rustls 0.1.2

Rustls is a modern TLS library written in Rust.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

b0VIM 7.4b��W��-��jbpdebian~jbp/rustls/src/server_hs.rsutf-8
3210#"! UtphwiX�]8p�Xad�h�xD���B�
�
�
b
!
��h-�������mQP<.-
�
�
�
z
h
_
O
I
E
B
A
�	�	�	H	#		�����U98+���IH���S4
��}ohdcO���CB&������k;��RNM8���    payload: MessagePayload::Handshake(    version: ProtocolVersion::TLSv1_2,    typ: ContentType::Handshake,  let sh = Message {  }    sess.handshake_data.session_id = sessid;      .generate();    let sessid = sess.config.session_storage.lock().unwrap()  if sess.handshake_data.session_id.is_empty() {  let extensions = try!(process_extensions(sess, hello));  sess.handshake_data.generate_server_random();fn emit_server_hello(sess: &mut ServerSessionImpl, hello: &ClientHelloPayload) -> Result<(), TLSError> {}  Ok(ret)  }    ret.push(ServerExtension::make_empty_renegotiation_info());  if secure_reneg_offered {    hello.cipher_suites.contains(&CipherSuite::TLS_EMPTY_RENEGOTIATION_INFO_SCSV);    hello.find_extension(ExtensionType::RenegotiationInfo).is_some() ||  let secure_reneg_offered =   * (We don't do reneg at all, but would support the secure version if we did.) */  /* Renegotiation.  }    };      _ => {}      },        ret.push(ServerExtension::make_alpn(selected_protocol.clone()))        info!("Chosen ALPN protocol {:?}", selected_protocol);      Some(ref selected_protocol) => {    match sess.alpn_protocol {    sess.alpn_protocol = util::first_in_both(&our_protocols, &their_proto_strings);    }      return Err(TLSError::PeerMisbehavedError("client offered empty ALPN protocol".to_string()));    if their_proto_strings.contains(&"".to_string()) {    let their_proto_strings = their_protocols.to_strings();  if let Some(their_protocols) = maybe_their_protocols {  let maybe_their_protocols = hello.get_alpn_extension();  let our_protocols = &sess.config.alpn_protocols;  /* ALPN */  let mut ret = Vec::new();  -> Result<Vec<ServerExtension>, TLSError> {fn process_extensions(sess: &mut ServerSessionImpl, hello: &ClientHelloPayload)}  pub handle: HandleFunction  pub expect: Expectation,pub struct Handler { * functions rather than a trait. */ * connection state. They must not have state of their own -- so they're/* These are effectively operations on the ServerSessionImpl, variant on thepub type HandleFunction = fn(&mut ServerSessionImpl, m: &Message) -> Result<ConnState, TLSError>;);  )    }      _ => None      },        _ => None        $t(ref hm) => Some(hm),      MessagePayload::Handshake(ref hsp) => match hsp.payload {    match $m.payload {  ( $m:expr, $t:path ) => (macro_rules! extract_handshake(use std::mem;use std::sync::Arc;use handshake::Expectation;use error::TLSError;use util;use verify;use sign;use suites;use server::{ServerSessionImpl, ConnState};use msgs::persist;use msgs::codec::Codec;use msgs::ccs::ChangeCipherSpecPayload;use msgs::handshake::SupportedMandatedSignatureAlgorithms;use msgs::handshake::CertificateRequestPayload;use msgs::handshake::{ServerKeyExchangePayload, ECDHEServerKeyExchange};use msgs::handshake::{ServerECDHParams, DigitallySignedStruct};use msgs::handshake::{ECPointFormatList, SupportedPointFormats};use msgs::handshake::{EllipticCurveList, SupportedCurves};use msgs::handshake::SignatureAndHashAlgorithm;use msgs::handshake::ConvertProtocolNameList;use msgs::handshake::{ClientHelloPayload, ServerExtension, SessionID};use msgs::handshake::{HandshakeMessagePayload, ServerHelloPayload, Random};use msgs::handshake::{HandshakePayload, SupportedSignatureAlgorithms};use msgs::base::Payload;use msgs::message::{Message, MessagePayload};use msgs::enums::ClientCertificateType;use msgs::enums::{ExtensionType, AlertDescription};use msgs::enums::{Compression, NamedCurve, ECPointFormat, CipherSuite};use msgs::enums::{ContentType, HandshakeType, ProtocolVersion};adu�X��gba>��g0/�
