mirror of https://github.com/ctz/rustls
prepare State trait to handle borrowed types
Co-authored-by: Jorge Aparicio <jorge.aparicio@ferrous-systems.com>
This commit is contained in:
parent
0423bb69e7
commit
65370b8de1
|
@ -39,8 +39,8 @@ use alloc::vec;
|
|||
use alloc::vec::Vec;
|
||||
use core::ops::Deref;
|
||||
|
||||
pub(super) type NextState = Box<dyn State<ClientConnectionData>>;
|
||||
pub(super) type NextStateOrError = Result<NextState, Error>;
|
||||
pub(super) type NextState<'a> = Box<dyn State<ClientConnectionData> + 'a>;
|
||||
pub(super) type NextStateOrError<'a> = Result<NextState<'a>, Error>;
|
||||
pub(super) type ClientContext<'a> = crate::common_state::Context<'a, ClientConnectionData>;
|
||||
|
||||
fn find_session(
|
||||
|
@ -95,7 +95,7 @@ pub(super) fn start_handshake(
|
|||
extra_exts: Vec<ClientExtension>,
|
||||
config: Arc<ClientConfig>,
|
||||
cx: &mut ClientContext<'_>,
|
||||
) -> NextStateOrError {
|
||||
) -> NextStateOrError<'static> {
|
||||
let mut transcript_buffer = HandshakeHashBuffer::new();
|
||||
if config
|
||||
.client_auth_cert_resolver
|
||||
|
@ -196,7 +196,7 @@ fn emit_client_hello_for_retry(
|
|||
suite: Option<SupportedCipherSuite>,
|
||||
mut input: ClientHelloInput,
|
||||
cx: &mut ClientContext<'_>,
|
||||
) -> NextState {
|
||||
) -> NextState<'static> {
|
||||
let config = &input.config;
|
||||
let support_tls12 = config.supports_version(ProtocolVersion::TLSv1_2) && !cx.common.is_quic();
|
||||
let support_tls13 = config.supports_version(ProtocolVersion::TLSv1_3);
|
||||
|
@ -481,7 +481,14 @@ pub(super) fn process_alpn_protocol(
|
|||
}
|
||||
|
||||
impl State<ClientConnectionData> for ExpectServerHello {
|
||||
fn handle(mut self: Box<Self>, cx: &mut ClientContext<'_>, m: Message) -> NextStateOrError {
|
||||
fn handle<'m>(
|
||||
mut self: Box<Self>,
|
||||
cx: &mut ClientContext<'_>,
|
||||
m: Message<'m>,
|
||||
) -> NextStateOrError<'m>
|
||||
where
|
||||
Self: 'm,
|
||||
{
|
||||
let server_hello =
|
||||
require_handshake_msg!(m, HandshakeType::ServerHello, HandshakePayload::ServerHello)?;
|
||||
trace!("We got ServerHello {:#?}", server_hello);
|
||||
|
@ -671,10 +678,14 @@ impl State<ClientConnectionData> for ExpectServerHello {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
fn into_owned(self: Box<Self>) -> NextState<'static> {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
||||
impl ExpectServerHelloOrHelloRetryRequest {
|
||||
fn into_expect_server_hello(self) -> NextState {
|
||||
fn into_expect_server_hello(self) -> NextState<'static> {
|
||||
Box::new(self.next)
|
||||
}
|
||||
|
||||
|
@ -682,7 +693,7 @@ impl ExpectServerHelloOrHelloRetryRequest {
|
|||
self,
|
||||
cx: &mut ClientContext<'_>,
|
||||
m: Message,
|
||||
) -> NextStateOrError {
|
||||
) -> NextStateOrError<'static> {
|
||||
let hrr = require_handshake_msg!(
|
||||
m,
|
||||
HandshakeType::HelloRetryRequest,
|
||||
|
@ -847,7 +858,14 @@ impl ExpectServerHelloOrHelloRetryRequest {
|
|||
}
|
||||
|
||||
impl State<ClientConnectionData> for ExpectServerHelloOrHelloRetryRequest {
|
||||
fn handle(self: Box<Self>, cx: &mut ClientContext<'_>, m: Message) -> NextStateOrError {
|
||||
fn handle<'m>(
|
||||
self: Box<Self>,
|
||||
cx: &mut ClientContext<'_>,
|
||||
m: Message<'m>,
|
||||
) -> NextStateOrError<'m>
|
||||
where
|
||||
Self: 'm,
|
||||
{
|
||||
match m.payload {
|
||||
MessagePayload::Handshake {
|
||||
parsed:
|
||||
|
@ -874,6 +892,10 @@ impl State<ClientConnectionData> for ExpectServerHelloOrHelloRetryRequest {
|
|||
)),
|
||||
}
|
||||
}
|
||||
|
||||
fn into_owned(self: Box<Self>) -> NextState<'static> {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
||||
enum ClientSessionValue {
|
||||
|
|
|
@ -61,7 +61,7 @@ mod server_hello {
|
|||
suite: &'static Tls12CipherSuite,
|
||||
server_hello: &ServerHelloPayload,
|
||||
tls13_supported: bool,
|
||||
) -> hs::NextStateOrError {
|
||||
) -> hs::NextStateOrError<'static> {
|
||||
self.randoms
|
||||
.server
|
||||
.clone_from_slice(&server_hello.random.0[..]);
|
||||
|
@ -194,11 +194,14 @@ struct ExpectCertificate {
|
|||
}
|
||||
|
||||
impl State<ClientConnectionData> for ExpectCertificate {
|
||||
fn handle(
|
||||
fn handle<'m>(
|
||||
mut self: Box<Self>,
|
||||
_cx: &mut ClientContext<'_>,
|
||||
m: Message,
|
||||
) -> hs::NextStateOrError {
|
||||
m: Message<'m>,
|
||||
) -> hs::NextStateOrError<'m>
|
||||
where
|
||||
Self: 'm,
|
||||
{
|
||||
self.transcript.add_message(&m);
|
||||
