Skip to main content

wireforge_app/tls/
client_hello.rs

1//! TLS ClientHello parser with SNI and extensions support.
2
3use super::extensions::TlsExtensionsIter;
4use super::handshake::TlsHandshake;
5use super::record::TlsRecord;
6
7pub struct TlsClientHello<'a> { buf: &'a [u8], client_hello_start: usize }
8
9impl<'a> TlsClientHello<'a> {
10    /// Parse a TLS ClientHello from raw bytes (Record → Handshake → ClientHello).
11    pub fn parse(buf: &'a [u8]) -> Option<Self> {
12        let record = TlsRecord::parse(buf)?;
13        let handshake = TlsHandshake::parse(record.fragment())?;
14        if handshake.handshake_type() != 1 { return None; } // not client_hello
15        let body = handshake.body();
16        if body.len() < 38 { return None; } // minimum: version(2)+random(32)+session_id_len(1)+cipher_suites_len(2)+comp_len(1)
17        Some(Self { buf, client_hello_start: body.as_ptr() as usize - buf.as_ptr() as usize })
18    }
19
20    fn body(&self) -> &'a [u8] { &self.buf[self.client_hello_start..] }
21
22    pub fn client_version(&self) -> u16 {
23        let b = self.body();
24        u16::from_be_bytes([b[0], b[1]])
25    }
26
27    pub fn random(&self) -> &[u8; 32] {
28        self.body()[2..34].try_into().unwrap()
29    }
30
31    pub fn session_id(&self) -> &[u8] {
32        let b = self.body();
33        let len = b[34] as usize;
34        let end = (35 + len).min(b.len());
35        &b[35..end]
36    }
37
38    pub fn cipher_suites(&self) -> &[u16] {
39        let b = self.body();
40        let pos = 35 + b[34] as usize; // skip session_id
41        if pos + 2 > b.len() { return &[]; }
42        let len = u16::from_be_bytes([b[pos], b[pos+1]]) as usize;
43        let data = &b[pos+2..];
44        let count = (len / 2).min(data.len() / 2);
45        // SAFETY: transmuting &[u8] to &[u16] — data is aligned for u16 reads
46        unsafe { std::slice::from_raw_parts(data.as_ptr() as *const u16, count) }
47    }
48
49    pub fn compression_methods(&self) -> &[u8] {
50        let b = self.body();
51        let mut pos = 35 + b[34] as usize;
52        if pos + 2 > b.len() { return &[]; }
53        let cs_len = u16::from_be_bytes([b[pos], b[pos+1]]) as usize;
54        pos += 2 + cs_len;
55        if pos + 1 > b.len() { return &[]; }
56        let cm_len = b[pos] as usize;
57        let end = (pos + 1 + cm_len).min(b.len());
58        &b[pos+1..end]
59    }
60
61    /// Iterate over TLS extensions.
62    pub fn extensions(&self) -> TlsExtensionsIter<'a> {
63        let b = self.body();
64        let mut pos = 35 + b[34] as usize;
65        if pos + 2 > b.len() { return TlsExtensionsIter::new(&[]); }
66        let cs_len = u16::from_be_bytes([b[pos], b[pos+1]]) as usize;
67        pos += 2 + cs_len;
68        if pos + 1 > b.len() { return TlsExtensionsIter::new(&[]); }
69        let cm_len = b[pos] as usize;
70        pos += 1 + cm_len;
71        if pos + 2 > b.len() { return TlsExtensionsIter::new(&[]); }
72        let ext_len = u16::from_be_bytes([b[pos], b[pos+1]]) as usize;
73        let end = (pos + 2 + ext_len).min(b.len());
74        TlsExtensionsIter::new(&b[pos+2..end])
75    }
76
77    /// Extract SNI server name from extension type 0x0000.
78    pub fn server_name(&self) -> Option<&str> {
79        for ext in self.extensions() {
80            if ext.extension_type == 0x0000 && ext.data.len() >= 5 {
81                // server_name_list_length(2) + name_type(1) + name_length(2) + name
82                let list_len = u16::from_be_bytes([ext.data[0], ext.data[1]]) as usize;
83                if list_len + 2 <= ext.data.len() {
84                    let entry = &ext.data[2..2 + list_len];
85                    if entry.len() >= 3 && entry[0] == 0 { // name_type=hostname
86                        let name_len = u16::from_be_bytes([entry[1], entry[2]]) as usize;
87                        if 3 + name_len <= entry.len() {
88                            return std::str::from_utf8(&entry[3..3 + name_len]).ok();
89                        }
90                    }
91                }
92            }
93        }
94        None
95    }
96
97    /// Extract supported_versions from TLS 1.3 extension type 0x002b.
