Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade to rustls v0.22 #15

Merged
merged 2 commits into from
Dec 6, 2023
Merged

Upgrade to rustls v0.22 #15

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
721c54b
Upgrade to rustls v0.22
Dec 6, 2023
0e63f9c
Apply suggestions from code review
s-arash Dec 6, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 14 additions & 12 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 4 additions & 2 deletions examples/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,10 @@ description = "rustls-mbedtls-provider example code."
publish = false

[dependencies]
rustls-mbedcrypto-provider = { path = "../rustls-mbedcrypto-provider" }
rustls-mbedcrypto-provider = { path = "../rustls-mbedcrypto-provider", features = ["tls12"] }
rustls-mbedpki-provider = { path = "../rustls-mbedpki-provider" }
env_logger = "0.10"
rustls = { version = "0.22.0-alpha.4", default-features = false }
rustls = { version = "0.22.0", default-features = false }
rustls-native-certs = "0.6.3"
rustls-pki-types = "1"
rustls-pemfile = "2"
6 changes: 2 additions & 4 deletions examples/src/main.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ use std::io::{stderr, stdout, Read, Write};
use std::net::TcpStream;
use std::sync::Arc;

use rustls_mbedcrypto_provider::MBEDTLS;
use rustls_mbedcrypto_provider::mbedtls_crypto_provider;
use rustls_mbedpki_provider::MbedTlsServerCertVerifier;

fn main() {
Expand All @@ -21,9 +21,7 @@ fn main() {
.map(|cert| cert.0.into())
.collect();
let server_cert_verifier = MbedTlsServerCertVerifier::new(&root_certs).unwrap();
let config = rustls::ClientConfig::builder_with_provider(MBEDTLS)
.with_safe_default_cipher_suites()
.with_safe_default_kx_groups()
let config = rustls::ClientConfig::builder_with_provider(mbedtls_crypto_provider().into())
.with_safe_default_protocol_versions()
.unwrap()
.dangerous()
Expand Down
17 changes: 6 additions & 11 deletions rustls-mbedcrypto-provider/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,15 +12,15 @@ categories = ["network-programming", "cryptography"]
resolver = "2"

[dependencies]
rustls = { version = "0.22.0-alpha.4", default-features = false }
rustls = { version = "0.22.0", default-features = false }
mbedtls = { version = "0.12.0-alpha.2", default-features = false, features = [
"std",
] }
log = { version = "0.4.4", optional = true }
pki-types = { package = "rustls-pki-types", version = "0.2.1", features = [
pki-types = { package = "rustls-pki-types", version = "1", features = [
"std",
] }
webpki = { package = "rustls-webpki", version = "0.102.0-alpha.6", features = [
webpki = { package = "rustls-webpki", version = "0.102.0", features = [
"alloc",
"std",
], default-features = false }
Expand All @@ -36,16 +36,11 @@ mbedtls = { version = "0.12.0-alpha.2", default-features = false, features = [
] }

[dev-dependencies]
rustls = { version = "0.22.0-alpha.4", default-features = false, features = [
rustls = { version = "0.22.0", default-features = false, features = [
"ring",
] }
webpki = { package = "rustls-webpki", version = "0.102.0-alpha.1", default-features = false, features = [
"alloc",
"std",
] }
pki-types = { package = "rustls-pki-types", version = "0.2.0" }
webpki-roots = "0.26.0-alpha.2"
rustls-pemfile = "=2.0.0-alpha.2"
webpki-roots = "0.26.0"
rustls-pemfile = "2"
env_logger = "0.10"
log = { version = "0.4.4" }

Expand Down
7 changes: 4 additions & 3 deletions rustls-mbedcrypto-provider/examples/client.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ use std::io::{stdout, Read, Write};
use std::net::TcpStream;
use std::sync::Arc;

use rustls_mbedcrypto_provider::MBEDTLS;
use rustls_mbedcrypto_provider::mbedtls_crypto_provider;

fn main() {
env_logger::init();
Expand All @@ -21,8 +21,9 @@ fn main() {
.cloned(),
);

let config = rustls::ClientConfig::builder_with_provider(MBEDTLS)
.with_safe_defaults()
let config = rustls::ClientConfig::builder_with_provider(mbedtls_crypto_provider().into())
.with_safe_default_protocol_versions()
.unwrap()
.with_root_certificates(root_store)
.with_no_client_auth();

