Noratrieb/tls
1
0
Fork 0
mirror of https://github.com/Noratrieb/tls.git synced 2026-01-14 16:45:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

it works

Browse source
This commit is contained in:
nora 2024-08-03 16:09:42 +02:00
parent c518c09937
commit ad3a4d21a5
3 changed files with 10 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/crypto/aead.rs
View file

@ -65,10 +65,12 @@ pub fn decrypt_ciphertext(
additional_data[3..].copy_from_slice(&ciphertext_len.to_be_bytes()); additional_data[3..].copy_from_slice(&ciphertext_len.to_be_bytes());
// <https://datatracker.ietf.org/doc/html/rfc8446#section-5.3> // <https://datatracker.ietf.org/doc/html/rfc8446#section-5.3>
let nonce = nonce.get_aead_nonce(&iv);
let result = decrypt( let result = decrypt(
key, key,
encrypted_record, encrypted_record,
nonce.get_aead_nonce(&iv), nonce,
&additional_data, &additional_data,
); );

3
src/crypto/keys.rs
View file

@ -157,9 +157,6 @@ impl KeysAfterServerHello {
let early_secret_derived = let early_secret_derived =
derive_secret(&early_secret, b"derived", &sha2::Sha256::new().finalize()); derive_secret(&early_secret, b"derived", &sha2::Sha256::new().finalize());
println!("early_secret {:?}", early_secret);
println!("early_secret_derived {:?}", early_secret_derived);
let (handshake_secret, _) = let (handshake_secret, _) =
Hkdf::<Sha256>::extract(Some(&early_secret_derived), shared_secret.as_bytes()); Hkdf::<Sha256>::extract(Some(&early_secret_derived), shared_secret.as_bytes());

13
src/lib.rs
View file

@ -64,6 +64,11 @@ mod stream_state {
Ok(self.write_seq_id.next()) Ok(self.write_seq_id.next())
} }
pub fn key_change(&mut self) {
self.read_seq_id = SeqIdGen::new();
self.write_seq_id = SeqIdGen::new();
}
pub fn read_record(&mut self) -> Result<(TLSPlaintext, SeqId)> { pub fn read_record(&mut self) -> Result<(TLSPlaintext, SeqId)> {
let seq_id = self.read_seq_id.next(); let seq_id = self.read_seq_id.next();
let frame = proto::TLSPlaintext::read(&mut self.stream)?; let frame = proto::TLSPlaintext::read(&mut self.stream)?;
@ -312,11 +317,6 @@ impl<W: Read + Write> ClientSetupConnection<W> {
.unwrap() .unwrap()
.diffie_hellman(&server_key); .diffie_hellman(&server_key);
println!(
"we have established a shared secret. dont leak it!! anyways here is it: {:x?}",
dh_shared_secret.as_bytes()
);
let keys = KeysAfterServerHello::compute( let keys = KeysAfterServerHello::compute(
dh_shared_secret, dh_shared_secret,
*cipher_suite, *cipher_suite,
@ -328,6 +328,7 @@ impl<W: Read + Write> ClientSetupConnection<W> {
} }
} }
ConnectState::WaitEncryptedExtensions { keys } => { ConnectState::WaitEncryptedExtensions { keys } => {
self.stream.key_change();
let (frame, seq_id) = self.stream.read_record()?; let (frame, seq_id) = self.stream.read_record()?;
if frame.should_drop() { if frame.should_drop() {
continue; continue;
@ -340,7 +341,7 @@ impl<W: Read + Write> ClientSetupConnection<W> {
return unexpected_message!("expected ApplicationData, got {frame:?}"); return unexpected_message!("expected ApplicationData, got {frame:?}");
}; };
// Encrypted with server_handshake_traffic_secret // Encrypted with server_handshake_traffic_secret
crypto::aead::decrypt_ciphertext( let inner = crypto::aead::decrypt_ciphertext(
&encrypted_record, &encrypted_record,
&keys &keys
.borrow() .borrow()