let server_cert_chain = require_handshake_msg_move!(
|
||||
m,
|
||||
|
@ -236,6 +239,10 @@ impl State<ClientConnectionData> for ExpectCertificate {
|
|||
}))
|
||||
}
|
||||
}
|
||||
|
||||
fn into_owned(self: Box<Self>) -> hs::NextState<'static> {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
||||
struct ExpectCertificateStatusOrServerKx {
|
||||
|
@ -252,7 +259,14 @@ struct ExpectCertificateStatusOrServerKx {
|
|||
}
|
||||
|
||||
impl State<ClientConnectionData> for ExpectCertificateStatusOrServerKx {
|
||||
fn handle(self: Box<Self>, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError {
|
||||
fn handle<'m>(
|
||||
self: Box<Self>,
|
||||
cx: &mut ClientContext<'_>,
|
||||
m: Message<'m>,
|
||||
) -> hs::NextStateOrError<'m>
|
||||
where
|
||||
Self: 'm,
|
||||
{
|
||||
match m.payload {
|
||||
MessagePayload::Handshake {
|
||||
parsed:
|
||||
|
@ -304,6 +318,10 @@ impl State<ClientConnectionData> for ExpectCertificateStatusOrServerKx {
|
|||
)),
|
||||
}
|
||||
}
|
||||
|
||||
fn into_owned(self: Box<Self>) -> hs::NextState<'static> {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
||||
struct ExpectCertificateStatus {
|
||||
|
@ -320,11 +338,14 @@ struct ExpectCertificateStatus {
|
|||
}
|
||||
|
||||
impl State<ClientConnectionData> for ExpectCertificateStatus {
|
||||
fn handle(
|
||||
fn handle<'m>(
|
||||
mut self: Box<Self>,
|
||||
_cx: &mut ClientContext<'_>,
|
||||
m: Message,
|
||||
) -> hs::NextStateOrError {
|
||||
m: Message<'m>,
|
||||
) -> hs::NextStateOrError<'m>
|
||||
where
|
||||
Self: 'm,
|
||||
{
|
||||
self.transcript.add_message(&m);
|
||||
let server_cert_ocsp_response = require_handshake_msg_move!(
|
||||
m,
|
||||
|
@ -353,6 +374,10 @@ impl State<ClientConnectionData> for ExpectCertificateStatus {
|
|||
must_issue_new_ticket: self.must_issue_new_ticket,
|
||||
}))
|
||||
}
|
||||
|
||||
fn into_owned(self: Box<Self>) -> hs::NextState<'static> {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
||||
struct ExpectServerKx {
|
||||
|
@ -369,7 +394,14 @@ struct ExpectServerKx {
|
|||
}
|
||||
|
||||
impl State<ClientConnectionData> for ExpectServerKx {
|
||||
fn handle(mut self: Box<Self>, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError {
|
||||
fn handle<'m>(
|
||||
mut self: Box<Self>,
|
||||
cx: &mut ClientContext<'_>,
|
||||
m: Message<'m>,
|
||||
) -> hs::NextStateOrError<'m>
|
||||
where
|
||||
Self: 'm,
|
||||
{
|
||||
let opaque_kx = require_handshake_msg!(
|
||||
m,
|
||||
HandshakeType::ServerKeyExchange,
|
||||
|
@ -410,6 +442,10 @@ impl State<ClientConnectionData> for ExpectServerKx {
|
|||
must_issue_new_ticket: self.must_issue_new_ticket,
|
||||
}))
|
||||
}
|
||||
|
||||
fn into_owned(self: Box<Self>) -> hs::NextState<'static> {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
||||
fn emit_certificate(
|
||||
|
@ -535,7 +571,14 @@ struct ExpectServerDoneOrCertReq {
|
|||
}
|
||||
|
||||
impl State<ClientConnectionData> for ExpectServerDoneOrCertReq {
|
||||
fn handle(mut self: Box<Self>, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError {
|
||||
fn handle<'m>(
|
||||
mut self: Box<Self>,
|
||||
cx: &mut ClientContext<'_>,
|
||||
m: Message<'m>,
|
||||
) -> hs::NextStateOrError<'m>
|
||||
where
|
||||
Self: 'm,
|
||||
{
|
||||
if matches!(
|
||||
m.payload,
|
||||
MessagePayload::Handshake {
|
||||
|
@ -580,6 +623,10 @@ impl State<ClientConnectionData> for ExpectServerDoneOrCertReq {
|
|||
.handle(cx, m)
|
||||
}
|
||||
}
|
||||
|
||||
fn into_owned(self: Box<Self>) -> hs::NextState<'static> {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
||||
struct ExpectCertificateRequest {
|
||||
|
@ -597,11 +644,14 @@ struct ExpectCertificateRequest {
|
|||
}
|
||||
|
||||
impl State<ClientConnectionData> for ExpectCertificateRequest {
|
||||
fn handle(
|
||||
fn handle<'m>(
|
||||
mut self: Box<Self>,
|
||||
_cx: &mut ClientContext<'_>,
|
||||
m: Message,
|
||||
) -> hs::NextStateOrError {
|
||||
m: Message<'m>,
|
||||
) -> hs::NextStateOrError<'m>
|
||||
where
|
||||
Self: 'm,
|
||||
{
|
||||
let certreq = require_handshake_msg!(
|
||||
m,
|
||||
HandshakeType::CertificateRequest,
|
||||
|
@ -641,6 +691,10 @@ impl State<ClientConnectionData> for ExpectCertificateRequest {
|
|||
must_issue_new_ticket: self.must_issue_new_ticket,
|
||||
}))
|
||||
}
|
||||
|
||||
fn into_owned(self: Box<Self>) -> hs::NextState<'static> {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
||||
struct ExpectServerDone {
|
||||
|
