mirror of https://github.com/ctz/rustls
Format imports with `cargo +nightly fmt-unstable`
Run with nightly-2024-02-21
This commit is contained in:
parent
2d66fe4d9b
commit
546a85d912
|
@ -401,10 +401,12 @@ pub mod transport {
|
||||||
//! but that doesn't matter (we are measuring performance differences, and overhead is automatically
|
//! but that doesn't matter (we are measuring performance differences, and overhead is automatically
|
||||||
//! ignored as long as it remains constant).
|
//! ignored as long as it remains constant).
|
||||||
|
|
||||||
use super::async_io::{AsyncRead, AsyncWrite};
|
use std::io::{Cursor, Read, Write};
|
||||||
|
|
||||||
use byteorder::{BigEndian, ReadBytesExt, WriteBytesExt};
|
use byteorder::{BigEndian, ReadBytesExt, WriteBytesExt};
|
||||||
use rustls::{ClientConnection, ConnectionCommon, ServerConnection, SideData};
|
use rustls::{ClientConnection, ConnectionCommon, ServerConnection, SideData};
|
||||||
use std::io::{Cursor, Read, Write};
|
|
||||||
|
use super::async_io::{AsyncRead, AsyncWrite};
|
||||||
|
|
||||||
/// Sends one side's handshake data to the other side in one go.
|
/// Sends one side's handshake data to the other side in one go.
|
||||||
///
|
///
|
||||||
|
|
|
@ -3,7 +3,6 @@ mod ech_config {
|
||||||
use hickory_resolver::proto::rr::rdata::svcb::{SvcParamKey, SvcParamValue};
|
use hickory_resolver::proto::rr::rdata::svcb::{SvcParamKey, SvcParamValue};
|
||||||
use hickory_resolver::proto::rr::{RData, RecordType};
|
use hickory_resolver::proto::rr::{RData, RecordType};
|
||||||
use hickory_resolver::Resolver;
|
use hickory_resolver::Resolver;
|
||||||
|
|
||||||
use rustls::internal::msgs::codec::{Codec, Reader};
|
use rustls::internal::msgs::codec::{Codec, Reader};
|
||||||
use rustls::internal::msgs::enums::EchVersion;
|
use rustls::internal::msgs::enums::EchVersion;
|
||||||
use rustls::internal::msgs::handshake::EchConfig;
|
use rustls::internal::msgs::handshake::EchConfig;
|
||||||
|
|
|
@ -2,11 +2,12 @@
|
||||||
//! so that unused cryptography in rustls can be discarded by the linker. You can
|
//! so that unused cryptography in rustls can be discarded by the linker. You can
|
||||||
//! observe using `nm` that the binary of this program does not contain any AES code.
|
//! observe using `nm` that the binary of this program does not contain any AES code.
|
||||||
|
|
||||||
use rustls::crypto::{aws_lc_rs as provider, CryptoProvider};
|
|
||||||
use std::io::{stdout, Read, Write};
|
use std::io::{stdout, Read, Write};
|
||||||
use std::net::TcpStream;
|
use std::net::TcpStream;
|
||||||
use std::sync::Arc;
|
use std::sync::Arc;
|
||||||
|
|
||||||
|
use rustls::crypto::{aws_lc_rs as provider, CryptoProvider};
|
||||||
|
|
||||||
fn main() {
|
fn main() {
|
||||||
let root_store = rustls::RootCertStore::from_iter(
|
let root_store = rustls::RootCertStore::from_iter(
|
||||||
webpki_roots::TLS_SERVER_ROOTS
|
webpki_roots::TLS_SERVER_ROOTS
|
||||||
|
|
|
@ -13,13 +13,12 @@ use std::time::Duration;
|
||||||
use std::{fs, thread};
|
use std::{fs, thread};
|
||||||
|
|
||||||
use docopt::Docopt;
|
use docopt::Docopt;
|
||||||
use serde_derive::Deserialize;
|
|
||||||
|
|
||||||
use rustls::pki_types::{
|
use rustls::pki_types::{
|
||||||
CertificateDer, CertificateRevocationListDer, PrivateKeyDer, PrivatePkcs8KeyDer,
|
CertificateDer, CertificateRevocationListDer, PrivateKeyDer, PrivatePkcs8KeyDer,
|
||||||
};
|
};
|
||||||
use rustls::server::{Acceptor, ClientHello, ServerConfig, WebPkiClientVerifier};
|
use rustls::server::{Acceptor, ClientHello, ServerConfig, WebPkiClientVerifier};
|
||||||
use rustls::RootCertStore;
|
use rustls::RootCertStore;
|
||||||
|
use serde_derive::Deserialize;
|
||||||
|
|
||||||
fn main() {
|
fn main() {
|
||||||
let version = concat!(
|
let version = concat!(
|
||||||
|
|
|
@ -26,11 +26,10 @@ use std::{fs, process, str};
|
||||||
|
|
||||||
use docopt::Docopt;
|
use docopt::Docopt;
|
||||||
use mio::net::TcpStream;
|
use mio::net::TcpStream;
|
||||||
use serde::Deserialize;
|
|
||||||
|
|
||||||
use rustls::crypto::{aws_lc_rs as provider, CryptoProvider};
|
use rustls::crypto::{aws_lc_rs as provider, CryptoProvider};
|
||||||
use rustls::pki_types::{CertificateDer, PrivateKeyDer, ServerName};
|
use rustls::pki_types::{CertificateDer, PrivateKeyDer, ServerName};
|
||||||
use rustls::RootCertStore;
|
use rustls::RootCertStore;
|
||||||
|
use serde::Deserialize;
|
||||||
|
|
||||||
const CLIENT: mio::Token = mio::Token(0);
|
const CLIENT: mio::Token = mio::Token(0);
|
||||||
|
|
||||||
|
|
|
@ -27,12 +27,11 @@ use std::{fs, net};
|
||||||
use docopt::Docopt;
|
use docopt::Docopt;
|
||||||
use log::{debug, error};
|
use log::{debug, error};
|
||||||
use mio::net::{TcpListener, TcpStream};
|
use mio::net::{TcpListener, TcpStream};
|
||||||
use serde::Deserialize;
|
|
||||||
|
|
||||||
use rustls::crypto::{aws_lc_rs as provider, CryptoProvider};
|
use rustls::crypto::{aws_lc_rs as provider, CryptoProvider};
|
||||||
use rustls::pki_types::{CertificateDer, CertificateRevocationListDer, PrivateKeyDer};
|
use rustls::pki_types::{CertificateDer, CertificateRevocationListDer, PrivateKeyDer};
|
||||||
use rustls::server::WebPkiClientVerifier;
|
use rustls::server::WebPkiClientVerifier;
|
||||||
use rustls::RootCertStore;
|
use rustls::RootCertStore;
|
||||||
|
use serde::Deserialize;
|
||||||
|
|
||||||
// Token for our listening socket.
|
// Token for our listening socket.
|
||||||
const LISTENER: mio::Token = mio::Token(0);
|
const LISTENER: mio::Token = mio::Token(0);
|
||||||
|
|
|
@ -4,6 +4,7 @@ use std::net::{TcpListener, TcpStream};
|
||||||
use std::sync::Arc;
|
use std::sync::Arc;
|
||||||
use std::{str, thread};
|
use std::{str, thread};
|
||||||
|
|
||||||
|
use openssl::ssl::{SslAcceptor, SslFiletype, SslMethod};
|
||||||
use rustls::crypto::{aws_lc_rs as provider, CryptoProvider};
|
use rustls::crypto::{aws_lc_rs as provider, CryptoProvider};
|
||||||
use rustls::version::{TLS12, TLS13};
|
use rustls::version::{TLS12, TLS13};
|
||||||
use rustls::{ClientConfig, RootCertStore, ServerConfig, SupportedProtocolVersion};
|
use rustls::{ClientConfig, RootCertStore, ServerConfig, SupportedProtocolVersion};
|
||||||
|
@ -13,8 +14,6 @@ use rustls_pki_types::{CertificateDer, PrivateKeyDer};
|
||||||
use crate::ffdhe::{self, FfdheKxGroup};
|
use crate::ffdhe::{self, FfdheKxGroup};
|
||||||
use crate::utils::verify_openssl3_available;
|
use crate::utils::verify_openssl3_available;
|
||||||
|
|
||||||
use openssl::ssl::{SslAcceptor, SslFiletype, SslMethod};
|
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn rustls_server_with_ffdhe_kx_tls13() {
|
fn rustls_server_with_ffdhe_kx_tls13() {
|
||||||
test_rustls_server_with_ffdhe_kx(&TLS13, 1)
|
test_rustls_server_with_ffdhe_kx(&TLS13, 1)
|
||||||
|
|
|
@ -1,18 +1,16 @@
|
||||||
#![cfg(feature = "ring")]
|
#![cfg(feature = "ring")]
|
||||||
|
|
||||||
use bencher::{benchmark_group, benchmark_main, Bencher};
|
use bencher::{benchmark_group, benchmark_main, Bencher};
|
||||||
|
|
||||||
use rustls::crypto::ring as provider;
|
use rustls::crypto::ring as provider;
|
||||||
|
|
||||||
#[path = "../tests/common/mod.rs"]
|
#[path = "../tests/common/mod.rs"]
|
||||||
mod test_utils;
|
mod test_utils;
|
||||||
use test_utils::*;
|
|
||||||
|
|
||||||
use rustls::ServerConnection;
|
|
||||||
|
|
||||||
use std::io;
|
use std::io;
|
||||||
use std::sync::Arc;
|
use std::sync::Arc;
|
||||||
|
|
||||||
|
use rustls::ServerConnection;
|
||||||
|
use test_utils::*;
|
||||||
|
|
||||||
fn bench_ewouldblock(c: &mut Bencher) {
|
fn bench_ewouldblock(c: &mut Bencher) {
|
||||||
let server_config = make_server_config(KeyType::Rsa);
|
let server_config = make_server_config(KeyType::Rsa);
|
||||||
let mut server = ServerConnection::new(Arc::new(server_config)).unwrap();
|
let mut server = ServerConnection::new(Arc::new(server_config)).unwrap();
|
||||||
|
|
|
@ -3,16 +3,13 @@
|
||||||
// Note: we don't use any of the standard 'cargo bench', 'test::Bencher',
|
// Note: we don't use any of the standard 'cargo bench', 'test::Bencher',
|
||||||
// etc. because it's unstable at the time of writing.
|
// etc. because it's unstable at the time of writing.
|
||||||
|
|
||||||
use std::env;
|
|
||||||
use std::fs;
|
|
||||||
use std::io::{self, Read, Write};
|
use std::io::{self, Read, Write};
|
||||||
use std::ops::Deref;
|
use std::ops::{Deref, DerefMut};
|
||||||
use std::ops::DerefMut;
|
|
||||||
use std::sync::Arc;
|
use std::sync::Arc;
|
||||||
use std::time::{Duration, Instant};
|
use std::time::{Duration, Instant};
|
||||||
|
use std::{env, fs};
|
||||||
|
|
||||||
use pki_types::{CertificateDer, PrivateKeyDer};
|
use pki_types::{CertificateDer, PrivateKeyDer};
|
||||||
|
|
||||||
use rustls::client::Resumption;
|
use rustls::client::Resumption;
|
||||||
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
|
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
|
||||||
use rustls::crypto::aws_lc_rs as provider;
|
use rustls::crypto::aws_lc_rs as provider;
|
||||||
|
@ -24,10 +21,10 @@ use rustls::crypto::ring as provider;
|
||||||
use rustls::crypto::ring::{cipher_suite, Ticketer};
|
use rustls::crypto::ring::{cipher_suite, Ticketer};
|
||||||
use rustls::crypto::CryptoProvider;
|
use rustls::crypto::CryptoProvider;
|
||||||
use rustls::server::{NoServerSessionStorage, ServerSessionMemoryCache, WebPkiClientVerifier};
|
use rustls::server::{NoServerSessionStorage, ServerSessionMemoryCache, WebPkiClientVerifier};
|
||||||
use rustls::RootCertStore;
|
use rustls::{
|
||||||
use rustls::{ClientConfig, ClientConnection};
|
ClientConfig, ClientConnection, ConnectionCommon, RootCertStore, ServerConfig,
|
||||||
use rustls::{ConnectionCommon, SideData};
|
ServerConnection, SideData,
|
||||||
use rustls::{ServerConfig, ServerConnection};
|
};
|
||||||
|
|
||||||
pub fn main() {
|
pub fn main() {
|
||||||
let mut args = std::env::args();
|
let mut args = std::env::args();
|
||||||
|
|
|
@ -4,8 +4,19 @@
|
||||||
// https://boringssl.googlesource.com/boringssl/+/master/ssl/test
|
// https://boringssl.googlesource.com/boringssl/+/master/ssl/test
|
||||||
//
|
//
|
||||||
|
|
||||||
|
use std::fmt::{Debug, Formatter};
|
||||||
|
use std::io::{self, BufReader, Read, Write};
|
||||||
|
use std::sync::Arc;
|
||||||
|
use std::{env, fs, net, process, thread, time};
|
||||||
|
|
||||||
|
use base64::prelude::{Engine, BASE64_STANDARD};
|
||||||
|
use pki_types::{CertificateDer, PrivateKeyDer, ServerName, UnixTime};
|
||||||
use rustls::client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier};
|
use rustls::client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier};
|
||||||
use rustls::client::{ClientConfig, ClientConnection, Resumption, WebPkiServerVerifier};
|
use rustls::client::{ClientConfig, ClientConnection, Resumption, WebPkiServerVerifier};
|
||||||
|
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
|
||||||
|
use rustls::crypto::aws_lc_rs as provider;
|
||||||
|
#[cfg(feature = "ring")]
|
||||||
|
use rustls::crypto::ring as provider;
|
||||||
use rustls::crypto::{CryptoProvider, SupportedKxGroup};
|
use rustls::crypto::{CryptoProvider, SupportedKxGroup};
|
||||||
use rustls::internal::msgs::codec::Codec;
|
use rustls::internal::msgs::codec::Codec;
|
||||||
use rustls::internal::msgs::persist::ServerSessionValue;
|
use rustls::internal::msgs::persist::ServerSessionValue;
|
||||||
|
@ -18,20 +29,6 @@ use rustls::{
|
||||||
SupportedProtocolVersion,
|
SupportedProtocolVersion,
|
||||||
};
|
};
|
||||||
|
|
||||||
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
|
|
||||||
use rustls::crypto::aws_lc_rs as provider;
|
|
||||||
#[cfg(feature = "ring")]
|
|
||||||
use rustls::crypto::ring as provider;
|
|
||||||
|
|
||||||
use base64::prelude::{Engine, BASE64_STANDARD};
|
|
||||||
use pki_types::{CertificateDer, PrivateKeyDer, ServerName, UnixTime};
|
|
||||||
|
|
||||||
use std::fmt::{Debug, Formatter};
|
|
||||||
use std::io::{self, BufReader, Read, Write};
|
|
||||||
use std::sync::Arc;
|
|
||||||
use std::time;
|
|
||||||
use std::{env, fs, net, process, thread};
|
|
||||||
|
|
||||||
static BOGO_NACK: i32 = 89;
|
static BOGO_NACK: i32 = 89;
|
||||||
|
|
||||||
macro_rules! println_err(
|
macro_rules! println_err(
|
||||||
|
|
|
@ -41,10 +41,11 @@ impl<'a> fmt::Debug for BsDebug<'a> {
|
||||||
|
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
mod tests {
|
mod tests {
|
||||||
use super::BsDebug;
|
|
||||||
use std::format;
|
use std::format;
|
||||||
use std::prelude::v1::*;
|
use std::prelude::v1::*;
|
||||||
|
|
||||||
|
use super::BsDebug;
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn debug() {
|
fn debug() {
|
||||||
let vec: Vec<_> = (0..0x100).map(|b| b as u8).collect();
|
let vec: Vec<_> = (0..0x100).map(|b| b as u8).collect();
|
||||||
|
|
|
@ -1,14 +1,14 @@
|
||||||
use crate::error::Error;
|
|
||||||
use crate::time_provider::TimeProvider;
|
|
||||||
use crate::versions;
|
|
||||||
use crate::{crypto::CryptoProvider, msgs::handshake::ALL_KEY_EXCHANGE_ALGORITHMS};
|
|
||||||
|
|
||||||
use alloc::format;
|
use alloc::format;
|
||||||
use alloc::sync::Arc;
|
use alloc::sync::Arc;
|
||||||
use alloc::vec::Vec;
|
use alloc::vec::Vec;
|
||||||
use core::fmt;
|
use core::fmt;
|
||||||
use core::marker::PhantomData;
|
use core::marker::PhantomData;
|
||||||
|
|
||||||
|
use crate::crypto::CryptoProvider;
|
||||||
|
use crate::error::Error;
|
||||||
|
use crate::msgs::handshake::ALL_KEY_EXCHANGE_ALGORITHMS;
|
||||||
|
use crate::time_provider::TimeProvider;
|
||||||
|
use crate::versions;
|
||||||
#[cfg(doc)]
|
#[cfg(doc)]
|
||||||
use crate::{ClientConfig, ServerConfig};
|
use crate::{ClientConfig, ServerConfig};
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,12 @@
|
||||||
|
use alloc::sync::Arc;
|
||||||
|
use alloc::vec::Vec;
|
||||||
|
use core::marker::PhantomData;
|
||||||
|
|
||||||
|
use pki_types::{CertificateDer, PrivateKeyDer};
|
||||||
|
|
||||||
|
use super::client_conn::Resumption;
|
||||||
use crate::builder::{ConfigBuilder, WantsVerifier};
|
use crate::builder::{ConfigBuilder, WantsVerifier};
|
||||||
use crate::client::handy;
|
use crate::client::{handy, ClientConfig, ResolvesClientCert};
|
||||||
use crate::client::{ClientConfig, ResolvesClientCert};
|
|
||||||
use crate::crypto::CryptoProvider;
|
use crate::crypto::CryptoProvider;
|
||||||
use crate::error::Error;
|
use crate::error::Error;
|
||||||
use crate::key_log::NoKeyLog;
|
use crate::key_log::NoKeyLog;
|
||||||
|
@ -9,14 +15,6 @@ use crate::time_provider::TimeProvider;
|
||||||
use crate::webpki::{self, WebPkiServerVerifier};
|
use crate::webpki::{self, WebPkiServerVerifier};
|
||||||
use crate::{verify, versions};
|
use crate::{verify, versions};
|
||||||
|
|
||||||
use super::client_conn::Resumption;
|
|
||||||
|
|
||||||
use pki_types::{CertificateDer, PrivateKeyDer};
|
|
||||||
|
|
||||||
use alloc::sync::Arc;
|
|
||||||
use alloc::vec::Vec;
|
|
||||||
use core::marker::PhantomData;
|
|
||||||
|
|
||||||
impl ConfigBuilder<ClientConfig, WantsVerifier> {
|
impl ConfigBuilder<ClientConfig, WantsVerifier> {
|
||||||
/// Choose how to verify server certificates.
|
/// Choose how to verify server certificates.
|
||||||
///
|
///
|
||||||
|
|
|
@ -1,3 +1,13 @@
|
||||||
|
use alloc::sync::Arc;
|
||||||
|
use alloc::vec::Vec;
|
||||||
|
use core::marker::PhantomData;
|
||||||
|
use core::ops::{Deref, DerefMut};
|
||||||
|
use core::{fmt, mem};
|
||||||
|
|
||||||
|
use pki_types::{ServerName, UnixTime};
|
||||||
|
|
||||||
|
use super::handy::NoClientSessionStorage;
|
||||||
|
use super::hs;
|
||||||
use crate::builder::ConfigBuilder;
|
use crate::builder::ConfigBuilder;
|
||||||
use crate::common_state::{CommonState, Protocol, Side};
|
use crate::common_state::{CommonState, Protocol, Side};
|
||||||
use crate::conn::{ConnectionCore, UnbufferedConnectionCommon};
|
use crate::conn::{ConnectionCore, UnbufferedConnectionCommon};
|
||||||
|
@ -9,32 +19,16 @@ use crate::log::trace;
|
||||||
use crate::msgs::enums::NamedGroup;
|
use crate::msgs::enums::NamedGroup;
|
||||||
use crate::msgs::handshake::ClientExtension;
|
use crate::msgs::handshake::ClientExtension;
|
||||||
use crate::msgs::persist;
|
use crate::msgs::persist;
|
||||||
use crate::sign;
|
|
||||||
use crate::suites::SupportedCipherSuite;
|
use crate::suites::SupportedCipherSuite;
|
||||||
#[cfg(feature = "std")]
|
#[cfg(feature = "std")]
|
||||||
use crate::time_provider::DefaultTimeProvider;
|
use crate::time_provider::DefaultTimeProvider;
|
||||||
use crate::time_provider::TimeProvider;
|
use crate::time_provider::TimeProvider;
|
||||||
use crate::unbuffered::{EncryptError, TransmitTlsData};
|
use crate::unbuffered::{EncryptError, TransmitTlsData};
|
||||||
use crate::versions;
|
|
||||||
use crate::KeyLog;
|
|
||||||
#[cfg(feature = "std")]
|
#[cfg(feature = "std")]
|
||||||
use crate::WantsVerifier;
|
use crate::WantsVerifier;
|
||||||
use crate::{verify, WantsVersions};
|
|
||||||
|
|
||||||
use super::handy::NoClientSessionStorage;
|
|
||||||
use super::hs;
|
|
||||||
|
|
||||||
use pki_types::{ServerName, UnixTime};
|
|
||||||
|
|
||||||
use alloc::sync::Arc;
|
|
||||||
use alloc::vec::Vec;
|
|
||||||
use core::fmt;
|
|
||||||
use core::marker::PhantomData;
|
|
||||||
use core::mem;
|
|
||||||
use core::ops::{Deref, DerefMut};
|
|
||||||
|
|
||||||
#[cfg(doc)]
|
#[cfg(doc)]
|
||||||
use crate::{crypto, DistinguishedName};
|
use crate::{crypto, DistinguishedName};
|
||||||
|
use crate::{sign, verify, versions, KeyLog, WantsVersions};
|
||||||
|
|
||||||
/// A trait for the ability to store client session data, so that sessions
|
/// A trait for the ability to store client session data, so that sessions
|
||||||
/// can be resumed in future connections.
