diff --git a/Cargo.lock b/Cargo.lock new file mode 100644 index 0000000..130407d --- /dev/null +++ b/Cargo.lock @@ -0,0 +1,414 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 3 + +[[package]] +name = "aho-corasick" +version = "0.7.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b4f55bd91a0978cbfd91c457a164bab8b4001c833b7f323132c0a4e1922dd44e" +dependencies = [ + "memchr", +] + +[[package]] +name = "atty" +version = "0.2.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8" +dependencies = [ + "hermit-abi", + "libc", + "winapi", +] + +[[package]] +name = "autocfg" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" + +[[package]] +name = "bearssl" +version = "0.0.2-pre.0" +dependencies = [ + "bearssl-sys", + "libc", + "rand_core", + "zeroize", +] + +[[package]] +name = "bearssl-sys" +version = "0.0.5-pre.0" +dependencies = [ + "bindgen", + "cc", + "libc", +] + +[[package]] +name = "bindgen" +version = "0.60.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "062dddbc1ba4aca46de6338e2bf87771414c335f7b2f2036e8f3e9befebf88e6" +dependencies = [ + "bitflags", + "cexpr", + "clang-sys", + "clap", + "env_logger", + "lazy_static", + "lazycell", + "log", + "peeking_take_while", + "proc-macro2", + "quote", + "regex", + "rustc-hash", + "shlex", + "which", +] + +[[package]] +name = "bitflags" +version = "1.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" + +[[package]] +name = "cc" +version = "1.0.73" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2fff2a6927b3bb87f9595d67196a70493f627687a71d87a0d692242c33f58c11" + +[[package]] +name = "cexpr" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766" +dependencies = [ + "nom", +] + +[[package]] +name = "cfg-if" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" + +[[package]] +name = "clang-sys" +version = "1.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5a050e2153c5be08febd6734e29298e844fdb0fa21aeddd63b4eb7baa106c69b" +dependencies = [ + "glob", + "libc", + "libloading", +] + +[[package]] +name = "clap" +version = "3.2.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "23b71c3ce99b7611011217b366d923f1d0a7e07a92bb2dbf1e84508c673ca3bd" +dependencies = [ + "atty", + "bitflags", + "clap_lex", + "indexmap", + "strsim", + "termcolor", + "textwrap", +] + +[[package]] +name = "clap_lex" +version = "0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2850f2f5a82cbf437dd5af4d49848fbdfc27c157c3d010345776f952765261c5" +dependencies = [ + "os_str_bytes", +] + +[[package]] +name = "either" +version = "1.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "90e5c1c8368803113bf0c9584fc495a58b86dc8a29edbf8fe877d21d9507e797" + +[[package]] +name = "env_logger" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b2cf0344971ee6c64c31be0d530793fba457d322dfec2810c453d0ef228f9c3" +dependencies = [ + "atty", + "humantime", + "log", + "regex", + "termcolor", +] + +[[package]] +name = "getrandom" +version = "0.2.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4eb1a864a501629691edf6c15a593b7a51eebaa1e8468e9ddc623de7c9b58ec6" +dependencies = [ + "cfg-if", + "libc", + "wasi", +] + +[[package]] +name = "glob" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b919933a397b79c37e33b77bb2aa3dc8eb6e165ad809e58ff75bc7db2e34574" + +[[package]] +name = "hashbrown" +version = "0.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" + +[[package]] +name = "hermit-abi" +version = "0.1.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "62b467343b94ba476dcb2500d242dadbb39557df889310ac77c5d99100aaac33" +dependencies = [ + "libc", +] + +[[package]] +name = "humantime" +version = "2.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" + +[[package]] +name = "indexmap" +version = "1.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "10a35a97730320ffe8e2d410b5d3b69279b98d2c14bdb8b70ea89ecf7888d41e" +dependencies = [ + "autocfg", + "hashbrown", +] + +[[package]] +name = "lazy_static" +version = "1.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" + +[[package]] +name = "lazycell" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" + +[[package]] +name = "libc" +version = "0.2.132" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8371e4e5341c3a96db127eb2465ac681ced4c433e01dd0e938adbef26ba93ba5" + +[[package]] +name = "libloading" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "efbc0f03f9a775e9f6aed295c6a1ba2253c5757a9e03d55c6caa46a681abcddd" +dependencies = [ + "cfg-if", + "winapi", +] + +[[package]] +name = "log" +version = "0.4.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e" +dependencies = [ + "cfg-if", +] + +[[package]] +name = "memchr" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d" + +[[package]] +name = "minimal-lexical" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" + +[[package]] +name = "nom" +version = "7.