qbit/go
1
0
Fork 0
mirror of https://github.com/golang/go synced 2024-11-25 13:07:57 -07:00
Code Releases Activity

crypto/tls: Add support for ECDHE-ECDSA

Browse Source 
Add support for ECDHE-ECDSA (RFC4492), which uses an ephemeral server
key pair to perform ECDH with ECDSA signatures. Like ECDHE-RSA,
ECDHE-ECDSA also provides PFS.

R=agl
CC=golang-dev
https://golang.org/cl/7006047
This commit is contained in:
Joel Sing 2013-07-17 12:33:16 -04:00 committed by Adam Langley
parent 85a7c090c4
commit 7b7dac5e23
9 changed files with 1939 additions and 984 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/pkg/crypto/crypto.go
View File

@ -77,5 +77,8 @@ func RegisterHash(h Hash, f func() hash.Hash) {
hashes[h] = f
}
// PublicKey represents a public key using an unspecified algorithm.
type PublicKey interface{}
// PrivateKey represents a private key using an unspecified algorithm.
type PrivateKey interface{}

32
src/pkg/crypto/tls/cipher_suites.go
View File

@ -55,8 +55,11 @@ var cipherSuites = []*cipherSuite{
// Ciphersuite order is chosen so that ECDHE comes before plain RSA
// and RC4 comes before AES (because of the Lucky13 attack).
{TLS_ECDHE_RSA_WITH_RC4_128_SHA, 16, 20, 0, ecdheRSAKA, true, cipherRC4, macSHA1},
{TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 16, 20, 0, ecdheECDSAKA, true, cipherRC4, macSHA1},
{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, ecdheRSAKA, true, cipherAES, macSHA1},
{TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 16, 20, 16, ecdheECDSAKA, true, cipherAES, macSHA1},
{TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, ecdheRSAKA, true, cipherAES, macSHA1},
{TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 32, 20, 16, ecdheECDSAKA, true, cipherAES, macSHA1},
{TLS_RSA_WITH_RC4_128_SHA, 16, 20, 0, rsaKA, false, cipherRC4, macSHA1},
{TLS_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, rsaKA, false, cipherAES, macSHA1},
{TLS_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, rsaKA, false, cipherAES, macSHA1},
@ -161,8 +164,16 @@ func rsaKA(version uint16) keyAgreement {
return rsaKeyAgreement{}
}
func ecdheECDSAKA(version uint16) keyAgreement {
return &ecdheKeyAgreement{
sigType: signatureECDSA,
version: version,
}
}
func ecdheRSAKA(version uint16) keyAgreement {
return &ecdheRSAKeyAgreement{
return &ecdheKeyAgreement{
sigType: signatureRSA,
version: version,
}
}
@ -186,12 +197,15 @@ func mutualCipherSuite(have []uint16, want uint16) *cipherSuite {
// A list of the possible cipher suite ids. Taken from
// http://www.iana.org/assignments/tls-parameters/tls-parameters.xml
const (
TLS_RSA_WITH_RC4_128_SHA uint16 = 0x0005
TLS_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x000a
TLS_RSA_WITH_AES_128_CBC_SHA uint16 = 0x002f
TLS_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0035
TLS_ECDHE_RSA_WITH_RC4_128_SHA uint16 = 0xc011
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xc012
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA uint16 = 0xc013
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA uint16 = 0xc014
TLS_RSA_WITH_RC4_128_SHA uint16 = 0x0005
TLS_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x000a
TLS_RSA_WITH_AES_128_CBC_SHA uint16 = 0x002f
TLS_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0035
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA uint16 = 0xc007
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA uint16 = 0xc009
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA uint16 = 0xc00a
TLS_ECDHE_RSA_WITH_RC4_128_SHA uint16 = 0xc011
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xc012
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA uint16 = 0xc013
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA uint16 = 0xc014
)

19
src/pkg/crypto/tls/common.go
View File

@ -9,6 +9,7 @@ import (
"crypto/rand"
"crypto/x509"
"io"
"math/big"
"strings"
"sync"
"time"
@ -98,6 +99,12 @@ const (
certTypeDSSSign = 2 // A certificate containing a DSA key
certTypeRSAFixedDH = 3 // A certificate containing a static DH key
certTypeDSSFixedDH = 4 // A certificate containing a static DH key
// See RFC4492 sections 3 and 5.5.
certTypeECDSASign = 64 // A certificate containing an ECDSA-capable public key, signed with ECDSA.
certTypeRSAFixedECDH = 65 // A certificate containing an ECDH-capable public key, signed with RSA.
certTypeECDSAFixedECDH = 66 // A certificate containing an ECDH-capable public key, signed with ECDSA.
// Rest of these are reserved by the TLS spec
)
@ -120,10 +127,11 @@ type signatureAndHash struct {
}
// supportedSignatureAlgorithms contains the signature and hash algorithms that
// the code will adverse as supported both in a TLS 1.2 ClientHello and
// the code can advertise as supported both in a TLS 1.2 ClientHello and
// CertificateRequest.
var supportedSignatureAlgorithms = []signatureAndHash{
{hashSHA256, signatureRSA},
{hashSHA256, signatureECDSA},
}
// ConnectionState records basic TLS details about the connection.
@ -372,7 +380,7 @@ func (c *Config) BuildNameToCertificate() {
// A Certificate is a chain of one or more certificates, leaf first.
type Certificate struct {
Certificate [][]byte
PrivateKey crypto.PrivateKey // supported types: *rsa.PrivateKey
PrivateKey crypto.PrivateKey // supported types: *rsa.PrivateKey, *ecdsa.PrivateKey
// OCSPStaple contains an optional OCSP response which will be served
// to clients that request it.
OCSPStaple []byte
@ -395,6 +403,13 @@ type handshakeMessage interface {
unmarshal([]byte) bool
}
// TODO(jsing): Make these available to both crypto/x509 and crypto/tls.
type dsaSignature struct {
R, S *big.Int
}
type ecdsaSignature dsaSignature
var emptyConfig Config
func defaultConfig() *Config {

39
src/pkg/crypto/tls/handshake_client.go
View File

@ -6,9 +6,11 @@ package tls
import (
"bytes"
"crypto/ecdsa"
"crypto/rsa"
"crypto/subtle"
"crypto/x509"
"encoding/asn1"
"errors"
"io"
"strconv"
@ -124,7 +126,10 @@ func (c *Conn) clientHandshake() error {
}
}
if _, ok := certs[0].PublicKey.(*rsa.PublicKey); !ok {
switch certs[0].PublicKey.(type) {
case *rsa.PublicKey, *ecdsa.PublicKey:
break
default:
return c.sendAlert(alertUnsupportedCertificate)
}
@ -187,12 +192,13 @@ func (c *Conn) clientHandshake() error {
finishedHash.Write(certReq.marshal())
// For now, we only know how to sign challenges with RSA
rsaAvail := false
var rsaAvail, ecdsaAvail bool
for _, certType := range certReq.certificateTypes {
if certType == certTypeRSASign {
switch certType {
case certTypeRSASign:
rsaAvail = true
break
case certTypeECDSASign:
ecdsaAvail = true
}
}
@ -201,7 +207,7 @@ func (c *Conn) clientHandshake() error {
// certReq.certificateAuthorities
findCert:
for i, chain := range c.config.Certificates {
if !rsaAvail {
if !rsaAvail && !ecdsaAvail {
continue
}
@ -216,7 +222,10 @@ func (c *Conn) clientHandshake() error {
}
}
if x509Cert.PublicKeyAlgorithm != x509.RSA {
switch {
case rsaAvail && x509Cert.PublicKeyAlgorithm == x509.RSA:
case ecdsaAvail && x509Cert.PublicKeyAlgorithm == x509.ECDSA:
default:
continue findCert
}
@ -271,9 +280,21 @@ func (c *Conn) clientHandshake() error {
}
if chainToSend != nil {
var signed []byte
certVerify := new(certificateVerifyMsg)
digest, hashFunc := finishedHash.hashForClientCertificate()
signed, err := rsa.SignPKCS1v15(c.config.rand(), c.config.Certificates[0].PrivateKey.(*rsa.PrivateKey), hashFunc, digest)
switch key := c.config.Certificates[0].PrivateKey.(type) {
case *ecdsa.PrivateKey:
digest, _ := finishedHash.hashForClientCertificate(signatureECDSA)
r, s, err := ecdsa.Sign(c.config.rand(), key, digest)
if err == nil {
signed, err = asn1.Marshal(ecdsaSignature{r, s})
}
case *rsa.PrivateKey:
digest, hashFunc := finishedHash.hashForClientCertificate(signatureRSA)
signed, err = rsa.SignPKCS1v15(c.config.rand(), key, hashFunc, digest)
default:
err = errors.New("unknown private key type")
}
if err != nil {
return c.sendAlert(alertInternalError)
}