|
/// can be resumed in future connections.
|
||||||
|
@ -584,22 +578,20 @@ impl EarlyData {
|
||||||
|
|
||||||
#[cfg(feature = "std")]
|
#[cfg(feature = "std")]
|
||||||
mod connection {
|
mod connection {
|
||||||
use crate::common_state::Protocol;
|
|
||||||
use crate::conn::ConnectionCommon;
|
|
||||||
use crate::conn::ConnectionCore;
|
|
||||||
use crate::error::Error;
|
|
||||||
use crate::suites::ExtractedSecrets;
|
|
||||||
use crate::ClientConfig;
|
|
||||||
|
|
||||||
use pki_types::ServerName;
|
|
||||||
|
|
||||||
use alloc::sync::Arc;
|
use alloc::sync::Arc;
|
||||||
use alloc::vec::Vec;
|
use alloc::vec::Vec;
|
||||||
use core::fmt;
|
use core::fmt;
|
||||||
use core::ops::{Deref, DerefMut};
|
use core::ops::{Deref, DerefMut};
|
||||||
use std::io;
|
use std::io;
|
||||||
|
|
||||||
|
use pki_types::ServerName;
|
||||||
|
|
||||||
use super::ClientConnectionData;
|
use super::ClientConnectionData;
|
||||||
|
use crate::common_state::Protocol;
|
||||||
|
use crate::conn::{ConnectionCommon, ConnectionCore};
|
||||||
|
use crate::error::Error;
|
||||||
|
use crate::suites::ExtractedSecrets;
|
||||||
|
use crate::ClientConfig;
|
||||||
|
|
||||||
/// Stub that implements io::Write and dispatches to `write_early_data`.
|
/// Stub that implements io::Write and dispatches to `write_early_data`.
|
||||||
pub struct WriteEarlyData<'a> {
|
pub struct WriteEarlyData<'a> {
|
||||||
|
|
|
@ -1,15 +1,14 @@
|
||||||
|
use alloc::boxed::Box;
|
||||||
|
use alloc::sync::Arc;
|
||||||
|
use alloc::vec::Vec;
|
||||||
|
|
||||||
use super::ResolvesClientCert;
|
use super::ResolvesClientCert;
|
||||||
#[cfg(feature = "logging")]
|
#[cfg(feature = "logging")]
|
||||||
use crate::log::{debug, trace};
|
use crate::log::{debug, trace};
|
||||||
use crate::msgs::enums::ExtensionType;
|
use crate::msgs::enums::ExtensionType;
|
||||||
use crate::msgs::handshake::ServerExtension;
|
use crate::msgs::handshake::{CertificateChain, DistinguishedName, ServerExtension};
|
||||||
use crate::msgs::handshake::{CertificateChain, DistinguishedName};
|
|
||||||
use crate::{sign, SignatureScheme};
|
use crate::{sign, SignatureScheme};
|
||||||
|
|
||||||
use alloc::boxed::Box;
|
|
||||||
use alloc::sync::Arc;
|
|
||||||
use alloc::vec::Vec;
|
|
||||||
|
|
||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
pub(super) struct ServerCertDetails<'a> {
|
pub(super) struct ServerCertDetails<'a> {
|
||||||
pub(super) cert_chain: CertificateChain<'a>,
|
pub(super) cert_chain: CertificateChain<'a>,
|
||||||
|
|
|
@ -1,14 +1,12 @@
|
||||||
use crate::client;
|
use alloc::sync::Arc;
|
||||||
|
|
||||||
|
use pki_types::ServerName;
|
||||||
|
|
||||||
use crate::enums::SignatureScheme;
|
use crate::enums::SignatureScheme;
|
||||||
use crate::error::Error;
|
use crate::error::Error;
|
||||||
use crate::msgs::handshake::CertificateChain;
|
use crate::msgs::handshake::CertificateChain;
|
||||||
use crate::msgs::persist;
|
use crate::msgs::persist;
|
||||||
use crate::sign;
|
use crate::{client, sign, NamedGroup};
|
||||||
use crate::NamedGroup;
|
|
||||||
|
|
||||||
use pki_types::ServerName;
|
|
||||||
|
|
||||||
use alloc::sync::Arc;
|
|
||||||
|
|
||||||
/// An implementer of `ClientSessionStore` which does nothing.
|
/// An implementer of `ClientSessionStore` which does nothing.
|
||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
|
@ -42,12 +40,11 @@ mod cache {
|
||||||
use core::fmt;
|
use core::fmt;
|
||||||
use std::sync::Mutex;
|
use std::sync::Mutex;
|
||||||
|
|
||||||
use crate::limited_cache;
|
|
||||||
use crate::msgs::persist;
|
|
||||||
use crate::NamedGroup;
|
|
||||||
|
|
||||||
use pki_types::ServerName;
|
use pki_types::ServerName;
|
||||||
|
|
||||||
|
use crate::msgs::persist;
|
||||||
|
use crate::{limited_cache, NamedGroup};
|
||||||
|
|
||||||
const MAX_TLS13_TICKETS_PER_SERVER: usize = 8;
|
const MAX_TLS13_TICKETS_PER_SERVER: usize = 8;
|
||||||
|
|
||||||
struct ServerData {
|
struct ServerData {
|
||||||
|
|
|
@ -1,6 +1,21 @@
|
||||||
|
use alloc::borrow::ToOwned;
|
||||||
|
use alloc::boxed::Box;
|
||||||
|
use alloc::sync::Arc;
|
||||||
|
use alloc::vec;
|
||||||
|
use alloc::vec::Vec;
|
||||||
|
use core::ops::Deref;
|
||||||
|
|
||||||
|
use pki_types::ServerName;
|
||||||
|
|
||||||
|
#[cfg(feature = "tls12")]
|
||||||
|
use super::tls12;
|
||||||
|
use super::Tls12Resumption;
|
||||||
#[cfg(feature = "logging")]
|
#[cfg(feature = "logging")]
|
||||||
use crate::bs_debug;
|
use crate::bs_debug;
|
||||||
use crate::check::inappropriate_handshake_message;
|
use crate::check::inappropriate_handshake_message;
|
||||||
|
use crate::client::client_conn::ClientConnectionData;
|
||||||
|
use crate::client::common::ClientHelloDetails;
|
||||||
|
use crate::client::{tls13, ClientConfig};
|
||||||
use crate::common_state::{CommonState, State};
|
use crate::common_state::{CommonState, State};
|
||||||
use crate::conn::ConnectionRandoms;
|
use crate::conn::ConnectionRandoms;
|
||||||
use crate::crypto::{ActiveKeyExchange, KeyExchangeAlgorithm};
|
use crate::crypto::{ActiveKeyExchange, KeyExchangeAlgorithm};
|
||||||
|
@ -10,35 +25,17 @@ use crate::hash_hs::HandshakeHashBuffer;
|
||||||
#[cfg(feature = "logging")]
|
#[cfg(feature = "logging")]
|
||||||
use crate::log::{debug, trace};
|
use crate::log::{debug, trace};
|
||||||
use crate::msgs::base::Payload;
|
use crate::msgs::base::Payload;
|
||||||
use crate::msgs::enums::{Compression, ExtensionType};
|
use crate::msgs::enums::{Compression, ECPointFormat, ExtensionType, PSKKeyExchangeMode};
|
||||||
use crate::msgs::enums::{ECPointFormat, PSKKeyExchangeMode};
|
use crate::msgs::handshake::{
|
||||||
use crate::msgs::handshake::ConvertProtocolNameList;
|
CertificateStatusRequest, ClientExtension, ClientHelloPayload, ClientSessionTicket,
|
||||||
use crate::msgs::handshake::{CertificateStatusRequest, ClientSessionTicket};
|
ConvertProtocolNameList, HandshakeMessagePayload, HandshakePayload, HasServerExtensions,
|
||||||
use crate::msgs::handshake::{ClientExtension, HasServerExtensions};
|
HelloRetryRequest, KeyShareEntry, Random, SessionId,
|
||||||
use crate::msgs::handshake::{ClientHelloPayload, HandshakeMessagePayload, HandshakePayload};
|
};
|
||||||
use crate::msgs::handshake::{HelloRetryRequest, KeyShareEntry};
|
|
||||||
use crate::msgs::handshake::{Random, SessionId};
|
|
||||||
use crate::msgs::message::{Message, MessagePayload};
|
use crate::msgs::message::{Message, MessagePayload};
|
||||||
use crate::msgs::persist;
|
use crate::msgs::persist;
|
||||||
use crate::tls13::key_schedule::KeyScheduleEarly;
|
use crate::tls13::key_schedule::KeyScheduleEarly;
|
||||||
use crate::SupportedCipherSuite;
|
use crate::SupportedCipherSuite;
|
||||||
|
|
||||||
#[cfg(feature = "tls12")]
|
|
||||||
use super::tls12;
|
|
||||||
use super::Tls12Resumption;
|
|
||||||
use crate::client::client_conn::ClientConnectionData;
|
|
||||||
use crate::client::common::ClientHelloDetails;
|
|
||||||
use crate::client::{tls13, ClientConfig};
|
|
||||||
|
|
||||||
use pki_types::ServerName;
|
|
||||||
|
|
||||||
use alloc::borrow::ToOwned;
|
|
||||||
use alloc::boxed::Box;
|
|
||||||
use alloc::sync::Arc;
|
|
||||||
use alloc::vec;
|
|
||||||
use alloc::vec::Vec;
|
|
||||||
use core::ops::Deref;
|
|
||||||
|
|
||||||
pub(super) type NextState<'a> = Box<dyn State<ClientConnectionData> + 'a>;
|
pub(super) type NextState<'a> = Box<dyn State<ClientConnectionData> + 'a>;
|
||||||
pub(super) type NextStateOrError<'a> = Result<NextState<'a>, Error>;
|
pub(super) type NextStateOrError<'a> = Result<NextState<'a>, Error>;
|
||||||
pub(super) type ClientContext<'a> = crate::common_state::Context<'a, ClientConnectionData>;
|
pub(super) type ClientContext<'a> = crate::common_state::Context<'a, ClientConnectionData>;
|
||||||
|
|
|
@ -1,9 +1,22 @@
|
||||||
|
use alloc::borrow::ToOwned;
|
||||||
|
use alloc::boxed::Box;
|
||||||
|
use alloc::sync::Arc;
|
||||||
|
use alloc::vec;
|
||||||
|
use alloc::vec::Vec;
|
||||||
|
|
||||||
|
use pki_types::ServerName;
|
||||||
|
pub(super) use server_hello::CompleteServerHelloHandling;
|
||||||
|
use subtle::ConstantTimeEq;
|
||||||
|
|
||||||
|
use super::client_conn::ClientConnectionData;
|
||||||
|
use super::hs::ClientContext;
|
||||||
use crate::check::{inappropriate_handshake_message, inappropriate_message};
|
use crate::check::{inappropriate_handshake_message, inappropriate_message};
|
||||||
|
use crate::client::common::{ClientAuthDetails, ServerCertDetails};
|
||||||
|
use crate::client::{hs, ClientConfig};
|
||||||
use crate::common_state::{CommonState, Side, State};
|
use crate::common_state::{CommonState, Side, State};
|
||||||
use crate::conn::ConnectionRandoms;
|
use crate::conn::ConnectionRandoms;
|
||||||
use crate::crypto::KeyExchangeAlgorithm;
|
use crate::crypto::KeyExchangeAlgorithm;
|
||||||
use crate::enums::ProtocolVersion;
|
use crate::enums::{AlertDescription, ContentType, HandshakeType, ProtocolVersion};
|
||||||
use crate::enums::{AlertDescription, ContentType, HandshakeType};
|
|
||||||
use crate::error::{Error, InvalidMessage, PeerIncompatible, PeerMisbehaved};
|
use crate::error::{Error, InvalidMessage, PeerIncompatible, PeerMisbehaved};
|
||||||
use crate::hash_hs::HandshakeHash;
|
use crate::hash_hs::HandshakeHash;
|
||||||
#[cfg(feature = "logging")]
|
#[cfg(feature = "logging")]
|
||||||
|
@ -22,29 +35,10 @@ use crate::suites::{PartiallyExtractedSecrets, SupportedCipherSuite};
|
||||||
use crate::tls12::{self, ConnectionSecrets, Tls12CipherSuite};
|
use crate::tls12::{self, ConnectionSecrets, Tls12CipherSuite};
|
||||||
use crate::verify::{self, DigitallySignedStruct};
|
use crate::verify::{self, DigitallySignedStruct};
|
||||||
|
|
||||||
use super::client_conn::ClientConnectionData;
|
|
||||||
use super::hs::ClientContext;
|
|
||||||
use crate::client::common::ClientAuthDetails;
|
|
||||||
use crate::client::common::ServerCertDetails;
|
|
||||||
use crate::client::{hs, ClientConfig};
|
|
||||||
|
|
||||||
use pki_types::ServerName;
|
|
||||||
use subtle::ConstantTimeEq;
|
|
||||||
|
|
||||||
use alloc::borrow::ToOwned;
|
|
||||||
use alloc::boxed::Box;
|
|
||||||
use alloc::sync::Arc;
|
|
||||||
use alloc::vec;
|
|
||||||
use alloc::vec::Vec;
|
|
||||||
|
|
||||||
pub(super) use server_hello::CompleteServerHelloHandling;
|
|
||||||
|
|
||||||
mod server_hello {
|
mod server_hello {
|
||||||
use crate::msgs::enums::ExtensionType;
|
|
||||||
use crate::msgs::handshake::HasServerExtensions;
|
|
||||||
use crate::msgs::handshake::ServerHelloPayload;
|
|
||||||
|
|
||||||
use super::*;
|
use super::*;
|
||||||
|
use crate::msgs::enums::ExtensionType;
|
||||||
|
use crate::msgs::handshake::{HasServerExtensions, ServerHelloPayload};
|
||||||
|
|
||||||
pub(in crate::client) struct CompleteServerHelloHandling {
|
pub(in crate::client) struct CompleteServerHelloHandling {
|
||||||
pub(in crate::client) config: Arc<ClientConfig>,
|
pub(in crate::client) config: Arc<ClientConfig>,
|
||||||
|
|
|
@ -1,8 +1,18 @@
|
||||||
|
use alloc::boxed::Box;
|
||||||
|
use alloc::sync::Arc;
|
||||||
|
use alloc::vec;
|
||||||
|
use alloc::vec::Vec;
|
||||||
|
|
||||||
|
use pki_types::ServerName;
|
||||||
|
use subtle::ConstantTimeEq;
|
||||||
|
|
||||||
|
use super::client_conn::ClientConnectionData;
|
||||||
|
use super::hs::ClientContext;
|
||||||
use crate::check::inappropriate_handshake_message;
|
use crate::check::inappropriate_handshake_message;
|
||||||
use crate::common_state::Protocol;
|
use crate::client::common::{ClientAuthDetails, ClientHelloDetails, ServerCertDetails};
|
||||||
use crate::common_state::{CommonState, Side, State};
|
use crate::client::{hs, ClientConfig, ClientSessionStore};
|
||||||
|
use crate::common_state::{CommonState, Protocol, Side, State};
|
||||||
use crate::conn::ConnectionRandoms;
|
use crate::conn::ConnectionRandoms;
|
||||||
use crate::crypto;
|
|
||||||
use crate::crypto::ActiveKeyExchange;
|
use crate::crypto::ActiveKeyExchange;
|
||||||
use crate::enums::{
|
use crate::enums::{
|
||||||
AlertDescription, ContentType, HandshakeType, ProtocolVersion, SignatureScheme,
|
AlertDescription, ContentType, HandshakeType, ProtocolVersion, SignatureScheme,
|
||||||
|
@ -13,40 +23,24 @@ use crate::hash_hs::{HandshakeHash, HandshakeHashBuffer};
|
||||||
use crate::log::{debug, trace, warn};
|
use crate::log::{debug, trace, warn};
|
||||||
use crate::msgs::base::{Payload, PayloadU8};
|
use crate::msgs::base::{Payload, PayloadU8};
|
||||||
use crate::msgs::ccs::ChangeCipherSpecPayload;
|
use crate::msgs::ccs::ChangeCipherSpecPayload;
|
||||||
use crate::msgs::enums::ExtensionType;
|
use crate::msgs::enums::{ExtensionType, KeyUpdateRequest};
|
||||||
use crate::msgs::enums::KeyUpdateRequest;
|
use crate::msgs::handshake::{
|
||||||
use crate::msgs::handshake::NewSessionTicketPayloadTls13;
|
CertificateEntry, CertificatePayloadTls13, ClientExtension, HandshakeMessagePayload,
|
||||||
use crate::msgs::handshake::{CertificateEntry, CertificatePayloadTls13};
|
HandshakePayload, HasServerExtensions, NewSessionTicketPayloadTls13, PresharedKeyIdentity,
|
||||||
use crate::msgs::handshake::{ClientExtension, ServerExtension};
|
PresharedKeyOffer, ServerExtension, ServerHelloPayload,
|
||||||
use crate::msgs::handshake::{HandshakeMessagePayload, HandshakePayload};
|
};
|
||||||
use crate::msgs::handshake::{HasServerExtensions, ServerHelloPayload};
|
|
||||||
use crate::msgs::handshake::{PresharedKeyIdentity, PresharedKeyOffer};
|
|
||||||
use crate::msgs::message::{Message, MessagePayload};
|
use crate::msgs::message::{Message, MessagePayload};
|
||||||
use crate::msgs::persist;
|
use crate::msgs::persist;
|
||||||
use crate::sign::{CertifiedKey, Signer};
|
use crate::sign::{CertifiedKey, Signer};
|
||||||
use crate::suites::PartiallyExtractedSecrets;
|
use crate::suites::PartiallyExtractedSecrets;
|
||||||
use crate::tls13::construct_client_verify_message;
|
|
||||||
use crate::tls13::construct_server_verify_message;
|
|
||||||
use crate::tls13::key_schedule::{
|
use crate::tls13::key_schedule::{
|
||||||
KeyScheduleEarly, KeyScheduleHandshake, KeySchedulePreHandshake, KeyScheduleTraffic,
|
KeyScheduleEarly, KeyScheduleHandshake, KeySchedulePreHandshake, KeyScheduleTraffic,
|
||||||
};
|
};
|
||||||
use crate::tls13::Tls13CipherSuite;
|
use crate::tls13::{
|
||||||
|
construct_client_verify_message, construct_server_verify_message, Tls13CipherSuite,
|
||||||
|
};
|
||||||
use crate::verify::{self, DigitallySignedStruct};
|
use crate::verify::{self, DigitallySignedStruct};
|
||||||
use crate::KeyLog;
|
use crate::{crypto, KeyLog};
|
||||||
|
|
||||||
use super::client_conn::ClientConnectionData;
|
|
||||||
use super::hs::ClientContext;
|
|
||||||
use crate::client::common::ServerCertDetails;
|
|
||||||
use crate::client::common::{ClientAuthDetails, ClientHelloDetails};
|
|
||||||
use crate::client::{hs, ClientConfig, ClientSessionStore};
|
|
||||||
|
|
||||||
use pki_types::ServerName;
|
|
||||||
use subtle::ConstantTimeEq;
|
|
||||||
|
|
||||||
use alloc::boxed::Box;
|
|
||||||
use alloc::sync::Arc;
|
|
||||||
use alloc::vec;
|
|
||||||
use alloc::vec::Vec;
|
|
||||||
|
|
||||||
// Extensions we expect in plaintext in the ServerHello.
