revision for CertificateVerify and Finished in signaturecheme.js

Author: Srabutdotcom

deno.json

@@ -1,6 +1,6 @@
 {
   "name": "@tls/enum",
-  "version": "0.4.4",
+  "version": "0.4.5",
   "exports": "./src/mod.ts",
   "publish": {
     "exclude": ["dist/"]

src/signaturescheme.js

@@ -76,21 +76,17 @@ export class SignatureScheme extends Enum {
     */
    get Uint16() { return Uint16.fromValue(+this); }
 
-   async certificateVerify(clientHelloMsg, serverHelloMsg, encryptedExtensionsMsg, certificateMsg, RSAprivateKey) {
-      const signature = await signatureFrom(clientHelloMsg, serverHelloMsg, encryptedExtensionsMsg, certificateMsg, RSAprivateKey)
+   async certificateVerify(clientHelloMsg, serverHelloMsg, encryptedExtensionsMsg, certificateMsg, RSAprivateKey, sha) {
+      const signature = await signatureFrom(clientHelloMsg, serverHelloMsg, encryptedExtensionsMsg, certificateMsg, RSAprivateKey, sha)
       return new CertificateVerify(this, signature)
    }
-   async certificateVerifyMsg(clientHelloMsg, serverHelloMsg, encryptedExtensionsMsg, certificateMsg, RSAprivateKey){
-      const certificateVerify = await this.certificateVerify(clientHelloMsg, serverHelloMsg, encryptedExtensionsMsg, certificateMsg, RSAprivateKey);
-      return HandshakeType.CERTIFICATE_VERIFY.handshake(certificateVerify);
-   }
 }
 
 export class CertificateVerify extends Uint8Array {
-   static from(array) {
+   static fromMsg(array) {
       const copy = Uint8Array.from(array)
-      const algorithm = SignatureScheme.from(copy);
-      const signature = Signature.from(copy.subarray(2))
+      const algorithm = SignatureScheme.from(copy.subarray(4));
+      const signature = Signature.from(copy.subarray(6))
       return new CertificateVerify(algorithm, signature.opaque)
    }
    constructor(signatureScheme, signature) {
@@ -102,6 +98,7 @@ export class CertificateVerify extends Uint8Array {
       super(struct);
       this.algorithm = signatureScheme;
       this.signature = signature
+      return HandshakeType.CERTIFICATE_VERIFY.handshake(this);
    }
 }
 
@@ -161,8 +158,7 @@ async function signatureFrom(clientHelloMsg, serverHelloMsg, encryptedExtensions
          sign,
          data
    ) */
-   const signature = new Uint8Array(signBuffer)
-   return signature
+   return new Uint8Array(signBuffer)
 }
 
 export async function finished(finishedKey, sha = 256, ...messages) {
@@ -204,9 +200,14 @@ export async function finished(finishedKey, sha = 256, ...messages) {
 }
 
 export class Finished extends Uint8Array {
+   static fromMsg(message){
+      const copy = Uint8Array.from(message)
+      return new Finished(copy.subarray(4))
+   }
    constructor(verify_data){
       super(verify_data);
       this.verify_data = verify_data 
+      return HandshakeType.FINISHED.handshake(this)
    }
 }
 

test/signaturescheme_test.js

@@ -79,18 +79,20 @@ const rsaKey = await crypto.subtle.generateKey(
 
 Deno.test("CertificateVerify", async () => {
    const test = await SignatureScheme.RSA_PSS_PSS_SHA256.certificateVerify(clientHelloMsg, serverHelloMsg, encryptedExtensionsMsg, certificateMsg, rsaKey.privateKey)
-   const back = CertificateVerify.from(test)
+   const back = CertificateVerify.fromMsg(test)
    assertEquals(test.toString(), back.toString())
 })
 