598
src/pkg/crypto/tls/handshake_client_test.go
View File

@ -39,16 +39,24 @@ func testClientScript(t *testing.T, name string, clientScript [][]byte, config *
}
}
func TestHandshakeClientRC4(t *testing.T) {
func TestHandshakeClientRSARC4(t *testing.T) {
var config = *testConfig
config.CipherSuites = []uint16{TLS_RSA_WITH_RC4_128_SHA}
testClientScript(t, "RC4", rc4ClientScript, &config)
testClientScript(t, "RSA-RC4", rsaRC4ClientScript, &config)
}
func TestHandshakeClientECDHEAES(t *testing.T) {
func TestHandshakeClientECDHERSAAES(t *testing.T) {
var config = *testConfig
config.CipherSuites = []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA}
testClientScript(t, "ECDHE-AES", ecdheAESClientScript, &config)
testClientScript(t, "ECDHE-RSA-AES", ecdheRSAAESClientScript, &config)
}
func TestHandshakeClientECDHECDSAAES(t *testing.T) {
var config = *testConfig
config.CipherSuites = []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA}
config.Certificates = nil
config.BuildNameToCertificate()
testClientScript(t, "ECDHE-ECDSA-AES", ecdheECDSAAESClientScript, &config)
}
func TestLongClientCerticiateChain(t *testing.T) {
@ -175,7 +183,7 @@ func TestEmptyRecords(t *testing.T) {
// CSqGSIb3DQEBBQUAA0EAhTZAc8G7GtrUWZ8tonAxRnTsg26oyDxRrzms7EC86CJG
// HZnWRiok1IsFCEv7NRFukrt3uuQSu/TIXpyBqJdgTA==
// -----END CERTIFICATE-----
var rc4ClientScript = [][]byte{
var rsaRC4ClientScript = [][]byte{
{
0x16, 0x03, 0x01, 0x00, 0x4a, 0x01, 0x00, 0x00,
0x46, 0x03, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
@ -296,7 +304,7 @@ var rc4ClientScript = [][]byte{
},
}
var ecdheAESClientScript = [][]byte{
var ecdheRSAAESClientScript = [][]byte{
{
0x16, 0x03, 0x01, 0x00, 0x4a, 0x01, 0x00, 0x00,
0x46, 0x03, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
@ -1811,265 +1819,178 @@ var clientChainCertificateScript = [][]byte{
},
}
// $ openssl s_server -tls1_2 -cert server.crt -key server.key \
// -cipher ECDHE-RSA-AES128-SHA -port 10443
// $ go test -test.run "TestRunClient" -connect -ciphersuites=0xc013 \
// -minversion=0x0303 -maxversion=0x0303
var clientTLS12Script = [][]byte{
{
0x16, 0x03, 0x01, 0x00, 0x52, 0x01, 0x00, 0x00,
0x4e, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
0x16, 0x03, 0x01, 0x00, 0x54, 0x01, 0x00, 0x00,
0x50, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xc0, 0x13,
0x01, 0x00, 0x00, 0x23, 0x00, 0x05, 0x00, 0x05,
0x01, 0x00, 0x00, 0x25, 0x00, 0x05, 0x00, 0x05,
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00,
0x08, 0x00, 0x06, 0x00, 0x17, 0x00, 0x18, 0x00,
0x19, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
0x0d, 0x00, 0x04, 0x00, 0x02, 0x04, 0x01,
0x0d, 0x00, 0x06, 0x00, 0x04, 0x04, 0x01, 0x04,
0x03,
},
{
0x16, 0x03, 0x03, 0x00, 0x54, 0x02, 0x00, 0x00,
0x50, 0x03, 0x03, 0x51, 0xcd, 0xe6, 0x5e, 0x4c,
0x36, 0x2f, 0xe1, 0x38, 0x6c, 0xff, 0x9c, 0xe2,
0x0f, 0xbb, 0x04, 0x6d, 0x82, 0xa6, 0x1a, 0x85,
0xfa, 0x8c, 0x04, 0xb7, 0xcb, 0xcc, 0x39, 0x02,
0xb3, 0x24, 0xff, 0x20, 0xaa, 0x79, 0xb0, 0x04,
0x70, 0x39, 0x7a, 0x3b, 0xd7, 0xe0, 0x16, 0x43,
0x63, 0xd2, 0x04, 0xc9, 0x4a, 0x49, 0x08, 0xf8,
0x1c, 0xf6, 0xba, 0x5f, 0xe2, 0x61, 0x8c, 0xa4,
0x3d, 0x81, 0x6a, 0x79, 0xc0, 0x13, 0x00, 0x00,
0x50, 0x03, 0x03, 0x51, 0xe5, 0x78, 0x4c, 0x64,
0x66, 0xd0, 0xee, 0x0b, 0x8b, 0xfd, 0x9b, 0xe0,
0x54, 0x3c, 0x6e, 0x05, 0x04, 0x2f, 0x77, 0x07,
0x8c, 0x04, 0xb9, 0xf6, 0xdd, 0xea, 0x1a, 0x7c,
0xdf, 0x65, 0x39, 0x20, 0xea, 0xa2, 0xef, 0x53,
0x96, 0xf5, 0x0b, 0x8a, 0x47, 0xa0, 0x7c, 0x20,
0x53, 0x75, 0xee, 0x87, 0xb9, 0xd3, 0xe2, 0xa6,
0x97, 0x64, 0xb9, 0xa6, 0xcc, 0xc0, 0xe5, 0xbf,
0x92, 0x1d, 0xee, 0x4d, 0xc0, 0x13, 0x00, 0x00,
0x08, 0x00, 0x0b, 0x00, 0x04, 0x03, 0x00, 0x01,
0x02, 0x16, 0x03, 0x03, 0x03, 0xf5, 0x0b, 0x00,
0x03, 0xf1, 0x00, 0x03, 0xee, 0x00, 0x03, 0xeb,
0x30, 0x82, 0x03, 0xe7, 0x30, 0x82, 0x02, 0xcf,
0x02, 0x16, 0x03, 0x03, 0x02, 0x39, 0x0b, 0x00,
0x02, 0x35, 0x00, 0x02, 0x32, 0x00, 0x02, 0x2f,
0x30, 0x82, 0x02, 0x2b, 0x30, 0x82, 0x01, 0xd5,
0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00,
0xb9, 0xee, 0xd4, 0xd9, 0x55, 0xa5, 0x9e, 0xb3,
0xb1, 0x35, 0x13, 0x65, 0x11, 0x20, 0xc5, 0x92,
0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30,
0x70, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
0x04, 0x06, 0x13, 0x02, 0x55, 0x4b, 0x31, 0x16,
0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c,
0x0d, 0x4f, 0x70, 0x65, 0x6e, 0x53, 0x53, 0x4c,
0x20, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x31, 0x22,
0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c,
0x19, 0x46, 0x4f, 0x52, 0x20, 0x54, 0x45, 0x53,
0x54, 0x49, 0x4e, 0x47, 0x20, 0x50, 0x55, 0x52,
0x50, 0x4f, 0x53, 0x45, 0x53, 0x20, 0x4f, 0x4e,
0x4c, 0x59, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03,
0x55, 0x04, 0x03, 0x0c, 0x1c, 0x4f, 0x70, 0x65,
0x6e, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65, 0x73,
0x74, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6d,
0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x43,
0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x31, 0x31,
0x32, 0x30, 0x38, 0x31, 0x34, 0x30, 0x31, 0x34,
0x38, 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x31, 0x30,
0x31, 0x36, 0x31, 0x34, 0x30, 0x31, 0x34, 0x38,
0x5a, 0x30, 0x64, 0x31, 0x0b, 0x30, 0x09, 0x06,
0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x4b,
0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04,
0x0a, 0x0c, 0x0d, 0x4f, 0x70, 0x65, 0x6e, 0x53,
0x53, 0x4c, 0x20, 0x47, 0x72, 0x6f, 0x75, 0x70,
0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04,
0x0b, 0x0c, 0x19, 0x46, 0x4f, 0x52, 0x20, 0x54,
0x45, 0x53, 0x54, 0x49, 0x4e, 0x47, 0x20, 0x50,
0x55, 0x52, 0x50, 0x4f, 0x53, 0x45, 0x53, 0x20,
0x4f, 0x4e, 0x4c, 0x59, 0x31, 0x19, 0x30, 0x17,
0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x10, 0x54,
0x65, 0x73, 0x74, 0x20, 0x53, 0x65, 0x72, 0x76,
0x65, 0x72, 0x20, 0x43, 0x65, 0x72, 0x74, 0x30,
0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a,
0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00,
0xf3, 0x84, 0xf3, 0x92, 0x36, 0xdc, 0xb2, 0x46,
