ddn.net.tls.tls12

TLS 1.2 handshake engine (RFC 5246).

Implements TLS 1.2 client and server handshakes as resumable state machines with ECDHE key exchange and AES-GCM cipher suites.

enum Tls12HandshakePhase Tls12ServerHandshakePhase
class Tls12Client Tls12Server
fn verifyRsaPkcs1Signature

Types 4

enumTls12HandshakePhase

TLS 1.2 client handshake phases.

Each phase represents a discrete step in the client handshake state machine. The handshake progresses forward through these phases.

NOT_STARTEDHandshake has not been initiated
SEND_CLIENT_HELLOBuild and send ClientHello
FLUSH_CLIENT_HELLOFlush pending ClientHello bytes
RECV_SERVER_HELLOWait for ServerHello record
RECV_CERTIFICATEWait for Certificate record
RECV_SERVER_KEY_EXCHANGEWait for ServerKeyExchange record
RECV_SERVER_HELLO_DONEWait for ServerHelloDone record
SEND_CLIENT_KEY_EXCHANGEBuild and send ClientKeyExchange
FLUSH_CLIENT_KEY_EXCHANGEFlush pending ClientKeyExchange bytes
DERIVE_KEYSDerive key material from shared secret
SEND_CHANGE_CIPHER_SPECSend ChangeCipherSpec message
FLUSH_CHANGE_CIPHER_SPECFlush pending ChangeCipherSpec bytes
SEND_FINISHEDBuild and send encrypted Finished
FLUSH_FINISHEDFlush pending Finished bytes
RECV_CHANGE_CIPHER_SPECWait for ChangeCipherSpec record
RECV_SERVER_FINISHEDWait for encrypted server Finished
DONEHandshake complete
classTls12Client

TLS 1.2 client handshake engine.

Drives the client side of a TLS 1.2 handshake over a record layer using a resumable state machine. After successful handshake, provides the AEAD cipher and negotiated parameters for application data exchange.

Call handshake() repeatedly until it returns TlsProgress.DONE.

Fields
RecordLayer recordLayer_
Tls12Prf prf_
TranscriptHash transcript_
string serverName_
TlsVerifyMode verifyMode_
TlsVerifyCallback verifyCallback_
string[] alpnProtocols_
NativeTlsTrustStore trustStore_
string negotiatedAlpn_
CipherSuiteId negotiatedCipher_
ProtocolVersion negotiatedVersion_
ubyte[32] clientRandom_
ubyte[32] serverRandom_
ubyte[] preMasterSecret_
ubyte[] masterSecret_
X25519PrivateKey ecdhePrivate_
EcdhP256Store * ecdhP256Store_
NamedGroup selectedGroup_
TlsCertificateChain peerCerts_
TlsSession tlsSession_
TlsAead clientWriteAead_
TlsAead serverReadAead_
Tls12HandshakePhase phase_
SecureRandom rng_
Methods
TlsProgress handshake()Performs or continues the TLS 1.2 client handshake.
Tls12HandshakePhase phase() @property constReturns: The current handshake phase.
TlsAead clientAead() @propertyReturns: The client application data AEAD cipher.
TlsAead serverAead() @propertyReturns: The server application data AEAD cipher.
CipherSuiteId cipherSuite() @property constReturns: The negotiated cipher suite ID.
string alpn() @property constReturns: The negotiated ALPN protocol.
TlsCertificateChain peerCertificates() @propertyReturns: The peer certificate chain.
TlsSession session() @propertyReturns: The TLS session for resumption.
private ubyte[] buildClientHello(SecureRandom rng)
private void processServerHello(TlsRecord rec)
private void processCertificate(TlsRecord rec)
private void verifyPeerCertificates()
private void processServerKeyExchange(TlsRecord rec)
private void verifyServerKeyExchangeSignature(SignatureScheme sigScheme, const(ubyte)[] signature, const(ubyte)[] message)
private void processServerHelloDone(TlsRecord rec)
private void updateTranscriptAndPushRemaining(TlsRecord rec, const(ubyte)[] data)
private ubyte[] buildClientKeyExchange()
private void deriveKeys()
private ubyte[] buildFinished()
private void processChangeCipherSpec(TlsRecord rec)
private void processServerFinished(TlsRecord rec)
private ubyte[] encryptRecord(ubyte[] handshakeMsg, TlsAead aead)
private ubyte[] tls12Aad(ContentType contentType, size_t payloadLen, ulong seqNum)
private Tls13TrafficKeys makeTrafficKeys(const(ubyte)[] key, const(ubyte)[] iv, size_t keyLen)
private size_t cipherKeyLength(CipherSuiteId cs) @safe pure nothrow @nogc
Constructors
this(RecordLayer recordLayer, string serverName, TlsVerifyMode verifyMode, TlsVerifyCallback verifyCallback, string[] alpnProtocols, NativeTlsTrustStore trustStore = null)Constructs a TLS 1.2 client handshake engine.
Nested Templates
EcdhP256StoreHeap storage for EcdhP256 since it's a struct.
enumTls12ServerHandshakePhase

TLS 1.2 server handshake phases.

