mirror of https://github.com/ctz/rustls
Format imports with `cargo +nightly fmt-unstable`
Run with nightly-2024-02-21
This commit is contained in:
parent
2d66fe4d9b
commit
546a85d912
|
@ -401,10 +401,12 @@ pub mod transport {
|
|||
//! but that doesn't matter (we are measuring performance differences, and overhead is automatically
|
||||
//! ignored as long as it remains constant).
|
||||
|
||||
use super::async_io::{AsyncRead, AsyncWrite};
|
||||
use std::io::{Cursor, Read, Write};
|
||||
|
||||
use byteorder::{BigEndian, ReadBytesExt, WriteBytesExt};
|
||||
use rustls::{ClientConnection, ConnectionCommon, ServerConnection, SideData};
|
||||
use std::io::{Cursor, Read, Write};
|
||||
|
||||
use super::async_io::{AsyncRead, AsyncWrite};
|
||||
|
||||
/// Sends one side's handshake data to the other side in one go.
|
||||
///
|
||||
|
|
|
@ -3,7 +3,6 @@ mod ech_config {
|
|||
use hickory_resolver::proto::rr::rdata::svcb::{SvcParamKey, SvcParamValue};
|
||||
use hickory_resolver::proto::rr::{RData, RecordType};
|
||||
use hickory_resolver::Resolver;
|
||||
|
||||
use rustls::internal::msgs::codec::{Codec, Reader};
|
||||
use rustls::internal::msgs::enums::EchVersion;
|
||||
use rustls::internal::msgs::handshake::EchConfig;
|
||||
|
|
|
@ -2,11 +2,12 @@
|
|||
//! so that unused cryptography in rustls can be discarded by the linker. You can
|
||||
//! observe using `nm` that the binary of this program does not contain any AES code.
|
||||
|
||||
use rustls::crypto::{aws_lc_rs as provider, CryptoProvider};
|
||||
use std::io::{stdout, Read, Write};
|
||||
use std::net::TcpStream;
|
||||
use std::sync::Arc;
|
||||
|
||||
use rustls::crypto::{aws_lc_rs as provider, CryptoProvider};
|
||||
|
||||
fn main() {
|
||||
let root_store = rustls::RootCertStore::from_iter(
|
||||
webpki_roots::TLS_SERVER_ROOTS
|
||||
|
|
|
@ -13,13 +13,12 @@ use std::time::Duration;
|
|||
use std::{fs, thread};
|
||||
|
||||
use docopt::Docopt;
|
||||
use serde_derive::Deserialize;
|
||||
|
||||
use rustls::pki_types::{
|
||||
CertificateDer, CertificateRevocationListDer, PrivateKeyDer, PrivatePkcs8KeyDer,
|
||||
};
|
||||
use rustls::server::{Acceptor, ClientHello, ServerConfig, WebPkiClientVerifier};
|
||||
use rustls::RootCertStore;
|
||||
use serde_derive::Deserialize;
|
||||
|
||||
fn main() {
|
||||
let version = concat!(
|
||||
|
|
|
@ -26,11 +26,10 @@ use std::{fs, process, str};
|
|||
|
||||
use docopt::Docopt;
|
||||
use mio::net::TcpStream;
|
||||
use serde::Deserialize;
|
||||
|
||||
use rustls::crypto::{aws_lc_rs as provider, CryptoProvider};
|
||||
use rustls::pki_types::{CertificateDer, PrivateKeyDer, ServerName};
|
||||
use rustls::RootCertStore;
|
||||
use serde::Deserialize;
|
||||
|
||||
const CLIENT: mio::Token = mio::Token(0);
|
||||
|
||||
|
|
|
@ -27,12 +27,11 @@ use std::{fs, net};
|
|||
use docopt::Docopt;
|
||||
use log::{debug, error};
|
||||
use mio::net::{TcpListener, TcpStream};
|
||||
use serde::Deserialize;
|
||||
|
||||
use rustls::crypto::{aws_lc_rs as provider, CryptoProvider};
|
||||
use rustls::pki_types::{CertificateDer, CertificateRevocationListDer, PrivateKeyDer};
|
||||
use rustls::server::WebPkiClientVerifier;
|
||||
use rustls::RootCertStore;
|
||||
use serde::Deserialize;
|
||||
|
||||
// Token for our listening socket.
|
||||
const LISTENER: mio::Token = mio::Token(0);
|
||||
|
|
|
@ -4,6 +4,7 @@ use std::net::{TcpListener, TcpStream};
|
|||
use std::sync::Arc;
|
||||
use std::{str, thread};
|
||||
|
||||
use openssl::ssl::{SslAcceptor, SslFiletype, SslMethod};
|
||||
use rustls::crypto::{aws_lc_rs as provider, CryptoProvider};
|
||||
use rustls::version::{TLS12, TLS13};
|
||||
use rustls::{ClientConfig, RootCertStore, ServerConfig, SupportedProtocolVersion};
|
||||
|
@ -13,8 +14,6 @@ use rustls_pki_types::{CertificateDer, PrivateKeyDer};
|
|||
use crate::ffdhe::{self, FfdheKxGroup};
|
||||
use crate::utils::verify_openssl3_available;
|
||||
|
||||
use openssl::ssl::{SslAcceptor, SslFiletype, SslMethod};
|
||||
|
||||
#[test]
|
||||
fn rustls_server_with_ffdhe_kx_tls13() {
|
||||
test_rustls_server_with_ffdhe_kx(&TLS13, 1)
|
||||
|
|
|
@ -1,18 +1,16 @@
|
|||
#![cfg(feature = "ring")]
|
||||
|
||||
use bencher::{benchmark_group, benchmark_main, Bencher};
|
||||
|
||||
use rustls::crypto::ring as provider;
|
||||
|
||||
#[path = "../tests/common/mod.rs"]
|
||||
mod test_utils;
|
||||
use test_utils::*;
|
||||
|
||||
use rustls::ServerConnection;
|
||||
|
||||
use std::io;
|
||||
use std::sync::Arc;
|
||||
|
||||
use rustls::ServerConnection;
|
||||
use test_utils::*;
|
||||
|
||||
fn bench_ewouldblock(c: &mut Bencher) {
|
||||
let server_config = make_server_config(KeyType::Rsa);
|
||||
let mut server = ServerConnection::new(Arc::new(server_config)).unwrap();
|
||||
|
|
|
@ -3,16 +3,13 @@
|
|||
// Note: we don't use any of the standard 'cargo bench', 'test::Bencher',
|
||||
// etc. because it's unstable at the time of writing.
|
||||
|
||||
use std::env;
|
||||
use std::fs;
|
||||
use std::io::{self, Read, Write};
|
||||
use std::ops::Deref;
|
||||
use std::ops::DerefMut;
|
||||
use std::ops::{Deref, DerefMut};
|
||||
use std::sync::Arc;
|
||||
use std::time::{Duration, Instant};
|
||||
use std::{env, fs};
|
||||
|
||||
use pki_types::{CertificateDer, PrivateKeyDer};
|
||||
|
||||
use rustls::client::Resumption;
|
||||
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
|
||||
use rustls::crypto::aws_lc_rs as provider;
|
||||
|
@ -24,10 +21,10 @@ use rustls::crypto::ring as provider;
|
|||
use rustls::crypto::ring::{cipher_suite, Ticketer};
|
||||
use rustls::crypto::CryptoProvider;
|
||||
use rustls::server::{NoServerSessionStorage, ServerSessionMemoryCache, WebPkiClientVerifier};
|
||||
use rustls::RootCertStore;
|
||||
use rustls::{ClientConfig, ClientConnection};
|
||||
use rustls::{ConnectionCommon, SideData};
|
||||
use rustls::{ServerConfig, ServerConnection};
|
||||
use rustls::{
|
||||
ClientConfig, ClientConnection, ConnectionCommon, RootCertStore, ServerConfig,
|
||||
ServerConnection, SideData,
|
||||
};
|
||||
|
||||
pub fn main() {
|
||||
let mut args = std::env::args();
|
||||
|
|
|
@ -4,8 +4,19 @@
|
|||
// https://boringssl.googlesource.com/boringssl/+/master/ssl/test
|
||||
//
|
||||
|
||||
use std::fmt::{Debug, Formatter};
|
||||
use std::io::{self, BufReader, Read, Write};
|
||||
use std::sync::Arc;
|
||||
use std::{env, fs, net, process, thread, time};
|
||||
|
||||
use base64::prelude::{Engine, BASE64_STANDARD};
|
||||
use pki_types::{CertificateDer, PrivateKeyDer, ServerName, UnixTime};
|
||||
use rustls::client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier};
|
||||
use rustls::client::{ClientConfig, ClientConnection, Resumption, WebPkiServerVerifier};
|
||||
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
|
||||
use rustls::crypto::aws_lc_rs as provider;
|
||||
#[cfg(feature = "ring")]
|
||||
use rustls::crypto::ring as provider;
|
||||
use rustls::crypto::{CryptoProvider, SupportedKxGroup};
|
||||
use rustls::internal::msgs::codec::Codec;
|
||||
use rustls::internal::msgs::persist::ServerSessionValue;
|
||||
|
@ -18,20 +29,6 @@ use rustls::{
|
|||
SupportedProtocolVersion,
|
||||
};
|
||||
|
||||
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
|
||||
use rustls::crypto::aws_lc_rs as provider;
|
||||
#[cfg(feature = "ring")]
|
||||
use rustls::crypto::ring as provider;
|
||||
|
||||
use base64::prelude::{Engine, BASE64_STANDARD};
|
||||
use pki_types::{CertificateDer, PrivateKeyDer, ServerName, UnixTime};
|
||||
|
||||
use std::fmt::{Debug, Formatter};
|
||||
use std::io::{self, BufReader, Read, Write};
|
||||
use std::sync::Arc;
|
||||
use std::time;
|
||||
use std::{env, fs, net, process, thread};
|
||||
|
||||
static BOGO_NACK: i32 = 89;
|
||||
|
||||
macro_rules! println_err(
|
||||
|
|
|
@ -41,10 +41,11 @@ impl<'a> fmt::Debug for BsDebug<'a> {
|
|||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use super::BsDebug;
|
||||
use std::format;
|
||||
use std::prelude::v1::*;
|
||||
|
||||
use super::BsDebug;
|
||||
|
||||
#[test]
|
||||
fn debug() {
|
||||
let vec: Vec<_> = (0..0x100).map(|b| b as u8).collect();
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
use crate::error::Error;
|
||||
use crate::time_provider::TimeProvider;
|
||||
use crate::versions;
|
||||
use crate::{crypto::CryptoProvider, msgs::handshake::ALL_KEY_EXCHANGE_ALGORITHMS};
|
||||
|
||||
use alloc::format;
|
||||
use alloc::sync::Arc;
|
||||
use alloc::vec::Vec;
|
||||
use core::fmt;
|
||||
use core::marker::PhantomData;
|
||||
|
||||
use crate::crypto::CryptoProvider;
|
||||
use crate::error::Error;
|
||||
use crate::msgs::handshake::ALL_KEY_EXCHANGE_ALGORITHMS;
|
||||
use crate::time_provider::TimeProvider;
|
||||
use crate::versions;
|
||||
#[cfg(doc)]
|
||||
use crate::{ClientConfig, ServerConfig};
|
||||
|
||||
|
|
|
@ -1,6 +1,12 @@
|
|||
use alloc::sync::Arc;
|
||||
use alloc::vec::Vec;
|
||||
use core::marker::PhantomData;
|
||||
|
||||
use pki_types::{CertificateDer, PrivateKeyDer};
|
||||
|
||||
use super::client_conn::Resumption;
|
||||
use crate::builder::{ConfigBuilder, WantsVerifier};
|
||||
use crate::client::handy;
|
||||
use crate::client::{ClientConfig, ResolvesClientCert};
|
||||
use crate::client::{handy, ClientConfig, ResolvesClientCert};
|
||||
use crate::crypto::CryptoProvider;
|
||||
use crate::error::Error;
|
||||
use crate::key_log::NoKeyLog;
|
||||
|
@ -9,14 +15,6 @@ use crate::time_provider::TimeProvider;
|
|||
use crate::webpki::{self, WebPkiServerVerifier};
|
||||
use crate::{verify, versions};
|
||||
|
||||
use super::client_conn::Resumption;
|
||||
|
||||
use pki_types::{CertificateDer, PrivateKeyDer};
|
||||
|
||||
use alloc::sync::Arc;
|
||||
use alloc::vec::Vec;
|
||||
use core::marker::PhantomData;
|
||||
|
||||
impl ConfigBuilder<ClientConfig, WantsVerifier> {
|
||||
/// Choose how to verify server certificates.
|
||||
///
|
||||
|
|
|
@ -1,3 +1,13 @@
|
|||
use alloc::sync::Arc;
|
||||
use alloc::vec::Vec;
|
||||
use core::marker::PhantomData;
|
||||
use core::ops::{Deref, DerefMut};
|
||||
use core::{fmt, mem};
|
||||
|
||||
use pki_types::{ServerName, UnixTime};
|
||||
|
||||
use super::handy::NoClientSessionStorage;
|
||||
use super::hs;
|
||||
use crate::builder::ConfigBuilder;
|
||||
use crate::common_state::{CommonState, Protocol, Side};
|
||||
use crate::conn::{ConnectionCore, UnbufferedConnectionCommon};
|
||||
|
@ -9,32 +19,16 @@ use crate::log::trace;
|
|||
use crate::msgs::enums::NamedGroup;
|
||||
use crate::msgs::handshake::ClientExtension;
|
||||
use crate::msgs::persist;
|
||||
use crate::sign;
|
||||
use crate::suites::SupportedCipherSuite;
|
||||
#[cfg(feature = "std")]
|
||||
use crate::time_provider::DefaultTimeProvider;
|
||||
use crate::time_provider::TimeProvider;
|
||||
use crate::unbuffered::{EncryptError, TransmitTlsData};
|
||||
use crate::versions;
|
||||
use crate::KeyLog;
|
||||
#[cfg(feature = "std")]
|
||||
use crate::WantsVerifier;
|
||||
use crate::{verify, WantsVersions};
|
||||
|
||||
use super::handy::NoClientSessionStorage;
|
||||
use super::hs;
|
||||
|
||||
use pki_types::{ServerName, UnixTime};
|
||||
|
||||
use alloc::sync::Arc;
|
||||
use alloc::vec::Vec;
|
||||
use core::fmt;
|
||||
use core::marker::PhantomData;
|
||||
use core::mem;
|
||||
use core::ops::{Deref, DerefMut};
|
||||
|
||||
#[cfg(doc)]
|
||||
use crate::{crypto, DistinguishedName};
|
||||
use crate::{sign, verify, versions, KeyLog, WantsVersions};
|
||||
|
||||
/// A trait for the ability to store client session data, so that sessions
|
||||
/// can be resumed in future connections.
