0x02, 0x13, 0x03, 0x13,
|
||||||
|
0x04, 0x01, 0x00, 0x00, 0x76, 0x00, 0x2b, 0x00, 0x03, 0x02, 0x03, 0x04, 0x00, 0x0d, 0x00, 0x18,
|
||||||
|
0x00, 0x16, 0x04, 0x03, 0x08, 0x07, 0x08, 0x09, 0x04, 0x01, 0x08, 0x04, 0x08, 0x0a, 0x05, 0x01,
|
||||||
|
0x08, 0x05, 0x08, 0x0b, 0x06, 0x01, 0x08, 0x06, 0x00, 0x0a, 0x00, 0x04, 0x00, 0x02, 0x00, 0x17,
|
||||||
|
0x00, 0x33, 0x00, 0x47, 0x00, 0x45, 0x00, 0x17, 0x00, 0x41, 0x04, 0x0e, 0x9f, 0xff, 0x47, 0x1c,
|
||||||
|
0x7c, 0xa3, 0xf8, 0x24, 0xfe, 0x25, 0x57, 0x37, 0xbb, 0x0b, 0xe2, 0x11, 0xb2, 0xec, 0x5f, 0xa9,
|
||||||
|
0x33, 0x2f, 0x66, 0xe8, 0x18, 0xb4, 0x1d, 0x44, 0x61, 0xca, 0x91, 0x89, 0x5f, 0xa2, 0x0f, 0x01,
|
||||||
|
0x88, 0x97, 0xed, 0xe8, 0xc8, 0x39, 0x71, 0x89, 0x93, 0x7d, 0x35, 0xc2, 0xce, 0xcb, 0x6b, 0xbb,
|
||||||
|
0xe0, 0x3f, 0xe5, 0xde, 0x6e, 0x3b, 0x17, 0x68, 0x91, 0xbb, 0xe9
|
||||||
|
];
|
||||||
|
|
||||||
|
const SERVER_HELLO: [u8; 0x9B] = [
|
||||||
|
0x02, 0x00, 0x00, 0x97, 0x03, 0x03, 0x5a, 0x7a, 0x25, 0x58, 0x0a, 0x34, 0x9c, 0x66, 0x08, 0x1f,
|
||||||
|
0xbf, 0x98, 0x03, 0xd3, 0x55, 0x37, 0x14, 0xe9, 0xdb, 0xfb, 0x12, 0xf3, 0x8c, 0x69, 0x1e, 0xc1,
|
||||||
|
0xd4, 0xfc, 0x67, 0x4b, 0x06, 0x47, 0x20, 0x81, 0x52, 0xe7, 0x4f, 0x58, 0x54, 0x5a, 0x9f, 0x89,
|
||||||
|
0xc1, 0x2b, 0xd5, 0x40, 0x61, 0x53, 0xeb, 0x50, 0x8e, 0x77, 0x3a, 0xa9, 0x44, 0x07, 0x0c, 0x2c,
|
||||||
|
0xab, 0xeb, 0xf5, 0x6b, 0x3d, 0x91, 0x6e, 0x13, 0x02, 0x00, 0x00, 0x4f, 0x00, 0x2b, 0x00, 0x02,
|
||||||
|
0x03, 0x04, 0x00, 0x33, 0x00, 0x45, 0x00, 0x17, 0x00, 0x41, 0x04, 0xb9, 0x93, 0x81, 0xfd, 0xa5,
|
||||||
|
0xdc, 0x6d, 0xe2, 0x64, 0x44, 0xbe, 0xa6, 0xd4, 0x7f, 0x8c, 0x0e, 0xb3, 0x6f, 0x4a, 0xcf, 0xa1,
|
||||||
|
0x73, 0x1b, 0x3c, 0x93, 0x41, 0xef, 0x97, 0x2c, 0x3a, 0x2a, 0xd4, 0xb1, 0xe8, 0xc3, 0x06, 0x3a,
|
||||||
|
0xf8, 0x2e, 0x8a, 0xf3, 0x35, 0x0a, 0x47, 0x98, 0x47, 0x67, 0x28, 0xab, 0x9d, 0xd2, 0xb4, 0x98,
|
||||||
|
0x33, 0xc6, 0xa5, 0x3d, 0x99, 0x7e, 0x28, 0x89, 0x2d, 0x9d, 0xd9
|
||||||
|
];
|
||||||
|
|
||||||
|
const CIPHERTEXT: [u8; 39] = [
|
||||||
|
0xf6, 0xa9, 0x89, 0x64, 0x69, 0xf7, 0x87, 0x96, 0x61, 0xf6, 0xc9, 0xf8, 0x02, 0xfb, 0xfa, 0xa0,
|
||||||
|
0xae, 0xca, 0x4f, 0x59, 0x9b, 0xb4, 0x26, 0x2b, 0x06, 0x54, 0x4b, 0xce, 0xbc, 0xa4, 0x27, 0x55,
|
||||||
|
0xc0, 0xe4, 0x69, 0x33, 0x25, 0x46, 0x7f
|
||||||
];
|
];
|
98
src/parse.rs
98
src/parse.rs
|
@ -1,5 +1,6 @@
|
||||||
use nom::IResult;
|
use nom::IResult;
|
||||||
use nom::bytes::complete::take;
|
use nom::bytes::complete::take;
|
||||||
|
use nom::bytes::complete::tag;
|
||||||
use nom::combinator::complete;
|
use nom::combinator::complete;
|
||||||
use nom::sequence::tuple;
|
use nom::sequence::tuple;
|
||||||
use nom::error::ErrorKind;
|
use nom::error::ErrorKind;
|
||||||
|
@ -53,7 +54,7 @@ pub(crate) fn parse_tls_repr(bytes: &[u8]) -> IResult<&[u8], TlsRepr> {
|
||||||
Ok((rest, repr))
|
Ok((rest, repr))
|
||||||
}
|
}
|
||||||
|
|
||||||
fn parse_handshake(bytes: &[u8]) -> IResult<&[u8], HandshakeRepr> {
