diff --git a/.github/workflows/macos-build.yml b/.github/workflows/macos-build.yml new file mode 100644 index 0000000..e4dbb88 --- /dev/null +++ b/.github/workflows/macos-build.yml @@ -0,0 +1,61 @@ +name: macOS Build and Test + +on: + push: + branches: [ '*' ] + pull_request: + branches: [ '*' ] + +jobs: + macos-build: + name: Build and Test (macOS) + runs-on: macos-latest + steps: + - uses: actions/checkout@v4 + + - name: Install Build Prerequisites + run: | + brew install autoconf libtool automake + + - name: Install Rust + uses: dtolnay/rust-toolchain@master + with: + toolchain: stable + components: rustfmt, clippy + + - name: Cache Rust dependencies + uses: actions/cache@v3 + with: + path: | + ~/.cargo/registry + ~/.cargo/git + target + key: macos-cargo-${{ hashFiles('**/Cargo.lock') }} + restore-keys: | + macos-cargo- + + - name: Build and Test wolfcrypt-rs + run: | + cd wolfcrypt-rs + make build + make test + + - name: Build and Test rustls-wolfcrypt-provider + run: | + cd rustls-wolfcrypt-provider + make build + make test + + - name: Check formatting + run: | + cd wolfcrypt-rs + cargo fmt --all -- --check + cd ../rustls-wolfcrypt-provider + cargo fmt --all -- --check + + - name: Run clippy + run: | + cd wolfcrypt-rs + cargo clippy -- -D warnings + cd ../rustls-wolfcrypt-provider + cargo clippy -- -D warnings diff --git a/.github/workflows/ubuntu-build.yml b/.github/workflows/ubuntu-build.yml new file mode 100644 index 0000000..f9656bc --- /dev/null +++ b/.github/workflows/ubuntu-build.yml @@ -0,0 +1,62 @@ +name: Ubuntu Build and Test + +on: + push: + branches: [ '*' ] + pull_request: + branches: [ '*' ] + +jobs: + ubuntu-build: + name: Build and Test (Ubuntu) + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Install Build Prerequisites + run: | + sudo apt-get update + sudo apt-get install -y build-essential autoconf libtool + + - name: Install Rust + uses: dtolnay/rust-toolchain@master + with: + toolchain: stable + components: rustfmt, clippy + + - name: Cache Rust dependencies + uses: actions/cache@v3 + with: + path: | + ~/.cargo/registry + ~/.cargo/git + target + key: ubuntu-cargo-${{ hashFiles('**/Cargo.lock') }} + restore-keys: | + ubuntu-cargo- + + - name: Build and Test wolfcrypt-rs + run: | + cd wolfcrypt-rs + make build + make test + + - name: Build and Test rustls-wolfcrypt-provider + run: | + cd rustls-wolfcrypt-provider + make build + make test + + - name: Check formatting + run: | + cd wolfcrypt-rs + cargo fmt --all -- --check + cd ../rustls-wolfcrypt-provider + cargo fmt --all -- --check + + - name: Run clippy + run: | + cd wolfcrypt-rs + cargo clippy -- -D warnings + cd ../rustls-wolfcrypt-provider + cargo clippy -- -D warnings diff --git a/rustls-wolfcrypt-provider/src/aead/aes128gcm.rs b/rustls-wolfcrypt-provider/src/aead/aes128gcm.rs index 84e1659..e72604a 100644 --- a/rustls-wolfcrypt-provider/src/aead/aes128gcm.rs +++ b/rustls-wolfcrypt-provider/src/aead/aes128gcm.rs @@ -1,5 +1,5 @@ use crate::error::check_if_zero; -use crate::types::types::*; +use crate::types::*; use alloc::boxed::Box; use alloc::vec; use core::mem; diff --git a/rustls-wolfcrypt-provider/src/aead/aes256gcm.rs b/rustls-wolfcrypt-provider/src/aead/aes256gcm.rs index d353fec..a9c9113 100644 --- a/rustls-wolfcrypt-provider/src/aead/aes256gcm.rs +++ b/rustls-wolfcrypt-provider/src/aead/aes256gcm.rs @@ -1,5 +1,5 @@ use crate::error::check_if_zero; -use crate::types::types::*; +use crate::types::*; use alloc::boxed::Box; use alloc::vec; use core::mem; diff --git a/rustls-wolfcrypt-provider/src/hkdf.rs b/rustls-wolfcrypt-provider/src/hkdf.rs index ec54894..21b6c77 100644 --- a/rustls-wolfcrypt-provider/src/hkdf.rs +++ b/rustls-wolfcrypt-provider/src/hkdf.rs @@ -1,12 +1,12 @@ -use rustls::crypto::tls13::{self, Hkdf as RustlsHkdf}; use alloc::boxed::Box; use alloc::vec; -use core::mem; use alloc::vec::Vec; +use core::mem; +use rustls::crypto::tls13::{self, Hkdf as RustlsHkdf}; use wolfcrypt_rs::*; use crate::error::check_if_zero; -use crate::hmac::hmac::WCShaHmac; +use crate::hmac::WCShaHmac; pub struct WCHkdfUsingHmac(pub WCShaHmac); @@ -42,7 +42,11 @@ impl RustlsHkdf for WCHkdfUsingHmac { }; check_if_zero(ret).unwrap(); - Box::new(WolfHkdfExpander::new(extracted_key, self.0.hash_type().try_into().unwrap(), self.0.hash_len())) + Box::new(WolfHkdfExpander::new( + extracted_key, + self.0.hash_type().try_into().unwrap(), + self.0.hash_len(), + )) } fn expander_for_okm( @@ -74,28 +78,13 @@ impl RustlsHkdf for WCHkdfUsingHmac { }; check_if_zero(ret).unwrap(); - ret = unsafe { - wc_HmacUpdate( - &mut hmac_ctx, - message.as_ptr(), - message.len() as u32, - ) - }; + ret = unsafe { wc_HmacUpdate(&mut hmac_ctx, message.as_ptr(), message.len() as u32) }; check_if_zero(ret).unwrap(); - ret = unsafe { - wc_HmacFinal( - &mut hmac_ctx, - hmac.as_mut_ptr(), - ) - }; + ret = unsafe { wc_HmacFinal(&mut hmac_ctx, hmac.as_mut_ptr()) }; check_if_zero(ret).unwrap(); - unsafe { - wc_HmacFree( - &mut hmac_ctx, - ) - }; + unsafe { wc_HmacFree(&mut hmac_ctx) }; check_if_zero(ret).unwrap(); rustls::crypto::hmac::Tag::new(&hmac) @@ -104,9 +93,9 @@ impl RustlsHkdf for WCHkdfUsingHmac { /// Expander implementation that holds the extracted key material from HKDF extract phase struct WolfHkdfExpander { - extracted_key: Vec, // The pseudorandom key (PRK) output from HKDF-Extract + extracted_key: Vec, // The pseudorandom key (PRK) output from HKDF-Extract hash_type: i32, // The wolfSSL hash algorithm identifier - hash_len: usize, // Length of the hash function output + hash_len: usize, // Length of the hash function output } impl WolfHkdfExpander { @@ -126,7 +115,7 @@ impl tls13::HkdfExpander for WolfHkdfExpander { output: &mut [u8], ) -> Result<(), tls13::OutputLengthError> { let info_concat = info.concat(); - + if output.len() > 255 * self.hash_len { return Err(tls13::OutputLengthError); } @@ -142,7 +131,7 @@ impl tls13::HkdfExpander for WolfHkdfExpander { output.len() as u32, ); } - + Ok(()) } @@ -179,10 +168,10 @@ mod tests { let hkdf = WCHkdfUsingHmac(WCShaHmac::new(wc_HashType_WC_HASH_TYPE_SHA256)); let expander = hkdf.extract_from_secret(Some(&salt), &ikm); - + let mut okm = vec![0u8; 42]; // Length from test vector expander.expand_slice(&[&info], &mut okm).unwrap(); - + assert_eq!(&okm[..], &expected_okm[..]); } @@ -194,13 +183,13 @@ mod tests { let ikm = hex!("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"); let salt = hex!("000102030405060708090a0b0c"); let info = hex!("f0f1f2f3f4f5f6f7f8f9"); - + let hkdf = WCHkdfUsingHmac(WCShaHmac::new(wc_HashType_WC_HASH_TYPE_SHA384)); let expander = hkdf.extract_from_secret(Some(&salt), &ikm); - + let mut okm = vec![0u8; 48]; // SHA384 output length expander.expand_slice(&[&info], &mut okm).unwrap(); - + // Just verify we can generate output - actual value would need a verified test vector assert!(!okm.iter().all(|&x| x == 0)); } @@ -211,12 +200,12 @@ mod tests { fn test_hkdf_output_length_limit() { let hkdf = WCHkdfUsingHmac(WCShaHmac::new(wc_HashType_WC_HASH_TYPE_SHA256)); let expander = hkdf.extract_from_zero_ikm(None); - + // Maximum allowed length (255 * hash_len) let max_len = 255 * 32; let mut okm = vec![0u8; max_len]; assert!(expander.expand_slice(&[&[]], &mut okm).is_ok()); - + // Exceeding maximum length should fail let mut okm = vec![0u8; max_len + 1]; assert!(expander.expand_slice(&[&[]], &mut okm).is_err()); @@ -229,17 +218,17 @@ mod tests { let hkdf = WCHkdfUsingHmac(WCShaHmac::new(wc_HashType_WC_HASH_TYPE_SHA256)); let salt = hex!("000102030405060708090a0b0c"); let info = hex!("f0f1f2f3f4f5f6f7f8f9"); - + let expander = hkdf.extract_from_zero_ikm(Some(&salt)); - + let mut okm1 = vec![0u8; 32]; expander.expand_slice(&[&info], &mut okm1).unwrap(); - + // Verify that zero IKM produces consistent output let expander2 = hkdf.extract_from_zero_ikm(Some(&salt)); let mut okm2 = vec![0u8; 32]; expander2.expand_slice(&[&info], &mut okm2).unwrap(); - + assert_eq!(okm1, okm2); } @@ -252,22 +241,24 @@ mod tests { let info1 = hex!("f0f1f2f3"); let info2 = hex!("f4f5f6f7"); let info3 = hex!("f8f9"); - + let expander = hkdf.extract_from_zero_ikm(Some(&salt)); - + // Test with multiple info components let mut okm1 = vec![0u8; 32]; - expander.expand_slice(&[&info1, &info2, &info3], &mut okm1).unwrap(); - + expander + .expand_slice(&[&info1, &info2, &info3], &mut okm1) + .unwrap(); + // Test with concatenated info let mut info_concat = Vec::new(); info_concat.extend_from_slice(&info1); info_concat.extend_from_slice(&info2); info_concat.extend_from_slice(&info3); - + let mut okm2 = vec![0u8; 32]; expander.expand_slice(&[&info_concat], &mut okm2).unwrap(); - + // Results should be identical assert_eq!