add encryptedExtension to part of Handshake Context

Srabutdotcom · Srabutdotcom · commit be12a9b3667f · 2024-12-09T19:18:37.000+07:00
diff --git a/deno.json b/deno.json
@@ -1,6 +1,6 @@
 {
   "name": "@tls/enum",
-  "version": "0.3.7",
+  "version": "0.3.8",
   "exports": "./src/mod.ts",
   "publish": {
     "exclude": ["dist/"]
diff --git a/src/signaturescheme.js b/src/signaturescheme.js
@@ -77,12 +77,12 @@ export class SignatureScheme extends Enum {
     */
    get Uint16() { return Uint16.fromValue(+this); }
 
-   async certificateVerify(clientHelloMsg, serverHelloMsg, certificateMsg, RSAprivateKey) {
-      const signature = await signatureFrom(clientHelloMsg, serverHelloMsg, certificateMsg, RSAprivateKey)
+   async certificateVerify(clientHelloMsg, serverHelloMsg, encryptedExtensionsMsg, certificateMsg, RSAprivateKey) {
+      const signature = await signatureFrom(clientHelloMsg, serverHelloMsg, encryptedExtensionsMsg, certificateMsg, RSAprivateKey)
       return new CertificateVerify(this, signature)
    }
-   async certificateVerifyMsg(clientHelloMsg, serverHelloMsg, certificateMsg, RSAprivateKey){
-      const certificateVerify = await this.certificateVerify(clientHelloMsg, serverHelloMsg, certificateMsg, RSAprivateKey);
+   async certificateVerifyMsg(clientHelloMsg, serverHelloMsg, encryptedExtensionsMsg, certificateMsg, RSAprivateKey){
+      const certificateVerify = await this.certificateVerify(clientHelloMsg, serverHelloMsg, encryptedExtensionsMsg, certificateMsg, RSAprivateKey);
       return HandshakeType.CERTIFICATE_VERIFY.handshake(certificateVerify);
    }
 }
@@ -118,7 +118,7 @@ export class Signature extends Constrained {
    }
 }
 
-async function signatureFrom(clientHelloMsg, serverHelloMsg, certificateMsg, RSAprivateKey) {
+async function signatureFrom(clientHelloMsg, serverHelloMsg, encryptedExtensionsMsg, certificateMsg, RSAprivateKey) {
    const leading = Uint8Array.of(
       //NOTE 64 space characters 
       32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32,
@@ -130,6 +130,7 @@ async function signatureFrom(clientHelloMsg, serverHelloMsg, certificateMsg, RSA
    const transcriptHash = sha256.create()
       .update(clientHelloMsg)
       .update(serverHelloMsg)
+      .update(encryptedExtensionsMsg)
       .update(certificateMsg)
       .digest();
 
diff --git a/test/signaturescheme_test.js b/test/signaturescheme_test.js
@@ -1,6 +1,7 @@
 import { SignatureScheme, CertificateVerify, finished, Finished } from "../src/signaturescheme.js";
 import { assertEquals } from "jsr:@std/assert";
 import { HexaDecimal, sha256 } from "../src/dep.ts";
+import { HandshakeType } from "../src/handshaketype.js"
 
 console.log(SignatureScheme.ED448);
 
@@ -36,6 +37,11 @@ const serverHelloMsg = HexaDecimal.fromString(
    20 95 fe 66 76 2b db f7 c6 72 e1 56 d6 cc 25 3b 83 3d f1 dd 69
    b1 b0 4e 75 1f 0f 00 2b 00 02 03 04`).byte
 
+const encryptedExtensionsMsg = HandshakeType.ENCRYPTED_EXTENSIONS.handshake(HexaDecimal.fromString(`00 22 00 0a 00 14 00
+      12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 1c
+      00 02 40 01 00 00 00 00
+`).byte).byte
+
 const certificateMsg = HexaDecimal.fromString(
    `0b 00 01 b9 00 00 01 b5 00 01 b0 30 82
    01 ac 30 82 01 15 a0 03 02 01 02 02 01 02 30 0d 06 09 2a 86 48
@@ -72,18 +78,19 @@ const rsaKey = await crypto.subtle.generateKey(
 )
 
 Deno.test("CertificateVerify", async () => {
-   const test = await SignatureScheme.RSA_PSS_PSS_SHA256.certificateVerify(clientHelloMsg, serverHelloMsg, certificateMsg, rsaKey.privateKey)
+   const test = await SignatureScheme.RSA_PSS_PSS_SHA256.certificateVerify(clientHelloMsg, serverHelloMsg, encryptedExtensionsMsg, certificateMsg, rsaKey.privateKey)
    const back = CertificateVerify.from(test)
    assertEquals(test.toString(), back.toString())
 })
 
 
 Deno.test("Finished", async ()=>{
-   const test = await SignatureScheme.RSA_PSS_PSS_SHA256.certificateVerifyMsg(clientHelloMsg, serverHelloMsg, certificateMsg, rsaKey.privateKey)
+   const test = await SignatureScheme.RSA_PSS_PSS_SHA256.certificateVerifyMsg(clientHelloMsg, serverHelloMsg, encryptedExtensionsMsg, certificateMsg, rsaKey.privateKey)
    //const back = CertificateVerify.from(test)
    const serverHS_secret_fake = crypto.getRandomValues(new Uint8Array(32));
    const _finished = await finished(serverHS_secret_fake, test);
    const finishedBack = Finished.from(_finished);
    assertEquals(_finished.toString(), finishedBack.toString())
 })
 