�
�
�
e
$




����Z
���xp�
�
�
�
Y

�	�	�	:	���jL?����hdKIH�����a����w_+
���};  handle: handle_traffic  },    handshake_types: &[]    content_types: &[ContentType::ApplicationData],  expect: Expectation {pub static TRAFFIC: Handler = Handler {}  Ok(ConnState::Traffic)  sess.common.take_received_plaintext(m.get_opaque_payload().unwrap());fn handle_traffic(sess: &mut ServerSessionImpl, m: &Message) -> Result<ConnState, TLSError> {/* --- Process traffic --- */};  handle: handle_finished  },    handshake_types: &[HandshakeType::Finished]    content_types: &[ContentType::Handshake],  expect: Expectation {pub static EXPECT_FINISHED: Handler = Handler {}  Ok(ConnState::Traffic)  }    emit_finished(sess);    emit_ccs(sess);  if !sess.handshake_data.doing_resume {  sess.handshake_data.transcript.add_message(m);  /* Send our CCS and Finished. */  }    }      info!("Session not saved");    } else {      info!("Session saved");    if persist.put(&sess.handshake_data.session_id, value.get_encoding()) {    let mut persist = sess.config.session_storage.lock().unwrap();                                                 client_certs);                                                 sess.secrets_current.get_master_secret(),    let value = persist::ServerSessionValue::new(&scs.suite,    let client_certs = &sess.handshake_data.valid_client_cert_chain;    let scs = sess.handshake_data.ciphersuite.as_ref().unwrap();  if !sess.handshake_data.doing_resume && !sess.handshake_data.session_id.is_empty() {  /* Save session, perhaps */  );      .map_err(|_| { error!("Finished wrong"); TLSError::DecryptError })    ring::constant_time::verify_slices_are_equal(&expect_verify_data, &finished.0)  try!(  use ring;  let expect_verify_data = sess.secrets_current.client_verify_data(&vh);  let vh = sess.handshake_data.transcript.get_current_hash();  let finished = extract_handshake!(m, HandshakePayload::Finished).unwrap();fn handle_finished(sess: &mut ServerSessionImpl, m: &Message) -> Result<ConnState, TLSError> {}  sess.common.send_msg(&f, true);  sess.handshake_data.transcript.add_message(&f);  };    )      }        payload: HandshakePayload::Finished(verify_data_payload)        typ: HandshakeType::Finished,      HandshakeMessagePayload {    payload: MessagePayload::Handshake(    version: ProtocolVersion::TLSv1_2,    typ: ContentType::Handshake,  let f = Message {  let verify_data_payload = Payload::new(verify_data);  let verify_data = sess.secrets_current.server_verify_data(&vh);  let vh = sess.handshake_data.transcript.get_current_hash();fn emit_finished(sess: &mut ServerSessionImpl) {}  sess.common.we_now_encrypting();  sess.common.send_msg(&m, false);  };    payload: MessagePayload::ChangeCipherSpec(ChangeCipherSpecPayload {})    version: ProtocolVersion::TLSv1_2,    typ: ContentType::ChangeCipherSpec,adw���h2��T!�
�
�
�
�
�
�
�
v
R
I
G
F

����a9������oLJI�
�
q
_