|
||||
|
@ -584,22 +578,20 @@ impl EarlyData {
|
|||
|
||||
#[cfg(feature = "std")]
|
||||
mod connection {
|
||||
use crate::common_state::Protocol;
|
||||
use crate::conn::ConnectionCommon;
|
||||
use crate::conn::ConnectionCore;
|
||||
use crate::error::Error;
|
||||
use crate::suites::ExtractedSecrets;
|
||||
use crate::ClientConfig;
|
||||
|
||||
use pki_types::ServerName;
|
||||
|
||||
use alloc::sync::Arc;
|
||||
use alloc::vec::Vec;
|
||||
use core::fmt;
|
||||
use core::ops::{Deref, DerefMut};
|
||||
use std::io;
|
||||
|
||||
use pki_types::ServerName;
|
||||
|
||||
use super::ClientConnectionData;
|
||||
use crate::common_state::Protocol;
|
||||
use crate::conn::{ConnectionCommon, ConnectionCore};
|
||||
use crate::error::Error;
|
||||
use crate::suites::ExtractedSecrets;
|
||||
use crate::ClientConfig;
|
||||
|
||||
/// Stub that implements io::Write and dispatches to `write_early_data`.
|
||||
pub struct WriteEarlyData<'a> {
|
||||
|
|
|
@ -1,15 +1,14 @@
|
|||
use alloc::boxed::Box;
|
||||
use alloc::sync::Arc;
|
||||
use alloc::vec::Vec;
|
||||
|
||||
use super::ResolvesClientCert;
|
||||
#[cfg(feature = "logging")]
|
||||
use crate::log::{debug, trace};
|
||||
use crate::msgs::enums::ExtensionType;
|
||||
use crate::msgs::handshake::ServerExtension;
|
||||
use crate::msgs::handshake::{CertificateChain, DistinguishedName};
|
||||
use crate::msgs::handshake::{CertificateChain, DistinguishedName, ServerExtension};
|
||||
use crate::{sign, SignatureScheme};
|
||||
|
||||
use alloc::boxed::Box;
|
||||
use alloc::sync::Arc;
|
||||
use alloc::vec::Vec;
|
||||
|
||||
#[derive(Debug)]
|
||||
pub(super) struct ServerCertDetails<'a> {
|
||||
pub(super) cert_chain: CertificateChain<'a>,
|
||||
|
|
|
@ -1,14 +1,12 @@
|
|||
use crate::client;
|
||||
use alloc::sync::Arc;
|
||||
|
||||
use pki_types::ServerName;
|
||||
|
||||
use crate::enums::SignatureScheme;
|
||||
use crate::error::Error;
|
||||
use crate::msgs::handshake::CertificateChain;
|
||||
use crate::msgs::persist;
|
||||
use crate::sign;
|
||||
use crate::NamedGroup;
|
||||
|
||||
use pki_types::ServerName;
|
||||
|
||||
use alloc::sync::Arc;
|
||||
use crate::{client, sign, NamedGroup};
|
||||
|
||||
/// An implementer of `ClientSessionStore` which does nothing.
|
||||
#[derive(Debug)]
|
||||
|
@ -42,12 +40,11 @@ mod cache {
|
|||
use core::fmt;
|
||||
use std::sync::Mutex;
|
||||
|
||||
use crate::limited_cache;
|
||||
use crate::msgs::persist;
|
||||
use crate::NamedGroup;
|
||||
|
||||
use pki_types::ServerName;
|
||||
|
||||
use crate::msgs::persist;
|
||||
use crate::{limited_cache, NamedGroup};
|
||||
|
||||
const MAX_TLS13_TICKETS_PER_SERVER: usize = 8;
|
||||
|
||||
struct ServerData {
|
||||
|
|
|
@ -1,6 +1,21 @@
|
|||
use alloc::borrow::ToOwned;
|
||||
use alloc::boxed::Box;
|
||||
use alloc::sync::Arc;
|
||||
use alloc::vec;
|
||||
use alloc::vec::Vec;
|
||||
use core::ops::Deref;
|
||||
|
||||
use pki_types::ServerName;
|
||||
|
||||
#[cfg(feature = "tls12")]
|
||||
use super::tls12;
|
||||
use super::Tls12Resumption;
|
||||
#[cfg(feature = "logging")]
|
||||
use crate::bs_debug;
|
||||
use crate::check::inappropriate_handshake_message;
|
||||
use crate::client::client_conn::ClientConnectionData;
|
||||
use crate::client::common::ClientHelloDetails;
|
||||
use crate::client::{tls13, ClientConfig};
|
||||
use crate::common_state::{CommonState, State};
|
||||
use crate::conn::ConnectionRandoms;
|
||||
use crate::crypto::{ActiveKeyExchange, KeyExchangeAlgorithm};
|
||||
|
@ -10,35 +25,17 @@ use crate::hash_hs::HandshakeHashBuffer;
|
|||
#[cfg(feature = "logging")]
|
||||
use crate::log::{debug, trace};
|
||||
use crate::msgs::base::Payload;
|
||||
use crate::msgs::enums::{Compression, ExtensionType};
|
||||
use crate::msgs::enums::{ECPointFormat, PSKKeyExchangeMode};
|
||||
use crate::msgs::handshake::ConvertProtocolNameList;
|
||||
use crate::msgs::handshake::{CertificateStatusRequest, ClientSessionTicket};
|
||||
use crate::msgs::handshake::{ClientExtension, HasServerExtensions};
|
||||
use crate::msgs::handshake::{ClientHelloPayload, HandshakeMessagePayload, HandshakePayload};
|
||||
use crate::msgs::handshake::{HelloRetryRequest, KeyShareEntry};
|
||||
use crate::msgs::handshake::{Random, SessionId};
|
||||
use crate::msgs::enums::{Compression, ECPointFormat, ExtensionType, PSKKeyExchangeMode};
|
||||
use crate::msgs::handshake::{
|
||||
CertificateStatusRequest, ClientExtension, ClientHelloPayload, ClientSessionTicket,
|
||||
ConvertProtocolNameList, HandshakeMessagePayload, HandshakePayload, HasServerExtensions,
|
||||
HelloRetryRequest, KeyShareEntry, Random, SessionId,
|
||||
};
|
||||
use crate::msgs::message::{Message, MessagePayload};
|
||||
use crate::msgs::persist;
|
||||
use crate::tls13::key_schedule::KeyScheduleEarly;
|
||||
use crate::SupportedCipherSuite;
|
||||
|
||||
#[cfg(feature = "tls12")]
|
||||
use super::tls12;
|
||||
use super::Tls12Resumption;
|
||||
use crate::client::client_conn::ClientConnectionData;
|
||||
use crate::client::common::ClientHelloDetails;
|
||||
use crate::client::{tls13, ClientConfig};
|
||||
|
||||
use pki_types::ServerName;
|
||||
|
||||
use alloc::borrow::ToOwned;
|
||||
use alloc::boxed::Box;
|
||||
use alloc::sync::Arc;
|
||||
use alloc::vec;
|
||||
use alloc::vec::Vec;
|
||||
use core::ops::Deref;
|
||||
|
||||
pub(super) type NextState<'a> = Box<dyn State<ClientConnectionData> + 'a>;
|
||||
pub(super) type NextStateOrError<'a> = Result<NextState<'a>, Error>;
|
||||
pub(super) type ClientContext<'a> = crate::common_state::Context<'a, ClientConnectionData>;
|
||||
|
|
|
@ -1,9 +1,22 @@
|
|||
use alloc::borrow::ToOwned;
|
||||
use alloc::boxed::Box;
|
||||
use alloc::sync::Arc;
|
||||
use alloc::vec;
|
||||
use alloc::vec::Vec;
|
||||
|
||||
use pki_types::ServerName;
|
||||
pub(super) use server_hello::CompleteServerHelloHandling;
|
||||
use subtle::ConstantTimeEq;
|
||||
|
||||
use super::client_conn::ClientConnectionData;
|
||||
use super::hs::ClientContext;
|
||||
use crate::check::{inappropriate_handshake_message, inappropriate_message};
|
||||
use crate::client::common::{ClientAuthDetails, ServerCertDetails};
|
||||
use crate::client::{hs, ClientConfig};
|
||||
use crate::common_state::{CommonState, Side, State};
|
||||
use crate::conn::ConnectionRandoms;
|
||||
use crate::crypto::KeyExchangeAlgorithm;
|
||||
use crate::enums::ProtocolVersion;
|
||||
use crate::enums::{AlertDescription, ContentType, HandshakeType};
|
||||
use crate::enums::{AlertDescription, ContentType, HandshakeType, ProtocolVersion};
|
||||
use crate::error::{Error, InvalidMessage, PeerIncompatible, PeerMisbehaved};
|
||||
use crate::hash_hs::HandshakeHash;
|
||||
#[cfg(feature = "logging")]
|
||||
|
@ -22,29 +35,10 @@ use crate::suites::{PartiallyExtractedSecrets, SupportedCipherSuite};
|
|||
use crate::tls12::{self, ConnectionSecrets, Tls12CipherSuite};
|
||||
use crate::verify::{self, DigitallySignedStruct};
|
||||
|
||||
use super::client_conn::ClientConnectionData;
|
||||
use super::hs::ClientContext;
|
||||
use crate::client::common::ClientAuthDetails;
|
||||
use crate::client::common::ServerCertDetails;
|
||||
use crate::client::{hs, ClientConfig};
|
||||
|
||||
use pki_types::ServerName;
|
||||
use subtle::ConstantTimeEq;
|
||||
|
||||
use alloc::borrow::ToOwned;
|
||||
use alloc::boxed::Box;
|
||||
use alloc::sync::Arc;
|
||||
use alloc::vec;
|
||||
use alloc::vec::Vec;
|
||||
|
||||
pub(super) use server_hello::CompleteServerHelloHandling;
|
||||
|
||||
mod server_hello {
|
||||
use crate::msgs::enums::ExtensionType;
|
||||
use crate::msgs::handshake::HasServerExtensions;
|
||||
use crate::msgs::handshake::ServerHelloPayload;
|
||||
|
||||
use super::*;
|
||||
use crate::msgs::enums::ExtensionType;
|
||||
use crate::msgs::handshake::{HasServerExtensions, ServerHelloPayload};
|
||||
|
||||
pub(in crate::client) struct CompleteServerHelloHandling {
|
||||
pub(in crate::client) config: Arc<ClientConfig>,
|
||||
|
|
|
@ -1,8 +1,18 @@
|
|||
use alloc::boxed::Box;
|
||||
use alloc::sync::Arc;
|
||||
use alloc::vec;
|
||||
use alloc::vec::Vec;
|
||||
|
||||
use pki_types::ServerName;
|
||||
use subtle::ConstantTimeEq;
|
||||
|
||||
use super::client_conn::ClientConnectionData;
|
||||
use super::hs::ClientContext;
|
||||
use crate::check::inappropriate_handshake_message;
|
||||
use crate::common_state::Protocol;
|
||||
use crate::common_state::{CommonState, Side, State};
|
||||
use crate::client::common::{ClientAuthDetails, ClientHelloDetails, ServerCertDetails};
|
||||
use crate::client::{hs, ClientConfig, ClientSessionStore};
|
||||
use crate::common_state::{CommonState, Protocol, Side, State};
|
||||
use crate::conn::ConnectionRandoms;
|
||||
use crate::crypto;
|
||||
use crate::crypto::ActiveKeyExchange;
|
||||
use crate::enums::{
|
||||
AlertDescription, ContentType, HandshakeType, ProtocolVersion, SignatureScheme,
|
||||
|
@ -13,40 +23,24 @@ use crate::hash_hs::{HandshakeHash, HandshakeHashBuffer};
|
|||
use crate::log::{debug, trace, warn};
|
||||
use crate::msgs::base::{Payload, PayloadU8};
|
||||
use crate::msgs::ccs::ChangeCipherSpecPayload;
|
||||
use crate::msgs::enums::ExtensionType;
|
||||
use crate::msgs::enums::KeyUpdateRequest;
|
||||
use crate::msgs::handshake::NewSessionTicketPayloadTls13;
|
||||
use crate::msgs::handshake::{CertificateEntry, CertificatePayloadTls13};
|
||||
use crate::msgs::handshake::{ClientExtension, ServerExtension};
|
||||
use crate::msgs::handshake::{HandshakeMessagePayload, HandshakePayload};
|
||||
use crate::msgs::handshake::{HasServerExtensions, ServerHelloPayload};
|
||||
use crate::msgs::handshake::{PresharedKeyIdentity, PresharedKeyOffer};
|
||||
use crate::msgs::enums::{ExtensionType, KeyUpdateRequest};
|
||||
use crate::msgs::handshake::{
|
||||
CertificateEntry, CertificatePayloadTls13, ClientExtension, HandshakeMessagePayload,
|
||||
HandshakePayload, HasServerExtensions, NewSessionTicketPayloadTls13, PresharedKeyIdentity,
|
||||
PresharedKeyOffer, ServerExtension, ServerHelloPayload,
|
||||
};
|
||||
use crate::msgs::message::{Message, MessagePayload};
|
||||
use crate::msgs::persist;
|
||||
use crate::sign::{CertifiedKey, Signer};
|
||||
use crate::suites::PartiallyExtractedSecrets;
|
||||
use crate::tls13::construct_client_verify_message;
|
||||
use crate::tls13::construct_server_verify_message;
|
||||
use crate::tls13::key_schedule::{
|
||||
KeyScheduleEarly, KeyScheduleHandshake, KeySchedulePreHandshake, KeyScheduleTraffic,
|
||||
};
|
||||
use crate::tls13::Tls13CipherSuite;
|
||||
use crate::tls13::{
|
||||
construct_client_verify_message, construct_server_verify_message, Tls13CipherSuite,
|
||||
};
|
||||
use crate::verify::{self, DigitallySignedStruct};
|
||||
use crate::KeyLog;
|
||||
|
||||
use super::client_conn::ClientConnectionData;
|
||||
use super::hs::ClientContext;
|
||||
use crate::client::common::ServerCertDetails;
|
||||
use crate::client::common::{ClientAuthDetails, ClientHelloDetails};
|
||||
use crate::client::{hs, ClientConfig, ClientSessionStore};
|
||||
|
||||
use pki_types::ServerName;
|
||||
use subtle::ConstantTimeEq;
|
||||
|
||||
use alloc::boxed::Box;
|
||||
use alloc::sync::Arc;
|
||||
use alloc::vec;
|
||||
use alloc::vec::Vec;
|
||||
use crate::{crypto, KeyLog};
|
||||
|
||||
// Extensions we expect in plaintext in the ServerHello.