@ -659,7 +713,14 @@ struct ExpectServerDone {
|
|||
}
|
||||
|
||||
impl State<ClientConnectionData> for ExpectServerDone {
|
||||
fn handle(self: Box<Self>, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError {
|
||||
fn handle<'m>(
|
||||
self: Box<Self>,
|
||||
cx: &mut ClientContext<'_>,
|
||||
m: Message<'m>,
|
||||
) -> hs::NextStateOrError<'m>
|
||||
where
|
||||
Self: 'm,
|
||||
{
|
||||
match m.payload {
|
||||
MessagePayload::Handshake {
|
||||
parsed:
|
||||
|
@ -843,6 +904,10 @@ impl State<ClientConnectionData> for ExpectServerDone {
|
|||
}))
|
||||
}
|
||||
}
|
||||
|
||||
fn into_owned(self: Box<Self>) -> hs::NextState<'static> {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
||||
struct ExpectNewTicket {
|
||||
|
@ -859,11 +924,14 @@ struct ExpectNewTicket {
|
|||
}
|
||||
|
||||
impl State<ClientConnectionData> for ExpectNewTicket {
|
||||
fn handle(
|
||||
fn handle<'m>(
|
||||
mut self: Box<Self>,
|
||||
_cx: &mut ClientContext<'_>,
|
||||
m: Message,
|
||||
) -> hs::NextStateOrError {
|
||||
m: Message<'m>,
|
||||
) -> hs::NextStateOrError<'m>
|
||||
where
|
||||
Self: 'm,
|
||||
{
|
||||
self.transcript.add_message(&m);
|
||||
|
||||
let nst = require_handshake_msg_move!(
|
||||
|
@ -886,6 +954,10 @@ impl State<ClientConnectionData> for ExpectNewTicket {
|
|||
sig_verified: self.sig_verified,
|
||||
}))
|
||||
}
|
||||
|
||||
fn into_owned(self: Box<Self>) -> hs::NextState<'static> {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
||||
// -- Waiting for their CCS --
|
||||
|
@ -904,7 +976,14 @@ struct ExpectCcs {
|
|||
}
|
||||
|
||||
impl State<ClientConnectionData> for ExpectCcs {
|
||||
fn handle(self: Box<Self>, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError {
|
||||
fn handle<'m>(
|
||||
self: Box<Self>,
|
||||
cx: &mut ClientContext<'_>,
|
||||
m: Message<'m>,
|
||||
) -> hs::NextStateOrError<'m>
|
||||
where
|
||||
Self: 'm,
|
||||
{
|
||||
match m.payload {
|
||||
MessagePayload::ChangeCipherSpec(..) => {}
|
||||
payload => {
|
||||
|
@ -937,6 +1016,10 @@ impl State<ClientConnectionData> for ExpectCcs {
|
|||
sig_verified: self.sig_verified,
|
||||
}))
|
||||
}
|
||||
|
||||
fn into_owned(self: Box<Self>) -> hs::NextState<'static> {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
||||
struct ExpectFinished {
|
||||
|
@ -996,7 +1079,14 @@ impl ExpectFinished {
|
|||
}
|
||||
|
||||
impl State<ClientConnectionData> for ExpectFinished {
|
||||
fn handle(self: Box<Self>, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError {
|
||||
fn handle<'m>(
|
||||
self: Box<Self>,
|
||||
cx: &mut ClientContext<'_>,
|
||||
m: Message<'m>,
|
||||
) -> hs::NextStateOrError<'m>
|
||||
where
|
||||
Self: 'm,
|
||||
{
|
||||
let mut st = *self;
|
||||
let finished =
|
||||
require_handshake_msg!(m, HandshakeType::Finished, HandshakePayload::Finished)?;
|
||||
|
@ -1053,6 +1143,10 @@ impl State<ClientConnectionData> for ExpectFinished {
|
|||
.remove_tls12_session(&self.server_name);
|
||||
}
|
||||
}
|
||||
|
||||
fn into_owned(self: Box<Self>) -> hs::NextState<'static> {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
||||
// -- Traffic transit state --
|
||||
|
@ -1064,7 +1158,14 @@ struct ExpectTraffic {
|
|||
}
|
||||
|
||||
impl State<ClientConnectionData> for ExpectTraffic {
|
||||
fn handle(self: Box<Self>, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError {
|
||||
fn handle<'m>(
|
||||
self: Box<Self>,
|
||||
cx: &mut ClientContext<'_>,
|
||||
m: Message<'m>,
|
||||
) -> hs::NextStateOrError<'m>
|
||||
where
|
||||
Self: 'm,
|
||||
{
|
||||
match m.payload {
|
||||
MessagePayload::ApplicationData(payload) => cx
|
||||
.common
|
||||
|
@ -1094,4 +1195,8 @@ impl State<ClientConnectionData> for ExpectTraffic {
|
|||
self.secrets
|
||||
.extract_secrets(Side::Client)
|
||||
}
|
||||
|
||||
fn into_owned(self: Box<Self>) -> hs::NextState<'static> {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
|
|
@ -77,7 +77,7 @@ pub(super) fn handle_server_hello(
|
|||
hello: ClientHelloDetails,
|
||||
our_key_share: Box<dyn ActiveKeyExchange>,
|
||||
mut sent_tls13_fake_ccs: bool,
|
||||
) -> hs::NextStateOrError {
|
||||
) -> hs::NextStateOrError<'static> {
|
||||
validate_server_hello(cx.common, server_hello)?;
|
||||
|
||||
let their_key_share = server_hello
|
||||
|
@ -380,7 +380,14 @@ struct ExpectEncryptedExtensions {
|
|||
}
|
||||
|
||||
impl State<ClientConnectionData> for ExpectEncryptedExtensions {
|
||||