(okm1, okm2); } diff --git a/rustls-wolfcrypt-provider/src/hmac/hmac.rs b/rustls-wolfcrypt-provider/src/hmac/mod.rs similarity index 86% rename from rustls-wolfcrypt-provider/src/hmac/hmac.rs rename to rustls-wolfcrypt-provider/src/hmac/mod.rs index 980928d..f041ce7 100644 --- a/rustls-wolfcrypt-provider/src/hmac/hmac.rs +++ b/rustls-wolfcrypt-provider/src/hmac/mod.rs @@ -1,5 +1,5 @@ -use crate::{error::check_if_zero, types::types::*}; -use alloc::{boxed::Box, vec::Vec, vec}; +use crate::{error::check_if_zero, types::*}; +use alloc::{boxed::Box, vec, vec::Vec}; use core::mem; use foreign_types::ForeignType; use rustls::crypto; @@ -102,24 +102,14 @@ impl WCHmacKey { } fn hmac_update(&self, hmac_object: HmacObject, input: &[u8]) { - let ret = unsafe { - wc_HmacUpdate( - hmac_object.as_ptr(), - input.as_ptr(), - input.len() as word32 - ) - }; + let ret = + unsafe { wc_HmacUpdate(hmac_object.as_ptr(), input.as_ptr(), input.len() as word32) }; check_if_zero(ret).unwrap(); } fn hmac_final(&self, hmac_object: HmacObject) -> Vec { let mut digest = vec![0u8; self.variant.digest_size()]; - let ret = unsafe { - wc_HmacFinal( - hmac_object.as_ptr(), - digest.as_mut_ptr() - ) - }; + let ret = unsafe { wc_HmacFinal(hmac_object.as_ptr(), digest.as_mut_ptr()) }; check_if_zero(ret).unwrap(); digest } diff --git a/rustls-wolfcrypt-provider/src/hmac/sha256hmac.rs b/rustls-wolfcrypt-provider/src/hmac/sha256hmac.rs index a6a9a2f..600947b 100644 --- a/rustls-wolfcrypt-provider/src/hmac/sha256hmac.rs +++ b/rustls-wolfcrypt-provider/src/hmac/sha256hmac.rs @@ -1,4 +1,4 @@ -use crate::{error::check_if_zero, types::types::*}; +use crate::{error::check_if_zero, types::*}; use alloc::boxed::Box; use alloc::vec::Vec; use core::mem; diff --git a/rustls-wolfcrypt-provider/src/hmac/sha384hmac.rs b/rustls-wolfcrypt-provider/src/hmac/sha384hmac.rs index 8c57b28..b0edca0 100644 --- a/rustls-wolfcrypt-provider/src/hmac/sha384hmac.rs +++ b/rustls-wolfcrypt-provider/src/hmac/sha384hmac.rs @@ -1,4 +1,4 @@ -use crate::{error::check_if_zero, types::types::*}; +use crate::{error::check_if_zero, types::*}; use alloc::boxed::Box; use alloc::vec::Vec; use core::mem; diff --git a/rustls-wolfcrypt-provider/src/kx/sec256r1.rs b/rustls-wolfcrypt-provider/src/kx/sec256r1.rs index 1094b55..3376137 100644 --- a/rustls-wolfcrypt-provider/src/kx/sec256r1.rs +++ b/rustls-wolfcrypt-provider/src/kx/sec256r1.rs @@ -1,4 +1,4 @@ -use crate::{error::check_if_zero, types::types::*}; +use crate::{error::check_if_zero, types::*}; use alloc::boxed::Box; use alloc::vec; use alloc::vec::Vec; diff --git a/rustls-wolfcrypt-provider/src/kx/sec384r1.rs b/rustls-wolfcrypt-provider/src/kx/sec384r1.rs index f0265b0..230319b 100644 --- a/rustls-wolfcrypt-provider/src/kx/sec384r1.rs +++ b/rustls-wolfcrypt-provider/src/kx/sec384r1.rs @@ -1,5 +1,5 @@ use crate::error::*; -use crate::types::types::*; +use crate::types::*; use alloc::boxed::Box; use alloc::vec; use alloc::vec::Vec; diff --git a/rustls-wolfcrypt-provider/src/kx/sec521r1.rs b/rustls-wolfcrypt-provider/src/kx/sec521r1.rs index cf4a592..4258ff9 100644 --- a/rustls-wolfcrypt-provider/src/kx/sec521r1.rs +++ b/rustls-wolfcrypt-provider/src/kx/sec521r1.rs @@ -1,4 +1,4 @@ -use crate::{error::check_if_zero, types::types::*}; +use crate::{error::check_if_zero, types::*}; use alloc::boxed::Box; use alloc::vec; use alloc::vec::Vec; diff --git a/rustls-wolfcrypt-provider/src/kx/x25519.rs b/rustls-wolfcrypt-provider/src/kx/x25519.rs index 0ffdf5e..919a45c 100644 --- a/rustls-wolfcrypt-provider/src/kx/x25519.rs +++ b/rustls-wolfcrypt-provider/src/kx/x25519.rs @@ -1,4 +1,4 @@ -use crate::{error::check_if_zero, types::types::*}; +use crate::{error::check_if_zero, types::*}; use alloc::boxed::Box; use alloc::vec::Vec; use core::mem; diff --git a/rustls-wolfcrypt-provider/src/lib.rs b/rustls-wolfcrypt-provider/src/lib.rs index c2e0363..dfeb6f6 100644 --- a/rustls-wolfcrypt-provider/src/lib.rs +++ b/rustls-wolfcrypt-provider/src/lib.rs @@ -12,13 +12,13 @@ use alloc::vec::Vec; use rustls::crypto::CryptoProvider; use rustls::pki_types::PrivateKeyDer; pub mod error; +mod hkdf; mod kx; +mod prf; mod random; mod verify; -mod prf; -mod hkdf; -use crate::prf::WCPrfUsingHmac; use crate::hkdf::WCHkdfUsingHmac; +use crate::prf::WCPrfUsingHmac; pub mod aead { pub mod aes128gcm; pub mod aes256gcm; @@ -38,15 +38,15 @@ pub mod hash { } use crate::hash::{sha256, sha384}; -pub mod hmac { - pub mod hmac; -} +pub mod hmac; -use crate::hmac::hmac::WCShaHmac; +use crate::hmac::WCShaHmac; -pub mod types { - pub mod types; -} +pub mod types; + +type SigningKeyResult = Result, rustls::Error>; +type SigningKeyFn = dyn Fn(&PrivateKeyDer<'static>) -> SigningKeyResult; +type SigningAlgorithms = Vec>; /* * Crypto provider struct that we populate with our own crypto backend (wolfcrypt). @@ -92,13 +92,7 @@ impl rustls::crypto::KeyProvider for Provider { key_der: PrivateKeyDer<'static>, ) -> Result, rustls::Error> { // Define supported algorithms as closures - let algorithms: Vec< - Box< - dyn Fn( - &PrivateKeyDer<'static>, - ) -> Result, rustls::Error>, - >, - > = vec![ + let algorithms: SigningAlgorithms = vec![ Box::new(|key| { sign::ecdsa::EcdsaSigningKeyP256Sha256Sign::try_from(key).map(|x| Arc::new(x) as _) }), diff --git a/rustls-wolfcrypt-provider/src/prf.rs b/rustls-wolfcrypt-provider/src/prf.rs index 02de190..13a5877 100644 --- a/rustls-wolfcrypt-provider/src/prf.rs +++ b/rustls-wolfcrypt-provider/src/prf.rs @@ -1,10 +1,9 @@ -use rustls::crypto; use alloc::boxed::Box; +use rustls::crypto; use wolfcrypt_rs::*; use crate::error::check_if_zero; -use crate::hmac::hmac::*; - +use crate::hmac::*; pub struct WCPrfUsingHmac(pub WCShaHmac); @@ -18,18 +17,11 @@ impl crypto::tls12::Prf for WCPrfUsingHmac { seed: &[u8], ) -> Result<(), rustls::Error> { let secret = kx.complete(peer_pub_key)?; - Ok(wc_prf(output, secret.secret_bytes(), label, seed, self.0)?) + wc_prf(output, secret.secret_bytes(), label, seed, self.0) } - fn for_secret( - &self, - output: &mut [u8], - secret: &[u8], - label: &[u8], - seed: &[u8] - ) -> () { - wc_prf(output, secret, label, seed, self.0) - .expect("failed to calculate prf in for_secret") + fn for_secret(&self, output: &mut [u8], secret: &[u8], label: &[u8], seed: &[u8]) { + wc_prf(output, secret, label, seed, self.0).expect("failed to calculate prf in for_secret") } } @@ -58,7 +50,7 @@ fn wc_prf( 1, mac_algorithm.try_into().unwrap(), core::ptr::null_mut(), - INVALID_DEVID + INVALID_DEVID, ) }; @@ -73,10 +65,7 @@ mod tests { #[test] fn test_hmac_variants() { - let test_cases = [ - (WCShaHmac::Sha256, 32), - (WCShaHmac::Sha384, 48), - ]; + let test_cases = [(WCShaHmac::Sha256, 32), (WCShaHmac::Sha384, 48)]; for (variant, expected_size) in test_cases { let hmac = variant; diff --git a/rustls-wolfcrypt-provider/src/random.rs b/rustls-wolfcrypt-provider/src/random.rs index e791fc2..ee3940c 100644 --- a/rustls-wolfcrypt-provider/src/random.rs +++ b/rustls-wolfcrypt-provider/src/random.rs @@ -1,5 +1,5 @@ use crate::error::*; -use crate::types::types::*; +use crate::types::*; use core::mem; use foreign_types::ForeignType; use wolfcrypt_rs::*; diff --git a/rustls-wolfcrypt-provider/src/sign/ecdsa.rs b/rustls-wolfcrypt-provider/src/sign/ecdsa.rs index 01b8346..ae54bc2 100644 --- a/rustls-wolfcrypt-provider/src/sign/ecdsa.rs +++ b/rustls-wolfcrypt-provider/src/sign/ecdsa.rs @@ -1,5 +1,5 @@ use crate::error::*; -use crate::types::types::*; +use crate::types::*; use alloc::boxed::Box; use alloc::sync::Arc; use alloc::vec::Vec; @@ -67,11 +67,9 @@ impl TryFrom<&PrivateKeyDer<'_>> for EcdsaSigningKeyP256Sha256Sign { scheme: SignatureScheme::ECDSA_NISTP256_SHA256, }) } - _ => { - return Err(rustls::Error::General( - "Unsupported private key format".into(), - )) - } + _ => Err(rustls::Error::General( + "Unsupported private key format".into(), + )), } } } @@ -208,11 +206,9 @@ impl TryFrom<&PrivateKeyDer<'_>> for EcdsaSigningKeyP384Sha384Sign { scheme: SignatureScheme::ECDSA_NISTP384_SHA384, }) } - _ => { - return Err(rustls::Error::General( - "Unsupported private key format".into(), - )) - } + _ => Err(rustls::Error::General( + "Unsupported private key format".into(), + )), } } } @@ -348,11 +344,9 @@ impl