Extend support for TrustAnchors extension

Author: pohlm01

rustls/src/client/builder.rs

@@ -192,6 +192,9 @@ impl ConfigBuilder<ClientConfig, WantsClientCert> {
             cert_compression_cache: Arc::new(compress::CompressionCache::default()),
             cert_decompressors: compress::default_cert_decompressors().to_vec(),
             ech_mode: self.state.client_ech_mode,
+            supported_server_certificate_types: Vec::new(),
+            supported_client_certificate_types: Vec::new(),
+            trusted_trust_anchors: Vec::new(),
         }
     }
 }

rustls/src/client/client_conn.rs

@@ -16,8 +16,8 @@ use crate::crypto::{CryptoProvider, SupportedKxGroup};
 use crate::enums::{CipherSuite, ProtocolVersion, SignatureScheme};
 use crate::error::Error;
 use crate::log::trace;
-use crate::msgs::enums::NamedGroup;
-use crate::msgs::handshake::ClientExtension;
+use crate::msgs::enums::{CertificateType, NamedGroup};
+use crate::msgs::handshake::{ClientExtension, TrustAnchorIdentifier};
 use crate::msgs::persist;
 use crate::suites::SupportedCipherSuite;
 #[cfg(feature = "std")]
@@ -257,6 +257,12 @@ pub struct ClientConfig {
 
     /// How to offer Encrypted Client Hello (ECH). The default is to not offer ECH.
     pub(super) ech_mode: Option<EchMode>,
+
+    pub supported_server_certificate_types: Vec<CertificateType>,
+
+    pub supported_client_certificate_types: Vec<CertificateType>,
+
+    pub trusted_trust_anchors: Vec<TrustAnchorIdentifier>,
 }
 
 impl ClientConfig {

rustls/src/client/hs.rs

@@ -4,7 +4,6 @@ use alloc::sync::Arc;
 use alloc::vec;
 use alloc::vec::Vec;
 use core::ops::Deref;
-
 use pki_types::ServerName;
 
 #[cfg(feature = "tls12")]
@@ -25,7 +24,9 @@ use crate::error::{Error, PeerIncompatible, PeerMisbehaved};
 use crate::hash_hs::HandshakeHashBuffer;
 use crate::log::{debug, trace};
 use crate::msgs::base::Payload;
-use crate::msgs::enums::{Compression, ECPointFormat, ExtensionType, PSKKeyExchangeMode};
+use crate::msgs::enums::{
+    CertificateType, Compression, ECPointFormat, ExtensionType, PSKKeyExchangeMode,
+};
 use crate::msgs::handshake::{
     CertificateStatusRequest, ClientExtension, ClientHelloPayload, ClientSessionTicket,
     ConvertProtocolNameList, HandshakeMessagePayload, HandshakePayload, HasServerExtensions,
@@ -339,6 +340,36 @@ fn emit_client_hello_for_retry(
         false
     };
 
+    if support_tls13 {
+        if config
+            .supported_client_certificate_types
+            .iter()
+            .any(|t| !matches!(t, CertificateType::X509))
+        {
+            exts.push(ClientExtension::ClientCertificateType(
+                config
+                    .supported_client_certificate_types
+                    .clone(),
+            ));
+        }
+        if config
+            .supported_server_certificate_types
+            .iter()
+            .any(|t| !matches!(t, CertificateType::X509))
+        {
+            exts.push(ClientExtension::ServerCertificateType(
+                config
+                    .supported_server_certificate_types
+                    .clone(),
+            ));
+        }
+        if !config.trusted_trust_anchors.is_empty() {
+            exts.push(ClientExtension::TrustAnchors(
+                config.trusted_trust_anchors.clone(),
+            ))
+        }
+    }
+
     // Extra extensions must be placed before the PSK extension
     exts.extend(extra_exts.iter().cloned());
 

rustls/src/client/tls13.rs

@@ -1165,10 +1165,10 @@ fn emit_compressed_certificate_tls13(
 ) {
     let mut cert_payload = match certkey {
         CertifiedKey::X509 { cert, .. } => {
-            CertificatePayloadTls13::from_x509_certificates(cert.iter(), None)
+            CertificatePayloadTls13::from_x509_certificates(cert.iter(), None, false)
         }
         CertifiedKey::Bikeshed { cert, .. } => {
-            CertificatePayloadTls13::from_bikeshed_certificate(cert)
+            CertificatePayloadTls13::from_bikeshed_certificate(cert, false)
         }
     };
     cert_payload.context = PayloadU8::new(auth_context.clone().unwrap_or_default());
@@ -1194,10 +1194,10 @@ fn emit_certificate_tls13(
 ) {
     let mut cert_payload = match certkey {
         Some(CertifiedKey::X509 { cert, .. }) => {
-            CertificatePayloadTls13::from_x509_certificates(cert.iter(), None)
+            CertificatePayloadTls13::from_x509_certificates(cert.iter(), None, false)
         }
         Some(CertifiedKey::Bikeshed { cert, .. }) => {
-            CertificatePayloadTls13::from_bikeshed_certificate(cert)
+            CertificatePayloadTls13::from_bikeshed_certificate(cert, false)
         }
         None => CertificatePayloadTls13::empty(),
     };

rustls/src/msgs/handshake.rs

@@ -567,6 +567,7 @@ pub enum ClientExtension {
     ServerCertificateType(Vec<CertificateType>),
     ClientCertificateType(Vec<CertificateType>),
 