fn handle(mut self: Box<Self>, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError {
|
||||
fn handle<'m>(
|
||||
mut self: Box<Self>,
|
||||
cx: &mut ClientContext<'_>,
|
||||
m: Message<'m>,
|
||||
) -> hs::NextStateOrError<'m>
|
||||
where
|
||||
Self: 'm,
|
||||
{
|
||||
let exts = require_handshake_msg!(
|
||||
m,
|
||||
HandshakeType::EncryptedExtensions,
|
||||
|
@ -456,6 +463,10 @@ impl State<ClientConnectionData> for ExpectEncryptedExtensions {
|
|||
}))
|
||||
}
|
||||
}
|
||||
|
||||
fn into_owned(self: Box<Self>) -> hs::NextState<'static> {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
||||
struct ExpectCertificateOrCertReq {
|
||||
|
@ -468,7 +479,14 @@ struct ExpectCertificateOrCertReq {
|
|||
}
|
||||
|
||||
impl State<ClientConnectionData> for ExpectCertificateOrCertReq {
|
||||
fn handle(self: Box<Self>, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError {
|
||||
fn handle<'m>(
|
||||
self: Box<Self>,
|
||||
cx: &mut ClientContext<'_>,
|
||||
m: Message<'m>,
|
||||
) -> hs::NextStateOrError<'m>
|
||||
where
|
||||
Self: 'm,
|
||||
{
|
||||
match m.payload {
|
||||
MessagePayload::Handshake {
|
||||
parsed:
|
||||
|
@ -513,6 +531,10 @@ impl State<ClientConnectionData> for ExpectCertificateOrCertReq {
|
|||
)),
|
||||
}
|
||||
}
|
||||
|
||||
fn into_owned(self: Box<Self>) -> hs::NextState<'static> {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
||||
// TLS1.3 version of CertificateRequest handling. We then move to expecting the server
|
||||
|
@ -528,7 +550,14 @@ struct ExpectCertificateRequest {
|
|||
}
|
||||
|
||||
impl State<ClientConnectionData> for ExpectCertificateRequest {
|
||||
fn handle(mut self: Box<Self>, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError {
|
||||
fn handle<'m>(
|
||||
mut self: Box<Self>,
|
||||
cx: &mut ClientContext<'_>,
|
||||
m: Message<'m>,
|
||||
) -> hs::NextStateOrError<'m>
|
||||
where
|
||||
Self: 'm,
|
||||
{
|
||||
let certreq = &require_handshake_msg!(
|
||||
m,
|
||||
HandshakeType::CertificateRequest,
|
||||
|
@ -584,6 +613,10 @@ impl State<ClientConnectionData> for ExpectCertificateRequest {
|
|||
client_auth: Some(client_auth),
|
||||
}))
|
||||
}
|
||||
|
||||
fn into_owned(self: Box<Self>) -> hs::NextState<'static> {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
||||
struct ExpectCertificate {
|
||||
|
@ -597,7 +630,14 @@ struct ExpectCertificate {
|
|||
}
|
||||
|
||||
impl State<ClientConnectionData> for ExpectCertificate {
|
||||
fn handle(mut self: Box<Self>, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError {
|
||||
fn handle<'m>(
|
||||
mut self: Box<Self>,
|
||||
cx: &mut ClientContext<'_>,
|
||||
m: Message<'m>,
|
||||
) -> hs::NextStateOrError<'m>
|
||||
where
|
||||
Self: 'm,
|
||||
{
|
||||
self.transcript.add_message(&m);
|
||||
let cert_chain = require_handshake_msg_move!(
|
||||
m,
|
||||
|
@ -635,6 +675,10 @@ impl State<ClientConnectionData> for ExpectCertificate {
|
|||
client_auth: self.client_auth,
|
||||
}))
|
||||
}
|
||||
|
||||
fn into_owned(self: Box<Self>) -> hs::NextState<'static> {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
||||
// --- TLS1.3 CertificateVerify ---
|
||||
|
@ -650,7 +694,14 @@ struct ExpectCertificateVerify {
|
|||
}
|
||||
|
||||
impl State<ClientConnectionData> for ExpectCertificateVerify {
|
||||
fn handle(mut self: Box<Self>, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError {
|
||||
fn handle<'m>(
|
||||
mut self: Box<Self>,
|
||||
cx: &mut ClientContext<'_>,
|
||||
m: Message<'m>,
|
||||
) -> hs::NextStateOrError<'m>
|
||||
where
|
||||
Self: 'm,
|
||||
{
|
||||
let cert_verify = require_handshake_msg!(
|
||||
m,
|
||||
HandshakeType::CertificateVerify,
|
||||
|
@ -710,6 +761,10 @@ impl State<ClientConnectionData> for ExpectCertificateVerify {
|
|||
sig_verified,
|
||||
}))
|
||||
}
|
||||
|
||||
fn into_owned(self: Box<Self>) -> hs::NextState<'static> {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
||||
fn emit_certificate_tls13(
|
||||
|
@ -817,7 +872,14 @@ struct ExpectFinished {
|
|||
}
|
||||
|
||||
impl State<ClientConnectionData> for ExpectFinished {
|
||||
fn handle(self: Box<Self>, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError {
|
||||
fn handle<'m>(
|
||||
self: Box<Self>,
|
||||
cx: &mut ClientContext<'_>,
|
||||
m: Message<'m>,
|
||||
) -> hs::NextStateOrError<'m>
|
||||
where
|
||||
Self: 'm,
|
||||
{
|
||||
let mut st = *self;
|
||||
let finished =
|
||||
require_handshake_msg!(m, HandshakeType::Finished, HandshakePayload::Finished)?;
