ddn.net.tls.tls13server

TLS 1.3 server handshake (RFC 8446).

Implements the full TLS 1.3 server handshake as a resumable state machine:

Receive ClientHello (parse extensions, key_share, supported_versions, etc.)
Send ServerHello (select cipher suite, send key_share X25519)
Send EncryptedExtensions, Certificate, CertificateVerify, Finished
Receive client Finished
Switch to application data keys

enum Tls13ServerHandshakePhase

class Tls13Server

Types 2

enumTls13ServerHandshakePhase

TLS 1.3 server handshake phases.

NOT_STARTED

RECV_CLIENT_HELLO

SEND_SERVER_HELLO

FLUSH_SERVER_HELLO

SWITCH_TO_HANDSHAKE_KEYS

SEND_ENCRYPTED_EXTENSIONS

FLUSH_ENCRYPTED_EXTENSIONS

SEND_CERTIFICATE

FLUSH_CERTIFICATE

SEND_CERTIFICATE_VERIFY

FLUSH_CERTIFICATE_VERIFY

SEND_SERVER_FINISHED

FLUSH_SERVER_FINISHED

RECV_CLIENT_FINISHED

SWITCH_TO_APP_KEYS

DONE

classTls13Server

TLS 1.3 server handshake engine.

Drives the server side of a TLS 1.3 handshake over a record layer using a resumable state machine. After successful handshake, provides the AEAD ciphers and negotiated parameters for application data exchange.

Fields

RecordLayer recordLayer_

Tls13KeySchedule keySchedule_

TranscriptHash transcript_

TlsVerifyMode verifyMode_

TlsVerifyCallback verifyCallback_

string[] alpnProtocols_

string negotiatedAlpn_

CipherSuiteId negotiatedCipher_

ProtocolVersion negotiatedVersion_

string serverName_

TlsCertificateChain peerCerts_

TlsSession tlsSession_

X25519PrivateKey ecdhePrivate_

ubyte[] sharedSecret_

TlsAead clientAppAead_

TlsAead serverAppAead_

TlsAead clientHsAead_

TlsAead serverHsAead_

ubyte[][] serverCertChainDer_

string serverCertChainPem_

string serverPrivateKeyPem_

PrivateKey privateKey_

SignatureScheme sigScheme_

Tls13ServerHandshakePhase phase_

SecureRandom rng_

Methods

private TlsProgress skipCCSAndRead(out TlsRecord rec)

TlsProgress handshake()Performs or continues the TLS 1.3 server handshake.

Tls13ServerHandshakePhase phase() @property constReturns: The current handshake phase.

TlsAead serverAead() @propertyReturns: The server application data AEAD cipher.

TlsAead clientAead() @propertyReturns: The client application data AEAD cipher.

CipherSuiteId cipherSuite() @property constReturns: The negotiated cipher suite ID.

string alpn() @property constReturns: The negotiated ALPN protocol.

string serverName() @property constReturns: The server name from ClientHello SNI.

TlsCertificateChain peerCertificates() @propertyReturns: The peer certificate chain (empty for typical server).

TlsSession session() @propertyReturns: The TLS session for resumption.

private void processClientHello(TlsRecord rec)

private void parseSupportedVersions(const(ubyte)[] extData)

private void parseClientKeyShare(const(ubyte)[] extData)

private void parseServerName(const(ubyte)[] extData)

private void parseClientAlpn(const(ubyte)[] extData)

private void selectCipherSuite(CipherSuiteId[] clientCiphers)

private ubyte[] buildServerHello(SecureRandom rng)

private void deriveSecrets()

private void switchToHandshakeKeys()

private ubyte[] buildEncryptedExtensions()

private ubyte[] buildCertificate()

private ubyte[] buildCertificateVerify()

private ubyte[] buildServerFinished()

private void processClientFinished(TlsRecord rec)

private void switchToApplicationKeys()

private ubyte[] decryptRecord(TlsRecord rec, TlsAead aead)

private ubyte[] encryptRecord(ubyte[] handshakeMsg, TlsAead aead)

private void parsePrivateKey()

private ubyte[] computeSignature(const(ubyte)[] message)

private size_t cipherKeyLength(CipherSuiteId cs) @safe pure nothrow @nogc

Constructors

this(RecordLayer recordLayer,  TlsVerifyMode verifyMode,
          TlsVerifyCallback verifyCallback,  string[]  alpnProtocols,
          ubyte[][]  certChainDer,  string certChainPem,  string privateKeyPem)

Constructs a TLS 1.3 server handshake engine.