srctree

aes: AnyAES,

pub const Self = @This();

 

//cli_random: [32]u8 = undefined,

//srv_random: [32]u8 = undefined,

 

srv_pub_key: [32]u8 = undefined,

 

 

pub fn build(self: *Self, key_material: []const u8) void {

var index: usize = 0;

self.cli_mac = key_material[index..][0..hmac.mac_length].*;

index += hmac.mac_length;

self.srv_mac = key_material[index..][0..hmac.mac_length].*;

index += hmac.mac_length;

self.cli_key = key_material[index..][0..enc.key_length].*;

index += enc.key_length;

self.srv_key = key_material[index..][0..enc.key_length].*;

index += enc.key_length;

self.cli_iv = key_material[index..][0..enc.nonce_length].*;

index += enc.nonce_length;

self.srv_iv = key_material[index..][0..enc.nonce_length].*;

}

pub const AnyAES = struct {

material: Material(AES(CBC), Sha256),

/// srv is copied, and will not zero any arguments

pub fn init(srv: [X25519.public_length]u8) !EllipticCurve {

return .{

.srv_material = try X25519.KeyPair.create(srv),

};

}

 

fn packNamed(_: EllipticCurve, _: []u8) !usize {}

fn buildKeyMaterial(ctx: *ConnCtx) !Material(AES(CBC), Sha256) {

var aes = &ctx.cipher.suite.aes;

 

//const our_seckey = ctx.cipher.suite.aes.material.cli_dh.?.secret_key;

//const peer_key = &ctx.cipher.suite.ecc.srv_dh.?.public_key;

//material.premaster = try X25519.scalarmult(our_seckey, peer_key.*);

 

const seed = "master secret" ++ ctx.cli_random.? ++ ctx.srv_random.?;

//var left = std.crypto.auth.hmac.sha2.HmacSha256.init(ctx.cipher.suite.ecc.premaster);

 

var pre_left: [32]u8 = undefined;

var pre_right: [32]u8 = undefined;

Sha256.create(&pre_left, seed, &aes.material.premaster);

Sha256.create(&pre_right, &pre_left, &aes.material.premaster);

var left: [32]u8 = undefined;

var right: [32]u8 = undefined;

Sha256.create(&left, pre_left ++ seed, &aes.material.premaster);

Sha256.create(&right, pre_right ++ seed, &aes.material.premaster);

 

aes.material.master = left ++ right[0..16].*;

 

{

const key_seed = "key expansion" ++ ctx.cli_random.? ++ ctx.srv_random.?;

var first: [32]u8 = undefined;

Sha256.create(&first, key_seed, &aes.material.master);

var second: [32]u8 = undefined;

Sha256.create(&second, &first, &aes.material.master);

var third: [32]u8 = undefined;

Sha256.create(&third, &second, &aes.material.master);

var forth: [32]u8 = undefined;

Sha256.create(&forth, &third, &aes.material.master);

var fifth: [32]u8 = undefined;

Sha256.create(&fifth, &forth, &aes.material.master);

 

var p_first: [32]u8 = undefined;

Sha256.create(&p_first, first ++ key_seed, &aes.material.master);

var p_second: [32]u8 = undefined;

Sha256.create(&p_second, second ++ key_seed, &aes.material.master);

var p_third: [32]u8 = undefined;

Sha256.create(&p_third, third ++ key_seed, &aes.material.master);

var p_forth: [32]u8 = undefined;

Sha256.create(&p_forth, forth ++ key_seed, &aes.material.master);

var p_fifth: [32]u8 = undefined;

Sha256.create(&p_fifth, fifth ++ key_seed, &aes.material.master);

const final = p_first ++ p_second ++ p_third ++ p_forth ++ p_fifth;

 

aes.material.build(&final);

}

return aes.material;

}

 

fn unpackCBC(buffer: []const u8, ctx: *ConnCtx) !void {

var fba = fixedBufferStream(buffer);

const r = fba.reader().any();