|
||||
|
@ -915,6 +977,10 @@ impl State<ClientConnectionData> for ExpectFinished {
|
|||
false => Box::new(st),
|
||||
})
|
||||
}
|
||||
|
||||
fn into_owned(self: Box<Self>) -> hs::NextState<'static> {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
||||
// -- Traffic transit state (TLS1.3) --
|
||||
|
@ -1010,7 +1076,14 @@ impl ExpectTraffic {
|
|||
}
|
||||
|
||||
impl State<ClientConnectionData> for ExpectTraffic {
|
||||
fn handle(mut self: Box<Self>, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError {
|
||||
fn handle<'m>(
|
||||
mut self: Box<Self>,
|
||||
cx: &mut ClientContext<'_>,
|
||||
m: Message<'m>,
|
||||
) -> hs::NextStateOrError<'m>
|
||||
where
|
||||
Self: 'm,
|
||||
{
|
||||
match m.payload {
|
||||
MessagePayload::ApplicationData(payload) => cx
|
||||
.common
|
||||
|
@ -1057,12 +1130,23 @@ impl State<ClientConnectionData> for ExpectTraffic {
|
|||
self.key_schedule
|
||||
.extract_secrets(Side::Client)
|
||||
}
|
||||
|
||||
fn into_owned(self: Box<Self>) -> hs::NextState<'static> {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
||||
struct ExpectQuicTraffic(ExpectTraffic);
|
||||
|
||||
impl State<ClientConnectionData> for ExpectQuicTraffic {
|
||||
fn handle(mut self: Box<Self>, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError {
|
||||
fn handle<'m>(
|
||||
mut self: Box<Self>,
|
||||
cx: &mut ClientContext<'_>,
|
||||
m: Message<'m>,
|
||||
) -> hs::NextStateOrError<'m>
|
||||
where
|
||||
Self: 'm,
|
||||
{
|
||||
let nst = require_handshake_msg!(
|
||||
m,
|
||||
HandshakeType::NewSessionTicket,
|
||||
|
@ -1082,4 +1166,8 @@ impl State<ClientConnectionData> for ExpectQuicTraffic {
|
|||
self.0
|
||||
.export_keying_material(output, label, context)
|
||||
}
|
||||
|
||||
fn into_owned(self: Box<Self>) -> hs::NextState<'static> {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
|
|
@ -169,7 +169,7 @@ impl CommonState {
|
|||
};
|
||||
match state.handle(&mut cx, msg) {
|
||||
Ok(next) => {
|
||||
state = next;
|
||||
state = next.into_owned();
|
||||
Ok(state)
|
||||
}
|
||||
Err(e @ Error::InappropriateMessage { .. })
|
||||
|
@ -710,11 +710,13 @@ impl IoState {
|
|||
}
|
||||
|
||||
pub(crate) trait State<Data>: Send + Sync {
|
||||
fn handle(
|
||||
fn handle<'m>(
|
||||
self: Box<Self>,
|
||||
cx: &mut Context<'_, Data>,
|
||||
message: Message,
|
||||
) -> Result<Box<dyn State<Data>>, Error>;
|
||||
message: Message<'m>,
|
||||
) -> Result<Box<dyn State<Data> + 'm>, Error>
|
||||
where
|
||||
Self: 'm;
|
||||
|
||||
fn export_keying_material(
|
||||
&self,
|
||||
|
@ -730,6 +732,8 @@ pub(crate) trait State<Data>: Send + Sync {
|
|||
}
|
||||
|
||||
fn handle_decrypt_error(&self) {}
|
||||
|
||||
fn into_owned(self: Box<Self>) -> Box<dyn State<Data> + 'static>;
|
||||
}
|
||||
|
||||
pub(crate) struct Context<'a, Data> {
|
||||
|
|
|
@ -31,8 +31,8 @@ use alloc::boxed::Box;
|
|||
use alloc::sync::Arc;
|
||||
use alloc::vec::Vec;
|
||||
|
||||
pub(super) type NextState = Box<dyn State<ServerConnectionData>>;
|
||||
pub(super) type NextStateOrError = Result<NextState, Error>;
|
||||
pub(super) type NextState<'a> = Box<dyn State<ServerConnectionData> + 'a>;
|
||||
pub(super) type NextStateOrError<'a> = Result<NextState<'a>, Error>;
|
||||
pub(super) type ServerContext<'a> = crate::common_state::Context<'a, ServerConnectionData>;
|
||||
|
||||
pub(super) fn can_resume(
|
||||
|
@ -243,7 +243,7 @@ impl ExpectClientHello {
|
|||
client_hello: &ClientHelloPayload,
|
||||
m: &Message,
|
||||
cx: &mut ServerContext<'_>,
|
||||
) -> NextStateOrError {
|
||||
) -> NextStateOrError<'static> {
|
||||
let tls13_enabled = self
|
||||
.config
|
||||
.supports_version(ProtocolVersion::TLSv1_3);
|
||||
|
@ -426,10 +426,21 @@ impl ExpectClientHello {
|
|||
}
|
||||
|
||||
impl State<ServerConnectionData> for ExpectClientHello {
|
||||
fn handle(self: Box<Self>, cx: &mut ServerContext<'_>, m: Message) -> NextStateOrError {
|
||||
fn handle<'m>(
|
||||
self: Box<Self>,
|
||||
cx: &mut ServerContext<'_>,
|
||||
m: Message<'m>,
|
||||
) -> NextStateOrError<'m>
|
||||
where
|
||||
Self: 'm,
|
||||
{
|
||||
let (client_hello, sig_schemes) = process_client_hello(&m, self.done_retry, cx)?;
|
||||
self.with_certified_key(sig_schemes, client_hello, &m, cx)
|
||||
}
|
||||
|
||||
fn into_owned(self: Box<Self>) -> NextState<'static> {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
||||
/// Configuration-independent validation of a `ClientHello` message.
