mirror of https://github.com/ctz/rustls
Move handshake hashing into state machine
hash_hs::HandshakerHash is a large type and is not needed after the handshake.
This commit is contained in:
parent
c57a939653
commit
8aec7342fc
|
@ -8,6 +8,7 @@ use crate::msgs::persist;
|
|||
use crate::msgs::enums::ExtensionType;
|
||||
use crate::msgs::enums::NamedGroup;
|
||||
use crate::session::SessionRandoms;
|
||||
use crate::hash_hs;
|
||||
use crate::sign;
|
||||
use crate::suites;
|
||||
#[cfg(feature = "logging")]
|
||||
|
@ -52,6 +53,7 @@ impl ServerKXDetails {
|
|||
|
||||
pub struct HandshakeDetails {
|
||||
pub resuming_session: Option<persist::ClientSessionValue>,
|
||||
pub transcript: hash_hs::HandshakeHash,
|
||||
pub hash_at_client_recvd_server_hello: Vec<u8>,
|
||||
pub randoms: SessionRandoms,
|
||||
pub using_ems: bool,
|
||||
|
@ -64,8 +66,9 @@ pub struct HandshakeDetails {
|
|||
impl HandshakeDetails {
|
||||
pub fn new(host_name: webpki::DNSName, extra_exts: Vec<ClientExtension>) -> HandshakeDetails {
|
||||
HandshakeDetails {
|
||||
hash_at_client_recvd_server_hello: Vec::new(),
|
||||
resuming_session: None,
|
||||
transcript: hash_hs::HandshakeHash::new(),
|
||||
hash_at_client_recvd_server_hello: Vec::new(),
|
||||
randoms: SessionRandoms::for_client(),
|
||||
using_ems: false,
|
||||
session_id: SessionID::empty(),
|
||||
|
|
|
@ -138,9 +138,9 @@ impl InitialState {
|
|||
}
|
||||
}
|
||||
|
||||
fn emit_initial_client_hello(self, sess: &mut ClientSessionImpl) -> NextState {
|
||||
fn emit_initial_client_hello(mut self, sess: &mut ClientSessionImpl) -> NextState {
|
||||
if sess.config.client_auth_cert_resolver.has_certs() {
|
||||
sess.common.hs_transcript.set_client_auth_enabled();
|
||||
self.handshake.transcript.set_client_auth_enabled();
|
||||
}
|
||||
let hello_details = ClientHelloDetails::new();
|
||||
emit_client_hello_for_retry(sess, self.handshake, hello_details, None)
|
||||
|
@ -314,7 +314,7 @@ fn emit_client_hello_for_retry(sess: &mut ClientSessionImpl,
|
|||
|
||||
trace!("Sending ClientHello {:#?}", ch);
|
||||
|
||||
sess.common.hs_transcript.add_message(&ch);
|
||||
handshake.transcript.add_message(&ch);
|
||||
sess.common.send_msg(ch, false);
|
||||
|
||||
// Calculate the hash of ClientHello and use it to derive EarlyTrafficSecret
|
||||
|
@ -327,7 +327,7 @@ fn emit_client_hello_for_retry(sess: &mut ClientSessionImpl,
|
|||
.as_ref()
|
||||
.and_then(|resume| sess.find_cipher_suite(resume.cipher_suite)).unwrap();
|
||||
|
||||
let client_hello_hash = sess.common.hs_transcript.get_hash_given(resuming_suite.get_hash(), &[]);
|
||||
let client_hello_hash = handshake.transcript.get_hash_given(resuming_suite.get_hash(), &[]);
|
||||
let client_early_traffic_secret = sess.common
|
||||
.get_key_schedule()
|
||||
.derive(SecretKind::ClientEarlyTrafficSecret, &client_hello_hash);
|
||||
|
@ -517,8 +517,8 @@ impl State for ExpectServerHello {
|
|||
|
||||
// Start our handshake hash, and input the server-hello.
|
||||
let starting_hash = sess.common.get_suite_assert().get_hash();
|
||||
sess.common.hs_transcript.start_hash(starting_hash);
|
||||
sess.common.hs_transcript.add_message(&m);
|
||||
self.handshake.transcript.start_hash(starting_hash);
|
||||
self.handshake.transcript.add_message(&m);
|
||||
|
||||
// For TLS1.3, start message encryption using
|
||||
// handshake_traffic_secret.
|
||||
|
@ -623,7 +623,7 @@ impl ExpectServerHelloOrHelloRetryRequest {
|
|||
Box::new(self.0)
|
||||
}
|
||||
|
||||
fn handle_hello_retry_request(self, sess: &mut ClientSessionImpl, m: Message) -> NextStateOrError {
|
||||
fn handle_hello_retry_request(mut self, sess: &mut ClientSessionImpl, m: Message) -> NextStateOrError {
|
||||
check_handshake_message(&m, &[HandshakeType::HelloRetryRequest])?;
|
||||
|
||||
let hrr = extract_handshake!(m, HandshakePayload::HelloRetryRequest).unwrap();
|
||||
|
@ -690,9 +690,9 @@ impl ExpectServerHelloOrHelloRetryRequest {
|
|||
sess.common.set_suite(cs);
|
||||
|
||||
// This is the draft19 change where the transcript became a tree
|
||||
sess.common.hs_transcript.start_hash(cs.get_hash());
|
||||
sess.common.hs_transcript.rollup_for_hrr();
|
||||
sess.common.hs_transcript.add_message(&m);
|
||||
self.0.handshake.transcript.start_hash(cs.get_hash());
|
||||
self.0.handshake.transcript.rollup_for_hrr();
|
||||
self.0.handshake.transcript.add_message(&m);
|
||||
|
||||
// Early data is not alllowed after HelloRetryrequest
|
||||
if sess.early_data.is_enabled() {
|
||||
|
|
|
@ -57,9 +57,9 @@ impl hs::State for ExpectCertificate {
|
|||
check_handshake_message(m, &[HandshakeType::Certificate])
|
||||
}
|
||||
|
||||
fn handle(mut self: Box<Self>, sess: &mut ClientSessionImpl, m: Message) -> hs::NextStateOrError {
|
||||
fn handle(mut self: Box<Self>, _sess: &mut ClientSessionImpl, m: Message) -> hs::NextStateOrError {
|
||||
let cert_chain = extract_handshake!(m, HandshakePayload::Certificate).unwrap();
|
||||
sess.common.hs_transcript.add_message(&m);
|
||||
self.handshake.transcript.add_message(&m);
|
||||
|
||||
self.server_cert.cert_chain = cert_chain.clone();
|
||||
|
||||
|
@ -92,8 +92,8 @@ impl hs::State for ExpectCertificateStatus {
|
|||
check_handshake_message(m, &[HandshakeType::CertificateStatus])
|
||||
}
|
||||
|
||||
fn handle(mut self: Box<Self>, sess: &mut ClientSessionImpl, m: Message) -> hs::NextStateOrError {
|
||||
sess.common.hs_transcript.add_message(&m);
|
||||
fn handle(mut self: Box<Self>, _sess: &mut ClientSessionImpl, m: Message) -> hs::NextStateOrError {
|
||||
self.handshake.transcript.add_message(&m);
|
||||
let mut status = extract_handshake_mut!(m, HandshakePayload::CertificateStatus).unwrap();
|
||||
|
||||
self.server_cert.ocsp_response = status.take_ocsp_response();
|
||||
|
@ -164,10 +164,10 @@ impl hs::State for ExpectServerKX {
|
|||
check_handshake_message(m, &[HandshakeType::ServerKeyExchange])
|
||||
}
|
||||
|
||||
fn handle(self: Box<Self>, sess: &mut ClientSessionImpl, m: Message) -> hs::NextStateOrError {
|
||||
fn handle(mut self: Box<Self>, sess: &mut ClientSessionImpl, m: Message) -> hs::NextStateOrError {
|
||||
let opaque_kx = extract_handshake!(m, HandshakePayload::ServerKeyExchange).unwrap();
|
||||
let maybe_decoded_kx = opaque_kx.unwrap_given_kxa(&sess.common.get_suite_assert().kx);
|
||||
sess.common.hs_transcript.add_message(&m);
|
||||
self.handshake.transcript.add_message(&m);
|
||||
|
||||
if maybe_decoded_kx.is_none() {
|
||||
sess.common.send_fatal_alert(AlertDescription::DecodeError);
|
||||
|
@ -192,7 +192,8 @@ impl hs::State for ExpectServerKX {
|
|||
}
|
||||
}
|
||||
|
||||
fn emit_certificate(client_auth: &mut ClientAuthDetails,
|
||||
fn emit_certificate(handshake: &mut HandshakeDetails,
|
||||
client_auth: &mut ClientAuthDetails,
|
||||
sess: &mut ClientSessionImpl) {
|
||||
let chosen_cert = client_auth.cert.take();
|
||||
|
||||
|
@ -205,11 +206,12 @@ fn emit_certificate(client_auth: &mut ClientAuthDetails,
|
|||
}),
|
||||
};
|
||||
|
||||
sess.common.hs_transcript.add_message(&cert);
|
||||
handshake.transcript.add_message(&cert);
|
||||
sess.common.send_msg(cert, false);
|
||||
}
|
||||
|
||||
fn emit_clientkx(sess: &mut ClientSessionImpl,
|
||||
fn emit_clientkx(handshake: &mut HandshakeDetails,
|
||||
sess: &mut ClientSessionImpl,
|
||||
kxd: &suites::KeyExchangeResult) {
|
||||
let mut buf = Vec::new();
|
||||
let ecpoint = PayloadU8::new(Vec::from(kxd.pubkey.as_ref()));
|
||||
|
@ -225,19 +227,20 @@ fn emit_clientkx(sess: &mut ClientSessionImpl,
|
|||
}),
|
||||
};
|
||||
|
||||
sess.common.hs_transcript.add_message(&ckx);
|
||||
handshake.transcript.add_message(&ckx);
|
||||
sess.common.send_msg(ckx, false);
|
||||
}
|
||||
|
||||
fn emit_certverify(client_auth: &mut ClientAuthDetails,
|
||||
fn emit_certverify(handshake: &mut HandshakeDetails,
|
||||
client_auth: &mut ClientAuthDetails,
|
||||
sess: &mut ClientSessionImpl) -> Result<(), TLSError> {
|
||||
if client_auth.signer.is_none() {
|
||||
trace!("Not sending CertificateVerify, no key");
|
||||
sess.common.hs_transcript.abandon_client_auth();
|
||||
handshake.transcript.abandon_client_auth();
|
||||
return Ok(());
|
||||
}
|
||||
|
||||
let message = sess.common.hs_transcript.take_handshake_buf();
|
||||
let message = handshake.transcript.take_handshake_buf();
|
||||
let signer = client_auth.signer.take().unwrap();
|
||||
let scheme = signer.get_scheme();
|
||||
let sig = signer.sign(&message)?;
|
||||
|
@ -252,7 +255,7 @@ fn emit_certverify(client_auth: &mut ClientAuthDetails,
|
|||
}),
|
||||
};
|
||||
|
||||
sess.common.hs_transcript.add_message(&m);
|
||||
handshake.transcript.add_message(&m);
|
||||
sess.common.send_msg(m, false);
|
||||
Ok(())
|
||||
}
|
||||
|
@ -268,8 +271,9 @@ fn emit_ccs(sess: &mut ClientSessionImpl) {
|
|||
sess.common.we_now_encrypting();
|
||||
}
|
||||
|
||||
fn emit_finished(sess: &mut ClientSessionImpl) {
|
||||
let vh = sess.common.hs_transcript.get_current_hash();
|
||||
fn emit_finished(handshake: &mut HandshakeDetails,
|
||||
sess: &mut ClientSessionImpl) {
|
||||
let vh = handshake.transcript.get_current_hash();
|
||||
let verify_data = sess.common.secrets
|
||||
.as_ref()
|
||||
.unwrap()
|
||||
|
@ -285,7 +289,7 @@ fn emit_finished(sess: &mut ClientSessionImpl) {
|
|||
}),
|
||||
};
|
||||
|
||||
sess.common.hs_transcript.add_message(&f);
|
||||
handshake.transcript.add_message(&f);
|
||||
sess.common.send_msg(f, true);
|
||||
}
|
||||
|
||||
|
@ -316,9 +320,9 @@ impl hs::State for ExpectCertificateRequest {
|
|||
check_handshake_message(m, &[HandshakeType::CertificateRequest])
|
||||
}
|
||||
|
||||
fn handle(self: Box<Self>, sess: &mut ClientSessionImpl, m: Message) -> hs::NextStateOrError {
|
||||
fn handle(mut self: Box<Self>, sess: &mut ClientSessionImpl, m: Message) -> hs::NextStateOrError {
|
||||
let certreq = extract_handshake!(m, HandshakePayload::CertificateRequest).unwrap();
|
||||
sess.common.hs_transcript.add_message(&m);
|
||||
self.handshake.transcript.add_message(&m);
|
||||
debug!("Got CertificateRequest {:?}", certreq);
|
||||
|
||||
let mut client_auth = ClientAuthDetails::new();
|
||||
|
@ -388,11 +392,11 @@ impl hs::State for ExpectServerDoneOrCertReq {
|
|||
HandshakeType::ServerHelloDone])
|
||||
}
|
||||
|
||||
fn handle(self: Box<Self>, sess: &mut ClientSessionImpl, m: Message) -> hs::NextStateOrError {
|
||||
fn handle(mut self: Box<Self>, sess: &mut ClientSessionImpl, m: Message) -> hs::NextStateOrError {
|
||||
if extract_handshake!(m, HandshakePayload::CertificateRequest).is_some() {
|
||||
self.into_expect_certificate_req().handle(sess, m)
|
||||
} else {
|
||||
sess.common.hs_transcript.abandon_client_auth();
|
||||
self.handshake.transcript.abandon_client_auth();
|
||||
self.into_expect_server_done().handle(sess, m)
|
||||
}
|
||||
}
|
||||
|
@ -439,7 +443,7 @@ impl hs::State for ExpectServerDone {
|
|||
|
||||
fn handle(self: Box<Self>, sess: &mut ClientSessionImpl, m: Message) -> hs::NextStateOrError {
|
||||
let mut st = *self;
|
||||
sess.common.hs_transcript.add_message(&m);
|
||||
st.handshake.transcript.add_message(&m);
|
||||
|
||||
debug!("Server cert is {:?}", st.server_cert.cert_chain);
|
||||
debug!("Server DNS name is {:?}", st.handshake.dns_name);
|
||||
|
@ -507,7 +511,8 @@ impl hs::State for ExpectServerDone {
|
|||
|
||||
// 4.
|
||||
if st.client_auth.is_some() {
|
||||
emit_certificate(st.client_auth.as_mut().unwrap(),
|
||||
emit_certificate(&mut st.handshake,
|
||||
st.client_auth.as_mut().unwrap(),
|
||||
sess);
|
||||
}
|
||||
|
||||
|
@ -517,13 +522,14 @@ impl hs::State for ExpectServerDone {
|
|||
.ok_or_else(|| TLSError::PeerMisbehavedError("key exchange failed".to_string()))?;
|
||||
|
||||
// 5b.
|
||||
emit_clientkx(sess, &kxd);
|
||||
emit_clientkx(&mut st.handshake, sess, &kxd);
|
||||
// nb. EMS handshake hash only runs up to ClientKeyExchange.
|
||||
let handshake_hash = sess.common.hs_transcript.get_current_hash();
|
||||
let handshake_hash = st.handshake.transcript.get_current_hash();
|
||||
|
||||
// 5c.
|
||||
if st.client_auth.is_some() {
|
||||
emit_certverify(st.client_auth.as_mut().unwrap(),
|
||||
emit_certverify(&mut st.handshake,
|
||||
st.client_auth.as_mut().unwrap(),
|
||||
sess)?;
|
||||
}
|
||||
|
||||
|
@ -548,7 +554,7 @@ impl hs::State for ExpectServerDone {
|
|||
sess.common.start_encryption_tls12(secrets);
|
||||
|
||||
// 6.
|
||||
emit_finished(sess);
|
||||
emit_finished(&mut st.handshake, sess);
|
||||
|
||||
if st.must_issue_new_ticket {
|
||||
Ok(st.into_expect_new_ticket(certv, sigv))
|
||||
|
@ -626,8 +632,8 @@ impl hs::State for ExpectNewTicket {
|
|||
check_handshake_message(m, &[HandshakeType::NewSessionTicket])
|
||||
}
|
||||
|
||||
fn handle(self: Box<Self>, sess: &mut ClientSessionImpl, m: Message) -> hs::NextStateOrError {
|
||||
sess.common.hs_transcript.add_message(&m);
|
||||
fn handle(mut self: Box<Self>, _sess: &mut ClientSessionImpl, m: Message) -> hs::NextStateOrError {
|
||||
self.handshake.transcript.add_message(&m);
|
||||
|
||||
let nst = extract_handshake_mut!(m, HandshakePayload::NewSessionTicket).unwrap();
|
||||
let recvd = ReceivedTicketDetails::from(nst.ticket.0, nst.lifetime_hint);
|
||||
|
@ -706,7 +712,7 @@ impl hs::State for ExpectFinished {
|
|||
let finished = extract_handshake!(m, HandshakePayload::Finished).unwrap();
|
||||
|
||||
// Work out what verify_data we expect.
|
||||
let vh = sess.common.hs_transcript.get_current_hash();
|
||||
let vh = st.handshake.transcript.get_current_hash();
|
||||
let expect_verify_data = sess.common.secrets
|
||||
.as_ref()
|
||||
.unwrap()
|
||||
|
@ -722,7 +728,7 @@ impl hs::State for ExpectFinished {
|
|||
.map(|_| verify::FinishedMessageVerified::assertion())?;
|
||||
|
||||
// Hash this message too.
|
||||
sess.common.hs_transcript.add_message(&m);
|
||||
st.handshake.transcript.add_message(&m);
|
||||
|
||||
save_session(&mut st.handshake,
|
||||
&mut st.ticket,
|
||||
|
@ -730,7 +736,7 @@ impl hs::State for ExpectFinished {
|
|||
|
||||
if st.resuming {
|
||||
emit_ccs(sess);
|
||||
emit_finished(sess);
|
||||
emit_finished(&mut st.handshake, sess);
|
||||
}
|
||||
|
||||
sess.common.we_now_encrypting();
|
||||
|
|
|
@ -131,7 +131,7 @@ pub fn fill_in_psk_binder(sess: &mut ClientSessionImpl,
|
|||
// length, or the length of its container.
|
||||
let binder_plaintext = hmp.get_encoding_for_binder_signing();
|
||||
let handshake_hash =
|
||||
sess.common.hs_transcript.get_hash_given(suite_hash, &binder_plaintext);
|
||||
handshake.transcript.get_hash_given(suite_hash, &binder_plaintext);
|
||||
|
||||
let mut empty_hash_ctx = hash_hs::HandshakeHash::new();
|
||||
empty_hash_ctx.start_hash(suite_hash);
|
||||
|
@ -207,7 +207,7 @@ pub fn start_handshake_traffic(sess: &mut ClientSessionImpl,
|
|||
hs::check_aligned_handshake(sess)?;
|
||||
|
||||
handshake.hash_at_client_recvd_server_hello =
|
||||
sess.common.hs_transcript.get_current_hash();
|
||||
handshake.transcript.get_current_hash();
|
||||
|
||||
if !sess.early_data.is_enabled() {
|
||||
// Set the client encryption key for handshakes if early data is not used
|
||||
|
@ -370,10 +370,10 @@ impl hs::State for ExpectEncryptedExtensions {
|
|||
check_handshake_message(m, &[HandshakeType::EncryptedExtensions])
|
||||
}
|
||||
|
||||
fn handle(self: Box<Self>, sess: &mut ClientSessionImpl, m: Message) -> hs::NextStateOrError {
|
||||
fn handle(mut self: Box<Self>, sess: &mut ClientSessionImpl, m: Message) -> hs::NextStateOrError {
|
||||
let exts = extract_handshake!(m, HandshakePayload::EncryptedExtensions).unwrap();
|
||||
debug!("TLS1.3 encrypted extensions: {:?}", exts);
|
||||
sess.common.hs_transcript.add_message(&m);
|
||||
self.handshake.transcript.add_message(&m);
|
||||
|
||||
validate_encrypted_extensions(sess, &self.hello, exts)?;
|
||||
hs::process_alpn_protocol(sess, exts.get_alpn_protocol())?;
|
||||
|
@ -445,7 +445,7 @@ impl hs::State for ExpectCertificate {
|
|||
|
||||
fn handle(mut self: Box<Self>, sess: &mut ClientSessionImpl, m: Message) -> hs::NextStateOrError {
|
||||
let cert_chain = extract_handshake!(m, HandshakePayload::CertificateTLS13).unwrap();
|
||||
sess.common.hs_transcript.add_message(&m);
|
||||
self.handshake.transcript.add_message(&m);
|
||||
|
||||
// This is only non-empty for client auth.
|
||||
if !cert_chain.context.0.is_empty() {
|
||||
|
@ -579,7 +579,7 @@ impl hs::State for ExpectCertificateVerify {
|
|||
.map_err(|err| send_cert_error_alert(sess, err))?;
|
||||
|
||||
// 2. Verify their signature on the handshake.
|
||||
let handshake_hash = sess.common.hs_transcript.get_current_hash();
|
||||
let handshake_hash = self.handshake.transcript.get_current_hash();
|
||||
let sigv = verify::verify_tls13(&self.server_cert.cert_chain[0],
|
||||
cert_verify,
|
||||
&handshake_hash,
|
||||
|
@ -597,7 +597,7 @@ impl hs::State for ExpectCertificateVerify {
|
|||
}
|
||||
|
||||
sess.server_cert_chain = self.server_cert.take_chain();
|
||||
sess.common.hs_transcript.add_message(&m);
|
||||
self.handshake.transcript.add_message(&m);
|
||||
|
||||
Ok(self.into_expect_finished(certv, sigv))
|
||||
}
|
||||
|
@ -626,9 +626,9 @@ impl hs::State for ExpectCertificateRequest {
|
|||
check_handshake_message(m, &[HandshakeType::CertificateRequest])
|
||||
}
|
||||
|
||||
fn handle(self: Box<Self>, sess: &mut ClientSessionImpl, m: Message) -> hs::NextStateOrError {
|
||||
fn handle(mut self: Box<Self>, sess: &mut ClientSessionImpl, m: Message) -> hs::NextStateOrError {
|
||||
let certreq = &extract_handshake!(m, HandshakePayload::CertificateRequestTLS13).unwrap();
|
||||
sess.common.hs_transcript.add_message(&m);
|
||||
self.handshake.transcript.add_message(&m);
|
||||
debug!("Got CertificateRequest {:?}", certreq);
|
||||
|
||||
// Fortunately the problems here in TLS1.2 and prior are corrected in
|
||||
|
@ -679,7 +679,8 @@ impl hs::State for ExpectCertificateRequest {
|
|||
}
|
||||
}
|
||||
|
||||
fn emit_certificate_tls13(client_auth: &mut ClientAuthDetails,
|
||||
fn emit_certificate_tls13(handshake: &mut HandshakeDetails,
|
||||
client_auth: &mut ClientAuthDetails,
|
||||
sess: &mut ClientSessionImpl) {
|
||||
let context = client_auth.auth_context
|
||||
.take()
|
||||
|
@ -704,11 +705,12 @@ fn emit_certificate_tls13(client_auth: &mut ClientAuthDetails,
|
|||
payload: HandshakePayload::CertificateTLS13(cert_payload),
|
||||
}),
|
||||
};
|
||||
sess.common.hs_transcript.add_message(&m);
|
||||
handshake.transcript.add_message(&m);
|
||||
sess.common.send_msg(m, true);
|
||||
}
|
||||
|
||||
fn emit_certverify_tls13(client_auth: &mut ClientAuthDetails,
|
||||
fn emit_certverify_tls13(handshake: &mut HandshakeDetails,
|
||||
client_auth: &mut ClientAuthDetails,
|
||||
sess: &mut ClientSessionImpl) -> Result<(), TLSError> {
|
||||
if client_auth.signer.is_none() {
|
||||
debug!("Skipping certverify message (no client scheme/key)");
|
||||
|
@ -718,7 +720,7 @@ fn emit_certverify_tls13(client_auth: &mut ClientAuthDetails,
|
|||
let mut message = Vec::new();
|
||||
message.resize(64, 0x20u8);
|
||||
message.extend_from_slice(b"TLS 1.3, client CertificateVerify\x00");
|
||||
message.extend_from_slice(&sess.common.hs_transcript.get_current_hash());
|
||||
message.extend_from_slice(&handshake.transcript.get_current_hash());
|
||||
|
||||
let signer = client_auth.signer.take().unwrap();
|
||||
let scheme = signer.get_scheme();
|
||||
|
@ -734,13 +736,14 @@ fn emit_certverify_tls13(client_auth: &mut ClientAuthDetails,
|
|||
}),
|
||||
};
|
||||
|
||||
sess.common.hs_transcript.add_message(&m);
|
||||
handshake.transcript.add_message(&m);
|
||||
sess.common.send_msg(m, true);
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn emit_finished_tls13(sess: &mut ClientSessionImpl) {
|
||||
let handshake_hash = sess.common.hs_transcript.get_current_hash();
|
||||
fn emit_finished_tls13(handshake: &mut HandshakeDetails,
|
||||
sess: &mut ClientSessionImpl) {
|
||||
let handshake_hash = handshake.transcript.get_current_hash();
|
||||
let verify_data = sess.common
|
||||
.get_key_schedule()
|
||||
.sign_finish(SecretKind::ClientHandshakeTrafficSecret, &handshake_hash);
|
||||
|
@ -755,11 +758,12 @@ fn emit_finished_tls13(sess: &mut ClientSessionImpl) {
|
|||
}),
|
||||
};
|
||||
|
||||
sess.common.hs_transcript.add_message(&m);
|
||||
handshake.transcript.add_message(&m);
|
||||
sess.common.send_msg(m, true);
|
||||
}
|
||||
|
||||
fn emit_end_of_early_data_tls13(sess: &mut ClientSessionImpl) {
|
||||
fn emit_end_of_early_data_tls13(handshake: &mut HandshakeDetails,
|
||||
sess: &mut ClientSessionImpl) {
|
||||
#[cfg(feature = "quic")]
|
||||
{
|
||||
if let Protocol::Quic = sess.common.protocol { return; }
|
||||
|
@ -774,7 +778,7 @@ fn emit_end_of_early_data_tls13(sess: &mut ClientSessionImpl) {
|
|||
}),
|
||||
};
|
||||
|
||||
sess.common.hs_transcript.add_message(&m);
|
||||
handshake.transcript.add_message(&m);
|
||||
sess.common.send_msg(m, true);
|
||||
}
|
||||
|
||||
|
@ -806,7 +810,7 @@ impl hs::State for ExpectFinished {
|
|||
let mut st = *self;
|
||||
let finished = extract_handshake!(m, HandshakePayload::Finished).unwrap();
|
||||
|
||||
let handshake_hash = sess.common.hs_transcript.get_current_hash();
|
||||
let handshake_hash = st.handshake.transcript.get_current_hash();
|
||||
let expect_verify_data = sess.common
|
||||
.get_key_schedule()
|
||||
.sign_finish(SecretKind::ServerHandshakeTrafficSecret, &handshake_hash);
|
||||
|
@ -830,13 +834,13 @@ impl hs::State for ExpectFinished {
|
|||
None
|
||||
};
|
||||
|
||||
sess.common.hs_transcript.add_message(&m);
|
||||
st.handshake.transcript.add_message(&m);
|
||||
|
||||
/* Transition to application data */
|
||||
sess.common.get_mut_key_schedule().input_empty();
|
||||
|
||||
/* Traffic from server is now decrypted with application data keys. */
|
||||
let handshake_hash = sess.common.hs_transcript.get_current_hash();
|
||||
let handshake_hash = st.handshake.transcript.get_current_hash();
|
||||
let read_key = sess.common
|
||||
.get_key_schedule()
|
||||
.derive(SecretKind::ServerApplicationTrafficSecret, &handshake_hash);
|
||||
|
@ -861,7 +865,7 @@ impl hs::State for ExpectFinished {
|
|||
/* The EndOfEarlyData message to server is still encrypted with early data keys,
|
||||
* but appears in the transcript after the server Finished. */
|
||||
if let Some(write_key) = maybe_write_key {
|
||||
emit_end_of_early_data_tls13(sess);
|
||||
emit_end_of_early_data_tls13(&mut st.handshake, sess);
|
||||
sess.common.early_traffic = false;
|
||||
sess.early_data.finished();
|
||||
sess.common.set_message_encrypter(cipher::new_tls13_write(suite, &write_key));
|
||||
|
@ -874,13 +878,15 @@ impl hs::State for ExpectFinished {
|
|||
/* Send our authentication/finished messages. These are still encrypted
|
||||
* with our handshake keys. */
|
||||
if st.client_auth.is_some() {
|
||||
emit_certificate_tls13(st.client_auth.as_mut().unwrap(),
|
||||
emit_certificate_tls13(&mut st.handshake,
|
||||
st.client_auth.as_mut().unwrap(),
|
||||
sess);
|
||||
emit_certverify_tls13(st.client_auth.as_mut().unwrap(),
|
||||
emit_certverify_tls13(&mut st.handshake,
|
||||
st.client_auth.as_mut().unwrap(),
|
||||
sess)?;
|
||||
}
|
||||
|
||||
emit_finished_tls13(sess);
|
||||
emit_finished_tls13(&mut st.handshake, sess);
|
||||
|
||||
/* Now move to our application traffic keys. */
|
||||
hs::check_aligned_handshake(sess)?;
|
||||
|
@ -927,7 +933,7 @@ struct ExpectTraffic {
|
|||
impl ExpectTraffic {
|
||||
fn handle_new_ticket_tls13(&mut self, sess: &mut ClientSessionImpl, m: Message) -> Result<(), TLSError> {
|
||||
let nst = extract_handshake!(m, HandshakePayload::NewSessionTicketTLS13).unwrap();
|
||||
let handshake_hash = sess.common.hs_transcript.get_current_hash();
|
||||
let handshake_hash = self.handshake.transcript.get_current_hash();
|
||||
let resumption_master_secret = sess.common
|
||||
.get_key_schedule()
|
||||
.derive(SecretKind::ResumptionMasterSecret, &handshake_hash);
|
||||
|
|
|
@ -2,10 +2,12 @@ use crate::session::SessionRandoms;
|
|||
use crate::msgs::handshake::{ServerExtension, SessionID};
|
||||
use crate::suites;
|
||||
use crate::key;
|
||||
use crate::hash_hs;
|
||||
|
||||
use std::mem;
|
||||
|
||||
pub struct HandshakeDetails {
|
||||
pub transcript: hash_hs::HandshakeHash,
|
||||
pub hash_at_server_fin: Vec<u8>,
|
||||
pub session_id: SessionID,
|
||||
pub randoms: SessionRandoms,
|
||||
|
@ -16,6 +18,7 @@ pub struct HandshakeDetails {
|
|||
impl HandshakeDetails {
|
||||
pub fn new(extra_exts: Vec<ServerExtension>) -> HandshakeDetails {
|
||||
HandshakeDetails {
|
||||
transcript: hash_hs::HandshakeHash::new(),
|
||||
hash_at_server_fin: Vec::new(),
|
||||
session_id: SessionID::empty(),
|
||||
randoms: SessionRandoms::for_server(),
|
||||
|
|
|
@ -16,7 +16,7 @@ use crate::msgs::handshake::CertificateStatus;
|
|||
use crate::msgs::codec::Codec;
|
||||
use crate::msgs::persist;
|
||||
use crate::session::SessionSecrets;
|
||||
use crate::server::ServerSessionImpl;
|
||||
use crate::server::{ServerSessionImpl, ServerConfig};
|
||||
use crate::suites;
|
||||
use crate::verify;
|
||||
use crate::util;
|
||||
|
@ -272,14 +272,20 @@ pub struct ExpectClientHello {
|
|||
}
|
||||
|
||||
impl ExpectClientHello {
|
||||
pub fn new(extra_exts: Vec<ServerExtension>) -> ExpectClientHello {
|
||||
ExpectClientHello {
|
||||
pub fn new(server_config: &ServerConfig, extra_exts: Vec<ServerExtension>) -> ExpectClientHello {
|
||||
let mut ech = ExpectClientHello {
|
||||
handshake: HandshakeDetails::new(extra_exts),
|
||||
done_retry: false,
|
||||
send_cert_status: false,
|
||||
send_sct: false,
|
||||
send_ticket: false,
|
||||
};
|
||||
|
||||
if server_config.verifier.offer_client_auth() {
|
||||
ech.handshake.transcript.set_client_auth_enabled();
|
||||
}
|
||||
|
||||
ech
|
||||
}
|
||||
|
||||
fn into_expect_tls12_ccs(self) -> NextState {
|
||||
|
@ -348,7 +354,7 @@ impl ExpectClientHello {
|
|||
};
|
||||
|
||||
trace!("sending server hello {:?}", sh);
|
||||
sess.common.hs_transcript.add_message(&sh);
|
||||
self.handshake.transcript.add_message(&sh);
|
||||
sess.common.send_msg(sh, false);
|
||||
Ok(())
|
||||
}
|
||||
|
@ -367,7 +373,7 @@ impl ExpectClientHello {
|
|||
}),
|
||||
};
|
||||
|
||||
sess.common.hs_transcript.add_message(&c);
|
||||
self.handshake.transcript.add_message(&c);
|
||||
sess.common.send_msg(c, false);
|
||||
}
|
||||
|
||||
|
@ -391,7 +397,7 @@ impl ExpectClientHello {
|
|||
}),
|
||||
};
|
||||
|
||||
sess.common.hs_transcript.add_message(&c);
|
||||
self.handshake.transcript.add_message(&c);
|
||||
sess.common.send_msg(c, false);
|
||||
}
|
||||
|
||||
|
@ -431,7 +437,7 @@ impl ExpectClientHello {
|
|||
}),
|
||||
};
|
||||
|
||||
sess.common.hs_transcript.add_message(&m);
|
||||
self.handshake.transcript.add_message(&m);
|
||||
sess.common.send_msg(m, false);
|
||||
Ok(kx)
|
||||
}
|
||||
|
@ -462,7 +468,7 @@ impl ExpectClientHello {
|
|||
};
|
||||
|
||||
trace!("Sending CertificateRequest {:?}", m);
|
||||
sess.common.hs_transcript.add_message(&m);
|
||||
self.handshake.transcript.add_message(&m);
|
||||
sess.common.send_msg(m, false);
|
||||
true
|
||||
}
|
||||
|
@ -477,7 +483,7 @@ impl ExpectClientHello {
|
|||
}),
|
||||
};
|
||||
|
||||
sess.common.hs_transcript.add_message(&m);
|
||||
self.handshake.transcript.add_message(&m);
|
||||
sess.common.send_msg(m, false);
|
||||
}
|
||||
|
||||
|
@ -511,7 +517,7 @@ impl ExpectClientHello {
|
|||
tls12::emit_ticket(&mut self.handshake, sess);
|
||||
}
|
||||
tls12::emit_ccs(sess);
|
||||
tls12::emit_finished(sess);
|
||||
tls12::emit_finished(&mut self.handshake, sess);
|
||||
|
||||
assert!(same_dns_name_or_both_none(sni, sess.get_sni()));
|
||||
|
||||
|
@ -619,7 +625,7 @@ impl State for ExpectClientHello {
|
|||
|
||||
// Start handshake hash.
|
||||
let starting_hash = sess.common.get_suite_assert().get_hash();
|
||||
if !sess.common.hs_transcript.start_hash(starting_hash) {
|
||||
if !self.handshake.transcript.start_hash(starting_hash) {
|
||||
sess.common.send_fatal_alert(AlertDescription::IllegalParameter);
|
||||
return Err(TLSError::PeerIncompatibleError("hash differed on retry"
|
||||
.to_string()));
|
||||
|
@ -635,7 +641,7 @@ impl State for ExpectClientHello {
|
|||
|
||||
// -- TLS1.2 only from hereon in --
|
||||
save_sni(sess, sni.clone());
|
||||
sess.common.hs_transcript.add_message(&m);
|
||||
self.handshake.transcript.add_message(&m);
|
||||
|
||||
if client_hello.ems_support_offered() {
|
||||
self.handshake.using_ems = true;
|
||||
|
|
|
@ -278,19 +278,14 @@ impl fmt::Debug for ServerSessionImpl {
|
|||
impl ServerSessionImpl {
|
||||
pub fn new(server_config: &Arc<ServerConfig>, extra_exts: Vec<ServerExtension>)
|
||||
-> ServerSessionImpl {
|
||||
let mut common = SessionCommon::new(server_config.mtu, false);
|
||||
if server_config.verifier.offer_client_auth() {
|
||||
common.hs_transcript.set_client_auth_enabled();
|
||||
}
|
||||
|
||||
ServerSessionImpl {
|
||||
config: server_config.clone(),
|
||||
common,
|
||||
common: SessionCommon::new(server_config.mtu, false),
|
||||
sni: None,
|
||||
alpn_protocol: None,
|
||||
quic_params: None,
|
||||
error: None,
|
||||
state: Some(Box::new(hs::ExpectClientHello::new(extra_exts))),
|
||||
state: Some(Box::new(hs::ExpectClientHello::new(server_config, extra_exts))),
|
||||
client_cert_chain: None,
|
||||
}
|
||||
}
|
||||
|
|
|
@ -44,14 +44,14 @@ impl hs::State for ExpectCertificate {
|
|||
check_handshake_message(m, &[HandshakeType::Certificate])
|
||||
}
|
||||
|
||||
fn handle(self: Box<Self>, sess: &mut ServerSessionImpl, m: Message) -> hs::NextStateOrError {
|
||||
fn handle(mut self: Box<Self>, sess: &mut ServerSessionImpl, m: Message) -> hs::NextStateOrError {
|
||||
let cert_chain = extract_handshake!(m, HandshakePayload::Certificate).unwrap();
|
||||
sess.common.hs_transcript.add_message(&m);
|
||||
self.handshake.transcript.add_message(&m);
|
||||
|
||||
if cert_chain.is_empty() &&
|
||||
!sess.config.verifier.client_auth_mandatory() {
|
||||
debug!("client auth requested but no certificate supplied");
|
||||
sess.common.hs_transcript.abandon_client_auth();
|
||||
self.handshake.transcript.abandon_client_auth();
|
||||
return Ok(self.into_expect_tls12_client_kx(None));
|
||||
}
|
||||
|
||||
|
@ -101,7 +101,7 @@ impl hs::State for ExpectClientKX {
|
|||
|
||||
fn handle(mut self: Box<Self>, sess: &mut ServerSessionImpl, m: Message) -> hs::NextStateOrError {
|
||||
let client_kx = extract_handshake!(m, HandshakePayload::ClientKeyExchange).unwrap();
|
||||
sess.common.hs_transcript.add_message(&m);
|
||||
self.handshake.transcript.add_message(&m);
|
||||
|
||||
// Complete key agreement, and set up encryption with the
|
||||
// resulting premaster secret.
|
||||
|
@ -117,7 +117,7 @@ impl hs::State for ExpectClientKX {
|
|||
|
||||
let hashalg = sess.common.get_suite_assert().get_hash();
|
||||
let secrets = if self.handshake.using_ems {
|
||||
let handshake_hash = sess.common.hs_transcript.get_current_hash();
|
||||
let handshake_hash = self.handshake.transcript.get_current_hash();
|
||||
SessionSecrets::new_ems(&self.handshake.randoms,
|
||||
&handshake_hash,
|
||||
hashalg,
|
||||
|
@ -165,7 +165,7 @@ impl hs::State for ExpectCertificateVerify {
|
|||
fn handle(mut self: Box<Self>, sess: &mut ServerSessionImpl, m: Message) -> hs::NextStateOrError {
|
||||
let rc = {
|
||||
let sig = extract_handshake!(m, HandshakePayload::CertificateVerify).unwrap();
|
||||
let handshake_msgs = sess.common.hs_transcript.take_handshake_buf();
|
||||
let handshake_msgs = self.handshake.transcript.take_handshake_buf();
|
||||
let certs = &self.client_cert.cert_chain;
|
||||
|
||||
verify::verify_signed_struct(&handshake_msgs, &certs[0], sig)
|
||||
|
@ -179,7 +179,7 @@ impl hs::State for ExpectCertificateVerify {
|
|||
trace!("client CertificateVerify OK");
|
||||
sess.client_cert_chain = Some(self.client_cert.take_chain());
|
||||
|
||||
sess.common.hs_transcript.add_message(&m);
|
||||
self.handshake.transcript.add_message(&m);
|
||||
Ok(self.into_expect_tls12_ccs())
|
||||
}
|
||||
}
|
||||
|
@ -268,7 +268,7 @@ pub fn emit_ticket(handshake: &mut HandshakeDetails,
|
|||
}),
|
||||
};
|
||||
|
||||
sess.common.hs_transcript.add_message(&m);
|
||||
handshake.transcript.add_message(&m);
|
||||
sess.common.send_msg(m, false);
|
||||
}
|
||||
|
||||
|
@ -283,8 +283,9 @@ pub fn emit_ccs(sess: &mut ServerSessionImpl) {
|
|||
sess.common.we_now_encrypting();
|
||||
}
|
||||
|
||||
pub fn emit_finished(sess: &mut ServerSessionImpl) {
|
||||
let vh = sess.common.hs_transcript.get_current_hash();
|
||||
pub fn emit_finished(handshake: &mut HandshakeDetails,
|
||||
sess: &mut ServerSessionImpl) {
|
||||
let vh = handshake.transcript.get_current_hash();
|
||||
let verify_data = sess.common.secrets
|
||||
.as_ref()
|
||||
.unwrap()
|
||||
|
@ -300,7 +301,7 @@ pub fn emit_finished(sess: &mut ServerSessionImpl) {
|
|||
}),
|
||||
};
|
||||
|
||||
sess.common.hs_transcript.add_message(&f);
|
||||
handshake.transcript.add_message(&f);
|
||||
sess.common.send_msg(f, true);
|
||||
}
|
||||
|
||||
|
@ -326,7 +327,7 @@ impl hs::State for ExpectFinished {
|
|||
fn handle(mut self: Box<Self>, sess: &mut ServerSessionImpl, m: Message) -> hs::NextStateOrError {
|
||||
let finished = extract_handshake!(m, HandshakePayload::Finished).unwrap();
|
||||
|
||||
let vh = sess.common.hs_transcript.get_current_hash();
|
||||
let vh = self.handshake.transcript.get_current_hash();
|
||||
let expect_verify_data = sess.common.secrets
|
||||
.as_ref()
|
||||
.unwrap()
|
||||
|
@ -353,14 +354,14 @@ impl hs::State for ExpectFinished {
|
|||
}
|
||||
|
||||
// Send our CCS and Finished.
|
||||
sess.common.hs_transcript.add_message(&m);
|
||||
self.handshake.transcript.add_message(&m);
|
||||
if !self.resuming {
|
||||
if self.send_ticket {
|
||||
emit_ticket(&mut self.handshake,
|
||||
sess);
|
||||
}
|
||||
emit_ccs(sess);
|
||||
emit_finished(sess);
|
||||
emit_finished(&mut self.handshake, sess);
|
||||
}
|
||||
|
||||
sess.common.we_now_encrypting();
|
||||
|
|
|
@ -69,7 +69,7 @@ impl CompleteClientHelloHandling {
|
|||
};
|
||||
|
||||
let suite_hash = sess.common.get_suite_assert().get_hash();
|
||||
let handshake_hash = sess.common.hs_transcript.get_hash_given(suite_hash, &binder_plaintext);
|
||||
let handshake_hash = self.handshake.transcript.get_hash_given(suite_hash, &binder_plaintext);
|
||||
|
||||
let mut key_schedule = KeySchedule::new(suite_hash);
|
||||
key_schedule.input_secret(psk);
|
||||
|
@ -145,11 +145,11 @@ impl CompleteClientHelloHandling {
|
|||
hs::check_aligned_handshake(sess)?;
|
||||
|
||||
#[cfg(feature = "quic")]
|
||||
let client_hello_hash = sess.common.hs_transcript
|
||||
let client_hello_hash = self.handshake.transcript
|
||||
.get_hash_given(sess.common.get_suite_assert().get_hash(), &[]);
|
||||
|
||||
trace!("sending server hello {:?}", sh);
|
||||
sess.common.hs_transcript.add_message(&sh);
|
||||
self.handshake.transcript.add_message(&sh);
|
||||
sess.common.send_msg(sh, false);
|
||||
|
||||
// Start key schedule
|
||||
|
@ -175,7 +175,7 @@ impl CompleteClientHelloHandling {
|
|||
}
|
||||
key_schedule.input_secret(&kxr.premaster_secret);
|
||||
|
||||
let handshake_hash = sess.common.hs_transcript.get_current_hash();
|
||||
let handshake_hash = self.handshake.transcript.get_current_hash();
|
||||
let write_key = key_schedule.derive(SecretKind::ServerHandshakeTrafficSecret, &handshake_hash);
|
||||
let read_key = key_schedule.derive(SecretKind::ClientHandshakeTrafficSecret, &handshake_hash);
|
||||
sess.common.set_message_encrypter(cipher::new_tls13_write(suite, &write_key));
|
||||
|
@ -237,8 +237,8 @@ impl CompleteClientHelloHandling {
|
|||
};
|
||||
|
||||
trace!("Requesting retry {:?}", m);
|
||||
sess.common.hs_transcript.rollup_for_hrr();
|
||||
sess.common.hs_transcript.add_message(&m);
|
||||
self.handshake.transcript.rollup_for_hrr();
|
||||
self.handshake.transcript.add_message(&m);
|
||||
sess.common.send_msg(m, false);
|
||||
}
|
||||
|
||||
|
@ -264,7 +264,7 @@ impl CompleteClientHelloHandling {
|
|||
};
|
||||
|
||||
trace!("sending encrypted extensions {:?}", ee);
|
||||
sess.common.hs_transcript.add_message(&ee);
|
||||
self.handshake.transcript.add_message(&ee);
|
||||
sess.common.send_msg(ee, true);
|
||||
Ok(())
|
||||
}
|
||||
|
@ -297,7 +297,7 @@ impl CompleteClientHelloHandling {
|
|||
};
|
||||
|
||||
trace!("Sending CertificateRequest {:?}", m);
|
||||
sess.common.hs_transcript.add_message(&m);
|
||||
self.handshake.transcript.add_message(&m);
|
||||
sess.common.send_msg(m, true);
|
||||
true
|
||||
}
|
||||
|
@ -344,7 +344,7 @@ impl CompleteClientHelloHandling {
|
|||
};
|
||||
|
||||
trace!("sending certificate {:?}", c);
|
||||
sess.common.hs_transcript.add_message(&c);
|
||||
self.handshake.transcript.add_message(&c);
|
||||
sess.common.send_msg(c, true);
|
||||
}
|
||||
|
||||
|
@ -356,7 +356,7 @@ impl CompleteClientHelloHandling {
|
|||
let mut message = Vec::new();
|
||||
message.resize(64, 0x20u8);
|
||||
message.extend_from_slice(b"TLS 1.3, server CertificateVerify\x00");
|
||||
message.extend_from_slice(&sess.common.hs_transcript.get_current_hash());
|
||||
message.extend_from_slice(&self.handshake.transcript.get_current_hash());
|
||||
|
||||
let signing_key = &server_key.key;
|
||||
let signer = signing_key.choose_scheme(schemes)
|
||||
|
@ -377,13 +377,13 @@ impl CompleteClientHelloHandling {
|
|||
};
|
||||
|
||||
trace!("sending certificate-verify {:?}", m);
|
||||
sess.common.hs_transcript.add_message(&m);
|
||||
self.handshake.transcript.add_message(&m);
|
||||
sess.common.send_msg(m, true);
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn emit_finished_tls13(&mut self, sess: &mut ServerSessionImpl) {
|
||||
let handshake_hash = sess.common.hs_transcript.get_current_hash();
|
||||
let handshake_hash = self.handshake.transcript.get_current_hash();
|
||||
let verify_data = sess.common
|
||||
.get_key_schedule()
|
||||
.sign_finish(SecretKind::ServerHandshakeTrafficSecret, &handshake_hash);
|
||||
|
@ -399,8 +399,8 @@ impl CompleteClientHelloHandling {
|
|||
};
|
||||
|
||||
trace!("sending finished {:?}", m);
|
||||
sess.common.hs_transcript.add_message(&m);
|
||||
self.handshake.hash_at_server_fin = sess.common.hs_transcript.get_current_hash();
|
||||
self.handshake.transcript.add_message(&m);
|
||||
self.handshake.hash_at_server_fin = self.handshake.transcript.get_current_hash();
|
||||
sess.common.send_msg(m, true);
|
||||
|
||||
// Now move to application data keys.
|
||||
|
@ -497,7 +497,7 @@ impl CompleteClientHelloHandling {
|
|||
// We don't have a suitable key share. Choose a suitable group and
|
||||
// send a HelloRetryRequest.
|
||||
let retry_group_maybe = util::first_in_both(supported_groups, groups_ext);
|
||||
sess.common.hs_transcript.add_message(chm);
|
||||
self.handshake.transcript.add_message(chm);
|
||||
|
||||
if let Some(group) = retry_group_maybe {
|
||||
if self.done_retry {
|
||||
|
@ -564,7 +564,7 @@ impl CompleteClientHelloHandling {
|
|||
}
|
||||
|
||||
let full_handshake = resumedata.is_none();
|
||||
sess.common.hs_transcript.add_message(chm);
|
||||
self.handshake.transcript.add_message(chm);
|
||||
self.emit_server_hello(sess, &client_hello.session_id,
|
||||
chosen_share, chosen_psk_index,
|
||||
resumedata.as_ref().map(|x| &x.master_secret.0[..]))?;
|
||||
|
@ -621,9 +621,9 @@ impl hs::State for ExpectCertificate {
|
|||
check_handshake_message(m, &[HandshakeType::Certificate])
|
||||
}
|
||||
|
||||
fn handle(self: Box<Self>, sess: &mut ServerSessionImpl, m: Message) -> hs::NextStateOrError {
|
||||
fn handle(mut self: Box<Self>, sess: &mut ServerSessionImpl, m: Message) -> hs::NextStateOrError {
|
||||
let certp = extract_handshake!(m, HandshakePayload::CertificateTLS13).unwrap();
|
||||
sess.common.hs_transcript.add_message(&m);
|
||||
self.handshake.transcript.add_message(&m);
|
||||
|
||||
// We don't send any CertificateRequest extensions, so any extensions
|
||||
// here are illegal.
|
||||
|
@ -637,7 +637,7 @@ impl hs::State for ExpectCertificate {
|
|||
if cert_chain.is_empty() {
|
||||
if !sess.config.verifier.client_auth_mandatory() {
|
||||
debug!("client auth requested but no certificate supplied");
|
||||
sess.common.hs_transcript.abandon_client_auth();
|
||||
self.handshake.transcript.abandon_client_auth();
|
||||
return Ok(self.into_expect_finished());
|
||||
}
|
||||
|
||||
|
@ -679,8 +679,8 @@ impl hs::State for ExpectCertificateVerify {
|
|||
fn handle(mut self: Box<Self>, sess: &mut ServerSessionImpl, m: Message) -> hs::NextStateOrError {
|
||||
let rc = {
|
||||
let sig = extract_handshake!(m, HandshakePayload::CertificateVerify).unwrap();
|
||||
let handshake_hash = sess.common.hs_transcript.get_current_hash();
|
||||
sess.common.hs_transcript.abandon_client_auth();
|
||||
let handshake_hash = self.handshake.transcript.get_current_hash();
|
||||
self.handshake.transcript.abandon_client_auth();
|
||||
let certs = &self.client_cert.cert_chain;
|
||||
|
||||
verify::verify_tls13(&certs[0],
|
||||
|
@ -697,19 +697,20 @@ impl hs::State for ExpectCertificateVerify {
|
|||
trace!("client CertificateVerify OK");
|
||||
sess.client_cert_chain = Some(self.client_cert.take_chain());
|
||||
|
||||
sess.common.hs_transcript.add_message(&m);
|
||||
self.handshake.transcript.add_message(&m);
|
||||
Ok(self.into_expect_finished())
|
||||
}
|
||||
}
|
||||
|
||||
// --- Process client's Finished ---
|
||||
fn get_server_session_value(sess: &ServerSessionImpl,
|
||||
nonce: &[u8]) -> persist::ServerSessionValue {
|
||||
fn get_server_session_value(handshake: &mut HandshakeDetails,
|
||||
sess: &ServerSessionImpl,
|
||||
nonce: &[u8]) -> persist::ServerSessionValue {
|
||||
let scs = sess.common.get_suite_assert();
|
||||
let version = ProtocolVersion::TLSv1_3;
|
||||
|
||||
let handshake_hash = sess.common
|
||||
.hs_transcript
|
||||
let handshake_hash = handshake
|
||||
.transcript
|
||||
.get_current_hash();
|
||||
let resumption_master_secret = sess.common
|
||||
.get_key_schedule()
|
||||
|
@ -740,7 +741,8 @@ impl ExpectFinished {
|
|||
fn emit_stateless_ticket(&mut self, sess: &mut ServerSessionImpl) {
|
||||
debug_assert!(self.send_ticket);
|
||||
let nonce = rand::random_vec(32);
|
||||
let plain = get_server_session_value(sess, &nonce)
|
||||
let plain = get_server_session_value(&mut self.handshake,
|
||||
sess, &nonce)
|
||||
.get_encoding();
|
||||
let maybe_ticket = sess.config
|
||||
.ticketer
|
||||
|
@ -770,7 +772,7 @@ impl ExpectFinished {
|
|||
};
|
||||
|
||||
trace!("sending new ticket {:?}", m);
|
||||
sess.common.hs_transcript.add_message(&m);
|
||||
self.handshake.transcript.add_message(&m);
|
||||
sess.common.send_msg(m, true);
|
||||
}
|
||||
|
||||
|
@ -778,7 +780,8 @@ impl ExpectFinished {
|
|||
debug_assert!(self.send_ticket);
|
||||
let nonce = rand::random_vec(32);
|
||||
let id = rand::random_vec(32);
|
||||
let plain = get_server_session_value(sess, &nonce)
|
||||
let plain = get_server_session_value(&mut self.handshake,
|
||||
sess, &nonce)
|
||||
.get_encoding();
|
||||
|
||||
if sess.config.session_storage.put(id.clone(), plain) {
|
||||
|
@ -801,7 +804,7 @@ impl ExpectFinished {
|
|||
};
|
||||
|
||||
trace!("sending new stateful ticket {:?}", m);
|
||||
sess.common.hs_transcript.add_message(&m);
|
||||
self.handshake.transcript.add_message(&m);
|
||||
sess.common.send_msg(m, true);
|
||||
} else {
|
||||
trace!("resumption not available; not issuing ticket");
|
||||
|
@ -817,7 +820,7 @@ impl hs::State for ExpectFinished {
|
|||
fn handle(mut self: Box<Self>, sess: &mut ServerSessionImpl, m: Message) -> hs::NextStateOrError {
|
||||
let finished = extract_handshake!(m, HandshakePayload::Finished).unwrap();
|
||||
|
||||
let handshake_hash = sess.common.hs_transcript.get_current_hash();
|
||||
let handshake_hash = self.handshake.transcript.get_current_hash();
|
||||
let expect_verify_data = sess.common
|
||||
.get_key_schedule()
|
||||
.sign_finish(SecretKind::ClientHandshakeTrafficSecret, &handshake_hash);
|
||||
|
@ -832,7 +835,7 @@ impl hs::State for ExpectFinished {
|
|||
|
||||
// nb. future derivations include Client Finished, but not the
|
||||
// main application data keying.
|
||||
sess.common.hs_transcript.add_message(&m);
|
||||
self.handshake.transcript.add_message(&m);
|
||||
|
||||
// Now move to using application data keys for client traffic.
|
||||
// Server traffic is already done.
|
||||
|
|
|
@ -17,7 +17,6 @@ use crate::key_schedule::{SecretKind, KeySchedule};
|
|||
use crate::prf;
|
||||
use crate::rand;
|
||||
use crate::quic;
|
||||
use crate::hash_hs;
|
||||
#[cfg(feature = "logging")]
|
||||
use crate::log::{warn, debug, error};
|
||||
|
||||
|
@ -456,7 +455,6 @@ pub struct SessionCommon {
|
|||
received_plaintext: ChunkVecBuffer,
|
||||
sendable_plaintext: ChunkVecBuffer,
|
||||
pub sendable_tls: ChunkVecBuffer,
|
||||
pub hs_transcript: hash_hs::HandshakeHash,
|
||||
/// Protocol whose key schedule should be used. Unused for TLS < 1.3.
|
||||
pub protocol: Protocol,
|
||||
#[cfg(feature = "quic")]
|
||||
|
@ -487,7 +485,6 @@ impl SessionCommon {
|
|||
received_plaintext: ChunkVecBuffer::new(),
|
||||
sendable_plaintext: ChunkVecBuffer::new(),
|
||||
sendable_tls: ChunkVecBuffer::new(),
|
||||
hs_transcript: hash_hs::HandshakeHash::new(),
|
||||
protocol: Protocol::Tls13,
|
||||
#[cfg(feature = "quic")]
|
||||
quic: Quic::new(),
|
||||
|
|
Loading…
Reference in New Issue