+
diff --git a/type/signaturescheme.d.ts b/type/signaturescheme.d.ts
@@ -1,5 +1,6 @@
 import { Constrained, Uint16 } from "../src/dep.ts";
 import { Enum } from "../src/enum.js";
+import type { Handshake } from "../src/handshaketype.js";
 
 /**
  * Enumeration of signature schemes as defined in RFC 8446.
@@ -64,16 +65,35 @@ export class SignatureScheme extends Enum {
    * Generates a CertificateVerify object.
    * @param {Uint8Array} clientHelloMsg - Client Hello message.
    * @param {Uint8Array} serverHelloMsg - Server Hello message.
+   * @param {Uint8Array} encryptedExtensionsMsg - encryptedExtensions message
    * @param {Uint8Array} certificateMsg - Certificate message.
    * @param {CryptoKey} RSAprivateKey - RSA private key.
    * @returns {Promise<CertificateVerify>} CertificateVerify object.
    */
   certificateVerify(
     clientHelloMsg: Uint8Array,
     serverHelloMsg: Uint8Array,
+    encryptedExtensionsMsg: Uint8Array,
     certificateMsg: Uint8Array,
     RSAprivateKey: CryptoKey
   ): Promise<CertificateVerify>;
+  
+  /**
+   * Generates a CertificateVerify Handshake object.
+   * @param {Uint8Array} clientHelloMsg - Client Hello message.
+   * @param {Uint8Array} serverHelloMsg - Server Hello message.
+   * @param {Uint8Array} encryptedExtensionsMsg - encryptedExtensions message
+   * @param {Uint8Array} certificateMsg - Certificate message.
+   * @param {CryptoKey} RSAprivateKey - RSA private key.
+   * @returns {Promise<Handshake>} Handshake of CertificateVerify object.
+   */
+  certificateVerifyMsg(
+    clientHelloMsg: Uint8Array,
+    serverHelloMsg: Uint8Array,
+    encryptedExtensionsMsg: Uint8Array,
+    certificateMsg: Uint8Array,
+    RSAprivateKey: CryptoKey
+  ): Promise<Handshake>;
 }
 
 /**
@@ -133,6 +153,7 @@ export class Signature extends Constrained {
 export function signatureFrom(
   clientHelloMsg: Uint8Array,
   serverHelloMsg: Uint8Array,
+  encryptedExtensionsMsg: Uint8Array,
   certificateMsg: Uint8Array,
   RSAprivateKey: CryptoKey
 ): Promise<Uint8Array>;

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@tls/enum",`
`3`		`- "version": "0.3.7",`
	`3`	`+ "version": "0.3.8",`
`4`	`4`	`"exports": "./src/mod.ts",`
`5`	`5`	`"publish": {`
`6`	`6`	`"exclude": ["dist/"]`
Original file line number	Diff line number	Diff line change
`@@ -77,12 +77,12 @@ export class SignatureScheme extends Enum {`
`77`	`77`	`*/`
`78`	`78`	`get Uint16() { return Uint16.fromValue(+this); }`
`79`	`79`
`80`		`- async certificateVerify(clientHelloMsg, serverHelloMsg, certificateMsg, RSAprivateKey) {`
`81`		`- const signature = await signatureFrom(clientHelloMsg, serverHelloMsg, certificateMsg, RSAprivateKey)`
	`80`	`+ async certificateVerify(clientHelloMsg, serverHelloMsg, encryptedExtensionsMsg, certificateMsg, RSAprivateKey) {`
	`81`	`+ const signature = await signatureFrom(clientHelloMsg, serverHelloMsg, encryptedExtensionsMsg, certificateMsg, RSAprivateKey)`
`82`	`82`	`return new CertificateVerify(this, signature)`
`83`	`83`	`}`
`84`		`- async certificateVerifyMsg(clientHelloMsg, serverHelloMsg, certificateMsg, RSAprivateKey){`
`85`		`- const certificateVerify = await this.certificateVerify(clientHelloMsg, serverHelloMsg, certificateMsg, RSAprivateKey);`
	`84`	`+ async certificateVerifyMsg(clientHelloMsg, serverHelloMsg, encryptedExtensionsMsg, certificateMsg, RSAprivateKey){`
	`85`	`+ const certificateVerify = await this.certificateVerify(clientHelloMsg, serverHelloMsg, encryptedExtensionsMsg, certificateMsg, RSAprivateKey);`
`86`	`86`	`return HandshakeType.CERTIFICATE_VERIFY.handshake(certificateVerify);`
`87`	`87`	`}`
`88`	`88`	`}`
`@@ -118,7 +118,7 @@ export class Signature extends Constrained {`
`118`	`118`	`}`
`119`	`119`	`}`
`120`	`120`
`121`		`-async function signatureFrom(clientHelloMsg, serverHelloMsg, certificateMsg, RSAprivateKey) {`
	`121`	`+async function signatureFrom(clientHelloMsg, serverHelloMsg, encryptedExtensionsMsg, certificateMsg, RSAprivateKey) {`
`122`	`122`	`const leading = Uint8Array.of(`
`123`	`123`	`//NOTE 64 space characters`
`124`	`124`	`32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32,`
`@@ -130,6 +130,7 @@ async function signatureFrom(clientHelloMsg, serverHelloMsg, certificateMsg, RSA`
`130`	`130`	`const transcriptHash = sha256.create()`
`131`	`131`	`.update(clientHelloMsg)`
`132`	`132`	`.update(serverHelloMsg)`
	`133`	`+ .update(encryptedExtensionsMsg)`
`133`	`134`	`.update(certificateMsg)`
`134`	`135`	`.digest();`
`135`	`136`