crypto: separate module dir, ring sub-module.

For better code organization this commit moves the generic crypto interface code from `src/crypto.rs` to `src/crypto/lib.rs`. The *ring* specific code implementing the generic interfaces is moved to `src/crypto/ring.rs` as a sub-module of `crypto. All imports are adjusted accordingly. This has the advantage of leaving `src/crypto/lib.rs` small, and without any *ring* specific imports. In the future we may choose to feature-gate the ring sub-module to allow building the crate without a dependency on ring.
2023-03-13 11:00:10 -04:00 · 2023-03-13 11:00:10 -04:00 · 17a7e17534
parent d60df2c368
commit 17a7e17534
18 changed files with 42 additions and 33 deletions
--- a/examples/src/bin/limitedclient.rs
+++ b/examples/src/bin/limitedclient.rs
@ -6,7 +6,7 @@ use std::sync::Arc;
 use std::io::{stdout, Read, Write};
 use std::net::TcpStream;

-use rustls::crypto::Ring;
+use rustls::crypto::ring::Ring;
 use rustls::OwnedTrustAnchor;

 fn main() {
--- a/examples/src/bin/simple_0rtt_client.rs
+++ b/examples/src/bin/simple_0rtt_client.rs
@ -3,7 +3,8 @@ use std::sync::Arc;
 use std::io::{BufRead, BufReader, Write};
 use std::net::TcpStream;

-use rustls::crypto::{CryptoProvider, Ring};
+use rustls::crypto::ring::Ring;
+use rustls::crypto::CryptoProvider;
 use rustls::{OwnedTrustAnchor, RootCertStore};

 fn start_connection(config: &Arc<rustls::ClientConfig<impl CryptoProvider>>, domain_name: &str) {
--- a/examples/src/bin/simpleclient.rs
+++ b/examples/src/bin/simpleclient.rs
@ -12,7 +12,7 @@ use std::sync::Arc;
 use std::io::{stdout, Read, Write};
 use std::net::TcpStream;

-use rustls::crypto::Ring;
+use rustls::crypto::ring::Ring;
 use rustls::{OwnedTrustAnchor, RootCertStore};

 fn main() {
--- a/examples/src/bin/tlsclient-mio.rs
+++ b/examples/src/bin/tlsclient-mio.rs
@ -2,8 +2,8 @@ use std::process;
 use std::sync::Arc;

 use mio::net::TcpStream;
+use rustls::crypto::ring::Ring;
 use rustls::crypto::CryptoProvider;
-use rustls::crypto::Ring;

 use std::fs;
 use std::io;
--- a/examples/src/bin/tlsserver-mio.rs
+++ b/examples/src/bin/tlsserver-mio.rs
@ -1,7 +1,7 @@
 use std::sync::Arc;

 use mio::net::{TcpListener, TcpStream};
-use rustls::crypto::Ring;
+use rustls::crypto::ring::Ring;

 #[macro_use]
 extern crate log;
--- a/fuzz/fuzzers/client.rs
+++ b/fuzz/fuzzers/client.rs
@ -4,7 +4,7 @@ extern crate libfuzzer_sys;
 extern crate rustls;
 extern crate webpki;

-use rustls::crypto::Ring;
+use rustls::crypto::ring::Ring;
 use rustls::{ClientConfig, ClientConnection, RootCertStore};
 use std::io;
 use std::sync::Arc;
--- a/fuzz/fuzzers/server.rs
+++ b/fuzz/fuzzers/server.rs
@ -3,7 +3,7 @@
 extern crate libfuzzer_sys;
 extern crate rustls;

-use rustls::crypto::Ring;
+use rustls::crypto::ring::Ring;
 use rustls::server::ResolvesServerCert;
 use rustls::{ServerConfig, ServerConnection};

