AtHeartEngineer/circuits
1
0
Fork 0
mirror of https://github.com/tlsnotary/circuits.git synced 2026-01-07 22:13:53 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
circuits/c3.casm
themighty1 36e1288432 split c3 into two circuits to enforce same cwk/civ for Client_Finished and the request 
add write-up about all TLS PRF steps
2022-03-07 17:20:38 +03:00

60 lines
2.0 KiB
Plaintext
Raw Permalink Blame History

# TLS stage 3.
# Compute expanded p1 which consists of client_write_key + server_write_key
# Compute expanded p2 which consists of client_IV + server_IV
12 2562
2 576 832
# notary inputs
# 256: outer hash state
# 128: output mask1 (for swk)
# 128: output mask2 (for cwk)
# 32: output mask3 (for siv)
# 32: output mask4 (for civ)
# client inputs
# 256: inner hash state for p1_expanded_keys
# 256: inner hash state for p2_expanded_keys
# 128: output mask1 (for swk)
# 128: output mask2 (for cwk)
# 32: output mask3 (for siv)
# 32: output mask4 (for civ)
1 320
# all outputs go to the evaluator
# 128: server_write_key xor-masked twice (by mask1)
# 128: client_write_key xor-masked twice (by mask2)
# 32 : server IV xor-masked twice (by mask3)
# 32 : client IV xor-masked twice (by mask4)
2 1 0 0 1408 XOR # 0
1 1 1408 1409 INV # 1
# pad outer hash digest as the last chunk of sha256
# total length of bits in outer sha256: L == 512+256 ==768 should be the last 64 bits
# 768 in binary is 0000 0011 0000 0000
# to be hashed: 256 bits inner hash digest + 1 + 191 bits of 0 + 48 bits of 0 + 0000 0011 0000 0000
# the result is p1:
# 8 zeroes 1 1 245 zeroes 1 C input 1 N input 1
768 256 [1408*8] 1409 1409 [1408*245] 1409 [576|>256] [0|>256] [1410|>256] sha256.txt
# the result is p2 (client IV is the top-most 32 bits):
# 8 zeroes 1 1 245 zeroes 1 C input 2 N input 1
768 256 [1408*8] 1409 1409 [1408*245] 1409 [832|>256] [0|>256] [1666|>256] sha256.txt
#prepare all outputs
# xor swk/cwk/siv/civ with notary's masks
256 128 [1410|>128] [256|>128] [1922|>128] xor128bits.casm
256 128 [1538|>128] [384|>128] [2050|>128] xor128bits.casm
64 32 [1858|>32] [512|>32] [2178|>32] xor32bits.casm
64 32 [1890|>32] [544|>32] [2210|>32] xor32bits.casm
# xor the result with client's masks
256 128 [1922|>128] [1088|>128] [2242|>128] xor128bits.casm
256 128 [2050|>128] [1216|>128] [2370|>128] xor128bits.casm
64 32 [2178|>32] [1344|>32] [2498|>32] xor32bits.casm
64 32 [2210|>32] [1376|>32] [2530|>32] xor32bits.casm
Reference in New Issue View Git Blame Copy Permalink