rust/rustls
rust
/
rustls
mirror of https://github.com/ctz/rustls
1
0
Fork 0
Code Issues Releases Wiki Activity

Update to *ring* 0.7.

This commit is contained in:
Brian Smith 2017-02-18 12:52:29 -10:00
parent 3bb21abda5
commit 7381807dae
3 changed files with 29 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Cargo.toml
View File

@ -14,8 +14,8 @@ untrusted = "0.3.1"
time = "0.1.35"
base64 = "~0.2.0"
log = { version = "0.3.6", optional = true }
ring = { version = "0.6.3", features = ["rsa_signing"] }
webpki = "0.9.2"
ring = { version = "0.7", features = ["rsa_signing"] }
webpki = "0.10"
[features]
default = ["logging"]
@ -27,4 +27,4 @@ env_logger = "0.3.3"
mio = "0.5.1"
docopt = "0.6"
rustc-serialize = "0.3"
webpki-roots = "0.6.1"
webpki-roots = "0.7"

31
src/cipher.rs
View File

@ -165,10 +165,11 @@ impl MessageDecrypter for GCMMessageDecrypter {
let plain_len = try!(ring::aead::open_in_place(&self.dec_key,
&nonce,
&aad,
GCM_EXPLICIT_NONCE_LEN,
&mut buf,
&aad)
.map_err(|_| TLSError::DecryptError));
&mut buf)
.map_err(|_| TLSError::DecryptError))
.len();
if plain_len > MAX_FRAGMENT_LEN {
let msg = "peer sent oversized fragment".to_string();
@ -201,7 +202,7 @@ impl MessageEncrypter for GCMMessageEncrypter {
xor(&mut nonce[4..], &self.nonce_offset);
// make output buffer with room for nonce/tag
let tag_len = self.alg.max_overhead_len();
let tag_len = self.alg.tag_len();
let total_len = 8 + msg.payload.len() + tag_len;
let mut buf = Vec::with_capacity(total_len);
buf.extend_from_slice(&nonce[4..]);
@ -211,7 +212,7 @@ impl MessageEncrypter for GCMMessageEncrypter {
let mut aad = [0u8; TLS12_AAD_SIZE];
make_tls12_aad(seq, msg.typ, msg.version, msg.payload.len(), &mut aad);
try!(ring::aead::seal_in_place(&self.enc_key, &nonce, &mut buf[8..], tag_len, &aad)
try!(ring::aead::seal_in_place(&self.enc_key, &nonce, &aad, &mut buf[8..], tag_len)
.map_err(|_| TLSError::General("encrypt failed".to_string())));
Ok(Message {
@ -290,14 +291,14 @@ impl MessageEncrypter for TLS13MessageEncrypter {
xor(&mut nonce, &self.enc_offset);
// make output buffer with room for content type and tag
let tag_len = self.alg.max_overhead_len();
let tag_len = self.alg.tag_len();
let total_len = msg.payload.len() + 1 + tag_len;
let mut buf = Vec::with_capacity(total_len);
buf.extend_from_slice(msg.payload);
msg.typ.encode(&mut buf);
buf.resize(total_len, 0u8);
try!(ring::aead::seal_in_place(&self.enc_key, &nonce, &mut buf, tag_len, &[])
try!(ring::aead::seal_in_place(&self.enc_key, &nonce, &[], &mut buf, tag_len)
.map_err(|_| TLSError::General("encrypt failed".to_string())));
Ok(Message {
@ -317,12 +318,13 @@ impl MessageDecrypter for TLS13MessageDecrypter {
let payload = try!(msg.take_opaque_payload().ok_or(TLSError::DecryptError));
let mut buf = payload.0;
if buf.len() < self.alg.max_overhead_len() {
if buf.len() < self.alg.tag_len() {
return Err(TLSError::DecryptError);
}
let plain_len = try!(ring::aead::open_in_place(&self.dec_key, &nonce, 0, &mut buf, &[])
.map_err(|_| TLSError::DecryptError));
let plain_len = try!(ring::aead::open_in_place(&self.dec_key, &nonce, &[], 0, &mut buf)
.map_err(|_| TLSError::DecryptError))
.len();
buf.truncate(plain_len);
@ -440,8 +442,9 @@ impl MessageDecrypter for ChaCha20Poly1305MessageDecrypter {
let mut aad = [0u8; TLS12_AAD_SIZE];
make_tls12_aad(seq, msg.typ, msg.version, buf.len() - CHACHAPOLY1305_OVERHEAD, &mut aad);
let plain_len = try!(ring::aead::open_in_place(&self.dec_key, &nonce, 0, &mut buf, &aad)
.map_err(|_| TLSError::DecryptError));
let plain_len = try!(ring::aead::open_in_place(&self.dec_key, &nonce, &aad, 0, &mut buf)
.map_err(|_| TLSError::DecryptError))
.len();
if plain_len > MAX_FRAGMENT_LEN {
let err_msg = "peer sent oversized fragment".to_string();
@ -468,13 +471,13 @@ impl MessageEncrypter for ChaCha20Poly1305MessageEncrypter {
make_tls12_aad(seq, msg.typ, msg.version, msg.payload.len(), &mut aad);
// make result buffer with room for tag, etc.
let tag_len = self.alg.max_overhead_len();
let tag_len = self.alg.tag_len();
let total_len = msg.payload.len() + tag_len;
let mut buf = Vec::with_capacity(total_len);
buf.extend_from_slice(msg.payload);
buf.resize(total_len, 0u8);
try!(ring::aead::seal_in_place(&self.enc_key, &nonce, &mut buf, tag_len, &aad)
try!(ring::aead::seal_in_place(&self.enc_key, &nonce, &aad, &mut buf, tag_len)
.map_err(|_| TLSError::General("encrypt failed".to_string())));
Ok(Message {

20
src/ticketer.rs
View File

@ -60,21 +60,20 @@ impl ProducesTickets for AEADTicketer {
let mut out = Vec::new();
out.extend_from_slice(&nonce);
out.extend_from_slice(message);
out.resize(nonce.len() + message.len() + self.alg.max_overhead_len(),
0u8);
out.resize(nonce.len() + message.len() + self.alg.tag_len(), 0u8);
let rc = aead::seal_in_place(&self.enc,
&nonce,
&[],
&mut out[nonce.len()..],
self.alg.max_overhead_len(),
&[0u8; 0]);
self.alg.tag_len());
if rc.is_err() { None } else { Some(out) }
}
/// Decrypt `ciphertext` and recover the original message.
fn decrypt(&self, ciphertext: &[u8]) -> Option<Vec<u8>> {
let nonce_len = self.alg.nonce_len();
let tag_len = self.alg.max_overhead_len();
let tag_len = self.alg.tag_len();
if ciphertext.len() < nonce_len + tag_len {
return None;
@ -84,13 +83,12 @@ impl ProducesTickets for AEADTicketer {
let mut out = Vec::new();
out.extend_from_slice(&ciphertext[nonce_len..]);
let len = aead::open_in_place(&self.dec, nonce, 0, &mut out, &[0u8; 0]);
let plain_len = match aead::open_in_place(&self.dec, nonce, &[], 0, &mut out) {
Ok(plaintext) => plaintext.len(),
Err(..) => { return None; }
};
if len.is_err() {
return None;
}
out.truncate(len.unwrap());
out.truncate(plain_len);
Some(out)
}
}