�	�	�	j	i	M		�����FA@�������mF�������W%��������KJ#��vc^]I(���OGA<;�����I5    typ: ContentType::Handshake,  let m = Message {fn emit_server_hello_done(sess: &mut ServerSessionImpl) {}  sess.handshake_data.doing_client_auth = true;  sess.common.send_msg(&m, false);  sess.handshake_data.transcript.add_message(&m);  debug!("Sending CertificateRequest {:?}", m);  };    )      }        payload: HandshakePayload::CertificateRequest(cr)        typ: HandshakeType::CertificateRequest,      HandshakeMessagePayload {    payload: MessagePayload::Handshake(    version: ProtocolVersion::TLSv1_2,    typ: ContentType::Handshake,  let m = Message {  };    canames: names    sigalgs: SupportedSignatureAlgorithms::supported_verify(),                     ClientCertificateType::ECDSASign ],    certtypes: vec![ ClientCertificateType::RSASign,  let cr = CertificateRequestPayload {  let names = sess.config.client_auth_roots.get_subjects();  }    return;  if !sess.config.client_auth_offer {fn emit_certificate_req(sess: &mut ServerSessionImpl) {}  Ok(())  sess.common.send_msg(&m, false);  sess.handshake_data.transcript.add_message(&m);  sess.handshake_data.kx_data = Some(kx);  };    )      }        payload: HandshakePayload::ServerKeyExchange(skx)        typ: HandshakeType::ServerKeyExchange,      HandshakeMessagePayload {    payload: MessagePayload::Handshake(    version: ProtocolVersion::TLSv1_2,    typ: ContentType::Handshake,  let m = Message {  );    }      dss: DigitallySignedStruct::new(sigalg, sig)      params: secdh,    ECDHEServerKeyExchange {  let skx = ServerKeyExchangePayload::ECDHE(  );    .map_err(|_| TLSError::General("signing failed".to_string()))    signer.sign(&sigalg.hash, &msg)  let sig = try!(  secdh.encode(&mut msg);  msg.extend(&sess.handshake_data.secrets.server_random);  msg.extend(&sess.handshake_data.secrets.client_random);  let mut msg = Vec::new();  let secdh = ServerECDHParams::new(curve, &kx.pubkey);  });      .ok_or_else(|| TLSError::PeerMisbehavedError("key exchange failed".to_string()))    scs.start_server_kx(curve)    let scs = sess.handshake_data.ciphersuite.as_ref().unwrap();  let kx = try!({                  signer: Arc<Box<sign::Signer>>) -> Result<(), TLSError> {                  curve: &NamedCurve,                  sigalg: &SignatureAndHashAlgorithm,fn emit_server_kx(sess: &mut ServerSessionImpl,}  sess.common.send_msg(&c, false);  sess.handshake_data.transcript.add_message(&c);  };    )      }        payload: HandshakePayload::Certificate(cert_chain)        typ: HandshakeType::Certificate,      HandshakeMessagePayload {    payload: MessagePayload::Handshake(    version: ProtocolVersion::TLSv1_2,    typ: ContentType::Handshake,  let c = Message {  let cert_chain = sess.handshake_data.server_cert_chain.as_ref().unwrap().clone();fn emit_certificate(sess: &mut ServerSessionImpl) {}  Ok(())  sess.common.send_msg(&sh, false);  sess.handshake_data.transcript.add_message(&sh);  debug!("sending server hello {:?}", sh);  };    )      }        )          }            extensions: extensions            compression_method: Compression::Null,            cipher_suite: sess.handshake_data.ciphersuite.unwrap().suite,            session_id: sess.handshake_data.session_id.clone(),            random: Random::from_slice(&sess.handshake_data.secrets.server_random),            server_version: ProtocolVersion::TLSv1_2,          ServerHelloPayload {        payload: HandshakePayload::ServerHello(        typ: HandshakeType::ServerHello,      HandshakeMessagePayload {ad@�X���d1)#����~:�
�
w

����:����on-�
�
p
"