|
pub(crate) fn parse_handshake(bytes: &[u8]) -> IResult<&[u8], HandshakeRepr> {
|
||||||
let handshake_type = take(1_usize);
|
let handshake_type = take(1_usize);
|
||||||
let length = take(3_usize);
|
let length = take(3_usize);
|
||||||
|
|
||||||
|
@ -73,6 +74,30 @@ fn parse_handshake(bytes: &[u8]) -> IResult<&[u8], HandshakeRepr> {
|
||||||
repr.handshake_data = data;
|
repr.handshake_data = data;
|
||||||
Ok((rest, repr))
|
Ok((rest, repr))
|
||||||
},
|
},
|
||||||
|
EncryptedExtensions => {
|
||||||
|
// Split data into EE and the last TLS content byte
|
||||||
|
let (tls_content_byte, ee_data) = take(repr.length)(rest)?;
|
||||||
|
|
||||||
|
// Process TLS content byte.
|
||||||
|
complete(
|
||||||
|
tag(&[0x16])
|
||||||
|
)(tls_content_byte)?;
|
||||||
|
|
||||||
|
// Process EE
|
||||||
|
let (rest, handshake_data) = parse_encrypted_extensions(
|
||||||
|
ee_data
|
||||||
|
)?;
|
||||||
|
repr.handshake_data = HandshakeData::EncryptedExtensions(
|
||||||
|
handshake_data
|
||||||
|
);
|
||||||
|
|
||||||
|
// Verify that all bytes are comsumed
|
||||||
|
complete(
|
||||||
|
take(0_usize)
|
||||||
|
)(rest)?;
|
||||||
|
|
||||||
|
Ok((&[], repr))
|
||||||
|
}
|
||||||
_ => todo!()
|
_ => todo!()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -126,27 +151,42 @@ fn parse_server_hello(bytes: &[u8]) -> IResult<&[u8], HandshakeData> {
|
||||||
Ok((rest, HandshakeData::ServerHello(server_hello)))
|
Ok((rest, HandshakeData::ServerHello(server_hello)))
|
||||||
}
|
}
|
||||||
|
|
||||||
pub(crate) fn parse_encrypted_extensions(bytes: &[u8]) -> IResult<&[u8], EncryptedExtensions> {
|
fn parse_encrypted_extensions(bytes: &[u8]) -> IResult<&[u8], EncryptedExtensions> {
|
||||||
let (mut rest, extension_length) = take(2_usize)(bytes)?;
|
let (mut rest, extension_length) = take(2_usize)(bytes)?;
|
||||||
let mut extension_length: i32 = NetworkEndian::read_u16(extension_length).into();
|
let extension_length: u16 = NetworkEndian::read_u16(extension_length);
|
||||||
let mut extension_vec: Vec<Extension> = Vec::new();
|
let mut extension_length_counter: i32 = extension_length.into();
|
||||||
while extension_length > 0 {
|
let mut extension_vec: Vec<Extension> = Vec::new();
|
||||||
let (rem, extension) = parse_extension(rest, HandshakeType::EncryptedExtensions)?;
|
|
||||||
rest = rem;
|
// Split the data into "extensions" and the rest
|
||||||
extension_length -= i32::try_from(extension.get_length()).unwrap();
|
let (rest, mut encypted_extension_data) =
|
||||||
|
take(usize::try_from(extension_length).unwrap())(rest)?;
|
||||||
|
|
||||||
|
while extension_length_counter > 0 {
|
||||||
|
let (rem, extension) = parse_extension(
|
||||||
|
encypted_extension_data,
|
||||||
|
HandshakeType::EncryptedExtensions
|
||||||
|
)?;
|
||||||
|
encypted_extension_data = rem;
|
||||||
|
extension_length_counter -= i32::try_from(extension.get_length()).unwrap();
|
||||||
|
