1 use crate::msgs::handshake::CertificatePayload;
2 use crate::msgs::handshake::DigitallySignedStruct;
3 use crate::msgs::handshake::SessionID;
4 use crate::msgs::handshake::SCTList;
5 use crate::msgs::handshake::ServerExtension;
6 use crate::msgs::handshake::ClientExtension;
7 use crate::msgs::persist;
8 use crate::msgs::enums::ExtensionType;
9 use crate::msgs::enums::NamedGroup;
10 use crate::session::SessionRandoms;
11 use crate::hash_hs;
12 use crate::sign;
13 use crate::suites;
14 #[cfg(feature = "logging")]
15 use crate::log::trace;
16 use webpki;
17 
18 use std::mem;
19 
20 pub struct ServerCertDetails {
21     pub cert_chain: CertificatePayload,
22     pub ocsp_response: Vec<u8>,
23     pub scts: Option<SCTList>,
24 }
25 
26 impl ServerCertDetails {
new() -> ServerCertDetails27     pub fn new() -> ServerCertDetails {
28         ServerCertDetails {
29             cert_chain: Vec::new(),
30             ocsp_response: Vec::new(),
31             scts: None,
32         }
33     }
34 
take_chain(&mut self) -> CertificatePayload35     pub fn take_chain(&mut self) -> CertificatePayload {
36         mem::replace(&mut self.cert_chain, Vec::new())
37     }
38 }
39 
40 pub struct ServerKXDetails {
41     pub kx_params: Vec<u8>,
42     pub kx_sig: DigitallySignedStruct,
43 }
44 
45 impl ServerKXDetails {
new(params: Vec<u8>, sig: DigitallySignedStruct) -> ServerKXDetails46     pub fn new(params: Vec<u8>, sig: DigitallySignedStruct) -> ServerKXDetails {
47         ServerKXDetails {
48             kx_params: params,
49             kx_sig: sig,
50         }
51     }
52 }
53 
54 pub struct HandshakeDetails {
55     pub resuming_session: Option<persist::ClientSessionValue>,
56     pub transcript: hash_hs::HandshakeHash,
57     pub hash_at_client_recvd_server_hello: Vec<u8>,
58     pub randoms: SessionRandoms,
59     pub using_ems: bool,
60     pub session_id: SessionID,
61     pub sent_tls13_fake_ccs: bool,
62     pub dns_name: webpki::DNSName,
63     pub extra_exts: Vec<ClientExtension>,
64 }
65 
66 impl HandshakeDetails {
new(host_name: webpki::DNSName, extra_exts: Vec<ClientExtension>) -> HandshakeDetails67     pub fn new(host_name: webpki::DNSName, extra_exts: Vec<ClientExtension>) -> HandshakeDetails {
68         HandshakeDetails {
69             resuming_session: None,
70             transcript: hash_hs::HandshakeHash::new(),
71             hash_at_client_recvd_server_hello: Vec::new(),
72             randoms: SessionRandoms::for_client(),
73             using_ems: false,
74             session_id: SessionID::empty(),
75             sent_tls13_fake_ccs: false,
76             dns_name: host_name,
77             extra_exts,
78         }
79     }
80 }
81 
82 pub struct ClientHelloDetails {
83     pub sent_extensions: Vec<ExtensionType>,
84     pub offered_key_shares: Vec<suites::KeyExchange>,
85 }
86 
87 impl ClientHelloDetails {
new() -> ClientHelloDetails88     pub fn new() -> ClientHelloDetails {
89         ClientHelloDetails {
90             sent_extensions: Vec::new(),
91             offered_key_shares: Vec::new(),
92         }
93     }
94 
has_key_share(&self, group: NamedGroup) -> bool95     pub fn has_key_share(&self, group: NamedGroup) -> bool {
96         self.offered_key_shares
97             .iter()
98             .any(|share| share.group == group)
99     }
100 
find_key_share(&mut self, group: NamedGroup) -> Option<suites::KeyExchange>101     pub fn find_key_share(&mut self, group: NamedGroup) -> Option<suites::KeyExchange> {
102         self.offered_key_shares.iter()
103             .position(|s| s.group == group)
104             .map(|idx| self.offered_key_shares.remove(idx))
105     }
106 
find_key_share_and_discard_others(&mut self, group: NamedGroup) -> Option<suites::KeyExchange>107     pub fn find_key_share_and_discard_others(&mut self, group: NamedGroup)
108             -> Option<suites::KeyExchange> {
109         match self.find_key_share(group) {
110             Some(group) => {
111                 self.offered_key_shares.clear();
112                 Some(group)
113             }
114             None => {
115                 None
116             }
117         }
118     }
119 
server_sent_unsolicited_extensions(&self, received_exts: &[ServerExtension], allowed_unsolicited: &[ExtensionType]) -> bool120     pub fn server_sent_unsolicited_extensions(&self,
121                                               received_exts: &[ServerExtension],
122                                               allowed_unsolicited: &[ExtensionType]) -> bool {
123         for ext in received_exts {
124             let ext_type = ext.get_type();
125             if !self.sent_extensions.contains(&ext_type) && !allowed_unsolicited.contains(&ext_type) {
126                 trace!("Unsolicited extension {:?}", ext_type);
127                 return true;
128             }
129         }
130 
131         false
132     }
133 }
134 
135 pub struct ReceivedTicketDetails {
136     pub new_ticket: Vec<u8>,
137     pub new_ticket_lifetime: u32,
138 }
139 
140 impl ReceivedTicketDetails {
new() -> ReceivedTicketDetails141     pub fn new() -> ReceivedTicketDetails {
142         ReceivedTicketDetails::from(Vec::new(), 0)
143     }
144 
from(ticket: Vec<u8>, lifetime: u32) -> ReceivedTicketDetails145     pub fn from(ticket: Vec<u8>, lifetime: u32) -> ReceivedTicketDetails {
146         ReceivedTicketDetails {
147             new_ticket: ticket,
148             new_ticket_lifetime: lifetime,
149         }
150     }
151 }
152 
153 pub struct ClientAuthDetails {
154     pub cert: Option<CertificatePayload>,
155     pub signer: Option<Box<dyn sign::Signer>>,
156     pub auth_context: Option<Vec<u8>>,
157 }
158 
159 impl ClientAuthDetails {
new() -> ClientAuthDetails160     pub fn new() -> ClientAuthDetails {
161         ClientAuthDetails {
162             cert: None,
163             signer: None,
164             auth_context: None,
165         }
166     }
167 }
168