ytls_server/server_ctx/s_handshake/
s_client_hello.rs

1//! yTLS Server Context ClientHello Processor
2
3use super::ServerHandshakeCtx;
4use crate::TlsServerCtxConfig;
5use ytls_traits::ClientHelloProcessor;
6use ytls_traits::CryptoConfig;
7use ytls_traits::CryptoRng;
8
9use ytls_extensions::{ExtAlpnProcessor, TlsExtAlpn};
10use ytls_extensions::{ExtCompressCertProcessor, TlsExtCompressCert};
11use ytls_extensions::{ExtDelegatedCredentialProcessor, TlsExtDelegatedCredential};
12use ytls_extensions::{ExtEncryptedClientHelloProcessor, TlsExtEncryptedClientHello};
13use ytls_extensions::{ExtGroupProcessor, TlsExtGroup};
14use ytls_extensions::{ExtKeyShareProcessor, TlsExtKeyShare};
15use ytls_extensions::{ExtPskeProcessor, PskeKind, TlsExtPske};
16use ytls_extensions::{ExtRecSizeLimitProcessor, TlsExtRecSizeLim};
17use ytls_extensions::{ExtSigAlgProcessor, TlsExtSigAlg};
18use ytls_extensions::{ExtSniProcessor, TlsExtSni};
19use ytls_extensions::{ExtVersionProcessor, TlsExtVersion};
20use ytls_typed::{TlsCipherSuite, TlsExtension};
21
22use ytls_traits::Tls13KeyScheduleHandshakeSha256;
23
24impl<Config, Crypto, Rng> ClientHelloProcessor for ServerHandshakeCtx<Config, Crypto, Rng>
25where
26    Config: TlsServerCtxConfig,
27    Crypto: CryptoConfig,
28    Rng: CryptoRng,
29{
30    #[inline]
31    fn handle_extension(&mut self, ext_id: u16, ext_data: &[u8]) -> () {
32        let ext_t: Result<TlsExtension, _> = ext_id.try_into();
33
34        let ext = match ext_t {
35            Ok(et) => et,
36            Err(_) => return (),
37        };
38
39        let e_res = match ext {
40            TlsExtension::ServerNameIndication => TlsExtSni::client_hello_cb(self, ext_data),
41            TlsExtension::SupportedGroups => TlsExtGroup::client_group_cb(self, ext_data),
42            TlsExtension::KeyShare => TlsExtKeyShare::client_key_share_cb(self, ext_data),
43            TlsExtension::SignatureAlgorithms => {
44                TlsExtSigAlg::client_signature_algorithm_cb(self, ext_data)
45            }
46            TlsExtension::SupportedVersions => {
47                TlsExtVersion::client_supported_version_cb(self, ext_data)
48            }
49            TlsExtension::Alpn => TlsExtAlpn::client_alpn_cb(self, ext_data),
50            TlsExtension::ExtendedMainSecret => {
51                self.extended_main_secret = true;
52                Ok(())
53            }
54            TlsExtension::RecordSizeLimit => {
55                TlsExtRecSizeLim::client_rec_size_limit_cb(self, ext_data)
56            }
57            TlsExtension::EcPointFormats => Ok(()), // d: 0100 (uncompressed always)
58            TlsExtension::RenegotiationInfo => Ok(()), // d: 00
59            TlsExtension::DelegatedCredential => {
60                TlsExtDelegatedCredential::client_delegated_credential_cb(self, ext_data)
61            }
62            TlsExtension::SessionTicket => Ok(()), // d: -
63            TlsExtension::StatusRequest => Ok(()), // d: 0100000000 (RFC 6066 s. 8) OCSP
64            TlsExtension::SignedCertificateTimestamp => {
65                self.signed_cert_ts = true;
66                Ok(())
67            }
68            TlsExtension::CompressCertificate => {
69                TlsExtCompressCert::client_compress_certificate_cb(self, ext_data)
70            }
71            TlsExtension::PskKeyExchangeModes => TlsExtPske::client_pske_cb(self, ext_data),
72            TlsExtension::EncryptedClientHello => {