|
||||
static ALLOWED_PLAINTEXT_EXTS: &[ExtensionType] = &[
|
||||
|
|
|
@ -1,3 +1,8 @@
|
|||
use alloc::boxed::Box;
|
||||
use alloc::vec::Vec;
|
||||
|
||||
use pki_types::CertificateDer;
|
||||
|
||||
use crate::enums::{AlertDescription, ContentType, HandshakeType, ProtocolVersion};
|
||||
use crate::error::{Error, InvalidMessage, PeerMisbehaved};
|
||||
#[cfg(feature = "logging")]
|
||||
|
@ -11,19 +16,12 @@ use crate::msgs::message::{
|
|||
Message, MessagePayload, OutboundChunks, OutboundOpaqueMessage, OutboundPlainMessage,
|
||||
PlainMessage,
|
||||
};
|
||||
use crate::quic;
|
||||
use crate::record_layer;
|
||||
use crate::suites::PartiallyExtractedSecrets;
|
||||
use crate::suites::SupportedCipherSuite;
|
||||
use crate::suites::{PartiallyExtractedSecrets, SupportedCipherSuite};
|
||||
#[cfg(feature = "tls12")]
|
||||
use crate::tls12::ConnectionSecrets;
|
||||
use crate::unbuffered::{EncryptError, InsufficientSizeError};
|
||||
use crate::vecbuf::ChunkVecBuffer;
|
||||
|
||||
use alloc::boxed::Box;
|
||||
use alloc::vec::Vec;
|
||||
|
||||
use pki_types::CertificateDer;
|
||||
use crate::{quic, record_layer};
|
||||
|
||||
/// Connection state common to both client and server connections.
|
||||
pub struct CommonState {
|
||||
|
|
|
@ -1,3 +1,10 @@
|
|||
use alloc::boxed::Box;
|
||||
use core::fmt::Debug;
|
||||
use core::mem;
|
||||
use core::ops::{Deref, DerefMut};
|
||||
#[cfg(feature = "std")]
|
||||
use std::io;
|
||||
|
||||
use crate::common_state::{CommonState, Context, IoState, State, DEFAULT_BUFFER_LIMIT};
|
||||
use crate::enums::{AlertDescription, ContentType};
|
||||
use crate::error::{Error, PeerMisbehaved};
|
||||
|
@ -9,17 +16,15 @@ use crate::msgs::message::{InboundPlainMessage, Message, MessagePayload};
|
|||
use crate::suites::{ExtractedSecrets, PartiallyExtractedSecrets};
|
||||
use crate::vecbuf::ChunkVecBuffer;
|
||||
|
||||
use alloc::boxed::Box;
|
||||
use core::fmt::Debug;
|
||||
use core::mem;
|
||||
use core::ops::{Deref, DerefMut};
|
||||
#[cfg(feature = "std")]
|
||||
use std::io;
|
||||
|
||||
pub(crate) mod unbuffered;
|
||||
|
||||
#[cfg(feature = "std")]
|
||||
mod connection {
|
||||
use alloc::vec::Vec;
|
||||
use core::fmt::Debug;
|
||||
use core::ops::{Deref, DerefMut};
|
||||
use std::io;
|
||||
|
||||
use crate::common_state::{CommonState, IoState};
|
||||
use crate::error::Error;
|
||||
use crate::msgs::message::OutboundChunks;
|
||||
|
@ -27,11 +32,6 @@ mod connection {
|
|||
use crate::vecbuf::ChunkVecBuffer;
|
||||
use crate::ConnectionCommon;
|
||||
|
||||
use alloc::vec::Vec;
|
||||
use core::fmt::Debug;
|
||||
use core::ops::{Deref, DerefMut};
|
||||
use std::io;
|
||||
|
||||
/// A client or server connection.
|
||||
#[derive(Debug)]
|
||||
pub enum Connection {
|
||||
|
|
|
@ -1,14 +1,3 @@
|
|||
use crate::crypto::{CryptoProvider, KeyProvider, SecureRandom};
|
||||
use crate::enums::SignatureScheme;
|
||||
use crate::rand::GetRandomFailed;
|
||||
use crate::sign::SigningKey;
|
||||
use crate::suites::SupportedCipherSuite;
|
||||
use crate::webpki::WebPkiSupportedAlgorithms;
|
||||
use crate::Error;
|
||||
|
||||
use pki_types::PrivateKeyDer;
|
||||
use webpki::aws_lc_rs as webpki_algs;
|
||||
|
||||
use alloc::sync::Arc;
|
||||
use alloc::vec::Vec;
|
||||
|
||||
|
@ -17,6 +6,16 @@ use alloc::vec::Vec;
|
|||
// ring-compatible crate, and `super::ring_shim` to bridge the gaps where they are
|
||||
// small.
|
||||
pub(crate) use aws_lc_rs as ring_like;
|
||||
use pki_types::PrivateKeyDer;
|
||||
use webpki::aws_lc_rs as webpki_algs;
|
||||
|
||||
use crate::crypto::{CryptoProvider, KeyProvider, SecureRandom};
|
||||
use crate::enums::SignatureScheme;
|
||||
use crate::rand::GetRandomFailed;
|
||||
use crate::sign::SigningKey;
|
||||
use crate::suites::SupportedCipherSuite;
|
||||
use crate::webpki::WebPkiSupportedAlgorithms;
|
||||
use crate::Error;
|
||||
|
||||
/// Using software keys for authentication.
|
||||
pub mod sign;
|
||||
|
@ -219,9 +218,7 @@ static SUPPORTED_SIG_ALGS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms
|
|||
///
|
||||
/// [`ALL_KX_GROUPS`] is provided as an array of all of these values.
|
||||
pub mod kx_group {
|
||||
pub use super::kx::SECP256R1;
|
||||
pub use super::kx::SECP384R1;
|
||||
pub use super::kx::X25519;
|
||||
pub use super::kx::{SECP256R1, SECP384R1, X25519};
|
||||
}
|
||||
|
||||
pub use kx::ALL_KX_GROUPS;
|
||||
|
|
|
@ -1,20 +1,19 @@
|
|||
#![allow(clippy::duplicate_mod)]
|
||||
|
||||
use crate::enums::{SignatureAlgorithm, SignatureScheme};
|
||||
use crate::error::Error;
|
||||
use crate::sign::{Signer, SigningKey};
|
||||
use alloc::boxed::Box;
|
||||
use alloc::string::ToString;
|
||||
use alloc::sync::Arc;
|
||||
use alloc::vec::Vec;
|
||||
use alloc::{format, vec};
|
||||
use core::fmt::{self, Debug, Formatter};
|
||||
|
||||
use pki_types::{PrivateKeyDer, PrivatePkcs8KeyDer};
|
||||
|
||||
use super::ring_like::rand::SystemRandom;
|
||||
use super::ring_like::signature::{self, EcdsaKeyPair, Ed25519KeyPair, RsaKeyPair};
|
||||
use pki_types::{PrivateKeyDer, PrivatePkcs8KeyDer};
|
||||
|
||||
use alloc::boxed::Box;
|
||||
use alloc::format;
|
||||
use alloc::string::ToString;
|
||||
use alloc::sync::Arc;
|
||||
use alloc::vec;
|
||||
use alloc::vec::Vec;
|
||||
use core::fmt::{self, Debug, Formatter};
|
||||
use crate::enums::{SignatureAlgorithm, SignatureScheme};
|
||||
use crate::error::Error;
|
||||
use crate::sign::{Signer, SigningKey};
|
||||
|
||||
/// Parse `der` as any supported key encoding/type, returning
|
||||
/// the first which works.
|
||||
|
@ -370,10 +369,12 @@ impl Debug for Ed25519Signer {
|
|||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use super::*;
|
||||
use alloc::format;
|
||||
|
||||
use pki_types::{PrivatePkcs1KeyDer, PrivateSec1KeyDer};
|
||||
|
||||
use super::*;
|
||||
|
||||
#[test]
|
||||
fn can_load_ecdsa_nistp256_pkcs8() {
|
||||
let key =
|
||||
|
|
|
@ -1,3 +1,7 @@
|
|||
use alloc::boxed::Box;
|
||||
|
||||
use aws_lc_rs::{aead, tls_prf};
|
||||
|
||||
use crate::crypto::cipher::{
|
||||
make_tls12_aad, AeadKey, InboundOpaqueMessage, Iv, KeyBlockShape, MessageDecrypter,
|
||||
MessageEncrypter, Nonce, Tls12AeadAlgorithm, UnsupportedOperationError, NONCE_LEN,
|
||||
|
@ -14,10 +18,6 @@ use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipher
|
|||
use crate::tls12::Tls12CipherSuite;
|
||||
use crate::version::TLS12;
|
||||
|
||||
use alloc::boxed::Box;
|
||||
|
||||
use aws_lc_rs::{aead, tls_prf};
|
||||
|
||||
/// The TLS1.2 ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256.
|
||||
pub static TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite =
|
||||
SupportedCipherSuite::Tls12(&Tls12CipherSuite {
|
||||
|
|
|
@ -1,5 +1,8 @@
|
|||
use alloc::boxed::Box;
|
||||
|
||||
use aws_lc_rs::hkdf::KeyType;
|
||||
use aws_lc_rs::{aead, hkdf, hmac};
|
||||
|
||||
use crate::crypto;
|
||||
use crate::crypto::cipher::{
|
||||
make_tls13_aad, AeadKey, InboundOpaqueMessage, Iv, MessageDecrypter, MessageEncrypter, Nonce,
|
||||
|
@ -14,9 +17,6 @@ use crate::msgs::message::{
|
|||
use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite};
|
||||
use crate::tls13::Tls13CipherSuite;
|
||||
|
||||
use aws_lc_rs::hkdf::KeyType;
|
||||
use aws_lc_rs::{aead, hkdf, hmac};
|
||||
|
||||
/// The TLS1.3 ciphersuite TLS_CHACHA20_POLY1305_SHA256
|
||||
pub static TLS13_CHACHA20_POLY1305_SHA256: SupportedCipherSuite =
|
||||
SupportedCipherSuite::Tls13(TLS13_CHACHA20_POLY1305_SHA256_INTERNAL);
|
||||
|
|
|
@ -2,6 +2,8 @@ use alloc::boxed::Box;
|
|||
use alloc::string::ToString;
|
||||
use core::fmt;
|
||||
|
||||
use zeroize::Zeroize;
|
||||
|
||||
use crate::enums::{ContentType, ProtocolVersion};
|
||||
use crate::error::Error;
|
||||
use crate::msgs::codec;
|
||||
|
@ -11,8 +13,6 @@ pub use crate::msgs::message::{
|
|||
};
|
||||
use crate::suites::ConnectionTrafficSecrets;
|
||||
|
||||
use zeroize::Zeroize;
|
||||
|
||||
/// Factory trait for building `MessageEncrypter` and `MessageDecrypter` for a TLS1.3 cipher suite.
|
||||
pub trait Tls13AeadAlgorithm: Send + Sync {
|
||||
/// Build a `MessageEncrypter` for the given key/iv.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
pub use crate::msgs::enums::HashAlgorithm;
|
||||
|
||||
use alloc::boxed::Box;
|
||||
|
||||
pub use crate::msgs::enums::HashAlgorithm;
|
||||
|
||||
/// Describes a single cryptographic hash function.
|
||||
///
|
||||
/// This interface can do both one-shot and incremental hashing, using
|
||||
|
|
|
@ -1,7 +1,3 @@
|
|||
use crate::sign::SigningKey;
|
||||
use crate::{suites, ProtocolVersion, SupportedProtocolVersion};
|
||||
use crate::{Error, NamedGroup};
|
||||
|
||||
use alloc::boxed::Box;
|
||||
use alloc::sync::Arc;
|
||||
use alloc::vec::Vec;
|
||||
|
@ -11,10 +7,13 @@ use core::fmt::Debug;
|
|||
use once_cell::race::OnceBox;
|
||||
#[cfg(feature = "std")]
|
||||
use once_cell::sync::OnceCell;
|
||||
|
||||
use pki_types::PrivateKeyDer;
|
||||
use zeroize::Zeroize;
|
||||
|
||||
use crate::sign::SigningKey;
|
||||
pub use crate::webpki::{
|
||||
verify_tls12_signature, verify_tls13_signature, WebPkiSupportedAlgorithms,
|
||||
};
|
||||
#[cfg(all(doc, feature = "tls12"))]
|
||||
use crate::Tls12CipherSuite;
|
||||
#[cfg(doc)]
|
||||
|
@ -22,10 +21,7 @@ use crate::{
|
|||
client, crypto, server, sign, ClientConfig, ConfigBuilder, ServerConfig, SupportedCipherSuite,
|
||||
Tls13CipherSuite,
|
||||
};
|
||||
|
||||
pub use crate::webpki::{
|
||||
verify_tls12_signature, verify_tls13_signature, WebPkiSupportedAlgorithms,
|
||||
};
|
||||
use crate::{suites, Error, NamedGroup, ProtocolVersion, SupportedProtocolVersion};
|
||||
|
||||
/// *ring* based CryptoProvider.
|
||||
#[cfg(feature = "ring")]
|
||||
|
@ -59,11 +55,9 @@ pub mod hpke;
|
|||
// avoid having two import paths to the same types.
|
||||
pub(crate) mod signer;
|
||||
|
||||
pub use crate::rand::GetRandomFailed;
|
||||
|
||||
pub use crate::suites::CipherSuiteCommon;
|
||||
|
||||
pub use crate::msgs::handshake::KeyExchangeAlgorithm;
|
||||
pub use crate::rand::GetRandomFailed;
|
||||
pub use crate::suites::CipherSuiteCommon;
|
||||
|
||||
/// Controls core cryptography used by rustls.