0xca, 0x66, 0x7a, 0xe5, 0x29, 0xc5, 0xf3, 0x49,
0x28, 0x22, 0xd3, 0xb9, 0xfe, 0xe0, 0xde, 0xe4,
0x38, 0xce, 0xee, 0x22, 0x1c, 0xe9, 0x91, 0x3b,
0x94, 0xd0, 0x72, 0x2f, 0x87, 0x85, 0x59, 0x4b,
0x66, 0xb1, 0xc5, 0xf5, 0x7a, 0x85, 0x5d, 0xc2,
0x0f, 0xd3, 0x2e, 0x29, 0x58, 0x36, 0xcc, 0x48,
0x6b, 0xa2, 0xa2, 0xb5, 0x26, 0xce, 0x67, 0xe2,
0x47, 0xb6, 0xdf, 0x49, 0xd2, 0x3f, 0xfa, 0xa2,
0x10, 0xb7, 0xc2, 0x97, 0x44, 0x7e, 0x87, 0x34,
0x6d, 0x6d, 0xf2, 0x8b, 0xb4, 0x55, 0x2b, 0xd6,
0x21, 0xde, 0x53, 0x4b, 0x90, 0xea, 0xfd, 0xea,
0xf9, 0x38, 0x35, 0x2b, 0xf4, 0xe6, 0x9a, 0x0e,
0xf6, 0xbb, 0x12, 0xab, 0x87, 0x21, 0xc3, 0x2f,
0xbc, 0xf4, 0x06, 0xb8, 0x8f, 0x8e, 0x10, 0x07,
0x27, 0x95, 0xe5, 0x42, 0xcb, 0xd1, 0xd5, 0x10,
0x8c, 0x92, 0xac, 0xee, 0x0f, 0xdc, 0x23, 0x48,
0x89, 0xc9, 0xc6, 0x93, 0x0c, 0x22, 0x02, 0xe7,
0x74, 0xe7, 0x25, 0x00, 0xab, 0xf8, 0x0f, 0x5c,
0x10, 0xb5, 0x85, 0x3b, 0x66, 0x94, 0xf0, 0xfb,
0x4d, 0x57, 0x06, 0x55, 0x21, 0x22, 0x25, 0xdb,
0xf3, 0xaa, 0xa9, 0x60, 0xbf, 0x4d, 0xaa, 0x79,
0xd1, 0xab, 0x92, 0x48, 0xba, 0x19, 0x8e, 0x12,
0xec, 0x68, 0xd9, 0xc6, 0xba, 0xdf, 0xec, 0x5a,
0x1c, 0xd8, 0x43, 0xfe, 0xe7, 0x52, 0xc9, 0xcf,
0x02, 0xd0, 0xc7, 0x7f, 0xc9, 0x7e, 0xb0, 0x94,
0xe3, 0x53, 0x44, 0x58, 0x0b, 0x2e, 0xfd, 0x29,
0x74, 0xb5, 0x06, 0x9b, 0x5c, 0x44, 0x8d, 0xfb,
0x32, 0x75, 0xa4, 0x3a, 0xa8, 0x67, 0x7b, 0x87,
0x32, 0x0a, 0x50, 0x8d, 0xe1, 0xa2, 0x13, 0x4a,
0x25, 0xaf, 0xe6, 0x1c, 0xb1, 0x25, 0xbf, 0xb4,
0x99, 0xa2, 0x53, 0xd3, 0xa2, 0x02, 0xbf, 0x11,
0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0x8f,
0x30, 0x81, 0x8c, 0x30, 0x0c, 0x06, 0x03, 0x55,
0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30,
0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f,
0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x05,
0xe0, 0x30, 0x2c, 0x06, 0x09, 0x60, 0x86, 0x48,
0x01, 0x86, 0xf8, 0x42, 0x01, 0x0d, 0x04, 0x1f,
0x16, 0x1d, 0x4f, 0x70, 0x65, 0x6e, 0x53, 0x53,
0x4c, 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61,
0x74, 0x65, 0x64, 0x20, 0x43, 0x65, 0x72, 0x74,
0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x30,
0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16,
0x04, 0x14, 0x82, 0xbc, 0xcf, 0x00, 0x00, 0x13,
0xd1, 0xf7, 0x39, 0x25, 0x9a, 0x27, 0xe7, 0xaf,
0xd2, 0xef, 0x20, 0x1b, 0x6e, 0xac, 0x30, 0x1f,
0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30,
0x16, 0x80, 0x14, 0x36, 0xc3, 0x6c, 0x88, 0xe7,
0x95, 0xfe, 0xb0, 0xbd, 0xec, 0xce, 0x3e, 0x3d,
0x86, 0xab, 0x21, 0x81, 0x87, 0xda, 0xda, 0x30,
0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13,
0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13,
0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74,
0x61, 0x74, 0x65, 0x31, 0x21, 0x30, 0x1f, 0x06,
0x03, 0x55, 0x04, 0x0a, 0x13, 0x18, 0x49, 0x6e,
0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57,
0x69, 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50,
0x74, 0x79, 0x20, 0x4c, 0x74, 0x64, 0x30, 0x1e,
0x17, 0x0d, 0x31, 0x32, 0x30, 0x34, 0x30, 0x36,
0x31, 0x37, 0x31, 0x30, 0x31, 0x33, 0x5a, 0x17,
0x0d, 0x31, 0x35, 0x30, 0x34, 0x30, 0x36, 0x31,
0x37, 0x31, 0x30, 0x31, 0x33, 0x5a, 0x30, 0x45,
0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13, 0x30,
0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a,
0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61,
0x74, 0x65, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03,
0x55, 0x04, 0x0a, 0x13, 0x18, 0x49, 0x6e, 0x74,
0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, 0x69,
0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74,
0x79, 0x20, 0x4c, 0x74, 0x64, 0x30, 0x5c, 0x30,
0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82,
0x01, 0x01, 0x00, 0xa9, 0xbd, 0x4d, 0x57, 0x40,
0x74, 0xfe, 0x96, 0xe9, 0x2b, 0xd6, 0x78, 0xfd,
0xb3, 0x63, 0xcc, 0xf4, 0x0b, 0x4d, 0x12, 0xca,
0x5a, 0x74, 0x8d, 0x9b, 0xf2, 0x61, 0xe6, 0xfd,
0x06, 0x11, 0x43, 0x84, 0xfc, 0x17, 0xa0, 0xec,
0x63, 0x63, 0x36, 0xb9, 0x9e, 0x36, 0x6a, 0xb1,
0x02, 0x5a, 0x6a, 0x5b, 0x3f, 0x6a, 0xa1, 0xea,
0x05, 0x65, 0xac, 0x7e, 0x40, 0x1a, 0x48, 0x65,
0x88, 0xd1, 0x39, 0x4d, 0xd3, 0x4b, 0x77, 0xe9,
0xc8, 0xbb, 0x2b, 0x9e, 0x5a, 0xf4, 0x08, 0x34,
0x39, 0x47, 0xb9, 0x02, 0x08, 0x31, 0x9a, 0xf1,
0xd9, 0x17, 0xc5, 0xe9, 0xa6, 0xa5, 0x96, 0x4b,
0x6d, 0x40, 0xa9, 0x5b, 0x65, 0x28, 0xcb, 0xcb,
0x00, 0x03, 0x82, 0x63, 0x37, 0xd3, 0xad, 0xb1,
0x96, 0x3b, 0x76, 0xf5, 0x17, 0x16, 0x02, 0x7b,
0xbd, 0x53, 0x53, 0x46, 0x72, 0x34, 0xd6, 0x08,
0x64, 0x9d, 0xbb, 0x43, 0xfb, 0x64, 0xb1, 0x49,
0x07, 0x77, 0x09, 0x61, 0x7a, 0x42, 0x17, 0x11,
0x30, 0x0c, 0xd9, 0x27, 0x5c, 0xf5, 0x71, 0xb6,
0xf0, 0x18, 0x30, 0xf3, 0x7e, 0xf1, 0x85, 0x3f,
0x32, 0x7e, 0x4a, 0xaf, 0xb3, 0x10, 0xf7, 0x6c,
0xc6, 0x85, 0x4b, 0x2d, 0x27, 0xad, 0x0a, 0x20,
0x5c, 0xfb, 0x8d, 0x19, 0x70, 0x34, 0xb9, 0x75,
0x5f, 0x7c, 0x87, 0xd5, 0xc3, 0xec, 0x93, 0x13,
0x41, 0xfc, 0x73, 0x03, 0xb9, 0x8d, 0x1a, 0xfe,
0xf7, 0x26, 0x86, 0x49, 0x03, 0xa9, 0xc5, 0x82,
0x3f, 0x80, 0x0d, 0x29, 0x49, 0xb1, 0x8f, 0xed,
0x24, 0x1b, 0xfe, 0xcf, 0x58, 0x90, 0x46, 0xe7,
0xa8, 0x87, 0xd4, 0x1e, 0x79, 0xef, 0x99, 0x6d,
0x18, 0x9f, 0x3e, 0x8b, 0x82, 0x07, 0xc1, 0x43,
0xc7, 0xe0, 0x25, 0xb6, 0xf1, 0xd3, 0x00, 0xd7,
0x40, 0xab, 0x4b, 0x7f, 0x2b, 0x7a, 0x3e, 0xa6,
0x99, 0x4c, 0x54, 0x16, 0x03, 0x03, 0x01, 0x4d,
0x0c, 0x00, 0x01, 0x49, 0x03, 0x00, 0x17, 0x41,
0x04, 0x8f, 0x92, 0xa0, 0x20, 0xdc, 0x70, 0xce,
0xaf, 0x50, 0x44, 0xa8, 0x53, 0x15, 0xbf, 0x74,
0x0c, 0xed, 0x60, 0x26, 0xac, 0xb0, 0x07, 0x17,
0x59, 0x02, 0x6d, 0x9f, 0x45, 0x57, 0x3b, 0x9c,
0x67, 0xae, 0xb8, 0xa6, 0x70, 0xa9, 0x03, 0xb4,
0x37, 0x7b, 0xe4, 0x2f, 0x7c, 0x42, 0x4f, 0xaa,
0x9a, 0x5d, 0x10, 0x65, 0xc1, 0xa5, 0x33, 0xff,
0xc5, 0xdf, 0x24, 0xdb, 0x8f, 0xe2, 0x14, 0xee,
0x00, 0x04, 0x01, 0x01, 0x00, 0x76, 0xcf, 0xe6,
0x47, 0xcf, 0xc1, 0x58, 0xf5, 0x5d, 0x3a, 0x0b,
0xd5, 0x4e, 0xb1, 0x08, 0xa6, 0x03, 0x8b, 0xa3,
0x7b, 0x9c, 0xa2, 0x3b, 0x99, 0x7e, 0x42, 0x0d,
0x38, 0x6e, 0x9a, 0x5e, 0xf7, 0x45, 0x7f, 0xf3,
0x51, 0xa2, 0xe6, 0xae, 0x1c, 0x55, 0x2a, 0x58,