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a8903e5a29a317527874d0402f867152a3d21c908bb0b933e416c65e301d4c36" +dependencies = [ + "memchr", + "minimal-lexical", +] + +[[package]] +name = "once_cell" +version = "1.14.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2f7254b99e31cad77da24b08ebf628882739a608578bb1bcdfc1f9c21260d7c0" + +[[package]] +name = "os_str_bytes" +version = "6.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ff7415e9ae3fff1225851df9e0d9e4e5479f947619774677a63572e55e80eff" + +[[package]] +name = "peeking_take_while" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "19b17cddbe7ec3f8bc800887bab5e717348c95ea2ca0b1bf0837fb964dc67099" + +[[package]] +name = "proc-macro2" +version = "1.0.43" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0a2ca2c61bc9f3d74d2886294ab7b9853abd9c1ad903a3ac7815c58989bb7bab" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "quote" +version = "1.0.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bbe448f377a7d6961e30f5955f9b8d106c3f5e449d493ee1b125c1d43c2b5179" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "rand_core" +version = "0.6.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d34f1408f55294453790c48b2f1ebbb1c5b4b7563eb1f418bcfcfdbb06ebb4e7" +dependencies = [ + "getrandom", +] + +[[package]] +name = "regex" +version = "1.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4c4eb3267174b8c6c2f654116623910a0fef09c4753f8dd83db29c48a0df988b" +dependencies = [ + "aho-corasick", + "memchr", + "regex-syntax", +] + +[[package]] +name = "regex-syntax" +version = "0.6.27" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a3f87b73ce11b1619a3c6332f45341e0047173771e8b8b73f87bfeefb7b56244" + +[[package]] +name = "rustc-hash" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" + +[[package]] +name = "shlex" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "43b2853a4d09f215c24cc5489c992ce46052d359b5109343cbafbf26bc62f8a3" + +[[package]] +name = "strsim" +version = "0.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" + +[[package]] +name = "termcolor" +version = "1.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bab24d30b911b2376f3a13cc2cd443142f0c81dda04c118693e35b3835757755" +dependencies = [ + "winapi-util", +] + +[[package]] +name = "textwrap" +version = "0.15.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b1141d4d61095b28419e22cb0bbf02755f5e54e0526f97f1e3d1d160e60885fb" + +[[package]] +name = "unicode-ident" +version = "1.0.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c4f5b37a154999a8f3f98cc23a628d850e154479cd94decf3414696e12e31aaf" + +[[package]] +name = "wasi" +version = "0.11.0+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" + +[[package]] +name = "which" +version = "4.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1c831fbbee9e129a8cf93e7747a82da9d95ba8e16621cae60ec2cdc849bacb7b" +dependencies = [ + "either", + "libc", + "once_cell", +] + +[[package]] +name = "winapi" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" +dependencies = [ + "winapi-i686-pc-windows-gnu", + "winapi-x86_64-pc-windows-gnu", +] + +[[package]] +name = "winapi-i686-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" + +[[package]] +name = "winapi-util" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178" +dependencies = [ + "winapi", +] + +[[package]] +name = "winapi-x86_64-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" + +[[package]] +name = "zeroize" +version = "1.5.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c394b5bd0c6f669e7275d9c20aa90ae064cb22e75a1cad54e1b34088034b149f" diff --git a/bearssl/CREDITS.md b/bearssl/CREDITS.md index 6e46c20..5d0d4d9 100644 --- a/bearssl/CREDITS.md +++ b/bearssl/CREDITS.md @@ -2,11 +2,10 @@ Here we list the how other projects were utilized and their licenses. - ## Rustls * API Design for connections - - `read_tls` and `write_tls` is utilized except we use byte slices due to being `no_std`. + - `read_tls` and `write_tls` API design is copied pretty much as-is. ``` ISC License (ISC) diff --git a/bearssl/src/engine.rs b/bearssl/src/engine.rs new file mode 100644 index 0000000..dbdc4f3 --- /dev/null +++ b/bearssl/src/engine.rs @@ -0,0 +1 @@ +pub mod tls; diff --git a/bearssl/src/engine/tls.rs b/bearssl/src/engine/tls.rs new file mode 100644 index 0000000..6b8ff00 --- /dev/null +++ b/bearssl/src/engine/tls.rs @@ -0,0 +1,140 @@ +use core::cmp::min; +use core::mem::MaybeUninit; +use core::slice; + +use bearssl_sys::*; + +pub enum Error { + /// A session resumption has been attempted with a distinct version or cipher suite. + SessionResumptionMismatch, + + /// Other side has sent an invalid signature. + BadSignature, + + /// The error code is unknown or not wrapped around yet. + Unknown, +} + +/// TLS engine used by both server and client connections. +#[repr(transparent)] +pub struct TlsEngine { + pub(crate) context: br_ssl_engine_context, +} + +impl TlsEngine { + /// Push some plaintext bytes into engine. + pub fn push_write(&mut self, src: &[u8]) -> Result { + let buf = unsafe { + let mut l = MaybeUninit::::uninit(); + + let b = br_ssl_engine_sendapp_buf(&self.context, l.as_mut_ptr()); + + if b.is_null() { + return Err(Error::Unknown); + } + + slice::from_raw_parts_mut(b, l.assume_init_read()) + }; + + let len = match min(buf.len(), src.len()) { + 0 => return Err(Error::Unknown), + l => l, + }; + + buf[..len].copy_from_slice(&src[..len]); + + unsafe { + br_ssl_engine_sendapp_ack(&mut self.context, len); + } + + Ok(len) + } + + /// Get the TLS record that has wrapped the pushed data. Returns an error or how many bytes of TLS record were written to `dst`. + pub fn pull_write(&mut self, dst: &mut [u8]) -> Result { + let buf = unsafe { + let mut l = MaybeUninit::::uninit(); + + let b = br_ssl_engine_sendrec_buf(&mut self.context, l.as_mut_ptr()); + + if b.is_null() { + return Err(Error::Unknown); + } + + slice::from_raw_parts(b, l.assume_init_read()) + }; + + let len = match min(buf.len(), dst.len()) { + 0 => return Err(Error::Unknown), + l => l, + }; + + dst[..len].copy_from_slice(&buf[..len]); + + unsafe { + br_ssl_engine_sendrec_ack(&mut self.context, len); + } + + Ok(len) + } + + /// Push incoming TLS record to be decrypted. + pub fn push_read(&mut self, src: &[u8]) -> Result { + let buf = unsafe { + let mut l = MaybeUninit::::uninit(); + + let b = br_ssl_engine_recvrec_buf(&mut self.context, l.as_mut_ptr()); + + if b.is_null() { + return Err(Error::Unknown); + } + + slice::from_raw_parts_mut(b, l.assume_init_read()) + }; + + let len = match min(buf.len(), src.len()) { + 0 => return Err(Error::Unknown), + l => l, + }; + + buf[..len].copy_from_slice(&src[..len]); + + unsafe { + br_ssl_engine_recvrec_ack(&mut self.context, len); + } + + Ok(len) + } + + /// Get the application data pushed before. + pub fn pull_read(&mut self, dst: &mut [u8]) -> Result { + let buf = unsafe { + let mut l = MaybeUninit::::uninit(); + + let b = br_ssl_engine_recvapp_buf(&mut self.context, l.as_mut_ptr()); + + if b.is_null() { + return Err(Error::Unknown); + } + + slice::from_raw_parts(b, l.assume_init_read()) + }; + + let len = match min(buf.len(), dst.len()) { + 0 => return Err(Error::Unknown), + l => l, + }; + + dst[..len].copy_from_slice(&buf[..len]); + + unsafe { + br_ssl_engine_recvapp_ack(&mut self.context, len); + } + + Ok(len) + } + + pub fn shutdown_recieved(&self) -> bool { + self.context.shutdown_recv != 0 + } +} diff --git a/bearssl/src/io.rs b/bearssl/src/io.rs deleted file mode 100644 index 8c613c8..0000000 --- a/bearssl/src/io.rs +++ /dev/null @@ -1,25 +0,0 @@ -use core::ffi::c_void; - -use bearssl_sys::*; -use libc::{c_int, c_uchar}; - -pub trait HazardReadCallback { - /// Callback made by the SSL I/O context. - extern "C" fn read(ctx: *mut c_void, data: *mut c_uchar, len: usize) -> c_int; - - /// Get the context to be used in the callback. - unsafe fn get_context(&self) -> *mut c_void; -} - -pub trait HazardWriteCallback { - /// Callback made by the SSL I/O context. - extern "C" fn write(ctx: *mut c_void, data: *const c_uchar, len: usize) -> c_int; - - /// Get the context to be used in the callback. - unsafe fn get_context(&self) -> *mut c_void; -} - -#[repr(transparent)] -pub struct TlsIo { - context: br_sslio_context, -} diff --git a/bearssl/src/lib.rs b/bearssl/src/lib.rs index 5cf6dbe..77e8525 100644 --- a/bearssl/src/lib.rs +++ b/bearssl/src/lib.rs @@ -3,7 +3,7 @@ #[cfg(feature = "std")] extern crate std; -pub mod io; +pub mod engine; pub mod profile; pub mod rsa; pub mod server; diff --git a/bearssl/src/server/conn.rs b/bearssl/src/server/conn.rs index e70e912..f65b836 100644 --- a/bearssl/src/server/conn.rs +++ b/bearssl/src/server/conn.rs @@ -1,7 +1,9 @@ use core::marker::PhantomData; +use core::mem::transmute; use bearssl_sys::*; +use crate::engine::tls; use crate::x509::cert::X509Certificate; /// Represents a connected client. @@ -12,5 +14,27 @@ pub struct ServerConnection<'a> { } impl<'a> ServerConnection<'a> { - pub fn push_bytes(&self, data: &[u8]) {} + pub fn push_write(&mut self, src: &[u8]) -> Result { + let engine: &mut tls::TlsEngine = unsafe { transmute(&mut self.context.eng) }; + + engine.push_write(src) + } + + pub fn pull_write(&mut self, dst: &mut [u8]) -> Result { + let engine: &mut tls::TlsEngine = unsafe { transmute(&mut self.context.eng) }; + + engine.pull_write(dst) + } + + pub fn push_read(&mut self, src: &[u8]) -> Result { + let engine: &mut tls::TlsEngine = unsafe { transmute(&mut self.context.eng) }; + + engine.push_read(src) + } + + pub fn pull_read(&mut self, dst: &mut [u8]) -> Result { + let engine: &mut tls::TlsEngine = unsafe { transmute(&mut self.context.eng) }; + + engine.pull_read(dst) + } }