Add design overview document, rename transitionTo to transtion(to:)

README.md

@@ -34,6 +34,7 @@ A test server is running at [swifttls.org](https://swifttls.org).
 
 A good starting point to see how you set up a TLS connection in code is [server.swift](SwiftTLSTool/server.swift) and [client.swift](SwiftTLSTool/client.swift).
 
+For a rough overview of the overall architecture see [SwiftTLS Design](Documentation/SwiftTLS%20Design.pdf)
 ## Disclaimer
 Up until now this project has mainly been an effort for me to learn how TLS works, but I'd love to get your feedback and contributions to improve it.
 

SwiftTLS.xcodeproj/project.pbxproj

@@ -202,6 +202,7 @@
 		03E6B7E62088CAF00070EDFC /* TLSRecord.swift in Sources */ = {isa = PBXBuildFile; fileRef = 03E6B7362088CAF00070EDFC /* TLSRecord.swift */; };
 		03E6B7E92088E5BC0070EDFC /* SwiftTLS.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 03FA949F1B9E1A0500F08FB8 /* SwiftTLS.framework */; };
 		03EAE79F20945E21004AB137 /* Streamable.swift in Sources */ = {isa = PBXBuildFile; fileRef = 03EAE79E20945E21004AB137 /* Streamable.swift */; };
+		03ED353C209714B500F1889B /* SwiftTLS Design.pdf in Resources */ = {isa = PBXBuildFile; fileRef = 03ED353B209714B500F1889B /* SwiftTLS Design.pdf */; };
 		03FA94A91B9E1A0500F08FB8 /* SwiftTLS.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 03FA949F1B9E1A0500F08FB8 /* SwiftTLS.framework */; };
 /* End PBXBuildFile section */
 
@@ -497,6 +498,7 @@
 		03E6B7352088CAF00070EDFC /* TLSProtocolVersion.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = TLSProtocolVersion.swift; sourceTree = "<group>"; };
 		03E6B7362088CAF00070EDFC /* TLSRecord.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = TLSRecord.swift; sourceTree = "<group>"; };
 		03EAE79E20945E21004AB137 /* Streamable.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Streamable.swift; sourceTree = "<group>"; };
+		03ED353B209714B500F1889B /* SwiftTLS Design.pdf */ = {isa = PBXFileReference; lastKnownFileType = image.pdf; name = "SwiftTLS Design.pdf"; path = "Documentation/SwiftTLS Design.pdf"; sourceTree = SOURCE_ROOT; };
 		03FA949F1B9E1A0500F08FB8 /* SwiftTLS.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = SwiftTLS.framework; sourceTree = BUILT_PRODUCTS_DIR; };
 		03FA94A81B9E1A0500F08FB8 /* SwiftTLSTests.xctest */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = SwiftTLSTests.xctest; sourceTree = BUILT_PRODUCTS_DIR; };
 /* End PBXFileReference section */
@@ -584,6 +586,7 @@
 		033AC3581AC473730004EEC1 /* SwiftTLS */ = {
 			isa = PBXGroup;
 			children = (
+				03ED353F209714D900F1889B /* Documentation */,
 				03805D1C209374550051ACB3 /* README.md */,
 				031BAED41C62849A00600133 /* RFCs */,
 				03E6B6D52088CAF00070EDFC /* Certificates */,
@@ -1074,6 +1077,15 @@
 			name = Frameworks;
 			sourceTree = "<group>";
 		};
+		03ED353F209714D900F1889B /* Documentation */ = {
+			isa = PBXGroup;
+			children = (
+				03ED353B209714B500F1889B /* SwiftTLS Design.pdf */,
+			);
+			name = Documentation;
+			path = ../../Documentation;
+			sourceTree = "<group>";
+		};
 /* End PBXGroup section */
 
 /* Begin PBXHeadersBuildPhase section */
@@ -1190,6 +1202,7 @@
 			isa = PBXResourcesBuildPhase;
 			buildActionMask = 2147483647;
 			files = (
+				03ED353C209714B500F1889B /* SwiftTLS Design.pdf in Resources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};