 
-Deno.test("Finished", async ()=>{
-   const test = await SignatureScheme.RSA_PSS_PSS_SHA256.certificateVerifyMsg(clientHelloMsg, serverHelloMsg, encryptedExtensionsMsg, certificateMsg, rsaKey.privateKey)
+Deno.test("Finished", async () => {
+   const test = await SignatureScheme.RSA_PSS_PSS_SHA256.certificateVerify(clientHelloMsg, serverHelloMsg, encryptedExtensionsMsg, certificateMsg, rsaKey.privateKey)
    //const back = CertificateVerify.from(test)
    const serverHS_secret_fake = crypto.getRandomValues(new Uint8Array(32));
    const _finished = await finished(serverHS_secret_fake, 256, test);
-   const finishedBack = Finished.from(_finished);
+   const finishedBack = Finished.fromMsg(_finished);
    assertEquals(_finished.toString(), finishedBack.toString())
 })
 
 
+
+

type/signaturescheme.d.ts

@@ -1,6 +1,5 @@
 import { Constrained, Uint16 } from "../src/dep.ts";
 import { Enum } from "../src/enum.js";
-import type { Handshake } from "../src/handshaketype.js";
 
 /**
  * Enumeration of signature schemes as defined in RFC 8446.
@@ -62,138 +61,87 @@ export class SignatureScheme extends Enum {
   get Uint16(): Uint16;
 
   /**
-   * Generates a CertificateVerify object.
-   * @param {Uint8Array} clientHelloMsg - Client Hello message.
-   * @param {Uint8Array} serverHelloMsg - Server Hello message.
-   * @param {Uint8Array} encryptedExtensionsMsg - encryptedExtensions message
-   * @param {Uint8Array} certificateMsg - Certificate message.
-   * @param {CryptoKey} RSAprivateKey - RSA private key.
-   * @returns {Promise<CertificateVerify>} CertificateVerify object.
+   * Creates a CertificateVerify handshake instance.
+   * @param clientHelloMsg The ClientHello message.
+   * @param serverHelloMsg The ServerHello message.
+   * @param encryptedExtensionsMsg The EncryptedExtensions message.
+   * @param certificateMsg The Certificate message.
+   * @param RSAprivateKey The RSA private key.
+   * @param sha The SHA variant (256, 384, or 512).
    */
   certificateVerify(
     clientHelloMsg: Uint8Array,
     serverHelloMsg: Uint8Array,
     encryptedExtensionsMsg: Uint8Array,
     certificateMsg: Uint8Array,
-    RSAprivateKey: CryptoKey
+    RSAprivateKey: CryptoKey,
+    sha: number,
   ): Promise<CertificateVerify>;
-  
-  /**
-   * Generates a CertificateVerify Handshake object.
-   * @param {Uint8Array} clientHelloMsg - Client Hello message.
-   * @param {Uint8Array} serverHelloMsg - Server Hello message.
-   * @param {Uint8Array} encryptedExtensionsMsg - encryptedExtensions message
-   * @param {Uint8Array} certificateMsg - Certificate message.
-   * @param {CryptoKey} RSAprivateKey - RSA private key.
-   * @returns {Promise<Handshake>} Handshake of CertificateVerify object.
-   */
-  certificateVerifyMsg(
-    clientHelloMsg: Uint8Array,
-    serverHelloMsg: Uint8Array,
-    encryptedExtensionsMsg: Uint8Array,
-    certificateMsg: Uint8Array,
-    RSAprivateKey: CryptoKey
-  ): Promise<Handshake>;
 }
 
 /**
- * Represents a CertificateVerify structure.
+ * Represents a CertificateVerify message.
  */
-export class CertificateVerify extends Uint8Array {
-  /** The signature algorithm used. */
-  algorithm: SignatureScheme;
-
-  /** The signature. */
-  signature: Uint8Array;
-
+export declare class CertificateVerify extends Uint8Array {
   /**
-   * Parses a byte array into a CertificateVerify object.
-   * @param {Uint8Array} array - The byte array to parse.
-   * @returns {CertificateVerify} The parsed CertificateVerify object.
+   * Creates a CertificateVerify instance from an array.
+   * @param array The input array.
    */
-  static from(array: Uint8Array): CertificateVerify;
+  static fromMsg(array: Uint8Array): CertificateVerify;
 
