diff --git a/Cargo.lock b/Cargo.lock index 2643e4a..393b6d1 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -39,9 +39,9 @@ dependencies = [ [[package]] name = "autocfg" -version = "1.0.1" +version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a" +checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0" [[package]] name = "base16ct" @@ -72,9 +72,12 @@ checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" [[package]] name = "cc" -version = "1.0.90" +version = "1.1.21" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8cd6604a82acf3039f1144f54b8eb34e91ffba622051189e71b781822d5ee1f5" +checksum = "07b1695e2c7e8fc85310cde85aeaab7e3097f593c91d209d3f9df76c928100f0" +dependencies = [ + "shlex", +] [[package]] name = "cfg-if" @@ -125,9 +128,9 @@ checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" [[package]] name = "cpufeatures" -version = "0.2.12" +version = "0.2.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53fe5e26ff1b7aef8bca9c6080520cfb8d9333c7568e1829cef191a9723e5504" +checksum = "608697df725056feaccfa42cffdaeeec3fccc4ffc38358ecd19b243e716a78e0" dependencies = [ "libc", ] @@ -165,16 +168,15 @@ dependencies = [ [[package]] name = "curve25519-dalek" -version = "4.1.2" +version = "4.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0a677b8922c94e01bdbb12126b0bc852f00447528dee1782229af9c720c3f348" +checksum = "97fb8b7c4503de7d6ae7b42ab72a5a59857b4c937ec27a3d4539dba95b5ab2be" dependencies = [ "cfg-if", "cpufeatures", "curve25519-dalek-derive", "digest", "fiat-crypto", - "platforms", "rustc_version", "subtle", "zeroize", @@ -285,9 +287,9 @@ dependencies = [ [[package]] name = "fiat-crypto" -version = "0.2.6" +version = "0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1676f435fc1dadde4d03e43f5d62b259e1ce5f40bd4ffb21db2b42ebe59c1382" +checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d" [[package]] name = "generic-array" @@ -361,18 +363,18 @@ dependencies = [ [[package]] name = "lazy_static" -version = "1.4.0" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" +checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" dependencies = [ - "spin 0.5.2", + "spin", ] [[package]] name = "libc" -version = "0.2.154" +version = "0.2.158" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ae743338b92ff9146ce83992f766a31066a91a8c84a45e0e9f21e7cf6de6d346" +checksum = "d8adc4bb1803a324070e64a98ae98f38934d91957a99cfb3a43dcbc01bc56439" [[package]] name = "libm" @@ -382,9 +384,9 @@ checksum = "4ec2a862134d2a7d32d7983ddcdd1c4923530833c9f2ea1a44fc5fa473989058" [[package]] name = "log" -version = "0.4.21" +version = "0.4.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "90ed8c1e510134f979dbc4f070f87d4313098b704861a105fe34231c70a3901c" +checksum = "a7a70ba024b9dc04c27ea2f0c0548feb474ec5c54bba33a7f72f873a39d07b24" [[package]] name = "num-bigint-dig" @@ -414,9 +416,9 @@ dependencies = [ [[package]] name = "num-iter" -version = "0.1.44" +version = "0.1.45" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d869c01cc0c455284163fd0092f1f93835385ccab5a98a0dcc497b2f8bf055a9" +checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf" dependencies = [ "autocfg", "num-integer", @@ -425,9 +427,9 @@ dependencies = [ [[package]] name = "num-traits" -version = "0.2.18" +version = "0.2.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da0df0e5185db44f69b44f26786fe401b6c293d1907744beaa7fa62b2e5a517a" +checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" dependencies = [ "autocfg", "libm", @@ -516,12 +518,6 @@ dependencies = [ "spki", ] -[[package]] -name = "platforms" -version = "3.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "626dec3cac7cc0e1577a2ec3fc496277ec2baa084bebad95bb6fdbfae235f84c" - [[package]] name = "poly1305" version = "0.8.0" @@ -547,9 +543,12 @@ dependencies = [ [[package]] name = "ppv-lite86" -version = "0.2.17" +version = "0.2.