engine/tls: basic start and replace sslio

* I believe working around `br_sslio_*` isn't worth the effort as the
  same functionality can be done manually with `*_buf` + `*_ack` which
  is used by sslio internally. This will especially be useful when
  wrapping Write/Read traits in std.

* Since both server and client contextes use `br_ssl_engine_context`,
  writing the routines for it removes a lot of future headaches. The
  engines shouldn't be used directly but will be exposed anyway for
  special cases and for having more discoverable errors.

Cargo.lock

@@ -0,0 +1,414 @@
+# This file is automatically @generated by Cargo.
+# It is not intended for manual editing.
+version = 3
+
+[[package]]
+name = "aho-corasick"
+version = "0.7.19"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b4f55bd91a0978cbfd91c457a164bab8b4001c833b7f323132c0a4e1922dd44e"
+dependencies = [
+ "memchr",
+]
+
+[[package]]
+name = "atty"
+version = "0.2.14"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8"
+dependencies = [
+ "hermit-abi",
+ "libc",
+ "winapi",
+]
+
+[[package]]
+name = "autocfg"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa"
+
+[[package]]
+name = "bearssl"
+version = "0.0.2-pre.0"
+dependencies = [
+ "bearssl-sys",
+ "libc",
+ "rand_core",
+ "zeroize",
+]
+
+[[package]]
+name = "bearssl-sys"
+version = "0.0.5-pre.0"
+dependencies = [
+ "bindgen",
+ "cc",
+ "libc",
+]
+
+[[package]]
+name = "bindgen"
+version = "0.60.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "062dddbc1ba4aca46de6338e2bf87771414c335f7b2f2036e8f3e9befebf88e6"
+dependencies = [
+ "bitflags",
+ "cexpr",
+ "clang-sys",
+ "clap",
+ "env_logger",
+ "lazy_static",
+ "lazycell",
+ "log",
+ "peeking_take_while",
+ "proc-macro2",
+ "quote",
+ "regex",
+ "rustc-hash",
+ "shlex",
+ "which",
+]
+
+[[package]]
+name = "bitflags"
+version = "1.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
+
+[[package]]
+name = "cc"
+version = "1.0.73"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2fff2a6927b3bb87f9595d67196a70493f627687a71d87a0d692242c33f58c11"
+
+[[package]]
+name = "cexpr"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766"
+dependencies = [
+ "nom",
+]
+
+[[package]]
+name = "cfg-if"
+version = "1.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
+
+[[package]]
+name = "clang-sys"
+version = "1.3.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5a050e2153c5be08febd6734e29298e844fdb0fa21aeddd63b4eb7baa106c69b"
+dependencies = [
+ "glob",
+ "libc",
+ "libloading",
+]
+
+[[package]]
+name = "clap"
+version = "3.2.20"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "23b71c3ce99b7611011217b366d923f1d0a7e07a92bb2dbf1e84508c673ca3bd"
+dependencies = [
+ "atty",
+ "bitflags",
+ "clap_lex",
+ "indexmap",
+ "strsim",
+ "termcolor",
+ "textwrap",
+]
+
+[[package]]
+name = "clap_lex"
+version = "0.2.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2850f2f5a82cbf437dd5af4d49848fbdfc27c157c3d010345776f952765261c5"
+dependencies = [
+ "os_str_bytes",
+]
+
+[[package]]
+name = "either"
+version = "1.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "90e5c1c8368803113bf0c9584fc495a58b86dc8a29edbf8fe877d21d9507e797"
+
+[[package]]
+name = "env_logger"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0b2cf0344971ee6c64c31be0d530793fba457d322dfec2810c453d0ef228f9c3"
+dependencies = [
+ "atty",
+ "humantime",
+ "log",
+ "regex",
+ "termcolor",
+]
+
+[[package]]
+name = "getrandom"
+version = "0.2.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4eb1a864a501629691edf6c15a593b7a51eebaa1e8468e9ddc623de7c9b58ec6"
+dependencies = [
+ "cfg-if",
+ "libc",
+ "wasi",
+]
+
+[[package]]
+name = "glob"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9b919933a397b79c37e33b77bb2aa3dc8eb6e165ad809e58ff75bc7db2e34574"
+
+[[package]]
+name = "hashbrown"
+version = "0.12.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888"
+
+[[package]]
+name = "hermit-abi"
+version = "0.1.19"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "62b467343b94ba476dcb2500d242dadbb39557df889310ac77c5d99100aaac33"
+dependencies = [
+ "libc",
+]
+
+[[package]]
+name = "humantime"
+version = "2.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4"
+
+[[package]]
+name = "indexmap"
+version = "1.9.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "10a35a97730320ffe8e2d410b5d3b69279b98d2c14bdb8b70ea89ecf7888d41e"
+dependencies = [
+ "autocfg",
+ "hashbrown",
+]
+
+[[package]]
+name = "lazy_static"
+version = "1.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
+