Expand Down
21 changes: 12 additions & 9 deletions rustls-mbedcrypto-provider/examples/internal/bench.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ use pki_types::{CertificateDer, PrivateKeyDer};

use rustls::client::Resumption;
use rustls::crypto::ring::{cipher_suite, Ticketer};
use rustls::crypto::CryptoProvider;
use rustls::server::{NoServerSessionStorage, ServerSessionMemoryCache, WebPkiClientVerifier};
use rustls::RootCertStore;
use rustls::{ClientConfig, ClientConnection};
Expand Down Expand Up @@ -298,9 +299,7 @@ fn make_server_config(
ClientAuth::No => WebPkiClientVerifier::no_client_auth(),
};

let mut cfg = ServerConfig::builder_with_provider(rustls_mbedcrypto_provider::MBEDTLS)
.with_safe_default_cipher_suites()
.with_safe_default_kx_groups()
let mut cfg = ServerConfig::builder_with_provider(rustls_mbedcrypto_provider::mbedtls_crypto_provider().into())
.with_protocol_versions(&[params.version])
.unwrap()
.with_client_cert_verifier(client_auth)
Expand All @@ -324,12 +323,16 @@ fn make_client_config(params: &BenchmarkParam, clientauth: ClientAuth, resume: R
let mut rootbuf = io::BufReader::new(fs::File::open(params.key_type.path_for("ca.cert")).unwrap());
root_store.add_parsable_certificates(rustls_pemfile::certs(&mut rootbuf).map(|result| result.unwrap()));

let cfg = ClientConfig::builder_with_provider(rustls_mbedcrypto_provider::MBEDTLS)
.with_cipher_suites(&[params.ciphersuite])
.with_safe_default_kx_groups()
.with_protocol_versions(&[params.version])
.unwrap()
.with_root_certificates(root_store);
let cfg = ClientConfig::builder_with_provider(
CryptoProvider {
cipher_suites: vec![params.ciphersuite],
..rustls_mbedcrypto_provider::mbedtls_crypto_provider()
}
.into(),
)
.with_protocol_versions(&[params.version])
.unwrap()
.with_root_certificates(root_store);

let mut cfg = if clientauth == ClientAuth::Yes {
cfg.with_client_auth_cert(params.key_type.get_client_chain(), params.key_type.get_client_key())
Expand Down
47 changes: 25 additions & 22 deletions rustls-mbedcrypto-provider/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,10 @@
pub(crate) mod tls13;

use mbedtls::rng::Random;
use rustls::{SignatureScheme, SupportedCipherSuite, WebPkiSupportedAlgorithms};
use rustls::{
crypto::{CryptoProvider, KeyProvider, SecureRandom, WebPkiSupportedAlgorithms},
SignatureScheme, SupportedCipherSuite,
};

/// RNG supported by *mbedtls*
pub mod rng {
Expand All @@ -115,43 +118,43 @@
}
}

/// A `CryptoProvider` backed by the [*mbedtls*] crate.
/// returns a `CryptoProvider` backed by the [*mbedtls*] crate.
///
/// [*mbedtls*]: https://github.com/fortanix/rust-mbedtls
pub static MBEDTLS: &'static dyn rustls::crypto::CryptoProvider = &Mbedtls;
pub fn mbedtls_crypto_provider() -> CryptoProvider {
CryptoProvider {
cipher_suites: ALL_CIPHER_SUITES.to_vec(),
kx_groups: ALL_KX_GROUPS.to_vec(),
signature_verification_algorithms: SUPPORTED_SIG_ALGS,
secure_random: &MbedtlsSecureRandom,
key_provider: &MbedtlsKeyProvider,
}
}

/// Crypto provider based on the [*mbedtls*] crate.
///
/// [*mbedtls*]: https://github.com/fortanix/rust-mbedtls
#[derive(Debug)]
struct Mbedtls;
/// Implements `SecureRandom` using `mbedtls`
pub struct MbedtlsSecureRandom;

impl rustls::crypto::CryptoProvider for Mbedtls {
fn fill_random(&self, bytes: &mut [u8]) -> Result<(), rustls::crypto::GetRandomFailed> {
impl SecureRandom for MbedtlsSecureRandom {
fn fill(&self, buf: &mut [u8]) -> Result<(), rustls::crypto::GetRandomFailed> {
rng::rng_new()
.ok_or(rustls::crypto::GetRandomFailed)?
.random(bytes)
.random(buf)
.map_err(|_| rustls::crypto::GetRandomFailed)
}
}

fn default_cipher_suites(&self) -> &'static [SupportedCipherSuite] {
ALL_CIPHER_SUITES
}

fn default_kx_groups(&self) -> &'static [&'static dyn rustls::crypto::SupportedKxGroup] {
ALL_KX_GROUPS
}
#[derive(Debug)]

Check warning on line 147 in rustls-mbedcrypto-provider/src/lib.rs

View check run for this annotation

Codecov / codecov/patch

rustls-mbedcrypto-provider/src/lib.rs#L147 

Added line #L147 was not covered by tests
/// Implements `KeyProvider` using `mbedtls`
pub struct MbedtlsKeyProvider;

impl KeyProvider for MbedtlsKeyProvider {
fn load_private_key(
&self,
key_der: pki_types::PrivateKeyDer<'static>,
key_der: webpki::types::PrivateKeyDer<'static>,
) -> Result<alloc::sync::Arc<dyn rustls::sign::SigningKey>, rustls::Error> {
Ok(alloc::sync::Arc::new(sign::MbedTlsPkSigningKey::new(&key_der)?))
}

fn signature_verification_algorithms(&self) -> WebPkiSupportedAlgorithms {
SUPPORTED_SIG_ALGS
}
}

/// The cipher suite configuration that an application should use by default.
Expand Down
Loading
Loading