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" +checksum = "77957b295656769bb8ad2b6a6b09d897d94f05c41b069aede1fcdaa675eaea04" +dependencies = [ + "zerocopy", +] [[package]] name = "primeorder" @@ -562,18 +561,18 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.79" +version = "1.0.86" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e835ff2298f5721608eb1a980ecaee1aef2c132bf95ecc026a11b7bf3c01c02e" +checksum = "5e719e8df665df0d1c8fbfd238015744736151d4445ec0836b8e628aae103b77" dependencies = [ "unicode-ident", ] [[package]] name = "quote" -version = "1.0.35" +version = "1.0.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef" +checksum = "b5b9d34b8991d19d98081b46eacdd8eb58c6f2b201139f7c5f643cc155a633af" dependencies = [ "proc-macro2", ] @@ -627,7 +626,7 @@ dependencies = [ "cfg-if", "getrandom", "libc", - "spin 0.9.8", + "spin", "untrusted", "windows-sys", ] @@ -655,18 +654,18 @@ dependencies = [ [[package]] name = "rustc_version" -version = "0.4.0" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366" +checksum = "cfcb3a22ef46e85b45de6ee7e79d063319ebb6594faafcf1c225ea92ab6e9b92" dependencies = [ "semver", ] [[package]] name = "rustls" -version = "0.23.12" +version = "0.23.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c58f8c84392efc0a126acce10fa59ff7b3d2ac06ab451a33f2741989b806b044" +checksum = "eee87ff5d9b36712a58574e12e9f0ea80f915a5b0ac518d322b24a465617925e" dependencies = [ "log", "once_cell", @@ -678,13 +677,13 @@ dependencies = [ [[package]] name = "rustls-pki-types" -version = "1.7.0" +version = "1.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "976295e77ce332211c0d24d92c0e83e50f5c5f046d11082cea19f3df13a3562d" +checksum = "16f1201b3c9a7ee8039bcadc17b7e605e2945b27eee7631788c1bd2b0643674b" [[package]] name = "rustls-rustcrypto" -version = "0.0.2-alpha" +version = "0.0.3" dependencies = [ "aead", "aes-gcm", @@ -713,9 +712,9 @@ dependencies = [ [[package]] name = "rustls-webpki" -version = "0.102.6" +version = "0.102.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8e6b52d4fda176fd835fdc55a835d4a89b8499cad995885a21149d5ad62f852e" +checksum = "64ca1bc8749bd4cf37b5ce386cc146580777b4e8572c7b97baf22c83f444bee9" dependencies = [ "ring", "rustls-pki-types", @@ -738,24 +737,24 @@ dependencies = [ [[package]] name = "semver" -version = "1.0.22" +version = "1.0.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "92d43fe69e652f3df9bdc2b85b2854a0825b86e4fb76bc44d945137d053639ca" +checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.197" +version = "1.0.210" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3fb1c873e1b9b056a4dc4c0c198b24c3ffa059243875552b2bd0933b1aee4ce2" +checksum = "c8e3592472072e6e22e0a54d5904d9febf8508f65fb8552499a1abc7d1078c3a" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.197" +version = "1.0.210" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7eb0b34b42edc17f6b7cac84a52a1c5f0e1bb2227e997ca9011ea3dd34e8610b" +checksum = "243902eda00fad750862fc144cea25caca5e20d615af0a81bee94ca738f1df1f" dependencies = [ "proc-macro2", "quote", @@ -773,6 +772,12 @@ dependencies = [ "digest", ] +[[package]] +name = "shlex" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" + [[package]] name = "signature" version = "2.2.0" @@ -785,15 +790,9 @@ dependencies = [ [[package]] name = "smallvec" -version = "1.13.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e6ecd384b10a64542d77071bd64bd7b231f4ed5940fba55e98c3de13824cf3d7" - -[[package]] -name = "spin" -version = "0.5.2" +version = "1.13.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" +checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67" [[package]] name = "spin" @@ -813,15 +812,15 @@ dependencies = [ [[package]] name = "subtle" -version = "2.5.0" +version = "2.