--- a/rustls/examples/internal/bench.rs
+++ b/rustls/examples/internal/bench.rs
@ -12,7 +12,7 @@ use std::sync::Arc;
 use std::time::{Duration, Instant};

 use rustls::client::Resumption;
-use rustls::crypto::Ring;
+use rustls::crypto::ring::Ring;
 use rustls::server::{
    AllowAnyAuthenticatedClient, NoClientAuth, NoServerSessionStorage, ServerSessionMemoryCache,
 };
--- a/rustls/examples/internal/bogo_shim.rs
+++ b/rustls/examples/internal/bogo_shim.rs
@ -5,8 +5,8 @@
 //

 use rustls::client::{ClientConfig, ClientConnection, Resumption};
+use rustls::crypto::ring::Ring;
 use rustls::crypto::CryptoProvider;
-use rustls::crypto::Ring;
 use rustls::internal::msgs::codec::Codec;
 use rustls::internal::msgs::persist;
 use rustls::server::{ClientHello, ServerConfig, ServerConnection};
--- a/rustls/src/builder.rs
+++ b/rustls/src/builder.rs
@ -21,7 +21,7 @@ use std::marker::PhantomData;
 ///
 /// ```no_run
 /// # use rustls::ServerConfig;
-/// # use rustls::crypto::Ring;
+/// # use rustls::crypto::ring::Ring;
 /// # let certs = vec![];
 /// # let private_key = rustls::PrivateKey(vec![]);
 /// ServerConfig::<Ring>::builder()
@ -38,7 +38,7 @@ use std::marker::PhantomData;
 ///
 /// ```no_run
 /// # use rustls::ServerConfig;
-/// # use rustls::crypto::Ring;
+/// # use rustls::crypto::ring::Ring;
 /// # let certs = vec![];
 /// # let private_key = rustls::PrivateKey(vec![]);
 /// ServerConfig::<Ring>::builder()
@ -52,7 +52,7 @@ use std::marker::PhantomData;
 ///
 /// ```no_run
 /// # use rustls::ClientConfig;
-/// # use rustls::crypto::Ring;
+/// # use rustls::crypto::ring::Ring;
 /// # let root_certs = rustls::RootCertStore::empty();
 /// # let certs = vec![];
 /// # let private_key = rustls::PrivateKey(vec![]);
@ -70,7 +70,7 @@ use std::marker::PhantomData;
 ///
 /// ```
 /// # use rustls::ClientConfig;
-/// # use rustls::crypto::Ring;
+/// # use rustls::crypto::ring::Ring;
 /// # let root_certs = rustls::RootCertStore::empty();
 /// ClientConfig::<Ring>::builder()
 ///     .with_safe_defaults()
--- a/rustls/src/crypto/mod.rs
+++ b/rustls/src/crypto/mod.rs
@ -0,0 +1,14 @@
+use crate::rand::GetRandomFailed;
+use crate::server::ProducesTickets;
+
+/// *ring* based CryptoProvider.
+pub mod ring;
+
+/// Pluggable crypto galore.
+pub trait CryptoProvider: Send + Sync + 'static {
+    /// Build a ticket generator.
+    fn ticket_generator() -> Result<Box<dyn ProducesTickets>, GetRandomFailed>;
+
+    /// Fill the given buffer with random bytes.
+    fn fill_random(buf: &mut [u8]) -> Result<(), GetRandomFailed>;
+}
--- a/rustls/src/crypto/ring.rs
+++ b/rustls/src/crypto/ring.rs
@ -1,18 +1,10 @@
+use crate::crypto::CryptoProvider;
 use crate::rand::GetRandomFailed;
 use crate::server::ProducesTickets;

 use ring::aead;
 use ring::rand::{SecureRandom, SystemRandom};

-/// Pluggable crypto galore.
-pub trait CryptoProvider: Send + Sync + 'static {
-    /// Build a ticket generator.
-    fn ticket_generator() -> Result<Box<dyn ProducesTickets>, GetRandomFailed>;
-
-    /// Fill the given buffer with random bytes.
-    fn fill_random(buf: &mut [u8]) -> Result<(), GetRandomFailed>;
-}
-
 /// Default crypto provider.
 pub struct Ring;

@ -61,7 +53,7 @@ impl ProducesTickets for AeadTicketer {
        // Random nonce, because a counter is a privacy leak.
        let mut nonce_buf = [0u8; 12];
        Ring::fill_random(&mut nonce_buf).ok()?;
-        let nonce = ring::aead::Nonce::assume_unique_for_key(nonce_buf);
+        let nonce = aead::Nonce::assume_unique_for_key(nonce_buf);
        let aad = ring::aead::Aad::empty();

        let mut ciphertext =
@ -84,7 +76,7 @@ impl ProducesTickets for AeadTicketer {
        let ciphertext = ciphertext.get(nonce.len()..)?;