|
||||||
// Todo:: Proper error
|
// Todo:: Proper error
|
||||||
if extension_length < 0 {
|
if extension_length_counter < 0 {
|
||||||
todo!()
|
todo!()
|
||||||
}
|
}
|
||||||
|
|
||||||
extension_vec.push(extension);
|
extension_vec.push(extension);
|
||||||
}
|
}
|
||||||
|
|
||||||
let encrypted_extensions = EncryptedExtensions {
|
let encrypted_extensions = EncryptedExtensions {
|
||||||
length: u16::try_from(extension_length).unwrap(),
|
length: extension_length,
|
||||||
extensions: extension_vec
|
extensions: extension_vec
|
||||||
};
|
};
|
||||||
|
|
||||||
|
// Force completeness. The entire slice is meant to be processed.
|
||||||
|
complete(
|
||||||
|
take(0_usize)
|
||||||
|
)(rest)?;
|
||||||
|
|
||||||
Ok((rest, encrypted_extensions))
|
Ok((rest, encrypted_extensions))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -190,6 +230,38 @@ fn parse_extension(bytes: &[u8], handshake_type: HandshakeType) -> IResult<&[u8]
|
||||||
_ => todo!()
|
_ => todo!()
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
SupportedGroups => { // NamedGroupList
|
||||||
|
let (rest, length) = take(2_usize)(rest)?;
|
||||||
|
let length = NetworkEndian::read_u16(length);
|
||||||
|
|
||||||
|
// Isolate contents, for easier error handling
|
||||||
|
let (rest, mut rem_data) = take(length)(rest)?;
|
||||||
|
|
||||||
|
let mut named_group_extension = NamedGroupList {
|
||||||
|
length,
|
||||||
|
named_group_list: Vec::new(),
|
||||||
|
};
|
||||||
|
|
||||||
|
for index in 0..(length/2) {
|
||||||
|
let (rem, named_group) = take(2_usize)(rem_data)?;
|
||||||
|
rem_data = rem;
|
||||||
|
let named_group = NamedGroup::try_from(
|
||||||
|
NetworkEndian::read_u16(named_group)
|
||||||
|
).unwrap();
|
||||||
|
named_group_extension.named_group_list.push(named_group);
|
||||||
|
|
||||||
|
// Assure completeness
|
||||||
|
if index == (length/2) {
|
||||||
|
complete(take(0_usize))(rem_data)?;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
(
|
||||||
|
rest,
|
||||||
|
ExtensionData::NegotiatedGroups(
|
||||||
|
named_group_extension
|
||||||
|
)
|
||||||
|
)
|
||||||
|
}
|
||||||
KeyShare => {
|
KeyShare => {
|
||||||
match handshake_type {
|
match handshake_type {
|
||||||
HandshakeType::ClientHello => {
|
HandshakeType::ClientHello => {
|
||||||
|
|
|
@ -106,6 +106,8 @@ impl Session {
|
||||||
.diffie_hellman(&encoded_point)
|
.diffie_hellman(&encoded_point)
|
||||||
.unwrap();
|
.unwrap();
|
||||||
|
|
||||||
|
log::info!("Shared secret: {:?}", ecdhe_shared_secret.as_bytes());
|
||||||
|
|
||||||
// Generate Handshake secret
|
// Generate Handshake secret
|
||||||
match cipher_suite {
|
match cipher_suite {
|
||||||
CipherSuite::TLS_AES_128_GCM_SHA256 |
|
CipherSuite::TLS_AES_128_GCM_SHA256 |
|
||||||
|
@ -287,7 +289,7 @@ impl Session {
|
||||||
},
|
},
|
||||||
_ => unreachable!()
|
_ => unreachable!()
|
||||||
}
|
}
|
||||||
}
|
},
|
||||||
CipherSuite::TLS_AES_256_GCM_SHA384 => {
|