|
// Extensions we expect in plaintext in the ServerHello.
|
||||||
static ALLOWED_PLAINTEXT_EXTS: &[ExtensionType] = &[
|
static ALLOWED_PLAINTEXT_EXTS: &[ExtensionType] = &[
|
||||||
|
|
|
@ -1,3 +1,8 @@
|
||||||
|
use alloc::boxed::Box;
|
||||||
|
use alloc::vec::Vec;
|
||||||
|
|
||||||
|
use pki_types::CertificateDer;
|
||||||
|
|
||||||
use crate::enums::{AlertDescription, ContentType, HandshakeType, ProtocolVersion};
|
use crate::enums::{AlertDescription, ContentType, HandshakeType, ProtocolVersion};
|
||||||
use crate::error::{Error, InvalidMessage, PeerMisbehaved};
|
use crate::error::{Error, InvalidMessage, PeerMisbehaved};
|
||||||
#[cfg(feature = "logging")]
|
#[cfg(feature = "logging")]
|
||||||
|
@ -11,19 +16,12 @@ use crate::msgs::message::{
|
||||||
Message, MessagePayload, OutboundChunks, OutboundOpaqueMessage, OutboundPlainMessage,
|
Message, MessagePayload, OutboundChunks, OutboundOpaqueMessage, OutboundPlainMessage,
|
||||||
PlainMessage,
|
PlainMessage,
|
||||||
};
|
};
|
||||||
use crate::quic;
|
use crate::suites::{PartiallyExtractedSecrets, SupportedCipherSuite};
|
||||||
use crate::record_layer;
|
|
||||||
use crate::suites::PartiallyExtractedSecrets;
|
|
||||||
use crate::suites::SupportedCipherSuite;
|
|
||||||
#[cfg(feature = "tls12")]
|
#[cfg(feature = "tls12")]
|
||||||
use crate::tls12::ConnectionSecrets;
|
use crate::tls12::ConnectionSecrets;
|
||||||
use crate::unbuffered::{EncryptError, InsufficientSizeError};
|
use crate::unbuffered::{EncryptError, InsufficientSizeError};
|
||||||
use crate::vecbuf::ChunkVecBuffer;
|
use crate::vecbuf::ChunkVecBuffer;
|
||||||
|
use crate::{quic, record_layer};
|
||||||
use alloc::boxed::Box;
|
|
||||||
use alloc::vec::Vec;
|
|
||||||
|
|
||||||
use pki_types::CertificateDer;
|
|
||||||
|
|
||||||
/// Connection state common to both client and server connections.
|
/// Connection state common to both client and server connections.
|
||||||
pub struct CommonState {
|
pub struct CommonState {
|
||||||
|
|
|
@ -1,3 +1,10 @@
|
||||||
|
use alloc::boxed::Box;
|
||||||
|
use core::fmt::Debug;
|
||||||
|
use core::mem;
|
||||||
|
use core::ops::{Deref, DerefMut};
|
||||||
|
#[cfg(feature = "std")]
|
||||||
|
use std::io;
|
||||||
|
|
||||||
use crate::common_state::{CommonState, Context, IoState, State, DEFAULT_BUFFER_LIMIT};
|
use crate::common_state::{CommonState, Context, IoState, State, DEFAULT_BUFFER_LIMIT};
|
||||||
use crate::enums::{AlertDescription, ContentType};
|
use crate::enums::{AlertDescription, ContentType};
|
||||||
use crate::error::{Error, PeerMisbehaved};
|
use crate::error::{Error, PeerMisbehaved};
|
||||||
|
@ -9,17 +16,15 @@ use crate::msgs::message::{InboundPlainMessage, Message, MessagePayload};
|
||||||
use crate::suites::{ExtractedSecrets, PartiallyExtractedSecrets};
|
use crate::suites::{ExtractedSecrets, PartiallyExtractedSecrets};
|
||||||
use crate::vecbuf::ChunkVecBuffer;
|
use crate::vecbuf::ChunkVecBuffer;
|
||||||
|
|
||||||
use alloc::boxed::Box;
|
|
||||||
use core::fmt::Debug;
|
|
||||||
use core::mem;
|
|
||||||
use core::ops::{Deref, DerefMut};
|
|
||||||
#[cfg(feature = "std")]
|
|
||||||
use std::io;
|
|
||||||
|
|
||||||
pub(crate) mod unbuffered;
|
pub(crate) mod unbuffered;
|
||||||
|
|
||||||
#[cfg(feature = "std")]
|
#[cfg(feature = "std")]
|
||||||
mod connection {
|
mod connection {
|
||||||
|
use alloc::vec::Vec;
|
||||||
|
use core::fmt::Debug;
|
||||||
|
use core::ops::{Deref, DerefMut};
|
||||||
|
use std::io;
|
||||||
|
|
||||||
use crate::common_state::{CommonState, IoState};
|
use crate::common_state::{CommonState, IoState};
|
||||||
use crate::error::Error;
|
use crate::error::Error;
|
||||||
use crate::msgs::message::OutboundChunks;
|
use crate::msgs::message::OutboundChunks;
|
||||||
|
@ -27,11 +32,6 @@ mod connection {
|
||||||
use crate::vecbuf::ChunkVecBuffer;
|
use crate::vecbuf::ChunkVecBuffer;
|
||||||
use crate::ConnectionCommon;
|
use crate::ConnectionCommon;
|
||||||
|
|
||||||
use alloc::vec::Vec;
|
|
||||||
use core::fmt::Debug;
|
|
||||||
use core::ops::{Deref, DerefMut};
|
|
||||||
use std::io;
|
|
||||||
|
|
||||||
/// A client or server connection.
|
/// A client or server connection.
|
||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
pub enum Connection {
|
pub enum Connection {
|
||||||
|
|
|
@ -1,14 +1,3 @@
|
||||||
use crate::crypto::{CryptoProvider, KeyProvider, SecureRandom};
|
|
||||||
use crate::enums::SignatureScheme;
|
|
||||||
use crate::rand::GetRandomFailed;
|
|
||||||
use crate::sign::SigningKey;
|
|
||||||
use crate::suites::SupportedCipherSuite;
|
|
||||||
use crate::webpki::WebPkiSupportedAlgorithms;
|
|
||||||
use crate::Error;
|
|
||||||
|
|
||||||
use pki_types::PrivateKeyDer;
|
|
||||||
use webpki::aws_lc_rs as webpki_algs;
|
|
||||||
|
|
||||||
use alloc::sync::Arc;
|
use alloc::sync::Arc;
|
||||||
use alloc::vec::Vec;
|
use alloc::vec::Vec;
|
||||||
|
|
||||||
|
@ -17,6 +6,16 @@ use alloc::vec::Vec;
|
||||||
// ring-compatible crate, and `super::ring_shim` to bridge the gaps where they are
|
// ring-compatible crate, and `super::ring_shim` to bridge the gaps where they are
|
||||||
// small.
|
// small.
|
||||||
pub(crate) use aws_lc_rs as ring_like;
|
pub(crate) use aws_lc_rs as ring_like;
|
||||||
|
use pki_types::PrivateKeyDer;
|
||||||
|
use webpki::aws_lc_rs as webpki_algs;
|
||||||
|
|
||||||
|
use crate::crypto::{CryptoProvider, KeyProvider, SecureRandom};
|
||||||
|
use crate::enums::SignatureScheme;
|
||||||
|
use crate::rand::GetRandomFailed;
|
||||||
|
use crate::sign::SigningKey;
|
||||||
|
use crate::suites::SupportedCipherSuite;
|
||||||
|
use crate::webpki::WebPkiSupportedAlgorithms;
|
||||||
|
use crate::Error;
|
||||||
|
|
||||||
/// Using software keys for authentication.
|
/// Using software keys for authentication.
|
||||||
pub mod sign;
|
pub mod sign;
|
||||||
|
@ -219,9 +218,7 @@ static SUPPORTED_SIG_ALGS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms
|
||||||
///
|
///
|
||||||
/// [`ALL_KX_GROUPS`] is provided as an array of all of these values.
|
/// [`ALL_KX_GROUPS`] is provided as an array of all of these values.
|
||||||
pub mod kx_group {
|
pub mod kx_group {
|
||||||
pub use super::kx::SECP256R1;
|
pub use super::kx::{SECP256R1, SECP384R1, X25519};
|
||||||
pub use super::kx::SECP384R1;
|
|
||||||
pub use super::kx::X25519;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
pub use kx::ALL_KX_GROUPS;
|
pub use kx::ALL_KX_GROUPS;
|
||||||
|
|
|
@ -1,20 +1,19 @@
|
||||||
#![allow(clippy::duplicate_mod)]
|
#![allow(clippy::duplicate_mod)]
|
||||||
|
|
||||||
use crate::enums::{SignatureAlgorithm, SignatureScheme};
|
use alloc::boxed::Box;
|
||||||
use crate::error::Error;
|
use alloc::string::ToString;
|
||||||
use crate::sign::{Signer, SigningKey};
|
use alloc::sync::Arc;
|
||||||
|
use alloc::vec::Vec;
|
||||||
|
use alloc::{format, vec};
|
||||||
|
use core::fmt::{self, Debug, Formatter};
|
||||||
|
|
||||||
|
use pki_types::{PrivateKeyDer, PrivatePkcs8KeyDer};
|
||||||
|
|
||||||
use super::ring_like::rand::SystemRandom;
|
use super::ring_like::rand::SystemRandom;
|
||||||
use super::ring_like::signature::{self, EcdsaKeyPair, Ed25519KeyPair, RsaKeyPair};
|
use super::ring_like::signature::{self, EcdsaKeyPair, Ed25519KeyPair, RsaKeyPair};
|
||||||
use pki_types::{PrivateKeyDer, PrivatePkcs8KeyDer};
|
use crate::enums::{SignatureAlgorithm, SignatureScheme};
|
||||||
|
use crate::error::Error;
|
||||||
use alloc::boxed::Box;
|
use crate::sign::{Signer, SigningKey};
|
||||||
use alloc::format;
|
|
||||||
use alloc::string::ToString;
|
|
||||||
use alloc::sync::Arc;
|
|
||||||
use alloc::vec;
|
|
||||||
use alloc::vec::Vec;
|
|
||||||
use core::fmt::{self, Debug, Formatter};
|
|
||||||
|
|
||||||
/// Parse `der` as any supported key encoding/type, returning
|
/// Parse `der` as any supported key encoding/type, returning
|
||||||
/// the first which works.
|
/// the first which works.
|
||||||
|
@ -370,10 +369,12 @@ impl Debug for Ed25519Signer {
|
||||||
|
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
mod tests {
|
mod tests {
|
||||||
use super::*;
|
|
||||||
use alloc::format;
|
use alloc::format;
|
||||||
|
|
||||||
use pki_types::{PrivatePkcs1KeyDer, PrivateSec1KeyDer};
|
use pki_types::{PrivatePkcs1KeyDer, PrivateSec1KeyDer};
|
||||||
|
|
||||||
|
use super::*;
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn can_load_ecdsa_nistp256_pkcs8() {
|
fn can_load_ecdsa_nistp256_pkcs8() {
|
||||||
let key =
|
let key =
|
||||||
|
|
|
@ -1,3 +1,7 @@
|
||||||
|
use alloc::boxed::Box;
|
||||||
|
|
||||||
|
use aws_lc_rs::{aead, tls_prf};
|
||||||
|
|
||||||
use crate::crypto::cipher::{
|
use crate::crypto::cipher::{
|
||||||
make_tls12_aad, AeadKey, InboundOpaqueMessage, Iv, KeyBlockShape, MessageDecrypter,
|
make_tls12_aad, AeadKey, InboundOpaqueMessage, Iv, KeyBlockShape, MessageDecrypter,
|
||||||
MessageEncrypter, Nonce, Tls12AeadAlgorithm, UnsupportedOperationError, NONCE_LEN,
|
MessageEncrypter, Nonce, Tls12AeadAlgorithm, UnsupportedOperationError, NONCE_LEN,
|
||||||
|
@ -14,10 +18,6 @@ use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipher
|
||||||
use crate::tls12::Tls12CipherSuite;
|
use crate::tls12::Tls12CipherSuite;
|
||||||
use crate::version::TLS12;
|
use crate::version::TLS12;
|
||||||
|
|
||||||
use alloc::boxed::Box;
|
|
||||||
|
|
||||||
use aws_lc_rs::{aead, tls_prf};
|
|
||||||
|
|
||||||
/// The TLS1.2 ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256.
|
/// The TLS1.2 ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256.
|
||||||
pub static TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite =
|
pub static TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite =
|
||||||
SupportedCipherSuite::Tls12(&Tls12CipherSuite {
|
SupportedCipherSuite::Tls12(&Tls12CipherSuite {
|
||||||
|
|
|
@ -1,5 +1,8 @@
|
||||||
use alloc::boxed::Box;
|
use alloc::boxed::Box;
|
||||||
|
|
||||||
|
use aws_lc_rs::hkdf::KeyType;
|
||||||
|
use aws_lc_rs::{aead, hkdf, hmac};
|
||||||
|
|
||||||
use crate::crypto;
|
use crate::crypto;
|
||||||
use crate::crypto::cipher::{
|
use crate::crypto::cipher::{
|
||||||
make_tls13_aad, AeadKey, InboundOpaqueMessage, Iv, MessageDecrypter, MessageEncrypter, Nonce,
|
make_tls13_aad, AeadKey, InboundOpaqueMessage, Iv, MessageDecrypter, MessageEncrypter, Nonce,
|
||||||
|
@ -14,9 +17,6 @@ use crate::msgs::message::{
|
||||||
use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite};
|
use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite};
|
||||||
use crate::tls13::Tls13CipherSuite;
|
use crate::tls13::Tls13CipherSuite;
|
||||||
|
|
||||||
use aws_lc_rs::hkdf::KeyType;
|
|
||||||
use aws_lc_rs::{aead, hkdf, hmac};
|
|
||||||
|
|
||||||
/// The TLS1.3 ciphersuite TLS_CHACHA20_POLY1305_SHA256
|
/// The TLS1.3 ciphersuite TLS_CHACHA20_POLY1305_SHA256
|
||||||
pub static TLS13_CHACHA20_POLY1305_SHA256: SupportedCipherSuite =
|
pub static TLS13_CHACHA20_POLY1305_SHA256: SupportedCipherSuite =
|
||||||
SupportedCipherSuite::Tls13(TLS13_CHACHA20_POLY1305_SHA256_INTERNAL);
|
SupportedCipherSuite::Tls13(TLS13_CHACHA20_POLY1305_SHA256_INTERNAL);
|
||||||
|
|
|
@ -2,6 +2,8 @@ use alloc::boxed::Box;
|
||||||
use alloc::string::ToString;
|
use alloc::string::ToString;
|
||||||
use core::fmt;
|
use core::fmt;
|
||||||
|
|
||||||
|
use zeroize::Zeroize;
|
||||||
|
|
||||||
use crate::enums::{ContentType, ProtocolVersion};
|
use crate::enums::{ContentType, ProtocolVersion};
|
||||||
use crate::error::Error;
|
use crate::error::Error;
|
||||||
use crate::msgs::codec;
|
use crate::msgs::codec;
|
||||||
|
@ -11,8 +13,6 @@ pub use crate::msgs::message::{
|
||||||
};
|
};
|
||||||
use crate::suites::ConnectionTrafficSecrets;
|
use crate::suites::ConnectionTrafficSecrets;
|
||||||
|
|
||||||
use zeroize::Zeroize;
|
|
||||||
|
|
||||||
/// Factory trait for building `MessageEncrypter` and `MessageDecrypter` for a TLS1.3 cipher suite.
|
/// Factory trait for building `MessageEncrypter` and `MessageDecrypter` for a TLS1.3 cipher suite.
|
||||||
pub trait Tls13AeadAlgorithm: Send + Sync {
|
pub trait Tls13AeadAlgorithm: Send + Sync {
|
||||||
/// Build a `MessageEncrypter` for the given key/iv.
|
/// Build a `MessageEncrypter` for the given key/iv.
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
pub use crate::msgs::enums::HashAlgorithm;
|
|
||||||
|
|
||||||
use alloc::boxed::Box;
|
use alloc::boxed::Box;
|
||||||
|
|
||||||
|
pub use crate::msgs::enums::HashAlgorithm;
|
||||||
|
|
||||||
/// Describes a single cryptographic hash function.
|
/// Describes a single cryptographic hash function.
|
||||||
///
|
///
|
||||||
/// This interface can do both one-shot and incremental hashing, using
|
/// This interface can do both one-shot and incremental hashing, using
|
||||||
|
|
|
@ -1,7 +1,3 @@
|
||||||
use crate::sign::SigningKey;
|
|
||||||
use crate::{suites, ProtocolVersion, SupportedProtocolVersion};
|
|
||||||
use crate::{Error, NamedGroup};
|
|
||||||
|
|
||||||
use alloc::boxed::Box;
|
use alloc::boxed::Box;
|
||||||
use alloc::sync::Arc;
|
use alloc::sync::Arc;
|
||||||
use alloc::vec::Vec;
|
use alloc::vec::Vec;
|
||||||
|
@ -11,10 +7,13 @@ use core::fmt::Debug;
|
||||||
use once_cell::race::OnceBox;
|
use once_cell::race::OnceBox;
|
||||||
#[cfg(feature = "std")]
|
#[cfg(feature = "std")]
|
||||||
use once_cell::sync::OnceCell;
|
use once_cell::sync::OnceCell;
|
||||||
|
|
||||||
use pki_types::PrivateKeyDer;
|
use pki_types::PrivateKeyDer;
|
||||||
use zeroize::Zeroize;
|
use zeroize::Zeroize;
|
||||||
|
|
||||||
|
use crate::sign::SigningKey;
|
||||||
|
pub use crate::webpki::{
|
||||||
|
verify_tls12_signature, verify_tls13_signature, WebPkiSupportedAlgorithms,
|
||||||
|
};
|
||||||
#[cfg(all(doc, feature = "tls12"))]
|
#[cfg(all(doc, feature = "tls12"))]
|
||||||
use crate::Tls12CipherSuite;
|
use crate::Tls12CipherSuite;
|
||||||
#[cfg(doc)]
|
#[cfg(doc)]
|
||||||
|
@ -22,10 +21,7 @@ use crate::{
|
||||||
client, crypto, server, sign, ClientConfig, ConfigBuilder, ServerConfig, SupportedCipherSuite,
|
client, crypto, server, sign, ClientConfig, ConfigBuilder, ServerConfig, SupportedCipherSuite,
|
||||||
Tls13CipherSuite,
|
Tls13CipherSuite,
|
||||||
};
|
};
|
||||||
|
use crate::{suites, Error, NamedGroup, ProtocolVersion, SupportedProtocolVersion};
|
||||||
pub use crate::webpki::{
|
|
||||||
verify_tls12_signature, verify_tls13_signature, WebPkiSupportedAlgorithms,
|
|
||||||
};
|
|
||||||
|
|
||||||
/// *ring* based CryptoProvider.
|
/// *ring* based CryptoProvider.
|
||||||
#[cfg(feature = "ring")]
|
#[cfg(feature = "ring")]
|
||||||
|
@ -59,11 +55,9 @@ pub mod hpke;
|
||||||
// avoid having two import paths to the same types.
|
// avoid having two import paths to the same types.
|
||||||
pub(crate) mod signer;
|
pub(crate) mod signer;
|
||||||
|
|
||||||
pub use crate::rand::GetRandomFailed;
|
|
||||||
|
|
||||||
pub use crate::suites::CipherSuiteCommon;
|
|
||||||
|
|
||||||
pub use crate::msgs::handshake::KeyExchangeAlgorithm;
|
pub use crate::msgs::handshake::KeyExchangeAlgorithm;
|
||||||
|
pub use crate::rand::GetRandomFailed;
|
||||||
|
pub use crate::suites::CipherSuiteCommon;
|
||||||
|
|
||||||
/// Controls core cryptography used by rustls.
|
/// Controls core cryptography used by rustls.