+    // https://datatracker.ietf.org/doc/html/draft-beck-tls-trust-anchor-ids-01
     TrustAnchors(Vec<TrustAnchorIdentifier>),
 
     Unknown(UnknownExtension),
@@ -754,6 +755,9 @@ pub enum ServerExtension {
     ServerCertificateType(CertificateType),
     ClientCertificateType(CertificateType),
 
+    // https://datatracker.ietf.org/doc/html/draft-beck-tls-trust-anchor-ids-01
+    TrustAnchors(Vec<TrustAnchorIdentifier>),
+
     Unknown(UnknownExtension),
 }
 
@@ -776,6 +780,7 @@ impl ServerExtension {
             Self::EncryptedClientHello(_) => ExtensionType::EncryptedClientHello,
             Self::ServerCertificateType(_) => ExtensionType::ServerCertificateType,
             Self::ClientCertificateType(_) => ExtensionType::ClientCertificateType,
+            Self::TrustAnchors(_) => ExtensionType::TrustAnchors,
             Self::Unknown(ref r) => r.typ,
         }
     }
@@ -805,6 +810,7 @@ impl Codec<'_> for ServerExtension {
             Self::ClientCertificateType(ref r) | Self::ServerCertificateType(ref r) => {
                 r.encode(nested.buf)
             }
+            Self::TrustAnchors(ref r) => r.encode(nested.buf),
             Self::Unknown(ref r) => r.encode(nested.buf),
         }
     }
@@ -841,6 +847,7 @@ impl Codec<'_> for ServerExtension {
             ExtensionType::ClientCertificateType => {
                 Self::ClientCertificateType(CertificateType::read(&mut sub)?)
             }
+            ExtensionType::TrustAnchors => Self::TrustAnchors(Vec::read(&mut sub)?),
             _ => Self::Unknown(UnknownExtension::read(typ, &mut sub)),
         };
 
@@ -1544,16 +1551,18 @@ pub(crate) const CERTIFICATE_MAX_SIZE_LIMIT: usize = 0x1_0000;
 #[derive(Debug)]
 pub(crate) enum CertificateExtension<'a> {
     CertificateStatus(CertificateStatus<'a>),
-    // TODO @max add support for client certificate type
-    ServerCertificateType(CertificateType),
+    // TODO @max this is based on https://datatracker.ietf.org/doc/html/draft-davidben-tls-merkle-tree-certs-03#appendix-B.1
+    ClientCertificateType(CertificateType),
+    TrustAnchors(Vec<TrustAnchorIdentifier>),
     Unknown(UnknownExtension),
 }
 
 impl<'a> CertificateExtension<'a> {
     pub(crate) fn ext_type(&self) -> ExtensionType {
         match *self {
             Self::CertificateStatus(_) => ExtensionType::StatusRequest,
-            Self::ServerCertificateType(_) => ExtensionType::ServerCertificateType,
+            Self::ClientCertificateType(_) => ExtensionType::ServerCertificateType,
+            Self::TrustAnchors(_) => ExtensionType::TrustAnchors,
             Self::Unknown(ref r) => r.typ,
         }
     }
@@ -1568,7 +1577,8 @@ impl<'a> CertificateExtension<'a> {
     pub(crate) fn into_owned(self) -> CertificateExtension<'static> {
         match self {
             Self::CertificateStatus(st) => CertificateExtension::CertificateStatus(st.into_owned()),
-            Self::ServerCertificateType(sct) => CertificateExtension::ServerCertificateType(sct),
+            Self::ClientCertificateType(sct) => CertificateExtension::ClientCertificateType(sct),
+            Self::TrustAnchors(tai) => CertificateExtension::TrustAnchors(tai),
             Self::Unknown(unk) => CertificateExtension::Unknown(unk),
         }
     }
@@ -1581,7 +1591,8 @@ impl<'a> Codec<'a> for CertificateExtension<'a> {
         let nested = LengthPrefixedBuffer::new(ListLength::U16, bytes);
         match *self {
             Self::CertificateStatus(ref r) => r.encode(nested.buf),
-            Self::ServerCertificateType(r) => r.encode(nested.buf),
+            Self::ClientCertificateType(r) => r.encode(nested.buf),
+            Self::TrustAnchors(ref r) => r.encode(nested.buf),
             Self::Unknown(ref r) => r.encode(nested.buf),
         }
     }
@@ -1598,7 +1609,11 @@ impl<'a> Codec<'a> for CertificateExtension<'a> {
             }
             ExtensionType::ServerCertificateType => {
                 let sct = CertificateType::read(&mut sub)?;
-                Self::ServerCertificateType(sct)
+                Self::ClientCertificateType(sct)
+            }
+            ExtensionType::TrustAnchors => {
+                let tai = Vec::<TrustAnchorIdentifier>::read(&mut sub)?;
+                Self::TrustAnchors(tai)
             }
             _ => Self::Unknown(UnknownExtension::read(typ, &mut sub)),
         };
@@ -1660,9 +1675,7 @@ impl<'a> CertificateEntry<'a> {
     }
 