CipherSuite::TLS_AES_256_GCM_SHA384 => {
|
||||||
// Select 1 hash function, then update the hash
|
// Select 1 hash function, then update the hash
|
||||||
self.hash = Hash::select_sha384(self.hash.clone());
|
self.hash = Hash::select_sha384(self.hash.clone());
|
||||||
|
@ -376,7 +378,7 @@ impl Session {
|
||||||
let server_handshake_iv: Vec<u8, U12> = {
|
let server_handshake_iv: Vec<u8, U12> = {
|
||||||
let mut server_handshake_iv_holder = Vec::from_slice(&[0; 12]).unwrap();
|
let mut server_handshake_iv_holder = Vec::from_slice(&[0; 12]).unwrap();
|
||||||
hkdf_expand_label(
|
hkdf_expand_label(
|
||||||
&client_handshake_traffic_secret_hkdf,
|
&server_handshake_traffic_secret_hkdf,
|
||||||
"iv",
|
"iv",
|
||||||
"",
|
"",
|
||||||
&mut server_handshake_iv_holder
|
&mut server_handshake_iv_holder
|
||||||
|
@ -405,11 +407,11 @@ impl Session {
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
|
|
||||||
}
|
},
|
||||||
CipherSuite::TLS_AES_128_CCM_8_SHA256 => {
|
CipherSuite::TLS_AES_128_CCM_8_SHA256 => {
|
||||||
unreachable!()
|
unreachable!()
|
||||||
}
|
}
|
||||||
}
|
};
|
||||||
self.state = TlsState::WAIT_EE;
|
self.state = TlsState::WAIT_EE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -465,11 +467,11 @@ impl Session {
|
||||||
buffer: &mut dyn Buffer
|
buffer: &mut dyn Buffer
|
||||||
) -> Result<(), Error> {
|
) -> Result<(), Error> {
|
||||||
let (nonce, cipher): (&Vec<u8, U12>, &Cipher) = match self.role {
|
let (nonce, cipher): (&Vec<u8, U12>, &Cipher) = match self.role {
|
||||||
TlsRole::Client => {(
|
TlsRole::Server => {(
|
||||||
self.client_nonce.as_ref().unwrap(),
|
self.client_nonce.as_ref().unwrap(),
|
||||||
self.client_cipher.as_ref().unwrap()
|
self.client_cipher.as_ref().unwrap()
|
||||||
)},
|
)},
|
||||||
TlsRole::Server => {(
|
TlsRole::Client => {(
|
||||||
self.server_nonce.as_ref().unwrap(),
|
self.server_nonce.as_ref().unwrap(),
|
||||||
self.server_cipher.as_ref().unwrap()
|
self.server_cipher.as_ref().unwrap()
|
||||||
)},
|
)},
|
||||||
|
|
44
src/tls.rs
44
src/tls.rs
|
@ -34,7 +34,7 @@ use alloc::vec::{ self, Vec };
|
||||||
|
|
||||||
use crate::Error as TlsError;
|
use crate::Error as TlsError;
|
||||||
use crate::tls_packet::*;
|
use crate::tls_packet::*;
|
||||||
use crate::parse::{ parse_tls_repr, parse_encrypted_extensions };
|
use crate::parse::{ parse_tls_repr, parse_handshake };
|
||||||
use crate::buffer::TlsBuffer;
|
use crate::buffer::TlsBuffer;
|
||||||
use crate::session::{Session, TlsRole};
|
use crate::session::{Session, TlsRole};
|
||||||
|
|
||||||
|
@ -117,7 +117,10 @@ impl<R: RngCore + CryptoRng> TlsSocket<R> {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Handle TLS handshake through TLS states
|
// Handle TLS handshake through TLS states
|
||||||
match self.session.borrow().get_tls_state() {
|
let tls_state = {
|
||||||
|
self.session.borrow().get_tls_state()
|
||||||
|
};
|
||||||
|
match tls_state {
|
||||||