TryFrom<&PrivateKeyDer<'_>> for EcdsaSigningKeyP521Sha512Sign { scheme: SignatureScheme::ECDSA_NISTP521_SHA512, }) } - _ => { - return Err(rustls::Error::General( - "Unsupported private key format".into(), - )) - } + _ => Err(rustls::Error::General( + "Unsupported private key format".into(), + )), } } } diff --git a/rustls-wolfcrypt-provider/src/sign/eddsa.rs b/rustls-wolfcrypt-provider/src/sign/eddsa.rs index 347c229..d055d68 100644 --- a/rustls-wolfcrypt-provider/src/sign/eddsa.rs +++ b/rustls-wolfcrypt-provider/src/sign/eddsa.rs @@ -1,5 +1,5 @@ use crate::error::*; -use crate::types::types::*; +use crate::types::*; use alloc::boxed::Box; use alloc::sync::Arc; use alloc::vec::Vec; @@ -82,11 +82,9 @@ impl TryFrom<&PrivateKeyDer<'_>> for Ed25519PrivateKey { algo: SignatureAlgorithm::ED25519, }) } - _ => { - return Err(rustls::Error::General( - "Unsupported private key format".into(), - )) - } + _ => Err(rustls::Error::General( + "Unsupported private key format".into(), + )), } } } @@ -99,7 +97,7 @@ impl SigningKey for Ed25519PrivateKey { Some(Box::new(Ed25519Signer { priv_key: self.priv_key.clone(), pub_key: self.pub_key.clone(), - scheme: scheme, + scheme, }) as Box) } else { None diff --git a/rustls-wolfcrypt-provider/src/sign/rsapkcs1.rs b/rustls-wolfcrypt-provider/src/sign/rsapkcs1.rs index 58ef1da..ce8746c 100644 --- a/rustls-wolfcrypt-provider/src/sign/rsapkcs1.rs +++ b/rustls-wolfcrypt-provider/src/sign/rsapkcs1.rs @@ -1,5 +1,5 @@ use crate::error::*; -use crate::types::types::*; +use crate::types::*; use alloc::boxed::Box; use alloc::sync::Arc; use alloc::vec::Vec; @@ -41,9 +41,9 @@ impl TryFrom<&PrivateKeyDer<'_>> for RsaPkcs1PrivateKey { let pkcs1: &[u8] = der.secret_pkcs1_der(); let pkcs1_sz: word32 = pkcs1.len() as word32; let mut ret; - let rsa_key_box = Box::new(unsafe { mem::zeroed::() }); - let rsa_key_ptr = Box::into_raw(rsa_key_box); - let rsa_key_object = unsafe { RsaKeyObject::from_ptr(rsa_key_ptr) }; + let rsa_key_box = Box::new(unsafe { mem::zeroed::() }); + let rsa_key_ptr = Box::into_raw(rsa_key_box); + let rsa_key_object = unsafe { RsaKeyObject::from_ptr(rsa_key_ptr) }; ret = unsafe { wc_InitRsaKey(rsa_key_object.as_ptr(), ptr::null_mut()) }; check_if_zero(ret).unwrap(); @@ -66,11 +66,9 @@ impl TryFrom<&PrivateKeyDer<'_>> for RsaPkcs1PrivateKey { algo: SignatureAlgorithm::RSA, }) } - _ => { - return Err(rustls::Error::General( - "Unsupported private key format".into(), - )) - } + _ => Err(rustls::Error::General( + "Unsupported private key format".into(), + )), } } } @@ -82,7 +80,7 @@ impl SigningKey for RsaPkcs1PrivateKey { if offered.contains(&scheme) { Some(Box::new(RsaPkcs1Signer { key: self.get_key(), - scheme: scheme, + scheme, }) as Box) } else { None @@ -115,7 +113,6 @@ impl Signer for RsaPkcs1Signer { let mut sig_len: word32 = sig.len() as word32; let rsa_key_arc = self.get_key(); let rsa_key_object = rsa_key_arc.as_ref(); - let hash_type; // Define Rust-style aliases for binding constants const HASH_TYPE_SHA256: u32 = wc_HashType_WC_HASH_TYPE_SHA256; @@ -123,22 +120,16 @@ impl Signer for RsaPkcs1Signer { const HASH_TYPE_SHA512: u32 = wc_HashType_WC_HASH_TYPE_SHA512; // Determine the hashing algorithm, digest size, and MGF type based on the scheme - match self.scheme { - SignatureScheme::RSA_PKCS1_SHA256 => { - hash_type = HASH_TYPE_SHA256; - } - SignatureScheme::RSA_PKCS1_SHA384 => { - hash_type = HASH_TYPE_SHA384; - } - SignatureScheme::RSA_PKCS1_SHA512 => { - hash_type = HASH_TYPE_SHA512; - } + let hash_type: u32 = match self.scheme { + SignatureScheme::RSA_PKCS1_SHA256 => HASH_TYPE_SHA256, + SignatureScheme::RSA_PKCS1_SHA384 => HASH_TYPE_SHA384, + SignatureScheme::RSA_PKCS1_SHA512 => HASH_TYPE_SHA512, _ => { return Err(rustls::Error::General( "Unsupported signature scheme".into(), )); } - } + }; rng_object.init(); @@ -160,8 +151,7 @@ impl Signer for RsaPkcs1Signer { rng_object.as_ptr(), ) }; - check_if_zero(ret) - .map_err(|_| rustls::Error::General("FFI function failed".into()))?; + check_if_zero(ret).map_err(|_| rustls::Error::General("FFI function failed".into()))?; let sz = unsafe { wc_SignatureGetSize( diff --git a/rustls-wolfcrypt-provider/src/sign/rsapss.rs b/rustls-wolfcrypt-provider/src/sign/rsapss.rs index 