|
||||
///
|
||||
|
@ -552,9 +546,10 @@ pub fn default_fips_provider() -> CryptoProvider {
|
|||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use super::SharedSecret;
|
||||
use std::vec;
|
||||
|
||||
use super::SharedSecret;
|
||||
|
||||
#[test]
|
||||
fn test_shared_secret_strip_leading_zeros() {
|
||||
let test_cases = [
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
#![allow(clippy::duplicate_mod)]
|
||||
|
||||
use alloc::boxed::Box;
|
||||
|
||||
use super::ring_like::digest;
|
||||
use crate::crypto;
|
||||
use crate::msgs::enums::HashAlgorithm;
|
||||
|
||||
use alloc::boxed::Box;
|
||||
|
||||
pub(crate) static SHA256: Hash = Hash(&digest::SHA256, HashAlgorithm::SHA256);
|
||||
pub(crate) static SHA384: Hash = Hash(&digest::SHA384, HashAlgorithm::SHA384);
|
||||
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
#![allow(clippy::duplicate_mod)]
|
||||
|
||||
use alloc::boxed::Box;
|
||||
|
||||
use super::ring_like;
|
||||
use crate::crypto;
|
||||
|
||||
use alloc::boxed::Box;
|
||||
|
||||
#[cfg(feature = "tls12")]
|
||||
pub(crate) static HMAC_SHA256: Hmac = Hmac(&ring_like::hmac::HMAC_SHA256);
|
||||
#[cfg(feature = "tls12")]
|
||||
|
|
|
@ -1,16 +1,15 @@
|
|||
#![allow(clippy::duplicate_mod)]
|
||||
|
||||
use alloc::boxed::Box;
|
||||
use core::fmt;
|
||||
|
||||
use super::ring_like::agreement;
|
||||
use super::ring_like::rand::SystemRandom;
|
||||
use crate::crypto::{ActiveKeyExchange, SharedSecret, SupportedKxGroup};
|
||||
use crate::error::{Error, PeerMisbehaved};
|
||||
use crate::msgs::enums::NamedGroup;
|
||||
use crate::rand::GetRandomFailed;
|
||||
|
||||
use super::ring_like::agreement;
|
||||
use super::ring_like::rand::SystemRandom;
|
||||
|
||||
use alloc::boxed::Box;
|
||||
use core::fmt;
|
||||
|
||||
/// A key-exchange group supported by *ring*.
|
||||
///
|
||||
/// All possible instances of this class are provided by the library in
|
||||
|
|
|
@ -1,3 +1,9 @@
|
|||
use alloc::sync::Arc;
|
||||
|
||||
use pki_types::PrivateKeyDer;
|
||||
pub(crate) use ring as ring_like;
|
||||
use webpki::ring as webpki_algs;
|
||||
|
||||
use crate::crypto::{CryptoProvider, KeyProvider, SecureRandom};
|
||||
use crate::enums::SignatureScheme;
|
||||
use crate::rand::GetRandomFailed;
|
||||
|
@ -6,13 +12,6 @@ use crate::suites::SupportedCipherSuite;
|
|||
use crate::webpki::WebPkiSupportedAlgorithms;
|
||||
use crate::Error;
|
||||
|
||||
use pki_types::PrivateKeyDer;
|
||||
use webpki::ring as webpki_algs;
|
||||
|
||||
use alloc::sync::Arc;
|
||||
|
||||
pub(crate) use ring as ring_like;
|
||||
|
||||
/// Using software keys for authentication.
|
||||
pub mod sign;
|
||||
|
||||
|
@ -167,9 +166,7 @@ static SUPPORTED_SIG_ALGS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms
|
|||
///
|
||||
/// [`ALL_KX_GROUPS`] is provided as an array of all of these values.
|
||||
pub mod kx_group {
|
||||
pub use super::kx::SECP256R1;
|
||||
pub use super::kx::SECP384R1;
|
||||
pub use super::kx::X25519;
|
||||
pub use super::kx::{SECP256R1, SECP384R1, X25519};
|
||||
}
|
||||
|
||||
pub use kx::ALL_KX_GROUPS;
|
||||
|
|
|
@ -1,12 +1,11 @@
|
|||
#![allow(clippy::duplicate_mod)]
|
||||
|
||||
use crate::crypto::cipher::{AeadKey, Iv, Nonce};
|
||||
use crate::error::Error;
|
||||
use crate::quic;
|
||||
|
||||
use alloc::boxed::Box;
|
||||
|
||||
use super::ring_like::aead;
|
||||
use crate::crypto::cipher::{AeadKey, Iv, Nonce};
|
||||
use crate::error::Error;
|
||||
use crate::quic;
|
||||
|
||||
pub(crate) struct HeaderProtectionKey(aead::quic::HeaderProtectionKey);
|
||||
|
||||
|
|
|
@ -1,22 +1,21 @@
|
|||
#![allow(clippy::duplicate_mod)]
|
||||
|
||||
use crate::enums::{SignatureAlgorithm, SignatureScheme};
|
||||
use crate::error::Error;
|
||||
use crate::sign::{Signer, SigningKey};
|
||||
use crate::x509::{asn1_wrap, wrap_in_sequence};
|
||||
use alloc::boxed::Box;
|
||||
use alloc::string::ToString;
|
||||
use alloc::sync::Arc;
|
||||
use alloc::vec::Vec;
|
||||
use alloc::{format, vec};
|
||||
use core::fmt::{self, Debug, Formatter};
|
||||
|
||||
use pki_types::{PrivateKeyDer, PrivatePkcs8KeyDer};
|
||||
|
||||
use super::ring_like::io::der;
|
||||
use super::ring_like::rand::{SecureRandom, SystemRandom};
|
||||
use super::ring_like::signature::{self, EcdsaKeyPair, Ed25519KeyPair, RsaKeyPair};
|
||||
use pki_types::{PrivateKeyDer, PrivatePkcs8KeyDer};
|
||||
|
||||
use alloc::boxed::Box;
|
||||
use alloc::format;
|
||||
use alloc::string::ToString;
|
||||
use alloc::sync::Arc;
|
||||
use alloc::vec;
|
||||
use alloc::vec::Vec;
|
||||
use core::fmt::{self, Debug, Formatter};
|
||||
use crate::enums::{SignatureAlgorithm, SignatureScheme};
|
||||
use crate::error::Error;
|
||||
use crate::sign::{Signer, SigningKey};
|
||||
use crate::x509::{asn1_wrap, wrap_in_sequence};
|
||||
|
||||
/// Parse `der` as any supported key encoding/type, returning
|
||||
/// the first which works.
|
||||
|
@ -408,10 +407,12 @@ impl Debug for Ed25519Signer {
|
|||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use super::*;
|
||||
use alloc::format;
|
||||
|
||||
use pki_types::{PrivatePkcs1KeyDer, PrivateSec1KeyDer};
|
||||
|
||||
use super::*;
|
||||
|
||||
#[test]
|
||||
fn can_load_ecdsa_nistp256_pkcs8() {
|
||||
let key =
|
||||
|
|
|
@ -1,19 +1,18 @@
|
|||
#![allow(clippy::duplicate_mod)]
|
||||
|
||||
use crate::error::Error;
|
||||
use crate::rand::GetRandomFailed;
|
||||
use crate::server::ProducesTickets;
|
||||
|
||||
use super::ring_like::aead;
|
||||
use super::ring_like::rand::{SecureRandom, SystemRandom};
|
||||
use super::TICKETER_AEAD;
|
||||
|
||||
use alloc::boxed::Box;
|
||||
use alloc::sync::Arc;
|
||||
use alloc::vec::Vec;
|
||||
use core::fmt;
|
||||
use core::fmt::{Debug, Formatter};
|
||||
|
||||
use super::ring_like::aead;
|
||||
use super::ring_like::rand::{SecureRandom, SystemRandom};
|
||||
use super::TICKETER_AEAD;
|
||||
use crate::error::Error;
|
||||
use crate::rand::GetRandomFailed;
|
||||
use crate::server::ProducesTickets;
|
||||
|
||||
/// A concrete, safe ticket creation mechanism.
|
||||
pub struct Ticketer {}
|
||||
|
||||
|
@ -121,11 +120,12 @@ impl Debug for AeadTicketer {
|
|||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use super::*;
|
||||
|
||||
use core::time::Duration;
|
||||
|
||||
use pki_types::UnixTime;
|
||||
|
||||
use super::*;
|
||||
|
||||
#[test]
|
||||
fn basic_pairwise_test() {
|
||||
let t = Ticketer::new().unwrap();
|
||||
|
@ -198,9 +198,10 @@ mod tests {
|
|||
|
||||
#[test]
|
||||
fn aeadticketer_is_debug_and_producestickets() {
|
||||
use super::*;
|
||||
use alloc::format;
|
||||
|
||||
use super::*;
|
||||
|
||||
let t = make_ticket_generator().unwrap();
|
||||
|
||||
let expect = format!("AeadTicketer {{ alg: {TICKETER_AEAD:?}, lifetime: 43200 }}");
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
use alloc::boxed::Box;
|
||||
|
||||
use super::ring_like::aead;
|
||||
use crate::crypto::cipher::{
|
||||
make_tls12_aad, AeadKey, InboundOpaqueMessage, Iv, KeyBlockShape, MessageDecrypter,
|
||||
MessageEncrypter, Nonce, Tls12AeadAlgorithm, UnsupportedOperationError, NONCE_LEN,
|
||||
|
@ -13,10 +16,6 @@ use crate::msgs::message::{
|
|||
use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite};
|
||||
use crate::tls12::Tls12CipherSuite;
|
||||
|
||||
use alloc::boxed::Box;
|
||||
|
||||
use super::ring_like::aead;
|
||||
|
||||
/// The TLS1.2 ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256.
|
||||
pub static TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite =
|
||||
SupportedCipherSuite::Tls12(&Tls12CipherSuite {
|
||||
|
|
|
@ -1,5 +1,7 @@
|
|||
use alloc::boxed::Box;
|
||||
|
||||
use super::ring_like::hkdf::KeyType;
|
||||
use super::ring_like::{aead, hkdf, hmac};
|
||||
use crate::crypto;
|
||||
use crate::crypto::cipher::{
|
||||
make_tls13_aad, AeadKey, InboundOpaqueMessage, Iv, MessageDecrypter, MessageEncrypter, Nonce,
|
||||
|
@ -14,9 +16,6 @@ use crate::msgs::message::{
|
|||
use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite};
|
||||
use crate::tls13::Tls13CipherSuite;
|
||||
|
||||
use super::ring_like::hkdf::KeyType;
|
||||
use super::ring_like::{aead, hkdf, hmac};
|
||||
|
||||
/// The TLS1.3 ciphersuite TLS_CHACHA20_POLY1305_SHA256
|
||||
pub static TLS13_CHACHA20_POLY1305_SHA256: SupportedCipherSuite =
|
||||
SupportedCipherSuite::Tls13(TLS13_CHACHA20_POLY1305_SHA256_INTERNAL);
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
use crate::enums::{SignatureAlgorithm, SignatureScheme};
|
||||
use crate::error::Error;
|
||||
|
||||
use pki_types::CertificateDer;
|
||||
|
||||
use alloc::boxed::Box;
|
||||
use alloc::sync::Arc;
|
||||
use alloc::vec::Vec;
|
||||
use core::fmt::Debug;
|
||||
|
||||
use pki_types::CertificateDer;
|
||||
|
||||
use crate::enums::{SignatureAlgorithm, SignatureScheme};
|
||||
use crate::error::Error;
|
||||
|
||||
/// An abstract signing key.
|
||||
///
|
||||
/// This interface is used by rustls to use a private signing key
|
||||
|
|
|
@ -1,10 +1,9 @@
|
|||
use super::hmac;
|
||||
use super::ActiveKeyExchange;
|
||||
use alloc::boxed::Box;
|
||||
|
||||
use super::{hmac, ActiveKeyExchange};
|
||||
use crate::error::Error;
|
||||
use crate::version::TLS12;
|
||||
|
||||
use alloc::boxed::Box;
|
||||
|
||||
/// Implements [`Prf`] using a [`hmac::Hmac`].
|
||||
pub struct PrfUsingHmac<'a>(pub &'a dyn hmac::Hmac);
|
||||
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
use super::hmac;
|
||||
use super::ActiveKeyExchange;
|
||||
use alloc::boxed::Box;
|
||||
|
||||
use zeroize::Zeroize;
|
||||
|
||||
use super::{hmac, ActiveKeyExchange};
|
||||
use crate::error::Error;
|
||||
use crate::version::TLS13;
|
||||
|
||||
use alloc::boxed::Box;
|
||||
use zeroize::Zeroize;
|
||||
|
||||
/// Implementation of `HkdfExpander` via `hmac::Key`.
|
||||
pub struct HkdfExpanderUsingHmac(Box<dyn hmac::Key>);
|
||||
|
||||
|
@ -247,11 +247,12 @@ pub struct OutputLengthError;
|
|||
|
||||
#[cfg(all(test, feature = "ring"))]
|
||||
mod tests {
|
||||
use std::prelude::v1::*;
|
||||
|
||||
use super::{expand, Hkdf, HkdfUsingHmac};
|
||||
// nb: crypto::aws_lc_rs provider doesn't provide (or need) hmac,
|
||||
// so cannot be used for this test.
|
||||
use crate::crypto::ring::hmac;
|
||||
use std::prelude::v1::*;
|
||||
|
||||
struct ByteArray<const N: usize>([u8; N]);
|
||||
|
||||
|
|
|
@ -1,7 +1,3 @@
|
|||
use crate::enums::{AlertDescription, ContentType, HandshakeType};
|
||||
use crate::msgs::handshake::KeyExchangeAlgorithm;
|
||||
use crate::rand;
|
||||
|
||||
use alloc::format;
|
||||
use alloc::string::String;
|
||||
use alloc::vec::Vec;
|
||||
|
@ -9,6 +5,10 @@ use core::fmt;
|
|||
#[cfg(feature = "std")]
|
||||
use std::time::SystemTimeError;
|
||||
|
||||
use crate::enums::{AlertDescription, ContentType, HandshakeType};
|
||||
use crate::msgs::handshake::KeyExchangeAlgorithm;
|
||||
use crate::rand;
|
||||
|
||||
/// rustls reports protocol errors using this type.