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" [[package]] name = "syn" -version = "2.0.52" +version = "2.0.77" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b699d15b36d1f02c3e7c69f8ffef53de37aefae075d8488d4ba1a7788d574a07" +checksum = "9f35bcdf61fd8e7be6caf75f429fdca8beb3ed76584befb503b1569faee373ed" dependencies = [ "proc-macro2", "quote", @@ -836,9 +835,9 @@ checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" [[package]] name = "unicode-ident" -version = "1.0.12" +version = "1.0.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" +checksum = "e91b56cd4cadaeb79bbf1a5645f6b4f8dc5bde8834ad5894a8db35fda9efa1fe" [[package]] name = "universal-hash" @@ -858,9 +857,9 @@ checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" [[package]] name = "version_check" -version = "0.9.4" +version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" +checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" [[package]] name = "wasi" @@ -879,13 +878,14 @@ dependencies = [ [[package]] name = "windows-targets" -version = "0.52.4" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7dd37b7e5ab9018759f893a1952c9420d060016fc19a472b4bb20d1bdd694d1b" +checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" dependencies = [ "windows_aarch64_gnullvm", "windows_aarch64_msvc", "windows_i686_gnu", + "windows_i686_gnullvm", "windows_i686_msvc", "windows_x86_64_gnu", "windows_x86_64_gnullvm", @@ -894,45 +894,51 @@ dependencies = [ [[package]] name = "windows_aarch64_gnullvm" -version = "0.52.4" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bcf46cf4c365c6f2d1cc93ce535f2c8b244591df96ceee75d8e83deb70a9cac9" +checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" [[package]] name = "windows_aarch64_msvc" -version = "0.52.4" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da9f259dd3bcf6990b55bffd094c4f7235817ba4ceebde8e6d11cd0c5633b675" +checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" [[package]] name = "windows_i686_gnu" -version = "0.52.4" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b474d8268f99e0995f25b9f095bc7434632601028cf86590aea5c8a5cb7801d3" +checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" [[package]] name = "windows_i686_msvc" -version = "0.52.4" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1515e9a29e5bed743cb4415a9ecf5dfca648ce85ee42e15873c3cd8610ff8e02" +checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" [[package]] name = "windows_x86_64_gnu" -version = "0.52.4" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5eee091590e89cc02ad514ffe3ead9eb6b660aedca2183455434b93546371a03" +checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" [[package]] name = "windows_x86_64_gnullvm" -version = "0.52.4" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77ca79f2451b49fa9e2af39f0747fe999fcda4f5e241b2898624dca97a1f2177" +checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" [[package]] name = "windows_x86_64_msvc" -version = "0.52.4" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "32b752e52a2da0ddfbdbcc6fceadfeede4c939ed16d13e648833a61dfb611ed8" +checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" [[package]] name = "x25519-dalek" @@ -945,11 +951,32 @@ dependencies = [ "zeroize", ] +[[package]] +name = "zerocopy" +version = "0.7.35" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0" +dependencies = [ + "byteorder", + "zerocopy-derive", +] + +[[package]] +name = "zerocopy-derive" +version = "0.7.35" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "zeroize" -version = "1.7.0" +version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d" +checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde" dependencies = [ "zeroize_derive", ] diff --git a/Cargo.toml b/Cargo.toml index 01ab6b0..ab1d9ff 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -4,7 +4,7 @@ description = """ Pure Rust cryptography provider for