89b5f9e..3ae7b4a 100644 --- a/rustls-wolfcrypt-provider/src/sign/rsapss.rs +++ b/rustls-wolfcrypt-provider/src/sign/rsapss.rs @@ -1,5 +1,5 @@ use crate::error::*; -use crate::types::types::*; +use crate::types::*; use alloc::boxed::Box; use alloc::sync::Arc; use alloc::vec; @@ -42,9 +42,9 @@ impl TryFrom<&PrivateKeyDer<'_>> for RsaPssPrivateKey { let pkcs8: &[u8] = der.secret_pkcs8_der(); let pkcs8_sz: word32 = pkcs8.len() as word32; let mut ret; - let rsa_key_box = Box::new(unsafe { mem::zeroed::() }); - let rsa_key_ptr = Box::into_raw(rsa_key_box); - let rsa_key_object = unsafe { RsaKeyObject::from_ptr(rsa_key_ptr) }; + let rsa_key_box = Box::new(unsafe { mem::zeroed::() }); + let rsa_key_ptr = Box::into_raw(rsa_key_box); + let rsa_key_object = unsafe { RsaKeyObject::from_ptr(rsa_key_ptr) }; ret = unsafe { wc_InitRsaKey(rsa_key_object.as_ptr(), ptr::null_mut()) }; check_if_zero(ret).unwrap(); @@ -67,11 +67,9 @@ impl TryFrom<&PrivateKeyDer<'_>> for RsaPssPrivateKey { algo: SignatureAlgorithm::RSA, }) } - _ => { - return Err(rustls::Error::General( - "Unsupported private key format".into(), - )) - } + _ => Err(rustls::Error::General( + "Unsupported private key format".into(), + )), } } } @@ -83,7 +81,7 @@ impl SigningKey for RsaPssPrivateKey { if offered.contains(&scheme) { Some(Box::new(RsaPssSigner { key: self.get_key(), - scheme: scheme, + scheme, }) as Box) } else { None diff --git a/rustls-wolfcrypt-provider/src/types/types.rs b/rustls-wolfcrypt-provider/src/types/mod.rs similarity index 100% rename from rustls-wolfcrypt-provider/src/types/types.rs rename to rustls-wolfcrypt-provider/src/types/mod.rs diff --git a/rustls-wolfcrypt-provider/src/verify/ecdsa.rs b/rustls-wolfcrypt-provider/src/verify/ecdsa.rs index 18c2473..7d76cbf 100644 --- a/rustls-wolfcrypt-provider/src/verify/ecdsa.rs +++ b/rustls-wolfcrypt-provider/src/verify/ecdsa.rs @@ -1,6 +1,6 @@ use crate::{ error::{check_if_one, check_if_zero, WCError}, - types::types::*, + types::*, }; use core::mem; use core::ptr; diff --git a/rustls-wolfcrypt-provider/src/verify/eddsa.rs b/rustls-wolfcrypt-provider/src/verify/eddsa.rs index 771a237..1d5356c 100644 --- a/rustls-wolfcrypt-provider/src/verify/eddsa.rs +++ b/rustls-wolfcrypt-provider/src/verify/eddsa.rs @@ -1,6 +1,6 @@ use crate::{ error::{check_if_one, check_if_zero, WCError}, - types::types::*, + types::*, }; use core::mem; use foreign_types::ForeignType; diff --git a/rustls-wolfcrypt-provider/src/verify/rsapkcs1.rs b/rustls-wolfcrypt-provider/src/verify/rsapkcs1.rs index 52f0814..de28ade 100644 --- a/rustls-wolfcrypt-provider/src/verify/rsapkcs1.rs +++ b/rustls-wolfcrypt-provider/src/verify/rsapkcs1.rs @@ -1,6 +1,6 @@ use crate::error::check_if_zero; use crate::error::*; -use crate::types::types::*; +use crate::types::*; use alloc::vec::Vec; use core::ffi::c_void; use core::mem; @@ -131,7 +131,9 @@ impl SignatureVerificationAlgorithm for RsaPkcs1Sha384Verify { signature.as_ptr(), signature.len() as word32, rsa_key_object.as_ptr() as *const c_void, - mem::size_of_val(&dereferenced_rsa_key_c_type).try_into().unwrap(), + mem::size_of_val(&dereferenced_rsa_key_c_type) + .try_into() + .unwrap(), ) }; @@ -196,7 +198,9 @@ impl SignatureVerificationAlgorithm for RsaPkcs1Sha512Verify { signature.as_ptr(), signature.len() as word32, rsa_key_object.as_ptr() as *const c_void, - mem::size_of_val(&dereferenced_rsa_key_c_type).try_into().unwrap(), + mem::size_of_val(&dereferenced_rsa_key_c_type) + .try_into() + .unwrap(), ) }; diff --git a/rustls-wolfcrypt-provider/src/verify/rsapss.rs b/rustls-wolfcrypt-provider/src/verify/rsapss.rs index a528f57..d5547c0 100644 --- a/rustls-wolfcrypt-provider/src/verify/rsapss.rs +++ b/rustls-wolfcrypt-provider/src/verify/rsapss.rs @@ -1,5 +1,5 @@ use crate::error::*; -use crate::types::types::*; +use crate::types::*; use alloc::vec::Vec; use core::mem; use core::ptr; diff --git a/rustls-wolfcrypt-provider/tests/e2e.rs b/rustls-wolfcrypt-provider/tests/e2e.rs index b0bbccf..9996508 100644 --- a/rustls-wolfcrypt-provider/tests/e2e.rs +++ b/rustls-wolfcrypt-provider/tests/e2e.rs @@ -1,8 +1,10 @@ use foreign_types::ForeignType; +use lazy_static::lazy_static; +use rayon::prelude::*; use rustls::version::{TLS12, TLS13}; use