-
Notifications
You must be signed in to change notification settings - Fork 590
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This is an example that builds a mostly-unchanged rustls example (simpleclient), but only using crypto from the rust-crypto project and elsewhere. This is intended to be minimalistic, and not a complete replacement for *ring*. It implements: - TLS1.3 TLS13_CHACHA20_POLY1305_SHA256 cipher suite. - TLS1.2 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 cipher suite. - X25519 key exchange. - RSA-PSS-SHA256 and RSA-PKCS1-SHA256 signature verification for verifying the server, integrated into the webpki crate. - random generation using `rand_core`. This means it can fetch www.rust-lang.org. TLS1.2 is not strictly necessary for this server, but serves to demonstrate that part of the API.
- Loading branch information
Showing
12 changed files
with
538 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
[package] | ||
name = "rustls-provider-example" | ||
version = "0.0.1" | ||
edition = "2021" | ||
rust-version = "1.60" | ||
license = "Apache-2.0 OR ISC OR MIT" | ||
description = "Example of rustls with custom crypto provider." | ||
publish = false | ||
|
||
[dependencies] | ||
chacha20poly1305 = "0.10.0" | ||
der = "0.7.0" | ||
env_logger = "0.10" | ||
hmac = "0.12.0" | ||
rand_core = "0.6.0" | ||
rustls = { path = "../rustls", default-features = false, features = [ "logging", "dangerous_configuration", "webpki", "tls12" ]} | ||
rsa = { version = "0.9.0", features = [ "sha2" ] } | ||
sha2 = "0.10.0" | ||
webpki = { package = "rustls-webpki", version = "0.102.0-alpha.0", default-features = false, features = ["alloc", "std"] } | ||
webpki-roots = "0.25.0" | ||
x25519-dalek = "2" | ||
|
||
[dev-dependencies] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
use std::sync::Arc; | ||
|
||
use std::io::{stdout, Read, Write}; | ||
use std::net::TcpStream; | ||
|
||
use rustls_provider_example::Provider; | ||
|
||
fn main() { | ||
env_logger::init(); | ||
|
||
let mut root_store = rustls::RootCertStore::empty(); | ||
root_store.add_trust_anchors( | ||
webpki_roots::TLS_SERVER_ROOTS | ||
.iter() | ||
.map(|ta| { | ||
rustls::OwnedTrustAnchor::from_subject_spki_name_constraints( | ||
ta.subject, | ||
ta.spki, | ||
ta.name_constraints, | ||
) | ||
}), | ||
); | ||
|
||
let config = rustls::ClientConfig::<Provider>::builder() | ||
.with_safe_defaults() | ||
.with_custom_certificate_verifier(Provider::certificate_verifier(root_store)) | ||
.with_no_client_auth(); | ||
|
||
let server_name = "www.rust-lang.org".try_into().unwrap(); | ||
let mut conn = rustls::ClientConnection::new(Arc::new(config), server_name).unwrap(); | ||
let mut sock = TcpStream::connect("www.rust-lang.org:443").unwrap(); | ||
let mut tls = rustls::Stream::new(&mut conn, &mut sock); | ||
tls.write_all( | ||
concat!( | ||
"GET / HTTP/1.1\r\n", | ||
"Host: www.rust-lang.org\r\n", | ||
"Connection: close\r\n", | ||
"Accept-Encoding: identity\r\n", | ||
"\r\n" | ||
) | ||
.as_bytes(), | ||
) | ||
.unwrap(); | ||
let ciphersuite = tls | ||
.conn | ||
.negotiated_cipher_suite() | ||
.unwrap(); | ||
writeln!( | ||
&mut std::io::stderr(), | ||
"Current ciphersuite: {:?}", | ||
ciphersuite.suite() | ||
) | ||
.unwrap(); | ||
let mut plaintext = Vec::new(); | ||
tls.read_to_end(&mut plaintext).unwrap(); | ||