|
||||||
///
|
///
|
||||||
|
@ -552,9 +546,10 @@ pub fn default_fips_provider() -> CryptoProvider {
|
||||||
|
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
mod tests {
|
mod tests {
|
||||||
use super::SharedSecret;
|
|
||||||
use std::vec;
|
use std::vec;
|
||||||
|
|
||||||
|
use super::SharedSecret;
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn test_shared_secret_strip_leading_zeros() {
|
fn test_shared_secret_strip_leading_zeros() {
|
||||||
let test_cases = [
|
let test_cases = [
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
#![allow(clippy::duplicate_mod)]
|
#![allow(clippy::duplicate_mod)]
|
||||||
|
|
||||||
|
use alloc::boxed::Box;
|
||||||
|
|
||||||
use super::ring_like::digest;
|
use super::ring_like::digest;
|
||||||
use crate::crypto;
|
use crate::crypto;
|
||||||
use crate::msgs::enums::HashAlgorithm;
|
use crate::msgs::enums::HashAlgorithm;
|
||||||
|
|
||||||
use alloc::boxed::Box;
|
|
||||||
|
|
||||||
pub(crate) static SHA256: Hash = Hash(&digest::SHA256, HashAlgorithm::SHA256);
|
pub(crate) static SHA256: Hash = Hash(&digest::SHA256, HashAlgorithm::SHA256);
|
||||||
pub(crate) static SHA384: Hash = Hash(&digest::SHA384, HashAlgorithm::SHA384);
|
pub(crate) static SHA384: Hash = Hash(&digest::SHA384, HashAlgorithm::SHA384);
|
||||||
|
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
#![allow(clippy::duplicate_mod)]
|
#![allow(clippy::duplicate_mod)]
|
||||||
|
|
||||||
|
use alloc::boxed::Box;
|
||||||
|
|
||||||
use super::ring_like;
|
use super::ring_like;
|
||||||
use crate::crypto;
|
use crate::crypto;
|
||||||
|
|
||||||
use alloc::boxed::Box;
|
|
||||||
|
|
||||||
#[cfg(feature = "tls12")]
|
#[cfg(feature = "tls12")]
|
||||||
pub(crate) static HMAC_SHA256: Hmac = Hmac(&ring_like::hmac::HMAC_SHA256);
|
pub(crate) static HMAC_SHA256: Hmac = Hmac(&ring_like::hmac::HMAC_SHA256);
|
||||||
#[cfg(feature = "tls12")]
|
#[cfg(feature = "tls12")]
|
||||||
|
|
|
@ -1,16 +1,15 @@
|
||||||
#![allow(clippy::duplicate_mod)]
|
#![allow(clippy::duplicate_mod)]
|
||||||
|
|
||||||
|
use alloc::boxed::Box;
|
||||||
|
use core::fmt;
|
||||||
|
|
||||||
|
use super::ring_like::agreement;
|
||||||
|
use super::ring_like::rand::SystemRandom;
|
||||||
use crate::crypto::{ActiveKeyExchange, SharedSecret, SupportedKxGroup};
|
use crate::crypto::{ActiveKeyExchange, SharedSecret, SupportedKxGroup};
|
||||||
use crate::error::{Error, PeerMisbehaved};
|
use crate::error::{Error, PeerMisbehaved};
|
||||||
use crate::msgs::enums::NamedGroup;
|
use crate::msgs::enums::NamedGroup;
|
||||||
use crate::rand::GetRandomFailed;
|
use crate::rand::GetRandomFailed;
|
||||||
|
|
||||||
use super::ring_like::agreement;
|
|
||||||
use super::ring_like::rand::SystemRandom;
|
|
||||||
|
|
||||||
use alloc::boxed::Box;
|
|
||||||
use core::fmt;
|
|
||||||
|
|
||||||
/// A key-exchange group supported by *ring*.
|
/// A key-exchange group supported by *ring*.
|
||||||
///
|
///
|
||||||
/// All possible instances of this class are provided by the library in
|
/// All possible instances of this class are provided by the library in
|
||||||
|
|
|
@ -1,3 +1,9 @@
|
||||||
|
use alloc::sync::Arc;
|
||||||
|
|
||||||
|
use pki_types::PrivateKeyDer;
|
||||||
|
pub(crate) use ring as ring_like;
|
||||||
|
use webpki::ring as webpki_algs;
|
||||||
|
|
||||||
use crate::crypto::{CryptoProvider, KeyProvider, SecureRandom};
|
use crate::crypto::{CryptoProvider, KeyProvider, SecureRandom};
|
||||||
use crate::enums::SignatureScheme;
|
use crate::enums::SignatureScheme;
|
||||||
use crate::rand::GetRandomFailed;
|
use crate::rand::GetRandomFailed;
|
||||||
|
@ -6,13 +12,6 @@ use crate::suites::SupportedCipherSuite;
|
||||||
use crate::webpki::WebPkiSupportedAlgorithms;
|
use crate::webpki::WebPkiSupportedAlgorithms;
|
||||||
use crate::Error;
|
use crate::Error;
|
||||||
|
|
||||||
use pki_types::PrivateKeyDer;
|
|
||||||
use webpki::ring as webpki_algs;
|
|
||||||
|
|
||||||
use alloc::sync::Arc;
|
|
||||||
|
|
||||||
pub(crate) use ring as ring_like;
|
|
||||||
|
|
||||||
/// Using software keys for authentication.
|
/// Using software keys for authentication.
|
||||||
pub mod sign;
|
pub mod sign;
|
||||||
|
|
||||||
|
@ -167,9 +166,7 @@ static SUPPORTED_SIG_ALGS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms
|
||||||
///
|
///
|
||||||
/// [`ALL_KX_GROUPS`] is provided as an array of all of these values.
|
/// [`ALL_KX_GROUPS`] is provided as an array of all of these values.
|
||||||
pub mod kx_group {
|
pub mod kx_group {
|
||||||
pub use super::kx::SECP256R1;
|
pub use super::kx::{SECP256R1, SECP384R1, X25519};
|
||||||
pub use super::kx::SECP384R1;
|
|
||||||
pub use super::kx::X25519;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
pub use kx::ALL_KX_GROUPS;
|
pub use kx::ALL_KX_GROUPS;
|
||||||
|
|
|
@ -1,12 +1,11 @@
|
||||||
#![allow(clippy::duplicate_mod)]
|
#![allow(clippy::duplicate_mod)]
|
||||||
|
|
||||||
use crate::crypto::cipher::{AeadKey, Iv, Nonce};
|
|
||||||
use crate::error::Error;
|
|
||||||
use crate::quic;
|
|
||||||
|
|
||||||
use alloc::boxed::Box;
|
use alloc::boxed::Box;
|
||||||
|
|
||||||
use super::ring_like::aead;
|
use super::ring_like::aead;
|
||||||
|
use crate::crypto::cipher::{AeadKey, Iv, Nonce};
|
||||||
|
use crate::error::Error;
|
||||||
|
use crate::quic;
|
||||||
|
|
||||||
pub(crate) struct HeaderProtectionKey(aead::quic::HeaderProtectionKey);
|
pub(crate) struct HeaderProtectionKey(aead::quic::HeaderProtectionKey);
|
||||||
|
|
||||||
|
|
|
@ -1,22 +1,21 @@
|
||||||
#![allow(clippy::duplicate_mod)]
|
#![allow(clippy::duplicate_mod)]
|
||||||
|
|
||||||
use crate::enums::{SignatureAlgorithm, SignatureScheme};
|
use alloc::boxed::Box;
|
||||||
use crate::error::Error;
|
use alloc::string::ToString;
|
||||||
use crate::sign::{Signer, SigningKey};
|
use alloc::sync::Arc;
|
||||||
use crate::x509::{asn1_wrap, wrap_in_sequence};
|
use alloc::vec::Vec;
|
||||||
|
use alloc::{format, vec};
|
||||||
|
use core::fmt::{self, Debug, Formatter};
|
||||||
|
|
||||||
|
use pki_types::{PrivateKeyDer, PrivatePkcs8KeyDer};
|
||||||
|
|
||||||
use super::ring_like::io::der;
|
use super::ring_like::io::der;
|
||||||
use super::ring_like::rand::{SecureRandom, SystemRandom};
|
use super::ring_like::rand::{SecureRandom, SystemRandom};
|
||||||
use super::ring_like::signature::{self, EcdsaKeyPair, Ed25519KeyPair, RsaKeyPair};
|
use super::ring_like::signature::{self, EcdsaKeyPair, Ed25519KeyPair, RsaKeyPair};
|
||||||
use pki_types::{PrivateKeyDer, PrivatePkcs8KeyDer};
|
use crate::enums::{SignatureAlgorithm, SignatureScheme};
|
||||||
|
use crate::error::Error;
|
||||||
use alloc::boxed::Box;
|
use crate::sign::{Signer, SigningKey};
|
||||||
use alloc::format;
|
use crate::x509::{asn1_wrap, wrap_in_sequence};
|
||||||
use alloc::string::ToString;
|
|
||||||
use alloc::sync::Arc;
|
|
||||||
use alloc::vec;
|
|
||||||
use alloc::vec::Vec;
|
|
||||||
use core::fmt::{self, Debug, Formatter};
|
|
||||||
|
|
||||||
/// Parse `der` as any supported key encoding/type, returning
|
/// Parse `der` as any supported key encoding/type, returning
|
||||||
/// the first which works.
|
/// the first which works.
|
||||||
|
@ -408,10 +407,12 @@ impl Debug for Ed25519Signer {
|
||||||
|
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
mod tests {
|
mod tests {
|
||||||
use super::*;
|
|
||||||
use alloc::format;
|
use alloc::format;
|
||||||
|
|
||||||
use pki_types::{PrivatePkcs1KeyDer, PrivateSec1KeyDer};
|
use pki_types::{PrivatePkcs1KeyDer, PrivateSec1KeyDer};
|
||||||
|
|
||||||
|
use super::*;
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn can_load_ecdsa_nistp256_pkcs8() {
|
fn can_load_ecdsa_nistp256_pkcs8() {
|
||||||
let key =
|
let key =
|
||||||
|
|
|
@ -1,19 +1,18 @@
|
||||||
#![allow(clippy::duplicate_mod)]
|
#![allow(clippy::duplicate_mod)]
|
||||||
|
|
||||||
use crate::error::Error;
|
|
||||||
use crate::rand::GetRandomFailed;
|
|
||||||
use crate::server::ProducesTickets;
|
|
||||||
|
|
||||||
use super::ring_like::aead;
|
|
||||||
use super::ring_like::rand::{SecureRandom, SystemRandom};
|
|
||||||
use super::TICKETER_AEAD;
|
|
||||||
|
|
||||||
use alloc::boxed::Box;
|
use alloc::boxed::Box;
|
||||||
use alloc::sync::Arc;
|
use alloc::sync::Arc;
|
||||||
use alloc::vec::Vec;
|
use alloc::vec::Vec;
|
||||||
use core::fmt;
|
use core::fmt;
|
||||||
use core::fmt::{Debug, Formatter};
|
use core::fmt::{Debug, Formatter};
|
||||||
|
|
||||||
|
use super::ring_like::aead;
|
||||||
|
use super::ring_like::rand::{SecureRandom, SystemRandom};
|
||||||
|
use super::TICKETER_AEAD;
|
||||||
|
use crate::error::Error;
|
||||||
|
use crate::rand::GetRandomFailed;
|
||||||
|
use crate::server::ProducesTickets;
|
||||||
|
|
||||||
/// A concrete, safe ticket creation mechanism.
|
/// A concrete, safe ticket creation mechanism.
|
||||||
pub struct Ticketer {}
|
pub struct Ticketer {}
|
||||||
|
|
||||||
|
@ -121,11 +120,12 @@ impl Debug for AeadTicketer {
|
||||||
|
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
mod tests {
|
mod tests {
|
||||||
use super::*;
|
|
||||||
|
|
||||||
use core::time::Duration;
|
use core::time::Duration;
|
||||||
|
|
||||||
use pki_types::UnixTime;
|
use pki_types::UnixTime;
|
||||||
|
|
||||||
|
use super::*;
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn basic_pairwise_test() {
|
fn basic_pairwise_test() {
|
||||||
let t = Ticketer::new().unwrap();
|
let t = Ticketer::new().unwrap();
|
||||||
|
@ -198,9 +198,10 @@ mod tests {
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn aeadticketer_is_debug_and_producestickets() {
|
fn aeadticketer_is_debug_and_producestickets() {
|
||||||
use super::*;
|
|
||||||
use alloc::format;
|
use alloc::format;
|
||||||
|
|
||||||
|
use super::*;
|
||||||
|
|
||||||
let t = make_ticket_generator().unwrap();
|
let t = make_ticket_generator().unwrap();
|
||||||
|
|
||||||
let expect = format!("AeadTicketer {{ alg: {TICKETER_AEAD:?}, lifetime: 43200 }}");
|
let expect = format!("AeadTicketer {{ alg: {TICKETER_AEAD:?}, lifetime: 43200 }}");
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
use alloc::boxed::Box;
|
||||||
|
|
||||||
|
use super::ring_like::aead;
|
||||||
use crate::crypto::cipher::{
|
use crate::crypto::cipher::{
|
||||||
make_tls12_aad, AeadKey, InboundOpaqueMessage, Iv, KeyBlockShape, MessageDecrypter,
|
make_tls12_aad, AeadKey, InboundOpaqueMessage, Iv, KeyBlockShape, MessageDecrypter,
|
||||||
MessageEncrypter, Nonce, Tls12AeadAlgorithm, UnsupportedOperationError, NONCE_LEN,
|
MessageEncrypter, Nonce, Tls12AeadAlgorithm, UnsupportedOperationError, NONCE_LEN,
|
||||||
|
@ -13,10 +16,6 @@ use crate::msgs::message::{
|
||||||
use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite};
|
use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite};
|
||||||
use crate::tls12::Tls12CipherSuite;
|
use crate::tls12::Tls12CipherSuite;
|
||||||
|
|
||||||
use alloc::boxed::Box;
|
|
||||||
|
|
||||||
use super::ring_like::aead;
|
|
||||||
|
|
||||||
/// The TLS1.2 ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256.
|
/// The TLS1.2 ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256.
|
||||||
pub static TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite =
|
pub static TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite =
|
||||||
SupportedCipherSuite::Tls12(&Tls12CipherSuite {
|
SupportedCipherSuite::Tls12(&Tls12CipherSuite {
|
||||||
|
|
|
@ -1,5 +1,7 @@
|
||||||
use alloc::boxed::Box;
|
use alloc::boxed::Box;
|
||||||
|
|
||||||
|
use super::ring_like::hkdf::KeyType;
|
||||||
|
use super::ring_like::{aead, hkdf, hmac};
|
||||||
use crate::crypto;
|
use crate::crypto;
|
||||||
use crate::crypto::cipher::{
|
use crate::crypto::cipher::{
|
||||||
make_tls13_aad, AeadKey, InboundOpaqueMessage, Iv, MessageDecrypter, MessageEncrypter, Nonce,
|
make_tls13_aad, AeadKey, InboundOpaqueMessage, Iv, MessageDecrypter, MessageEncrypter, Nonce,
|
||||||
|
@ -14,9 +16,6 @@ use crate::msgs::message::{
|
||||||
use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite};
|
use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite};
|
||||||
use crate::tls13::Tls13CipherSuite;
|
use crate::tls13::Tls13CipherSuite;
|
||||||
|
|
||||||
use super::ring_like::hkdf::KeyType;
|
|
||||||
use super::ring_like::{aead, hkdf, hmac};
|
|
||||||
|
|
||||||
/// The TLS1.3 ciphersuite TLS_CHACHA20_POLY1305_SHA256
|
/// The TLS1.3 ciphersuite TLS_CHACHA20_POLY1305_SHA256
|
||||||
pub static TLS13_CHACHA20_POLY1305_SHA256: SupportedCipherSuite =
|
pub static TLS13_CHACHA20_POLY1305_SHA256: SupportedCipherSuite =
|
||||||
SupportedCipherSuite::Tls13(TLS13_CHACHA20_POLY1305_SHA256_INTERNAL);
|
SupportedCipherSuite::Tls13(TLS13_CHACHA20_POLY1305_SHA256_INTERNAL);
|
||||||
|
|
|
@ -1,13 +1,13 @@
|
||||||
use crate::enums::{SignatureAlgorithm, SignatureScheme};
|
|
||||||
use crate::error::Error;
|
|
||||||
|
|
||||||
use pki_types::CertificateDer;
|
|
||||||
|
|
||||||
use alloc::boxed::Box;
|
use alloc::boxed::Box;
|
||||||
use alloc::sync::Arc;
|
use alloc::sync::Arc;
|
||||||
use alloc::vec::Vec;
|
use alloc::vec::Vec;
|
||||||
use core::fmt::Debug;
|
use core::fmt::Debug;
|
||||||
|
|
||||||
|
use pki_types::CertificateDer;
|
||||||
|
|
||||||
|
use crate::enums::{SignatureAlgorithm, SignatureScheme};
|
||||||
|
use crate::error::Error;
|
||||||
|
|
||||||
/// An abstract signing key.
|
/// An abstract signing key.
|
||||||
///
|
///
|
||||||
/// This interface is used by rustls to use a private signing key
|
/// This interface is used by rustls to use a private signing key
|
||||||
|
|
|
@ -1,10 +1,9 @@
|
||||||
use super::hmac;
|
use alloc::boxed::Box;
|
||||||
use super::ActiveKeyExchange;
|
|
||||||
|
use super::{hmac, ActiveKeyExchange};
|
||||||
use crate::error::Error;
|
use crate::error::Error;
|
||||||
use crate::version::TLS12;
|
use crate::version::TLS12;
|
||||||
|
|
||||||
use alloc::boxed::Box;
|
|
||||||
|
|
||||||
/// Implements [`Prf`] using a [`hmac::Hmac`].
|
/// Implements [`Prf`] using a [`hmac::Hmac`].
|
||||||
pub struct PrfUsingHmac<'a>(pub &'a dyn hmac::Hmac);
|
pub struct PrfUsingHmac<'a>(pub &'a dyn hmac::Hmac);
|
||||||
|
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
use super::hmac;
|
use alloc::boxed::Box;
|
||||||
use super::ActiveKeyExchange;
|
|
||||||
|
use zeroize::Zeroize;
|
||||||
|
|
||||||
|
use super::{hmac, ActiveKeyExchange};
|
||||||
use crate::error::Error;
|
use crate::error::Error;
|
||||||
use crate::version::TLS13;
|
use crate::version::TLS13;
|
||||||
|
|
||||||
use alloc::boxed::Box;
|
|
||||||
use zeroize::Zeroize;
|
|
||||||
|
|
||||||
/// Implementation of `HkdfExpander` via `hmac::Key`.
|
/// Implementation of `HkdfExpander` via `hmac::Key`.
|
||||||
pub struct HkdfExpanderUsingHmac(Box<dyn hmac::Key>);
|
pub struct HkdfExpanderUsingHmac(Box<dyn hmac::Key>);
|
||||||
|
|
||||||
|
@ -247,11 +247,12 @@ pub struct OutputLengthError;
|
||||||
|
|
||||||
#[cfg(all(test, feature = "ring"))]
|
#[cfg(all(test, feature = "ring"))]
|
||||||
mod tests {
|
mod tests {
|
||||||
|
use std::prelude::v1::*;
|
||||||
|
|
||||||
use super::{expand, Hkdf, HkdfUsingHmac};
|
use super::{expand, Hkdf, HkdfUsingHmac};
|
||||||
// nb: crypto::aws_lc_rs provider doesn't provide (or need) hmac,
|
// nb: crypto::aws_lc_rs provider doesn't provide (or need) hmac,
|
||||||
// so cannot be used for this test.
|
// so cannot be used for this test.
|
||||||
use crate::crypto::ring::hmac;
|
use crate::crypto::ring::hmac;
|
||||||
use std::prelude::v1::*;
|
|
||||||
|
|
||||||
struct ByteArray<const N: usize>([u8; N]);
|
struct ByteArray<const N: usize>([u8; N]);
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,3 @@
|
||||||
use crate::enums::{AlertDescription, ContentType, HandshakeType};
|
|
||||||
use crate::msgs::handshake::KeyExchangeAlgorithm;
|
|
||||||
use crate::rand;
|
|
||||||
|
|
||||||
use alloc::format;
|
use alloc::format;
|
||||||
use alloc::string::String;
|
use alloc::string::String;
|
||||||
use alloc::vec::Vec;
|
use alloc::vec::Vec;
|
||||||
|
@ -9,6 +5,10 @@ use core::fmt;
|
||||||
#[cfg(feature = "std")]
|
#[cfg(feature = "std")]
|
||||||
use std::time::SystemTimeError;
|
use std::time::SystemTimeError;
|
||||||
|
|
||||||
|
use crate::enums::{AlertDescription, ContentType, HandshakeType};
|
||||||
|
use crate::msgs::handshake::KeyExchangeAlgorithm;
|
||||||
|
use crate::rand;
|
||||||
|
|
||||||
/// rustls reports protocol errors using this type.
|
/// rustls reports protocol errors using this type.