+[[package]]
+name = "lazycell"
+version = "1.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55"
+
+[[package]]
+name = "libc"
+version = "0.2.132"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8371e4e5341c3a96db127eb2465ac681ced4c433e01dd0e938adbef26ba93ba5"
+
+[[package]]
+name = "libloading"
+version = "0.7.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "efbc0f03f9a775e9f6aed295c6a1ba2253c5757a9e03d55c6caa46a681abcddd"
+dependencies = [
+ "cfg-if",
+ "winapi",
+]
+
+[[package]]
+name = "log"
+version = "0.4.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e"
+dependencies = [
+ "cfg-if",
+]
+
+[[package]]
+name = "memchr"
+version = "2.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d"
+
+[[package]]
+name = "minimal-lexical"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
+
+[[package]]
+name = "nom"
+version = "7.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a8903e5a29a317527874d0402f867152a3d21c908bb0b933e416c65e301d4c36"
+dependencies = [
+ "memchr",
+ "minimal-lexical",
+]
+
+[[package]]
+name = "once_cell"
+version = "1.14.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2f7254b99e31cad77da24b08ebf628882739a608578bb1bcdfc1f9c21260d7c0"
+
+[[package]]
+name = "os_str_bytes"
+version = "6.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9ff7415e9ae3fff1225851df9e0d9e4e5479f947619774677a63572e55e80eff"
+
+[[package]]
+name = "peeking_take_while"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "19b17cddbe7ec3f8bc800887bab5e717348c95ea2ca0b1bf0837fb964dc67099"
+
+[[package]]
+name = "proc-macro2"
+version = "1.0.43"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0a2ca2c61bc9f3d74d2886294ab7b9853abd9c1ad903a3ac7815c58989bb7bab"
+dependencies = [
+ "unicode-ident",
+]
+
+[[package]]
+name = "quote"
+version = "1.0.21"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bbe448f377a7d6961e30f5955f9b8d106c3f5e449d493ee1b125c1d43c2b5179"
+dependencies = [
+ "proc-macro2",
+]
+
+[[package]]
+name = "rand_core"
+version = "0.6.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d34f1408f55294453790c48b2f1ebbb1c5b4b7563eb1f418bcfcfdbb06ebb4e7"
+dependencies = [
+ "getrandom",
+]
+
+[[package]]
+name = "regex"
+version = "1.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4c4eb3267174b8c6c2f654116623910a0fef09c4753f8dd83db29c48a0df988b"
+dependencies = [
+ "aho-corasick",
+ "memchr",
+ "regex-syntax",
+]
+
+[[package]]
+name = "regex-syntax"
+version = "0.6.27"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a3f87b73ce11b1619a3c6332f45341e0047173771e8b8b73f87bfeefb7b56244"
+
+[[package]]
+name = "rustc-hash"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2"
+
+[[package]]
+name = "shlex"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "43b2853a4d09f215c24cc5489c992ce46052d359b5109343cbafbf26bc62f8a3"
+
+[[package]]
+name = "strsim"
+version = "0.10.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623"
+
+[[package]]
+name = "termcolor"
+version = "1.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bab24d30b911b2376f3a13cc2cd443142f0c81dda04c118693e35b3835757755"
+dependencies = [
+ "winapi-util",
+]
+
+[[package]]
+name = "textwrap"
+version = "0.15.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b1141d4d61095b28419e22cb0bbf02755f5e54e0526f97f1e3d1d160e60885fb"
+
+[[package]]
+name = "unicode-ident"
+version = "1.0.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c4f5b37a154999a8f3f98cc23a628d850e154479cd94decf3414696e12e31aaf"
+
+[[package]]
+name = "wasi"
+version = "0.11.0+wasi-snapshot-preview1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
+
+[[package]]
+name = "which"
+version = "4.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1c831fbbee9e129a8cf93e7747a82da9d95ba8e16621cae60ec2cdc849bacb7b"
+dependencies = [
+ "either",
+ "libc",
+ "once_cell",
+]
+
+[[package]]
+name = "winapi"
+version = "0.3.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
+dependencies = [
+ "winapi-i686-pc-windows-gnu",
+ "winapi-x86_64-pc-windows-gnu",
+]
+
+[[package]]
+name = "winapi-i686-pc-windows-gnu"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
+
+[[package]]
+name = "winapi-util"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178"
+dependencies = [
+ "winapi",
+]
+
+[[package]]
+name = "winapi-x86_64-pc-windows-gnu"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
+
+[[package]]
+name = "zeroize"
+version = "1.5.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c394b5bd0c6f669e7275d9c20aa90ae064cb22e75a1cad54e1b34088034b149f"