|
||||
#[non_exhaustive]
|
||||
#[derive(Debug, PartialEq, Clone)]
|
||||
|
@ -600,12 +600,12 @@ pub use other_error::OtherError;
|
|||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use super::{Error, InvalidMessage};
|
||||
use crate::error::CertRevocationListError;
|
||||
use crate::error::OtherError;
|
||||
use std::prelude::v1::*;
|
||||
use std::{println, vec};
|
||||
|
||||
use super::{Error, InvalidMessage};
|
||||
use crate::error::{CertRevocationListError, OtherError};
|
||||
|
||||
#[test]
|
||||
fn certificate_error_equality() {
|
||||
use super::CertificateError::*;
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
use alloc::boxed::Box;
|
||||
use alloc::vec::Vec;
|
||||
use core::mem;
|
||||
|
||||
use crate::crypto::hash;
|
||||
use crate::msgs::codec::Codec;
|
||||
use crate::msgs::enums::HashAlgorithm;
|
||||
use crate::msgs::handshake::HandshakeMessagePayload;
|
||||
use crate::msgs::message::{Message, MessagePayload};
|
||||
|
||||
use alloc::boxed::Box;
|
||||
use alloc::vec::Vec;
|
||||
use core::mem;
|
||||
|
||||
/// Early stage buffering of handshake payloads.
|
||||
///
|
||||
/// Before we know the hash algorithm to use to verify the handshake, we just buffer the messages.
|
||||
|
|
|
@ -1,16 +1,15 @@
|
|||
use alloc::vec::Vec;
|
||||
use core::fmt::{Debug, Formatter};
|
||||
use std::ffi::OsString;
|
||||
use std::fs::{File, OpenOptions};
|
||||
use std::io::Write;
|
||||
use std::sync::Mutex;
|
||||
use std::{env, io};
|
||||
|
||||
#[cfg(feature = "logging")]
|
||||
use crate::log::warn;
|
||||
use crate::KeyLog;
|
||||
|
||||
use alloc::vec::Vec;
|
||||
use core::fmt::{Debug, Formatter};
|
||||
use std::env;
|
||||
use std::ffi::OsString;
|
||||
use std::fs::{File, OpenOptions};
|
||||
use std::io;
|
||||
use std::io::Write;
|
||||
use std::sync::Mutex;
|
||||
|
||||
// Internal mutable state for KeyLogFile
|
||||
struct KeyLogFileInner {
|
||||
file: Option<File>,
|
||||
|
|
|
@ -360,13 +360,13 @@ extern crate std;
|
|||
#[allow(unused_extern_crates)]
|
||||
extern crate test;
|
||||
|
||||
#[cfg(doc)]
|
||||
use crate::crypto::CryptoProvider;
|
||||
|
||||
// log for logging (optional).
|
||||
#[cfg(feature = "logging")]
|
||||
use log;
|
||||
|
||||
#[cfg(doc)]
|
||||
use crate::crypto::CryptoProvider;
|
||||
|
||||
#[cfg(not(feature = "logging"))]
|
||||
#[macro_use]
|
||||
mod log {
|
||||
|
@ -554,13 +554,11 @@ pub mod client {
|
|||
pub use crate::verify::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier};
|
||||
}
|
||||
|
||||
pub use crate::msgs::persist::{Tls12ClientSessionValue, Tls13ClientSessionValue};
|
||||
pub use crate::webpki::{
|
||||
verify_server_cert_signed_by_trust_anchor, verify_server_name, ServerCertVerifierBuilder,
|
||||
VerifierBuilderError, WebPkiServerVerifier,
|
||||
};
|
||||
|
||||
pub use crate::msgs::persist::Tls12ClientSessionValue;
|
||||
pub use crate::msgs::persist::Tls13ClientSessionValue;
|
||||
}
|
||||
|
||||
pub use client::ClientConfig;
|
||||
|
@ -578,23 +576,23 @@ pub mod server {
|
|||
mod tls12;
|
||||
mod tls13;
|
||||
|
||||
pub use crate::verify::NoClientAuth;
|
||||
pub use crate::webpki::{
|
||||
ClientCertVerifierBuilder, ParsedCertificate, VerifierBuilderError, WebPkiClientVerifier,
|
||||
};
|
||||
pub use builder::WantsServerCert;
|
||||
pub use handy::NoServerSessionStorage;
|
||||
#[cfg(feature = "std")]
|
||||
pub use handy::ResolvesServerCertUsingSni;
|
||||
#[cfg(feature = "std")]
|
||||
pub use handy::ServerSessionMemoryCache;
|
||||
pub use server_conn::StoresServerSessions;
|
||||
pub use server_conn::{
|
||||
Accepted, ServerConfig, ServerConnectionData, UnbufferedServerConnection,
|
||||
Accepted, ClientHello, ProducesTickets, ResolvesServerCert, ServerConfig,
|
||||
ServerConnectionData, StoresServerSessions, UnbufferedServerConnection,
|
||||
};
|
||||
#[cfg(feature = "std")]
|
||||
pub use server_conn::{AcceptedAlert, Acceptor, ReadEarlyData, ServerConnection};
|
||||
pub use server_conn::{ClientHello, ProducesTickets, ResolvesServerCert};
|
||||
|
||||
pub use crate::verify::NoClientAuth;
|
||||
pub use crate::webpki::{
|
||||
ClientCertVerifierBuilder, ParsedCertificate, VerifierBuilderError, WebPkiClientVerifier,
|
||||
};
|
||||
|
||||
/// Dangerous configuration that should be audited and used with extreme care.
|
||||
pub mod danger {
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
use alloc::vec::Vec;
|
||||
|
||||
use crate::enums::AlertDescription;
|
||||
use crate::error::InvalidMessage;
|
||||
use crate::msgs::codec::{Codec, Reader};
|
||||
use crate::msgs::enums::AlertLevel;
|
||||
|
||||
use alloc::vec::Vec;
|
||||
|
||||
#[derive(Debug)]
|
||||
pub struct AlertMessagePayload {
|
||||
pub level: AlertLevel,
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
use crate::error::InvalidMessage;
|
||||
use crate::msgs::codec;
|
||||
use crate::msgs::codec::{Codec, Reader};
|
||||
|
||||
use alloc::vec::Vec;
|
||||
use core::fmt;
|
||||
|
||||
use pki_types::CertificateDer;
|
||||
use zeroize::Zeroize;
|
||||
|
||||
use crate::error::InvalidMessage;
|
||||
use crate::msgs::codec;
|
||||
use crate::msgs::codec::{Codec, Reader};
|
||||
|
||||
/// An externally length'd payload
|
||||
#[derive(Clone, Eq, PartialEq)]
|
||||
pub enum Payload<'a> {
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
use crate::error::InvalidMessage;
|
||||
|
||||
use alloc::vec::Vec;
|
||||
use core::{fmt::Debug, mem};
|
||||
use core::fmt::Debug;
|
||||
use core::mem;
|
||||
|
||||
use crate::error::InvalidMessage;
|
||||
|
||||
/// Wrapper over a slice of bytes that allows reading chunks from
|
||||
/// with the current position state held using a cursor.
|
||||
|
@ -377,10 +378,11 @@ impl<'a> Drop for LengthPrefixedBuffer<'a> {
|
|||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use super::*;
|
||||
use std::prelude::v1::*;
|
||||
use std::vec;
|
||||
|
||||
use super::*;
|
||||
|
||||
#[test]
|
||||
fn interrupted_length_prefixed_buffer_leaves_maximum_length() {
|
||||
let mut buf = Vec::new();
|
||||
|
|
|
@ -712,11 +712,10 @@ mod tests {
|
|||
use std::prelude::v1::*;
|
||||
use std::vec;
|
||||
|
||||
use super::*;
|
||||
use crate::crypto::cipher::PlainMessage;
|
||||
use crate::msgs::message::Message;
|
||||
|
||||
use super::*;
|
||||
|
||||
#[test]
|
||||
fn check_incremental() {
|
||||
let mut d = BufferedDeframer::default();
|
||||
|
|
|
@ -349,9 +349,10 @@ pub(crate) mod tests {
|
|||
//! These tests are intended to provide coverage and
|
||||
//! check panic-safety of relatively unused values.
|
||||
|
||||
use super::*;
|
||||
use std::prelude::v1::*;
|
||||
|
||||
use super::*;
|
||||
|
||||
#[test]
|
||||
fn test_enums() {
|
||||
test_enum8::<HashAlgorithm>(HashAlgorithm::NONE, HashAlgorithm::SHA512);
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
use crate::enums::ContentType;
|
||||
use crate::enums::ProtocolVersion;
|
||||
use crate::enums::{ContentType, ProtocolVersion};
|
||||
use crate::msgs::message::{OutboundChunks, OutboundPlainMessage, PlainMessage};
|
||||
use crate::Error;
|
||||
pub(crate) const MAX_FRAGMENT_LEN: usize = 16384;
|
||||
|
@ -105,14 +104,14 @@ impl<'a> ExactSizeIterator for Chunker<'a> {
|
|||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use super::{MessageFragmenter, PACKET_OVERHEAD};
|
||||
use crate::enums::ContentType;
|
||||
use crate::enums::ProtocolVersion;
|
||||
use crate::msgs::base::Payload;
|
||||
use crate::msgs::message::{OutboundChunks, OutboundPlainMessage, PlainMessage};
|
||||
use std::prelude::v1::*;
|
||||
use std::vec;
|
||||
|
||||
use super::{MessageFragmenter, PACKET_OVERHEAD};
|
||||
use crate::enums::{ContentType, ProtocolVersion};
|
||||
use crate::msgs::base::Payload;
|
||||
use crate::msgs::message::{OutboundChunks, OutboundPlainMessage, PlainMessage};
|
||||
|
||||
fn msg_eq(
|
||||
m: &OutboundPlainMessage,
|
||||
total_len: usize,
|
||||
|
|
|
@ -1,5 +1,15 @@
|
|||
#![allow(non_camel_case_types)]
|
||||
|
||||
use alloc::collections::BTreeSet;
|
||||
#[cfg(feature = "logging")]
|
||||
use alloc::string::String;
|
||||
use alloc::vec;
|
||||
use alloc::vec::Vec;
|
||||
use core::fmt;
|
||||
use core::ops::Deref;
|
||||
|
||||
use pki_types::{CertificateDer, DnsName};
|
||||
|
||||
#[cfg(feature = "tls12")]
|
||||
use crate::crypto::ActiveKeyExchange;
|
||||
use crate::crypto::SecureRandom;
|
||||
|
@ -20,16 +30,6 @@ use crate::rand;
|
|||
use crate::verify::DigitallySignedStruct;
|
||||
use crate::x509::wrap_in_sequence;
|
||||
|
||||
use pki_types::{CertificateDer, DnsName};
|
||||
|
||||
use alloc::collections::BTreeSet;
|
||||
#[cfg(feature = "logging")]
|
||||
use alloc::string::String;
|
||||
use alloc::vec;
|
||||
use alloc::vec::Vec;
|
||||
use core::fmt;
|
||||
use core::ops::Deref;
|
||||
|
||||
/// Create a newtype wrapper around a given type.
|
||||
///
|
||||
/// This is used to create newtypes for the various TLS message types which is used to wrap
|
||||
|
|
|
@ -1,3 +1,9 @@
|
|||
use std::prelude::v1::*;
|
||||
use std::{format, println, vec};
|
||||
|
||||
use pki_types::{CertificateDer, DnsName};
|
||||
|
||||
use super::handshake::{ServerDhParams, ServerKeyExchange, ServerKeyExchangeParams};
|
||||
use crate::enums::{CipherSuite, HandshakeType, ProtocolVersion, SignatureScheme};
|
||||
use crate::msgs::base::{Payload, PayloadU16, PayloadU24, PayloadU8};
|
||||
use crate::msgs::codec::{put_u16, Codec, Reader};
|
||||
|
@ -18,13 +24,6 @@ use crate::msgs::handshake::{
|
|||
};
|
||||
use crate::verify::DigitallySignedStruct;
|
||||
|
||||
use pki_types::{CertificateDer, DnsName};
|
||||
|
||||
use super::handshake::{ServerDhParams, ServerKeyExchange, ServerKeyExchangeParams};
|
||||
|
||||
use std::prelude::v1::*;
|
||||
use std::{format, println, vec};
|
||||
|
||||
#[test]
|
||||
fn rejects_short_random() {
|
||||
let bytes = [0x01; 31];
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
use core::ops::{Deref, DerefMut};
|
||||
|
||||
use super::outbound::read_opaque_message_header;
|
||||
use super::MessageError;
|
||||
use crate::enums::{ContentType, ProtocolVersion};
|
||||
|
@ -5,8 +7,6 @@ use crate::error::{Error, PeerMisbehaved};
|
|||
use crate::msgs::codec::ReaderMut;
|
||||
use crate::msgs::fragmenter::MAX_FRAGMENT_LEN;
|
||||
|
||||
use core::ops::{Deref, DerefMut};
|
||||
|
||||
/// A TLS frame, named TLSPlaintext in the standard.
|
||||
///
|
||||
/// This inbound type borrows its encrypted payload from a `[MessageDeframer]`.
|
||||
|
|
|
@ -11,10 +11,10 @@ mod inbound;
|
|||
pub use inbound::{BorrowedPayload, InboundOpaqueMessage, InboundPlainMessage};
|
||||
|
||||
mod outbound;
|
||||
pub use outbound::{OutboundChunks, OutboundOpaqueMessage, OutboundPlainMessage, PrefixedPayload};
|
||||
|
||||
use alloc::vec::Vec;
|
||||
|
||||
pub use outbound::{OutboundChunks, OutboundOpaqueMessage, OutboundPlainMessage, PrefixedPayload};
|
||||
|
||||
#[derive(Debug)]
|
||||
pub enum MessagePayload<'a> {
|
||||
Alert(AlertMessagePayload),
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
use alloc::vec::Vec;
|
||||
|
||||
use super::{MessageError, PlainMessage, HEADER_SIZE, MAX_PAYLOAD};
|
||||
use crate::enums::{ContentType, ProtocolVersion};
|
||||
use crate::internal::record_layer::RecordLayer;
|
||||
use crate::msgs::base::Payload;
|
||||
use crate::msgs::codec::{Codec, Reader};
|
||||
|
||||
use alloc::vec::Vec;
|
||||
|
||||
/// A TLS frame, named `TLSPlaintext` in the standard.
|
||||
///
|
||||
/// This outbound type borrows its "to be encrypted" payload from the "user".