        // This won't fail since `nonce` has the required length.
-        let nonce = ring::aead::Nonce::try_assume_unique_for_key(nonce).ok()?;
+        let nonce = aead::Nonce::try_assume_unique_for_key(nonce).ok()?;

        let mut out = Vec::from(ciphertext);

--- a/rustls/src/lib.rs
+++ b/rustls/src/lib.rs
@ -122,7 +122,7 @@
 //!
 //! ```rust,no_run
 //! # let root_store: rustls::RootCertStore = panic!();
-//! let config = rustls::ClientConfig::<rustls::crypto::Ring>::builder()
+//! let config = rustls::ClientConfig::<rustls::crypto::ring::Ring>::builder()
 //!     .with_safe_defaults()
 //!     .with_root_certificates(root_store)
 //!     .with_no_client_auth();
@ -148,7 +148,7 @@
 //! #          )
 //! #      })
 //! # );
-//! # let config = rustls::ClientConfig::<rustls::crypto::Ring>::builder()
+//! # let config = rustls::ClientConfig::<rustls::crypto::ring::Ring>::builder()
 //! #     .with_safe_defaults()
 //! #     .with_root_certificates(root_store)
 //! #     .with_no_client_auth();
@ -181,7 +181,7 @@
 //! errors.
 //!
 //! ```rust,no_run
-//! # let mut client = rustls::ClientConnection::new::<rustls::crypto::Ring>(panic!(), panic!()).unwrap();
+//! # let mut client = rustls::ClientConnection::new::<rustls::crypto::ring::Ring>(panic!(), panic!()).unwrap();
 //! # struct Socket { }
 //! # impl Socket {
 //! #   fn ready_for_write(&self) -> bool { false }
--- a/rustls/src/server/server_conn.rs
+++ b/rustls/src/server/server_conn.rs
@ -554,7 +554,7 @@ impl From<ServerConnection> for crate::Connection {
 ///     };
 ///
 ///     // For some user-defined choose_server_config:
-///     let config = choose_server_config::<rustls::crypto::Ring>(accepted.client_hello());
+///     let config = choose_server_config::<rustls::crypto::ring::Ring>(accepted.client_hello());
 ///     let conn = accepted
 ///         .into_connection(config)
 ///         .unwrap();
--- a/rustls/src/ticketer.rs
+++ b/rustls/src/ticketer.rs
@ -1,6 +1,6 @@
-use crate::crypto::CryptoProvider;
 #[cfg(test)]
-use crate::crypto::Ring;
+use crate::crypto::ring::Ring;
+use crate::crypto::CryptoProvider;
 use crate::rand;
 use crate::server::ProducesTickets;
 use crate::Error;
--- a/rustls/tests/api.rs
+++ b/rustls/tests/api.rs
@ -10,7 +10,8 @@ use std::sync::Arc;
 use std::sync::Mutex;

 use rustls::client::{ResolvesClientCert, Resumption};
-use rustls::crypto::{CryptoProvider, Ring};
+use rustls::crypto::ring::Ring;
+use rustls::crypto::CryptoProvider;
 use rustls::internal::msgs::base::Payload;
 use rustls::internal::msgs::codec::Codec;
 use rustls::server::{AllowAnyAnonymousOrAuthenticatedClient, ClientHello, ResolvesServerCert};
--- a/rustls/tests/client_cert_verifier.rs
+++ b/rustls/tests/client_cert_verifier.rs
@ -10,7 +10,7 @@ use crate::common::{
    make_pair_for_arc_configs, server_name, ErrorFromPeer, KeyType, ALL_KEY_TYPES,
 };
 use rustls::client::WebPkiVerifier;
-use rustls::crypto::Ring;
+use rustls::crypto::ring::Ring;
 use rustls::internal::msgs::handshake::DistinguishedName;
 use rustls::server::{ClientCertVerified, ClientCertVerifier};
 use rustls::{
--- a/rustls/tests/common/mod.rs
+++ b/rustls/tests/common/mod.rs
@ -4,7 +4,8 @@ use std::io;
 use std::ops::{Deref, DerefMut};
 use std::sync::Arc;

-use rustls::crypto::{CryptoProvider, Ring};
+use rustls::crypto::ring::Ring;
+use rustls::crypto::CryptoProvider;
 use rustls::internal::msgs::codec::Reader;
 use rustls::internal::msgs::message::{Message, OpaqueMessage, PlainMessage};
 use rustls::server::{