bearssl/CREDITS.md

@@ -2,11 +2,10 @@
 
 Here we list the how other projects were utilized and their licenses.
 
-
 ## Rustls
 
 * API Design for connections
-    - `read_tls` and `write_tls` is utilized except we use byte slices due to being `no_std`.
+    - `read_tls` and `write_tls` API design is copied pretty much as-is.
 
 ```
 ISC License (ISC)

bearssl/src/engine.rs

@@ -0,0 +1 @@
+pub mod tls;

bearssl/src/engine/tls.rs

@@ -0,0 +1,140 @@
+use core::cmp::min;
+use core::mem::MaybeUninit;
+use core::slice;
+
+use bearssl_sys::*;
+
+pub enum Error {
+    /// A session resumption has been attempted with a distinct version or cipher suite.
+    SessionResumptionMismatch,
+
+    /// Other side has sent an invalid signature.
+    BadSignature,
+
+    /// The error code is unknown or not wrapped around yet.
+    Unknown,
+}
+
+/// TLS engine used by both server and client connections.
+#[repr(transparent)]
+pub struct TlsEngine {
+    pub(crate) context: br_ssl_engine_context,
+}
+
+impl TlsEngine {
+    /// Push some plaintext bytes into engine.
+    pub fn push_write(&mut self, src: &[u8]) -> Result<usize, Error> {
+        let buf = unsafe {
+            let mut l = MaybeUninit::<usize>::uninit();
+
+            let b = br_ssl_engine_sendapp_buf(&self.context, l.as_mut_ptr());
+
+            if b.is_null() {
+                return Err(Error::Unknown);
+            }
+
+            slice::from_raw_parts_mut(b, l.assume_init_read())
+        };
+
+        let len = match min(buf.len(), src.len()) {
+            0 => return Err(Error::Unknown),
+            l => l,
+        };
+
+        buf[..len].copy_from_slice(&src[..len]);
+
+        unsafe {
+            br_ssl_engine_sendapp_ack(&mut self.context, len);
+        }
+
+        Ok(len)
+    }
+
+    /// Get the TLS record that has wrapped the pushed data. Returns an error or how many bytes of TLS record were written to `dst`.
+    pub fn pull_write(&mut self, dst: &mut [u8]) -> Result<usize, Error> {
+        let buf = unsafe {
+            let mut l = MaybeUninit::<usize>::uninit();
+
+            let b = br_ssl_engine_sendrec_buf(&mut self.context, l.as_mut_ptr());
+
+            if b.is_null() {
+                return Err(Error::Unknown);
+            }
+
+            slice::from_raw_parts(b, l.assume_init_read())
+        };
+
+        let len = match min(buf.len(), dst.len()) {
+            0 => return Err(Error::Unknown),
+            l => l,
+        };
+
+        dst[..len].copy_from_slice(&buf[..len]);
+
+        unsafe {
+            br_ssl_engine_sendrec_ack(&mut self.context, len);
+        }
+
+        Ok(len)
+    }
+
+    /// Push incoming TLS record to be decrypted.
+    pub fn push_read(&mut self, src: &[u8]) -> Result<usize, Error> {
+        let buf = unsafe {
+            let mut l = MaybeUninit::<usize>::uninit();
+
+            let b = br_ssl_engine_recvrec_buf(&mut self.context, l.as_mut_ptr());
+
+            if b.is_null() {
+                return Err(Error::Unknown);
+            }
+
+            slice::from_raw_parts_mut(b, l.assume_init_read())
+        };
+
+        let len = match min(buf.len(), src.len()) {
+            0 => return Err(Error::Unknown),