�	�	�	�	�	�	�	D	���X����g����.*)��utB	��@��gH!����L�����  /* Choose a certificate. */  }    return Err(TLSError::PeerIncompatibleError("client didn't support uncompressed ec points".to_string()));    sess.common.send_fatal_alert(AlertDescription::IllegalParameter);  if !ecpoints_ext.contains(&ECPointFormat::Uncompressed) {  debug!("ecpoints {:?}", ecpoints_ext);  debug!("eccurves {:?}", eccurves_ext);  debug!("sigalgs {:?}", sigalgs_ext);  debug!("sni {:?}", sni_ext);  debug!("we got a clienthello {:?}", client_hello);                          .ok_or_else(|| incompatible(sess, "client didn't describe ec points")));  let ecpoints_ext = try!(client_hello.get_ecpoints_extension()                          .ok_or_else(|| incompatible(sess, "client didn't describe ec curves")));  let eccurves_ext = try!(client_hello.get_eccurves_extension()    .unwrap_or(&default_sigalgs_ext);  let sigalgs_ext = client_hello.get_sigalgs_extension()  let sni_ext = client_hello.get_sni_extension();  let default_sigalgs_ext = SupportedSignatureAlgorithms::default();  client_hello.random.write_slice(&mut sess.handshake_data.secrets.client_random);  /* Save their Random. */  }    return Err(TLSError::PeerMisbehavedError("client sent duplicate extensions".to_string()));    sess.common.send_fatal_alert(AlertDescription::DecodeError);  if client_hello.has_duplicate_extension() {  }    return Err(TLSError::PeerIncompatibleError("client did not offer Null compression".to_string()));    sess.common.send_fatal_alert(AlertDescription::IllegalParameter);  if !client_hello.compression_methods.contains(&Compression::Null) {  }    return Err(TLSError::PeerIncompatibleError("client does not support TLSv1_2".to_string()));    sess.common.send_fatal_alert(AlertDescription::ProtocolVersion);  if client_hello.client_version.get_u16() < ProtocolVersion::TLSv1_2.get_u16() {  let client_hello = extract_handshake!(m, HandshakePayload::ClientHello).unwrap();fn handle_client_hello(sess: &mut ServerSessionImpl, m: &Message) -> Result<ConnState, TLSError> {}  return Ok(ConnState::ExpectCCS);  emit_finished(sess);  emit_ccs(sess);  sess.handshake_data.doing_resume = true;  sess.handshake_data.valid_client_cert_chain = resumedata.client_cert_chain;  sess.start_encryption();                                   &resumedata.master_secret.0);                                   sess.handshake_data.ciphersuite.as_ref().unwrap().get_hash(),  sess.secrets_current.init_resume(&sess.handshake_data.secrets,  try!(emit_server_hello(sess, client_hello));  sess.handshake_data.session_id = id.clone();  }    return Err(TLSError::PeerMisbehavedError("client varied ciphersuite over resumption".to_string()));  if sess.handshake_data.ciphersuite.as_ref().unwrap().suite != resumedata.cipher_suite {   * disappointed. */  /* The RFC underspecifies this case.  Reject it, because someone's going to be  info!("Resuming session");                    resumedata: persist::ServerSessionValue) -> Result<ConnState, TLSError> {                    id: &SessionID,                    client_hello: &ClientHelloPayload,fn start_resumption(sess: &mut ServerSessionImpl,}  TLSError::PeerIncompatibleError(why.to_string())  sess.common.send_fatal_alert(AlertDescription::HandshakeFailure);fn incompatible(sess: &mut ServerSessionImpl, why: &str) -> TLSError {}  sess.common.send_msg(&m, false);  sess.handshake_data.transcript.add_message(&m);  };    )      }        payload: HandshakePayload::ServerHelloDone        typ: HandshakeType::ServerHelloDone,      HandshakeMessagePayload {    payload: MessagePayload::Handshake(    version: ProtocolVersion::TLSv1_2,ad"�]�u3����^�
f
e
&
��{-����qml5�
�
�
�
n
m
U
*