73                TlsExtEncryptedClientHello::client_encrypted_hello_cb(self, ext_data)
74            }
75            _ => {
76                // TODO: Handle missing extension
77                Ok(())
78            }
79        };
80
81        match e_res {
82            Err(_e) => {}
83            Ok(_) => {}
84        }
85    }
86    #[inline]
87    fn handle_cipher_suite(&mut self, cipher_suite: &[u8; 2]) -> () {
88        let t_suite: TlsCipherSuite = cipher_suite.into();
89        if t_suite == TlsCipherSuite::TLS_CHACHA20_POLY1305_SHA256 {
90            self.chacha20_poly1305_sha256_supported = true
91        }
92    }
93    #[inline]
94    fn handle_client_random(&mut self, cr: &[u8; 32]) -> () {
95        let mut r: [u8; 32] = [0; 32];
96        r.copy_from_slice(cr);
97        self.client_random = Some(r);
98    }
99    #[inline]
100    fn handle_session_id(&mut self, ses_id: &[u8]) -> () {
101        let mut s: [u8; 100] = [0; 100];
102        if ses_id.len() > 100 {
103            return ();
104        }
105        self.client_session_len = ses_id.len();
106        s[0..ses_id.len()].copy_from_slice(ses_id);
107        self.client_session_id = Some(s);
108    }
109}
110
111use ytls_extensions::EntrySniKind;
112
113impl<Config, Crypto, Rng> ExtSniProcessor for ServerHandshakeCtx<Config, Crypto, Rng>
114where
115    Config: TlsServerCtxConfig,
116    Crypto: CryptoConfig,
117    Rng: CryptoRng,
118{
119    #[inline]
120    fn sni(&mut self, k: EntrySniKind, name: &[u8]) -> bool {
121        if k != EntrySniKind::DnsHostname {
122            return false;
123        }
124        // TODO: validate hostname
125        let host = match core::str::from_utf8(name) {
126            Ok(h) => h,
127            Err(_) => return false,
128        };
129        let r = self.config.dns_host_name(host);
130        if r {
131            self.downstream_found_host = true;
132        }
133        r
134    }
135}
136
137use ytls_typed::Group;
138
139impl<Config, Crypto, Rng> ExtGroupProcessor for ServerHandshakeCtx<Config, Crypto, Rng>
140where
141    Config: TlsServerCtxConfig,
142    Crypto: CryptoConfig,
143    Rng: CryptoRng,
144{
145    #[inline]
146    fn group(&mut self, group: Group) -> bool {
147        if group == Group::X25519 {
148            self.group_x25519_supported = true;
149            return true;
150        }
151        false
152    }
153}
154
155impl<Config, Crypto, Rng> ExtKeyShareProcessor for ServerHandshakeCtx<Config, Crypto, Rng>
156where
157    Config: TlsServerCtxConfig,
158    Crypto: CryptoConfig,
159    Rng: CryptoRng,
160{
161    #[inline]
162    fn key_share(&mut self, g: Group, d: &[u8]) -> bool {
163        if g == Group::X25519 {
164            let mut pk: [u8; 32] = [0; 32];
165            pk.copy_from_slice(d);
166            self.client_x25519_pk = Some(pk);
167            return true;
168        }
169        false
170    }
171}
172
173use ytls_typed::SignatureAlgorithm;
174
175impl<Config, Crypto, Rng> ExtSigAlgProcessor for ServerHandshakeCtx<Config, Crypto, Rng>
176where
177    Config: TlsServerCtxConfig,
178    Crypto: CryptoConfig,
179    Rng: CryptoRng,
180{
181    #[inline]
182    fn signature_algorithm(&mut self, s_alg: SignatureAlgorithm) -> bool {
183        //println!("s_alg = {:?}", s_alg);
184        if s_alg == SignatureAlgorithm::RsaPkcs1Sha256 {
185            self.sig_alg_rsa_pkcs1_sha256_supported = true;
186            return true;