     pub(crate) fn has_unknown_extension(&self) -> bool {
-        self.exts
-            .iter()
-            .any(|ext| ext.ext_type() != ExtensionType::StatusRequest)
+        self.exts.iter().any(|ext| matches!(ext, CertificateExtension::Unknown(_)))
     }
 
     pub(crate) fn ocsp_response(&self) -> Option<&[u8]> {
@@ -1671,6 +1684,15 @@ impl<'a> CertificateEntry<'a> {
             .find(|ext| ext.ext_type() == ExtensionType::StatusRequest)
             .and_then(CertificateExtension::cert_status)
     }
+
+    pub(crate) fn trust_anchor_ext(&self) -> Option<&[TrustAnchorIdentifier]> {
+        self.exts
+            .first()
+            .and_then(|ext| match ext {
+                CertificateExtension::TrustAnchors(tai) => Some(tai.as_slice()),
+                _ => None,
+            })
+    }
 }
 
 impl<'a> TlsListElement for CertificateEntry<'a> {
@@ -1704,36 +1726,60 @@ impl<'a> CertificatePayloadTls13<'a> {
     pub(crate) fn from_x509_certificates(
         certs: impl Iterator<Item = &'a CertificateDer<'a>>,
         ocsp_response: Option<&'a [u8]>,
+        matches_requested_trust_anchors: bool,
     ) -> Self {
+        let mut entries: Vec<_> = certs
+            // zip certificate iterator with `ocsp_response` followed by
+            // an infinite-length iterator of `None`.
+            .zip(
+                ocsp_response
+                    .into_iter()
+                    .map(Some)
+                    .chain(iter::repeat(None)),
+            )
+            .map(|(cert, ocsp)| {
+                let mut e = CertificateEntry::new(cert.to_vec());
+                if let Some(ocsp) = ocsp {
+                    e.exts
+                        .push(CertificateExtension::CertificateStatus(
+                            CertificateStatus::new(ocsp),
+                        ));
+                }
+                e
+            })
+            .collect();
+
+        if matches_requested_trust_anchors {
+            entries
+                .first_mut()
+                .iter_mut()
+                .for_each(|entry| {
+                    entry
+                        .exts
+                        .push(CertificateExtension::TrustAnchors(Vec::new()))
+                });
+        };
+
         Self {
             context: PayloadU8::empty(),
-            entries: certs
-                // zip certificate iterator with `ocsp_response` followed by
-                // an infinite-length iterator of `None`.
-                .zip(
-                    ocsp_response
-                        .into_iter()
-                        .map(Some)
-                        .chain(iter::repeat(None)),
-                )
-                .map(|(cert, ocsp)| {
-                    let mut e = CertificateEntry::new(cert.to_vec());
-                    if let Some(ocsp) = ocsp {
-                        e.exts
-                            .push(CertificateExtension::CertificateStatus(
-                                CertificateStatus::new(ocsp),
-                            ));
-                    }
-                    e
-                })
-                .collect(),
+            entries,
         }
     }
 
-    pub(crate) fn from_bikeshed_certificate(cert: &BikeshedCertificate<'_>) -> Self {
+    pub(crate) fn from_bikeshed_certificate(
+        cert: &BikeshedCertificate<'_>,
+        matches_requested_trust_anchors: bool,
+    ) -> Self {
+        let mut entry = CertificateEntry::new(cert.encode());
+        if matches_requested_trust_anchors {
+            entry
+                .exts
+                .push(CertificateExtension::TrustAnchors(Vec::new()));
+        }
+
         Self {
             context: PayloadU8::empty(),
-            entries: vec![CertificateEntry::new(cert.encode())],
+            entries: vec![entry],
         }
     }
 

rustls/src/server/tls13.rs

@@ -372,12 +372,15 @@ mod client_hello {
             let doing_client_auth = if full_handshake {
                 let client_auth = emit_certificate_req_tls13(&mut flight, &self.config)?;
 
+                // TODO @max set the `matches_requested_trust_anchors` to a meaningful values
                 let payload = match server_key.get_cert() {
-                    Certificate::X509(cert) => {
-                        CertificatePayloadTls13::from_x509_certificates(cert.iter(), ocsp_response)
-                    }
+                    Certificate::X509(cert) => CertificatePayloadTls13::from_x509_certificates(
+                        cert.iter(),
+                        ocsp_response,
+                        false,
+                    ),
                     Certificate::Bikeshed(cert) => {
-                        CertificatePayloadTls13::from_bikeshed_certificate(cert)
+                        CertificatePayloadTls13::from_bikeshed_certificate(cert, false)
                     }
                 };
                 if let Some(compressor) = cert_compressor {