|
||||
|
|
|
@ -1,15 +1,14 @@
|
|||
use crate::enums::{AlertDescription, HandshakeType};
|
||||
use crate::msgs::base::{PayloadU16, PayloadU24, PayloadU8};
|
||||
use std::io::Read;
|
||||
use std::path::{Path, PathBuf};
|
||||
use std::prelude::v1::*;
|
||||
use std::{format, fs, println, vec};
|
||||
|
||||
use super::base::Payload;
|
||||
use super::codec::Reader;
|
||||
use super::enums::AlertLevel;
|
||||
use super::message::{Message, OutboundOpaqueMessage, PlainMessage};
|
||||
|
||||
use std::io::Read;
|
||||
use std::path::{Path, PathBuf};
|
||||
use std::prelude::v1::*;
|
||||
use std::{format, fs, println, vec};
|
||||
use crate::enums::{AlertDescription, HandshakeType};
|
||||
use crate::msgs::base::{PayloadU16, PayloadU24, PayloadU8};
|
||||
|
||||
#[test]
|
||||
fn test_read_fuzz_corpus() {
|
||||
|
|
|
@ -1,3 +1,11 @@
|
|||
use alloc::vec::Vec;
|
||||
use core::cmp;
|
||||
#[cfg(feature = "tls12")]
|
||||
use core::mem;
|
||||
|
||||
use pki_types::{DnsName, UnixTime};
|
||||
use zeroize::Zeroizing;
|
||||
|
||||
use crate::enums::{CipherSuite, ProtocolVersion};
|
||||
use crate::error::InvalidMessage;
|
||||
use crate::msgs::base::{PayloadU16, PayloadU8};
|
||||
|
@ -9,14 +17,6 @@ use crate::msgs::handshake::SessionId;
|
|||
use crate::tls12::Tls12CipherSuite;
|
||||
use crate::tls13::Tls13CipherSuite;
|
||||
|
||||
use pki_types::{DnsName, UnixTime};
|
||||
use zeroize::Zeroizing;
|
||||
|
||||
use alloc::vec::Vec;
|
||||
use core::cmp;
|
||||
#[cfg(feature = "tls12")]
|
||||
use core::mem;
|
||||
|
||||
pub(crate) struct Retrieved<T> {
|
||||
pub(crate) value: T,
|
||||
retrieved_at: UnixTime,
|
||||
|
|
|
@ -1,3 +1,9 @@
|
|||
use alloc::boxed::Box;
|
||||
use alloc::collections::VecDeque;
|
||||
use alloc::vec::Vec;
|
||||
#[cfg(feature = "std")]
|
||||
use core::fmt::Debug;
|
||||
|
||||
/// This module contains optional APIs for implementing QUIC TLS.
|
||||
use crate::common_state::Side;
|
||||
use crate::crypto::cipher::{AeadKey, Iv};
|
||||
|
@ -9,14 +15,17 @@ use crate::tls13::key_schedule::{
|
|||
};
|
||||
use crate::tls13::Tls13CipherSuite;
|
||||
|
||||
use alloc::boxed::Box;
|
||||
use alloc::collections::VecDeque;
|
||||
use alloc::vec::Vec;
|
||||
#[cfg(feature = "std")]
|
||||
use core::fmt::Debug;
|
||||
|
||||
#[cfg(feature = "std")]
|
||||
mod connection {
|
||||
use alloc::sync::Arc;
|
||||
use alloc::vec;
|
||||
use alloc::vec::Vec;
|
||||
use core::fmt::{self, Debug};
|
||||
use core::ops::{Deref, DerefMut};
|
||||
|
||||
use pki_types::ServerName;
|
||||
|
||||
use super::{DirectionalKeys, KeyChange, Version};
|
||||
use crate::client::{ClientConfig, ClientConnectionData};
|
||||
use crate::common_state::{CommonState, Protocol, DEFAULT_BUFFER_LIMIT};
|
||||
use crate::conn::{ConnectionCore, SideData};
|
||||
|
@ -27,16 +36,6 @@ mod connection {
|
|||
use crate::server::{ServerConfig, ServerConnectionData};
|
||||
use crate::vecbuf::ChunkVecBuffer;
|
||||
|
||||
use pki_types::ServerName;
|
||||
|
||||
use alloc::sync::Arc;
|
||||
use alloc::vec;
|
||||
use alloc::vec::Vec;
|
||||
use core::fmt::{self, Debug};
|
||||
use core::ops::{Deref, DerefMut};
|
||||
|
||||
use super::{DirectionalKeys, KeyChange, Version};
|
||||
|
||||
/// A QUIC client or server connection.
|
||||
#[derive(Debug)]
|
||||
pub enum Connection {
|
||||
|
@ -966,9 +965,10 @@ impl Default for Version {
|
|||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use std::prelude::v1::*;
|
||||
|
||||
use super::PacketKey;
|
||||
use crate::quic::HeaderProtectionKey;
|
||||
use std::prelude::v1::*;
|
||||
|
||||
#[test]
|
||||
fn auto_traits() {
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
//! The single place where we generate random material for our own use.
|
||||
|
||||
use crate::crypto::SecureRandom;
|
||||
|
||||
use alloc::vec;
|
||||
use alloc::vec::Vec;
|
||||
|
||||
use crate::crypto::SecureRandom;
|
||||
|
||||
/// Make a [`Vec<u8>`] of the given size containing random material.
|
||||
pub(crate) fn random_vec(
|
||||
secure_random: &dyn SecureRandom,
|
||||
|
|
|
@ -1,13 +1,11 @@
|
|||
use alloc::boxed::Box;
|
||||
use core::num::NonZeroU64;
|
||||
|
||||
use crate::crypto::cipher::{InboundOpaqueMessage, MessageDecrypter, MessageEncrypter};
|
||||
use crate::error::Error;
|
||||
use crate::msgs::message::{InboundPlainMessage, OutboundOpaqueMessage, OutboundPlainMessage};
|
||||
|
||||
#[cfg(feature = "logging")]
|
||||
use crate::log::trace;
|
||||
|
||||
use alloc::boxed::Box;
|
||||
use crate::msgs::message::{InboundPlainMessage, OutboundOpaqueMessage, OutboundPlainMessage};
|
||||
|
||||
static SEQ_SOFT_LIMIT: u64 = 0xffff_ffff_ffff_0000u64;
|
||||
static SEQ_HARD_LIMIT: u64 = 0xffff_ffff_ffff_fffeu64;
|
||||
|
|
|
@ -1,19 +1,17 @@
|
|||
use alloc::sync::Arc;
|
||||
use alloc::vec::Vec;
|
||||
use core::marker::PhantomData;
|
||||
|
||||
use pki_types::{CertificateDer, PrivateKeyDer};
|
||||
|
||||
use crate::builder::{ConfigBuilder, WantsVerifier};
|
||||
use crate::crypto::CryptoProvider;
|
||||
use crate::error::Error;
|
||||
use crate::msgs::handshake::CertificateChain;
|
||||
use crate::server::handy;
|
||||
use crate::server::{ResolvesServerCert, ServerConfig};
|
||||
use crate::server::{handy, ResolvesServerCert, ServerConfig};
|
||||
use crate::time_provider::TimeProvider;
|
||||
use crate::verify::{ClientCertVerifier, NoClientAuth};
|
||||
use crate::versions;
|
||||
use crate::NoKeyLog;
|
||||
|
||||
use pki_types::{CertificateDer, PrivateKeyDer};
|
||||
|
||||
use alloc::sync::Arc;
|
||||
use alloc::vec::Vec;
|
||||
use core::marker::PhantomData;
|
||||
use crate::{versions, NoKeyLog};
|
||||
|
||||
impl ConfigBuilder<ServerConfig, WantsVerifier> {
|
||||
/// Choose how to verify client certificates.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
use crate::sign;
|
||||
|
||||
use pki_types::CertificateDer;
|
||||
|
||||
use crate::sign;
|
||||
|
||||
/// ActiveCertifiedKey wraps [`sign::CertifiedKey`] and tracks OSCP state in a single handshake.
|
||||
pub(super) struct ActiveCertifiedKey<'a> {
|
||||
key: &'a sign::CertifiedKey,
|
||||
|
|
|
@ -1,12 +1,11 @@
|
|||
use crate::msgs::handshake::CertificateChain;
|
||||
use crate::server;
|
||||
use crate::server::ClientHello;
|
||||
use crate::sign;
|
||||
|
||||
use alloc::sync::Arc;
|
||||
use alloc::vec::Vec;
|
||||
use core::fmt::Debug;
|
||||
|
||||
use crate::msgs::handshake::CertificateChain;
|
||||
use crate::server::ClientHello;
|
||||
use crate::{server, sign};
|
||||
|
||||
/// Something which never stores sessions.
|
||||
#[derive(Debug)]
|
||||
pub struct NoServerSessionStorage {}
|
||||
|
@ -28,14 +27,13 @@ impl server::StoresServerSessions for NoServerSessionStorage {
|
|||
|
||||
#[cfg(feature = "std")]
|
||||
mod cache {
|
||||
use crate::limited_cache;
|
||||
use crate::server;
|
||||
|
||||
use alloc::sync::Arc;
|
||||
use alloc::vec::Vec;
|
||||
use core::fmt::{Debug, Formatter};
|
||||
use std::sync::Mutex;
|
||||
|
||||
use crate::{limited_cache, server};
|
||||
|
||||
/// An implementer of `StoresServerSessions` that stores everything
|
||||
/// in memory. If enforces a limit on the number of stored sessions
|
||||
/// to bound memory usage.
|
||||
|
@ -89,9 +87,10 @@ mod cache {
|
|||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use std::vec;
|
||||
|
||||
use super::*;
|
||||
use crate::server::StoresServerSessions;
|
||||
use std::vec;
|
||||
|
||||
#[test]
|
||||
fn test_serversessionmemorycache_accepts_put() {
|
||||
|
@ -198,19 +197,18 @@ impl server::ResolvesServerCert for AlwaysResolvesChain {
|
|||
|
||||
#[cfg(feature = "std")]
|
||||
mod sni_resolver {
|
||||
use crate::error::Error;
|
||||
use crate::server;
|
||||
use crate::server::ClientHello;
|
||||
use crate::sign;
|
||||
use crate::webpki::{verify_server_name, ParsedCertificate};
|
||||
|
||||
use pki_types::{DnsName, ServerName};
|
||||
|
||||
use alloc::string::{String, ToString};
|
||||
use alloc::sync::Arc;
|
||||
use core::fmt::Debug;
|
||||
use std::collections::HashMap;
|
||||
|
||||
use pki_types::{DnsName, ServerName};
|
||||
|
||||
use crate::error::Error;
|
||||
use crate::server::ClientHello;
|
||||
use crate::webpki::{verify_server_name, ParsedCertificate};
|
||||
use crate::{server, sign};
|
||||
|
||||
/// Something that resolves do different cert chains/keys based
|
||||
/// on client-supplied server name (via SNI).
|
||||
#[derive(Debug)]
|
||||
|
@ -302,11 +300,11 @@ pub use sni_resolver::ResolvesServerCertUsingSni;
|
|||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use super::*;
|
||||
use crate::server::ProducesTickets;
|
||||
use crate::server::StoresServerSessions;
|
||||
use std::vec;
|
||||
|
||||
use super::*;
|
||||
use crate::server::{ProducesTickets, StoresServerSessions};
|
||||
|
||||
#[test]
|
||||
fn test_noserversessionstorage_drops_put() {
|
||||
let c = NoServerSessionStorage {};
|
||||
|
|
|
@ -1,3 +1,13 @@
|
|||
use alloc::borrow::ToOwned;
|
||||
use alloc::boxed::Box;
|
||||
use alloc::sync::Arc;
|
||||
use alloc::vec::Vec;
|
||||
|
||||
use pki_types::DnsName;
|
||||
|
||||
use super::server_conn::ServerConnectionData;
|
||||
#[cfg(feature = "tls12")]
|
||||
use super::tls12;
|
||||
use crate::common_state::{Protocol, State};
|
||||
use crate::conn::ConnectionRandoms;
|
||||
use crate::crypto::SupportedKxGroup;
|
||||
|
@ -12,26 +22,15 @@ use crate::log::{debug, trace};
|
|||
use crate::msgs::enums::{Compression, ExtensionType, NamedGroup};
|
||||
#[cfg(feature = "tls12")]
|
||||
use crate::msgs::handshake::SessionId;
|
||||
use crate::msgs::handshake::{ClientHelloPayload, KeyExchangeAlgorithm, Random, ServerExtension};
|
||||
use crate::msgs::handshake::{ConvertProtocolNameList, ConvertServerNameList, HandshakePayload};
|
||||
use crate::msgs::handshake::{
|
||||
ClientHelloPayload, ConvertProtocolNameList, ConvertServerNameList, HandshakePayload,
|
||||
KeyExchangeAlgorithm, Random, ServerExtension,
|
||||
};
|
||||
use crate::msgs::message::{Message, MessagePayload};
|
||||
use crate::msgs::persist;
|
||||
use crate::server::{ClientHello, ServerConfig};
|
||||
use crate::suites;
|
||||
use crate::SupportedCipherSuite;
|
||||
|
||||
use super::server_conn::ServerConnectionData;
|
||||
#[cfg(feature = "tls12")]
|
||||
use super::tls12;
|
||||
use crate::server::common::ActiveCertifiedKey;
|
||||
use crate::server::tls13;
|
||||
|
||||
use pki_types::DnsName;
|
||||
|
||||
use alloc::borrow::ToOwned;
|
||||
use alloc::boxed::Box;
|
||||
use alloc::sync::Arc;
|
||||
use alloc::vec::Vec;
|
||||
use crate::server::{tls13, ClientHello, ServerConfig};
|
||||
use crate::{suites, SupportedCipherSuite};
|
||||
|
||||
pub(super) type NextState<'a> = Box<dyn State<ServerConnectionData> + 'a>;
|
||||
pub(super) type NextStateOrError<'a> = Result<NextState<'a>, Error>;
|
||||
|
|
|
@ -1,8 +1,23 @@
|
|||
use alloc::boxed::Box;
|
||||
use alloc::sync::Arc;
|
||||
use alloc::vec::Vec;
|
||||
use core::fmt;
|
||||
use core::fmt::{Debug, Formatter};
|
||||
use core::marker::PhantomData;
|
||||
use core::ops::{Deref, DerefMut};
|
||||
#[cfg(feature = "std")]
|
||||
use std::io;
|
||||
|
||||
use pki_types::{DnsName, UnixTime};
|
||||
|
||||
use super::hs;
|
||||
use crate::builder::ConfigBuilder;
|
||||
#[cfg(feature = "std")]
|
||||
use crate::common_state::Protocol;
|
||||
use crate::common_state::{CommonState, Side, State};
|
||||
use crate::conn::{ConnectionCommon, ConnectionCore, UnbufferedConnectionCommon};
|
||||
#[cfg(doc)]
|
||||
use crate::crypto;
|
||||
use crate::crypto::CryptoProvider;
|
||||
use crate::enums::{CipherSuite, ProtocolVersion, SignatureScheme};
|
||||
use crate::error::Error;
|
||||
|
@ -15,29 +30,9 @@ use crate::msgs::message::Message;
|
|||
use crate::time_provider::DefaultTimeProvider;
|
||||
use crate::time_provider::TimeProvider;
|
||||
use crate::vecbuf::ChunkVecBuffer;
|
||||
use crate::verify;
|
||||
use crate::versions;
|
||||
use crate::KeyLog;
|
||||
#[cfg(feature = "std")]
|
||||
use crate::WantsVerifier;
|
||||
use crate::{sign, WantsVersions};
|
||||
|
||||
use super::hs;
|
||||
|
||||
use pki_types::{DnsName, UnixTime};
|
||||
|
||||
use alloc::boxed::Box;
|
||||
use alloc::sync::Arc;
|
||||
use alloc::vec::Vec;
|
||||
use core::fmt;
|
||||
use core::fmt::{Debug, Formatter};
|
||||
use core::marker::PhantomData;
|
||||
use core::ops::{Deref, DerefMut};
|
||||
#[cfg(feature = "std")]
|
||||
use std::io;
|
||||
|
||||
#[cfg(doc)]
|
||||
use crate::crypto;
|
||||
use crate::{sign, verify, versions, KeyLog, WantsVersions};
|
||||
|
||||
/// A trait for the ability to store server session data.