-  /**
-   * Constructs a new CertificateVerify object.
-   * @param {SignatureScheme} signatureScheme - The signature scheme.
-   * @param {Uint8Array} signature - The signature.
-   */
   constructor(signatureScheme: SignatureScheme, signature: Uint8Array);
+
+  algorithm: SignatureScheme;
+  signature: Uint8Array;
 }
 
 /**
- * Represents a constrained signature.
+ * Represents a constrained Signature.
  */
-export class Signature extends Constrained {
-  /** The raw opaque signature data. */
-  opaque: Uint8Array;
-
+export declare class Signature extends Constrained {
   /**
-   * Parses a byte array into a Signature object.
-   * @param {Uint8Array} array - The byte array to parse.
-   * @returns {Signature} The parsed Signature object.
+   * Creates a Signature instance from an array.
+   * @param array The input array.
    */
   static from(array: Uint8Array): Signature;
 
-  /**
-   * Constructs a new Signature object.
-   * @param {Uint8Array} opaque - The raw opaque signature data.
-   */
   constructor(opaque: Uint8Array);
+
+  opaque: Uint8Array;
 }
 
 /**
- * Generates a signature from the provided handshake messages and an RSA private key.
- *
- * @param clientHelloMsg - The ClientHello message as a Uint8Array.
- * @param serverHelloMsg - The ServerHello message as a Uint8Array.
- * @param encryptedExtensionsMsg - The EncryptedExtensions message as a Uint8Array.
- * @param certificateMsg - The Certificate message as a Uint8Array.
- * @param RSAprivateKey - The RSA private key used for signing.
- * @param sha - The hash algorithm to use (256, 384, or 512). Defaults to 256.
- * @returns A promise that resolves to a Uint8Array containing the signature. The resulting object also includes the `transcriptHash` property.
+ * Generates a signature for the CertificateVerify message.
  */
 export declare function signatureFrom(
   clientHelloMsg: Uint8Array,
   serverHelloMsg: Uint8Array,
   encryptedExtensionsMsg: Uint8Array,
   certificateMsg: Uint8Array,
   RSAprivateKey: CryptoKey,
-  sha?: 256 | 384 | 512
+  sha?: number,
 ): Promise<Uint8Array>;
 
 /**
- * Computes the Finished message verify_data using the provided finished key and handshake messages.
- *
- * @param finishedKey - The finished key as a Uint8Array.
- * @param sha - The hash algorithm to use (256 or 384). Defaults to 256.
- * @param messages - A variable number of handshake messages to include in the transcript hash.
- * @returns A promise that resolves to a Finished instance containing the verify_data. The resulting object also includes the `transcriptHash` property.
+ * Generates a Finished message.
  */
 export declare function finished(
   finishedKey: Uint8Array,
-  sha?: 256 | 384,
+  sha: number,
   ...messages: Uint8Array[]
 ): Promise<Finished>;
 
-
 /**
- * Represents the output of the `finished` function.
+ * Represents a Finished handshake message.
  */
-export declare class Finished {
+export declare class Finished extends Uint8Array {
   /**
-   * Constructs a Finished instance.
-   * @param verifyData - The computed verify data.
+   * Creates a Finished instance from a message.
+   * @param message The input message.
    */
-  constructor(verifyData: ArrayBuffer);
+  static fromMsg(message: Uint8Array): Finished;
 
-  /**
-   * The computed verify data.
-   */
-  verifyData: ArrayBuffer;
+  constructor(verify_data: Uint8Array);
 
-  /**
-   * The hash of the handshake transcript.
-   */
-  transcriptHash: ArrayBuffer;
+  verify_data: Uint8Array;
 }