rust/rustls
rust
/
rustls
mirror of https://github.com/ctz/rustls
1
0
Fork 0
Code Issues Releases Wiki Activity
2,675 Commits 47 Branches 71 Tags 34 MiB
Commit Graph

81 Commits

Author SHA1 Message Date
Joseph Birr-Pixton 327444fdb8 Expose FIPS "service indicator" 
This means a `ClientConfig` and `ServerConfig` can be asked whether it
is in fips mode, and it answers by asking the same of all its
constituent cryptography.
 2023-12-07 13:45:27 +00:00
Dirkjan Ochtman 2800ad712e quic: require that PacketKey and HeaderProtectionKey are Send + sync 2023-12-07 09:56:50 +00:00
Jorge Aparicio 4505605c1a make MessageDeframer unbuffered 2023-12-06 18:15:37 +00:00
Dirkjan Ochtman 26ec868b8c Migrate to pki-types ServerName 2023-11-23 21:57:10 +00:00
Dirkjan Ochtman b8b13274ca quic: tighten headlines for connection new() methods 2023-11-21 08:48:18 +00:00
Dirkjan Ochtman 9713e86d34 quic: match prevailing style of error messages 2023-11-21 08:48:18 +00:00
Dirkjan Ochtman fbdf5dafdc quic: deduplicate code for building keys 2023-11-21 08:48:18 +00:00
Dirkjan Ochtman 94a2084f42 quic: use higher-level interface for make_packet_key() 2023-11-21 08:48:18 +00:00
Dirkjan Ochtman 9169e71552 quic: remove limits from PacketKey interface 
Since these are now unconditionally available on the Tls13CipherSuite,
there doesn't seem to be much point in keeping this API (which appears
be unused).
 2023-11-21 08:48:18 +00:00
Joseph Birr-Pixton cd81f32592 quic: give helpful error if used with unsuitable suite 
Now Tls13CipherSuite can omit QUIC support, detect and error
on the case that all the configured suites are TLS1.3-capable
but QUIC-incapable.
 2023-11-17 19:27:21 +00:00
Joseph Birr-Pixton cfec92ce70 Make Tls13CipherSuite::quic optional and public 
The goal is to make it possible for provider-example to exist
without implementing (eg) QUIC header protection.

This introduces some knock-on requirements for other types/functions
to be the public, so `quic::Algorithm` can be implemented outside
the crate.
 2023-11-17 19:27:21 +00:00
Joseph Birr-Pixton 538cb78f83 Abolish quic crate feature 
This reveals that bogo_shim fails to build for `--no-default-features --features tls12`.
Feature gate the entire program on `ring | aws-lc-rs`.
 2023-11-17 19:27:21 +00:00
Joseph Birr-Pixton e5a1822298 quic: simplify `packet_key`/`header_protection_key` trait 
If we put the key derivation on "our" side of the trait, we avoid
publicising low-level key schedule functions like hkdf_expand_label
& hkdf_expand_label_aead_key, and quic::Version.

Instead we just provide the `AeadKey` and `Iv`, which makes these
interfaces very similar to those in `Tls13AeadAlgorithm`.
 2023-11-17 19:27:21 +00:00
Joseph Birr-Pixton 636b772c39 Put HKDF use behind trait 
Have an impl of this for hmac::Hmac
 2023-10-26 11:12:05 +00:00
Jorge Aparicio 5427a4d6e9 use `core::prelude` instead of `std::prelude` 2023-10-10 15:53:23 +00:00
Joseph Birr-Pixton 048ff10740 Use dynamic dispatch for `CryptoProvider` 
Instead of the type `rustls::crypto:💍:Ring`, the value
`rustls::crypto:💍:RING` implements this, and is more
entertaining to write.

`ServerConfig::builder()` references this by default, and
is equivalent to `ServerConfig::builder_with_provider(crypto:💍:RING)`.
 2023-09-19 11:09:38 +00:00
Joseph Birr-Pixton 2b6a212b7e Move *ring*-backed quic implementations into crypto::ring 2023-08-25 14:01:04 +00:00
Joseph Birr-Pixton 0375b01536 Insulate quic code from direct dependency on *ring* 
eg, `HeaderProtectionKey` is no longer a struct, but a trait.
This is impl'd by `RingHeaderProtectionKey`.

This is a breaking change, because *ring* types no longer appear
in the public quic API.

This removes the final use of the `BulkAlgorithm` type, which is
deleted.

