engine/tls: basic start and replace sslio

* I believe working around `br_sslio_*` isn't worth the effort as the
  same functionality can be done manually with `*_buf` + `*_ack` which
  is used by sslio internally. This will especially be useful when
  wrapping Write/Read traits in std.

* Since both server and client contextes use `br_ssl_engine_context`,
  writing the routines for it removes a lot of future headaches. The
  engines shouldn't be used directly but will be exposed anyway for
  special cases and for having more discoverable errors.
main
Aydin Mercan 2022-09-06 22:22:05 +03:00
parent fe6c9fd0ed
commit 14d4569001
Signed by: jaiden
SSH Key Fingerprint: SHA256:vy6hjzotbn/MWZAbjzURNk3NL62EPkjoHsJ5xr/s7nk
7 changed files with 582 additions and 29 deletions

414
Cargo.lock generated Normal file
View File

@ -0,0 +1,414 @@
# This file is automatically @generated by Cargo.
# It is not intended for manual editing.
version = 3
[[package]]
name = "aho-corasick"
version = "0.7.19"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b4f55bd91a0978cbfd91c457a164bab8b4001c833b7f323132c0a4e1922dd44e"
dependencies = [
"memchr",
]
[[package]]
name = "atty"
version = "0.2.14"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8"
dependencies = [
"hermit-abi",
"libc",
"winapi",
]
[[package]]
name = "autocfg"
version = "1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa"
[[package]]
name = "bearssl"
version = "0.0.2-pre.0"
dependencies = [
"bearssl-sys",
"libc",
"rand_core",
"zeroize",
]
[[package]]
name = "bearssl-sys"
version = "0.0.5-pre.0"
dependencies = [
"bindgen",
"cc",
"libc",
]
[[package]]
name = "bindgen"
version = "0.60.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "062dddbc1ba4aca46de6338e2bf87771414c335f7b2f2036e8f3e9befebf88e6"
dependencies = [
"bitflags",
"cexpr",
"clang-sys",
"clap",
"env_logger",
"lazy_static",
"lazycell",
"log",
"peeking_take_while",
"proc-macro2",
"quote",
"regex",
"rustc-hash",
"shlex",
"which",
]
[[package]]
name = "bitflags"
version = "1.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
[[package]]
name = "cc"
version = "1.0.73"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2fff2a6927b3bb87f9595d67196a70493f627687a71d87a0d692242c33f58c11"
[[package]]
name = "cexpr"
version = "0.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766"
dependencies = [
"nom",
]
[[package]]
name = "cfg-if"
version = "1.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
[[package]]
name = "clang-sys"
version = "1.3.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5a050e2153c5be08febd6734e29298e844fdb0fa21aeddd63b4eb7baa106c69b"
dependencies = [
"glob",
"libc",
"libloading",
]
[[package]]
name = "clap"
version = "3.2.20"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "23b71c3ce99b7611011217b366d923f1d0a7e07a92bb2dbf1e84508c673ca3bd"
dependencies = [
"atty",
"bitflags",
"clap_lex",
"indexmap",
"strsim",
"termcolor",
"textwrap",
]
[[package]]
name = "clap_lex"
version = "0.2.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2850f2f5a82cbf437dd5af4d49848fbdfc27c157c3d010345776f952765261c5"
dependencies = [
"os_str_bytes",
]
[[package]]
name = "either"
version = "1.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "90e5c1c8368803113bf0c9584fc495a58b86dc8a29edbf8fe877d21d9507e797"
[[package]]
name = "env_logger"
version = "0.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0b2cf0344971ee6c64c31be0d530793fba457d322dfec2810c453d0ef228f9c3"
dependencies = [
"atty",
"humantime",
"log",
"regex",
"termcolor",
]
[[package]]
name = "getrandom"
version = "0.2.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4eb1a864a501629691edf6c15a593b7a51eebaa1e8468e9ddc623de7c9b58ec6"
dependencies = [
"cfg-if",
"libc",
"wasi",
]
[[package]]
name = "glob"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9b919933a397b79c37e33b77bb2aa3dc8eb6e165ad809e58ff75bc7db2e34574"
[[package]]
name = "hashbrown"
version = "0.12.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888"
[[package]]
name = "hermit-abi"
version = "0.1.19"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "62b467343b94ba476dcb2500d242dadbb39557df889310ac77c5d99100aaac33"
dependencies = [
"libc",
]
[[package]]
name = "humantime"
version = "2.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4"
[[package]]
name = "indexmap"
version = "1.9.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "10a35a97730320ffe8e2d410b5d3b69279b98d2c14bdb8b70ea89ecf7888d41e"
dependencies = [
"autocfg",
"hashbrown",
]
[[package]]
