tokio-aws-lc 0.2.0

Tokio-friendly TLS server and client built directly on aws-lc-sys, with optional Linux kTLS offload.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86

//! TLS echo server built on [`TlsAcceptor`].
//!
//! Accepts each connection, reads bytes until the peer closes the write
//! half, and echoes them back. Each connection is handled in its own
//! Tokio task.
//!
//! Run with the bundled test fixtures:
//!
//! ```sh
//! cargo run --example echo-server -- 127.0.0.1:8443 \
//!     tests/data/cert.pem tests/data/key.pem
//! ```
//!
//! Then talk to it from another terminal:
//!
//! ```sh
//! openssl s_client -connect 127.0.0.1:8443 -servername localhost \
//!     -CAfile tests/data/cert.pem -quiet
//! ```

use std::env;
use std::path::PathBuf;
use std::sync::Arc;

use tokio::io::{AsyncReadExt, AsyncWriteExt};
use tokio::net::TcpListener;
use tokio_aws_lc::{ServerConfig, TlsAcceptor};

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let mut args = env::args().skip(1);
    let bind: String = args.next().unwrap_or_else(|| "127.0.0.1:8443".into());
    let cert: PathBuf = args
        .next()
        .map_or_else(|| PathBuf::from("tests/data/cert.pem"), PathBuf::from);
    let key: PathBuf = args
        .next()
        .map_or_else(|| PathBuf::from("tests/data/key.pem"), PathBuf::from);

    let cfg = Arc::new(
        ServerConfig::builder()
            .alpn_protocols(&[b"echo/1"])
            .with_pem_files(&cert, &key)?,
    );
    let acceptor = TlsAcceptor::new(cfg);

    let listener = TcpListener::bind(&bind).await?;
    eprintln!("echo-server listening on {bind}");

    loop {
        let (tcp, peer) = listener.accept().await?;
        let acceptor = acceptor.clone();
        tokio::spawn(async move {
            match acceptor.accept(tcp).await {
                Ok(mut tls) => {
                    let neg = tls.negotiated();
                    eprintln!(
                        "{peer}: handshake ok ({} / {}, alpn={:?})",
                        neg.version(),
                        neg.cipher(),
                        neg.alpn().map(String::from_utf8_lossy),
                    );
                    if let Err(e) = echo(&mut tls).await {
                        eprintln!("{peer}: io error: {e}");
                    }
                    let _ = tls.shutdown().await;
                }
                Err(e) => eprintln!("{peer}: handshake failed: {e}"),
            }
        });
    }
}

async fn echo<S>(stream: &mut S) -> std::io::Result<()>
where
    S: AsyncReadExt + AsyncWriteExt + Unpin,
{
    let mut buf = [0u8; 4096];
    loop {
        let n = stream.read(&mut buf).await?;
        if n == 0 {
            return Ok(());
        }
        stream.write_all(&buf[..n]).await?;
    }
}