the Rustls TLS library using algorithm implementations from the RustCrypto organization """ -version = "0.0.2-alpha" +version = "0.0.3" authors = ["RustCrypto Developers"] license = "MIT OR Apache-2.0" readme = "README.md" @@ -32,9 +32,9 @@ p384 = { version = "0.13.0", default-features = false, features = ["pem", "ecdsa paste = { version = "1.0.15", default-features = false } pkcs8 = { version = "0.10.2", default-features = false, features = ["pem", "pkcs5"] } pki-types = { package = "rustls-pki-types", version = "1.0.1", default-features = false } -rand_core = { version = "0.6.4", default-features = false, features = ["getrandom"] } +rand_core = { version = "0.6.4", default-features = false } rsa = { version = "0.9.2", default-features = false, features = ["sha2"] } -rustls = { version = "0.23.12", default-features = false } +rustls = { version = "0.23.16", default-features = false } sec1 = { version = "0.7.3", default-features = false, features = ["pkcs8", "pem"] } sha2 = { version = "0.10.7", default-features = false } signature = { version = "2.1.0", default-features = false } diff --git a/src/kx.rs b/src/kx.rs index 66341f2..509b0ed 100644 --- a/src/kx.rs +++ b/src/kx.rs @@ -1,21 +1,41 @@ +use core::marker::PhantomData; + #[cfg(feature = "alloc")] use alloc::boxed::Box; -use crypto::{SharedSecret, SupportedKxGroup}; +use crypto::SharedSecret; use paste::paste; use rustls::crypto; +use crate::GeneratedRng; + #[derive(Debug)] -pub struct X25519; +pub struct X25519 { + marker: PhantomData, +} + +impl X25519 { + pub const fn new() -> Self { + Self { + marker: PhantomData, + } + } +} -impl crypto::SupportedKxGroup for X25519 { +impl crypto::SupportedKxGroup for X25519 +where + R: GeneratedRng, +{ fn name(&self) -> rustls::NamedGroup { rustls::NamedGroup::X25519 } fn start(&self) -> Result, rustls::Error> { - let priv_key = x25519_dalek::EphemeralSecret::random_from_rng(rand_core::OsRng); + let mut rng = R::new(); + + let priv_key = x25519_dalek::EphemeralSecret::random_from_rng(&mut rng); let pub_key = (&priv_key).into(); + Ok(Box::new(X25519KeyExchange { priv_key, pub_key })) } } @@ -42,7 +62,7 @@ impl crypto::ActiveKeyExchange for X25519KeyExchange { } fn group(&self) -> rustls::NamedGroup { - X25519.name() + rustls::NamedGroup::X25519 } } @@ -52,15 +72,29 @@ macro_rules! impl_kx { #[derive(Debug)] #[allow(non_camel_case_types)] - pub struct $name; + pub struct $name { + marker: PhantomData, + } - impl crypto::SupportedKxGroup for $name { + impl $name { + pub const fn new() -> Self { + Self { + marker: PhantomData, + } + } + } + + impl crypto::SupportedKxGroup for $name + where + R: GeneratedRng, + { fn name(&self) -> rustls::NamedGroup { $kx_name } fn start(&self) -> Result, rustls::Error> { - let priv_key = $secret::random(&mut rand_core::OsRng); + let mut rng = R::new(); + let priv_key = $secret::random(&mut rng); let pub_key: $public_key = (&priv_key).into(); Ok(Box::new([<$name KeyExchange>] { priv_key, @@ -95,7 +129,7 @@ macro_rules! impl_kx { } fn group(&self) -> rustls::NamedGroup { - $name.name() + $kx_name } } } @@ -105,4 +139,4 @@ macro_rules! impl_kx { impl_kx! {SecP256R1, rustls::NamedGroup::secp256r1, p256::ecdh::EphemeralSecret, p256::PublicKey} impl_kx! {SecP384R1, rustls::NamedGroup::secp384r1, p384::ecdh::EphemeralSecret, p384::PublicKey} -pub const ALL_KX_GROUPS: &[&dyn SupportedKxGroup] = &[&X25519, &SecP256R1, &SecP384R1]; +// pub const ALL_KX_GROUPS: &[&dyn SupportedKxGroup] = &[&X25519, &SecP256R1, &SecP384R1]; diff --git a/src/lib.rs b/src/lib.rs index 1b108b8..c59a233 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -38,40 +38,49 @@ compile_error!