|
||||
|
|
|
@ -785,13 +785,20 @@ impl Accepted {
|
|||
struct Accepting;
|
||||
|
||||
impl State<ServerConnectionData> for Accepting {
|
||||
fn handle(
|
||||
fn handle<'m>(
|
||||
self: Box<Self>,
|
||||
_cx: &mut hs::ServerContext<'_>,
|
||||
_m: Message,
|
||||
) -> Result<Box<dyn State<ServerConnectionData>>, Error> {
|
||||
_m: Message<'m>,
|
||||
) -> Result<Box<dyn State<ServerConnectionData> + 'm>, Error>
|
||||
where
|
||||
Self: 'm,
|
||||
{
|
||||
Err(Error::General("unreachable state".into()))
|
||||
}
|
||||
|
||||
fn into_owned(self: Box<Self>) -> hs::NextState<'static> {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
||||
pub(super) enum EarlyDataState {
|
||||
|
|
|
@ -75,7 +75,7 @@ mod client_hello {
|
|||
client_hello: &ClientHelloPayload,
|
||||
sigschemes_ext: Vec<SignatureScheme>,
|
||||
tls13_enabled: bool,
|
||||
) -> hs::NextStateOrError {
|
||||
) -> hs::NextStateOrError<'static> {
|
||||
// -- TLS1.2 only from hereon in --
|
||||
self.transcript.add_message(chm);
|
||||
|
||||
|
@ -276,7 +276,7 @@ mod client_hello {
|
|||
client_hello: &ClientHelloPayload,
|
||||
id: &SessionId,
|
||||
resumedata: persist::ServerSessionValue,
|
||||
) -> hs::NextStateOrError {
|
||||
) -> hs::NextStateOrError<'static> {
|
||||
debug!("Resuming connection");
|
||||
|
||||
if resumedata.extended_ms && !self.using_ems {
|
||||
|
@ -522,7 +522,14 @@ struct ExpectCertificate {
|
|||
}
|
||||
|
||||
impl State<ServerConnectionData> for ExpectCertificate {
|
||||
fn handle(mut self: Box<Self>, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError {
|
||||
fn handle<'m>(
|
||||
mut self: Box<Self>,
|
||||
cx: &mut ServerContext<'_>,
|
||||
m: Message<'m>,
|
||||
) -> hs::NextStateOrError<'m>
|
||||
where
|
||||
Self: 'm,
|
||||
{
|
||||
self.transcript.add_message(&m);
|
||||
let cert_chain = require_handshake_msg_move!(
|
||||
m,
|
||||
|
@ -575,6 +582,10 @@ impl State<ServerConnectionData> for ExpectCertificate {
|
|||
send_ticket: self.send_ticket,
|
||||
}))
|
||||
}
|
||||
|
||||
fn into_owned(self: Box<Self>) -> hs::NextState<'static> {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
||||
// --- Process client's KeyExchange ---
|
||||
|
@ -591,7 +602,14 @@ struct ExpectClientKx {
|
|||
}
|
||||
|
||||
impl State<ServerConnectionData> for ExpectClientKx {
|
||||
fn handle(mut self: Box<Self>, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError {
|
||||
fn handle<'m>(
|
||||
mut self: Box<Self>,
|
||||
cx: &mut ServerContext<'_>,
|
||||
m: Message<'m>,
|
||||
) -> hs::NextStateOrError<'m>
|
||||
where
|
||||
Self: 'm,
|
||||
{
|
||||
let client_kx = require_handshake_msg!(
|
||||
m,
|
||||
HandshakeType::ClientKeyExchange,
|
||||
|
@ -644,6 +662,10 @@ impl State<ServerConnectionData> for ExpectClientKx {
|
|||
}))
|
||||
}
|
||||
}
|
||||
|
||||
fn into_owned(self: Box<Self>) -> hs::NextState<'static> {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
||||
// --- Process client's certificate proof ---
|
||||
|
@ -658,7 +680,14 @@ struct ExpectCertificateVerify {
|
|||
}
|
||||
|
||||
impl State<ServerConnectionData> for ExpectCertificateVerify {
|
||||
fn handle(mut self: Box<Self>, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError {
|
||||
fn handle<'m>(
|
||||
mut self: Box<Self>,
|
||||
cx: &mut ServerContext<'_>,
|
||||
m: Message<'m>,
|
||||
) -> hs::NextStateOrError<'m>
|
||||
where
|
||||
Self: 'm,
|
||||
{
|
||||
let rc = {
|
||||
let sig = require_handshake_msg!(
|
||||
m,
|
||||
|
@ -707,6 +736,10 @@ impl State<ServerConnectionData> for ExpectCertificateVerify {
|
|||
send_ticket: self.send_ticket,
|
||||