rustls::SignatureScheme; use rustls_wolfcrypt_provider::error::*; -use rustls_wolfcrypt_provider::types::types::*; +use rustls_wolfcrypt_provider::types::*; use rustls_wolfcrypt_provider::{ TLS12_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS12_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS12_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS13_AES_128_GCM_SHA256, @@ -16,10 +18,10 @@ use std::io::{Read, Write}; use std::mem; use std::net::TcpStream; use std::process::{Child, Command}; +use std::sync::Once; use std::sync::{Arc, Mutex}; use std::thread; use wolfcrypt_rs::*; -use lazy_static::lazy_static; /* * Version config used by the server to specify @@ -38,6 +40,21 @@ lazy_static! { static ref SERVER_LOCK: Mutex<()> = Mutex::new(()); } +/* + * Initiliaze the thread pool once for all tests. + * */ +static INIT: Once = Once::new(); + +fn init_thread_pool() { + INIT.call_once(|| { + let num_cpus = num_cpus::get(); + rayon::ThreadPoolBuilder::new() + .num_threads(num_cpus) + .build_global() + .unwrap(); + }); +} + /* * Starts background job for wolfssl server (localhost:4443). * */ @@ -406,10 +423,9 @@ mod tests { ), ]; - for &(scheme, curve_id, key_size) in &test_configs { let mut der_ecc_key: Vec = vec![0; 200]; // Adjust size if needed - // Initialize RNG and ECC key objects + // Initialize RNG and ECC key objects let mut rng: WC_RNG = unsafe { mem::zeroed() }; let rng_object: WCRngObject = WCRngObject::new(&mut rng); rng_object.init(); @@ -544,16 +560,7 @@ mod tests { #[test] fn rsa_pss_sign_and_verify() { - use rayon::prelude::*; - - #[cfg(target_os = "macos")] - { - let num_cpus = num_cpus::get(); - rayon::ThreadPoolBuilder::new() - .num_threads(num_cpus) - .build_global() - .unwrap(); - } + init_thread_pool(); let wolfcrypt_default_provider = rustls_wolfcrypt_provider::provider(); let schemes = [ @@ -564,26 +571,14 @@ mod tests { let test_cases: Vec<_> = schemes .iter() - .flat_map(|&scheme| { - [2048, 4096].iter().map(move |&key_size| (scheme, key_size)) - }) - .collect(); - - #[cfg(target_os = "macos")] - { - test_cases.par_iter().for_each(|&(scheme, key_size)| { - generate_and_test_pss_key(&wolfcrypt_default_provider, scheme, key_size) - .expect(&format!("Failed for scheme {:?} with key size {}", scheme, key_size)); - }); - } + .flat_map(|&scheme| [2048, 4096].iter().map(move |&key_size| (scheme, key_size))) + .collect(); - #[cfg(not(target_os = "macos"))] - { - test_cases.iter().for_each(|&(scheme, key_size)| { - generate_and_test_pss_key(&wolfcrypt_default_provider, scheme, key_size) - .expect(&format!("Failed for scheme {:?} with key size {}", scheme, key_size)); - }); - } + test_cases.par_iter().for_each(|&(scheme, key_size)| { + generate_and_test_pss_key(&wolfcrypt_default_provider, scheme, key_size).expect( + &format!("Failed for scheme {:?} with key size {}", scheme, key_size), + ); + }); } fn generate_and_test_pss_key( @@ -650,7 +645,7 @@ mod tests { #[test] fn rsa_pkcs1_sign_and_verify() { - use rayon::prelude::*; + init_thread_pool(); let wolfcrypt_default_provider = rustls_wolfcrypt_provider::provider(); let test_cases: Vec<_> = [ @@ -658,16 +653,15 @@ mod tests { SignatureScheme::RSA_PKCS1_SHA384, SignatureScheme::RSA_PKCS1_SHA512, ] - .iter() - .flat_map(|&scheme| { - [2048, 4096].iter().map(move |&key_size| (scheme, key_size)) - }) + .iter() + .flat_map(|&scheme| [2048, 4096].iter().map(move |&key_size| (scheme, key_size))) .collect(); test_cases.par_iter().for_each(|&(scheme, key_size)| { - generate_and_test_pkcs1_key(&wolfcrypt_default_provider, scheme, key_size) - .expect(&format!("Failed for scheme {:?} with key size {}", scheme, key_size)); - }); + generate_and_test_pkcs1_key(&wolfcrypt_default_provider, scheme, key_size).expect( + &format!("Failed for scheme {:?