("Rustls currently does not support alloc-less environments"); #[cfg(feature = "alloc")] extern crate alloc; +use core::fmt::Debug; +use core::marker::PhantomData; + #[cfg(feature = "alloc")] use alloc::sync::Arc; -use rustls::crypto::{ - CipherSuiteCommon, CryptoProvider, GetRandomFailed, KeyProvider, SecureRandom, -}; +use alloc::vec::Vec; +use rand_core::{CryptoRng, RngCore}; +use rustls::crypto::{CipherSuiteCommon, GetRandomFailed, KeyProvider, SecureRandom, WebPkiSupportedAlgorithms}; use rustls::{CipherSuite, SupportedCipherSuite, Tls13CipherSuite}; #[cfg(feature = "tls12")] use rustls::SignatureScheme; +use verify::ALGORITHMS; + +pub trait GeneratedRng: CryptoRng + RngCore + Debug + Sync + Send { + fn new() -> Self; +} #[derive(Debug)] -pub struct Provider; - -pub fn provider() -> CryptoProvider { - CryptoProvider { - cipher_suites: ALL_CIPHER_SUITES.to_vec(), - kx_groups: kx::ALL_KX_GROUPS.to_vec(), - signature_verification_algorithms: verify::ALGORITHMS, - secure_random: &Provider, - key_provider: &Provider, +pub struct Provider { + random: PhantomData, +} + +impl Provider { + pub const fn new() -> Self { + Provider { random: PhantomData } } } -impl SecureRandom for Provider { +impl SecureRandom for Provider +where + R: GeneratedRng, +{ fn fill(&self, bytes: &mut [u8]) -> Result<(), GetRandomFailed> { - use rand_core::RngCore; - rand_core::OsRng - .try_fill_bytes(bytes) - .map_err(|_| GetRandomFailed) + R::new().try_fill_bytes(bytes).map_err(|_| GetRandomFailed) } } -impl KeyProvider for Provider { +impl KeyProvider for Provider +where + R: RngCore + Debug + Sync + Send, +{ fn load_private_key( &self, key_der: pki_types::PrivateKeyDer<'static>, @@ -99,7 +108,7 @@ const TLS12_RSA_SCHEMES: [SignatureScheme; 6] = [ ]; #[cfg(feature = "tls12")] -pub const TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = +const TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = SupportedCipherSuite::Tls12(&rustls::Tls12CipherSuite { common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, @@ -113,7 +122,7 @@ pub const TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = }); #[cfg(feature = "tls12")] -pub const TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = +const TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = SupportedCipherSuite::Tls12(&rustls::Tls12CipherSuite { common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, @@ -127,7 +136,7 @@ pub const TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = }); #[cfg(feature = "tls12")] -pub const TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = +const TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = SupportedCipherSuite::Tls12(&rustls::Tls12CipherSuite { common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, @@ -148,7 +157,7 @@ const TLS_ECDHE_ECDSA_SUITES: &[SupportedCipherSuite] = &[ ]; #[cfg(feature = "tls12")] -pub const TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = +const TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = SupportedCipherSuite::Tls12(&rustls::Tls12CipherSuite { common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, @@ -162,7 +171,7 @@ pub const TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = }); #[cfg(feature = "tls12")] -pub const TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = +const TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = SupportedCipherSuite::Tls12(&rustls::Tls12CipherSuite { common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, @@ -176,7 +185,7 @@ pub const TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = }); #[cfg(feature = "tls12")] -pub const TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = +const TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = SupportedCipherSuite::Tls12(&rustls::Tls12CipherSuite { common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, @@ -206,7 +215,7 @@ const TLS12_SUITES: &[SupportedCipherSuite] = misc::const_concat_slices!