98    pub fn supported_versions(&self) -> Option<Vec<u16>> {
99        for ext in self.extensions() {
100            if ext.extension_type == 0x002b && !ext.data.is_empty() {
101                let len = ext.data[0] as usize;
102                if len < ext.data.len() {
103                    let versions: Vec<u16> = ext.data[1..1+len]
104                        .chunks_exact(2)
105                        .map(|c| u16::from_be_bytes([c[0], c[1]]))
106                        .collect();
107                    return Some(versions);
108                }
109            }
110        }
111        None
112    }
113}
114
115#[cfg(test)]
116mod tests {
117    use super::*;
118
119    // TLS 1.2 ClientHello: SNI=example.com, 2 cipher suites, no compression, no extensions beyond SNI
120    fn tls12_sample() -> Vec<u8> {
121        let ch = [
122            0x03u8, 0x03, // version TLS 1.2
123            // random (32 bytes of 0xAA)
124        ];
125        let mut data = vec![0x16, 0x03, 0x03, 0x00, 0x00]; // record with placeholder length
126        let mut ch_body = Vec::new();
127        ch_body.extend_from_slice(&ch);
128        ch_body.extend_from_slice(&[0xAAu8; 32]); // random
129        ch_body.push(0); // session_id_len = 0
130        ch_body.extend_from_slice(&[0x00u8, 0x04]); // cipher_suites_len = 4 (2 suites)
131        ch_body.extend_from_slice(&0xC02Bu16.to_be_bytes()); // TLS_ECDHE_RSA_AES_128_GCM
132        ch_body.extend_from_slice(&0x009Cu16.to_be_bytes()); // TLS_RSA_AES_128_GCM
133        ch_body.push(1); ch_body.push(0); // compression_methods: null
134        // SNI extension
135        let sn = b"example.com";
136        // SNI extension: type=0x0000, len, server_name_list_len, name_type=0, name_len, name
137        let sn_len = sn.len();
138        let sn_ext_len = (sn_len + 5) as u16;
139        let sn_list_len = (sn_len + 3) as u16;
140        let mut ext_data = vec![0x00u8, 0x00]; // type=server_name
141        ext_data.extend_from_slice(&sn_ext_len.to_be_bytes());
142        ext_data.extend_from_slice(&sn_list_len.to_be_bytes());
143        ext_data.push(0x00); // name_type=hostname
144        ext_data.extend_from_slice(&(sn_len as u16).to_be_bytes());
145        ext_data.extend_from_slice(sn);
146        // extensions length prefix
147        ch_body.extend_from_slice(&(ext_data.len() as u16).to_be_bytes());
148        ch_body.extend_from_slice(&ext_data);
149        // Handshake
150        let handshake_len = ch_body.len();
151        data.extend_from_slice(&[0x01]); // handshake_type=client_hello
152        data.extend_from_slice(&(handshake_len as u32).to_be_bytes()[1..]); // 3-byte length
153        data.extend_from_slice(&ch_body);
154        // Record length
155        let rec_len = data.len() - 5;
156        data[3] = (rec_len >> 8) as u8;
157        data[4] = rec_len as u8;
158        data
159    }
160
161    #[test]
162    fn parse_tls12_client_hello() {
163        let data = tls12_sample();
164        let ch = TlsClientHello::parse(&data).unwrap();
165        assert_eq!(ch.client_version(), 0x0303);
166        assert_eq!(ch.cipher_suites().len(), 2);
167        assert_eq!(ch.session_id().len(), 0);
168        assert_eq!(ch.server_name(), Some("example.com"));
169        assert!(ch.supported_versions().is_none());
170    }
171
172    #[test]
173    fn parse_tls13_client_hello() {
174        // Hardcoded valid TLS 1.3 ClientHello with supported_versions extension
175        let data = &[
176            0x16, 0x03, 0x01, 0x00, 0x44, // TLS record: handshake, TLS 1.0 compat, len=68
177            0x01, 0x00, 0x00, 0x40, // handshake: client_hello, len=64
178            0x03, 0x03, // client_version = TLS 1.2 (legacy)
179            // random (32 bytes)
180            0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,
181            0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,
182            0x00, // session_id_len=0
183            0x00, 0x02, 0x13, 0x01, // cipher_suites: 1 suite (TLS_AES_128_GCM)
184            0x01, 0x00, // compression: null
185            0x00, 0x07, // extensions length = 7
186            0x00, 0x2b, 0x00, 0x03, 0x02, 0x03, 0x04, // supported_versions: TLS 1.3
187        ];
188        let ch = TlsClientHello::parse(data).unwrap();
189        assert!(ch.server_name().is_none());
190        let sv = ch.supported_versions().unwrap();
191        assert_eq!(sv, vec![0x0304]);
192    }
193
194    #[test]
195    fn parse_too_short() {
196        assert!(TlsClientHello::parse(&[]).is_none());
197        assert!(TlsClientHello::parse(&[0x16, 0x03, 0x03, 0x00, 0x00]).is_none());
198    }
199}