|
||||
///
|
||||
|
@ -503,13 +498,6 @@ impl ServerConfig {
|
|||
|
||||
#[cfg(feature = "std")]
|
||||
mod connection {
|
||||
use crate::common_state::{CommonState, Context, Side};
|
||||
use crate::conn::{ConnectionCommon, ConnectionCore};
|
||||
use crate::error::Error;
|
||||
use crate::server::hs;
|
||||
use crate::suites::ExtractedSecrets;
|
||||
use crate::vecbuf::ChunkVecBuffer;
|
||||
|
||||
use alloc::boxed::Box;
|
||||
use alloc::sync::Arc;
|
||||
use alloc::vec::Vec;
|
||||
|
@ -519,6 +507,12 @@ mod connection {
|
|||
use std::io;
|
||||
|
||||
use super::{Accepted, Accepting, EarlyDataState, ServerConfig, ServerConnectionData};
|
||||
use crate::common_state::{CommonState, Context, Side};
|
||||
use crate::conn::{ConnectionCommon, ConnectionCore};
|
||||
use crate::error::Error;
|
||||
use crate::server::hs;
|
||||
use crate::suites::ExtractedSecrets;
|
||||
use crate::vecbuf::ChunkVecBuffer;
|
||||
|
||||
/// Allows reading of early data in resumed TLS1.3 connections.
|
||||
///
|
||||
|
@ -1099,9 +1093,10 @@ impl crate::conn::SideData for ServerConnectionData {}
|
|||
#[cfg(feature = "std")]
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use super::*;
|
||||
use std::format;
|
||||
|
||||
use super::*;
|
||||
|
||||
// these branches not reachable externally, unless something else goes wrong.
|
||||
#[test]
|
||||
fn test_read_in_new_state() {
|
||||
|
|
|
@ -1,9 +1,22 @@
|
|||
use alloc::borrow::ToOwned;
|
||||
use alloc::boxed::Box;
|
||||
use alloc::string::ToString;
|
||||
use alloc::sync::Arc;
|
||||
use alloc::vec;
|
||||
use alloc::vec::Vec;
|
||||
|
||||
pub(super) use client_hello::CompleteClientHelloHandling;
|
||||
use pki_types::UnixTime;
|
||||
use subtle::ConstantTimeEq;
|
||||
|
||||
use super::common::ActiveCertifiedKey;
|
||||
use super::hs::{self, ServerContext};
|
||||
use super::server_conn::{ProducesTickets, ServerConfig, ServerConnectionData};
|
||||
use crate::check::inappropriate_message;
|
||||
use crate::common_state::{CommonState, Side, State};
|
||||
use crate::conn::ConnectionRandoms;
|
||||
use crate::crypto::ActiveKeyExchange;
|
||||
use crate::enums::ProtocolVersion;
|
||||
use crate::enums::{AlertDescription, ContentType, HandshakeType};
|
||||
use crate::enums::{AlertDescription, ContentType, HandshakeType, ProtocolVersion};
|
||||
use crate::error::{Error, PeerIncompatible, PeerMisbehaved};
|
||||
use crate::hash_hs::HandshakeHash;
|
||||
#[cfg(feature = "logging")]
|
||||
|
@ -13,47 +26,29 @@ use crate::msgs::ccs::ChangeCipherSpecPayload;
|
|||
use crate::msgs::codec::Codec;
|
||||
use crate::msgs::handshake::{
|
||||
CertificateChain, ClientKeyExchangeParams, HandshakeMessagePayload, HandshakePayload,
|
||||
NewSessionTicketPayload, SessionId,
|
||||
};
|
||||
use crate::msgs::handshake::{NewSessionTicketPayload, SessionId};
|
||||
use crate::msgs::message::{Message, MessagePayload};
|
||||
use crate::msgs::persist;
|
||||
use crate::suites::PartiallyExtractedSecrets;
|
||||
use crate::tls12::{self, ConnectionSecrets, Tls12CipherSuite};
|
||||
use crate::verify;
|
||||
|
||||
use super::common::ActiveCertifiedKey;
|
||||
use super::hs::{self, ServerContext};
|
||||
use super::server_conn::{ProducesTickets, ServerConfig, ServerConnectionData};
|
||||
|
||||
use pki_types::UnixTime;
|
||||
use subtle::ConstantTimeEq;
|
||||
|
||||
use alloc::borrow::ToOwned;
|
||||
use alloc::boxed::Box;
|
||||
use alloc::string::ToString;
|
||||
use alloc::sync::Arc;
|
||||
use alloc::vec;
|
||||
use alloc::vec::Vec;
|
||||
|
||||
pub(super) use client_hello::CompleteClientHelloHandling;
|
||||
|
||||
mod client_hello {
|
||||
use pki_types::CertificateDer;
|
||||
|
||||
use super::*;
|
||||
use crate::crypto::SupportedKxGroup;
|
||||
use crate::enums::SignatureScheme;
|
||||
use crate::msgs::enums::ECPointFormat;
|
||||
use crate::msgs::enums::{ClientCertificateType, Compression};
|
||||
use crate::msgs::handshake::CertificateStatus;
|
||||
use crate::msgs::handshake::{CertificateRequestPayload, ClientSessionTicket, Random};
|
||||
use crate::msgs::handshake::{ClientExtension, ClientHelloPayload, ServerHelloPayload};
|
||||
use crate::msgs::handshake::{ServerExtension, ServerKeyExchangePayload};
|
||||
use crate::msgs::handshake::{ServerKeyExchange, ServerKeyExchangeParams};
|
||||
use crate::msgs::enums::{ClientCertificateType, Compression, ECPointFormat};
|
||||
use crate::msgs::handshake::{
|
||||
CertificateRequestPayload, CertificateStatus, ClientExtension, ClientHelloPayload,
|
||||
ClientSessionTicket, Random, ServerExtension, ServerHelloPayload, ServerKeyExchange,
|
||||
ServerKeyExchangeParams, ServerKeyExchangePayload,
|
||||
};
|
||||
use crate::sign;
|
||||
use crate::verify::DigitallySignedStruct;
|
||||
|
||||
use super::*;
|
||||
|
||||
pub(in crate::server) struct CompleteClientHelloHandling {
|
||||
pub(in crate::server) config: Arc<ServerConfig>,
|
||||
pub(in crate::server) transcript: HandshakeHash,
|
||||
|
|
|
@ -1,66 +1,51 @@
|
|||
use crate::check::inappropriate_handshake_message;
|
||||
use crate::check::inappropriate_message;
|
||||
use crate::common_state::Protocol;
|
||||
use crate::common_state::{CommonState, Side, State};
|
||||
use crate::conn::ConnectionRandoms;
|
||||
use crate::enums::ProtocolVersion;
|
||||
use crate::enums::{AlertDescription, ContentType, HandshakeType};
|
||||
use crate::error::{Error, PeerIncompatible, PeerMisbehaved};
|
||||
use crate::hash_hs::HandshakeHash;
|
||||
#[cfg(feature = "logging")]
|
||||
use crate::log::{debug, trace, warn};
|
||||
use crate::msgs::codec::Codec;
|
||||
use crate::msgs::enums::KeyUpdateRequest;
|
||||
use crate::msgs::handshake::CertificateChain;
|
||||
use crate::msgs::handshake::HandshakeMessagePayload;
|
||||
use crate::msgs::handshake::HandshakePayload;
|
||||
use crate::msgs::handshake::{NewSessionTicketExtension, NewSessionTicketPayloadTls13};
|
||||
use crate::msgs::message::{Message, MessagePayload};
|
||||
use crate::msgs::persist;
|
||||
use crate::rand;
|
||||
use crate::server::ServerConfig;
|
||||
use crate::suites::PartiallyExtractedSecrets;
|
||||
use crate::tls13::construct_client_verify_message;
|
||||
use crate::tls13::construct_server_verify_message;
|
||||
use crate::tls13::key_schedule::{KeyScheduleTraffic, KeyScheduleTrafficWithClientFinishedPending};
|
||||
use crate::tls13::Tls13CipherSuite;
|
||||
use crate::verify;
|
||||
|
||||
use super::hs::{self, HandshakeHashOrBuffer, ServerContext};
|
||||
use super::server_conn::ServerConnectionData;
|
||||
|
||||
use alloc::borrow::ToOwned;
|
||||
use alloc::boxed::Box;
|
||||
use alloc::sync::Arc;
|
||||
use alloc::vec;
|
||||
use alloc::vec::Vec;
|
||||
|
||||
pub(super) use client_hello::CompleteClientHelloHandling;
|
||||
use pki_types::{CertificateDer, UnixTime};
|
||||
use subtle::ConstantTimeEq;
|
||||
|
||||
pub(super) use client_hello::CompleteClientHelloHandling;
|
||||
use super::hs::{self, HandshakeHashOrBuffer, ServerContext};
|
||||
use super::server_conn::ServerConnectionData;
|
||||
use crate::check::{inappropriate_handshake_message, inappropriate_message};
|
||||
use crate::common_state::{CommonState, Protocol, Side, State};
|
||||
use crate::conn::ConnectionRandoms;
|
||||
use crate::enums::{AlertDescription, ContentType, HandshakeType, ProtocolVersion};
|
||||
use crate::error::{Error, PeerIncompatible, PeerMisbehaved};
|
||||
use crate::hash_hs::HandshakeHash;
|
||||
#[cfg(feature = "logging")]
|
||||
use crate::log::{debug, trace, warn};
|
||||
use crate::msgs::codec::Codec;
|
||||
use crate::msgs::enums::KeyUpdateRequest;
|
||||
use crate::msgs::handshake::{
|
||||
CertificateChain, HandshakeMessagePayload, HandshakePayload, NewSessionTicketExtension,
|
||||
NewSessionTicketPayloadTls13,
|
||||
};
|
||||
use crate::msgs::message::{Message, MessagePayload};
|
||||
use crate::msgs::persist;
|
||||
use crate::server::ServerConfig;
|
||||
use crate::suites::PartiallyExtractedSecrets;
|
||||
use crate::tls13::key_schedule::{KeyScheduleTraffic, KeyScheduleTrafficWithClientFinishedPending};
|
||||
use crate::tls13::{
|
||||
construct_client_verify_message, construct_server_verify_message, Tls13CipherSuite,
|
||||
};
|
||||
use crate::{rand, verify};
|
||||
|
||||
mod client_hello {
|
||||
use super::*;
|
||||
use crate::crypto::SupportedKxGroup;
|
||||
use crate::enums::SignatureScheme;
|
||||
use crate::msgs::base::{Payload, PayloadU8};
|
||||
use crate::msgs::ccs::ChangeCipherSpecPayload;
|
||||
use crate::msgs::enums::NamedGroup;
|
||||
use crate::msgs::enums::{Compression, PSKKeyExchangeMode};
|
||||
use crate::msgs::handshake::CertReqExtension;
|
||||
use crate::msgs::handshake::CertificateEntry;
|
||||
use crate::msgs::handshake::CertificateExtension;
|
||||
use crate::msgs::handshake::CertificatePayloadTls13;
|
||||
use crate::msgs::handshake::CertificateRequestPayloadTls13;
|
||||
use crate::msgs::handshake::CertificateStatus;
|
||||
use crate::msgs::handshake::ClientHelloPayload;
|
||||
use crate::msgs::handshake::HelloRetryExtension;
|
||||
use crate::msgs::handshake::HelloRetryRequest;
|
||||
use crate::msgs::handshake::KeyShareEntry;
|
||||
use crate::msgs::handshake::Random;
|
||||
use crate::msgs::handshake::ServerExtension;
|
||||
use crate::msgs::handshake::ServerHelloPayload;
|
||||
use crate::msgs::handshake::SessionId;
|
||||
use crate::msgs::enums::{Compression, NamedGroup, PSKKeyExchangeMode};
|
||||
use crate::msgs::handshake::{
|
||||
CertReqExtension, CertificateEntry, CertificateExtension, CertificatePayloadTls13,
|
||||
CertificateRequestPayloadTls13, CertificateStatus, ClientHelloPayload, HelloRetryExtension,
|
||||
HelloRetryRequest, KeyShareEntry, Random, ServerExtension, ServerHelloPayload, SessionId,
|
||||
};
|
||||
use crate::server::common::ActiveCertifiedKey;
|
||||
use crate::sign;
|
||||
use crate::tls13::key_schedule::{
|
||||
|
@ -68,8 +53,6 @@ mod client_hello {
|
|||
};
|
||||
use crate::verify::DigitallySignedStruct;
|
||||
|
||||
use super::*;
|
||||
|
||||
#[derive(PartialEq)]
|
||||
pub(super) enum EarlyDataDecision {
|
||||
Disabled,
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
use crate::conn::{ConnectionCommon, SideData};
|
||||
|
||||
use core::ops::{Deref, DerefMut};
|
||||
use std::io::{IoSlice, Read, Result, Write};
|
||||
|
||||
use crate::conn::{ConnectionCommon, SideData};
|
||||
|
||||
/// This type implements `io::Read` and `io::Write`, encapsulating
|
||||
/// a Connection `C` and an underlying transport `T`, such as a socket.