( #[cfg(not(feature = "tls12"))] const TLS12_SUITES: &[SupportedCipherSuite] = &[]; -pub const TLS13_AES_128_GCM_SHA256: SupportedCipherSuite = +const TLS13_AES_128_GCM_SHA256: SupportedCipherSuite = SupportedCipherSuite::Tls13(&Tls13CipherSuite { common: CipherSuiteCommon { suite: CipherSuite::TLS13_AES_128_GCM_SHA256, @@ -218,7 +227,7 @@ pub const TLS13_AES_128_GCM_SHA256: SupportedCipherSuite = quic: None, }); -pub const TLS13_AES_256_GCM_SHA384: SupportedCipherSuite = +const TLS13_AES_256_GCM_SHA384: SupportedCipherSuite = SupportedCipherSuite::Tls13(&Tls13CipherSuite { common: CipherSuiteCommon { suite: CipherSuite::TLS13_AES_256_GCM_SHA384, @@ -233,7 +242,7 @@ pub const TLS13_AES_256_GCM_SHA384: SupportedCipherSuite = const TLS13_AES_SUITES: &[SupportedCipherSuite] = &[TLS13_AES_128_GCM_SHA256, TLS13_AES_256_GCM_SHA384]; -pub const TLS13_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = +const TLS13_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = SupportedCipherSuite::Tls13(&Tls13CipherSuite { common: CipherSuiteCommon { suite: CipherSuite::TLS13_CHACHA20_POLY1305_SHA256, @@ -261,11 +270,21 @@ static ALL_CIPHER_SUITES: &[SupportedCipherSuite] = misc::const_concat_slices!( TLS13_SUITES, ); +/// Returns a vector of all supported cipher suites. +pub fn all_cipher_suites() -> Vec { + ALL_CIPHER_SUITES.to_vec() +} + +/// Returns a vector of all supported signature verification algorithms. +pub fn all_signature_verification_algorithms() -> WebPkiSupportedAlgorithms { + ALGORITHMS +} + mod aead; mod hash; mod hmac; -mod kx; +pub mod kx; mod misc; -pub mod quic; -pub mod sign; +// mod quic; +mod sign; mod verify; diff --git a/tests/builder.rs b/tests/builder.rs index bab5d85..aead3cf 100644 --- a/tests/builder.rs +++ b/tests/builder.rs @@ -1,10 +1,14 @@ use std::sync::Arc; +use rand_core::CryptoRng; +use rand_core::Error; +use rand_core::OsRng; +use rand_core::RngCore; +use rustls::crypto::CryptoProvider; +use rustls::crypto::SupportedKxGroup; use rustls::ClientConfig as RusTlsClientConfig; use rustls::ServerConfig as RusTlsServerConfig; -use rustls_rustcrypto::provider as rustcrypto_provider; - mod fake_time; use fake_time::FakeTime; @@ -17,6 +21,53 @@ use fake_cert_client_verifier::FakeClientCertVerifier; mod fake_cert_server_resolver; use fake_cert_server_resolver::FakeServerCertResolver; +#[derive(Debug)] +struct GeneratedOsRng(OsRng); + +impl GeneratedRng for GeneratedOsRng { + fn new() -> Self { + GeneratedOsRng(OsRng) + } +} + +impl RngCore for GeneratedOsRng { + fn next_u32(&mut self) -> u32 { + self.0.next_u32() + } + + fn next_u64(&mut self) -> u64 { + self.0.next_u64() + } + + fn fill_bytes(&mut self, dest: &mut [u8]) { + self.0.fill_bytes(dest) + } + + fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), Error> { + self.0.try_fill_bytes(dest) + } +} + +impl CryptoRng for GeneratedOsRng {} + +fn rustcrypto_provider() -> CryptoProvider { + static RUSTCRYPTO_PROVIDER: Provider = Provider::::new(); + const ALL_KX_GROUPS: &[&dyn SupportedKxGroup] = &[ + &kx::X25519::::new(), + &kx::SecP256R1::::new(), + &kx::SecP384R1::::new(), + ]; + + CryptoProvider { + cipher_suites: all_cipher_suites(), + signature_verification_algorithms: all_signature_verification_algorithms(), + secure_random: &RUSTCRYPTO_PROVIDER, + key_provider: &RUSTCRYPTO_PROVIDER, + kx_groups: ALL_KX_GROUPS.to_vec(), + } +} + + // Test integration between rustls and rustls in Client builder context #[test] fn integrate_client_builder_with_details_fake() { @@ -44,6 +95,11 @@ fn integrate_client_builder_with_details_fake() { } use rustls::DistinguishedName; +use rustls_rustcrypto::all_cipher_suites; +use rustls_rustcrypto::all_signature_verification_algorithms; +use rustls_rustcrypto::kx; +use rustls_rustcrypto::GeneratedRng; +use rustls_rustcrypto::Provider; // Test integration between rustls and rustls in Server builder context #[test]