}))
|
||||
}
|
||||
|
||||
fn into_owned(self: Box<Self>) -> hs::NextState<'static> {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
||||
// --- Process client's ChangeCipherSpec ---
|
||||
|
@ -721,7 +754,14 @@ struct ExpectCcs {
|
|||
}
|
||||
|
||||
impl State<ServerConnectionData> for ExpectCcs {
|
||||
fn handle(self: Box<Self>, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError {
|
||||
fn handle<'m>(
|
||||
self: Box<Self>,
|
||||
cx: &mut ServerContext<'_>,
|
||||
m: Message<'m>,
|
||||
) -> hs::NextStateOrError<'m>
|
||||
where
|
||||
Self: 'm,
|
||||
{
|
||||
match m.payload {
|
||||
MessagePayload::ChangeCipherSpec(..) => {}
|
||||
payload => {
|
||||
|
@ -749,6 +789,10 @@ impl State<ServerConnectionData> for ExpectCcs {
|
|||
send_ticket: self.send_ticket,
|
||||
}))
|
||||
}
|
||||
|
||||
fn into_owned(self: Box<Self>) -> hs::NextState<'static> {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
||||
// --- Process client's Finished ---
|
||||
|
@ -853,7 +897,14 @@ struct ExpectFinished {
|
|||
}
|
||||
|
||||
impl State<ServerConnectionData> for ExpectFinished {
|
||||
fn handle(mut self: Box<Self>, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError {
|
||||
fn handle<'m>(
|
||||
mut self: Box<Self>,
|
||||
cx: &mut ServerContext<'_>,
|
||||
m: Message<'m>,
|
||||
) -> hs::NextStateOrError<'m>
|
||||
where
|
||||
Self: 'm,
|
||||
{
|
||||
let finished =
|
||||
require_handshake_msg!(m, HandshakeType::Finished, HandshakePayload::Finished)?;
|
||||
|
||||
|
@ -918,6 +969,10 @@ impl State<ServerConnectionData> for ExpectFinished {
|
|||
_fin_verified,
|
||||
}))
|
||||
}
|
||||
|
||||
fn into_owned(self: Box<Self>) -> hs::NextState<'static> {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
||||
// --- Process traffic ---
|
||||
|
@ -929,7 +984,14 @@ struct ExpectTraffic {
|
|||
impl ExpectTraffic {}
|
||||
|
||||
impl State<ServerConnectionData> for ExpectTraffic {
|
||||
fn handle(self: Box<Self>, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError {
|
||||
fn handle<'m>(
|
||||
self: Box<Self>,
|
||||
cx: &mut ServerContext<'_>,
|
||||
m: Message<'m>,
|
||||
) -> hs::NextStateOrError<'m>
|
||||
where
|
||||
Self: 'm,
|
||||
{
|
||||
match m.payload {
|
||||
MessagePayload::ApplicationData(payload) => cx
|
||||
.common
|
||||
|
@ -959,4 +1021,8 @@ impl State<ServerConnectionData> for ExpectTraffic {
|
|||
self.secrets
|
||||
.extract_secrets(Side::Server)
|
||||
}
|
||||
|
||||
fn into_owned(self: Box<Self>) -> hs::NextState<'static> {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
|
|
@ -150,7 +150,7 @@ mod client_hello {
|
|||
chm: &Message,
|
||||
client_hello: &ClientHelloPayload,
|
||||
mut sigschemes_ext: Vec<SignatureScheme>,
|
||||
) -> hs::NextStateOrError {
|
||||
) -> hs::NextStateOrError<'static> {
|
||||
if client_hello.compression_methods.len() != 1 {
|
||||
return Err(cx.common.send_fatal_alert(
|
||||
AlertDescription::IllegalParameter,
|
||||
|
@ -850,7 +850,14 @@ struct ExpectAndSkipRejectedEarlyData {
|
|||
}
|
||||
|
||||
impl State<ServerConnectionData> for ExpectAndSkipRejectedEarlyData {
|
||||
fn handle(mut self: Box<Self>, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError {
|
||||
fn handle<'m>(
|
||||
mut self: Box<Self>,
|
||||
cx: &mut ServerContext<'_>,
|
||||
m: Message<'m>,
|
||||
) -> hs::NextStateOrError<'m>
|
||||
where
|
||||
Self: 'm,
|
||||
{
|
||||
/* "The server then ignores early data by skipping all records with an external
|
||||
* content type of "application_data" (indicating that they are encrypted),
|
||||
* up to the configured max_early_data_size."