+            l => l,
+        };
+
+        buf[..len].copy_from_slice(&src[..len]);
+
+        unsafe {
+            br_ssl_engine_recvrec_ack(&mut self.context, len);
+        }
+
+        Ok(len)
+    }
+
+    /// Get the application data pushed before.
+    pub fn pull_read(&mut self, dst: &mut [u8]) -> Result<usize, Error> {
+        let buf = unsafe {
+            let mut l = MaybeUninit::<usize>::uninit();
+
+            let b = br_ssl_engine_recvapp_buf(&mut self.context, l.as_mut_ptr());
+
+            if b.is_null() {
+                return Err(Error::Unknown);
+            }
+
+            slice::from_raw_parts(b, l.assume_init_read())
+        };
+
+        let len = match min(buf.len(), dst.len()) {
+            0 => return Err(Error::Unknown),
+            l => l,
+        };
+
+        dst[..len].copy_from_slice(&buf[..len]);
+
+        unsafe {
+            br_ssl_engine_recvapp_ack(&mut self.context, len);
+        }
+
+        Ok(len)
+    }
+
+    pub fn shutdown_recieved(&self) -> bool {
+        self.context.shutdown_recv != 0
+    }
+}

bearssl/src/io.rs

@@ -1,25 +0,0 @@
-use core::ffi::c_void;
-
-use bearssl_sys::*;
-use libc::{c_int, c_uchar};
-
-pub trait HazardReadCallback {
-    /// Callback made by the SSL I/O context.
-    extern "C" fn read(ctx: *mut c_void, data: *mut c_uchar, len: usize) -> c_int;
-
-    /// Get the context to be used in the callback.
-    unsafe fn get_context(&self) -> *mut c_void;
-}
-
-pub trait HazardWriteCallback {
-    /// Callback made by the SSL I/O context.
-    extern "C" fn write(ctx: *mut c_void, data: *const c_uchar, len: usize) -> c_int;
-
-    /// Get the context to be used in the callback.
-    unsafe fn get_context(&self) -> *mut c_void;
-}
-
-#[repr(transparent)]
-pub struct TlsIo {
-    context: br_sslio_context,
-}

bearssl/src/lib.rs

@@ -3,7 +3,7 @@
 #[cfg(feature = "std")]
 extern crate std;
 
-pub mod io;
+pub mod engine;
 pub mod profile;
 pub mod rsa;
 pub mod server;

bearssl/src/server/conn.rs

@@ -1,7 +1,9 @@
 use core::marker::PhantomData;
+use core::mem::transmute;
 
 use bearssl_sys::*;
 
+use crate::engine::tls;
 use crate::x509::cert::X509Certificate;
 
 /// Represents a connected client.
@@ -12,5 +14,27 @@ pub struct ServerConnection<'a> {
 }
 
 impl<'a> ServerConnection<'a> {
-    pub fn push_bytes(&self, data: &[u8]) {}
+    pub fn push_write(&mut self, src: &[u8]) -> Result<usize, tls::Error> {
+        let engine: &mut tls::TlsEngine = unsafe { transmute(&mut self.context.eng) };
+
+        engine.push_write(src)
+    }
+
+    pub fn pull_write(&mut self, dst: &mut [u8]) -> Result<usize, tls::Error> {
+        let engine: &mut tls::TlsEngine = unsafe { transmute(&mut self.context.eng) };
+
+        engine.pull_write(dst)
+    }
+
+    pub fn push_read(&mut self, src: &[u8]) -> Result<usize, tls::Error> {
+        let engine: &mut tls::TlsEngine = unsafe { transmute(&mut self.context.eng) };
+
+        engine.push_read(src)
+    }
+
+    pub fn pull_read(&mut self, dst: &mut [u8]) -> Result<usize, tls::Error> {
+        let engine: &mut tls::TlsEngine = unsafe { transmute(&mut self.context.eng) };
+
+        engine.pull_read(dst)
+    }
 }