Joseph Birr-Pixton
327444fdb8
Expose FIPS "service indicator"
...
This means a `ClientConfig` and `ServerConfig` can be asked whether it
is in fips mode, and it answers by asking the same of all its
constituent cryptography.
2023-12-07 13:45:27 +00:00
Joseph Birr-Pixton
7595236ddf
Expand documentation for `CryptoProvider` and associated
2023-11-21 19:15:40 +00:00
Joseph Birr-Pixton
fdd1f8dd4f
Move key usage limits up into `CipherSuiteCommon`
2023-11-17 19:27:21 +00:00
Joseph Birr-Pixton
cfec92ce70
Make Tls13CipherSuite::quic optional and public
...
The goal is to make it possible for provider-example to exist
without implementing (eg) QUIC header protection.
This introduces some knock-on requirements for other types/functions
to be the public, so `quic::Algorithm` can be implemented outside
the crate.
2023-11-17 19:27:21 +00:00
Joseph Birr-Pixton
538cb78f83
Abolish quic crate feature
...
This reveals that bogo_shim fails to build for `--no-default-features --features tls12`.
Feature gate the entire program on `ring | aws-lc-rs`.
2023-11-17 19:27:21 +00:00
Joseph Birr-Pixton
6df2dd8f62
Bolt hmac_sign onto `Hkdf` trait
...
This means `Hkdf` covers the entire use of TLS1.3
for HMAC/HKDF, and that avoids having to implement
the HMAC traits just for this.
2023-10-26 11:12:05 +00:00
Joseph Birr-Pixton
636b772c39
Put HKDF use behind trait
...
Have an impl of this for hmac::Hmac
2023-10-26 11:12:05 +00:00
Jorge Aparicio
5427a4d6e9
use `core::prelude` instead of `std::prelude`
2023-10-10 15:53:23 +00:00
Joseph Birr-Pixton
b421083f51
crypto::cipher: publicise traits for external use
...
This makes `Tls12AeadAlgorithm` and `Tls13AeadAlgorithm` public, as well as
the types that are associated with them.
Document fields that need to become public to allow `Tls12CipherSuite` and
`Tls13CipherSuite` to become public.
2023-08-25 14:01:04 +00:00
Joseph Birr-Pixton
6757c25a4f
Remove unused BulkAlgorithm enum
2023-08-25 14:01:04 +00:00
Joseph Birr-Pixton
0375b01536
Insulate quic code from direct dependency on *ring*
...
eg, `HeaderProtectionKey` is no longer a struct, but a trait.
This is impl'd by `RingHeaderProtectionKey`.
This is a breaking change, because *ring* types no longer appear
in the public quic API.
This removes the final use of the `BulkAlgorithm` type, which is
deleted.
Reuse nonce computation in `cipher::Nonce::new`.
2023-08-25 14:01:04 +00:00
Joseph Birr-Pixton
d0db689d08
Move ring-backed ciphersuites into crypto::ring
...
As a result, crate::tls12::cipher becomes trivial enough to merge
into its parent.
2023-08-25 14:01:04 +00:00
Joseph Birr-Pixton
6253294a02
Add dedicated AEAD Nonce type
...
This is constructed from an Iv and sequence number, and its constructor
the `make_nonce` free function.
2023-08-25 14:01:04 +00:00
Joseph Birr-Pixton
075dfe3d77
Allow reuse of TLS1.3 message unpadding and AAD
2023-08-25 14:01:04 +00:00
Joseph Birr-Pixton
71dec4ee07
tls13: route secret extraction through `Tls13AeadAlgorithm`
...
This allows for removing the final *ring*-specific member of
`Tls13CipherSuite`.
2023-08-25 14:01:04 +00:00
Joseph Birr-Pixton
274cb044a6
tls13: extract trait over encryption details
...
This introduces `Tls13AeadAlgorithm` (cf. Tls12AeadAlgorithm) which
aims to hide crypto library-specific details.
2023-08-25 14:01:04 +00:00
Joseph Birr-Pixton
bf816e4b76
Move over to using hashing provider and hkdf
2023-08-25 14:01:04 +00:00
Joseph Birr-Pixton
14fbc59889
Hook hashing provider into each cipher suite
2023-08-25 14:01:04 +00:00
Joseph Birr-Pixton
ea2e846e2a
Move cipher.rs to new crypto module
...
The intention is to delineate interfaces to be implemented by
pluggable crypto providers.
2023-08-15 13:11:12 +00:00
Joseph Birr-Pixton
9fab87af0c
Move aead_algorithm from `CipherSuiteCommon` in parent
...
This means subsequent commits can remove this per-version.
2023-08-15 13:11:12 +00:00
Joseph Birr-Pixton
576ba5dd17
Remove use of ring::aead::Nonce type in common code
2023-08-15 13:11:12 +00:00
Joseph Birr-Pixton
f63c53355f
verify: move construct_tls13_client_verify_message et al to tls13
2023-08-04 14:48:10 +00:00
Jorge Aparicio
01a9c6cd7f
directly use core:: & alloc:: API instead of std:: re-exports
2023-07-31 17:38:19 +00:00
Jacob Hoffman-Andrews
a44d1669fd
Move internal enums to public API
...
These enums (AlertDescription, ContentType, and HandshakeType) were
previously only available as part of the private API. Eight months ago
we added a public reexport of their names, but did not remove the
private version to avoid semver breakage.
Now that we have a semver-incompatible version coming up we can move
these fully to the public API.
2023-03-21 19:45:18 +00:00
Joseph Birr-Pixton
88ea3966b7
Remove string content from `PeerMisbehavedError`
2023-01-23 15:16:31 +00:00
Dirkjan Ochtman
469e443e00
tls13: provide more ergonomic encrypter/decrypter derivation APIs
2023-01-18 17:49:40 +01:00
Jacob Hoffman-Andrews
2854a0dbe2
Move some enums that are part of the public API.
...
Move ProtocolVersion, CipherSuite, and SignatureScheme from src/msgs/enums.rs
to src/enums.rs
2022-05-30 10:28:01 +02:00
Dirkjan Ochtman
2c323f2bad
Avoid unnecessary borrowing of references
2021-11-13 16:28:29 +00:00
Dirkjan Ochtman
2f90c1bf73
client: split client session values to separate version-specific fields
...
This should make it more obvious what functionality is used by what
version, making it harder for sentinel/default values to get misused.
2021-09-18 13:56:12 +02:00
Marin
9677a6476c
Make the "rustls::cipher::internal::MessageDecrypter" trait and the "rustls::tls13::Tls13CipherSuite::derive_decrypter" structure method public
2021-09-13 10:06:08 +02:00
Dirkjan Ochtman
8218ad7310
quic: add test for short packet header protection
2021-08-03 20:03:30 +02:00
Dirkjan Ochtman
a17ca17194
quic: internalize PacketKey methods from Quinn
2021-08-03 20:03:30 +02:00
Dirkjan Ochtman
94ae7daaef
tls13: move setup of encrypters/decrypters into Tls13CipherSuite method
2021-07-31 13:55:56 +02:00
Dirkjan Ochtman
b18cca6148
Move suite types and instances into respective version modules
2021-07-31 13:55:56 +02:00
Dirkjan Ochtman
5ce8ae605f
Move key_schedule module into tls13
2021-07-31 13:55:56 +02:00
Dirkjan Ochtman
75752c0c63
Move TLS 1.3 items from cipher into new tls13 module
2021-07-31 13:55:56 +02:00