This means a `ClientConfig` and `ServerConfig` can be asked whether it
is in fips mode, and it answers by asking the same of all its
constituent cryptography.
Provide shims for limited number of places where ring 0.17 and
aws-lc-rs (ring 0.16-era) APIs have diverged. This is a
short-term fix, as they are likely to diverge more over time.
Eventually we'll have to stop sharing the code like this.
For unit-like tests, export a `test_provider` alias that resolves
to a provider module, for use in these tests.
This resolves to:
- *ring* if cfg(feature = "ring"), else
- aws-lc-rs if cfg(feature = "aws_lc_rs"), else
- is absent
This replaces the HMAC trait in Tls12CipherSuite
(there were no other uses of HMAC).
Provide an implementation of the new PRF trait in terms of
HMAC, for convenience of providers that have a HMAC (common)
but not a separate TLS1.2 PRF (relatively uncommon). The
*ring* and `provider-example/` providers use this.
This commit updates `ConnectionTrafficSecrets` to hold `AeadKey` and
`Iv` instances, instead of byte arrays, removing the need for the
`slices_to_arrays` and `slice_to_array` helpers.
In an effort to reduce our feature list, this commit replaces the
`secret_extraction` feature flag with functions that are always present,
but named `dangerous_extract_secrets` to emphasize potential danger.
Cargo features are additive, which means transitive dependencies could
enable them for you without explicit opt-in. Using obviously named
functions will maintain the property that it's easy to grep for imports,
but avoids feature flag bloat and the additive downsides.
The *ring* TLS 1.2 and TLS 1.3 AEAD algorithm implementations all shared
the same `slice_to_array` and `slices_to_arrays` helpers used to carve
up IV values for `extract_keys`.
This commit lifts these helpers to be associated with the
`ConnectionTrafficSecrets` type in the `suites` mod. This reduces
duplication, allowing all usages to share the same implementation.
The TLS1.3 `Tls13AeadAlgorithm` trait passes an `Iv` instance to
`extract_secrets`. In order for a crate-external crypto provider to
offer an instance of this trait there needs to be a way to access the
`Iv`'s underlying `&[u8]` value. The crate-internal implementations of
`Tls13AeadAlgorithm` do this by accessing `Iv.0`, but this field is
`pub(crate)`.
This commit implements `AsRef<[u8]>` for `Iv` for this purpose, and
switches the existing `Iv.0` accesses to use it too. This allows
removing the `pub(crate)` access to the underlying array after also
exporting the cipher `NONCE_LEN` and exposing `Iv::new` for construction
from the correct size nonce array.
The `ConnectionTrafficSecrets` enum has a fixed number of variants,
describing supported AEAD algorithm secrets. Since it's now possible for
a crate-external crypto provider to supply new AEAD algorithms we need
to make the `extract_secrets` fn of the TLS 1.2 and TLS 1.3 AEAD
algorithm traits fallible so that if an algorithm is provided that
doesn't have a matching `ConnectionTrafficSecrets` variant, the
algorithm can return an `UnsupportedOperationError` when
`extract_secrets` is called.
This removes a further need for `Payload` to be understood outside
this crate. `payload()` allows immutable access as a slice,
`payload_mut()` allows mutable access to the underlying vec (such
as needed to decrypt the message without a copy).
This makes `Tls12AeadAlgorithm` and `Tls13AeadAlgorithm` public, as well as
the types that are associated with them.
Document fields that need to become public to allow `Tls12CipherSuite` and
`Tls13CipherSuite` to become public.
Joseph Birr-Pixton
Christian Poveda
Jorge Aparicio
Daniel McCarney