// Initiate TLS handshake
|
// Initiate TLS handshake
|
||||||
TlsState::START => {
|
TlsState::START => {
|
||||||
// Prepare field that is randomised,
|
// Prepare field that is randomised,
|
||||||
|
@ -131,7 +134,7 @@ impl<R: RngCore + CryptoRng> TlsSocket<R> {
|
||||||
.client_hello(&ecdh_secret, random, session_id.clone());
|
.client_hello(&ecdh_secret, random, session_id.clone());
|
||||||
|
|
||||||
// Update hash function with client hello handshake
|
// Update hash function with client hello handshake
|
||||||
let mut array = [0; 2048];
|
let mut array = [0; 512];
|
||||||
let mut buffer = TlsBuffer::new(&mut array);
|
let mut buffer = TlsBuffer::new(&mut array);
|
||||||
buffer.enqueue_tls_repr(repr)?;
|
buffer.enqueue_tls_repr(repr)?;
|
||||||
let slice: &[u8] = buffer.into();
|
let slice: &[u8] = buffer.into();
|
||||||
|
@ -157,6 +160,10 @@ impl<R: RngCore + CryptoRng> TlsSocket<R> {
|
||||||
// TLS client should jump from WAIT_SH directly to WAIT_CERT_CR directly.
|
// TLS client should jump from WAIT_SH directly to WAIT_CERT_CR directly.
|
||||||
TlsState::WAIT_EE => {},
|
TlsState::WAIT_EE => {},
|
||||||
|
|
||||||
|
// TLS Client wait for server's certificate
|
||||||
|
// No need to send anything
|
||||||
|
TlsState::WAIT_CERT_CR => {},
|
||||||
|
|
||||||
_ => todo!()
|
_ => todo!()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -191,7 +198,10 @@ impl<R: RngCore + CryptoRng> TlsSocket<R> {
|
||||||
return Ok(())
|
return Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
match self.session.borrow().get_tls_state() {
|
let tls_state = {
|
||||||
|
self.session.borrow().get_tls_state()
|
||||||
|
};
|
||||||
|
match tls_state {
|
||||||
// During WAIT_SH for a TLS client, client should wait for ServerHello
|
// During WAIT_SH for a TLS client, client should wait for ServerHello
|
||||||
TlsState::WAIT_SH => {
|
TlsState::WAIT_SH => {
|
||||||
// Legacy_protocol must be TLS 1.2
|
// Legacy_protocol must be TLS 1.2
|
||||||
|
@ -302,11 +312,12 @@ impl<R: RngCore + CryptoRng> TlsSocket<R> {
|
||||||
// This is indeed a desirable ServerHello TLS repr
|
// This is indeed a desirable ServerHello TLS repr
|
||||||
// Reprocess ServerHello into a slice
|
// Reprocess ServerHello into a slice
|
||||||
// Update session with required parameter
|
// Update session with required parameter
|
||||||
let mut array = [0; 2048];
|
let mut array = [0; 512];
|
||||||
let mut buffer = TlsBuffer::new(&mut array);
|
let mut buffer = TlsBuffer::new(&mut array);
|
||||||
buffer.enqueue_tls_repr(repr);
|
buffer.enqueue_tls_repr(repr)?;
|
||||||
let slice: &[u8] = buffer.into();
|
let slice: &[u8] = buffer.into();
|
||||||
self.session.borrow_mut().client_update_for_sh(
|
let mut session = self.session.borrow_mut();
|
||||||
|
session.client_update_for_sh(
|
||||||
selected_cipher.unwrap(),
|
selected_cipher.unwrap(),
|
||||||
server_public.unwrap(),
|
server_public.unwrap(),
|
||||||
&slice[5..]