187        }
188        if s_alg == SignatureAlgorithm::Ed25519 {
189            self.sig_alg_ed25519_supported = true;
190            return true;
191        }
192        false
193    }
194}
195
196use ytls_typed::Version;
197
198impl<Config, Crypto, Rng> ExtVersionProcessor for ServerHandshakeCtx<Config, Crypto, Rng>
199where
200    Config: TlsServerCtxConfig,
201    Crypto: CryptoConfig,
202    Rng: CryptoRng,
203{
204    #[inline]
205    fn supported_version(&mut self, s_ver: Version) -> bool {
206        //println!("Version {:?}", s_ver);
207        if s_ver == Version::Tls13 {
208            self.tls13_supported = true;
209            return true;
210        }
211        false
212    }
213}
214
215use ytls_typed::Alpn;
216
217impl<Config, Crypto, Rng> ExtAlpnProcessor for ServerHandshakeCtx<Config, Crypto, Rng>
218where
219    Config: TlsServerCtxConfig,
220    Crypto: CryptoConfig,
221    Rng: CryptoRng,
222{
223    #[inline]
224    fn alpn<'r>(&mut self, alpn: Alpn<'r>) -> bool {
225        self.config.alpn(alpn)
226    }
227}
228
229impl<Config, Crypto, Rng> ExtRecSizeLimitProcessor for ServerHandshakeCtx<Config, Crypto, Rng>
230where
231    Config: TlsServerCtxConfig,
232    Crypto: CryptoConfig,
233    Rng: CryptoRng,
234{
235    #[inline]
236    fn record_size_limit(&mut self, lim: u16) -> () {
237        self.record_size_limit = lim;
238    }
239}
240
241impl<Config, Crypto, Rng> ExtDelegatedCredentialProcessor
242    for ServerHandshakeCtx<Config, Crypto, Rng>
243where
244    Config: TlsServerCtxConfig,
245    Crypto: CryptoConfig,
246    Rng: CryptoRng,
247{
248    #[inline]
249    fn delegated_credential_signature_algorithm(&mut self, _sa: SignatureAlgorithm) -> bool {
250        //println!("Delegated sig alg: {:?}", sa);
251        false
252    }
253}
254
255impl<Config, Crypto, Rng> ExtPskeProcessor for ServerHandshakeCtx<Config, Crypto, Rng>
256where
257    Config: TlsServerCtxConfig,
258    Crypto: CryptoConfig,
259    Rng: CryptoRng,
260{
261    #[inline]
262    fn pske_mode(&mut self, _pske: PskeKind) -> () {
263        //println!("Pre-Shared Key Exchange Mode: {:?}", pske);
264    }
265}
266
267use ytls_typed::CertificateCompressKind;
268
269impl<Config, Crypto, Rng> ExtCompressCertProcessor for ServerHandshakeCtx<Config, Crypto, Rng>
270where
271    Config: TlsServerCtxConfig,
272    Crypto: CryptoConfig,
273    Rng: CryptoRng,
274{
275    #[inline]
276    fn compress_certificate(&mut self, _alg: CertificateCompressKind) -> () {
277        //println!("Certificate Compress avail: {:?}", alg);
278    }
279}
280
281use ytls_typed::{HaeadKind, HkdfKind};
282
283impl<Config, Crypto, Rng> ExtEncryptedClientHelloProcessor
284    for ServerHandshakeCtx<Config, Crypto, Rng>
285where
286    Config: TlsServerCtxConfig,
287    Crypto: CryptoConfig,
288    Rng: CryptoRng,
289{
290    fn encrypted_client_hello_outer(
291        &mut self,
292        _config_id: u8,
293        _kdf: HkdfKind,
294        _aead: HaeadKind,
295        _enc: &[u8],
296        _payload: &[u8],
297    ) -> () {
298        /*
299        println!(
300            "encrypted_client_hello config_id {} kdf {:?} aead {:?} enc.len {} payload.len {}",
301            config_id,
302            kdf,
303            aead,
304            enc.len(),
305            payload.len()
306        ); */
307    }
308}
ytls_server/server_ctx/s_handshake/s_client_hello.rs

ytls_server/server_ctx/s_handshake/
s_client_hello.rs