0x13, 0x55, 0xa9, 0x93, 0xac, 0x6a, 0x1e, 0xd6,
0xd9, 0x98, 0x89, 0x93, 0x16, 0x8f, 0xab, 0xc5,
0x65, 0x65, 0x62, 0x68, 0xd8, 0xbf, 0xbd, 0x4e,
0x1a, 0x17, 0x24, 0x9c, 0x3c, 0x56, 0xf5, 0x8f,
0xda, 0x6e, 0x03, 0xe7, 0xe9, 0xce, 0xe5, 0xb1,
0x68, 0xd8, 0x88, 0xdb, 0xde, 0xfe, 0x98, 0xbe,
0x9d, 0x1f, 0x86, 0xbf, 0x36, 0xe5, 0xe9, 0x77,
0xc3, 0xa6, 0xa3, 0x30, 0x60, 0x9f, 0x36, 0x65,
0x4c, 0xe5, 0xb6, 0x3f, 0xf8, 0x15, 0x76, 0xac,
0x4f, 0xb5, 0x8a, 0x98, 0xe3, 0xc2, 0xbd, 0x13,
0xff, 0x59, 0xfd, 0x22, 0xbf, 0xb3, 0x02, 0xab,
0xf1, 0x82, 0xff, 0x4c, 0x41, 0x81, 0x15, 0xa5,
0xc7, 0x56, 0x93, 0xc3, 0xb0, 0xd2, 0x70, 0x84,
0xb6, 0x27, 0x43, 0x47, 0x38, 0x3a, 0xcf, 0x20,
0xa4, 0x97, 0x61, 0xc7, 0xf9, 0xb2, 0x01, 0xea,
0x83, 0x72, 0x00, 0x74, 0x3e, 0x41, 0xd0, 0x24,
0x32, 0xf7, 0xe1, 0x68, 0xae, 0x06, 0xcb, 0x70,
0x06, 0x3a, 0x3a, 0xd3, 0x97, 0x7e, 0xaa, 0x27,
0xb7, 0xcc, 0xd3, 0x7f, 0xb2, 0x07, 0x9e, 0x85,
0x16, 0x25, 0x28, 0xee, 0xc7, 0x29, 0x09, 0x56,
0x94, 0x6c, 0x7e, 0xe4, 0x61, 0x7b, 0xc2, 0xd5,
0x03, 0x46, 0x71, 0x69, 0xc0, 0x90, 0x0e, 0x58,
0xc6, 0xef, 0xf5, 0x23, 0x03, 0x42, 0x92, 0x1a,
0x2f, 0x4b, 0x0a, 0x5d, 0x74, 0x71, 0x28, 0x5a,
0x83, 0xf2, 0x00, 0x79, 0x65, 0x89, 0x61, 0x87,
0x31, 0xf0, 0x09, 0x89, 0x6a, 0xc4, 0x48, 0xee,
0x78, 0xf1, 0x65, 0x3f, 0xe1, 0x16, 0x03, 0x03,
0x00, 0x5a, 0x0d, 0x00, 0x00, 0x52, 0x03, 0x01,
0x02, 0x40, 0x00, 0x20, 0x06, 0x01, 0x06, 0x02,
0x06, 0x03, 0x05, 0x01, 0x05, 0x02, 0x05, 0x03,
0x04, 0x01, 0x04, 0x02, 0x04, 0x03, 0x03, 0x01,
0x03, 0x02, 0x03, 0x03, 0x02, 0x01, 0x02, 0x02,
0x02, 0x03, 0x01, 0x01, 0x00, 0x2a, 0x00, 0x28,
0x30, 0x26, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03,
0x55, 0x04, 0x0a, 0x13, 0x07, 0x41, 0x63, 0x6d,
0x65, 0x20, 0x43, 0x6f, 0x31, 0x12, 0x30, 0x10,
0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x09, 0x31,
0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31,
0x0e, 0x00, 0x00, 0x00,
0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x4b,
0x00, 0x30, 0x48, 0x02, 0x41, 0x00, 0x9f, 0xb3,
0xc3, 0x84, 0x27, 0x95, 0xff, 0x12, 0x31, 0x52,
0x0f, 0x15, 0xef, 0x46, 0x11, 0xc4, 0xad, 0x80,
0xe6, 0x36, 0x5b, 0x0f, 0xdd, 0x80, 0xd7, 0x61,
0x8d, 0xe0, 0xfc, 0x72, 0x45, 0x09, 0x34, 0xfe,
0x55, 0x66, 0x45, 0x43, 0x4c, 0x68, 0x97, 0x6a,
0xfe, 0xa8, 0xa0, 0xa5, 0xdf, 0x5f, 0x78, 0xff,
0xee, 0xd7, 0x64, 0xb8, 0x3f, 0x04, 0xcb, 0x6f,
0xff, 0x2a, 0xfe, 0xfe, 0xb9, 0xed, 0x02, 0x03,
0x01, 0x00, 0x01, 0xa3, 0x81, 0xa7, 0x30, 0x81,
0xa4, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e,
0x04, 0x16, 0x04, 0x14, 0x78, 0xa6, 0x97, 0x9a,
0x63, 0xb5, 0xc5, 0xa1, 0xa5, 0x33, 0xba, 0x22,
0x7c, 0x23, 0x6e, 0x5b, 0x1b, 0x7a, 0xcc, 0x2b,
0x30, 0x75, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04,
0x6e, 0x30, 0x6c, 0x80, 0x14, 0x78, 0xa6, 0x97,
0x9a, 0x63, 0xb5, 0xc5, 0xa1, 0xa5, 0x33, 0xba,
0x22, 0x7c, 0x23, 0x6e, 0x5b, 0x1b, 0x7a, 0xcc,
0x2b, 0xa1, 0x49, 0xa4, 0x47, 0x30, 0x45, 0x31,
0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
0x13, 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11,
0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, 0x53,
0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74,
0x65, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55,
0x04, 0x0a, 0x13, 0x18, 0x49, 0x6e, 0x74, 0x65,
0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, 0x64,
0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79,
0x20, 0x4c, 0x74, 0x64, 0x82, 0x09, 0x00, 0xb1,
0x35, 0x13, 0x65, 0x11, 0x20, 0xc5, 0x92, 0x30,
0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05,
0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06,
0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
0x01, 0x05, 0x05, 0x00, 0x03, 0x41, 0x00, 0x85,
0x36, 0x40, 0x73, 0xc1, 0xbb, 0x1a, 0xda, 0xd4,
0x59, 0x9f, 0x2d, 0xa2, 0x70, 0x31, 0x46, 0x74,
0xec, 0x83, 0x6e, 0xa8, 0xc8, 0x3c, 0x51, 0xaf,
0x39, 0xac, 0xec, 0x40, 0xbc, 0xe8, 0x22, 0x46,
0x1d, 0x99, 0xd6, 0x46, 0x2a, 0x24, 0xd4, 0x8b,
0x05, 0x08, 0x4b, 0xfb, 0x35, 0x11, 0x6e, 0x92,
0xbb, 0x77, 0xba, 0xe4, 0x12, 0xbb, 0xf4, 0xc8,
0x5e, 0x9c, 0x81, 0xa8, 0x97, 0x60, 0x4c, 0x16,
0x03, 0x03, 0x00, 0x8d, 0x0c, 0x00, 0x00, 0x89,
0x03, 0x00, 0x17, 0x41, 0x04, 0x39, 0xe9, 0x59,
0x24, 0x76, 0xf0, 0x1a, 0xd6, 0x21, 0xa5, 0xbc,
0x28, 0xb9, 0xd5, 0x3d, 0xf7, 0xf3, 0xbe, 0x09,
0xff, 0xc1, 0x79, 0x33, 0x82, 0xf8, 0xe1, 0x5f,
0x1c, 0x34, 0x96, 0x3a, 0x10, 0xf2, 0x2c, 0x69,
0xab, 0x57, 0xf6, 0x20, 0xb6, 0x59, 0x1f, 0x8c,
0x3e, 0xa2, 0xac, 0x4d, 0xf2, 0x10, 0x58, 0x0b,
0x61, 0x27, 0x6c, 0x47, 0xa0, 0x52, 0xc7, 0xe6,
0x36, 0xfd, 0xb1, 0xa2, 0x49, 0x04, 0x01, 0x00,
0x40, 0x99, 0x7e, 0xf9, 0xed, 0x8b, 0x62, 0x82,
0x00, 0xde, 0x5f, 0x2f, 0xb9, 0xf9, 0x9d, 0xa1,
0xb0, 0x14, 0x05, 0xc1, 0xdd, 0xa3, 0xb9, 0x08,
0xa5, 0x36, 0xb6, 0xfe, 0x8a, 0x5b, 0x2d, 0x6e,
0xd8, 0x5a, 0x5c, 0x89, 0x84, 0x85, 0x56, 0x01,
0xaf, 0x43, 0xd3, 0x0f, 0x85, 0xd0, 0xb2, 0x35,
0x3d, 0x1d, 0xd6, 0x67, 0x52, 0x48, 0xe8, 0x82,
0x47, 0xbb, 0x2a, 0x54, 0x4a, 0x55, 0xcd, 0x10,
0x54, 0x16, 0x03, 0x03, 0x00, 0x04, 0x0e, 0x00,
0x00, 0x00,
},
{
0x16, 0x03, 0x03, 0x00, 0x07, 0x0b, 0x00, 0x00,
0x03, 0x00, 0x00, 0x00, 0x16, 0x03, 0x03, 0x00,
0x46, 0x10, 0x00, 0x00, 0x42, 0x41, 0x04, 0x1e,
0x18, 0x37, 0xef, 0x0d, 0x19, 0x51, 0x88, 0x35,
0x75, 0x71, 0xb5, 0xe5, 0x54, 0x5b, 0x12, 0x2e,
0x8f, 0x09, 0x67, 0xfd, 0xa7, 0x24, 0x20, 0x3e,
0xb2, 0x56, 0x1c, 0xce, 0x97, 0x28, 0x5e, 0xf8,
0x2b, 0x2d, 0x4f, 0x9e, 0xf1, 0x07, 0x9f, 0x6c,
0x4b, 0x5b, 0x83, 0x56, 0xe2, 0x32, 0x42, 0xe9,
0x58, 0xb6, 0xd7, 0x49, 0xa6, 0xb5, 0x68, 0x1a,
0x41, 0x03, 0x56, 0x6b, 0xdc, 0x5a, 0x89, 0x14,
0x03, 0x03, 0x00, 0x01, 0x01, 0x16, 0x03, 0x03,
0x00, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x16, 0x03, 0x03, 0x00, 0x46, 0x10, 0x00, 0x00,
0x42, 0x41, 0x04, 0x1e, 0x18, 0x37, 0xef, 0x0d,
0x19, 0x51, 0x88, 0x35, 0x75, 0x71, 0xb5, 0xe5,
0x54, 0x5b, 0x12, 0x2e, 0x8f, 0x09, 0x67, 0xfd,
0xa7, 0x24, 0x20, 0x3e, 0xb2, 0x56, 0x1c, 0xce,
0x97, 0x28, 0x5e, 0xf8, 0x2b, 0x2d, 0x4f, 0x9e,
0xf1, 0x07, 0x9f, 0x6c, 0x4b, 0x5b, 0x83, 0x56,
0xe2, 0x32, 0x42, 0xe9, 0x58, 0xb6, 0xd7, 0x49,