name = "lazy_static"
version = "1.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
[[package]]
name = "lazycell"
version = "1.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55"
[[package]]
name = "libc"
version = "0.2.132"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8371e4e5341c3a96db127eb2465ac681ced4c433e01dd0e938adbef26ba93ba5"
[[package]]
name = "libloading"
version = "0.7.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "efbc0f03f9a775e9f6aed295c6a1ba2253c5757a9e03d55c6caa46a681abcddd"
dependencies = [
"cfg-if",
"winapi",
]
[[package]]
name = "log"
version = "0.4.17"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e"
dependencies = [
"cfg-if",
]
[[package]]
name = "memchr"
version = "2.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d"
[[package]]
name = "minimal-lexical"
version = "0.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
[[package]]
name = "nom"
version = "7.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a8903e5a29a317527874d0402f867152a3d21c908bb0b933e416c65e301d4c36"
dependencies = [
"memchr",
"minimal-lexical",
]
[[package]]
name = "once_cell"
version = "1.14.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2f7254b99e31cad77da24b08ebf628882739a608578bb1bcdfc1f9c21260d7c0"
[[package]]
name = "os_str_bytes"
version = "6.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9ff7415e9ae3fff1225851df9e0d9e4e5479f947619774677a63572e55e80eff"
[[package]]
name = "peeking_take_while"
version = "0.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "19b17cddbe7ec3f8bc800887bab5e717348c95ea2ca0b1bf0837fb964dc67099"
[[package]]
name = "proc-macro2"
version = "1.0.43"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0a2ca2c61bc9f3d74d2886294ab7b9853abd9c1ad903a3ac7815c58989bb7bab"
dependencies = [
"unicode-ident",
]
[[package]]
name = "quote"
version = "1.0.21"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bbe448f377a7d6961e30f5955f9b8d106c3f5e449d493ee1b125c1d43c2b5179"
dependencies = [
"proc-macro2",
]
[[package]]
name = "rand_core"
version = "0.6.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d34f1408f55294453790c48b2f1ebbb1c5b4b7563eb1f418bcfcfdbb06ebb4e7"
dependencies = [
"getrandom",
]
[[package]]
name = "regex"
version = "1.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4c4eb3267174b8c6c2f654116623910a0fef09c4753f8dd83db29c48a0df988b"
dependencies = [
"aho-corasick",
"memchr",
"regex-syntax",
]
[[package]]
name = "regex-syntax"
version = "0.6.27"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a3f87b73ce11b1619a3c6332f45341e0047173771e8b8b73f87bfeefb7b56244"
[[package]]
name = "rustc-hash"
version = "1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2"
[[package]]
name = "shlex"
version = "1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "43b2853a4d09f215c24cc5489c992ce46052d359b5109343cbafbf26bc62f8a3"
[[package]]
name = "strsim"
version = "0.10.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623"
[[package]]
name = "termcolor"
version = "1.1.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bab24d30b911b2376f3a13cc2cd443142f0c81dda04c118693e35b3835757755"
dependencies = [
"winapi-util",
]
[[package]]
name = "textwrap"
version = "0.15.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b1141d4d61095b28419e22cb0bbf02755f5e54e0526f97f1e3d1d160e60885fb"
[[package]]
name = "unicode-ident"
version = "1.0.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c4f5b37a154999a8f3f98cc23a628d850e154479cd94decf3414696e12e31aaf"
[[package]]
name = "wasi"
version = "0.11.0+wasi-snapshot-preview1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
[[package]]
name = "which"
version = "4.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1c831fbbee9e129a8cf93e7747a82da9d95ba8e16621cae60ec2cdc849bacb7b"
dependencies = [
"either",
"libc",
"once_cell",
]
[[package]]
name = "winapi"
version = "0.3.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
dependencies = [
"winapi-i686-pc-windows-gnu",
"winapi-x86_64-pc-windows-gnu",
]
[[package]]
name = "winapi-i686-pc-windows-gnu"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
[[package]]
name = "winapi-util"
version = "0.1.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178"
dependencies = [
"winapi",
]
[[package]]
name = "winapi-x86_64-pc-windows-gnu"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
[[package]]
name = "zeroize"
version = "1.5.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c394b5bd0c6f669e7275d9c20aa90ae064cb22e75a1cad54e1b34088034b149f"