Reuse nonce computation in `cipher::Nonce::new`.
 2023-08-25 14:01:04 +00:00
Joseph Birr-Pixton ea2e846e2a Move cipher.rs to new crypto module 
The intention is to delineate interfaces to be implemented by
pluggable crypto providers.
 2023-08-15 13:11:12 +00:00
Joseph Birr-Pixton 9fab87af0c Move aead_algorithm from `CipherSuiteCommon` in parent 
This means subsequent commits can remove this per-version.
 2023-08-15 13:11:12 +00:00
Jorge Aparicio 01a9c6cd7f directly use core:: & alloc:: API instead of std:: re-exports 2023-07-31 17:38:19 +00:00
Dirkjan Ochtman e1860c91a8 crypto: parametrize config types with crypto provider 2023-07-18 17:47:43 +00:00
Benjamin Saunders f40aacf069 Implement QUIC V2 2023-05-26 11:25:51 +02:00
Daniel McCarney 6831835c56 quic: add export_keying_material to Connection. 
When the `quic::Connection` type was split out from the broader TLS
types consumers lost the ability to call `export_keying_material` to
achieve RFC 5705 keying material export. This commit adds the
`export_keying_material` fn to the `quic::Connection` type to restore
that functionality.
 2023-03-22 15:14:54 +01:00
Daniel McCarney d9f38ede62 quic: add server_name to ServerConnection. 
After splitting up the quic server connection types consumers lost the
ability to dig out the server name from the SNI extension the server
received. This commit adds the `server_name` function to
`quic::ServerConnection` to restore that ability.
 2023-03-22 15:14:54 +01:00
Dirkjan Ochtman fc4e38ea22 quic: introduce separate QUIC ClientConnection and ServerConnection types 2023-03-21 21:44:30 +01:00
Dirkjan Ochtman 787f43d12d Extract common_state module from conn 2023-03-21 21:44:30 +01:00
Dirkjan Ochtman fc1e364a93 quic: attach write_hs() to Quic 2023-03-21 21:44:30 +01:00
Dirkjan Ochtman 091c52c5ed quic: derive Default for Quic 2023-03-21 21:44:30 +01:00
Dirkjan Ochtman afb7cd9308 quic: move Quic state into quic module 2023-03-21 21:44:30 +01:00
Jacob Hoffman-Andrews a44d1669fd Move internal enums to public API 
These enums (AlertDescription, ContentType, and HandshakeType) were
previously only available as part of the private API.  Eight months ago
we added a public reexport of their names, but did not remove the
private version to avoid semver breakage.

Now that we have a semver-incompatible version coming up we can move
these fully to the public API.
 2023-03-21 19:45:18 +00:00
Dirkjan Ochtman e4ac86f279 Make Side public and use it for quic::Keys::initial() 2023-01-15 16:27:26 +01:00
Dirkjan Ochtman 1d314aad44 quic: take Side argument instead of bool 2023-01-15 16:27:26 +01:00
Xuanwo bc85a0145a feat: impl Debug for all public structs 
Signed-off-by: Xuanwo <github@xuanwo.io>
 2022-10-14 15:44:09 +02:00
Dirkjan Ochtman bc8c733e58 quic: remove unnecessary parentheses 2022-08-15 15:18:55 +02:00
Jerome Gravel-Niquet 3f5eee91f4 fix clippy nightly errors 2022-03-18 10:44:18 -07:00
Dirkjan Ochtman 1bd9c81403 Move state and data into ConnectionCommon 2021-08-08 14:53:16 +02:00
Dirkjan Ochtman 258fcf29c8 Split CommonState type out of ConnectionCommon 
This represents the state that state machine `State` implementers
can manipulate. As such, we want the lifetime of references to
`CommonState` to be outlived by the `ConnectionCommon`'s handshake
joiner and deframer.
 2021-08-08 14:53:16 +02:00
Dirkjan Ochtman 8218ad7310 quic: add test for short packet header protection 2021-08-03 20:03:30 +02:00
Dirkjan Ochtman 49ce929bd9 quic: handle header protection in rustls 
Avoid exposing masks through public API.
 2021-08-03 20:03:30 +02:00
Dirkjan Ochtman dc4248232c quic: derive initial salt from version 2021-08-03 20:03:30 +02:00
Dirkjan Ochtman e98b05ef4a quic: replace low-level test with high-level test 2021-08-03 20:03:30 +02:00
Dirkjan Ochtman 76363982f1 quic: make Secrets fields private 2021-08-03 20:03:30 +02:00
Dirkjan Ochtman 3cc54a503f quic: re-expose secrets with a high-level public API 
Rolls back some of the changes from #362 while satisfying the
concerns from #711 and #748.
 2021-08-03 20:03:30 +02:00
Dirkjan Ochtman def8dcf313 quic: move new secret derivation into Secrets method 2021-08-03 20:03:30 +02:00
Dirkjan Ochtman d5b604be5b quic: let Secrets keep track of side 2021-08-03 20:03:30 +02:00
Dirkjan Ochtman 713ab9eeb5 quic: keep track of cipher suite inside Secrets 2021-08-03 20:03:30 +02:00
Dirkjan Ochtman 363e76f871 quic: move nonce_for() back into quic module 2021-08-03 20:03:30 +02:00
Dirkjan Ochtman a17ca17194 quic: internalize PacketKey methods from Quinn 2021-08-03 20:03:30 +02:00
Dirkjan Ochtman b18cca6148 Move suite types and instances into respective version modules 2021-07-31 13:55:56 +02:00