|
||||
///
|
||||
|
@ -221,10 +221,11 @@ where
|
|||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use std::net::TcpStream;
|
||||
|
||||
use super::{Stream, StreamOwned};
|
||||
use crate::client::ClientConnection;
|
||||
use crate::server::ServerConnection;
|
||||
use std::net::TcpStream;
|
||||
|
||||
#[test]
|
||||
fn stream_can_be_created_for_connection_and_tcpstream() {
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
use core::fmt;
|
||||
|
||||
use crate::common_state::Protocol;
|
||||
use crate::crypto::cipher::{AeadKey, Iv};
|
||||
use crate::crypto::{self, KeyExchangeAlgorithm};
|
||||
|
@ -10,8 +12,6 @@ use crate::tls13::Tls13CipherSuite;
|
|||
use crate::versions::TLS12;
|
||||
use crate::versions::{SupportedProtocolVersion, TLS13};
|
||||
|
||||
use core::fmt;
|
||||
|
||||
/// Common state for cipher suites (both for TLS 1.2 and TLS 1.3)
|
||||
pub struct CipherSuiteCommon {
|
||||
/// The TLS enumeration naming this cipher suite.
|
||||
|
|
|
@ -1,14 +1,13 @@
|
|||
use crate::rand;
|
||||
use crate::server::ProducesTickets;
|
||||
use crate::Error;
|
||||
|
||||
use pki_types::UnixTime;
|
||||
|
||||
use alloc::boxed::Box;
|
||||
use alloc::vec::Vec;
|
||||
use core::mem;
|
||||
use std::sync::{Mutex, MutexGuard};
|
||||
|
||||
use pki_types::UnixTime;
|
||||
|
||||
use crate::server::ProducesTickets;
|
||||
use crate::{rand, Error};
|
||||
|
||||
#[derive(Debug)]
|
||||
pub(crate) struct TicketSwitcherState {
|
||||
next: Option<Box<dyn ProducesTickets>>,
|
||||
|
|
|
@ -1,3 +1,10 @@
|
|||
use alloc::boxed::Box;
|
||||
use alloc::vec;
|
||||
use alloc::vec::Vec;
|
||||
use core::fmt;
|
||||
|
||||
use zeroize::Zeroize;
|
||||
|
||||
use crate::common_state::{CommonState, Side};
|
||||
use crate::conn::ConnectionRandoms;
|
||||
use crate::crypto;
|
||||
|
@ -9,13 +16,6 @@ use crate::msgs::codec::{Codec, Reader};
|
|||
use crate::msgs::handshake::{KeyExchangeAlgorithm, KxDecode};
|
||||
use crate::suites::{CipherSuiteCommon, PartiallyExtractedSecrets, SupportedCipherSuite};
|
||||
|
||||
use alloc::boxed::Box;
|
||||
use alloc::vec;
|
||||
use alloc::vec::Vec;
|
||||
use core::fmt;
|
||||
|
||||
use zeroize::Zeroize;
|
||||
|
||||
/// A TLS 1.2 cipher suite supported by rustls.
|
||||
pub struct Tls12CipherSuite {
|
||||
/// Common cipher suite fields.
|
||||
|
|
|
@ -1,14 +1,13 @@
|
|||
use alloc::boxed::Box;
|
||||
use alloc::string::ToString;
|
||||
|
||||
use crate::common_state::{CommonState, Side};
|
||||
use crate::crypto::cipher::{AeadKey, Iv, MessageDecrypter};
|
||||
use crate::crypto::tls13::{expand, Hkdf, HkdfExpander, OkmBlock, OutputLengthError};
|
||||
use crate::crypto::{hash, hmac, ActiveKeyExchange};
|
||||
use crate::error::Error;
|
||||
use crate::quic;
|
||||
use crate::suites::PartiallyExtractedSecrets;
|
||||
use crate::{KeyLog, Tls13CipherSuite};
|
||||
|
||||
use alloc::boxed::Box;
|
||||
use alloc::string::ToString;
|
||||
use crate::{quic, KeyLog, Tls13CipherSuite};
|
||||
|
||||
/// Key schedule maintenance for TLS1.3
|
||||
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
use alloc::vec::Vec;
|
||||
use core::fmt;
|
||||
|
||||
use crate::crypto;
|
||||
use crate::crypto::hash;
|
||||
use crate::suites::{CipherSuiteCommon, SupportedCipherSuite};
|
||||
|
||||
use alloc::vec::Vec;
|
||||
use core::fmt;
|
||||
|
||||
pub(crate) mod key_schedule;
|
||||
|
||||
/// A TLS 1.3 cipher suite supported by rustls.
|
||||
|
|
|
@ -6,13 +6,13 @@
|
|||
use core::time::Duration;
|
||||
use std::prelude::v1::*;
|
||||
|
||||
use pki_types::{CertificateDer, ServerName, UnixTime};
|
||||
use webpki_roots;
|
||||
|
||||
use crate::crypto::CryptoProvider;
|
||||
use crate::verify::ServerCertVerifier;
|
||||
use crate::webpki::{RootCertStore, WebPkiServerVerifier};
|
||||
|
||||
use pki_types::{CertificateDer, ServerName, UnixTime};
|
||||
use webpki_roots;
|
||||
|
||||
bench_for_each_provider! {
|
||||
use super::Context;
|
||||
|
||||
|
|
|
@ -128,6 +128,7 @@ impl fmt::Debug for RootCertStore {
|
|||
#[test]
|
||||
fn root_cert_store_debug() {
|
||||
use core::iter;
|
||||
|
||||
use pki_types::Der;
|
||||
|
||||
let ta = TrustAnchor {
|
||||
|
|
|
@ -5,21 +5,20 @@ use pki_types::{CertificateDer, CertificateRevocationListDer, UnixTime};
|
|||
use webpki::{CertRevocationList, RevocationCheckDepth, UnknownStatusPolicy};
|
||||
|
||||
use super::{pki_error, VerifierBuilderError};
|
||||
#[cfg(doc)]
|
||||
use crate::crypto;
|
||||
use crate::crypto::{CryptoProvider, WebPkiSupportedAlgorithms};
|
||||
#[cfg(doc)]
|
||||
use crate::server::ServerConfig;
|
||||
use crate::verify::{
|
||||
ClientCertVerified, ClientCertVerifier, DigitallySignedStruct, HandshakeSignatureValid,
|
||||
NoClientAuth,
|
||||
};
|
||||
use crate::webpki::parse_crls;
|
||||
use crate::webpki::verify::{verify_tls12_signature, verify_tls13_signature, ParsedCertificate};
|
||||
use crate::{DistinguishedName, Error, RootCertStore, SignatureScheme};
|
||||
|
||||
#[cfg(doc)]
|
||||
use crate::crypto;
|
||||
#[cfg(doc)]
|
||||
use crate::server::ServerConfig;
|
||||
#[cfg(doc)]
|
||||
use crate::ConfigBuilder;
|
||||
use crate::{DistinguishedName, Error, RootCertStore, SignatureScheme};
|
||||
|
||||
/// A builder for configuring a `webpki` client certificate verifier.
|
||||
///
|
||||
|
|
|
@ -14,17 +14,14 @@ mod server_verifier;
|
|||
mod verify;
|
||||
|
||||
pub use anchors::RootCertStore;
|
||||
|
||||
pub use client_verifier::{ClientCertVerifierBuilder, WebPkiClientVerifier};
|
||||
pub use server_verifier::{ServerCertVerifierBuilder, WebPkiServerVerifier};
|
||||
|
||||
pub use verify::{verify_tls12_signature, verify_tls13_signature, WebPkiSupportedAlgorithms};
|
||||
|
||||
// Conditionally exported from crate.
|
||||
#[allow(unreachable_pub)]
|
||||
pub use verify::{
|
||||
verify_server_cert_signed_by_trust_anchor, verify_server_name, ParsedCertificate,
|
||||
};
|
||||
pub use verify::{verify_tls12_signature, verify_tls13_signature, WebPkiSupportedAlgorithms};
|
||||
|
||||
/// An error that can occur when building a certificate verifier.
|
||||
#[derive(Debug, Clone)]
|
||||
|
@ -150,7 +147,8 @@ mod tests {
|
|||
|
||||
#[test]
|
||||
fn crl_error_from_webpki() {
|
||||
use super::{crl_error, CertRevocationListError::*};
|
||||
use super::crl_error;
|
||||
use super::CertRevocationListError::*;
|
||||
|
||||
let testcases = &[
|
||||
(webpki::Error::InvalidCrlSignatureForPublicKey, BadSignature),
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
#[cfg(feature = "logging")]
|
||||
use crate::log::trace;
|
||||
use alloc::sync::Arc;
|
||||
use alloc::vec::Vec;
|
||||
|
||||
|
@ -7,6 +5,8 @@ use pki_types::{CertificateDer, CertificateRevocationListDer, ServerName, UnixTi
|
|||
use webpki::{CertRevocationList, RevocationCheckDepth, UnknownStatusPolicy};
|
||||
|
||||
use crate::crypto::{CryptoProvider, WebPkiSupportedAlgorithms};
|
||||
#[cfg(feature = "logging")]
|
||||
use crate::log::trace;
|
||||
use crate::verify::{
|
||||
DigitallySignedStruct, HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier,
|
||||
};
|
||||
|
@ -15,10 +15,9 @@ use crate::webpki::verify::{
|
|||
ParsedCertificate,
|
||||
};
|
||||
use crate::webpki::{parse_crls, verify_server_name, VerifierBuilderError};
|
||||
use crate::{Error, RootCertStore, SignatureScheme};
|
||||
|
||||
#[cfg(doc)]
|
||||
use crate::{crypto, ConfigBuilder, ServerConfig};
|
||||
use crate::{Error, RootCertStore, SignatureScheme};
|
||||
|
||||
/// A builder for configuring a `webpki` server certificate verifier.
|
||||
///
|
||||
|
|
|
@ -7,7 +7,6 @@ use super::anchors::RootCertStore;
|
|||
use super::pki_error;
|
||||
use crate::enums::SignatureScheme;
|
||||
use crate::error::{Error, PeerMisbehaved};
|
||||
|
||||
use crate::verify::{DigitallySignedStruct, HandshakeSignatureValid};
|
||||
|
||||
/// Verify that the end-entity certificate `end_entity` is a valid server cert
|
||||
|
@ -228,9 +227,10 @@ pub(crate) fn verify_server_cert_signed_by_trust_anchor_impl(
|
|||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use super::*;
|
||||
use std::format;
|
||||
|
||||
use super::*;
|
||||
|
||||
#[test]
|
||||
fn certificate_debug() {
|
||||
assert_eq!(
|
||||
|
|
|
@ -42,9 +42,10 @@ const DER_SEQUENCE_TAG: u8 = 0x30;
|
|||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use super::*;
|
||||
use std::vec;
|
||||
|
||||
use super::*;
|
||||
|
||||
#[test]
|
||||
fn test_empty() {
|
||||
assert_eq!(vec![0x30, 0x00], wrap_in_sequence(&[]));
|
||||
|
|
|
@ -6,19 +6,16 @@ use std::ops::{Deref, DerefMut};
|
|||
use std::sync::Arc;
|
||||
|
||||
use pki_types::{CertificateDer, CertificateRevocationListDer, PrivateKeyDer, ServerName};
|
||||
use webpki::anchor_from_trusted_cert;
|
||||
|
||||
use rustls::client::{ServerCertVerifierBuilder, WebPkiServerVerifier};
|
||||
use rustls::crypto::CryptoProvider;
|
||||
use rustls::internal::msgs::codec::Reader;
|
||||
use rustls::internal::msgs::message::{Message, OutboundOpaqueMessage, PlainMessage};
|
||||
use rustls::server::{ClientCertVerifierBuilder, WebPkiClientVerifier};
|
||||
use rustls::Connection;
|
||||
use rustls::Error;
|
||||
use rustls::RootCertStore;
|
||||
use rustls::{ClientConfig, ClientConnection};
|
||||
use rustls::{ConnectionCommon, ServerConfig, ServerConnection, SideData};
|
||||
use rustls::{ProtocolVersion, SupportedCipherSuite};
|
||||
use rustls::{
|
||||
ClientConfig, ClientConnection, Connection, ConnectionCommon, Error, ProtocolVersion,
|
||||
RootCertStore, ServerConfig, ServerConnection, SideData, SupportedCipherSuite,
|
||||
};
|
||||
use webpki::anchor_from_trusted_cert;
|
||||
|
||||
use super::provider;
|
||||
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
use base64::prelude::{Engine, BASE64_STANDARD};
|
||||
use pki_types::DnsName;
|
||||
|
||||
use rustls::internal::msgs::codec::{Codec, Reader};
|
||||
use rustls::internal::msgs::enums::{EchVersion, HpkeAead, HpkeKdf, HpkeKem};
|
||||
use rustls::internal::msgs::handshake::{EchConfig, HpkeKeyConfig, HpkeSymmetricCipherSuite};
|
||||
|
|
|
@ -21,10 +21,8 @@
|
|||
//! file was created successfully, with the right permissions, etc., and that it
|
||||
//! contains something like what we expect.
|
||||
|
||||
use std::{
|
||||
env,
|
||||
sync::{Mutex, Once},
|
||||
};
|
||||
use std::env;
|
||||
use std::sync::{Mutex, Once};
|
||||
|
||||
#[macro_use]
|
||||
mod macros;
|
||||
|
|
|
@ -4,15 +4,14 @@
|
|||
//! executable, and runs tests in an indeterminate order. That restricts us
|
||||
//! to doing all the desired tests, in series, in one function.
|
||||
|
||||
use rustls::crypto::CryptoProvider;
|
||||
use rustls::ClientConfig;
|
||||
|
||||
#[cfg(all(feature = "aws_lc_rs", not(feature = "ring")))]
|
||||
use rustls::crypto::aws_lc_rs as provider;
|
||||
#[cfg(all(feature = "ring", not(feature = "aws_lc_rs")))]
|
||||
use rustls::crypto::ring as provider;
|
||||
#[cfg(all(feature = "ring", feature = "aws_lc_rs"))]
|
||||
use rustls::crypto::ring as provider;
|
||||
use rustls::crypto::CryptoProvider;
|
||||
use rustls::ClientConfig;
|
||||
|
||||
mod common;
|
||||
use crate::common::*;
|
||||
|
|
Loading…
Reference in New Issue