�	�	c	C		���{z6!����l)����[*�����z`"�����d`^])������N��ih%���    sess.handshake_data.doing_client_auth = false;    info!("client auth requested but no certificate supplied");  if cert_chain.len() == 0 && !sess.config.client_auth_mandatory {  let cert_chain = extract_handshake!(m, HandshakePayload::Certificate).unwrap();  sess.handshake_data.transcript.add_message(m);fn handle_certificate(sess: &mut ServerSessionImpl, m: &Message) -> Result<ConnState, TLSError> {/* --- Process client's Certificate for client auth --- */};  handle: handle_client_hello  },    handshake_types: &[HandshakeType::ClientHello]    content_types: &[ContentType::Handshake],  expect: Expectation {pub static EXPECT_CLIENT_HELLO: Handler = Handler {}  }    Ok(ConnState::ExpectClientKX)  } else {    Ok(ConnState::ExpectCertificate)  if sess.handshake_data.doing_client_auth {  emit_server_hello_done(sess);  emit_certificate_req(sess);  try!(emit_server_kx(sess, &sigalg, &eccurve, private_key));  emit_certificate(sess);  try!(emit_server_hello(sess, client_hello));  assert_eq!(ecpoint, ECPointFormat::Uncompressed);  );      .ok_or_else(|| incompatible(sess, "no supported point format"))                        ecpoints_ext.as_slice())    util::first_in_both(ECPointFormatList::supported().as_slice(),  let ecpoint = try!(  );      .ok_or_else(|| incompatible(sess, "no supported curve"))                        eccurves_ext.as_slice())    util::first_in_both(EllipticCurveList::supported().as_slice(),  let eccurve = try!(  );      .ok_or_else(|| incompatible(sess, "no supported sigalg"))      .resolve_sig_alg(sigalgs_ext)    sess.handshake_data.ciphersuite.as_ref().unwrap()  let sigalg = try!(  /* Now we have chosen a ciphersuite, we can make kx decisions. */  }    }                              maybe_resume.unwrap());                              &client_hello.session_id,                              client_hello,      return start_resumption(sess,    if maybe_resume.is_some() {    }.and_then(|x| persist::ServerSessionValue::read_bytes(&x));      persist.get(&client_hello.session_id)      let persist = sess.config.session_storage.lock().unwrap();    let maybe_resume = {  if !client_hello.session_id.is_empty() {  /* Perhaps resume? */  sess.handshake_data.transcript.add_message(m);  sess.handshake_data.start_handshake_hash();  /* Start handshake hash. */  info!("decided upon suite {:?}", maybe_ciphersuite.as_ref().unwrap());  sess.handshake_data.ciphersuite = maybe_ciphersuite;  }    return Err(incompatible(sess, "no ciphersuites in common"));  if maybe_ciphersuite.is_none() {  };                                                 &ciphersuites_suitable_for_cert)    suites::choose_ciphersuite_preferring_client(&client_hello.cipher_suites,  } else {                                                 &ciphersuites_suitable_for_cert)    suites::choose_ciphersuite_preferring_server(&client_hello.cipher_suites,  let maybe_ciphersuite = if sess.config.ignore_client_order {  sess.handshake_data.server_cert_chain = Some(cert_chain);                                                                   &private_key.algorithm());  let ciphersuites_suitable_for_cert = suites::reduce_given_sigalg(&sess.config.ciphersuites,  /* Reduce our supported ciphersuites by the certificate. */  let (cert_chain, private_key) = maybe_cert_key.unwrap();  }    return Err(TLSError::General("no server certificate chain resolved".to_string()));    sess.common.send_fatal_alert(AlertDescription::AccessDenied);  if maybe_cert_key.is_err() {  let maybe_cert_key = sess.config.cert_resolver.resolve(sni_ext, sigalgs_ext, eccurves_ext, ecpoints_ext);ad)p����srj+�������YA�
�
�
�
�
�
/
���jF���e`_%�
�
|
{
N
