ytls_server/server_ctx/s_handshake/
s_client_hello.rs

1//! yTLS Server Context ClientHello Processor
2
3use super::ServerHandshakeCtx;
4use crate::TlsServerCtxConfig;
5use ytls_traits::ClientHelloProcessor;
6use ytls_traits::CryptoConfig;
7use ytls_traits::CryptoRng;
8
9use ytls_extensions::{ExtAlpnProcessor, TlsExtAlpn};
10use ytls_extensions::{ExtCompressCertProcessor, TlsExtCompressCert};
11use ytls_extensions::{ExtDelegatedCredentialProcessor, TlsExtDelegatedCredential};
12use ytls_extensions::{ExtEncryptedClientHelloProcessor, TlsExtEncryptedClientHello};
13use ytls_extensions::{ExtGroupProcessor, TlsExtGroup};
14use ytls_extensions::{ExtKeyShareProcessor, TlsExtKeyShare};
15use ytls_extensions::{ExtPskeProcessor, PskeKind, TlsExtPske};
16use ytls_extensions::{ExtRecSizeLimitProcessor, TlsExtRecSizeLim};
17use ytls_extensions::{ExtSigAlgProcessor, TlsExtSigAlg};
18use ytls_extensions::{ExtSniProcessor, TlsExtSni};
19use ytls_extensions::{ExtVersionProcessor, TlsExtVersion};
20use ytls_typed::{TlsCipherSuite, TlsExtension};
21
22use ytls_traits::Tls13KeyScheduleHandshakeSha256;
23
24impl<Config, Crypto, Rng> ClientHelloProcessor for ServerHandshakeCtx<Config, Crypto, Rng>
25where
26    Config: TlsServerCtxConfig,
27    Crypto: CryptoConfig,
28    Rng: CryptoRng,
29{
30    #[inline]
31    fn handle_extension(&mut self, ext_id: u16, ext_data: &[u8]) -> () {
32        let ext_t: TlsExtension = ext_id.try_into().unwrap();
33
34        let e_res = match ext_t {
35            TlsExtension::ServerNameIndication => TlsExtSni::client_hello_cb(self, ext_data),
36            TlsExtension::SupportedGroups => TlsExtGroup::client_group_cb(self, ext_data),
37            TlsExtension::KeyShare => TlsExtKeyShare::client_key_share_cb(self, ext_data),
38            TlsExtension::SignatureAlgorithms => {
39                TlsExtSigAlg::client_signature_algorithm_cb(self, ext_data)
40            }
41            TlsExtension::SupportedVersions => {
42                TlsExtVersion::client_supported_version_cb(self, ext_data)
43            }
44            TlsExtension::Alpn => TlsExtAlpn::client_alpn_cb(self, ext_data),
45            TlsExtension::ExtendedMainSecret => {
46                self.extended_main_secret = true;
47                Ok(())
48            }
49            TlsExtension::RecordSizeLimit => {
50                TlsExtRecSizeLim::client_rec_size_limit_cb(self, ext_data)
51            }
52            TlsExtension::EcPointFormats => Ok(()), // d: 0100 (uncompressed always)
53            TlsExtension::RenegotiationInfo => Ok(()), // d: 00
54            TlsExtension::DelegatedCredential => {
55                TlsExtDelegatedCredential::client_delegated_credential_cb(self, ext_data)
56            }
57            TlsExtension::SessionTicket => Ok(()), // d: -
58            TlsExtension::StatusRequest => Ok(()), // d: 0100000000 (RFC 6066 s. 8) OCSP
59            TlsExtension::SignedCertificateTimestamp => {
60                self.signed_cert_ts = true;
61                Ok(())
62            }
63            TlsExtension::CompressCertificate => {
64                TlsExtCompressCert::client_compress_certificate_cb(self, ext_data)
65            }
66            TlsExtension::PskKeyExchangeModes => TlsExtPske::client_pske_cb(self, ext_data),
67            TlsExtension::EncryptedClientHello => {
68                TlsExtEncryptedClientHello::client_encrypted_hello_cb(self, ext_data)
69            }
70            _ => {
71                /*