SwiftTLS/Sources/TLS/Protocol/TLS 1.2/TLS1_2.ClientStateMachine.swift

@@ -31,7 +31,7 @@ extension TLS1_2 {
             self.state = .idle
         }
 
-        func transitionTo(state: TLSState) throws {
+        func transition(to state: TLSState) throws {
             if !checkClientStateTransition(state) {
                 throw TLSError.error("Client: Illegal state transition \(self.state) -> \(state)")
             }
@@ -55,17 +55,17 @@ extension TLS1_2 {
             switch message.handshakeType
             {
             case .clientHello:
-                try self.transitionTo(state: .clientHelloSent)
+                try self.transition(to: .clientHelloSent)
 
             case .certificate:
-                try self.transitionTo(state: .certificateSent)
+                try self.transition(to: .certificateSent)
 
             case .clientKeyExchange:
-                try self.transitionTo(state: .clientKeyExchangeSent)
+                try self.transition(to: .clientKeyExchangeSent)
                 try self.protocolHandler!.sendChangeCipherSpec()
 
             case .finished:
-                try self.transitionTo(state: .finishedSent)
+                try self.transition(to: .finishedSent)
 
             default:
                 fatalError("Unsupported handshake message \(message.handshakeType)")
@@ -81,20 +81,20 @@ extension TLS1_2 {
             switch (handshakeType)
             {
             case .serverHello:
-                try self.transitionTo(state: .serverHelloReceived)
+                try self.transition(to: .serverHelloReceived)
 
             case .certificate:
-                try self.transitionTo(state: .certificateReceived)
+                try self.transition(to: .certificateReceived)
 
             case .serverKeyExchange:
-                try self.transitionTo(state: .serverKeyExchangeReceived)
+                try self.transition(to: .serverKeyExchangeReceived)
 
             case .serverHelloDone:
-                try self.transitionTo(state: .serverHelloDoneReceived)
+                try self.transition(to: .serverHelloDoneReceived)
                 try self.protocolHandler!.sendClientKeyExchange()
 
             case .finished:
-                try self.transitionTo(state: .finishedReceived)
+                try self.transition(to: .finishedReceived)
                 if self.client!.isReusingSession {
                     try self.protocolHandler!.sendChangeCipherSpec()
                 }
@@ -107,22 +107,22 @@ extension TLS1_2 {
         func didSendChangeCipherSpec() throws
         {
             log("did send change cipher spec")
-            try self.transitionTo(state: .changeCipherSpecSent)
+            try self.transition(to: .changeCipherSpecSent)
             try self.protocolHandler!.sendFinished()
         }
 
         func didReceiveChangeCipherSpec() throws
         {
             log("did receive change cipher spec")
-            try self.transitionTo(state: .changeCipherSpecReceived)
+            try self.transition(to: .changeCipherSpecReceived)
         }
 
         func clientDidReceiveAlert(_ alert: TLSAlertMessage) {
             log("Client: did receive message \(alert.alertLevel) \(alert.alert)")
         }
 
         func clientDidConnect() throws {
-            try transitionTo(state: .connected)
+            try transition(to: .connected)
         }
 
         func checkClientStateTransition(_ state : TLSState) -> Bool

SwiftTLS/Sources/TLS/Protocol/TLS 1.2/TLS1_2.ServerStateMachine.swift

@@ -30,7 +30,7 @@ extension TLS1_2 {
             self.state = .idle
         }
 
-        func transitionTo(state: TLSState) throws {
+        func transition(to state: TLSState) throws {
             if !checkServerStateTransition(state) {
                 throw TLSError.error("Server: Illegal state transition \(self.state) -> \(state)")
             }
@@ -54,7 +54,7 @@ extension TLS1_2 {
             switch message.handshakeType
             {
             case .serverHello:
-                try self.transitionTo(state: .serverHelloSent)
+                try self.transition(to: .serverHelloSent)
 
                 if self.server!.isReusingSession {
                     try self.protocolHandler!.sendChangeCipherSpec()
@@ -64,7 +64,7 @@ extension TLS1_2 {
                 }
 
             case .certificate:
-                try self.transitionTo(state: .certificateSent)
+                try self.transition(to: .certificateSent)
 
                 if self.server!.cipherSuite!.needsServerKeyExchange() {
                     try self.protocolHandler!.sendServerKeyExchange()
@@ -74,14 +74,14 @@ extension TLS1_2 {
                 }
 
             case .serverKeyExchange:
-                try self.transitionTo(state: .serverKeyExchangeSent)
+                try self.transition(to: .serverKeyExchangeSent)
                 try self.protocolHandler!.sendServerHelloDone()
 
             case .serverHelloDone:
-                try self.transitionTo(state: .serverHelloDoneSent)
+                try self.transition(to: .serverHelloDoneSent)
 
             case .finished:
-                try self.transitionTo(state: .finishedSent)
+                try self.transition(to: .finishedSent)
 
             default:
                 log("Unsupported handshake message \(message.handshakeType)")
@@ -91,14 +91,14 @@ extension TLS1_2 {
         func didSendChangeCipherSpec() throws
         {
             log("did send change cipher spec")
-            try self.transitionTo(state: .changeCipherSpecSent)
+            try self.transition(to: .changeCipherSpecSent)
             try self.protocolHandler!.sendFinished()
         }
 
