rust/rustls
rust
/
rustls
mirror of https://github.com/ctz/rustls
1
0
Fork 0
Code Issues Releases Wiki Activity
2,675 Commits 47 Branches 71 Tags 34 MiB
Commit Graph

36 Commits

Author SHA1 Message Date
Joseph Birr-Pixton 327444fdb8 Expose FIPS "service indicator" 
This means a `ClientConfig` and `ServerConfig` can be asked whether it
is in fips mode, and it answers by asking the same of all its
constituent cryptography.
 2023-12-07 13:45:27 +00:00
Joseph Birr-Pixton 7595236ddf Expand documentation for `CryptoProvider` and associated 2023-11-21 19:15:40 +00:00
Joseph Birr-Pixton fdd1f8dd4f Move key usage limits up into `CipherSuiteCommon` 2023-11-17 19:27:21 +00:00
Joseph Birr-Pixton cfec92ce70 Make Tls13CipherSuite::quic optional and public 
The goal is to make it possible for provider-example to exist
without implementing (eg) QUIC header protection.

This introduces some knock-on requirements for other types/functions
to be the public, so `quic::Algorithm` can be implemented outside
the crate.
 2023-11-17 19:27:21 +00:00
Joseph Birr-Pixton 538cb78f83 Abolish quic crate feature 
This reveals that bogo_shim fails to build for `--no-default-features --features tls12`.
Feature gate the entire program on `ring | aws-lc-rs`.
 2023-11-17 19:27:21 +00:00
Joseph Birr-Pixton 6df2dd8f62 Bolt hmac_sign onto `Hkdf` trait 
This means `Hkdf` covers the entire use of TLS1.3
for HMAC/HKDF, and that avoids having to implement
the HMAC traits just for this.
 2023-10-26 11:12:05 +00:00
Joseph Birr-Pixton 636b772c39 Put HKDF use behind trait 
Have an impl of this for hmac::Hmac
 2023-10-26 11:12:05 +00:00
Jorge Aparicio 5427a4d6e9 use `core::prelude` instead of `std::prelude` 2023-10-10 15:53:23 +00:00
Joseph Birr-Pixton b421083f51 crypto::cipher: publicise traits for external use 
This makes `Tls12AeadAlgorithm` and `Tls13AeadAlgorithm` public, as well as
the types that are associated with them.

Document fields that need to become public to allow `Tls12CipherSuite` and
`Tls13CipherSuite` to become public.
 2023-08-25 14:01:04 +00:00
Joseph Birr-Pixton 6757c25a4f Remove unused BulkAlgorithm enum 2023-08-25 14:01:04 +00:00
Joseph Birr-Pixton 0375b01536 Insulate quic code from direct dependency on *ring* 
eg, `HeaderProtectionKey` is no longer a struct, but a trait.
This is impl'd by `RingHeaderProtectionKey`.

This is a breaking change, because *ring* types no longer appear
in the public quic API.

This removes the final use of the `BulkAlgorithm` type, which is
deleted.