0xa6, 0xb5, 0x68, 0x1a, 0x41, 0x03, 0x56, 0x6b,
0xdc, 0x5a, 0x89, 0x14, 0x03, 0x03, 0x00, 0x01,
0x01, 0x16, 0x03, 0x03, 0x00, 0x40, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x1f, 0xb8, 0x47, 0xfb, 0xd2, 0xba,
0x62, 0x74, 0x63, 0x54, 0xb8, 0x03, 0x7b, 0xb9,
0x05, 0x87, 0x60, 0x6f, 0xb9, 0xfc, 0x79, 0x96,
0xce, 0xf0, 0x84, 0x77, 0x23, 0x1b, 0x44, 0x3f,
0x33, 0xe8, 0x71, 0x97, 0x9d, 0xd3, 0x7d, 0x43,
0x40, 0xd3, 0x95, 0x65, 0x1f, 0x2c, 0x30, 0xfd,
0x7f, 0xac,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x4e, 0xcb,
0x97, 0x41, 0x63, 0x39, 0xeb, 0xda, 0x04, 0x39,
0xfb, 0x67, 0x1d, 0x6d, 0xf8, 0x58, 0xd1, 0x22,
0x35, 0xe3, 0xc3, 0x9d, 0xfc, 0x4e, 0xcc, 0x71,
0x93, 0x78, 0x64, 0x39, 0x04, 0xa0, 0xa9, 0x41,
0xcf, 0x4c, 0xd6, 0x34, 0xad, 0x5c, 0xc9, 0x7a,
0x44, 0xb1, 0x1d, 0x77, 0x52, 0x01,
},
{
0x14, 0x03, 0x03, 0x00, 0x01, 0x01, 0x16, 0x03,
0x03, 0x00, 0x40, 0x64, 0x09, 0x6c, 0x06, 0x5a,
0x01, 0x24, 0x10, 0xd9, 0x92, 0x66, 0xe6, 0x28,
0x43, 0x2f, 0xba, 0x0b, 0x17, 0x61, 0x55, 0x42,
0x9d, 0xc3, 0x59, 0xba, 0x57, 0x19, 0x1b, 0x74,
0x22, 0x40, 0xc7, 0x13, 0x95, 0x83, 0xe6, 0xf3,
0x11, 0x62, 0xe6, 0xde, 0xfc, 0xf3, 0x1a, 0xd1,
0x3d, 0xce, 0xd1, 0xf9, 0xeb, 0x2e, 0x13, 0x39,
0xa6, 0xdb, 0x04, 0x79, 0xaa, 0x2d, 0xe1, 0xa4,
0xd0, 0xf9, 0x36,
0x03, 0x00, 0x40, 0x55, 0x75, 0x8a, 0x57, 0xb4,
0x53, 0xa2, 0x8f, 0xbf, 0xd3, 0x79, 0x72, 0x1e,
0x94, 0x53, 0xb3, 0x03, 0x9d, 0x4d, 0x8a, 0x1f,
0xbd, 0x25, 0x79, 0x69, 0x61, 0x65, 0xd7, 0x26,
0xad, 0xa6, 0x0e, 0x89, 0x83, 0xc0, 0xbe, 0x46,
0x51, 0xe4, 0x38, 0x7b, 0x65, 0x74, 0x6d, 0x24,
0xff, 0xd4, 0x9f, 0xcb, 0xfc, 0xd7, 0x03, 0xaa,
0x7b, 0x8e, 0x30, 0x09, 0xdb, 0xaa, 0x9d, 0xad,
0xcd, 0x56, 0xcf,
},
{
0x17, 0x03, 0x03, 0x00, 0x30, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x88, 0x3d,
0xcb, 0x65, 0xc1, 0xac, 0x94, 0xc5, 0x1d, 0x4d,
0xc5, 0x1e, 0xd4, 0x17, 0xe3, 0x83, 0xac, 0x14,
0x80, 0x92, 0x2d, 0x5b, 0x42, 0x19, 0xcb, 0x51,
0xc9, 0x48, 0xdf, 0xf6, 0x27, 0x15, 0x03, 0x03,
0x00, 0x00, 0x00, 0x00, 0x00, 0xab, 0x01, 0x46,
0xa8, 0xdd, 0x62, 0x73, 0x67, 0x99, 0x01, 0x42,
0xb2, 0x9e, 0x22, 0x18, 0xf5, 0x8f, 0x10, 0x97,
0xde, 0x58, 0x24, 0x34, 0x36, 0xa2, 0x5d, 0xf4,
0x96, 0x2a, 0xed, 0x6c, 0x06, 0x15, 0x03, 0x03,
0x00, 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0xf7, 0xc2, 0xed, 0x1a, 0x88, 0xb6,
0xb8, 0x26, 0x04, 0x31, 0x89, 0xab, 0x29, 0x34,
0xce, 0x84, 0x81, 0x33, 0x64, 0x8e, 0x53, 0xa3,
0xaf, 0x8b, 0x5a, 0x50, 0x43, 0xab, 0x77, 0x77,
0xa3, 0xc7,
0x00, 0x00, 0x9f, 0x7a, 0x9f, 0xab, 0xf5, 0x4e,
0x1c, 0x4e, 0xf4, 0xcb, 0x1a, 0x39, 0xae, 0x21,
0x85, 0x39, 0xc4, 0x51, 0xac, 0x14, 0xde, 0xa0,
0xe7, 0x70, 0x7c, 0x6a, 0x53, 0x54, 0x19, 0xbc,
0x2f, 0x32,
},
}
@ -2358,3 +2279,208 @@ var testClientChainCertificate = fromHex(
"77796d5a695731673d3d0a2d2d2d2d2d454e4420" +
"43455254494649434154452d2d2d2d2d0a",
)
// Script of interaction with openssl implementation:
//
// openssl s_server -cipher ECDHE-ECDSA-AES128-SHA \
// -key server.key -cert server.crt -port 10443
//
// The values for this test are obtained by building and running in client mode:
// % go test -test.run "TestRunClient" -connect -ciphersuites=0xc009
// The recorded bytes are written to stdout.
//
// The server private key is:
//
// -----BEGIN EC PARAMETERS-----
// BgUrgQQAIw==
// -----END EC PARAMETERS-----
// -----BEGIN EC PRIVATE KEY-----
// MIHcAgEBBEIBmIPpCa0Kyeo9M/nq5mHxeFIGlw+MqakWcvHu3Keo7xK9ZWG7JG3a
// XfS01efjqSZJvF2DoL+Sly4A5iBn0Me9mdegBwYFK4EEACOhgYkDgYYABADEoe2+
// mPkLSHM2fsMWVhEi8j1TwztNIT3Na3Xm9rDcmt8mwbyyh/ByMnyzZC8ckLzqaCMQ
// fv7jJcBIOmngKG3TNwDvBGLdDaCccGKD2IHTZDGqnpcxvZawaMCbI952ZD8aXH/p
// Eg5YWLZfcN2b2OrV1/XVzLm2nzBmW2aaIOIn5b/+Ow==
// -----END EC PRIVATE KEY-----
//
// and certificate is:
//
// -----BEGIN CERTIFICATE-----
// MIICADCCAWICCQC4vy1HoNLr9DAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw
// EQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0
// eSBMdGQwHhcNMTIxMTIyMTUwNjMyWhcNMjIxMTIwMTUwNjMyWjBFMQswCQYDVQQG
// EwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lk
// Z2l0cyBQdHkgTHRkMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAxKHtvpj5C0hz
// Nn7DFlYRIvI9U8M7TSE9zWt15vaw3JrfJsG8sofwcjJ8s2QvHJC86mgjEH7+4yXA
// SDpp4Cht0zcA7wRi3Q2gnHBig9iB02Qxqp6XMb2WsGjAmyPedmQ/Glx/6RIOWFi2
// X3Ddm9jq1df11cy5tp8wZltmmiDiJ+W//jswCQYHKoZIzj0EAQOBjAAwgYgCQgGI
// ok/r4kXFSH0brPXtmJ2uR3DAXhu2L73xtk23YUDTEaLO7gt+kn7/dp3DO36lP876
// EOJZ7EctfKzaTpcOFaBv0AJCAU38vmcTnC0FDr0/o4wlwTMTgw2UBrvUN3r27HrJ
// hi7d1xFpf4V8Vt77MXgr5Md4Da7Lvp5ONiQxe2oPOZUSB48q
// -----END CERTIFICATE-----
var ecdheECDSAAESClientScript = [][]byte{
{
0x16, 0x03, 0x01, 0x00, 0x4a, 0x01, 0x00, 0x00,
0x46, 0x03, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xc0, 0x09,
0x01, 0x00, 0x00, 0x1b, 0x00, 0x05, 0x00, 0x05,
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00,
0x08, 0x00, 0x06, 0x00, 0x17, 0x00, 0x18, 0x00,
0x19, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00,
},
{
0x16, 0x03, 0x01, 0x00, 0x54, 0x02, 0x00, 0x00,
0x50, 0x03, 0x01, 0x50, 0xd7, 0x19, 0xc9, 0x03,
0xc2, 0x3a, 0xc6, 0x1f, 0x0a, 0x84, 0x9e, 0xd7,
0xf4, 0x7e, 0x07, 0x6d, 0xa8, 0xe4, 0xa9, 0x4f,
0x22, 0x50, 0xa2, 0x19, 0x24, 0x44, 0x42, 0x65,
0xaa, 0xba, 0x3a, 0x20, 0x90, 0x70, 0xb7, 0xe5,
0x57, 0xed, 0xb1, 0xb1, 0x43, 0x4b, 0xa1, 0x4e,
0xee, 0x7a, 0x5b, 0x88, 0xf6, 0xa6, 0x73, 0x3b,
0xcb, 0xa7, 0xbd, 0x57, 0x50, 0xf2, 0x72, 0x8c,
0xbc, 0x45, 0x73, 0xaa, 0xc0, 0x09, 0x00, 0x00,
0x08, 0x00, 0x0b, 0x00, 0x04, 0x03, 0x00, 0x01,
0x02, 0x16, 0x03, 0x01, 0x02, 0x0e, 0x0b, 0x00,
0x02, 0x0a, 0x00, 0x02, 0x07, 0x00, 0x02, 0x04,
0x30, 0x82, 0x02, 0x00, 0x30, 0x82, 0x01, 0x62,
0x02, 0x09, 0x00, 0xb8, 0xbf, 0x2d, 0x47, 0xa0,
0xd2, 0xeb, 0xf4, 0x30, 0x09, 0x06, 0x07, 0x2a,
0x86, 0x48, 0xce, 0x3d, 0x04, 0x01, 0x30, 0x45,
0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13, 0x30,
0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a,
0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61,
0x74, 0x65, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03,