//const name = try r.readInt(u16, .big);

//ctx.cipher.suite.aes.srv_dh = undefined;

const peer_key = &ctx.cipher.suite.aes.material.srv_pub_key;

try r.readNoEof(peer_key);

 

// TODO verify signature

ctx.cipher.suite.aes.material = try buildKeyMaterial(ctx);

}

 

pub fn unpackKeyExchange(buffer: []const u8, ctx: *ConnCtx) !void {

if (ctx.cipher.suite != .aes) unreachable;

//var fba = fixedBufferStream(buffer);

//const r = fba.reader().any();

 

//const curve_type = try CurveType.fromByte(try r.readByte());

//switch (curve_type) {

// .named_curve => try unpackNamed(buffer[1..], ctx),

// else => return error.UnsupportedCurve,

//}

return unpackCBC(buffer, ctx);

}

};

 

pub const CBC = struct {

pub const key_length = 32;

pub const nonce_length = 0;

};

 

//pub const AESType = enum {

// AES_128_CBC_SHA,

//};

 

pub fn AES(comptime T: type) type {

return struct {

pub const Kind = T;

pub const key_length = T.key_length;

pub const nonce_length = T.nonce_length;

};

}

 

const seed = "master secret" ++ ctx.cli_random.? ++ ctx.srv_random.?;

const key_seed = "key expansion" ++ ctx.cli_random.? ++ ctx.srv_random.?;

const Allocator = std.mem.Allocator;

cli_random: ?[32]u8 = null,

srv_random: ?[32]u8 = null,

pub fn initClient(a: Allocator) ConnCtx {

.cli_random = rand,

.handshake_record = std.ArrayList(u8).init(a),

};

}

 

pub fn initCrypto(a: Allocator) ConnCtx {

var rand: [32]u8 = undefined;

var csprng = std.Random.ChaCha.init([_]u8{0} ** 32);

csprng.fill(&rand);

 

return .{

.cli_random = rand,

.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,

.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,

.random = ctx.cli_random.?,

ctx.srv_random = undefined;

try r.readNoEof(&ctx.srv_random.?);

.TLS_DHE_RSA_WITH_AES_128_CBC_SHA,

.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,

.TLS_DHE_RSA_WITH_AES_256_CBC_SHA,

.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,

.TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,

=> {

ctx.cipher.suite = .{ .aes = undefined };

},

.ecc => {

ctx.cipher.suite.ecc.cli_dh = try Cipher.X25519.KeyPair.create(null);

try Cipher.EllipticCurve.unpackKeyExchange(buffer, ctx);

},

.aes => try Cipher.AnyAES.unpackKeyExchange(buffer, ctx),

fn startHandshakeCustomSuites(conn: std.net.Stream, suites: []const Cipher.Suites) !ConnCtx {

var client_hello = Handshake.ClientHello.init(ctx);

client_hello.ciphers = suites;

fn startHandshake(conn: std.net.Stream) !ConnCtx {

return startHandshakeCustomSuites(conn, &[_]Cipher.Suites{

.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,

.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,

.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,

});

}

 

//if (ctx.cipher.suite != .ecc) {

// return error.UnexpectedCipherSuite;

//}

if (false) return error.SkipZigTest;

test "cbc" {

const addr = net.Address.resolveIp(TESTING_IP, TESTING_PORT) catch |err| {

print("unable to resolve address because {}\n", .{err});

return err;

};

const conn = try net.tcpConnectToAddress(addr);

 

var ctx = try startHandshakeCustomSuites(conn, &[_]Cipher.Suites{

.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,

});

errdefer ctx.handshake_record.deinit();

var server: [0x1000]u8 = undefined;

const l = try readServer(conn, &server);

try buildServer(server[0..l], &ctx);

std.debug.assert(ctx.cipher.suite == .aes);

try completeClient(conn, &ctx);

}