Reuse nonce computation in `cipher::Nonce::new`.
 2023-08-25 14:01:04 +00:00
Joseph Birr-Pixton d0db689d08 Move ring-backed ciphersuites into crypto::ring 
As a result, crate::tls12::cipher becomes trivial enough to merge
into its parent.
 2023-08-25 14:01:04 +00:00
Joseph Birr-Pixton 6253294a02 Add dedicated AEAD Nonce type 
This is constructed from an Iv and sequence number, and its constructor
the `make_nonce` free function.
 2023-08-25 14:01:04 +00:00
Joseph Birr-Pixton 075dfe3d77 Allow reuse of TLS1.3 message unpadding and AAD 2023-08-25 14:01:04 +00:00
Joseph Birr-Pixton 71dec4ee07 tls13: route secret extraction through `Tls13AeadAlgorithm` 
This allows for removing the final *ring*-specific member of
`Tls13CipherSuite`.
 2023-08-25 14:01:04 +00:00
Joseph Birr-Pixton 274cb044a6 tls13: extract trait over encryption details 
This introduces `Tls13AeadAlgorithm` (cf. Tls12AeadAlgorithm) which
aims to hide crypto library-specific details.
 2023-08-25 14:01:04 +00:00
Joseph Birr-Pixton bf816e4b76 Move over to using hashing provider and hkdf 2023-08-25 14:01:04 +00:00
Joseph Birr-Pixton 14fbc59889 Hook hashing provider into each cipher suite 2023-08-25 14:01:04 +00:00
Joseph Birr-Pixton ea2e846e2a Move cipher.rs to new crypto module 
The intention is to delineate interfaces to be implemented by
pluggable crypto providers.
 2023-08-15 13:11:12 +00:00
Joseph Birr-Pixton 9fab87af0c Move aead_algorithm from `CipherSuiteCommon` in parent 
This means subsequent commits can remove this per-version.
 2023-08-15 13:11:12 +00:00
Joseph Birr-Pixton 576ba5dd17 Remove use of ring::aead::Nonce type in common code 2023-08-15 13:11:12 +00:00
Joseph Birr-Pixton f63c53355f verify: move construct_tls13_client_verify_message et al to tls13 2023-08-04 14:48:10 +00:00
Jorge Aparicio 01a9c6cd7f directly use core:: & alloc:: API instead of std:: re-exports 2023-07-31 17:38:19 +00:00
Jacob Hoffman-Andrews a44d1669fd Move internal enums to public API 
These enums (AlertDescription, ContentType, and HandshakeType) were
previously only available as part of the private API.  Eight months ago
we added a public reexport of their names, but did not remove the
private version to avoid semver breakage.

Now that we have a semver-incompatible version coming up we can move
these fully to the public API.
 2023-03-21 19:45:18 +00:00
Joseph Birr-Pixton 88ea3966b7 Remove string content from `PeerMisbehavedError` 2023-01-23 15:16:31 +00:00
Dirkjan Ochtman 469e443e00 tls13: provide more ergonomic encrypter/decrypter derivation APIs 2023-01-18 17:49:40 +01:00
Jacob Hoffman-Andrews 2854a0dbe2 Move some enums that are part of the public API. 
Move ProtocolVersion, CipherSuite, and SignatureScheme from src/msgs/enums.rs
to src/enums.rs
 2022-05-30 10:28:01 +02:00
Dirkjan Ochtman 2c323f2bad Avoid unnecessary borrowing of references 2021-11-13 16:28:29 +00:00
Dirkjan Ochtman 2f90c1bf73 client: split client session values to separate version-specific fields 
This should make it more obvious what functionality is used by what
version, making it harder for sentinel/default values to get misused.
 2021-09-18 13:56:12 +02:00
Marin 9677a6476c Make the "rustls::cipher::internal::MessageDecrypter" trait and the "rustls::tls13::Tls13CipherSuite::derive_decrypter" structure method public 2021-09-13 10:06:08 +02:00
Dirkjan Ochtman 8218ad7310 quic: add test for short packet header protection 2021-08-03 20:03:30 +02:00
Dirkjan Ochtman a17ca17194 quic: internalize PacketKey methods from Quinn 2021-08-03 20:03:30 +02:00
Dirkjan Ochtman 94ae7daaef tls13: move setup of encrypters/decrypters into Tls13CipherSuite method 2021-07-31 13:55:56 +02:00
Dirkjan Ochtman b18cca6148 Move suite types and instances into respective version modules 2021-07-31 13:55:56 +02:00
Dirkjan Ochtman 5ce8ae605f Move key_schedule module into tls13 2021-07-31 13:55:56 +02:00
Dirkjan Ochtman 75752c0c63 Move TLS 1.3 items from cipher into new tls13 module 2021-07-31 13:55:56 +02:00