stdout().write_all(&plaintext).unwrap(); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,158 @@ | ||
use chacha20poly1305::{AeadInPlace, KeyInit, KeySizeUser}; | ||
use rustls::crypto::cipher; | ||
use rustls::internal::msgs::base::Payload; // FIXME | ||
use rustls::{ContentType, ProtocolVersion}; | ||
|
||
pub struct Chacha20Poly1305; | ||
|
||
impl cipher::Tls13AeadAlgorithm for Chacha20Poly1305 { | ||
fn encrypter(&self, key: cipher::AeadKey, iv: cipher::Iv) -> Box<dyn cipher::MessageEncrypter> { | ||
Box::new(Tls13Cipher( | ||
chacha20poly1305::ChaCha20Poly1305::new_from_slice(key.as_ref()).unwrap(), | ||
iv, | ||
)) | ||
} | ||
|
||
fn decrypter(&self, key: cipher::AeadKey, iv: cipher::Iv) -> Box<dyn cipher::MessageDecrypter> { | ||
Box::new(Tls13Cipher( | ||
chacha20poly1305::ChaCha20Poly1305::new_from_slice(key.as_ref()).unwrap(), | ||
iv, | ||
)) | ||
} | ||
|
||
fn key_len(&self) -> usize { | ||
chacha20poly1305::ChaCha20Poly1305::key_size() | ||
} | ||
} | ||
|
||
impl cipher::Tls12AeadAlgorithm for Chacha20Poly1305 { | ||
fn encrypter( | ||
&self, | ||
key: cipher::AeadKey, | ||
iv: &[u8], | ||
_: &[u8], | ||
) -> Box<dyn cipher::MessageEncrypter> { | ||
Box::new(Tls12Cipher( | ||
chacha20poly1305::ChaCha20Poly1305::new_from_slice(key.as_ref()).unwrap(), | ||
cipher::Iv::copy(iv), | ||
)) | ||
} | ||
|
||
fn decrypter(&self, key: cipher::AeadKey, iv: &[u8]) -> Box<dyn cipher::MessageDecrypter> { | ||
Box::new(Tls12Cipher( | ||
chacha20poly1305::ChaCha20Poly1305::new_from_slice(key.as_ref()).unwrap(), | ||
cipher::Iv::copy(iv), | ||
)) | ||
} | ||
|
||
fn key_block_shape(&self) -> cipher::KeyBlockShape { | ||
cipher::KeyBlockShape { | ||
enc_key_len: 32, | ||
fixed_iv_len: 12, | ||
explicit_nonce_len: 0, | ||
} | ||
} | ||
} | ||
|
||
struct Tls13Cipher(chacha20poly1305::ChaCha20Poly1305, cipher::Iv); | ||
|
||
impl cipher::MessageEncrypter for Tls13Cipher { | ||
fn encrypt( | ||
&self, | ||
m: cipher::BorrowedPlainMessage, | ||
seq: u64, | ||
) -> Result<cipher::OpaqueMessage, rustls::Error> { | ||
let total_len = m.payload.len() + 1 + CHACHAPOLY1305_OVERHEAD; | ||
|
||
// construct a TLSInnerPlaintext | ||
let mut payload = Vec::with_capacity(total_len); | ||
payload.extend_from_slice(m.payload); | ||
payload.push(m.typ.get_u8()); | ||
|
||
let nonce = chacha20poly1305::Nonce::from(cipher::Nonce::new(&self.1, seq).0); | ||
let aad = cipher::make_tls13_aad(total_len); | ||
|
||
self.0 | ||
.encrypt_in_place(&nonce, &aad, &mut payload) | ||
.map_err(|_| rustls::Error::EncryptError) | ||
.and_then(|_| { | ||
Ok(cipher::OpaqueMessage { | ||
typ: ContentType::ApplicationData, | ||
version: ProtocolVersion::TLSv1_2, | ||
payload: Payload::new(payload), | ||
}) | ||
}) | ||
} | ||
} | ||
|
||
impl cipher::MessageDecrypter for Tls13Cipher { | ||
fn decrypt( | ||
&self, | ||
mut m: cipher::OpaqueMessage, | ||
seq: u64, | ||
) -> Result<cipher::PlainMessage, rustls::Error> { | ||
let payload = &mut m.payload.0; | ||
let nonce = chacha20poly1305::Nonce::from(cipher::Nonce::new(&self.1, seq).0); | ||
let aad = cipher::make_tls13_aad(payload.len()); | ||
|
||
self.0 | ||
.decrypt_in_place(&nonce, &aad, payload) | ||
.map_err(|_| rustls::Error::DecryptError)?; | ||
|
||
m.into_tls13_unpadded_message() | ||
} | ||
} | ||
|
||
struct Tls12Cipher(chacha20poly1305::ChaCha20Poly1305, cipher::Iv); | ||
|
||
impl cipher::MessageEncrypter for Tls12Cipher { | ||
fn encrypt( | ||