|
||||||
#[non_exhaustive]
|
#[non_exhaustive]
|
||||||
#[derive(Debug, PartialEq, Clone)]
|
#[derive(Debug, PartialEq, Clone)]
|
||||||
|
@ -600,12 +600,12 @@ pub use other_error::OtherError;
|
||||||
|
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
mod tests {
|
mod tests {
|
||||||
use super::{Error, InvalidMessage};
|
|
||||||
use crate::error::CertRevocationListError;
|
|
||||||
use crate::error::OtherError;
|
|
||||||
use std::prelude::v1::*;
|
use std::prelude::v1::*;
|
||||||
use std::{println, vec};
|
use std::{println, vec};
|
||||||
|
|
||||||
|
use super::{Error, InvalidMessage};
|
||||||
|
use crate::error::{CertRevocationListError, OtherError};
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn certificate_error_equality() {
|
fn certificate_error_equality() {
|
||||||
use super::CertificateError::*;
|
use super::CertificateError::*;
|
||||||
|
|
|
@ -1,13 +1,13 @@
|
||||||
|
use alloc::boxed::Box;
|
||||||
|
use alloc::vec::Vec;
|
||||||
|
use core::mem;
|
||||||
|
|
||||||
use crate::crypto::hash;
|
use crate::crypto::hash;
|
||||||
use crate::msgs::codec::Codec;
|
use crate::msgs::codec::Codec;
|
||||||
use crate::msgs::enums::HashAlgorithm;
|
use crate::msgs::enums::HashAlgorithm;
|
||||||
use crate::msgs::handshake::HandshakeMessagePayload;
|
use crate::msgs::handshake::HandshakeMessagePayload;
|
||||||
use crate::msgs::message::{Message, MessagePayload};
|
use crate::msgs::message::{Message, MessagePayload};
|
||||||
|
|
||||||
use alloc::boxed::Box;
|
|
||||||
use alloc::vec::Vec;
|
|
||||||
use core::mem;
|
|
||||||
|
|
||||||
/// Early stage buffering of handshake payloads.
|
/// Early stage buffering of handshake payloads.
|
||||||
///
|
///
|
||||||
/// Before we know the hash algorithm to use to verify the handshake, we just buffer the messages.
|
/// Before we know the hash algorithm to use to verify the handshake, we just buffer the messages.
|
||||||
|
|
|
@ -1,16 +1,15 @@
|
||||||
|
use alloc::vec::Vec;
|
||||||
|
use core::fmt::{Debug, Formatter};
|
||||||
|
use std::ffi::OsString;
|
||||||
|
use std::fs::{File, OpenOptions};
|
||||||
|
use std::io::Write;
|
||||||
|
use std::sync::Mutex;
|
||||||
|
use std::{env, io};
|
||||||
|
|
||||||
#[cfg(feature = "logging")]
|
#[cfg(feature = "logging")]
|
||||||
use crate::log::warn;
|
use crate::log::warn;
|
||||||
use crate::KeyLog;
|
use crate::KeyLog;
|
||||||
|
|
||||||
use alloc::vec::Vec;
|
|
||||||
use core::fmt::{Debug, Formatter};
|
|
||||||
use std::env;
|
|
||||||
use std::ffi::OsString;
|
|
||||||
use std::fs::{File, OpenOptions};
|
|
||||||
use std::io;
|
|
||||||
use std::io::Write;
|
|
||||||
use std::sync::Mutex;
|
|
||||||
|
|
||||||
// Internal mutable state for KeyLogFile
|
// Internal mutable state for KeyLogFile
|
||||||
struct KeyLogFileInner {
|
struct KeyLogFileInner {
|
||||||
file: Option<File>,
|
file: Option<File>,
|
||||||
|
|
|
@ -360,13 +360,13 @@ extern crate std;
|
||||||
#[allow(unused_extern_crates)]
|
#[allow(unused_extern_crates)]
|
||||||
extern crate test;
|
extern crate test;
|
||||||
|
|
||||||
#[cfg(doc)]
|
|
||||||
use crate::crypto::CryptoProvider;
|
|
||||||
|
|
||||||
// log for logging (optional).
|
// log for logging (optional).
|
||||||
#[cfg(feature = "logging")]
|
#[cfg(feature = "logging")]
|
||||||
use log;
|
use log;
|
||||||
|
|
||||||
|
#[cfg(doc)]
|
||||||
|
use crate::crypto::CryptoProvider;
|
||||||
|
|
||||||
#[cfg(not(feature = "logging"))]
|
#[cfg(not(feature = "logging"))]
|
||||||
#[macro_use]
|
#[macro_use]
|
||||||
mod log {
|
mod log {
|
||||||
|
@ -554,13 +554,11 @@ pub mod client {
|
||||||
pub use crate::verify::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier};
|
pub use crate::verify::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub use crate::msgs::persist::{Tls12ClientSessionValue, Tls13ClientSessionValue};
|
||||||
pub use crate::webpki::{
|
pub use crate::webpki::{
|
||||||
verify_server_cert_signed_by_trust_anchor, verify_server_name, ServerCertVerifierBuilder,
|
verify_server_cert_signed_by_trust_anchor, verify_server_name, ServerCertVerifierBuilder,
|
||||||
VerifierBuilderError, WebPkiServerVerifier,
|
VerifierBuilderError, WebPkiServerVerifier,
|
||||||
};
|
};
|
||||||
|
|
||||||
pub use crate::msgs::persist::Tls12ClientSessionValue;
|
|
||||||
pub use crate::msgs::persist::Tls13ClientSessionValue;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
pub use client::ClientConfig;
|
pub use client::ClientConfig;
|
||||||
|
@ -578,23 +576,23 @@ pub mod server {
|
||||||
mod tls12;
|
mod tls12;
|
||||||
mod tls13;
|
mod tls13;
|
||||||
|
|
||||||
pub use crate::verify::NoClientAuth;
|
|
||||||
pub use crate::webpki::{
|
|
||||||
ClientCertVerifierBuilder, ParsedCertificate, VerifierBuilderError, WebPkiClientVerifier,
|
|
||||||
};
|
|
||||||
pub use builder::WantsServerCert;
|
pub use builder::WantsServerCert;
|
||||||
pub use handy::NoServerSessionStorage;
|
pub use handy::NoServerSessionStorage;
|
||||||
#[cfg(feature = "std")]
|
#[cfg(feature = "std")]
|
||||||
pub use handy::ResolvesServerCertUsingSni;
|
pub use handy::ResolvesServerCertUsingSni;
|
||||||
#[cfg(feature = "std")]
|
#[cfg(feature = "std")]
|
||||||
pub use handy::ServerSessionMemoryCache;
|
pub use handy::ServerSessionMemoryCache;
|
||||||
pub use server_conn::StoresServerSessions;
|
|
||||||
pub use server_conn::{
|
pub use server_conn::{
|
||||||
Accepted, ServerConfig, ServerConnectionData, UnbufferedServerConnection,
|
Accepted, ClientHello, ProducesTickets, ResolvesServerCert, ServerConfig,
|
||||||
|
ServerConnectionData, StoresServerSessions, UnbufferedServerConnection,
|
||||||
};
|
};
|
||||||
#[cfg(feature = "std")]
|
#[cfg(feature = "std")]
|
||||||
pub use server_conn::{AcceptedAlert, Acceptor, ReadEarlyData, ServerConnection};
|
pub use server_conn::{AcceptedAlert, Acceptor, ReadEarlyData, ServerConnection};
|
||||||
pub use server_conn::{ClientHello, ProducesTickets, ResolvesServerCert};
|
|
||||||
|
pub use crate::verify::NoClientAuth;
|
||||||
|
pub use crate::webpki::{
|
||||||
|
ClientCertVerifierBuilder, ParsedCertificate, VerifierBuilderError, WebPkiClientVerifier,
|
||||||
|
};
|
||||||
|
|
||||||
/// Dangerous configuration that should be audited and used with extreme care.
|
/// Dangerous configuration that should be audited and used with extreme care.
|
||||||
pub mod danger {
|
pub mod danger {
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
|
use alloc::vec::Vec;
|
||||||
|
|
||||||
use crate::enums::AlertDescription;
|
use crate::enums::AlertDescription;
|
||||||
use crate::error::InvalidMessage;
|
use crate::error::InvalidMessage;
|
||||||
use crate::msgs::codec::{Codec, Reader};
|
use crate::msgs::codec::{Codec, Reader};
|
||||||
use crate::msgs::enums::AlertLevel;
|
use crate::msgs::enums::AlertLevel;
|
||||||
|
|
||||||
use alloc::vec::Vec;
|
|
||||||
|
|
||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
pub struct AlertMessagePayload {
|
pub struct AlertMessagePayload {
|
||||||
pub level: AlertLevel,
|
pub level: AlertLevel,
|
||||||
|
|
|
@ -1,13 +1,13 @@
|
||||||
use crate::error::InvalidMessage;
|
|
||||||
use crate::msgs::codec;
|
|
||||||
use crate::msgs::codec::{Codec, Reader};
|
|
||||||
|
|
||||||
use alloc::vec::Vec;
|
use alloc::vec::Vec;
|
||||||
use core::fmt;
|
use core::fmt;
|
||||||
|
|
||||||
use pki_types::CertificateDer;
|
use pki_types::CertificateDer;
|
||||||
use zeroize::Zeroize;
|
use zeroize::Zeroize;
|
||||||
|
|
||||||
|
use crate::error::InvalidMessage;
|
||||||
|
use crate::msgs::codec;
|
||||||
|
use crate::msgs::codec::{Codec, Reader};
|
||||||
|
|
||||||
/// An externally length'd payload
|
/// An externally length'd payload
|
||||||
#[derive(Clone, Eq, PartialEq)]
|
#[derive(Clone, Eq, PartialEq)]
|
||||||
pub enum Payload<'a> {
|
pub enum Payload<'a> {
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
use crate::error::InvalidMessage;
|
|
||||||
|
|
||||||
use alloc::vec::Vec;
|
use alloc::vec::Vec;
|
||||||
use core::{fmt::Debug, mem};
|
use core::fmt::Debug;
|
||||||
|
use core::mem;
|
||||||
|
|
||||||
|
use crate::error::InvalidMessage;
|
||||||
|
|
||||||
/// Wrapper over a slice of bytes that allows reading chunks from
|
/// Wrapper over a slice of bytes that allows reading chunks from
|
||||||
/// with the current position state held using a cursor.
|
/// with the current position state held using a cursor.
|
||||||
|
@ -377,10 +378,11 @@ impl<'a> Drop for LengthPrefixedBuffer<'a> {
|
||||||
|
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
mod tests {
|
mod tests {
|
||||||
use super::*;
|
|
||||||
use std::prelude::v1::*;
|
use std::prelude::v1::*;
|
||||||
use std::vec;
|
use std::vec;
|
||||||
|
|
||||||
|
use super::*;
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn interrupted_length_prefixed_buffer_leaves_maximum_length() {
|
fn interrupted_length_prefixed_buffer_leaves_maximum_length() {
|
||||||
let mut buf = Vec::new();
|
let mut buf = Vec::new();
|
||||||
|
|
|
@ -712,11 +712,10 @@ mod tests {
|
||||||
use std::prelude::v1::*;
|
use std::prelude::v1::*;
|
||||||
use std::vec;
|
use std::vec;
|
||||||
|
|
||||||
|
use super::*;
|
||||||
use crate::crypto::cipher::PlainMessage;
|
use crate::crypto::cipher::PlainMessage;
|
||||||
use crate::msgs::message::Message;
|
use crate::msgs::message::Message;
|
||||||
|
|
||||||
use super::*;
|
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn check_incremental() {
|
fn check_incremental() {
|
||||||
let mut d = BufferedDeframer::default();
|
let mut d = BufferedDeframer::default();
|
||||||
|
|
|
@ -349,9 +349,10 @@ pub(crate) mod tests {
|
||||||
//! These tests are intended to provide coverage and
|
//! These tests are intended to provide coverage and
|
||||||
//! check panic-safety of relatively unused values.
|
//! check panic-safety of relatively unused values.
|
||||||
|
|
||||||
use super::*;
|
|
||||||
use std::prelude::v1::*;
|
use std::prelude::v1::*;
|
||||||
|
|
||||||
|
use super::*;
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn test_enums() {
|
fn test_enums() {
|
||||||
test_enum8::<HashAlgorithm>(HashAlgorithm::NONE, HashAlgorithm::SHA512);
|
test_enum8::<HashAlgorithm>(HashAlgorithm::NONE, HashAlgorithm::SHA512);
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
use crate::enums::ContentType;
|
use crate::enums::{ContentType, ProtocolVersion};
|
||||||
use crate::enums::ProtocolVersion;
|
|
||||||
use crate::msgs::message::{OutboundChunks, OutboundPlainMessage, PlainMessage};
|
use crate::msgs::message::{OutboundChunks, OutboundPlainMessage, PlainMessage};
|
||||||
use crate::Error;
|
use crate::Error;
|
||||||
pub(crate) const MAX_FRAGMENT_LEN: usize = 16384;
|
pub(crate) const MAX_FRAGMENT_LEN: usize = 16384;
|
||||||
|
@ -105,14 +104,14 @@ impl<'a> ExactSizeIterator for Chunker<'a> {
|
||||||
|
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
mod tests {
|
mod tests {
|
||||||
use super::{MessageFragmenter, PACKET_OVERHEAD};
|
|
||||||
use crate::enums::ContentType;
|
|
||||||
use crate::enums::ProtocolVersion;
|
|
||||||
use crate::msgs::base::Payload;
|
|
||||||
use crate::msgs::message::{OutboundChunks, OutboundPlainMessage, PlainMessage};
|
|
||||||
use std::prelude::v1::*;
|
use std::prelude::v1::*;
|
||||||
use std::vec;
|
use std::vec;
|
||||||
|
|
||||||
|
use super::{MessageFragmenter, PACKET_OVERHEAD};
|
||||||
|
use crate::enums::{ContentType, ProtocolVersion};
|
||||||
|
use crate::msgs::base::Payload;
|
||||||
|
use crate::msgs::message::{OutboundChunks, OutboundPlainMessage, PlainMessage};
|
||||||
|
|
||||||
fn msg_eq(
|
fn msg_eq(
|
||||||
m: &OutboundPlainMessage,
|
m: &OutboundPlainMessage,
|
||||||
total_len: usize,
|
total_len: usize,
|
||||||
|
|
|
@ -1,5 +1,15 @@
|
||||||
#![allow(non_camel_case_types)]
|
#![allow(non_camel_case_types)]
|
||||||
|
|
||||||
|
use alloc::collections::BTreeSet;
|
||||||
|
#[cfg(feature = "logging")]
|
||||||
|
use alloc::string::String;
|
||||||
|
use alloc::vec;
|
||||||
|
use alloc::vec::Vec;
|
||||||
|
use core::fmt;
|
||||||
|
use core::ops::Deref;
|
||||||
|
|
||||||
|
use pki_types::{CertificateDer, DnsName};
|
||||||
|
|
||||||
#[cfg(feature = "tls12")]
|
#[cfg(feature = "tls12")]
|
||||||
use crate::crypto::ActiveKeyExchange;
|
use crate::crypto::ActiveKeyExchange;
|
||||||
use crate::crypto::SecureRandom;
|
use crate::crypto::SecureRandom;
|
||||||
|
@ -20,16 +30,6 @@ use crate::rand;
|
||||||
use crate::verify::DigitallySignedStruct;
|
use crate::verify::DigitallySignedStruct;
|
||||||
use crate::x509::wrap_in_sequence;
|
use crate::x509::wrap_in_sequence;
|
||||||
|
|
||||||
use pki_types::{CertificateDer, DnsName};
|
|
||||||
|
|
||||||
use alloc::collections::BTreeSet;
|
|
||||||
#[cfg(feature = "logging")]
|
|
||||||
use alloc::string::String;
|
|
||||||
use alloc::vec;
|
|
||||||
use alloc::vec::Vec;
|
|
||||||
use core::fmt;
|
|
||||||
use core::ops::Deref;
|
|
||||||
|
|
||||||
/// Create a newtype wrapper around a given type.
|
/// Create a newtype wrapper around a given type.
|
||||||
///
|
///
|
||||||
/// This is used to create newtypes for the various TLS message types which is used to wrap
|
/// This is used to create newtypes for the various TLS message types which is used to wrap
|
||||||
|
|
|
@ -1,3 +1,9 @@
|
||||||
|
use std::prelude::v1::*;
|
||||||
|
use std::{format, println, vec};
|
||||||
|
|
||||||
|
use pki_types::{CertificateDer, DnsName};
|
||||||
|
|
||||||
|
use super::handshake::{ServerDhParams, ServerKeyExchange, ServerKeyExchangeParams};
|
||||||
use crate::enums::{CipherSuite, HandshakeType, ProtocolVersion, SignatureScheme};
|
use crate::enums::{CipherSuite, HandshakeType, ProtocolVersion, SignatureScheme};
|
||||||
use crate::msgs::base::{Payload, PayloadU16, PayloadU24, PayloadU8};
|
use crate::msgs::base::{Payload, PayloadU16, PayloadU24, PayloadU8};
|
||||||
use crate::msgs::codec::{put_u16, Codec, Reader};
|
use crate::msgs::codec::{put_u16, Codec, Reader};
|
||||||
|
@ -18,13 +24,6 @@ use crate::msgs::handshake::{
|
||||||
};
|
};
|
||||||
use crate::verify::DigitallySignedStruct;
|
use crate::verify::DigitallySignedStruct;
|
||||||
|
|
||||||
use pki_types::{CertificateDer, DnsName};
|
|
||||||
|
|
||||||
use super::handshake::{ServerDhParams, ServerKeyExchange, ServerKeyExchangeParams};
|
|
||||||
|
|
||||||
use std::prelude::v1::*;
|
|
||||||
use std::{format, println, vec};
|
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn rejects_short_random() {
|
fn rejects_short_random() {
|
||||||
let bytes = [0x01; 31];
|
let bytes = [0x01; 31];
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
use core::ops::{Deref, DerefMut};
|
||||||
|
|
||||||
use super::outbound::read_opaque_message_header;
|
use super::outbound::read_opaque_message_header;
|
||||||
use super::MessageError;
|
use super::MessageError;
|
||||||
use crate::enums::{ContentType, ProtocolVersion};
|
use crate::enums::{ContentType, ProtocolVersion};
|
||||||
|
@ -5,8 +7,6 @@ use crate::error::{Error, PeerMisbehaved};
|
||||||
use crate::msgs::codec::ReaderMut;
|
use crate::msgs::codec::ReaderMut;
|
||||||
use crate::msgs::fragmenter::MAX_FRAGMENT_LEN;
|
use crate::msgs::fragmenter::MAX_FRAGMENT_LEN;
|
||||||
|
|
||||||
use core::ops::{Deref, DerefMut};
|
|
||||||
|
|
||||||
/// A TLS frame, named TLSPlaintext in the standard.
|
/// A TLS frame, named TLSPlaintext in the standard.
|
||||||
///
|
///
|
||||||
/// This inbound type borrows its encrypted payload from a `[MessageDeframer]`.
|
/// This inbound type borrows its encrypted payload from a `[MessageDeframer]`.
|
||||||
|
|
|
@ -11,10 +11,10 @@ mod inbound;
|
||||||
pub use inbound::{BorrowedPayload, InboundOpaqueMessage, InboundPlainMessage};
|
pub use inbound::{BorrowedPayload, InboundOpaqueMessage, InboundPlainMessage};
|
||||||
|
|
||||||
mod outbound;
|
mod outbound;
|
||||||
pub use outbound::{OutboundChunks, OutboundOpaqueMessage, OutboundPlainMessage, PrefixedPayload};
|
|
||||||
|
|
||||||
use alloc::vec::Vec;
|
use alloc::vec::Vec;
|
||||||
|
|
||||||
|
pub use outbound::{OutboundChunks, OutboundOpaqueMessage, OutboundPlainMessage, PrefixedPayload};
|
||||||
|
|
||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
pub enum MessagePayload<'a> {
|
pub enum MessagePayload<'a> {
|
||||||
Alert(AlertMessagePayload),
|
Alert(AlertMessagePayload),
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
|
use alloc::vec::Vec;
|
||||||
|
|
||||||
use super::{MessageError, PlainMessage, HEADER_SIZE, MAX_PAYLOAD};
|
use super::{MessageError, PlainMessage, HEADER_SIZE, MAX_PAYLOAD};
|
||||||
use crate::enums::{ContentType, ProtocolVersion};
|
use crate::enums::{ContentType, ProtocolVersion};
|
||||||
use crate::internal::record_layer::RecordLayer;
|
use crate::internal::record_layer::RecordLayer;
|
||||||
use crate::msgs::base::Payload;
|
use crate::msgs::base::Payload;
|
||||||
use crate::msgs::codec::{Codec, Reader};
|
use crate::msgs::codec::{Codec, Reader};
|
||||||
|
|
||||||
use alloc::vec::Vec;
|
|
||||||
|
|
||||||
/// A TLS frame, named `TLSPlaintext` in the standard.
|
/// A TLS frame, named `TLSPlaintext` in the standard.
|
||||||
///
|
///
|
||||||
/// This outbound type borrows its "to be encrypted" payload from the "user".