#

�	�	�	�	�	�	}	D	?	$	!	 	��y&���E@?,������]B@?����]ZY)��qD��qied?�����qnmE  let m = Message {fn emit_ccs(sess: &mut ServerSessionImpl) {/* --- Process client's Finished --- */};  handle: handle_ccs  },    handshake_types: &[]    content_types: &[ContentType::ChangeCipherSpec],  expect: Expectation {pub static EXPECT_CCS: Handler = Handler {}  Ok(ConnState::ExpectFinished)  sess.common.peer_now_encrypting();  }    });      got_type: ContentType::ChangeCipherSpec      expect_types: vec![ ContentType::Handshake ],    return Err(TLSError::InappropriateMessage {    warn!("CCS received interleaved with fragmented handshake");  if !sess.common.handshake_joiner.empty() {   * message. */  /* CCS should not be received interleaved with fragmented handshake-levelfn handle_ccs(sess: &mut ServerSessionImpl, _m: &Message) -> Result<ConnState, TLSError> {/* --- Process client's ChangeCipherSpec --- */};  handle: handle_certificate_verify  },    handshake_types: &[HandshakeType::CertificateVerify]    content_types: &[ContentType::Handshake],  expect: Expectation {pub static EXPECT_CERTIFICATE_VERIFY: Handler = Handler {}  Ok(ConnState::ExpectCCS)  sess.handshake_data.transcript.add_message(m);  }    debug!("client CertificateVerify OK");  } else {    return Err(rc.unwrap_err());    sess.common.send_fatal_alert(AlertDescription::AccessDenied);  if rc.is_err() {  };    verify::verify_signed_struct(&handshake_msgs, &certs[0], &sig)    let handshake_msgs = sess.handshake_data.transcript.take_handshake_buf();    let certs = sess.handshake_data.valid_client_cert_chain.as_ref().unwrap();    let sig = extract_handshake!(m, HandshakePayload::CertificateVerify).unwrap();  let rc = {fn handle_certificate_verify(sess: &mut ServerSessionImpl, m: &Message) -> Result<ConnState, TLSError> {/* --- Process client's certificate proof --- */};  handle: handle_client_kx  },    handshake_types: &[HandshakeType::ClientKeyExchange]    content_types: &[ContentType::Handshake],  expect: Expectation {pub static EXPECT_CLIENT_KX: Handler = Handler {}  }    Ok(ConnState::ExpectCCS)  } else {    Ok(ConnState::ExpectCertificateVerify)  if sess.handshake_data.doing_client_auth {  sess.start_encryption();                            &kxd.premaster_secret);                            sess.handshake_data.ciphersuite.as_ref().unwrap().get_hash(),  sess.secrets_current.init(&sess.handshake_data.secrets,  );    .ok_or_else(|| TLSError::PeerMisbehavedError("key exchange completion failed".to_string()))    kx.server_complete(&client_kx.0)  let kxd = try!(  let kx = mem::replace(&mut sess.handshake_data.kx_data, None).unwrap();   * resulting premaster secret. */  /* Complete key agreement, and set up encryption with the  sess.handshake_data.transcript.add_message(m);  let client_kx = extract_handshake!(m, HandshakePayload::ClientKeyExchange).unwrap();fn handle_client_kx(sess: &mut ServerSessionImpl, m: &Message) -> Result<ConnState, TLSError> {/* --- Process client's KeyExchange --- */};  handle: handle_certificate  },    handshake_types: &[HandshakeType::Certificate]    content_types: &[ContentType::Handshake],  expect: Expectation {pub static EXPECT_CERTIFICATE: Handler = Handler {}  Ok(ConnState::ExpectClientKX)  sess.handshake_data.valid_client_cert_chain = Some(cert_chain.clone());  );                               &cert_chain)    verify::verify_client_cert(&sess.config.client_auth_roots,  try!(  debug!("certs {:?}", cert_chain);  }    return Ok(ConnState::ExpectClientKX);    sess.handshake_data.transcript.abandon_client_auth();