View File

@ -2,11 +2,10 @@
Here we list the how other projects were utilized and their licenses.
## Rustls
* API Design for connections
- `read_tls` and `write_tls` is utilized except we use byte slices due to being `no_std`.
- `read_tls` and `write_tls` API design is copied pretty much as-is.
```
ISC License (ISC)

1
bearssl/src/engine.rs Normal file
View File

@ -0,0 +1 @@
pub mod tls;

140
bearssl/src/engine/tls.rs Normal file
View File

@ -0,0 +1,140 @@
use core::cmp::min;
use core::mem::MaybeUninit;
use core::slice;
use bearssl_sys::*;
pub enum Error {
/// A session resumption has been attempted with a distinct version or cipher suite.
SessionResumptionMismatch,
/// Other side has sent an invalid signature.
BadSignature,
/// The error code is unknown or not wrapped around yet.
Unknown,
}
/// TLS engine used by both server and client connections.
#[repr(transparent)]
pub struct TlsEngine {
pub(crate) context: br_ssl_engine_context,
}
impl TlsEngine {
/// Push some plaintext bytes into engine.
pub fn push_write(&mut self, src: &[u8]) -> Result<usize, Error> {
let buf = unsafe {
let mut l = MaybeUninit::<usize>::uninit();
let b = br_ssl_engine_sendapp_buf(&self.context, l.as_mut_ptr());
if b.is_null() {
return Err(Error::Unknown);
}
slice::from_raw_parts_mut(b, l.assume_init_read())
};
let len = match min(buf.len(), src.len()) {
0 => return Err(Error::Unknown),
l => l,
};
buf[..len].copy_from_slice(&src[..len]);
unsafe {
br_ssl_engine_sendapp_ack(&mut self.context, len);
}
Ok(len)
}
/// Get the TLS record that has wrapped the pushed data. Returns an error or how many bytes of TLS record were written to `dst`.
pub fn pull_write(&mut self, dst: &mut [u8]) -> Result<usize, Error> {
let buf = unsafe {
let mut l = MaybeUninit::<usize>::uninit();
let b = br_ssl_engine_sendrec_buf(&mut self.context, l.as_mut_ptr());
if b.is_null() {
return Err(Error::Unknown);
}
slice::from_raw_parts(b, l.assume_init_read())
};
let len = match min(buf.len(), dst.len()) {
0 => return Err(Error::Unknown),
l => l,
};
dst[..len].copy_from_slice(&buf[..len]);
unsafe {
br_ssl_engine_sendrec_ack(&mut self.context, len);
}
Ok(len)
}
/// Push incoming TLS record to be decrypted.
pub fn push_read(&mut self, src: &[u8]) -> Result<usize, Error> {
let buf = unsafe {
let mut l = MaybeUninit::<usize>::uninit();
let b = br_ssl_engine_recvrec_buf(&mut self.context, l.as_mut_ptr());
if b.is_null() {
return Err(Error::Unknown);
}
slice::from_raw_parts_mut(b, l.assume_init_read())
};
let len = match min(buf.len(), src.len()) {
0 => return Err(Error::Unknown),
l => l,
};
buf[..len].copy_from_slice(&src[..len]);
unsafe {
br_ssl_engine_recvrec_ack(&mut self.context, len);
}
Ok(len)
}
/// Get the application data pushed before.
pub fn pull_read(&mut self, dst: &mut [u8]) -> Result<usize, Error> {
let buf = unsafe {
let mut l = MaybeUninit::<usize>::uninit();
let b = br_ssl_engine_recvapp_buf(&mut self.context, l.as_mut_ptr());
if b.is_null() {
return Err(Error::Unknown);
}
slice::from_raw_parts(b, l.assume_init_read())
};
let len = match min(buf.len(), dst.len()) {
0 => return Err(Error::Unknown),
l => l,
};
dst[..len].copy_from_slice(&buf[..len]);
unsafe {
br_ssl_engine_recvapp_ack(&mut self.context, len);
}
Ok(len)
}
pub fn shutdown_recieved(&self) -> bool {
self.context.shutdown_recv != 0
}
}

View File

@ -1,25 +0,0 @@
use core::ffi::c_void;
use bearssl_sys::*;
use libc::{c_int, c_uchar};
pub trait HazardReadCallback {
/// Callback made by the SSL I/O context.
extern "C" fn read(ctx: *mut c_void, data: *mut c_uchar, len: usize) -> c_int;
/// Get the context to be used in the callback.
unsafe fn get_context(&self) -> *mut c_void;
}
pub trait HazardWriteCallback {
/// Callback made by the SSL I/O context.
extern "C" fn write(ctx: *mut c_void, data: *const c_uchar, len: usize) -> c_int;
/// Get the context to be used in the callback.
unsafe fn get_context(&self) -> *mut c_void;
}
#[repr(transparent)]
pub struct TlsIo {
context: br_sslio_context,
}

View File

@ -3,7 +3,7 @@
#[cfg(feature = "std")]
extern crate std;
pub mod io;
pub mod engine;
pub mod profile;
pub mod rsa;
pub mod server;

View File

@ -1,7 +1,9 @@
use core::marker::PhantomData;
use core::mem::transmute;
use bearssl_sys::*;
use crate::engine::tls;
use crate::x509::cert::X509Certificate;
/// Represents a connected client.
@ -12,5 +14,27 @@ pub struct ServerConnection<'a> {
}
impl<'a> ServerConnection<'a> {
pub fn push_bytes(&self, data: &[u8]) {}
pub fn push_write(&mut self, src: &[u8]) -> Result<usize, tls::Error> {
let engine: &mut tls::TlsEngine = unsafe { transmute(&mut self.context.eng) };
engine.push_write(src)
}
pub fn pull_write(&mut self, dst: &mut [u8]) -> Result<usize, tls::Error> {
let engine: &mut tls::TlsEngine = unsafe { transmute(&mut self.context.eng) };
engine.pull_write(dst)
}
pub fn push_read(&mut self, src: &[u8]) -> Result<usize, tls::Error> {
let engine: &mut tls::TlsEngine = unsafe { transmute(&mut self.context.eng) };
engine.push_read(src)
}
pub fn pull_read(&mut self, dst: &mut [u8]) -> Result<usize, tls::Error> {
let engine: &mut tls::TlsEngine = unsafe { transmute(&mut self.context.eng) };
engine.pull_read(dst)
}
}