tokio-boring 5.0.0

An implementation of SSL streams for Tokio backed by BoringSSL
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112

#![allow(dead_code)]

use boring::error::ErrorStack;
use boring::ssl::{
    SslAcceptor, SslAcceptorBuilder, SslConnector, SslConnectorBuilder, SslFiletype, SslMethod,
};
use futures::future::{self, Future};
use std::net::SocketAddr;
use std::pin::Pin;
use tokio::io::{AsyncReadExt, AsyncWrite, AsyncWriteExt};
use tokio::net::{TcpListener, TcpStream};
use tokio_boring::{HandshakeError, SslStream};

pub(crate) fn create_server(
    setup: impl FnOnce(&mut SslAcceptorBuilder),
) -> (
    impl Future<Output = Result<SslStream<TcpStream>, HandshakeError<TcpStream>>>,
    SocketAddr,
) {
    let (listener, addr) = create_listener();

    let server = async move {
        let acceptor = create_acceptor(setup);

        let stream = listener.accept().await.unwrap().0;

        tokio_boring::accept(&acceptor, stream).await
    };

    (server, addr)
}

pub(crate) fn create_listener() -> (TcpListener, SocketAddr) {
    let listener = std::net::TcpListener::bind("127.0.0.1:0").unwrap();

    listener.set_nonblocking(true).unwrap();

    let listener = TcpListener::from_std(listener).unwrap();
    let addr = listener.local_addr().unwrap();

    (listener, addr)
}

pub(crate) fn create_acceptor(setup: impl FnOnce(&mut SslAcceptorBuilder)) -> SslAcceptor {
    let mut acceptor = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();

    acceptor
        .set_private_key_file("tests/key.pem", SslFiletype::PEM)
        .unwrap();

    acceptor
        .set_certificate_chain_file("tests/cert.pem")
        .unwrap();

    setup(&mut acceptor);

    acceptor.build()
}

pub(crate) async fn connect(
    addr: SocketAddr,
    setup: impl FnOnce(&mut SslConnectorBuilder) -> Result<(), ErrorStack>,
) -> Result<SslStream<TcpStream>, HandshakeError<TcpStream>> {
    let config = create_connector(setup).configure().unwrap();

    let stream = TcpStream::connect(&addr).await.unwrap();

    tokio_boring::connect(config, "localhost", stream).await
}

pub(crate) fn create_connector(
    setup: impl FnOnce(&mut SslConnectorBuilder) -> Result<(), ErrorStack>,
) -> SslConnector {
    let mut connector = SslConnector::builder(SslMethod::tls()).unwrap();

    setup(&mut connector).unwrap();

    connector.build()
}

pub(crate) async fn with_trivial_client_server_exchange(
    server_setup: impl FnOnce(&mut SslAcceptorBuilder),
) {
    let (stream, addr) = create_server(server_setup);

    let server = async {
        let mut stream = stream.await.unwrap();
        let mut buf = [0; 4];
        stream.read_exact(&mut buf).await.unwrap();
        assert_eq!(&buf, b"asdf");

        stream.write_all(b"jkl;").await.unwrap();

        future::poll_fn(|ctx| Pin::new(&mut stream).poll_shutdown(ctx))
            .await
            .unwrap();
    };

    let client = async {
        let mut stream = connect(addr, |builder| builder.set_ca_file("tests/cert.pem"))
            .await
            .unwrap();

        stream.write_all(b"asdf").await.unwrap();

        let mut buf = vec![];
        stream.read_to_end(&mut buf).await.unwrap();
        assert_eq!(buf, b"jkl;");
    };

    future::join(server, client).await;
}