blaze_ssl_async/handshake/
client.rs

1//! Module contains logic and state for completing the
2//! SSL handshaking process from a client perspective
3
4use super::{HandleResult, Handshaking, MessageHandler};
5use crate::{
6    crypto::{
7        compute_finished_hashes, create_keys,
8        rc4::{Rc4Decryptor, Rc4Encryptor},
9        HashAlgorithm, KeyWithMac, MasterKey,
10    },
11    msg::{
12        handshake::{
13            CertificateChain, Finished, HandshakeMessage, OpaqueBytes, ServerHello, ServerHelloDone,
14        },
15        types::{
16            AlertDescription, Certificate, CipherSuite, HandshakeType, MessageType, SSLRandom,
17        },
18        AlertError, Message,
19    },
20};
21use rsa::{
22    pkcs1::DecodeRsaPublicKey,
23    rand_core::{OsRng, RngCore},
24    Pkcs1v15Encrypt, RsaPublicKey,
25};
26use x509_cert::{der::Decode, Certificate as X509Certificate};
27
28pub(crate) struct ExpectServerHello {
29    /// Random data this client is using
30    pub(crate) client_random: SSLRandom,
31}
32
33impl MessageHandler for ExpectServerHello {
34    fn on_handshake(
35        self: Box<Self>,
36        _state: &mut Handshaking,
37        message: HandshakeMessage,
38    ) -> HandleResult {
39        let server_hello: ServerHello = message.expect_type(HandshakeType::ServerHello)?;
40        let alg: HashAlgorithm = match server_hello.cipher_suite {
41            CipherSuite::TLS_RSA_WITH_RC4_128_MD5 => HashAlgorithm::Md5,
42            CipherSuite::TLS_RSA_WITH_RC4_128_SHA => HashAlgorithm::Sha1,
43            _ => return Err(AlertError::fatal(AlertDescription::HandshakeFailure)),
44        };
45
46        Ok(Some(Box::new(ExpectCertificate {
47            client_random: self.client_random,
48            server_random: server_hello.random,
49            alg,
50        })))
51    }
52}
53
54struct ExpectCertificate {
55    client_random: SSLRandom,
56    server_random: SSLRandom,
57    alg: HashAlgorithm,
58}
59
60impl MessageHandler for ExpectCertificate {
61    fn on_handshake(
62        self: Box<Self>,
63        _state: &mut Handshaking,
64        message: HandshakeMessage,
65    ) -> HandleResult {
66        let CertificateChain(certs) = message.expect_type(HandshakeType::Certificate)?;
67
68        // Choose the first certificate or give an error1
69        let certificate = certs
70            .into_iter()
71            .next()
72            .ok_or(AlertError::fatal(AlertDescription::IllegalParameter))?;
73
74        Ok(Some(Box::new(ExpectServerHelloDone {
75            client_random: self.client_random,
76            server_random: self.server_random,
77            alg: self.alg,
78            certificate,
79        })))
80    }
81}
82
83struct ExpectServerHelloDone {
84    client_random: SSLRandom,
85    server_random: SSLRandom,
86    alg: HashAlgorithm,
87    certificate: Certificate,
88}
89
90impl MessageHandler for ExpectServerHelloDone {
91    fn on_handshake(
92        self: Box<Self>,
93        state: &mut Handshaking,
94        message: HandshakeMessage,
95    ) -> HandleResult {
96        let _: ServerHelloDone = message.expect_type(HandshakeType::ServerHelloDone)?;
97
98        let mut rng = OsRng;
99
100        // Generate the pre master secret
101        let mut pm_secret = [0u8; 48];
102        // SSLv3 protocol version as first 2 secret bytes
103        pm_secret[0..2].copy_from_slice(&[3, 0]);
104        rng.fill_bytes(&mut pm_secret[2..]);
105
106        // Parse the x509 certificate
107        let x509 = X509Certificate::from_der(&self.certificate.0)
108            .map_err(|_| AlertError::fatal(AlertDescription::IllegalParameter))?;
109
110        // Create the public key from the certificate
111        let public_key = RsaPublicKey::from_pkcs1_der(
112            x509.tbs_certificate
113                .subject_public_key_info
114                .subject_public_key
115                .raw_bytes(),
116        )
117        .map_err(|_| AlertError::fatal(AlertDescription::IllegalParameter))?;
118
119        // Encrypt the pre master secret
120        let pm_encrypted = public_key
121            .encrypt(&mut rng, Pkcs1v15Encrypt, &pm_secret)
122            .map_err(|_| AlertError::fatal(AlertDescription::IllegalParameter))?;
123
124        // Begin the server key exchange
125        state.write_handshake(HandshakeMessage::new(
126            HandshakeType::ClientKeyExchange,
127            OpaqueBytes(pm_encrypted),
128        ));
129
130        // Create the keys to use
131        let keys = create_keys(
132            &pm_secret,
133            &self.client_random,
134            &self.server_random,
135            self.alg,
136        );
137
138        // Emit the change of cipher
139        state.write_message(Message::new(MessageType::ChangeCipherSpec, vec![1]));
140
141        // Switch the stream to use the server encryption
142        state.stream.encryptor = Some(Rc4Encryptor::new(keys.client.key, keys.client.mac));
143
144        // Write the finished message
145        let finished = compute_finished_hashes(&keys.master_key, true, state.transcript.current());
146        state.write_handshake(HandshakeMessage::new(HandshakeType::Finished, finished));
147
148        Ok(Some(Box::new(ExpectChangeCipherSpec {
149            master_key: keys.master_key,
150            server_key: keys.server,
151        })))
152    }
153}
154
155/// Server version of expecting a change in the cipher spec
156struct ExpectChangeCipherSpec {
157    master_key: MasterKey,
158    server_key: KeyWithMac,
159}
160
161impl MessageHandler for ExpectChangeCipherSpec {
162    fn on_message(self: Box<Self>, state: &mut Handshaking, message: Message) -> HandleResult {
163        // Expecting a change cipher spec message
164        let MessageType::ChangeCipherSpec = message.message_type else {
165            return Err(AlertError::fatal(AlertDescription::UnexpectedMessage));
166        };
167
168        // Switch the stream to use the server encryption
169        state.stream.decryptor = Some(Rc4Decryptor::new(self.server_key.key, self.server_key.mac));
170
171        Ok(Some(Box::new(ExpectServerFinished {
172            master_key: self.master_key,
173        })))
174    }
175}
176
177/// Handles expecting the finished message from the client,
178/// changing the cipher spec, and emitting the server finished
179struct ExpectServerFinished {
180    /// The master key
181    master_key: MasterKey,
182}
183
184impl MessageHandler for ExpectServerFinished {
185    fn on_handshake(
186        self: Box<Self>,
187        state: &mut Handshaking,
188        message: HandshakeMessage,
189    ) -> HandleResult {
190        let finished: Finished = message.expect_type(HandshakeType::Finished)?;
191        let expected = compute_finished_hashes(&self.master_key, false, state.transcript.peer());
192
193        // Ensure the finished hashes match
194        if finished != expected {
195            return Err(AlertError::fatal(AlertDescription::IllegalParameter));
196        }
197
198        Ok(None)
199    }
200}