0x55, 0x04, 0x0a, 0x13, 0x18, 0x49, 0x6e, 0x74,
0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, 0x69,
0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74,
0x79, 0x20, 0x4c, 0x74, 0x64, 0x30, 0x1e, 0x17,
0x0d, 0x31, 0x32, 0x31, 0x31, 0x32, 0x32, 0x31,
0x35, 0x30, 0x36, 0x33, 0x32, 0x5a, 0x17, 0x0d,
0x32, 0x32, 0x31, 0x31, 0x32, 0x30, 0x31, 0x35,
0x30, 0x36, 0x33, 0x32, 0x5a, 0x30, 0x45, 0x31,
0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
0x13, 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11,
0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, 0x53,
0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74,
0x65, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55,
0x04, 0x0a, 0x13, 0x18, 0x49, 0x6e, 0x74, 0x65,
0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, 0x64,
0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79,
0x20, 0x4c, 0x74, 0x64, 0x30, 0x81, 0x9b, 0x30,
0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d,
0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00,
0x23, 0x03, 0x81, 0x86, 0x00, 0x04, 0x00, 0xc4,
0xa1, 0xed, 0xbe, 0x98, 0xf9, 0x0b, 0x48, 0x73,
0x36, 0x7e, 0xc3, 0x16, 0x56, 0x11, 0x22, 0xf2,
0x3d, 0x53, 0xc3, 0x3b, 0x4d, 0x21, 0x3d, 0xcd,
0x6b, 0x75, 0xe6, 0xf6, 0xb0, 0xdc, 0x9a, 0xdf,
0x26, 0xc1, 0xbc, 0xb2, 0x87, 0xf0, 0x72, 0x32,
0x7c, 0xb3, 0x64, 0x2f, 0x1c, 0x90, 0xbc, 0xea,
0x68, 0x23, 0x10, 0x7e, 0xfe, 0xe3, 0x25, 0xc0,
0x48, 0x3a, 0x69, 0xe0, 0x28, 0x6d, 0xd3, 0x37,
0x00, 0xef, 0x04, 0x62, 0xdd, 0x0d, 0xa0, 0x9c,
0x70, 0x62, 0x83, 0xd8, 0x81, 0xd3, 0x64, 0x31,
0xaa, 0x9e, 0x97, 0x31, 0xbd, 0x96, 0xb0, 0x68,
0xc0, 0x9b, 0x23, 0xde, 0x76, 0x64, 0x3f, 0x1a,
0x5c, 0x7f, 0xe9, 0x12, 0x0e, 0x58, 0x58, 0xb6,
0x5f, 0x70, 0xdd, 0x9b, 0xd8, 0xea, 0xd5, 0xd7,
0xf5, 0xd5, 0xcc, 0xb9, 0xb6, 0x9f, 0x30, 0x66,
0x5b, 0x66, 0x9a, 0x20, 0xe2, 0x27, 0xe5, 0xbf,
0xfe, 0x3b, 0x30, 0x09, 0x06, 0x07, 0x2a, 0x86,
0x48, 0xce, 0x3d, 0x04, 0x01, 0x03, 0x81, 0x8c,
0x00, 0x30, 0x81, 0x88, 0x02, 0x42, 0x01, 0x88,
0xa2, 0x4f, 0xeb, 0xe2, 0x45, 0xc5, 0x48, 0x7d,
0x1b, 0xac, 0xf5, 0xed, 0x98, 0x9d, 0xae, 0x47,
0x70, 0xc0, 0x5e, 0x1b, 0xb6, 0x2f, 0xbd, 0xf1,
0xb6, 0x4d, 0xb7, 0x61, 0x40, 0xd3, 0x11, 0xa2,
0xce, 0xee, 0x0b, 0x7e, 0x92, 0x7e, 0xff, 0x76,
0x9d, 0xc3, 0x3b, 0x7e, 0xa5, 0x3f, 0xce, 0xfa,
0x10, 0xe2, 0x59, 0xec, 0x47, 0x2d, 0x7c, 0xac,
0xda, 0x4e, 0x97, 0x0e, 0x15, 0xa0, 0x6f, 0xd0,
0x02, 0x42, 0x01, 0x4d, 0xfc, 0xbe, 0x67, 0x13,
0x9c, 0x2d, 0x05, 0x0e, 0xbd, 0x3f, 0xa3, 0x8c,
0x25, 0xc1, 0x33, 0x13, 0x83, 0x0d, 0x94, 0x06,
0xbb, 0xd4, 0x37, 0x7a, 0xf6, 0xec, 0x7a, 0xc9,
0x86, 0x2e, 0xdd, 0xd7, 0x11, 0x69, 0x7f, 0x85,
0x7c, 0x56, 0xde, 0xfb, 0x31, 0x78, 0x2b, 0xe4,
0xc7, 0x78, 0x0d, 0xae, 0xcb, 0xbe, 0x9e, 0x4e,
0x36, 0x24, 0x31, 0x7b, 0x6a, 0x0f, 0x39, 0x95,
0x12, 0x07, 0x8f, 0x2a, 0x16, 0x03, 0x01, 0x00,
0xd6, 0x0c, 0x00, 0x00, 0xd2, 0x03, 0x00, 0x17,
0x41, 0x04, 0x33, 0xed, 0xe1, 0x10, 0x3d, 0xe2,
0xb0, 0x81, 0x5e, 0x01, 0x1b, 0x00, 0x4a, 0x7d,
0xdc, 0xc5, 0x78, 0x02, 0xb1, 0x9a, 0x78, 0x92,
0x34, 0xd9, 0x23, 0xcc, 0x01, 0xfb, 0x0c, 0x49,
0x1c, 0x4a, 0x59, 0x8a, 0x80, 0x1b, 0x34, 0xf0,
0xe8, 0x87, 0x1b, 0x7c, 0xfb, 0x72, 0xf5, 0xea,
0xf9, 0xf3, 0xff, 0xa6, 0x3e, 0x4e, 0xac, 0xbc,
0xee, 0x14, 0x2b, 0x87, 0xd4, 0x0b, 0xda, 0x19,
0x60, 0x2b, 0x00, 0x8b, 0x30, 0x81, 0x88, 0x02,
0x42, 0x01, 0x75, 0x46, 0x4f, 0x97, 0x9f, 0xc5,
0xf9, 0x4c, 0x38, 0xcf, 0x3b, 0x37, 0x1a, 0x6b,
0x53, 0xfc, 0x05, 0x73, 0x7d, 0x98, 0x2c, 0x5b,
0x76, 0xd4, 0x37, 0x1f, 0x50, 0x6d, 0xad, 0xc6,
0x0f, 0x8f, 0x7b, 0xcc, 0x60, 0x8e, 0x04, 0x00,
0x21, 0x80, 0xa8, 0xa5, 0x98, 0xf2, 0x42, 0xf2,
0xc3, 0xf6, 0x44, 0x50, 0xc4, 0x7a, 0xae, 0x6f,
0x74, 0xa0, 0x7f, 0x07, 0x7a, 0x0b, 0xbb, 0x41,
0x9e, 0x3c, 0x0b, 0x02, 0x42, 0x01, 0xbe, 0x64,
0xaa, 0x12, 0x03, 0xfb, 0xd8, 0x4f, 0x93, 0xf9,
0x92, 0x54, 0x0d, 0x9c, 0x9d, 0x53, 0x88, 0x19,
0x69, 0x94, 0xfc, 0xd6, 0xf7, 0x60, 0xcf, 0x70,
0x64, 0x15, 0x1b, 0x02, 0x22, 0x56, 0xb0, 0x2c,
0xb1, 0x72, 0x4c, 0x9e, 0x7b, 0xf0, 0x53, 0x97,
0x43, 0xac, 0x11, 0x62, 0xe5, 0x5a, 0xf1, 0x7e,
0x87, 0x8f, 0x5c, 0x43, 0x1d, 0xae, 0x56, 0x28,
0xdb, 0x76, 0x15, 0xd8, 0x1c, 0x73, 0xce, 0x16,
0x03, 0x01, 0x00, 0x04, 0x0e, 0x00, 0x00, 0x00,
},
{
0x16, 0x03, 0x01, 0x00, 0x46, 0x10, 0x00, 0x00,
0x42, 0x41, 0x04, 0x1e, 0x18, 0x37, 0xef, 0x0d,
0x19, 0x51, 0x88, 0x35, 0x75, 0x71, 0xb5, 0xe5,
0x54, 0x5b, 0x12, 0x2e, 0x8f, 0x09, 0x67, 0xfd,
0xa7, 0x24, 0x20, 0x3e, 0xb2, 0x56, 0x1c, 0xce,
0x97, 0x28, 0x5e, 0xf8, 0x2b, 0x2d, 0x4f, 0x9e,
0xf1, 0x07, 0x9f, 0x6c, 0x4b, 0x5b, 0x83, 0x56,
0xe2, 0x32, 0x42, 0xe9, 0x58, 0xb6, 0xd7, 0x49,
0xa6, 0xb5, 0x68, 0x1a, 0x41, 0x03, 0x56, 0x6b,
0xdc, 0x5a, 0x89, 0x14, 0x03, 0x01, 0x00, 0x01,
0x01, 0x16, 0x03, 0x01, 0x00, 0x30, 0x1a, 0x45,
0x92, 0x3b, 0xac, 0x8d, 0x91, 0x89, 0xd3, 0x2c,
0xf4, 0x3c, 0x5f, 0x70, 0xf1, 0x79, 0xa5, 0x6a,
0xcf, 0x97, 0x8f, 0x3f, 0x73, 0x08, 0xca, 0x3f,
0x55, 0xb0, 0x28, 0xd1, 0x6f, 0xcd, 0x9b, 0xca,
0xb6, 0xb7, 0xd0, 0xa5, 0x21, 0x5b, 0x08, 0xf8,
0x42, 0xe2, 0xdf, 0x25, 0x6a, 0x16,
},
{
0x14, 0x03, 0x01, 0x00, 0x01, 0x01, 0x16, 0x03,
0x01, 0x00, 0x30, 0x30, 0x83, 0xb6, 0x51, 0x8a,
0x85, 0x4a, 0xee, 0xe4, 0xb6, 0xae, 0xf3, 0xc1,
0xdc, 0xd2, 0x04, 0xb3, 0xd0, 0x25, 0x47, 0x5f,
0xac, 0x83, 0xa3, 0x7d, 0xcf, 0x47, 0x92, 0xed,
0x92, 0x6c, 0xd1, 0x6e, 0xfd, 0x63, 0xf5, 0x2d,
0x89, 0xd8, 0x04, 0x8c, 0x62, 0x71, 0xae, 0x5e,
0x32, 0x48, 0xf8,
},
{
0x17, 0x03, 0x01, 0x00, 0x20, 0xcf, 0x5e, 0xba,
0xf4, 0x47, 0x32, 0x35, 0x9b, 0x85, 0xdc, 0xb3,
0xff, 0x77, 0x90, 0xd9, 0x2b, 0xbd, 0x59, 0x2a,
0x33, 0xe4, 0x6e, 0x9b, 0xfc, 0x1c, 0x73, 0x3f,
0x5e, 0x1e, 0xe3, 0xa4, 0xc2, 0x17, 0x03, 0x01,
0x00, 0x20, 0x05, 0xdf, 0x2d, 0x9b, 0x29, 0x7f,
0x97, 0xcd, 0x49, 0x04, 0x53, 0x22, 0x1a, 0xa1,
0xa1, 0xe6, 0x38, 0x3a, 0x56, 0x37, 0x1f, 0xd8,
0x3a, 0x12, 0x2c, 0xf0, 0xeb, 0x61, 0x35, 0x76,
0xe5, 0xf0, 0x15, 0x03, 0x01, 0x00, 0x20, 0xa5,
0x56, 0xb5, 0x49, 0x4b, 0xc2, 0xd4, 0x4c, 0xf6,
0x95, 0x15, 0x7d, 0x41, 0x1d, 0x5c, 0x00, 0x0e,
0x20, 0xb1, 0x0a, 0xbc, 0xc9, 0x2a, 0x09, 0x17,
0xb4, 0xaa, 0x1c, 0x79, 0xda, 0x79, 0x27,
},
}

