Comments (12)
Yes, I have a script but is written for tomcrypt 0x0117 - it should work as it is only concatenating all the sources in a single C file and replaces the "#include" directives. I will test it in about two weeks. I think I should add the script to the tomcrypt repository.
from tlse.
I have/had the same problems. I asked at the Github libtom/libtomcrypt for help, because it failed in their pkcs_1_pss_decode method. They told me that you can remove salt completly, because it is not used. And instead of the call
rsa_verify_hash_ex(buffer, len, hash, hash_len, LTC_PKCS_1_PSS, hash_idx, 0, &rsa_stat, &key);
you should use:
rsa_verify_hash_ex(buffer, len, hash, hash_len, LTC_PKCS_1_PSS, hash_idx, hash_len, &rsa_stat, &key);
Same with:
rsa_sign_hash_ex(hash, hash_len, out, outlen, LTC_PKCS_1_PSS, NULL, find_prng("sprng"), hash_idx, hash_type == sha256 ? 32 : 48, &key);
here you should do:
rsa_sign_hash_ex(hash, hash_len, out, outlen, LTC_PKCS_1_PSS, NULL, find_prng("sprng"), hash_idx, hash_len, &key);
This fixed the problem, that the decode method fails on testing for DB == 0x00. But now it fails in this line:
if (XMEMCMP(mask, hash, hLen) == 0) { *res = 1; }
I am not sure why the hash and the mask are different now. If you have an idea please let me know. I am struggling with that too.
from tlse.
I have/had the same problems. I asked at the Github libtom/libtomcrypt for help, because it failed in their pkcs_1_pss_decode method. They told me that you can remove salt completly, because it is not used. And instead of the call
rsa_verify_hash_ex(buffer, len, hash, hash_len, LTC_PKCS_1_PSS, hash_idx, 0, &rsa_stat, &key);
you should use:
rsa_verify_hash_ex(buffer, len, hash, hash_len, LTC_PKCS_1_PSS, hash_idx, hash_len, &rsa_stat, &key);
Same with:
rsa_sign_hash_ex(hash, hash_len, out, outlen, LTC_PKCS_1_PSS, NULL, find_prng("sprng"), hash_idx, hash_type == sha256 ? 32 : 48, &key);
here you should do:
rsa_sign_hash_ex(hash, hash_len, out, outlen, LTC_PKCS_1_PSS, NULL, find_prng("sprng"), hash_idx, hash_len, &key);
This fixed the problem, that the decode method fails on testing for DB == 0x00. But now it fails in this line:
if (XMEMCMP(mask, hash, hLen) == 0) { *res = 1; }
I am not sure why the hash and the mask are different now. If you have an idea please let me know. I am struggling with that too.
https://github.com/Anthony-Mai/TinyTls/blob/9e04c8eeb767db2fdca6364ec1c17ff149b9b9e8/src/ssl/TinyTls.cpp#L3365C20-L3365C20
Because I don't understand encryption at all, I don't understand the logic of the error.However, I found another source code for TLS 1.3, which works correctly.Due to my technical limitations, it is difficult to understand the differences between the two source codes.All I see is that this source code has a "pubkey" involved in the calculation, but I don't see any equivalent members in the certificate structure in "tlse", I don't understand it at all.
I wonder if you can understand where the difference is
from tlse.
I found the solution for tls_parse_verify_tls13!!! First, as I already said, you have to change the values in the rsa_sign_hash_ex and rsa_verify_hash_ex calls. After that, you should also add an '!' here:
instead of
if (context->is_server)
memcpy(signing_data + 64, "TLS 1.3, server CertificateVerify", 33);
else
memcpy(signing_data + 64, "TLS 1.3, client CertificateVerify", 33);
you need to do
if (!context->is_server)
memcpy(signing_data + 64, "TLS 1.3, server CertificateVerify", 33);
else
memcpy(signing_data + 64, "TLS 1.3, client CertificateVerify", 33);
These lines just need to be changed inside tls_parse_verify_tls13! For me it just worked well. As a client you have to verify that the server sent its CertificateVerify message.
from tlse.
Hello!
I've checked your fixes and added to the main branch. I still need to check the rsa_sign_hash_ex
, but it seems ok.
Thank you,
Eduard
from tlse.
Hey,
was something wrong with rsa_sign_hash_ex? Or why did you undo the changes? Or was it just because you still need to check it, but you have it in mind? xD
Thank you too,
Fabian
from tlse.
The latest version of TLSe works both with the old tomcrypt library and the github master branch. There are minor details that need to be checked and I need some time to study them.
from tlse.
You should really try to get it running with the develop branch of libtomcrypt, master is pretty old.
from tlse.
@sjaeckel I've meant develop branch :). It already works with the develop branch (CRYPT >= 0x0118).
from tlse.
Ah, that's cool!
from tlse.
libtomcrypt.c should probably be rebuilt @eduardsui ? Did you have a script to do that or did you do it by hand ? If you don't have a script I could make one for the future.
from tlse.
As already mentioned #78 (comment) I've also started to work on that as well, but that's not in a state that is acceptable to be merged.
Feel free to provide your way :)
from tlse.
Related Issues (20)
- HTTPS Server wont respond when using ECDHE-RSA-AES256GCM-SHA384 cipher HOT 1
- Growtopia wont respond when using TLSe HOT 14
- Async sockets. HOT 5
- Tomcrypt version HOT 2
- Is its possible to make HTTPS Proxy using TLSe? HOT 3
- A website using Cloudflare is giving me 403 when using test client code, but works with Chrome, why? HOT 5
- TLSE fails to contact Cloudflare server, where curl works fine, I eliminated every cause I could think of HOT 8
- How do i set TLSe Client Cipher? HOT 2
- TLS 1.3: Early data
- CHECK_SIZE in tls_parse_verify_tls13 HOT 11
- Examples: tlshelloworld.c, tls_read or recv? HOT 1
- CANNOT READ CERTIFICATE and ALERT MESSAGE ERROR HOT 4
- Problem with tls_certificate_set_copy_date HOT 1
- No server certificate set
- Licensing confusing HOT 2
- Build instruction for Windows HOT 1
- Error in stream consume HOT 5
- [Question] where do you get single file libtomcrypt.c?
- TLSe cannot connect to some servers
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tlse.