Each phase represents a discrete step in the server handshake state machine. The handshake progresses forward through these phases.

NOT_STARTEDHandshake has not been initiated
RECV_CLIENT_HELLOWait for ClientHello record
SEND_SERVER_HELLOBuild and send ServerHello
FLUSH_SERVER_HELLOFlush pending ServerHello bytes
SEND_CERTIFICATEBuild and send Certificate
FLUSH_CERTIFICATEFlush pending Certificate bytes
SEND_SERVER_KEY_EXCHANGEBuild and send ServerKeyExchange
FLUSH_SERVER_KEY_EXCHANGEFlush pending ServerKeyExchange bytes
SEND_SERVER_HELLO_DONEBuild and send ServerHelloDone
FLUSH_SERVER_HELLO_DONEFlush pending ServerHelloDone bytes
RECV_CLIENT_KEY_EXCHANGEWait for ClientKeyExchange record
DERIVE_KEYSDerive key material from shared secret
RECV_CHANGE_CIPHER_SPECWait for ChangeCipherSpec record
RECV_CLIENT_FINISHEDWait for encrypted client Finished
SEND_CHANGE_CIPHER_SPECSend ChangeCipherSpec message
FLUSH_CHANGE_CIPHER_SPECFlush pending ChangeCipherSpec bytes
SEND_SERVER_FINISHEDBuild and send encrypted server Finished
FLUSH_SERVER_FINISHEDFlush pending server Finished bytes
DONEHandshake complete
classTls12Server

TLS 1.2 server handshake engine.

Drives the server side of a TLS 1.2 handshake over a record layer using a resumable state machine. After successful handshake, provides the AEAD ciphers and negotiated parameters for application data exchange.

Call handshake() repeatedly until it returns TlsProgress.DONE.

Fields
RecordLayer recordLayer_
Tls12Prf prf_
TranscriptHash transcript_
TlsVerifyMode verifyMode_
TlsVerifyCallback verifyCallback_
string[] alpnProtocols_
string negotiatedAlpn_
CipherSuiteId negotiatedCipher_
ProtocolVersion negotiatedVersion_
string serverName_
TlsCertificateChain peerCerts_
TlsSession tlsSession_
ubyte[32] clientRandom_
ubyte[32] serverRandom_
ubyte[] preMasterSecret_
ubyte[] masterSecret_
X25519PrivateKey ecdhePrivate_
TlsAead clientReadAead_
TlsAead serverWriteAead_
ubyte[][] serverCertChainDer_
string serverPrivateKeyPem_
PrivateKey privateKey_
SignatureScheme sigScheme_
Tls12ServerHandshakePhase phase_
SecureRandom rng_
Methods
TlsProgress handshake()Performs or continues the TLS 1.2 server handshake.
Tls12ServerHandshakePhase phase() @property constReturns: The current handshake phase.
TlsAead serverAead() @propertyReturns: The server application data AEAD cipher.
TlsAead clientAead() @propertyReturns: The client application data AEAD cipher.
CipherSuiteId cipherSuite() @property constReturns: The negotiated cipher suite ID.
string alpn() @property constReturns: The negotiated ALPN protocol.
string serverName() @property constReturns: The server name from ClientHello SNI.
TlsCertificateChain peerCertificates() @propertyReturns: The peer certificate chain.
TlsSession session() @propertyReturns: The TLS session for resumption.
private void processClientHello(TlsRecord rec)
private void parseServerName(const(ubyte)[] extData)
private void parseClientAlpn(const(ubyte)[] extData)
private void selectCipherSuite(CipherSuiteId[] clientCiphers)
private ubyte[] buildServerHello(SecureRandom rng)
private ubyte[] buildCertificate()
private ubyte[] buildServerKeyExchange(SecureRandom rng)
private ubyte[] buildServerHelloDone()
private void processClientKeyExchange(TlsRecord rec)
private void deriveKeys()
private void processChangeCipherSpec(TlsRecord rec)
private void processClientFinished(TlsRecord rec)
private ubyte[] buildServerFinished()
private ubyte[] encryptRecord(ubyte[] handshakeMsg, TlsAead aead)
private ubyte[] tls12Aad(ContentType contentType, size_t payloadLen, ulong seqNum)
private void parsePrivateKey()
private ubyte[] computeSignature(const(ubyte)[] message)
private size_t cipherKeyLength(CipherSuiteId cs) @safe pure nothrow @nogc
Constructors
this(RecordLayer recordLayer, TlsVerifyMode verifyMode, TlsVerifyCallback verifyCallback, string[] alpnProtocols, ubyte[][] certChainDer, string certChainPem, string privateKeyPem)Constructs a TLS 1.2 server handshake engine.

Functions 1

fnbool verifyRsaPkcs1Signature(RSAPublicKey key, SignatureScheme sigScheme, const(ubyte)[] message, const(ubyte)[] signature)Verifies an RSA PKCS#1 v1.5 signature for TLS 1.2 `ServerKeyExchange`.