mirror/zig
1
0
Fork 0
mirror of https://github.com/ziglang/zig.git synced 2025-12-15 18:53:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

std.crypto.tls.Client: verify the server's Finished message

Browse Source
This commit is contained in:
Andrew Kelley 2022-12-18 16:17:10 -07:00
parent f6c3a86f0f
commit 41f4461cda
2 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lib/std/crypto/tls.zig
View File

@ -237,6 +237,7 @@ pub fn CipherParamsT(comptime AeadType: type, comptime HashType: type) type {
client_handshake_iv: [AEAD.nonce_length]u8, client_handshake_iv: [AEAD.nonce_length]u8,
server_handshake_iv: [AEAD.nonce_length]u8, server_handshake_iv: [AEAD.nonce_length]u8,
transcript_hash: Hash, transcript_hash: Hash,
finished_digest: [Hash.digest_length]u8,
}; };
} }

12
lib/std/crypto/tls/Client.zig
View File

@ -257,6 +257,7 @@ pub fn init(stream: net.Stream, host: []const u8) !Client {
.client_handshake_iv = undefined, .client_handshake_iv = undefined,
.server_handshake_iv = undefined, .server_handshake_iv = undefined,
.transcript_hash = P.Hash.init(.{}), .transcript_hash = P.Hash.init(.{}),
.finished_digest = undefined,
}); });
const p = &@field(cipher_params, @tagName(tag)); const p = &@field(cipher_params, @tagName(tag));
p.transcript_hash.update(client_hello_bytes1); // Client Hello part 1 p.transcript_hash.update(client_hello_bytes1); // Client Hello part 1
@ -391,6 +392,11 @@ pub fn init(stream: net.Stream, host: []const u8) !Client {
}, },
@enumToInt(HandshakeType.certificate_verify) => { @enumToInt(HandshakeType.certificate_verify) => {
std.debug.print("the certificate came with a fancy signature\n", .{}); std.debug.print("the certificate came with a fancy signature\n", .{});
switch (cipher_params) {
inline else => |*p| {
p.finished_digest = p.transcript_hash.peek();
},
}
}, },
@enumToInt(HandshakeType.finished) => { @enumToInt(HandshakeType.finished) => {
// This message is to trick buggy proxies into behaving correctly. // This message is to trick buggy proxies into behaving correctly.
@ -403,7 +409,10 @@ pub fn init(stream: net.Stream, host: []const u8) !Client {
const app_cipher = switch (cipher_params) { const app_cipher = switch (cipher_params) {
inline else => |*p, tag| c: { inline else => |*p, tag| c: {
const P = @TypeOf(p.*); const P = @TypeOf(p.*);
// TODO verify the server's data const expected_server_verify_data = tls.hmac(P.Hmac, &p.finished_digest, p.server_finished_key);
const actual_server_verify_data = cleartext[ct_i..][0..handshake_len];
if (!mem.eql(u8, &expected_server_verify_data, actual_server_verify_data))
return error.TlsDecryptError;
const handshake_hash = p.transcript_hash.finalResult(); const handshake_hash = p.transcript_hash.finalResult();
const verify_data = tls.hmac(P.Hmac, &handshake_hash, p.client_finished_key); const verify_data = tls.hmac(P.Hmac, &handshake_hash, p.client_finished_key);
const out_cleartext = [_]u8{ const out_cleartext = [_]u8{
@ -454,7 +463,6 @@ pub fn init(stream: net.Stream, host: []const u8) !Client {
}; };
}, },
else => { else => {
std.debug.print("handshake type: {d}\n", .{cleartext[0]});
return error.TlsUnexpectedMessage; return error.TlsUnexpectedMessage;
}, },
} }