} with key size {}", scheme, key_size), + ); + }); } fn generate_and_test_pkcs1_key( @@ -724,7 +718,12 @@ mod tests { check_if_greater_than_zero(ret).unwrap(); pub_key_der.resize(ret as usize, 0); - sign_and_verify(provider, scheme, rustls_private_key.clone_key(), &pub_key_der); + sign_and_verify( + provider, + scheme, + rustls_private_key.clone_key(), + &pub_key_der, + ); Ok(()) } diff --git a/wolfcrypt-rs/build.rs b/wolfcrypt-rs/build.rs index 0fe8a38..e806df9 100644 --- a/wolfcrypt-rs/build.rs +++ b/wolfcrypt-rs/build.rs @@ -1,23 +1,24 @@ extern crate bindgen; use std::env; -use std::path::PathBuf; +use std::fs; use std::path::Path; +use std::path::PathBuf; use std::process::Command; -use std::fs; fn main() { - // We check if the release was already fetched, if not, + // We check if the release was already fetched, if not, // we fetch it and setup it. - if !fs::metadata("wolfssl-5.7.4-stable").is_ok() { + if fs::metadata("wolfssl-5.7.4-stable").is_err() { setup_wolfssl(); } - let wolfssl_lib_dir = Path::new(&"/opt/wolfssl-rs/lib/"); + let wolfssl_lib_dir = Path::new(&"/opt/wolfssl-rs/lib/"); let wolfssl_include_dir = Path::new(&"/opt/wolfssl-rs/include/"); - println!("cargo:rustc-link-search={}", - wolfssl_lib_dir.to_str().unwrap() + println!( + "cargo:rustc-link-search={}", + wolfssl_lib_dir.to_str().unwrap() ); println!("cargo:rustc-link-lib=static=wolfssl"); @@ -99,7 +100,8 @@ fn setup_wolfssl() { println!("make completed successfully."); // Step 8: Execute sudo make install - let output = Command::new("make") + let output = Command::new("sudo") + .arg("make") .arg("install") .output() .expect("Failed to execute sudo make install"); @@ -107,26 +109,43 @@ fn setup_wolfssl() { if output.status.success() { println!("sudo make install completed successfully."); } else { - eprintln!("Error executing sudo make install: {}", String::from_utf8_lossy(&output.stderr)); + eprintln!( + "Error executing sudo make install: {}", + String::from_utf8_lossy(&output.stderr) + ); } } else { - eprintln!("Error executing make: {}", String::from_utf8_lossy(&output.stderr)); + eprintln!( + "Error executing make: {}", + String::from_utf8_lossy(&output.stderr) + ); } } else { - eprintln!("Error executing ./configure: {}", String::from_utf8_lossy(&output.stderr)); + eprintln!( + "Error executing ./configure: {}", + String::from_utf8_lossy(&output.stderr) + ); } } else { - eprintln!("Error executing ./autogen.sh: {}", String::from_utf8_lossy(&output.stderr)); + eprintln!( + "Error executing ./autogen.sh: {}", + String::from_utf8_lossy(&output.stderr) + ); } } } else { - eprintln!("Error unzipping file: {}", String::from_utf8_lossy(&output.stderr)); + eprintln!( + "Error unzipping file: {}", + String::from_utf8_lossy(&output.stderr) + ); } } else { - eprintln!("Error downloading file: {}", String::from_utf8_lossy(&output.stderr)); + eprintln!( + "Error downloading file: {}", + String::from_utf8_lossy(&output.stderr) + ); } - // Final step: we change the directory back to the root directory // to finally generate the bindings. if let Err(e) = env::set_current_dir("../") { diff --git a/wolfcrypt-rs/src/bindings.rs b/wolfcrypt-rs/src/bindings.rs index 065f51f..f4ba0df 100644 --- a/wolfcrypt-rs/src/bindings.rs +++ b/wolfcrypt-rs/src/bindings.rs @@ -9,4 +9,6 @@ #![allow(non_snake_case)] #![allow(clippy::useless_transmute)] #![allow(clippy::upper_case_acronyms)] +#![allow(clippy::too_many_arguments)] +#![allow(improper_ctypes)] include!(concat!(env!("OUT_DIR"), "/bindings.rs")); diff --git a/wolfcrypt-rs/src/lib.rs b/wolfcrypt-rs/src/lib.rs index b94bb8c..1a2a172 100644 --- a/wolfcrypt-rs/src/lib.rs +++ b/wolfcrypt-rs/src/lib.rs @@ -4,9 +4,8 @@ pub use bindings::*; #[cfg(test)] mod tests { use super::*; - use core::mem; use core::ffi::c_int; - + use core::mem; #[test] fn rsa_encrypt_decrypt() { @@ -34,7 +33,12 @@ mod tests { panic!("Error while setting rng to Rsa key! Ret value: {}", ret); } - ret = wc_MakeRsaKey(&mut rsa_key, 2048 as c_int, WC_RSA_EXPONENT.into(), &mut rng); + ret = wc_MakeRsaKey( + &mut rsa_key, + 2048 as c_int, + WC_RSA_EXPONENT.into(), + &mut rng, + ); if ret != 0 { panic!("Error while creating the Rsa Key! Ret value: {}", ret); } @@ -65,9 +69,10 @@ mod tests { } let plain_str = String::from_utf8_lossy(&plain).to_string(); - let input_str = std::ffi::CStr::from_ptr(input.as_mut_ptr() as *const std::os::raw::c_char) - .to_str() - .expect("Failed to convert C string to str"); + let input_str = + std::ffi::CStr::from_ptr(input.as_mut_ptr() as *const std::os::raw::c_char) + .to_str() + .expect("Failed to convert C string to str"); assert_eq!(plain_str.trim_end_matches('\0'), input_str);