72                println!(
73                    "Missing Handle_extensions ext_id: {} / {:?} - ext_adta: {}",
74                    ext_id,
75                    ext_t,
76                    hex::encode(ext_data)
77                ); */
78                Ok(())
79            }
80        };
81
82        match e_res {
83            Err(_e) => {}
84            Ok(_) => {}
85        }
86    }
87    #[inline]
88    fn handle_cipher_suite(&mut self, cipher_suite: &[u8; 2]) -> () {
89        let t_suite: TlsCipherSuite = cipher_suite.into();
90        if t_suite == TlsCipherSuite::TLS_CHACHA20_POLY1305_SHA256 {
91            self.chacha20_poly1305_sha256_supported = true
92        }
93    }
94    #[inline]
95    fn handle_client_random(&mut self, cr: &[u8; 32]) -> () {
96        let mut r: [u8; 32] = [0; 32];
97        r.copy_from_slice(cr);
98        self.client_random = Some(r);
99    }
100    #[inline]
101    fn handle_session_id(&mut self, ses_id: &[u8]) -> () {
102        let mut s: [u8; 100] = [0; 100];
103        if ses_id.len() > 100 {
104            return ();
105        }
106        self.client_session_len = ses_id.len();
107        s[0..ses_id.len()].copy_from_slice(ses_id);
108        self.client_session_id = Some(s);
109    }
110}
111
112use ytls_extensions::EntrySniKind;
113
114impl<Config, Crypto, Rng> ExtSniProcessor for ServerHandshakeCtx<Config, Crypto, Rng>
115where
116    Config: TlsServerCtxConfig,
117    Crypto: CryptoConfig,
118    Rng: CryptoRng,
119{
120    #[inline]
121    fn sni(&mut self, k: EntrySniKind, name: &[u8]) -> bool {
122        if k != EntrySniKind::DnsHostname {
123            return false;
124        }
125        // TODO: validate hostname
126        let host = match core::str::from_utf8(name) {
127            Ok(h) => h,
128            Err(_) => return false,
129        };
130        let r = self.config.dns_host_name(host);
131        if r {
132            self.downstream_found_host = true;
133        }
134        r
135    }
136}
137
138use ytls_typed::Group;
139
140impl<Config, Crypto, Rng> ExtGroupProcessor for ServerHandshakeCtx<Config, Crypto, Rng>
141where
142    Config: TlsServerCtxConfig,
143    Crypto: CryptoConfig,
144    Rng: CryptoRng,
145{
146    #[inline]
147    fn group(&mut self, group: Group) -> bool {
148        if group == Group::X25519 {
149            self.group_x25519_supported = true;
150            return true;
151        }
152        false
153    }
154}
155
156impl<Config, Crypto, Rng> ExtKeyShareProcessor for ServerHandshakeCtx<Config, Crypto, Rng>
157where
158    Config: TlsServerCtxConfig,
159    Crypto: CryptoConfig,
160    Rng: CryptoRng,
161{
162    #[inline]
163    fn key_share(&mut self, g: Group, d: &[u8]) -> bool {
164        if g == Group::X25519 {
165            let mut pk: [u8; 32] = [0; 32];
166            pk.copy_from_slice(d);
167            self.client_x25519_pk = Some(pk);
168            return true;
169        }
170        false
171    }
172}
173
174use ytls_typed::SignatureAlgorithm;
175
176impl<Config, Crypto, Rng> ExtSigAlgProcessor for ServerHandshakeCtx<Config, Crypto, Rng>
177where
178    Config: TlsServerCtxConfig,
179    Crypto: CryptoConfig,
180    Rng: CryptoRng,
181{
182    #[inline]
183    fn signature_algorithm(&mut self, s_alg: SignatureAlgorithm) -> bool {
184        //println!("s_alg = {:?}", s_alg);
185        if s_alg == SignatureAlgorithm::RsaPkcs1Sha256 {
186            self.sig_alg_rsa_pkcs1_sha256_supported = true;