|
&slice[5..]
|
||||||
|
@ -331,21 +342,26 @@ impl<R: RngCore + CryptoRng> TlsSocket<R> {
|
||||||
buffer.write_u16(repr.version.into())?;
|
buffer.write_u16(repr.version.into())?;
|
||||||
buffer.write_u16(repr.length)?;
|
buffer.write_u16(repr.length)?;
|
||||||
let associated_data: &[u8] = buffer.into();
|
let associated_data: &[u8] = buffer.into();
|
||||||
self.session.borrow().encrypt_in_place(
|
{
|
||||||
associated_data,
|
self.session.borrow().decrypt_in_place(
|
||||||
&mut payload
|
associated_data,
|
||||||
);
|
&mut payload
|
||||||
|
);
|
||||||
|
}
|
||||||
|
log::info!("Decrypted payload {:?}", payload);
|
||||||
|
|
||||||
// TODO: Parse payload of EE
|
// TODO: Parse payload of EE
|
||||||
let (_, encrypted_extensions) =
|
let parse_result = parse_handshake(&payload);
|
||||||
parse_encrypted_extensions(&payload)
|
let (_, encrypted_extensions_handshake) = parse_result
|
||||||
.map_err(|_| Error::Unrecognized)?;
|
.map_err(|_| Error::Unrecognized)?;
|
||||||
|
|
||||||
// TODO: Process payload
|
// TODO: Process payload
|
||||||
// Practically, nothing will be done about cookies/server name
|
// Practically, nothing will be done about cookies/server name
|
||||||
// Extension processing is therefore skipped
|
// Extension processing is therefore skipped
|
||||||
|
log::info!("EE handshake: {:?}", encrypted_extensions_handshake);
|
||||||
|
|
||||||
self.session.borrow_mut().client_update_for_ee();
|
self.session.borrow_mut().client_update_for_ee();
|
||||||
|
log::info!("Transition to WAIT_CERT_CR");
|
||||||
},
|
},
|
||||||
|
|
||||||
// In this stage, wait for a certificate from server
|
// In this stage, wait for a certificate from server
|
||||||
|
|
|
@ -188,7 +188,7 @@ pub(crate) enum HandshakeData<'a> {
|
||||||
Uninitialized,
|
Uninitialized,
|
||||||
ClientHello(ClientHello<'a>),
|
ClientHello(ClientHello<'a>),
|
||||||
ServerHello(ServerHello<'a>),
|
ServerHello(ServerHello<'a>),
|
||||||
ExcryptedExtensions(EncryptedExtensions),
|
EncryptedExtensions(EncryptedExtensions),
|
||||||
}
|
}
|
||||||
|
|
||||||
impl<'a> HandshakeData<'a> {
|
impl<'a> HandshakeData<'a> {
|
||||||
|
@ -558,6 +558,9 @@ impl SignatureSchemeList {
|
||||||
#[derive(Debug, PartialEq, Eq, Clone, Copy, IntoPrimitive, TryFromPrimitive)]
|
#[derive(Debug, PartialEq, Eq, Clone, Copy, IntoPrimitive, TryFromPrimitive)]
|
||||||
#[repr(u16)]
|
#[repr(u16)]
|
||||||
pub(crate) enum NamedGroup {
|
pub(crate) enum NamedGroup {
|
||||||
|
#[num_enum(default)]
|
||||||
|
UNKNOWN = 0x0000,
|
||||||
|
|
||||||
/* Elliptic Curve Groups (ECDHE) */
|
/* Elliptic Curve Groups (ECDHE) */
|
||||||
secp256r1 = 0x0017,
|
secp256r1 = 0x0017,
|
||||||
secp384r1 = 0x0018,
|
secp384r1 = 0x0018,
|
||||||
|
|
Loading…
Reference in New Issue