pierrelf.com
Phase 6: TLS 1.3 Handshake Client#
Implement the TLS 1.3 client handshake in the net crate, producing a working TLS connection.
Requirements#
- ClientHello (RFC 8446 §4.1.2):
- Protocol version: TLS 1.2 legacy, supported_versions extension = TLS 1.3
- Cipher suites: AES_128_GCM_SHA256, AES_256_GCM_SHA384, CHACHA20_POLY1305_SHA256
- Extensions: supported_versions, supported_groups (x25519), key_share (x25519 public key), signature_algorithms, server_name (SNI)
- Random: 32 bytes
- Session ID: 32 bytes (legacy, random)
- ServerHello processing (RFC 8446 §4.1.3):
- Extract selected cipher suite and key share
- Compute ECDHE shared secret with X25519
- Encrypted Extensions (RFC 8446 §4.3.1): parse and validate
- Certificate (RFC 8446 §4.4.2): parse certificate chain
- CertificateVerify (RFC 8446 §4.4.3): verify server's signature over transcript
- Finished (RFC 8446 §4.4.4): verify server's Finished, send client Finished
- Key transitions: switch to handshake keys after ServerHello, switch to application keys after Finished
- TlsStream type: wraps TCP connection with TLS, provides
read/writefor application data - Certificate validation: verify server cert chain against root CA store using
we-cryptox509 module
Dependencies#
- TCP socket wrapper
- TLS record layer
- TLS key schedule
we-crypto: X25519, X.509, RSA, ECDSA, SHA-2, HKDF, AES-GCM, ChaCha20-Poly1305
Acceptance Criteria#
- Generate and send ClientHello with all required extensions
- Parse ServerHello and extract key share
- Complete ECDHE key exchange with X25519
- Process EncryptedExtensions, Certificate, CertificateVerify, Finished
- Verify server certificate chain against embedded root CAs
- Send client Finished message
- Transition between key phases correctly
- TlsStream with read/write for application data
- Successfully handshake with real HTTPS servers (integration test)
- Handle handshake errors gracefully (alert messages)
- Tests for message construction/parsing and integration test (20+ tests)
-
cargo clippyandcargo fmtclean