         func didReceiveChangeCipherSpec() throws
         {
             log("did receive change cipher spec")
-            try self.transitionTo(state: .changeCipherSpecReceived)
+            try self.transition(to: .changeCipherSpecReceived)
         }
 
         func serverDidReceiveHandshakeMessage(_ message : TLSHandshakeMessage) throws
@@ -110,15 +110,15 @@ extension TLS1_2 {
             switch (handshakeType)
             {
             case .clientHello:
-                try self.transitionTo(state: .clientHelloReceived)
+                try self.transition(to: .clientHelloReceived)
                 let clientHello = message as! TLSClientHello
                 try self.protocolHandler!.sendServerHello(for: clientHello)
 
             case .clientKeyExchange:
-                try self.transitionTo(state: .clientKeyExchangeReceived)
+                try self.transition(to: .clientKeyExchangeReceived)
 
             case .finished:
-                try self.transitionTo(state: .finishedReceived)
+                try self.transition(to: .finishedReceived)
 
                 if !self.server!.isReusingSession {
                     try self.protocolHandler!.sendChangeCipherSpec()
@@ -134,7 +134,7 @@ extension TLS1_2 {
         }
 
         func serverDidConnect() throws {
-            try transitionTo(state: .connected)
+            try transition(to: .connected)
         }
 
         func checkServerStateTransition(_ state : TLSState) -> Bool

SwiftTLS/Sources/TLS/Protocol/TLS 1.3/TLS1_3.ClientStateMachine.swift

@@ -30,7 +30,7 @@ extension TLS1_3 {
             self.state = .idle
         }
 
-        func transitionTo(state: TLSState) throws {
+        func transition(to state: TLSState) throws {
             if !checkClientStateTransition(state) {
                 throw TLSError.error("Client: Illegal state transition \(self.state) -> \(state)")
             }
@@ -54,16 +54,16 @@ extension TLS1_3 {
             switch message.handshakeType
             {
             case .clientHello:
-                try self.transitionTo(state: .clientHelloSent)
+                try self.transition(to: .clientHelloSent)
 
             case .certificate:
-                try self.transitionTo(state: .certificateSent)
+                try self.transition(to: .certificateSent)
 
             case .finished:
-                try self.transitionTo(state: .finishedSent)
+                try self.transition(to: .finishedSent)
 
             case .endOfEarlyData:
-                try self.transitionTo(state: .endOfEarlyDataSent)
+                try self.transition(to: .endOfEarlyDataSent)
 
             default:
                 log("Unsupported handshake message \(message.handshakeType)")
@@ -79,25 +79,25 @@ extension TLS1_3 {
             switch (handshakeType)
             {
             case .serverHello:
-                try self.transitionTo(state: .serverHelloReceived)
+                try self.transition(to: .serverHelloReceived)
 
             case .helloRetryRequest:
-                try self.transitionTo(state: .helloRetryRequestReceived)
+                try self.transition(to: .helloRetryRequestReceived)
                 try self.protocolHandler!.sendClientHello()
 
             case .certificate:
-                try self.transitionTo(state: .certificateReceived)
+                try self.transition(to: .certificateReceived)
 
             case .certificateVerify:
-                try self.transitionTo(state: .certificateVerifyReceived)
+                try self.transition(to: .certificateVerifyReceived)
 
             case .finished:
-                try self.transitionTo(state: .finishedReceived)
+                try self.transition(to: .finishedReceived)
                 // FIXME: Handle Certifcate and CertificateVerify if requested
                 try self.protocolHandler!.sendFinished()
 
             case .encryptedExtensions:
-                try self.transitionTo(state: .encryptedExtensionsReceived)
+                try self.transition(to: .encryptedExtensionsReceived)
 
             case .newSessionTicket:
                 let newSessionTicket = message as! TLSNewSessionTicket
@@ -106,7 +106,7 @@ extension TLS1_3 {
                 log("    Nonce    = \(hex(newSessionTicket.ticketNonce))")
                 log("    lifeTime = \(newSessionTicket.ticketLifetime)")
                 log("    ageAdd   = \(newSessionTicket.ticketAgeAdd)")
-                try self.transitionTo(state: .newSessionTicketReceived)
+                try self.transition(to: .newSessionTicketReceived)
 
             default:
                 log("Unsupported handshake message \(handshakeType.rawValue)")
@@ -125,7 +125,7 @@ extension TLS1_3 {
                     client.earlyDataWasSent = false
                 }
             }
-            try transitionTo(state: .connected)
+            try transition(to: .connected)
         }
 
         func checkClientStateTransition(_ state : TLSState) -> Bool