&self, | ||
m: cipher::BorrowedPlainMessage, | ||
seq: u64, | ||
) -> Result<cipher::OpaqueMessage, rustls::Error> { | ||
let total_len = m.payload.len() + CHACHAPOLY1305_OVERHEAD; | ||
|
||
let mut payload = Vec::with_capacity(total_len); | ||
payload.extend_from_slice(m.payload); | ||
|
||
let nonce = chacha20poly1305::Nonce::from(cipher::Nonce::new(&self.1, seq).0); | ||
let aad = cipher::make_tls12_aad(seq, m.typ, m.version, payload.len()); | ||
|
||
self.0 | ||
.encrypt_in_place(&nonce, &aad, &mut payload) | ||
.map_err(|_| rustls::Error::EncryptError) | ||
.and_then(|_| { | ||
Ok(cipher::OpaqueMessage { | ||
typ: m.typ, | ||
version: m.version, | ||
payload: Payload::new(payload), | ||
}) | ||
}) | ||
} | ||
} | ||
|
||
impl cipher::MessageDecrypter for Tls12Cipher { | ||
fn decrypt( | ||
&self, | ||
mut m: cipher::OpaqueMessage, | ||
seq: u64, | ||
) -> Result<cipher::PlainMessage, rustls::Error> { | ||
let payload = &mut m.payload.0; | ||
let nonce = chacha20poly1305::Nonce::from(cipher::Nonce::new(&self.1, seq).0); | ||
let aad = cipher::make_tls12_aad( | ||
seq, | ||
m.typ, | ||
m.version, | ||
payload.len() - CHACHAPOLY1305_OVERHEAD, | ||
); | ||
|
||
self.0 | ||
.decrypt_in_place(&nonce, &aad, payload) | ||
.map_err(|_| rustls::Error::DecryptError)?; | ||
|
||
Ok(m.into_plain_message()) | ||
} | ||
} | ||
|
||
const CHACHAPOLY1305_OVERHEAD: usize = 16; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
use rustls::crypto::hash; | ||
use sha2::Digest; | ||
|
||
pub struct SHA256; | ||
|
||
impl hash::Hash for SHA256 { | ||
fn start(&self) -> Box<dyn hash::Context> { | ||
Box::new(SHA256Context(sha2::Sha256::new())) | ||
} | ||
|
||
fn hash(&self, data: &[u8]) -> hash::Output { | ||
hash::Output::new(&sha2::Sha256::digest(data)[..]) | ||
} | ||
|
||
fn algorithm(&self) -> hash::HashAlgorithm { | ||
hash::HashAlgorithm::SHA256 | ||
} | ||
|
||
fn output_len(&self) -> usize { | ||
32 | ||
} | ||
} | ||
|
||
struct SHA256Context(sha2::Sha256); | ||
|
||
impl hash::Context for SHA256Context { | ||
fn fork_finish(&self) -> hash::Output { | ||
hash::Output::new(&self.0.clone().finalize()[..]) | ||
} | ||
|
||
fn fork(&self) -> Box<dyn hash::Context> { | ||
Box::new(SHA256Context(self.0.clone())) | ||
} | ||
|
||
fn finish(self: Box<Self>) -> hash::Output { | ||
hash::Output::new(&self.0.finalize()[..]) | ||
} | ||
|
||
fn update(&mut self, data: &[u8]) { | ||
self.0.update(data); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
use hmac::{Hmac, Mac}; | ||
use rustls::crypto; | ||
use sha2::{Digest, Sha256}; | ||
|
||
pub struct Sha256Hmac; | ||
|
||
impl crypto::hmac::Hmac for Sha256Hmac { | ||
fn with_key(&self, key: &[u8]) -> Box<dyn crypto::hmac::Key> { | ||
Box::new(Sha256HmacKey(Hmac::<Sha256>::new_from_slice(key).unwrap())) | ||
} | ||
|
||
fn hash_output_len(&self) -> usize { | ||
Sha256::output_size() | ||
} | ||
} | ||
|
||
struct Sha256HmacKey(Hmac<Sha256>); | ||
|
||
impl crypto::hmac::Key for Sha256HmacKey { | ||
fn sign_concat(&self, first: &[u8], middle: &[&[u8]], last: &[u8]) -> crypto::hmac::Tag { | ||
let mut ctx = self.0.clone(); | ||
ctx.update(first); | ||
for m in middle { | ||
ctx.update(m); | ||
} | ||
ctx.update(last); | ||
crypto::hmac::Tag::new(&ctx.finalize().into_bytes()[..]) | ||
} | ||
|
||
fn tag_len(&self) -> usize { | ||
Sha256::output_size() | ||
} | ||
} |
Oops, something went wrong.