|
||||
|
@ -864,6 +871,10 @@ impl State<ServerConnectionData> for ExpectAndSkipRejectedEarlyData {
|
|||
|
||||
self.next.handle(cx, m)
|
||||
}
|
||||
|
||||
fn into_owned(self: Box<Self>) -> hs::NextState<'static> {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
||||
struct ExpectCertificate {
|
||||
|
@ -875,7 +886,14 @@ struct ExpectCertificate {
|
|||
}
|
||||
|
||||
impl State<ServerConnectionData> for ExpectCertificate {
|
||||
fn handle(mut self: Box<Self>, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError {
|
||||
fn handle<'m>(
|
||||
mut self: Box<Self>,
|
||||
cx: &mut ServerContext<'_>,
|
||||
m: Message<'m>,
|
||||
) -> hs::NextStateOrError<'m>
|
||||
where
|
||||
Self: 'm,
|
||||
{
|
||||
self.transcript.add_message(&m);
|
||||
let certp = require_handshake_msg_move!(
|
||||
m,
|
||||
|
@ -935,6 +953,10 @@ impl State<ServerConnectionData> for ExpectCertificate {
|
|||
send_tickets: self.send_tickets,
|
||||
}))
|
||||
}
|
||||
|
||||
fn into_owned(self: Box<Self>) -> hs::NextState<'static> {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
||||
struct ExpectCertificateVerify {
|
||||
|
@ -947,7 +969,14 @@ struct ExpectCertificateVerify {
|
|||
}
|
||||
|
||||
impl State<ServerConnectionData> for ExpectCertificateVerify {
|
||||
fn handle(mut self: Box<Self>, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError {
|
||||
fn handle<'m>(
|
||||
mut self: Box<Self>,
|
||||
cx: &mut ServerContext<'_>,
|
||||
m: Message<'m>,
|
||||
) -> hs::NextStateOrError<'m>
|
||||
where
|
||||
Self: 'm,
|
||||
{
|
||||
let rc = {
|
||||
let sig = require_handshake_msg!(
|
||||
m,
|
||||
|
@ -982,6 +1011,10 @@ impl State<ServerConnectionData> for ExpectCertificateVerify {
|
|||
send_tickets: self.send_tickets,
|
||||
}))
|
||||
}
|
||||
|
||||
fn into_owned(self: Box<Self>) -> hs::NextState<'static> {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
||||
// --- Process (any number of) early ApplicationData messages,
|
||||
|
@ -996,7 +1029,14 @@ struct ExpectEarlyData {
|
|||
}
|
||||
|
||||
impl State<ServerConnectionData> for ExpectEarlyData {
|
||||
fn handle(mut self: Box<Self>, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError {
|
||||
fn handle<'m>(
|
||||
mut self: Box<Self>,
|
||||
cx: &mut ServerContext<'_>,
|
||||
m: Message<'m>,
|
||||
) -> hs::NextStateOrError<'m>
|
||||
where
|
||||
Self: 'm,
|
||||
{
|
||||
match m.payload {
|
||||
MessagePayload::ApplicationData(payload) => {
|
||||
match cx
|
||||
|
@ -1037,6 +1077,10 @@ impl State<ServerConnectionData> for ExpectEarlyData {
|
|||
)),
|
||||
}
|
||||
}
|
||||
|
||||
fn into_owned(self: Box<Self>) -> hs::NextState<'static> {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
||||
// --- Process client's Finished ---
|
||||
|
@ -1149,7 +1193,14 @@ impl ExpectFinished {
|
|||
}
|
||||
|
||||
impl State<ServerConnectionData> for ExpectFinished {
|
||||
fn handle(mut self: Box<Self>, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError {
|
||||
fn handle<'m>(
|
||||
mut self: Box<Self>,
|
||||
cx: &mut ServerContext<'_>,
|
||||
m: Message<'m>,
|
||||
) -> hs::NextStateOrError<'m>
|
||||
where
|
||||
Self: 'm,
|
||||
{
|
||||
let finished =
|
||||
require_handshake_msg!(m, HandshakeType::Finished, HandshakePayload::Finished)?;
|
||||
|
||||
|
@ -1199,6 +1250,10 @@ impl State<ServerConnectionData> for ExpectFinished {
|
|||
}),
|
||||
})
|
||||
}
|
||||
|
||||
fn into_owned(self: Box<Self>) -> hs::NextState<'static> {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
||||
// --- Process traffic ---
|
||||
|
@ -1235,7 +1290,14 @@ impl ExpectTraffic {
|
|||
}
|
||||
|
||||
impl State<ServerConnectionData> for ExpectTraffic {
|
||||
fn handle(mut self: Box<Self>, cx: &mut ServerContext, m: Message) -> hs::NextStateOrError {
|
||||
fn handle<'m>(
|
||||
mut self: Box<Self>,
|
||||
cx: &mut ServerContext,
|
||||
m: Message<'m>,
|
||||
) -> hs::NextStateOrError<'m>
|
||||
where
|
||||
Self: 'm,
|
||||
{
|
||||
match m.payload {
|
||||
MessagePayload::ApplicationData(payload) => cx
|
||||
.common
|
||||
|
@ -1274,6 +1336,10 @@ impl State<ServerConnectionData> for ExpectTraffic {
|
|||
self.key_schedule
|
||||
.extract_secrets(Side::Server)
|
||||
}
|
||||
|
||||
fn into_owned(self: Box<Self>) -> hs::NextState<'static> {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
||||
struct ExpectQuicTraffic {
|
||||
|
@ -1282,7 +1348,14 @@ struct ExpectQuicTraffic {
|
|||
}
|
||||
|
||||
impl State<ServerConnectionData> for ExpectQuicTraffic {
|
||||
fn handle(self: Box<Self>, _cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError {
|
||||
fn handle<'m>(
|
||||
self: Box<Self>,
|
||||
_cx: &mut ServerContext<'_>,
|
||||
m: Message<'m>,
|
||||
) -> hs::NextStateOrError<'m>
|
||||
where
|
||||
Self: 'm,
|
||||
{
|
||||
// reject all messages
|
||||
Err(inappropriate_message(&m.payload, &[]))
|
||||
}
|
||||
|
@ -1296,4 +1369,8 @@ impl State<ServerConnectionData> for ExpectQuicTraffic {
|
|||
self.key_schedule
|
||||
.export_keying_material(output, label, context)
|
||||
}
|
||||
|
||||
fn into_owned(self: Box<Self>) -> hs::NextState<'static> {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue