mirror of https://github.com/ctz/rustls
168 lines
4.6 KiB
Rust
168 lines
4.6 KiB
Rust
use crate::msgs::handshake::CertificatePayload;
|
|
use crate::msgs::handshake::DigitallySignedStruct;
|
|
use crate::msgs::handshake::SessionID;
|
|
use crate::msgs::handshake::SCTList;
|
|
use crate::msgs::handshake::ServerExtension;
|
|
use crate::msgs::handshake::ClientExtension;
|
|
use crate::msgs::persist;
|
|
use crate::msgs::enums::ExtensionType;
|
|
use crate::msgs::enums::NamedGroup;
|
|
use crate::session::SessionRandoms;
|
|
use crate::hash_hs;
|
|
use crate::sign;
|
|
use crate::suites;
|
|
#[cfg(feature = "logging")]
|
|
use crate::log::trace;
|
|
use webpki;
|
|
|
|
use std::mem;
|
|
|
|
pub struct ServerCertDetails {
|
|
pub cert_chain: CertificatePayload,
|
|
pub ocsp_response: Vec<u8>,
|
|
pub scts: Option<SCTList>,
|
|
}
|
|
|
|
impl ServerCertDetails {
|
|
pub fn new() -> ServerCertDetails {
|
|
ServerCertDetails {
|
|
cert_chain: Vec::new(),
|
|
ocsp_response: Vec::new(),
|
|
scts: None,
|
|
}
|
|
}
|
|
|
|
pub fn take_chain(&mut self) -> CertificatePayload {
|
|
mem::replace(&mut self.cert_chain, Vec::new())
|
|
}
|
|
}
|
|
|
|
pub struct ServerKXDetails {
|
|
pub kx_params: Vec<u8>,
|
|
pub kx_sig: DigitallySignedStruct,
|
|
}
|
|
|
|
impl ServerKXDetails {
|
|
pub fn new(params: Vec<u8>, sig: DigitallySignedStruct) -> ServerKXDetails {
|
|
ServerKXDetails {
|
|
kx_params: params,
|
|
kx_sig: sig,
|
|
}
|
|
}
|
|
}
|
|
|
|
pub struct HandshakeDetails {
|
|
pub resuming_session: Option<persist::ClientSessionValue>,
|
|
pub transcript: hash_hs::HandshakeHash,
|
|
pub hash_at_client_recvd_server_hello: Vec<u8>,
|
|
pub randoms: SessionRandoms,
|
|
pub using_ems: bool,
|
|
pub session_id: SessionID,
|
|
pub sent_tls13_fake_ccs: bool,
|
|
pub dns_name: webpki::DNSName,
|
|
pub extra_exts: Vec<ClientExtension>,
|
|
}
|
|
|
|
impl HandshakeDetails {
|
|
pub fn new(host_name: webpki::DNSName, extra_exts: Vec<ClientExtension>) -> HandshakeDetails {
|
|
HandshakeDetails {
|
|
resuming_session: None,
|
|
transcript: hash_hs::HandshakeHash::new(),
|
|
hash_at_client_recvd_server_hello: Vec::new(),
|
|
randoms: SessionRandoms::for_client(),
|
|
using_ems: false,
|
|
session_id: SessionID::empty(),
|
|
sent_tls13_fake_ccs: false,
|
|
dns_name: host_name,
|
|
extra_exts,
|
|
}
|
|
}
|
|
}
|
|
|
|
pub struct ClientHelloDetails {
|
|
pub sent_extensions: Vec<ExtensionType>,
|
|
pub offered_key_shares: Vec<suites::KeyExchange>,
|
|
}
|
|
|
|
impl ClientHelloDetails {
|
|
pub fn new() -> ClientHelloDetails {
|
|
ClientHelloDetails {
|
|
sent_extensions: Vec::new(),
|
|
offered_key_shares: Vec::new(),
|
|
}
|
|
}
|
|
|
|
pub fn has_key_share(&self, group: NamedGroup) -> bool {
|
|
self.offered_key_shares
|
|
.iter()
|
|
.any(|share| share.group == group)
|
|
}
|
|
|
|
pub fn find_key_share(&mut self, group: NamedGroup) -> Option<suites::KeyExchange> {
|
|
self.offered_key_shares.iter()
|
|
.position(|s| s.group == group)
|
|
.map(|idx| self.offered_key_shares.remove(idx))
|
|
}
|
|
|
|
pub fn find_key_share_and_discard_others(&mut self, group: NamedGroup)
|
|
-> Option<suites::KeyExchange> {
|
|
match self.find_key_share(group) {
|
|
Some(group) => {
|
|
self.offered_key_shares.clear();
|
|
Some(group)
|
|
}
|
|
None => {
|
|
None
|
|
}
|
|
}
|
|
}
|
|
|
|
pub fn server_sent_unsolicited_extensions(&self,
|
|
received_exts: &[ServerExtension],
|
|
allowed_unsolicited: &[ExtensionType]) -> bool {
|
|
for ext in received_exts {
|
|
let ext_type = ext.get_type();
|
|
if !self.sent_extensions.contains(&ext_type) && !allowed_unsolicited.contains(&ext_type) {
|
|
trace!("Unsolicited extension {:?}", ext_type);
|
|
return true;
|
|
}
|
|
}
|
|
|
|
false
|
|
}
|
|
}
|
|
|
|
pub struct ReceivedTicketDetails {
|
|
pub new_ticket: Vec<u8>,
|
|
pub new_ticket_lifetime: u32,
|
|
}
|
|
|
|
impl ReceivedTicketDetails {
|
|
pub fn new() -> ReceivedTicketDetails {
|
|
ReceivedTicketDetails::from(Vec::new(), 0)
|
|
}
|
|
|
|
pub fn from(ticket: Vec<u8>, lifetime: u32) -> ReceivedTicketDetails {
|
|
ReceivedTicketDetails {
|
|
new_ticket: ticket,
|
|
new_ticket_lifetime: lifetime,
|
|
}
|
|
}
|
|
}
|
|
|
|
pub struct ClientAuthDetails {
|
|
pub cert: Option<CertificatePayload>,
|
|
pub signer: Option<Box<dyn sign::Signer>>,
|
|
pub auth_context: Option<Vec<u8>>,
|
|
}
|
|
|
|
impl ClientAuthDetails {
|
|
pub fn new() -> ClientAuthDetails {
|
|
ClientAuthDetails {
|
|
cert: None,
|
|
signer: None,
|
|
auth_context: None,
|
|
}
|
|
}
|
|
}
|