|
/// This outbound type borrows its "to be encrypted" payload from the "user".
|
||||||
|
|
|
@ -1,15 +1,14 @@
|
||||||
use crate::enums::{AlertDescription, HandshakeType};
|
use std::io::Read;
|
||||||
use crate::msgs::base::{PayloadU16, PayloadU24, PayloadU8};
|
use std::path::{Path, PathBuf};
|
||||||
|
use std::prelude::v1::*;
|
||||||
|
use std::{format, fs, println, vec};
|
||||||
|
|
||||||
use super::base::Payload;
|
use super::base::Payload;
|
||||||
use super::codec::Reader;
|
use super::codec::Reader;
|
||||||
use super::enums::AlertLevel;
|
use super::enums::AlertLevel;
|
||||||
use super::message::{Message, OutboundOpaqueMessage, PlainMessage};
|
use super::message::{Message, OutboundOpaqueMessage, PlainMessage};
|
||||||
|
use crate::enums::{AlertDescription, HandshakeType};
|
||||||
use std::io::Read;
|
use crate::msgs::base::{PayloadU16, PayloadU24, PayloadU8};
|
||||||
use std::path::{Path, PathBuf};
|
|
||||||
use std::prelude::v1::*;
|
|
||||||
use std::{format, fs, println, vec};
|
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn test_read_fuzz_corpus() {
|
fn test_read_fuzz_corpus() {
|
||||||
|
|
|
@ -1,3 +1,11 @@
|
||||||
|
use alloc::vec::Vec;
|
||||||
|
use core::cmp;
|
||||||
|
#[cfg(feature = "tls12")]
|
||||||
|
use core::mem;
|
||||||
|
|
||||||
|
use pki_types::{DnsName, UnixTime};
|
||||||
|
use zeroize::Zeroizing;
|
||||||
|
|
||||||
use crate::enums::{CipherSuite, ProtocolVersion};
|
use crate::enums::{CipherSuite, ProtocolVersion};
|
||||||
use crate::error::InvalidMessage;
|
use crate::error::InvalidMessage;
|
||||||
use crate::msgs::base::{PayloadU16, PayloadU8};
|
use crate::msgs::base::{PayloadU16, PayloadU8};
|
||||||
|
@ -9,14 +17,6 @@ use crate::msgs::handshake::SessionId;
|
||||||
use crate::tls12::Tls12CipherSuite;
|
use crate::tls12::Tls12CipherSuite;
|
||||||
use crate::tls13::Tls13CipherSuite;
|
use crate::tls13::Tls13CipherSuite;
|
||||||
|
|
||||||
use pki_types::{DnsName, UnixTime};
|
|
||||||
use zeroize::Zeroizing;
|
|
||||||
|
|
||||||
use alloc::vec::Vec;
|
|
||||||
use core::cmp;
|
|
||||||
#[cfg(feature = "tls12")]
|
|
||||||
use core::mem;
|
|
||||||
|
|
||||||
pub(crate) struct Retrieved<T> {
|
pub(crate) struct Retrieved<T> {
|
||||||
pub(crate) value: T,
|
pub(crate) value: T,
|
||||||
retrieved_at: UnixTime,
|
retrieved_at: UnixTime,
|
||||||
|
|
|
@ -1,3 +1,9 @@
|
||||||
|
use alloc::boxed::Box;
|
||||||
|
use alloc::collections::VecDeque;
|
||||||
|
use alloc::vec::Vec;
|
||||||
|
#[cfg(feature = "std")]
|
||||||
|
use core::fmt::Debug;
|
||||||
|
|
||||||
/// This module contains optional APIs for implementing QUIC TLS.
|
/// This module contains optional APIs for implementing QUIC TLS.
|
||||||
use crate::common_state::Side;
|
use crate::common_state::Side;
|
||||||
use crate::crypto::cipher::{AeadKey, Iv};
|
use crate::crypto::cipher::{AeadKey, Iv};
|
||||||
|
@ -9,14 +15,17 @@ use crate::tls13::key_schedule::{
|
||||||
};
|
};
|
||||||
use crate::tls13::Tls13CipherSuite;
|
use crate::tls13::Tls13CipherSuite;
|
||||||
|
|
||||||
use alloc::boxed::Box;
|
|
||||||
use alloc::collections::VecDeque;
|
|
||||||
use alloc::vec::Vec;
|
|
||||||
#[cfg(feature = "std")]
|
|
||||||
use core::fmt::Debug;
|
|
||||||
|
|
||||||
#[cfg(feature = "std")]
|
#[cfg(feature = "std")]
|
||||||
mod connection {
|
mod connection {
|
||||||
|
use alloc::sync::Arc;
|
||||||
|
use alloc::vec;
|
||||||
|
use alloc::vec::Vec;
|
||||||
|
use core::fmt::{self, Debug};
|
||||||
|
use core::ops::{Deref, DerefMut};
|
||||||
|
|
||||||
|
use pki_types::ServerName;
|
||||||
|
|
||||||
|
use super::{DirectionalKeys, KeyChange, Version};
|
||||||
use crate::client::{ClientConfig, ClientConnectionData};
|
use crate::client::{ClientConfig, ClientConnectionData};
|
||||||
use crate::common_state::{CommonState, Protocol, DEFAULT_BUFFER_LIMIT};
|
use crate::common_state::{CommonState, Protocol, DEFAULT_BUFFER_LIMIT};
|
||||||
use crate::conn::{ConnectionCore, SideData};
|
use crate::conn::{ConnectionCore, SideData};
|
||||||
|
@ -27,16 +36,6 @@ mod connection {
|
||||||
use crate::server::{ServerConfig, ServerConnectionData};
|
use crate::server::{ServerConfig, ServerConnectionData};
|
||||||
use crate::vecbuf::ChunkVecBuffer;
|
use crate::vecbuf::ChunkVecBuffer;
|
||||||
|
|
||||||
use pki_types::ServerName;
|
|
||||||
|
|
||||||
use alloc::sync::Arc;
|
|
||||||
use alloc::vec;
|
|
||||||
use alloc::vec::Vec;
|
|
||||||
use core::fmt::{self, Debug};
|
|
||||||
use core::ops::{Deref, DerefMut};
|
|
||||||
|
|
||||||
use super::{DirectionalKeys, KeyChange, Version};
|
|
||||||
|
|
||||||
/// A QUIC client or server connection.
|
/// A QUIC client or server connection.
|
||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
pub enum Connection {
|
pub enum Connection {
|
||||||
|
@ -966,9 +965,10 @@ impl Default for Version {
|
||||||
|
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
mod tests {
|
mod tests {
|
||||||
|
use std::prelude::v1::*;
|
||||||
|
|
||||||
use super::PacketKey;
|
use super::PacketKey;
|
||||||
use crate::quic::HeaderProtectionKey;
|
use crate::quic::HeaderProtectionKey;
|
||||||
use std::prelude::v1::*;
|
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn auto_traits() {
|
fn auto_traits() {
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
//! The single place where we generate random material for our own use.
|
//! The single place where we generate random material for our own use.
|
||||||
|
|
||||||
use crate::crypto::SecureRandom;
|
|
||||||
|
|
||||||
use alloc::vec;
|
use alloc::vec;
|
||||||
use alloc::vec::Vec;
|
use alloc::vec::Vec;
|
||||||
|
|
||||||
|
use crate::crypto::SecureRandom;
|
||||||
|
|
||||||
/// Make a [`Vec<u8>`] of the given size containing random material.
|
/// Make a [`Vec<u8>`] of the given size containing random material.
|
||||||
pub(crate) fn random_vec(
|
pub(crate) fn random_vec(
|
||||||
secure_random: &dyn SecureRandom,
|
secure_random: &dyn SecureRandom,
|
||||||
|
|
|
@ -1,13 +1,11 @@
|
||||||
|
use alloc::boxed::Box;
|
||||||
use core::num::NonZeroU64;
|
use core::num::NonZeroU64;
|
||||||
|
|
||||||
use crate::crypto::cipher::{InboundOpaqueMessage, MessageDecrypter, MessageEncrypter};
|
use crate::crypto::cipher::{InboundOpaqueMessage, MessageDecrypter, MessageEncrypter};
|
||||||
use crate::error::Error;
|
use crate::error::Error;
|
||||||
use crate::msgs::message::{InboundPlainMessage, OutboundOpaqueMessage, OutboundPlainMessage};
|
|
||||||
|
|
||||||
#[cfg(feature = "logging")]
|
#[cfg(feature = "logging")]
|
||||||
use crate::log::trace;
|
use crate::log::trace;
|
||||||
|
use crate::msgs::message::{InboundPlainMessage, OutboundOpaqueMessage, OutboundPlainMessage};
|
||||||
use alloc::boxed::Box;
|
|
||||||
|
|
||||||
static SEQ_SOFT_LIMIT: u64 = 0xffff_ffff_ffff_0000u64;
|
static SEQ_SOFT_LIMIT: u64 = 0xffff_ffff_ffff_0000u64;
|
||||||
static SEQ_HARD_LIMIT: u64 = 0xffff_ffff_ffff_fffeu64;
|
static SEQ_HARD_LIMIT: u64 = 0xffff_ffff_ffff_fffeu64;
|
||||||
|
|
|
@ -1,19 +1,17 @@
|
||||||
|
use alloc::sync::Arc;
|
||||||
|
use alloc::vec::Vec;
|
||||||
|
use core::marker::PhantomData;
|
||||||
|
|
||||||
|
use pki_types::{CertificateDer, PrivateKeyDer};
|
||||||
|
|
||||||
use crate::builder::{ConfigBuilder, WantsVerifier};
|
use crate::builder::{ConfigBuilder, WantsVerifier};
|
||||||
use crate::crypto::CryptoProvider;
|
use crate::crypto::CryptoProvider;
|
||||||
use crate::error::Error;
|
use crate::error::Error;
|
||||||
use crate::msgs::handshake::CertificateChain;
|
use crate::msgs::handshake::CertificateChain;
|
||||||
use crate::server::handy;
|
use crate::server::{handy, ResolvesServerCert, ServerConfig};
|
||||||
use crate::server::{ResolvesServerCert, ServerConfig};
|
|
||||||
use crate::time_provider::TimeProvider;
|
use crate::time_provider::TimeProvider;
|
||||||
use crate::verify::{ClientCertVerifier, NoClientAuth};
|
use crate::verify::{ClientCertVerifier, NoClientAuth};
|
||||||
use crate::versions;
|
use crate::{versions, NoKeyLog};
|
||||||
use crate::NoKeyLog;
|
|
||||||
|
|
||||||
use pki_types::{CertificateDer, PrivateKeyDer};
|
|
||||||
|
|
||||||
use alloc::sync::Arc;
|
|
||||||
use alloc::vec::Vec;
|
|
||||||
use core::marker::PhantomData;
|
|
||||||
|
|
||||||
impl ConfigBuilder<ServerConfig, WantsVerifier> {
|
impl ConfigBuilder<ServerConfig, WantsVerifier> {
|
||||||
/// Choose how to verify client certificates.
|
/// Choose how to verify client certificates.
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
use crate::sign;
|
|
||||||
|
|
||||||
use pki_types::CertificateDer;
|
use pki_types::CertificateDer;
|
||||||
|
|
||||||
|
use crate::sign;
|
||||||
|
|
||||||
/// ActiveCertifiedKey wraps [`sign::CertifiedKey`] and tracks OSCP state in a single handshake.
|
/// ActiveCertifiedKey wraps [`sign::CertifiedKey`] and tracks OSCP state in a single handshake.
|
||||||
pub(super) struct ActiveCertifiedKey<'a> {
|
pub(super) struct ActiveCertifiedKey<'a> {
|
||||||
key: &'a sign::CertifiedKey,
|
key: &'a sign::CertifiedKey,
|
||||||
|
|
|
@ -1,12 +1,11 @@
|
||||||
use crate::msgs::handshake::CertificateChain;
|
|
||||||
use crate::server;
|
|
||||||
use crate::server::ClientHello;
|
|
||||||
use crate::sign;
|
|
||||||
|
|
||||||
use alloc::sync::Arc;
|
use alloc::sync::Arc;
|
||||||
use alloc::vec::Vec;
|
use alloc::vec::Vec;
|
||||||
use core::fmt::Debug;
|
use core::fmt::Debug;
|
||||||
|
|
||||||
|
use crate::msgs::handshake::CertificateChain;
|
||||||
|
use crate::server::ClientHello;
|
||||||
|
use crate::{server, sign};
|
||||||
|
|
||||||
/// Something which never stores sessions.
|
/// Something which never stores sessions.
|
||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
pub struct NoServerSessionStorage {}
|
pub struct NoServerSessionStorage {}
|
||||||
|
@ -28,14 +27,13 @@ impl server::StoresServerSessions for NoServerSessionStorage {
|
||||||
|
|
||||||
#[cfg(feature = "std")]
|
#[cfg(feature = "std")]
|
||||||
mod cache {
|
mod cache {
|
||||||
use crate::limited_cache;
|
|
||||||
use crate::server;
|
|
||||||
|
|
||||||
use alloc::sync::Arc;
|
use alloc::sync::Arc;
|
||||||
use alloc::vec::Vec;
|
use alloc::vec::Vec;
|
||||||
use core::fmt::{Debug, Formatter};
|
use core::fmt::{Debug, Formatter};
|
||||||
use std::sync::Mutex;
|
use std::sync::Mutex;
|
||||||
|
|
||||||
|
use crate::{limited_cache, server};
|
||||||
|
|
||||||
/// An implementer of `StoresServerSessions` that stores everything
|
/// An implementer of `StoresServerSessions` that stores everything
|
||||||
/// in memory. If enforces a limit on the number of stored sessions
|
/// in memory. If enforces a limit on the number of stored sessions
|
||||||
/// to bound memory usage.
|
/// to bound memory usage.
|
||||||
|
@ -89,9 +87,10 @@ mod cache {
|
||||||
|
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
mod tests {
|
mod tests {
|
||||||
|
use std::vec;
|
||||||
|
|
||||||
use super::*;
|
use super::*;
|
||||||
use crate::server::StoresServerSessions;
|
use crate::server::StoresServerSessions;
|
||||||
use std::vec;
|
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn test_serversessionmemorycache_accepts_put() {
|
fn test_serversessionmemorycache_accepts_put() {
|
||||||
|
@ -198,19 +197,18 @@ impl server::ResolvesServerCert for AlwaysResolvesChain {
|
||||||
|
|
||||||
#[cfg(feature = "std")]
|
#[cfg(feature = "std")]
|
||||||
mod sni_resolver {
|
mod sni_resolver {
|
||||||
use crate::error::Error;
|
|
||||||
use crate::server;
|
|
||||||
use crate::server::ClientHello;
|
|
||||||
use crate::sign;
|
|
||||||
use crate::webpki::{verify_server_name, ParsedCertificate};
|
|
||||||
|
|
||||||
use pki_types::{DnsName, ServerName};
|
|
||||||
|
|
||||||
use alloc::string::{String, ToString};
|
use alloc::string::{String, ToString};
|
||||||
use alloc::sync::Arc;
|
use alloc::sync::Arc;
|
||||||
use core::fmt::Debug;
|
use core::fmt::Debug;
|
||||||
use std::collections::HashMap;
|
use std::collections::HashMap;
|
||||||
|
|
||||||
|
use pki_types::{DnsName, ServerName};
|
||||||
|
|
||||||
|
use crate::error::Error;
|
||||||
|
use crate::server::ClientHello;
|
||||||
|
use crate::webpki::{verify_server_name, ParsedCertificate};
|
||||||
|
use crate::{server, sign};
|
||||||
|
|
||||||
/// Something that resolves do different cert chains/keys based
|
/// Something that resolves do different cert chains/keys based
|
||||||
/// on client-supplied server name (via SNI).
|
/// on client-supplied server name (via SNI).
|
||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
|
@ -302,11 +300,11 @@ pub use sni_resolver::ResolvesServerCertUsingSni;
|
||||||
|
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
mod tests {
|
mod tests {
|
||||||
use super::*;
|
|
||||||
use crate::server::ProducesTickets;
|
|
||||||
use crate::server::StoresServerSessions;
|
|
||||||
use std::vec;
|
use std::vec;
|
||||||
|
|
||||||
|
use super::*;
|
||||||
|
use crate::server::{ProducesTickets, StoresServerSessions};
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn test_noserversessionstorage_drops_put() {
|
fn test_noserversessionstorage_drops_put() {
|
||||||
let c = NoServerSessionStorage {};
|
let c = NoServerSessionStorage {};
|
||||||
|
|
|
@ -1,3 +1,13 @@
|
||||||
|
use alloc::borrow::ToOwned;
|
||||||
|
use alloc::boxed::Box;
|
||||||
|
use alloc::sync::Arc;
|
||||||
|
use alloc::vec::Vec;
|
||||||
|
|
||||||
|
use pki_types::DnsName;
|
||||||
|
|
||||||
|
use super::server_conn::ServerConnectionData;
|
||||||
|
#[cfg(feature = "tls12")]
|
||||||
|
use super::tls12;
|
||||||
use crate::common_state::{Protocol, State};
|
use crate::common_state::{Protocol, State};
|
||||||
use crate::conn::ConnectionRandoms;
|
use crate::conn::ConnectionRandoms;
|
||||||
use crate::crypto::SupportedKxGroup;
|
use crate::crypto::SupportedKxGroup;
|
||||||
|
@ -12,26 +22,15 @@ use crate::log::{debug, trace};
|
||||||
use crate::msgs::enums::{Compression, ExtensionType, NamedGroup};
|
use crate::msgs::enums::{Compression, ExtensionType, NamedGroup};
|
||||||
#[cfg(feature = "tls12")]
|
#[cfg(feature = "tls12")]
|
||||||
use crate::msgs::handshake::SessionId;
|
use crate::msgs::handshake::SessionId;
|
||||||
use crate::msgs::handshake::{ClientHelloPayload, KeyExchangeAlgorithm, Random, ServerExtension};
|
use crate::msgs::handshake::{
|
||||||
use crate::msgs::handshake::{ConvertProtocolNameList, ConvertServerNameList, HandshakePayload};
|
ClientHelloPayload, ConvertProtocolNameList, ConvertServerNameList, HandshakePayload,
|
||||||
|
KeyExchangeAlgorithm, Random, ServerExtension,
|
||||||
|
};
|
||||||
use crate::msgs::message::{Message, MessagePayload};
|
use crate::msgs::message::{Message, MessagePayload};
|
||||||
use crate::msgs::persist;
|
use crate::msgs::persist;
|
||||||
use crate::server::{ClientHello, ServerConfig};
|
|
||||||
use crate::suites;
|
|
||||||
use crate::SupportedCipherSuite;
|
|
||||||
|
|
||||||
use super::server_conn::ServerConnectionData;
|
|
||||||
#[cfg(feature = "tls12")]
|
|
||||||
use super::tls12;
|
|
||||||
use crate::server::common::ActiveCertifiedKey;
|
use crate::server::common::ActiveCertifiedKey;
|
||||||
use crate::server::tls13;
|
use crate::server::{tls13, ClientHello, ServerConfig};
|
||||||
|
use crate::{suites, SupportedCipherSuite};
|
||||||
use pki_types::DnsName;
|
|
||||||
|
|
||||||
use alloc::borrow::ToOwned;
|
|
||||||
use alloc::boxed::Box;
|
|
||||||
use alloc::sync::Arc;
|
|
||||||
use alloc::vec::Vec;
|
|
||||||
|
|
||||||
pub(super) type NextState<'a> = Box<dyn State<ServerConnectionData> + 'a>;
|
pub(super) type NextState<'a> = Box<dyn State<ServerConnectionData> + 'a>;
|
||||||
pub(super) type NextStateOrError<'a> = Result<NextState<'a>, Error>;
|
pub(super) type NextStateOrError<'a> = Result<NextState<'a>, Error>;
|
||||||
|
|
|
@ -1,8 +1,23 @@
|
||||||
|
use alloc::boxed::Box;
|
||||||
|
use alloc::sync::Arc;
|
||||||
|
use alloc::vec::Vec;
|
||||||
|
use core::fmt;
|
||||||
|
use core::fmt::{Debug, Formatter};
|
||||||
|
use core::marker::PhantomData;
|
||||||
|
use core::ops::{Deref, DerefMut};
|
||||||
|
#[cfg(feature = "std")]
|
||||||
|
use std::io;
|
||||||
|
|
||||||
|
use pki_types::{DnsName, UnixTime};
|
||||||
|
|
||||||
|
use super::hs;
|
||||||
use crate::builder::ConfigBuilder;
|
use crate::builder::ConfigBuilder;
|
||||||
#[cfg(feature = "std")]
|
#[cfg(feature = "std")]
|
||||||
use crate::common_state::Protocol;
|
use crate::common_state::Protocol;
|
||||||
use crate::common_state::{CommonState, Side, State};
|
use crate::common_state::{CommonState, Side, State};
|
||||||
use crate::conn::{ConnectionCommon, ConnectionCore, UnbufferedConnectionCommon};
|
use crate::conn::{ConnectionCommon, ConnectionCore, UnbufferedConnectionCommon};
|
||||||
|
#[cfg(doc)]
|
||||||
|
use crate::crypto;
|
||||||
use crate::crypto::CryptoProvider;
|
use crate::crypto::CryptoProvider;
|
||||||
use crate::enums::{CipherSuite, ProtocolVersion, SignatureScheme};
|
use crate::enums::{CipherSuite, ProtocolVersion, SignatureScheme};
|
||||||
use crate::error::Error;
|
use crate::error::Error;
|
||||||
|
@ -15,29 +30,9 @@ use crate::msgs::message::Message;
|
||||||
use crate::time_provider::DefaultTimeProvider;
|
use crate::time_provider::DefaultTimeProvider;
|
||||||
use crate::time_provider::TimeProvider;
|
use crate::time_provider::TimeProvider;
|
||||||
use crate::vecbuf::ChunkVecBuffer;
|
use crate::vecbuf::ChunkVecBuffer;
|
||||||
use crate::verify;
|
|
||||||
use crate::versions;
|
|
||||||
use crate::KeyLog;
|
|
||||||
#[cfg(feature = "std")]
|
#[cfg(feature = "std")]
|
||||||
use crate::WantsVerifier;
|
use crate::WantsVerifier;
|
||||||
use crate::{sign, WantsVersions};
|
use crate::{sign, verify, versions, KeyLog, WantsVersions};
|
||||||
|
|
||||||
use super::hs;
|
|
||||||
|
|
||||||
use pki_types::{DnsName, UnixTime};
|
|
||||||
|
|
||||||
use alloc::boxed::Box;
|
|
||||||
use alloc::sync::Arc;
|
|
||||||
use alloc::vec::Vec;
|
|
||||||
use core::fmt;
|
|
||||||
use core::fmt::{Debug, Formatter};
|
|
||||||
use core::marker::PhantomData;
|
|
||||||
use core::ops::{Deref, DerefMut};
|
|
||||||
#[cfg(feature = "std")]
|
|
||||||
use std::io;
|
|
||||||
|
|
||||||
#[cfg(doc)]
|
|
||||||
use crate::crypto;
|
|
||||||
|
|
||||||
/// A trait for the ability to store server session data.
