This means a `ClientConfig` and `ServerConfig` can be asked whether it
is in fips mode, and it answers by asking the same of all its
constituent cryptography.
Without the context of RFC 8446 in your mind the use of the
`ProtocolVersion::TLSv1_2` constant in the TLS 1.3 `MessageEncrypter`
implementations appears like an oversight or copy/paste error. This
commit adds a brief explanatory comment.
The goal is to make it possible for provider-example to exist
without implementing (eg) QUIC header protection.
This introduces some knock-on requirements for other types/functions
to be the public, so `quic::Algorithm` can be implemented outside
the crate.
Provide shims for limited number of places where ring 0.17 and
aws-lc-rs (ring 0.16-era) APIs have diverged. This is a
short-term fix, as they are likely to diverge more over time.
Eventually we'll have to stop sharing the code like this.
For unit-like tests, export a `test_provider` alias that resolves
to a provider module, for use in these tests.
This resolves to:
- *ring* if cfg(feature = "ring"), else
- aws-lc-rs if cfg(feature = "aws_lc_rs"), else
- is absent
This commit updates `ConnectionTrafficSecrets` to hold `AeadKey` and
`Iv` instances, instead of byte arrays, removing the need for the
`slices_to_arrays` and `slice_to_array` helpers.
In an effort to reduce our feature list, this commit replaces the
`secret_extraction` feature flag with functions that are always present,
but named `dangerous_extract_secrets` to emphasize potential danger.
Cargo features are additive, which means transitive dependencies could
enable them for you without explicit opt-in. Using obviously named
functions will maintain the property that it's easy to grep for imports,
but avoids feature flag bloat and the additive downsides.
The *ring* TLS 1.2 and TLS 1.3 AEAD algorithm implementations all shared
the same `slice_to_array` and `slices_to_arrays` helpers used to carve
up IV values for `extract_keys`.
This commit lifts these helpers to be associated with the
`ConnectionTrafficSecrets` type in the `suites` mod. This reduces
duplication, allowing all usages to share the same implementation.
The TLS1.3 `Tls13AeadAlgorithm` trait passes an `Iv` instance to
`extract_secrets`. In order for a crate-external crypto provider to
offer an instance of this trait there needs to be a way to access the
`Iv`'s underlying `&[u8]` value. The crate-internal implementations of
`Tls13AeadAlgorithm` do this by accessing `Iv.0`, but this field is
`pub(crate)`.
This commit implements `AsRef<[u8]>` for `Iv` for this purpose, and
switches the existing `Iv.0` accesses to use it too. This allows
removing the `pub(crate)` access to the underlying array after also
exporting the cipher `NONCE_LEN` and exposing `Iv::new` for construction
from the correct size nonce array.
The `ConnectionTrafficSecrets` enum has a fixed number of variants,
describing supported AEAD algorithm secrets. Since it's now possible for
a crate-external crypto provider to supply new AEAD algorithms we need
to make the `extract_secrets` fn of the TLS 1.2 and TLS 1.3 AEAD
algorithm traits fallible so that if an algorithm is provided that
doesn't have a matching `ConnectionTrafficSecrets` variant, the
algorithm can return an `UnsupportedOperationError` when
`extract_secrets` is called.
This removes a further need for `Payload` to be understood outside
this crate. `payload()` allows immutable access as a slice,
`payload_mut()` allows mutable access to the underlying vec (such
as needed to decrypt the message without a copy).
This makes `Tls12AeadAlgorithm` and `Tls13AeadAlgorithm` public, as well as
the types that are associated with them.
Document fields that need to become public to allow `Tls12CipherSuite` and
`Tls13CipherSuite` to become public.
eg, `HeaderProtectionKey` is no longer a struct, but a trait.
This is impl'd by `RingHeaderProtectionKey`.
This is a breaking change, because *ring* types no longer appear
in the public quic API.
This removes the final use of the `BulkAlgorithm` type, which is
deleted.
Reuse nonce computation in `cipher::Nonce::new`.