42
src/pkg/crypto/tls/handshake_server.go
View File

@ -5,9 +5,12 @@
package tls
import (
"crypto"
"crypto/ecdsa"
"crypto/rsa"
"crypto/subtle"
"crypto/x509"
"encoding/asn1"
"errors"
"io"
)
@ -305,7 +308,10 @@ func (hs *serverHandshakeState) doFullHandshake() error {
if config.ClientAuth >= RequestClientCert {
// Request a client certificate
certReq := new(certificateRequestMsg)
certReq.certificateTypes = []byte{certTypeRSASign}
certReq.certificateTypes = []byte{
byte(certTypeRSASign),
byte(certTypeECDSASign),
}
if c.vers >= VersionTLS12 {
certReq.hasSignatureAndHash = true
certReq.signatureAndHashes = supportedSignatureAlgorithms
@ -327,7 +333,7 @@ func (hs *serverHandshakeState) doFullHandshake() error {
hs.finishedHash.Write(helloDone.marshal())
c.writeRecord(recordTypeHandshake, helloDone.marshal())
var pub *rsa.PublicKey // public key for client auth, if any
var pub crypto.PublicKey // public key for client auth, if any
msg, err := c.readHandshake()
if err != nil {
@ -372,7 +378,7 @@ func (hs *serverHandshakeState) doFullHandshake() error {
// If we received a client cert in response to our certificate request message,
// the client will send us a certificateVerifyMsg immediately after the
// clientKeyExchangeMsg. This message is a MD5SHA1 digest of all preceding
// clientKeyExchangeMsg. This message is a digest of all preceding
// handshake-layer messages that is signed using the private key corresponding
// to the client's certificate. This allows us to verify that the client is in
// possession of the private key of the certificate.
@ -386,8 +392,25 @@ func (hs *serverHandshakeState) doFullHandshake() error {
return c.sendAlert(alertUnexpectedMessage)
}
digest, hashFunc := hs.finishedHash.hashForClientCertificate()
err = rsa.VerifyPKCS1v15(pub, hashFunc, digest, certVerify.signature)
switch key := pub.(type) {
case *ecdsa.PublicKey:
ecdsaSig := new(ecdsaSignature)
if _, err = asn1.Unmarshal(certVerify.signature, ecdsaSig); err != nil {
break
}
if ecdsaSig.R.Sign() <= 0 || ecdsaSig.S.Sign() <= 0 {
err = errors.New("ECDSA signature contained zero or negative values")
break
}
digest, _ := hs.finishedHash.hashForClientCertificate(signatureECDSA)
if !ecdsa.Verify(key, digest, ecdsaSig.R, ecdsaSig.S) {
err = errors.New("ECDSA verification failure")
break
}
case *rsa.PublicKey:
digest, hashFunc := hs.finishedHash.hashForClientCertificate(signatureRSA)
err = rsa.VerifyPKCS1v15(key, hashFunc, digest, certVerify.signature)
}
if err != nil {
c.sendAlert(alertBadCertificate)
return errors.New("could not validate signature of connection nonces: " + err.Error())
@ -507,7 +530,7 @@ func (hs *serverHandshakeState) sendFinished() error {
// processCertsFromClient takes a chain of client certificates either from a
// Certificates message or from a sessionState and verifies them. It returns
// the public key of the leaf certificate.
func (hs *serverHandshakeState) processCertsFromClient(certificates [][]byte) (*rsa.PublicKey, error) {
func (hs *serverHandshakeState) processCertsFromClient(certificates [][]byte) (crypto.PublicKey, error) {
c := hs.c
hs.certsFromClient = certificates
@ -554,8 +577,11 @@ func (hs *serverHandshakeState) processCertsFromClient(certificates [][]byte) (*
}
if len(certs) > 0 {
pub, ok := certs[0].PublicKey.(*rsa.PublicKey)
if !ok {
var pub crypto.PublicKey
switch key := certs[0].PublicKey.(type) {
case *ecdsa.PublicKey, *rsa.PublicKey:
pub = key
default:
return nil, c.sendAlert(alertUnsupportedCertificate)
}
c.peerCertificates = certs