|
/// A trait for the ability to store server session data.
|
||||||
///
|
///
|
||||||
|
@ -503,13 +498,6 @@ impl ServerConfig {
|
||||||
|
|
||||||
#[cfg(feature = "std")]
|
#[cfg(feature = "std")]
|
||||||
mod connection {
|
mod connection {
|
||||||
use crate::common_state::{CommonState, Context, Side};
|
|
||||||
use crate::conn::{ConnectionCommon, ConnectionCore};
|
|
||||||
use crate::error::Error;
|
|
||||||
use crate::server::hs;
|
|
||||||
use crate::suites::ExtractedSecrets;
|
|
||||||
use crate::vecbuf::ChunkVecBuffer;
|
|
||||||
|
|
||||||
use alloc::boxed::Box;
|
use alloc::boxed::Box;
|
||||||
use alloc::sync::Arc;
|
use alloc::sync::Arc;
|
||||||
use alloc::vec::Vec;
|
use alloc::vec::Vec;
|
||||||
|
@ -519,6 +507,12 @@ mod connection {
|
||||||
use std::io;
|
use std::io;
|
||||||
|
|
||||||
use super::{Accepted, Accepting, EarlyDataState, ServerConfig, ServerConnectionData};
|
use super::{Accepted, Accepting, EarlyDataState, ServerConfig, ServerConnectionData};
|
||||||
|
use crate::common_state::{CommonState, Context, Side};
|
||||||
|
use crate::conn::{ConnectionCommon, ConnectionCore};
|
||||||
|
use crate::error::Error;
|
||||||
|
use crate::server::hs;
|
||||||
|
use crate::suites::ExtractedSecrets;
|
||||||
|
use crate::vecbuf::ChunkVecBuffer;
|
||||||
|
|
||||||
/// Allows reading of early data in resumed TLS1.3 connections.
|
/// Allows reading of early data in resumed TLS1.3 connections.
|
||||||
///
|
///
|
||||||
|
@ -1099,9 +1093,10 @@ impl crate::conn::SideData for ServerConnectionData {}
|
||||||
#[cfg(feature = "std")]
|
#[cfg(feature = "std")]
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
mod tests {
|
mod tests {
|
||||||
use super::*;
|
|
||||||
use std::format;
|
use std::format;
|
||||||
|
|
||||||
|
use super::*;
|
||||||
|
|
||||||
// these branches not reachable externally, unless something else goes wrong.
|
// these branches not reachable externally, unless something else goes wrong.
|
||||||
#[test]
|
#[test]
|
||||||
fn test_read_in_new_state() {
|
fn test_read_in_new_state() {
|
||||||
|
|
|
@ -1,9 +1,22 @@
|
||||||
|
use alloc::borrow::ToOwned;
|
||||||
|
use alloc::boxed::Box;
|
||||||
|
use alloc::string::ToString;
|
||||||
|
use alloc::sync::Arc;
|
||||||
|
use alloc::vec;
|
||||||
|
use alloc::vec::Vec;
|
||||||
|
|
||||||
|
pub(super) use client_hello::CompleteClientHelloHandling;
|
||||||
|
use pki_types::UnixTime;
|
||||||
|
use subtle::ConstantTimeEq;
|
||||||
|
|
||||||
|
use super::common::ActiveCertifiedKey;
|
||||||
|
use super::hs::{self, ServerContext};
|
||||||
|
use super::server_conn::{ProducesTickets, ServerConfig, ServerConnectionData};
|
||||||
use crate::check::inappropriate_message;
|
use crate::check::inappropriate_message;
|
||||||
use crate::common_state::{CommonState, Side, State};
|
use crate::common_state::{CommonState, Side, State};
|
||||||
use crate::conn::ConnectionRandoms;
|
use crate::conn::ConnectionRandoms;
|
||||||
use crate::crypto::ActiveKeyExchange;
|
use crate::crypto::ActiveKeyExchange;
|
||||||
use crate::enums::ProtocolVersion;
|
use crate::enums::{AlertDescription, ContentType, HandshakeType, ProtocolVersion};
|
||||||
use crate::enums::{AlertDescription, ContentType, HandshakeType};
|
|
||||||
use crate::error::{Error, PeerIncompatible, PeerMisbehaved};
|
use crate::error::{Error, PeerIncompatible, PeerMisbehaved};
|
||||||
use crate::hash_hs::HandshakeHash;
|
use crate::hash_hs::HandshakeHash;
|
||||||
#[cfg(feature = "logging")]
|
#[cfg(feature = "logging")]
|
||||||
|
@ -13,47 +26,29 @@ use crate::msgs::ccs::ChangeCipherSpecPayload;
|
||||||
use crate::msgs::codec::Codec;
|
use crate::msgs::codec::Codec;
|
||||||
use crate::msgs::handshake::{
|
use crate::msgs::handshake::{
|
||||||
CertificateChain, ClientKeyExchangeParams, HandshakeMessagePayload, HandshakePayload,
|
CertificateChain, ClientKeyExchangeParams, HandshakeMessagePayload, HandshakePayload,
|
||||||
|
NewSessionTicketPayload, SessionId,
|
||||||
};
|
};
|
||||||
use crate::msgs::handshake::{NewSessionTicketPayload, SessionId};
|
|
||||||
use crate::msgs::message::{Message, MessagePayload};
|
use crate::msgs::message::{Message, MessagePayload};
|
||||||
use crate::msgs::persist;
|
use crate::msgs::persist;
|
||||||
use crate::suites::PartiallyExtractedSecrets;
|
use crate::suites::PartiallyExtractedSecrets;
|
||||||
use crate::tls12::{self, ConnectionSecrets, Tls12CipherSuite};
|
use crate::tls12::{self, ConnectionSecrets, Tls12CipherSuite};
|
||||||
use crate::verify;
|
use crate::verify;
|
||||||
|
|
||||||
use super::common::ActiveCertifiedKey;
|
|
||||||
use super::hs::{self, ServerContext};
|
|
||||||
use super::server_conn::{ProducesTickets, ServerConfig, ServerConnectionData};
|
|
||||||
|
|
||||||
use pki_types::UnixTime;
|
|
||||||
use subtle::ConstantTimeEq;
|
|
||||||
|
|
||||||
use alloc::borrow::ToOwned;
|
|
||||||
use alloc::boxed::Box;
|
|
||||||
use alloc::string::ToString;
|
|
||||||
use alloc::sync::Arc;
|
|
||||||
use alloc::vec;
|
|
||||||
use alloc::vec::Vec;
|
|
||||||
|
|
||||||
pub(super) use client_hello::CompleteClientHelloHandling;
|
|
||||||
|
|
||||||
mod client_hello {
|
mod client_hello {
|
||||||
use pki_types::CertificateDer;
|
use pki_types::CertificateDer;
|
||||||
|
|
||||||
|
use super::*;
|
||||||
use crate::crypto::SupportedKxGroup;
|
use crate::crypto::SupportedKxGroup;
|
||||||
use crate::enums::SignatureScheme;
|
use crate::enums::SignatureScheme;
|
||||||
use crate::msgs::enums::ECPointFormat;
|
use crate::msgs::enums::{ClientCertificateType, Compression, ECPointFormat};
|
||||||
use crate::msgs::enums::{ClientCertificateType, Compression};
|
use crate::msgs::handshake::{
|
||||||
use crate::msgs::handshake::CertificateStatus;
|
CertificateRequestPayload, CertificateStatus, ClientExtension, ClientHelloPayload,
|
||||||
use crate::msgs::handshake::{CertificateRequestPayload, ClientSessionTicket, Random};
|
ClientSessionTicket, Random, ServerExtension, ServerHelloPayload, ServerKeyExchange,
|
||||||
use crate::msgs::handshake::{ClientExtension, ClientHelloPayload, ServerHelloPayload};
|
ServerKeyExchangeParams, ServerKeyExchangePayload,
|
||||||
use crate::msgs::handshake::{ServerExtension, ServerKeyExchangePayload};
|
};
|
||||||
use crate::msgs::handshake::{ServerKeyExchange, ServerKeyExchangeParams};
|
|
||||||
use crate::sign;
|
use crate::sign;
|
||||||
use crate::verify::DigitallySignedStruct;
|
use crate::verify::DigitallySignedStruct;
|
||||||
|
|
||||||
use super::*;
|
|
||||||
|
|
||||||
pub(in crate::server) struct CompleteClientHelloHandling {
|
pub(in crate::server) struct CompleteClientHelloHandling {
|
||||||
pub(in crate::server) config: Arc<ServerConfig>,
|
pub(in crate::server) config: Arc<ServerConfig>,
|
||||||
pub(in crate::server) transcript: HandshakeHash,
|
pub(in crate::server) transcript: HandshakeHash,
|
||||||
|
|
|
@ -1,66 +1,51 @@
|
||||||
use crate::check::inappropriate_handshake_message;
|
|
||||||
use crate::check::inappropriate_message;
|
|
||||||
use crate::common_state::Protocol;
|
|
||||||
use crate::common_state::{CommonState, Side, State};
|
|
||||||
use crate::conn::ConnectionRandoms;
|
|
||||||
use crate::enums::ProtocolVersion;
|
|
||||||
use crate::enums::{AlertDescription, ContentType, HandshakeType};
|
|
||||||
use crate::error::{Error, PeerIncompatible, PeerMisbehaved};
|
|
||||||
use crate::hash_hs::HandshakeHash;
|
|
||||||
#[cfg(feature = "logging")]
|
|
||||||
use crate::log::{debug, trace, warn};
|
|
||||||
use crate::msgs::codec::Codec;
|
|
||||||
use crate::msgs::enums::KeyUpdateRequest;
|
|
||||||
use crate::msgs::handshake::CertificateChain;
|
|
||||||
use crate::msgs::handshake::HandshakeMessagePayload;
|
|
||||||
use crate::msgs::handshake::HandshakePayload;
|
|
||||||
use crate::msgs::handshake::{NewSessionTicketExtension, NewSessionTicketPayloadTls13};
|
|
||||||
use crate::msgs::message::{Message, MessagePayload};
|
|
||||||
use crate::msgs::persist;
|
|
||||||
use crate::rand;
|
|
||||||
use crate::server::ServerConfig;
|
|
||||||
use crate::suites::PartiallyExtractedSecrets;
|
|
||||||
use crate::tls13::construct_client_verify_message;
|
|
||||||
use crate::tls13::construct_server_verify_message;
|
|
||||||
use crate::tls13::key_schedule::{KeyScheduleTraffic, KeyScheduleTrafficWithClientFinishedPending};
|
|
||||||
use crate::tls13::Tls13CipherSuite;
|
|
||||||
use crate::verify;
|
|
||||||
|
|
||||||
use super::hs::{self, HandshakeHashOrBuffer, ServerContext};
|
|
||||||
use super::server_conn::ServerConnectionData;
|
|
||||||
|
|
||||||
use alloc::borrow::ToOwned;
|
use alloc::borrow::ToOwned;
|
||||||
use alloc::boxed::Box;
|
use alloc::boxed::Box;
|
||||||
use alloc::sync::Arc;
|
use alloc::sync::Arc;
|
||||||
use alloc::vec;
|
use alloc::vec;
|
||||||
use alloc::vec::Vec;
|
use alloc::vec::Vec;
|
||||||
|
|
||||||
|
pub(super) use client_hello::CompleteClientHelloHandling;
|
||||||
use pki_types::{CertificateDer, UnixTime};
|
use pki_types::{CertificateDer, UnixTime};
|
||||||
use subtle::ConstantTimeEq;
|
use subtle::ConstantTimeEq;
|
||||||
|
|
||||||
pub(super) use client_hello::CompleteClientHelloHandling;
|
use super::hs::{self, HandshakeHashOrBuffer, ServerContext};
|
||||||
|
use super::server_conn::ServerConnectionData;
|
||||||
|
use crate::check::{inappropriate_handshake_message, inappropriate_message};
|
||||||
|
use crate::common_state::{CommonState, Protocol, Side, State};
|
||||||
|
use crate::conn::ConnectionRandoms;
|
||||||
|
use crate::enums::{AlertDescription, ContentType, HandshakeType, ProtocolVersion};
|
||||||
|
use crate::error::{Error, PeerIncompatible, PeerMisbehaved};
|
||||||
|
use crate::hash_hs::HandshakeHash;
|
||||||
|
#[cfg(feature = "logging")]
|
||||||
|
use crate::log::{debug, trace, warn};
|
||||||
|
use crate::msgs::codec::Codec;
|
||||||
|
use crate::msgs::enums::KeyUpdateRequest;
|
||||||
|
use crate::msgs::handshake::{
|
||||||
|
CertificateChain, HandshakeMessagePayload, HandshakePayload, NewSessionTicketExtension,
|
||||||
|
NewSessionTicketPayloadTls13,
|
||||||
|
};
|
||||||
|
use crate::msgs::message::{Message, MessagePayload};
|
||||||
|
use crate::msgs::persist;
|
||||||
|
use crate::server::ServerConfig;
|
||||||
|
use crate::suites::PartiallyExtractedSecrets;
|
||||||
|
use crate::tls13::key_schedule::{KeyScheduleTraffic, KeyScheduleTrafficWithClientFinishedPending};
|
||||||
|
use crate::tls13::{
|
||||||
|
construct_client_verify_message, construct_server_verify_message, Tls13CipherSuite,
|
||||||
|
};
|
||||||
|
use crate::{rand, verify};
|
||||||
|
|
||||||
mod client_hello {
|
mod client_hello {
|
||||||
|
use super::*;
|
||||||
use crate::crypto::SupportedKxGroup;
|
use crate::crypto::SupportedKxGroup;
|
||||||
use crate::enums::SignatureScheme;
|
use crate::enums::SignatureScheme;
|
||||||
use crate::msgs::base::{Payload, PayloadU8};
|
use crate::msgs::base::{Payload, PayloadU8};
|
||||||
use crate::msgs::ccs::ChangeCipherSpecPayload;
|
use crate::msgs::ccs::ChangeCipherSpecPayload;
|
||||||
use crate::msgs::enums::NamedGroup;
|
use crate::msgs::enums::{Compression, NamedGroup, PSKKeyExchangeMode};
|
||||||
use crate::msgs::enums::{Compression, PSKKeyExchangeMode};
|
use crate::msgs::handshake::{
|
||||||
use crate::msgs::handshake::CertReqExtension;
|
CertReqExtension, CertificateEntry, CertificateExtension, CertificatePayloadTls13,
|
||||||
use crate::msgs::handshake::CertificateEntry;
|
CertificateRequestPayloadTls13, CertificateStatus, ClientHelloPayload, HelloRetryExtension,
|
||||||
use crate::msgs::handshake::CertificateExtension;
|
HelloRetryRequest, KeyShareEntry, Random, ServerExtension, ServerHelloPayload, SessionId,
|
||||||
use crate::msgs::handshake::CertificatePayloadTls13;
|
};
|
||||||
use crate::msgs::handshake::CertificateRequestPayloadTls13;
|
|
||||||
use crate::msgs::handshake::CertificateStatus;
|
|
||||||
use crate::msgs::handshake::ClientHelloPayload;
|
|
||||||
use crate::msgs::handshake::HelloRetryExtension;
|
|
||||||
use crate::msgs::handshake::HelloRetryRequest;
|
|
||||||
use crate::msgs::handshake::KeyShareEntry;
|
|
||||||
use crate::msgs::handshake::Random;
|
|
||||||
use crate::msgs::handshake::ServerExtension;
|
|
||||||
use crate::msgs::handshake::ServerHelloPayload;
|
|
||||||
use crate::msgs::handshake::SessionId;
|
|
||||||
use crate::server::common::ActiveCertifiedKey;
|
use crate::server::common::ActiveCertifiedKey;
|
||||||
use crate::sign;
|
use crate::sign;
|
||||||
use crate::tls13::key_schedule::{
|
use crate::tls13::key_schedule::{
|
||||||
|
@ -68,8 +53,6 @@ mod client_hello {
|
||||||
};
|
};
|
||||||
use crate::verify::DigitallySignedStruct;
|
use crate::verify::DigitallySignedStruct;
|
||||||
|
|
||||||
use super::*;
|
|
||||||
|
|
||||||
#[derive(PartialEq)]
|
#[derive(PartialEq)]
|
||||||
pub(super) enum EarlyDataDecision {
|
pub(super) enum EarlyDataDecision {
|
||||||
Disabled,
|
Disabled,
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
use crate::conn::{ConnectionCommon, SideData};
|
|
||||||
|
|
||||||
use core::ops::{Deref, DerefMut};
|
use core::ops::{Deref, DerefMut};
|
||||||
use std::io::{IoSlice, Read, Result, Write};
|
use std::io::{IoSlice, Read, Result, Write};
|
||||||
|
|
||||||
|
use crate::conn::{ConnectionCommon, SideData};
|
||||||
|
|
||||||
/// This type implements `io::Read` and `io::Write`, encapsulating
|
/// This type implements `io::Read` and `io::Write`, encapsulating
|
||||||
/// a Connection `C` and an underlying transport `T`, such as a socket.
|
/// a Connection `C` and an underlying transport `T`, such as a socket.
|
||||||
///
|
///
|
||||||
|
@ -221,10 +221,11 @@ where
|
||||||
|
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
mod tests {
|
mod tests {
|
||||||
|
use std::net::TcpStream;
|
||||||
|
|
||||||
use super::{Stream, StreamOwned};
|
use super::{Stream, StreamOwned};
|
||||||
use crate::client::ClientConnection;
|
use crate::client::ClientConnection;
|
||||||
use crate::server::ServerConnection;
|
use crate::server::ServerConnection;
|
||||||
use std::net::TcpStream;
|
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn stream_can_be_created_for_connection_and_tcpstream() {
|
fn stream_can_be_created_for_connection_and_tcpstream() {
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
use core::fmt;
|
||||||
|
|
||||||
use crate::common_state::Protocol;
|
use crate::common_state::Protocol;
|
||||||
use crate::crypto::cipher::{AeadKey, Iv};
|
use crate::crypto::cipher::{AeadKey, Iv};
|
||||||
use crate::crypto::{self, KeyExchangeAlgorithm};
|
use crate::crypto::{self, KeyExchangeAlgorithm};
|
||||||
|
@ -10,8 +12,6 @@ use crate::tls13::Tls13CipherSuite;
|
||||||
use crate::versions::TLS12;
|
use crate::versions::TLS12;
|
||||||
use crate::versions::{SupportedProtocolVersion, TLS13};
|
use crate::versions::{SupportedProtocolVersion, TLS13};
|
||||||
|
|
||||||
use core::fmt;
|
|
||||||
|
|
||||||
/// Common state for cipher suites (both for TLS 1.2 and TLS 1.3)
|
/// Common state for cipher suites (both for TLS 1.2 and TLS 1.3)
|
||||||
pub struct CipherSuiteCommon {
|
pub struct CipherSuiteCommon {
|
||||||
/// The TLS enumeration naming this cipher suite.
