Skip to content

Commit

Permalink
no-std: add TimeProvider to ServerConfig
Browse files Browse the repository at this point in the history
  • Loading branch information
@japaric
japaric committed Oct 5, 2023
1 parent 23a4992 commit 78046e4
Show file tree
Hide file tree
Showing 3 changed files with 43 additions and 12 deletions.
2 changes: 2 additions & 0 deletions rustls/src/server/builder.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,8 @@ impl ConfigBuilder<ServerConfig, WantsServerCert> {
max_early_data_size: 0,
send_half_rtt_data: false,
send_tls13_tickets: 4,
#[cfg(not(feature = "std"))]
time_provider: crate::time_provider::TimeProvider::none(),
}
}
}
6 changes: 6 additions & 0 deletions rustls/src/server/server_conn.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -317,6 +317,10 @@ pub struct ServerConfig {
/// If this is 0, no tickets are sent and clients will not be able to
/// do any resumption.
pub send_tls13_tickets: usize,

/// Provides the current system time
#[cfg(not(feature = "std"))]
pub time_provider: crate::time_provider::TimeProvider,
}

// Avoid a `Clone` bound on `C`.
Expand All @@ -339,6 +343,8 @@ impl Clone for ServerConfig {
max_early_data_size: self.max_early_data_size,
send_half_rtt_data: self.send_half_rtt_data,
send_tls13_tickets: self.send_tls13_tickets,
#[cfg(not(feature = "std"))]
time_provider: self.time_provider.clone(),
}
}
}
Expand Down
47 changes: 35 additions & 12 deletions rustls/src/server/tls13.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -307,10 +307,20 @@ mod client_hello {
}

for (i, psk_id) in psk_offer.identities.iter().enumerate() {
#[cfg(feature = "std")]
let now = UnixTime::now();

#[cfg(not(feature = "std"))]
let now = self
.config
.time_provider
.get_current_time()
.map_err(|_| Error::FailedToGetCurrentTime)?;

let resume = match self
.attempt_tls13_ticket_decryption(&psk_id.identity.0)
.map(|resumedata| {
resumedata.set_freshness(psk_id.obfuscated_ticket_age, UnixTime::now())
resumedata.set_freshness(psk_id.obfuscated_ticket_age, now)
})
.filter(|resumedata| {
hs::can_resume(self.suite.into(), &cx.data.sni, false, resumedata)
Expand Down Expand Up @@ -922,9 +932,19 @@ impl State<ServerConnectionData> for ExpectCertificate {
Some(chain) => chain,
};

#[cfg(feature = "std")]
let now = UnixTime::now();

#[cfg(not(feature = "std"))]
let now = self
.config
.time_provider
.get_current_time()
.map_err(|_| Error::FailedToGetCurrentTime)?;

self.config
.verifier
.verify_client_cert(end_entity, intermediates, UnixTime::now())
.verify_client_cert(end_entity, intermediates, now)
.map_err(|err| {
cx.common
.send_cert_verify_error_alert(err)
Expand Down Expand Up @@ -1090,16 +1110,19 @@ impl ExpectFinished {
) -> Result<(), Error> {
let nonce = rand::random_vec(config.provider, 32)?;
let age_add = rand::random_u32(config.provider)?;
let plain = get_server_session_value(
transcript,
suite,
key_schedule,
cx,
&nonce,
UnixTime::now(),
age_add,
)
.get_encoding();

#[cfg(feature = "std")]
let now = UnixTime::now();

#[cfg(not(feature = "std"))]
let now = config
.time_provider
.get_current_time()
.map_err(|_| Error::FailedToGetCurrentTime)?;

let plain =
get_server_session_value(transcript, suite, key_schedule, cx, &nonce, now, age_add)
.get_encoding();

let stateless = config.ticketer.enabled();
let (ticket, lifetime) = if stateless {
Expand Down

0 comments on commit 78046e4

Please sign in to comment.