2085
src/pkg/crypto/tls/handshake_server_test.go
View File

File diff suppressed because it is too large Load Diff

99
src/pkg/crypto/tls/key_agreement.go
View File

@ -6,12 +6,14 @@ package tls
import (
"crypto"
"crypto/ecdsa"
"crypto/elliptic"
"crypto/md5"
"crypto/rsa"
"crypto/sha1"
"crypto/sha256"
"crypto/x509"
"encoding/asn1"
"errors"
"io"
"math/big"
@ -83,6 +85,15 @@ func (ka rsaKeyAgreement) generateClientKeyExchange(config *Config, clientHello
return preMasterSecret, ckx, nil
}
// sha1Hash calculates a SHA1 hash over the given byte slices.
func sha1Hash(slices [][]byte) []byte {
hsha1 := sha1.New()
for _, slice := range slices {
hsha1.Write(slice)
}
return hsha1.Sum(nil)
}
// md5SHA1Hash implements TLS 1.0's hybrid hash function which consists of the
// concatenation of an MD5 and SHA1 hash.
func md5SHA1Hash(slices [][]byte) []byte {
@ -92,12 +103,7 @@ func md5SHA1Hash(slices [][]byte) []byte {
hmd5.Write(slice)
}
copy(md5sha1, hmd5.Sum(nil))
hsha1 := sha1.New()
for _, slice := range slices {
hsha1.Write(slice)
}
copy(md5sha1[md5.Size:], hsha1.Sum(nil))
copy(md5sha1[md5.Size:], sha1Hash(slices))
return md5sha1
}
@ -112,24 +118,29 @@ func sha256Hash(slices [][]byte) []byte {
// hashForServerKeyExchange hashes the given slices and returns their digest
// and the identifier of the hash function used.
func hashForServerKeyExchange(version uint16, slices ...[]byte) ([]byte, crypto.Hash) {
func hashForServerKeyExchange(sigType uint8, version uint16, slices ...[]byte) ([]byte, crypto.Hash) {
if version >= VersionTLS12 {
return sha256Hash(slices), crypto.SHA256
}
if sigType == signatureECDSA {
return sha1Hash(slices), crypto.SHA1
}
return md5SHA1Hash(slices), crypto.MD5SHA1
}
// ecdheRSAKeyAgreement implements a TLS key agreement where the server
// generates a ephemeral EC public/private key pair and signs it. The
// pre-master secret is then calculated using ECDH.
type ecdheRSAKeyAgreement struct {
// pre-master secret is then calculated using ECDH. The signature may
// either be ECDSA or RSA.
type ecdheKeyAgreement struct {
version uint16
sigType uint8
privateKey []byte
curve elliptic.Curve
x, y *big.Int
}
func (ka *ecdheRSAKeyAgreement) generateServerKeyExchange(config *Config, cert *Certificate, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) {
func (ka *ecdheKeyAgreement) generateServerKeyExchange(config *Config, cert *Certificate, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) {
var curveid uint16
Curve:
@ -170,10 +181,30 @@ Curve:
serverECDHParams[3] = byte(len(ecdhePublic))
copy(serverECDHParams[4:], ecdhePublic)
digest, hashFunc := hashForServerKeyExchange(ka.version, clientHello.random, hello.random, serverECDHParams)
sig, err := rsa.SignPKCS1v15(config.rand(), cert.PrivateKey.(*rsa.PrivateKey), hashFunc, digest)
if err != nil {
return nil, errors.New("failed to sign ECDHE parameters: " + err.Error())
digest, hashFunc := hashForServerKeyExchange(ka.sigType, ka.version, clientHello.random, hello.random, serverECDHParams)
var sig []byte
switch ka.sigType {
case signatureECDSA:
privKey, ok := cert.PrivateKey.(*ecdsa.PrivateKey)
if !ok {
return nil, errors.New("ECDHE ECDSA requires an ECDSA server private key")
}
r, s, err := ecdsa.Sign(config.rand(), privKey, digest)
if err != nil {
return nil, errors.New("failed to sign ECDHE parameters: " + err.Error())
}
sig, err = asn1.Marshal(ecdsaSignature{r, s})
case signatureRSA:
privKey, ok := cert.PrivateKey.(*rsa.PrivateKey)
if !ok {
return nil, errors.New("ECDHE RSA requires a RSA server private key")
}
sig, err = rsa.SignPKCS1v15(config.rand(), privKey, hashFunc, digest)
if err != nil {
return nil, errors.New("failed to sign ECDHE parameters: " + err.Error())
}
default:
return nil, errors.New("unknown ECDHE signature algorithm")
}
skx := new(serverKeyExchangeMsg)
@ -186,7 +217,7 @@ Curve:
k := skx.key[len(serverECDHParams):]
if ka.version >= VersionTLS12 {
k[0] = hashSHA256
k[1] = signatureRSA
k[1] = ka.sigType
k = k[2:]
}
k[0] = byte(len(sig) >> 8)
@ -196,7 +227,7 @@ Curve:
return skx, nil
}
func (ka *ecdheRSAKeyAgreement) processClientKeyExchange(config *Config, cert *Certificate, ckx *clientKeyExchangeMsg, version uint16) ([]byte, error) {
func (ka *ecdheKeyAgreement) processClientKeyExchange(config *Config, cert *Certificate, ckx *clientKeyExchangeMsg, version uint16) ([]byte, error) {
if len(ckx.ciphertext) == 0 || int(ckx.ciphertext[0]) != len(ckx.ciphertext)-1 {
return nil, errors.New("bad ClientKeyExchange")
}
@ -214,7 +245,7 @@ func (ka *ecdheRSAKeyAgreement) processClientKeyExchange(config *Config, cert *C
var errServerKeyExchange = errors.New("invalid ServerKeyExchange")
func (ka *ecdheRSAKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) error {
func (ka *ecdheKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) error {
if len(skx.key) < 4 {
return errServerKeyExchange
}
@ -261,11 +292,39 @@ func (ka *ecdheRSAKeyAgreement) processServerKeyExchange(config *Config, clientH
}
sig = sig[2:]
digest, hashFunc := hashForServerKeyExchange(ka.version, clientHello.random, serverHello.random, serverECDHParams)
return rsa.VerifyPKCS1v15(cert.PublicKey.(*rsa.PublicKey), hashFunc, digest, sig)
digest, hashFunc := hashForServerKeyExchange(ka.sigType, ka.version, clientHello.random, serverHello.random, serverECDHParams)
switch ka.sigType {
case signatureECDSA:
pubKey, ok := cert.PublicKey.(*ecdsa.PublicKey)
if !ok {
return errors.New("ECDHE ECDSA requires a ECDSA server public key")
}
ecdsaSig := new(ecdsaSignature)
if _, err := asn1.Unmarshal(sig, ecdsaSig); err != nil {
return err
}
if ecdsaSig.R.Sign() <= 0 || ecdsaSig.S.Sign() <= 0 {
return errors.New("ECDSA signature contained zero or negative values")
}
if !ecdsa.Verify(pubKey, digest, ecdsaSig.R, ecdsaSig.S) {
return errors.New("ECDSA verification failure")
}
case signatureRSA:
pubKey, ok := cert.PublicKey.(*rsa.PublicKey)
if !ok {
return errors.New("ECDHE RSA requires a RSA server public key")
}
if err := rsa.VerifyPKCS1v15(pubKey, hashFunc, digest, sig); err != nil {
return err
}
default:
return errors.New("unknown ECDHE signature algorithm")
}
return nil
}
func (ka *ecdheRSAKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, error) {
func (ka *ecdheKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, error) {
if ka.curve == nil {
return nil, nil, errors.New("missing ServerKeyExchange message")
}

6
src/pkg/crypto/tls/prf.go
View File

@ -274,11 +274,15 @@ func (h finishedHash) serverSum(masterSecret []byte) []byte {
// hashForClientCertificate returns a digest and hash function identifier
// suitable for signing by a TLS client certificate.
func (h finishedHash) hashForClientCertificate() ([]byte, crypto.Hash) {
func (h finishedHash) hashForClientCertificate(sigType uint8) ([]byte, crypto.Hash) {
if h.version >= VersionTLS12 {
digest := h.server.Sum(nil)
return digest, crypto.SHA256
}
if sigType == signatureECDSA {
digest := h.server.Sum(nil)
return digest, crypto.SHA1
}
digest := make([]byte, 0, 36)
digest = h.serverMD5.Sum(digest)