|
/// The TLS enumeration naming this cipher suite.
|
||||||
|
|
|
@ -1,14 +1,13 @@
|
||||||
use crate::rand;
|
|
||||||
use crate::server::ProducesTickets;
|
|
||||||
use crate::Error;
|
|
||||||
|
|
||||||
use pki_types::UnixTime;
|
|
||||||
|
|
||||||
use alloc::boxed::Box;
|
use alloc::boxed::Box;
|
||||||
use alloc::vec::Vec;
|
use alloc::vec::Vec;
|
||||||
use core::mem;
|
use core::mem;
|
||||||
use std::sync::{Mutex, MutexGuard};
|
use std::sync::{Mutex, MutexGuard};
|
||||||
|
|
||||||
|
use pki_types::UnixTime;
|
||||||
|
|
||||||
|
use crate::server::ProducesTickets;
|
||||||
|
use crate::{rand, Error};
|
||||||
|
|
||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
pub(crate) struct TicketSwitcherState {
|
pub(crate) struct TicketSwitcherState {
|
||||||
next: Option<Box<dyn ProducesTickets>>,
|
next: Option<Box<dyn ProducesTickets>>,
|
||||||
|
|
|
@ -1,3 +1,10 @@
|
||||||
|
use alloc::boxed::Box;
|
||||||
|
use alloc::vec;
|
||||||
|
use alloc::vec::Vec;
|
||||||
|
use core::fmt;
|
||||||
|
|
||||||
|
use zeroize::Zeroize;
|
||||||
|
|
||||||
use crate::common_state::{CommonState, Side};
|
use crate::common_state::{CommonState, Side};
|
||||||
use crate::conn::ConnectionRandoms;
|
use crate::conn::ConnectionRandoms;
|
||||||
use crate::crypto;
|
use crate::crypto;
|
||||||
|
@ -9,13 +16,6 @@ use crate::msgs::codec::{Codec, Reader};
|
||||||
use crate::msgs::handshake::{KeyExchangeAlgorithm, KxDecode};
|
use crate::msgs::handshake::{KeyExchangeAlgorithm, KxDecode};
|
||||||
use crate::suites::{CipherSuiteCommon, PartiallyExtractedSecrets, SupportedCipherSuite};
|
use crate::suites::{CipherSuiteCommon, PartiallyExtractedSecrets, SupportedCipherSuite};
|
||||||
|
|
||||||
use alloc::boxed::Box;
|
|
||||||
use alloc::vec;
|
|
||||||
use alloc::vec::Vec;
|
|
||||||
use core::fmt;
|
|
||||||
|
|
||||||
use zeroize::Zeroize;
|
|
||||||
|
|
||||||
/// A TLS 1.2 cipher suite supported by rustls.
|
/// A TLS 1.2 cipher suite supported by rustls.
|
||||||
pub struct Tls12CipherSuite {
|
pub struct Tls12CipherSuite {
|
||||||
/// Common cipher suite fields.
|
/// Common cipher suite fields.
|
||||||
|
|
|
@ -1,14 +1,13 @@
|
||||||
|
use alloc::boxed::Box;
|
||||||
|
use alloc::string::ToString;
|
||||||
|
|
||||||
use crate::common_state::{CommonState, Side};
|
use crate::common_state::{CommonState, Side};
|
||||||
use crate::crypto::cipher::{AeadKey, Iv, MessageDecrypter};
|
use crate::crypto::cipher::{AeadKey, Iv, MessageDecrypter};
|
||||||
use crate::crypto::tls13::{expand, Hkdf, HkdfExpander, OkmBlock, OutputLengthError};
|
use crate::crypto::tls13::{expand, Hkdf, HkdfExpander, OkmBlock, OutputLengthError};
|
||||||
use crate::crypto::{hash, hmac, ActiveKeyExchange};
|
use crate::crypto::{hash, hmac, ActiveKeyExchange};
|
||||||
use crate::error::Error;
|
use crate::error::Error;
|
||||||
use crate::quic;
|
|
||||||
use crate::suites::PartiallyExtractedSecrets;
|
use crate::suites::PartiallyExtractedSecrets;
|
||||||
use crate::{KeyLog, Tls13CipherSuite};
|
use crate::{quic, KeyLog, Tls13CipherSuite};
|
||||||
|
|
||||||
use alloc::boxed::Box;
|
|
||||||
use alloc::string::ToString;
|
|
||||||
|
|
||||||
/// Key schedule maintenance for TLS1.3
|
/// Key schedule maintenance for TLS1.3
|
||||||
|
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
|
use alloc::vec::Vec;
|
||||||
|
use core::fmt;
|
||||||
|
|
||||||
use crate::crypto;
|
use crate::crypto;
|
||||||
use crate::crypto::hash;
|
use crate::crypto::hash;
|
||||||
use crate::suites::{CipherSuiteCommon, SupportedCipherSuite};
|
use crate::suites::{CipherSuiteCommon, SupportedCipherSuite};
|
||||||
|
|
||||||
use alloc::vec::Vec;
|
|
||||||
use core::fmt;
|
|
||||||
|
|
||||||
pub(crate) mod key_schedule;
|
pub(crate) mod key_schedule;
|
||||||
|
|
||||||
/// A TLS 1.3 cipher suite supported by rustls.
|
/// A TLS 1.3 cipher suite supported by rustls.
|
||||||
|
|
|
@ -6,13 +6,13 @@
|
||||||
use core::time::Duration;
|
use core::time::Duration;
|
||||||
use std::prelude::v1::*;
|
use std::prelude::v1::*;
|
||||||
|
|
||||||
|
use pki_types::{CertificateDer, ServerName, UnixTime};
|
||||||
|
use webpki_roots;
|
||||||
|
|
||||||
use crate::crypto::CryptoProvider;
|
use crate::crypto::CryptoProvider;
|
||||||
use crate::verify::ServerCertVerifier;
|
use crate::verify::ServerCertVerifier;
|
||||||
use crate::webpki::{RootCertStore, WebPkiServerVerifier};
|
use crate::webpki::{RootCertStore, WebPkiServerVerifier};
|
||||||
|
|
||||||
use pki_types::{CertificateDer, ServerName, UnixTime};
|
|
||||||
use webpki_roots;
|
|
||||||
|
|
||||||
bench_for_each_provider! {
|
bench_for_each_provider! {
|
||||||
use super::Context;
|
use super::Context;
|
||||||
|
|
||||||
|
|
|
@ -128,6 +128,7 @@ impl fmt::Debug for RootCertStore {
|
||||||
#[test]
|
#[test]
|
||||||
fn root_cert_store_debug() {
|
fn root_cert_store_debug() {
|
||||||
use core::iter;
|
use core::iter;
|
||||||
|
|
||||||
use pki_types::Der;
|
use pki_types::Der;
|
||||||
|
|
||||||
let ta = TrustAnchor {
|
let ta = TrustAnchor {
|
||||||
|
|
|
@ -5,21 +5,20 @@ use pki_types::{CertificateDer, CertificateRevocationListDer, UnixTime};
|
||||||
use webpki::{CertRevocationList, RevocationCheckDepth, UnknownStatusPolicy};
|
use webpki::{CertRevocationList, RevocationCheckDepth, UnknownStatusPolicy};
|
||||||
|
|
||||||
use super::{pki_error, VerifierBuilderError};
|
use super::{pki_error, VerifierBuilderError};
|
||||||
|
#[cfg(doc)]
|
||||||
|
use crate::crypto;
|
||||||
use crate::crypto::{CryptoProvider, WebPkiSupportedAlgorithms};
|
use crate::crypto::{CryptoProvider, WebPkiSupportedAlgorithms};
|
||||||
|
#[cfg(doc)]
|
||||||
|
use crate::server::ServerConfig;
|
||||||
use crate::verify::{
|
use crate::verify::{
|
||||||
ClientCertVerified, ClientCertVerifier, DigitallySignedStruct, HandshakeSignatureValid,
|
ClientCertVerified, ClientCertVerifier, DigitallySignedStruct, HandshakeSignatureValid,
|
||||||
NoClientAuth,
|
NoClientAuth,
|
||||||
};
|
};
|
||||||
use crate::webpki::parse_crls;
|
use crate::webpki::parse_crls;
|
||||||
use crate::webpki::verify::{verify_tls12_signature, verify_tls13_signature, ParsedCertificate};
|
use crate::webpki::verify::{verify_tls12_signature, verify_tls13_signature, ParsedCertificate};
|
||||||
use crate::{DistinguishedName, Error, RootCertStore, SignatureScheme};
|
|
||||||
|
|
||||||
#[cfg(doc)]
|
|
||||||
use crate::crypto;
|
|
||||||
#[cfg(doc)]
|
|
||||||
use crate::server::ServerConfig;
|
|
||||||
#[cfg(doc)]
|
#[cfg(doc)]
|
||||||
use crate::ConfigBuilder;
|
use crate::ConfigBuilder;
|
||||||
|
use crate::{DistinguishedName, Error, RootCertStore, SignatureScheme};
|
||||||
|
|
||||||
/// A builder for configuring a `webpki` client certificate verifier.
|
/// A builder for configuring a `webpki` client certificate verifier.
|
||||||
///
|
///
|
||||||
|
|
|
@ -14,17 +14,14 @@ mod server_verifier;
|
||||||
mod verify;
|
mod verify;
|
||||||
|
|
||||||
pub use anchors::RootCertStore;
|
pub use anchors::RootCertStore;
|
||||||
|
|
||||||
pub use client_verifier::{ClientCertVerifierBuilder, WebPkiClientVerifier};
|
pub use client_verifier::{ClientCertVerifierBuilder, WebPkiClientVerifier};
|
||||||
pub use server_verifier::{ServerCertVerifierBuilder, WebPkiServerVerifier};
|
pub use server_verifier::{ServerCertVerifierBuilder, WebPkiServerVerifier};
|
||||||
|
|
||||||
pub use verify::{verify_tls12_signature, verify_tls13_signature, WebPkiSupportedAlgorithms};
|
|
||||||
|
|
||||||
// Conditionally exported from crate.
|
// Conditionally exported from crate.
|
||||||
#[allow(unreachable_pub)]
|
#[allow(unreachable_pub)]
|
||||||
pub use verify::{
|
pub use verify::{
|
||||||
verify_server_cert_signed_by_trust_anchor, verify_server_name, ParsedCertificate,
|
verify_server_cert_signed_by_trust_anchor, verify_server_name, ParsedCertificate,
|
||||||
};
|
};
|
||||||
|
pub use verify::{verify_tls12_signature, verify_tls13_signature, WebPkiSupportedAlgorithms};
|
||||||
|
|
||||||
/// An error that can occur when building a certificate verifier.
|
/// An error that can occur when building a certificate verifier.
|
||||||
#[derive(Debug, Clone)]
|
#[derive(Debug, Clone)]
|
||||||
|
@ -150,7 +147,8 @@ mod tests {
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn crl_error_from_webpki() {
|
fn crl_error_from_webpki() {
|
||||||
use super::{crl_error, CertRevocationListError::*};
|
use super::crl_error;
|
||||||
|
use super::CertRevocationListError::*;
|
||||||
|
|
||||||
let testcases = &[
|
let testcases = &[
|
||||||
(webpki::Error::InvalidCrlSignatureForPublicKey, BadSignature),
|
(webpki::Error::InvalidCrlSignatureForPublicKey, BadSignature),
|
||||||
|
|
|
@ -1,5 +1,3 @@
|
||||||
#[cfg(feature = "logging")]
|
|
||||||
use crate::log::trace;
|
|
||||||
use alloc::sync::Arc;
|
use alloc::sync::Arc;
|
||||||
use alloc::vec::Vec;
|
use alloc::vec::Vec;
|
||||||
|
|
||||||
|
@ -7,6 +5,8 @@ use pki_types::{CertificateDer, CertificateRevocationListDer, ServerName, UnixTi
|
||||||
use webpki::{CertRevocationList, RevocationCheckDepth, UnknownStatusPolicy};
|
use webpki::{CertRevocationList, RevocationCheckDepth, UnknownStatusPolicy};
|
||||||
|
|
||||||
use crate::crypto::{CryptoProvider, WebPkiSupportedAlgorithms};
|
use crate::crypto::{CryptoProvider, WebPkiSupportedAlgorithms};
|
||||||
|
#[cfg(feature = "logging")]
|
||||||
|
use crate::log::trace;
|
||||||
use crate::verify::{
|
use crate::verify::{
|
||||||
DigitallySignedStruct, HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier,
|
DigitallySignedStruct, HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier,
|
||||||
};
|
};
|
||||||
|
@ -15,10 +15,9 @@ use crate::webpki::verify::{
|
||||||
ParsedCertificate,
|
ParsedCertificate,
|
||||||
};
|
};
|
||||||
use crate::webpki::{parse_crls, verify_server_name, VerifierBuilderError};
|
use crate::webpki::{parse_crls, verify_server_name, VerifierBuilderError};
|
||||||
use crate::{Error, RootCertStore, SignatureScheme};
|
|
||||||
|
|
||||||
#[cfg(doc)]
|
#[cfg(doc)]
|
||||||
use crate::{crypto, ConfigBuilder, ServerConfig};
|
use crate::{crypto, ConfigBuilder, ServerConfig};
|
||||||
|
use crate::{Error, RootCertStore, SignatureScheme};
|
||||||
|
|
||||||
/// A builder for configuring a `webpki` server certificate verifier.
|
/// A builder for configuring a `webpki` server certificate verifier.
|
||||||
///
|
///
|
||||||
|
|
|
@ -7,7 +7,6 @@ use super::anchors::RootCertStore;
|
||||||
use super::pki_error;
|
use super::pki_error;
|
||||||
use crate::enums::SignatureScheme;
|
use crate::enums::SignatureScheme;
|
||||||
use crate::error::{Error, PeerMisbehaved};
|
use crate::error::{Error, PeerMisbehaved};
|
||||||
|
|
||||||
use crate::verify::{DigitallySignedStruct, HandshakeSignatureValid};
|
use crate::verify::{DigitallySignedStruct, HandshakeSignatureValid};
|
||||||
|
|
||||||
/// Verify that the end-entity certificate `end_entity` is a valid server cert
|
/// Verify that the end-entity certificate `end_entity` is a valid server cert
|
||||||
|
@ -228,9 +227,10 @@ pub(crate) fn verify_server_cert_signed_by_trust_anchor_impl(
|
||||||
|
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
mod tests {
|
mod tests {
|
||||||
use super::*;
|
|
||||||
use std::format;
|
use std::format;
|
||||||
|
|
||||||
|
use super::*;
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn certificate_debug() {
|
fn certificate_debug() {
|
||||||
assert_eq!(
|
assert_eq!(
|
||||||
|
|
|
@ -42,9 +42,10 @@ const DER_SEQUENCE_TAG: u8 = 0x30;
|
||||||
|
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
mod tests {
|
mod tests {
|
||||||
use super::*;
|
|
||||||
use std::vec;
|
use std::vec;
|
||||||
|
|
||||||
|
use super::*;
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn test_empty() {
|
fn test_empty() {
|
||||||
assert_eq!(vec![0x30, 0x00], wrap_in_sequence(&[]));
|
assert_eq!(vec![0x30, 0x00], wrap_in_sequence(&[]));
|
||||||
|
|
|
@ -6,19 +6,16 @@ use std::ops::{Deref, DerefMut};
|
||||||
use std::sync::Arc;
|
use std::sync::Arc;
|
||||||
|
|
||||||
use pki_types::{CertificateDer, CertificateRevocationListDer, PrivateKeyDer, ServerName};
|
use pki_types::{CertificateDer, CertificateRevocationListDer, PrivateKeyDer, ServerName};
|
||||||
use webpki::anchor_from_trusted_cert;
|
|
||||||
|
|
||||||
use rustls::client::{ServerCertVerifierBuilder, WebPkiServerVerifier};
|
use rustls::client::{ServerCertVerifierBuilder, WebPkiServerVerifier};
|
||||||
use rustls::crypto::CryptoProvider;
|
use rustls::crypto::CryptoProvider;
|
||||||
use rustls::internal::msgs::codec::Reader;
|
use rustls::internal::msgs::codec::Reader;
|
||||||
use rustls::internal::msgs::message::{Message, OutboundOpaqueMessage, PlainMessage};
|
use rustls::internal::msgs::message::{Message, OutboundOpaqueMessage, PlainMessage};
|
||||||
use rustls::server::{ClientCertVerifierBuilder, WebPkiClientVerifier};
|
use rustls::server::{ClientCertVerifierBuilder, WebPkiClientVerifier};
|
||||||
use rustls::Connection;
|
use rustls::{
|
||||||
use rustls::Error;
|
ClientConfig, ClientConnection, Connection, ConnectionCommon, Error, ProtocolVersion,
|
||||||
use rustls::RootCertStore;
|
RootCertStore, ServerConfig, ServerConnection, SideData, SupportedCipherSuite,
|
||||||
use rustls::{ClientConfig, ClientConnection};
|
};
|
||||||
use rustls::{ConnectionCommon, ServerConfig, ServerConnection, SideData};
|
use webpki::anchor_from_trusted_cert;
|
||||||
use rustls::{ProtocolVersion, SupportedCipherSuite};
|
|
||||||
|
|
||||||
use super::provider;
|
use super::provider;
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
use base64::prelude::{Engine, BASE64_STANDARD};
|
use base64::prelude::{Engine, BASE64_STANDARD};
|
||||||
use pki_types::DnsName;
|
use pki_types::DnsName;
|
||||||
|
|
||||||
use rustls::internal::msgs::codec::{Codec, Reader};
|
use rustls::internal::msgs::codec::{Codec, Reader};
|
||||||
use rustls::internal::msgs::enums::{EchVersion, HpkeAead, HpkeKdf, HpkeKem};
|
use rustls::internal::msgs::enums::{EchVersion, HpkeAead, HpkeKdf, HpkeKem};
|
||||||
use rustls::internal::msgs::handshake::{EchConfig, HpkeKeyConfig, HpkeSymmetricCipherSuite};
|
use rustls::internal::msgs::handshake::{EchConfig, HpkeKeyConfig, HpkeSymmetricCipherSuite};
|
||||||
|
|
|
@ -21,10 +21,8 @@
|
||||||
//! file was created successfully, with the right permissions, etc., and that it
|
//! file was created successfully, with the right permissions, etc., and that it
|
||||||
//! contains something like what we expect.
|
//! contains something like what we expect.
|
||||||
|
|
||||||
use std::{
|
use std::env;
|
||||||
env,
|
use std::sync::{Mutex, Once};
|
||||||
sync::{Mutex, Once},
|
|
||||||
};
|
|
||||||
|
|
||||||
#[macro_use]
|
#[macro_use]
|
||||||
mod macros;
|
mod macros;
|
||||||
|
|
|
@ -4,15 +4,14 @@
|
||||||
//! executable, and runs tests in an indeterminate order. That restricts us
|
//! executable, and runs tests in an indeterminate order. That restricts us
|
||||||
//! to doing all the desired tests, in series, in one function.
|
//! to doing all the desired tests, in series, in one function.
|
||||||
|
|
||||||
use rustls::crypto::CryptoProvider;
|
|
||||||
use rustls::ClientConfig;
|
|
||||||
|
|
||||||
#[cfg(all(feature = "aws_lc_rs", not(feature = "ring")))]
|
#[cfg(all(feature = "aws_lc_rs", not(feature = "ring")))]
|
||||||
use rustls::crypto::aws_lc_rs as provider;
|
use rustls::crypto::aws_lc_rs as provider;
|
||||||
#[cfg(all(feature = "ring", not(feature = "aws_lc_rs")))]
|
#[cfg(all(feature = "ring", not(feature = "aws_lc_rs")))]
|
||||||
use rustls::crypto::ring as provider;
|
use rustls::crypto::ring as provider;
|
||||||
#[cfg(all(feature = "ring", feature = "aws_lc_rs"))]
|
#[cfg(all(feature = "ring", feature = "aws_lc_rs"))]
|
||||||
use rustls::crypto::ring as provider;
|
use rustls::crypto::ring as provider;
|
||||||
|
use rustls::crypto::CryptoProvider;
|
||||||
|
use rustls::ClientConfig;
|
||||||
|
|
||||||
mod common;
|
mod common;
|
||||||
use crate::common::*;
|
use crate::common::*;
|
||||||
|
|
Loading…
Reference in New Issue