AtHeartEngineer/circuits
1
0
Fork 0
mirror of https://github.com/tlsnotary/circuits.git synced 2026-01-07 22:13:53 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
circuits/c2.casm
themighty1 36e1288432 split c3 into two circuits to enforce same cwk/civ for Client_Finished and the request 
add write-up about all TLS PRF steps
2022-03-07 17:20:38 +03:00

63 lines
2.0 KiB
Plaintext
Raw Permalink Blame History

# TLS stage 2
# Computes the master secret (MS).
# Outputs sha256(ms xor opad) called "ms outer hash state" to N and also outputs
# sha256(ms xor ipad) called "ms inner hash state" to C.
14 3730
2 512 640
# notary inputs
# 256: pms outer hash state
# 256: output mask
# client inputs
# 256: inner hash of p1
# 128: p2 = hmac.new(secret, a2+seed, hashlib.sha256).digest()
# 256: output mask
1 512
# all outputs go to the evaluator
# 256: ms outer hash state xor-masked by notary
# 256: ms inner hash state xor-masked by client
# pad inner hash as the last chunk for sha256
2 1 0 0 1152 XOR # 0
1 1 1152 1153 INV # 1
# total length of bits in outer sha256: L == 512+256 == 768 should be the last 64 bits
# 768 in binary is 0000 0011 0000 0000
# to be hashed: 256 bits inner hash + 1 + 191 bits of 0 + 48 bits of 0 + 0000 0011 0000 0000
# note that inputs start in lsb position
# 8-zeros 1 1 245-zeros 1 inner hash outer hash
768 256 [1152*8] 1153 1153 [1152*245] 1153 [512|>256] [0|>256] [1154|>256] sha256.txt
# master secret == [1154|>256] + [768|>128] == p1+p2 (48 bytes)
1 8 0 [1410|>8] getIpadByte.casm
1 8 0 [1418|>8] getOpadByte.casm
8 128 [1410|>8] [1426|>128] repeatByte16Times.casm
8 128 [1418|>8] [1554|>128] repeatByte16Times.casm
# for ipad
# xor the last 16 bytes of MS
256 128 [1426|>128] [768|>128] [1682|>128] xor128bits.casm
# xor the first 32 bytes of MS
512 256 [1426|>128] [1426|>128] [1154|>256] [1810|>256] xor256bits.casm
# same for opad
# xor the last 16 bytes of MS
256 128 [1554|>128] [768|>128] [2066|>128] xor128bits.casm
# xor the first 32 bytes of MS
512 256 [1554|>128] [1554|>128] [1154|>256] [2194|>256] xor256bits.casm
2 256 0 1 [2450|>256] getSha256InitialState.casm
#-------10 gates at this point
768 256 [1554|>128] [2066|>384] [2450|>256] [2706|>256] sha256.txt # outer
768 256 [1426|>128] [1682|>384] [2450|>256] [2962|>256] sha256.txt # inner
512 256 [2706|>256] [256|>256] [3218|>256] xor256bits.casm
512 256 [2962|>256] [896|>256] [3474|>256] xor256bits.casm
Reference in New Issue View Git Blame Copy Permalink