187            return true;
188        }
189        if s_alg == SignatureAlgorithm::Ed25519 {
190            self.sig_alg_ed25519_supported = true;
191            return true;
192        }
193        false
194    }
195}
196
197use ytls_typed::Version;
198
199impl<Config, Crypto, Rng> ExtVersionProcessor for ServerHandshakeCtx<Config, Crypto, Rng>
200where
201    Config: TlsServerCtxConfig,
202    Crypto: CryptoConfig,
203    Rng: CryptoRng,
204{
205    #[inline]
206    fn supported_version(&mut self, s_ver: Version) -> bool {
207        //println!("Version {:?}", s_ver);
208        if s_ver == Version::Tls13 {
209            self.tls13_supported = true;
210            return true;
211        }
212        false
213    }
214}
215
216use ytls_typed::Alpn;
217
218impl<Config, Crypto, Rng> ExtAlpnProcessor for ServerHandshakeCtx<Config, Crypto, Rng>
219where
220    Config: TlsServerCtxConfig,
221    Crypto: CryptoConfig,
222    Rng: CryptoRng,
223{
224    #[inline]
225    fn alpn<'r>(&mut self, alpn: Alpn<'r>) -> bool {
226        self.config.alpn(alpn)
227    }
228}
229
230impl<Config, Crypto, Rng> ExtRecSizeLimitProcessor for ServerHandshakeCtx<Config, Crypto, Rng>
231where
232    Config: TlsServerCtxConfig,
233    Crypto: CryptoConfig,
234    Rng: CryptoRng,
235{
236    #[inline]
237    fn record_size_limit(&mut self, lim: u16) -> () {
238        self.record_size_limit = lim;
239    }
240}
241
242impl<Config, Crypto, Rng> ExtDelegatedCredentialProcessor
243    for ServerHandshakeCtx<Config, Crypto, Rng>
244where
245    Config: TlsServerCtxConfig,
246    Crypto: CryptoConfig,
247    Rng: CryptoRng,
248{
249    #[inline]
250    fn delegated_credential_signature_algorithm(&mut self, _sa: SignatureAlgorithm) -> bool {
251        //println!("Delegated sig alg: {:?}", sa);
252        false
253    }
254}
255
256impl<Config, Crypto, Rng> ExtPskeProcessor for ServerHandshakeCtx<Config, Crypto, Rng>
257where
258    Config: TlsServerCtxConfig,
259    Crypto: CryptoConfig,
260    Rng: CryptoRng,
261{
262    #[inline]
263    fn pske_mode(&mut self, _pske: PskeKind) -> () {
264        //println!("Pre-Shared Key Exchange Mode: {:?}", pske);
265    }
266}
267
268use ytls_typed::CertificateCompressKind;
269
270impl<Config, Crypto, Rng> ExtCompressCertProcessor for ServerHandshakeCtx<Config, Crypto, Rng>
271where
272    Config: TlsServerCtxConfig,
273    Crypto: CryptoConfig,
274    Rng: CryptoRng,
275{
276    #[inline]
277    fn compress_certificate(&mut self, _alg: CertificateCompressKind) -> () {
278        //println!("Certificate Compress avail: {:?}", alg);
279    }
280}
281
282use ytls_typed::{HaeadKind, HkdfKind};
283
284impl<Config, Crypto, Rng> ExtEncryptedClientHelloProcessor
285    for ServerHandshakeCtx<Config, Crypto, Rng>
286where
287    Config: TlsServerCtxConfig,
288    Crypto: CryptoConfig,
289    Rng: CryptoRng,
290{
291    fn encrypted_client_hello_outer(
292        &mut self,
293        _config_id: u8,
294        _kdf: HkdfKind,
295        _aead: HaeadKind,
296        _enc: &[u8],
297        _payload: &[u8],
298    ) -> () {
299        /*
300        println!(
301            "encrypted_client_hello config_id {} kdf {:?} aead {:?} enc.len {} payload.len {}",
302            config_id,
303            kdf,
304            aead,
305            enc.len(),
306            payload.len()
307        ); */
308    }
309}
ytls_server/server_ctx/s_handshake/s_client_hello.rs

ytls_server/server_ctx/s_handshake/
s_client_hello.rs
