rust/rustls
rust
/
rustls
mirror of https://github.com/ctz/rustls
1
0
Fork 0
Code Issues Releases Wiki Activity

Extract all straight lookups of suites and kx groups

This commit is contained in:
Joseph Birr-Pixton 2024-02-19 17:44:36 +00:00
parent fdf71f8ed0
commit 363910b701
6 changed files with 38 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
rustls/src/client/client_conn.rs
View File

@ -1,8 +1,8 @@
use crate::builder::ConfigBuilder; use crate::builder::ConfigBuilder;
use crate::common_state::{CommonState, Protocol, Side}; use crate::common_state::{CommonState, Protocol, Side};
use crate::conn::{ConnectionCommon, ConnectionCore, UnbufferedConnectionCommon}; use crate::conn::{ConnectionCommon, ConnectionCore, UnbufferedConnectionCommon};
use crate::crypto::{CryptoProvider, SupportedKxGroup}; use crate::crypto::CryptoProvider;
use crate::enums::{CipherSuite, ProtocolVersion, SignatureScheme}; use crate::enums::{ProtocolVersion, SignatureScheme};
use crate::error::Error; use crate::error::Error;
#[cfg(feature = "logging")] #[cfg(feature = "logging")]
use crate::log::trace; use crate::log::trace;
@ -311,22 +311,6 @@ impl ClientConfig {
pub fn dangerous(&mut self) -> danger::DangerousClientConfig<'_> { pub fn dangerous(&mut self) -> danger::DangerousClientConfig<'_> {
danger::DangerousClientConfig { cfg: self } danger::DangerousClientConfig { cfg: self }
} }
pub(super) fn find_cipher_suite(&self, suite: CipherSuite) -> Option<SupportedCipherSuite> {
self.provider
.cipher_suites
.iter()
.copied()
.find(|&scs| scs.suite() == suite)
}
pub(super) fn find_kx_group(&self, group: NamedGroup) -> Option<&'static dyn SupportedKxGroup> {
self.provider
.kx_groups
.iter()
.copied()
.find(|skxg| skxg.name() == group)
}
} }
impl Clone for ClientConfig { impl Clone for ClientConfig {

8
rustls/src/client/hs.rs
View File

@ -614,6 +614,7 @@ impl State<ClientConnectionData> for ExpectServerHello {
} }
let suite = config let suite = config
.provider
.find_cipher_suite(server_hello.cipher_suite) .find_cipher_suite(server_hello.cipher_suite)
.ok_or_else(|| { .ok_or_else(|| {
cx.common.send_fatal_alert( cx.common.send_fatal_alert(
@ -827,7 +828,10 @@ impl ExpectServerHelloOrHelloRetryRequest {
// Or asks us to use a ciphersuite we didn't offer. // Or asks us to use a ciphersuite we didn't offer.
let config = &self.next.input.config; let config = &self.next.input.config;
let cs = match config.find_cipher_suite(hrr.cipher_suite) { let cs = match config
.provider
.find_cipher_suite(hrr.cipher_suite)
{
Some(cs) => cs, Some(cs) => cs,
None => { None => {
return Err({ return Err({
@ -857,7 +861,7 @@ impl ExpectServerHelloOrHelloRetryRequest {
let key_share = match req_group { let key_share = match req_group {
Some(group) if group != offered_key_share.group() => { Some(group) if group != offered_key_share.group() => {
let skxg = match config.find_kx_group(group) { let skxg = match config.provider.find_kx_group(group) {
Some(skxg) => skxg, Some(skxg) => skxg,
None => { None => {
return Err(cx.common.send_fatal_alert( return Err(cx.common.send_fatal_alert(

6
rustls/src/client/tls12.rs
View File

@ -921,7 +921,11 @@ impl State<ClientConnectionData> for ExpectServerDone<'_> {
let named_group = kx_params let named_group = kx_params
.named_group() .named_group()
.ok_or(PeerMisbehaved::SelectedUnofferedKxGroup)?; .ok_or(PeerMisbehaved::SelectedUnofferedKxGroup)?;
let skxg = match st.config.find_kx_group(named_group) { let skxg = match st
.config
.provider
.find_kx_group(named_group)
{
Some(skxg) => skxg, Some(skxg) => skxg,
None => { None => {
return Err(PeerMisbehaved::SelectedUnofferedKxGroup.into()); return Err(PeerMisbehaved::SelectedUnofferedKxGroup.into());

6
rustls/src/client/tls13.rs
View File

@ -210,7 +210,11 @@ pub(super) fn initial_key_share(
.resumption .resumption
.store .store
.kx_hint(server_name) .kx_hint(server_name)
.and_then(|group_name| config.find_kx_group(group_name)) .and_then(|group_name| {
config
.provider
.find_kx_group(group_name)
})
.unwrap_or_else(|| { .unwrap_or_else(|| {
config config
.provider .provider

19
rustls/src/crypto/mod.rs
View File

@ -1,6 +1,6 @@
use crate::sign::SigningKey; use crate::sign::SigningKey;
use crate::{suites, ProtocolVersion, SupportedProtocolVersion}; use crate::{suites, ProtocolVersion, SupportedProtocolVersion};
use crate::{Error, NamedGroup}; use crate::{CipherSuite, Error, NamedGroup};
use alloc::boxed::Box; use alloc::boxed::Box;
use alloc::sync::Arc; use alloc::sync::Arc;
@ -292,6 +292,23 @@ impl CryptoProvider {
&& secure_random.fips() && secure_random.fips()
&& key_provider.fips() && key_provider.fips()
} }
pub(crate) fn find_cipher_suite(
&self,
name: CipherSuite,
) -> Option<suites::SupportedCipherSuite> {
self.cipher_suites
.iter()
.find(|suite| suite.suite() == name)
.copied()
}
pub(crate) fn find_kx_group(&self, name: NamedGroup) -> Option<&'static dyn SupportedKxGroup> {
self.kx_groups
.iter()
.find(|group| group.name() == name)
.copied()
}
} }
static PROCESS_DEFAULT_PROVIDER: OnceCell<Arc<CryptoProvider>> = OnceCell::new(); static PROCESS_DEFAULT_PROVIDER: OnceCell<Arc<CryptoProvider>> = OnceCell::new();

6
rustls/src/server/hs.rs
View File

@ -429,9 +429,7 @@ impl ExpectClientHello {
let supported = self let supported = self
.config .config
.provider .provider
.kx_groups .find_kx_group(*offered_group);
.iter()
.find(|skxg| skxg.name() == *offered_group);
match offered_group.key_exchange_algorithm() { match offered_group.key_exchange_algorithm() {
KeyExchangeAlgorithm::DHE => { KeyExchangeAlgorithm::DHE => {
@ -510,7 +508,7 @@ impl ExpectClientHello {
.find_map(|maybe_skxg| match maybe_skxg { .find_map(|maybe_skxg| match maybe_skxg {
Some(skxg) => suite Some(skxg) => suite
.usable_for_kx_algorithm(skxg.name().key_exchange_algorithm()) .usable_for_kx_algorithm(skxg.name().key_exchange_algorithm())
.then(|| *skxg), .then(|| skxg),
None => None, None => None,
}); });