Crate portable_rustls

Expand description

§Rustls - a modern TLS library - portable-rustls fork

IMPORTANT NOTICE: regardless of upstream rustls project this fork is NOT CERTIFIED and NOT PEER-REVIEWED - USE AT YOUR OWN RISK

§RECOMMENDED USAGE

RECOMMENDED USAGE OF THIS FORK:

Add dependency on this fork as follows in Cargo.toml:

rustls = { package = "portable-rustls", features=[...], ... }

Then import and use rustls in the code as usual.

(Unlike the original rustls, no features are enabled by default in this fork.)

§targets with no atomic ptr

This fork supports using Arc from portable-atomic-util to support targets with no atomic ptr, with the following requirements:

Must use Rust nightly toolchain.

Must use the following cfg flags in RUSTFLAGS FOR cargo build (etc.):

--cfg portable_atomic_unstable_coerce_unsized
--cfg unstable_portable_atomic_arc

WHEN BUILDING FOR A TARGET WITH NO ATOMIC PTR, NEED TO ADD THE FOLLOWING DEPENDENCIES WITH SPECIFIC FEATURES ENABLED:

add once_cell with portable-atomic feature enabled
add portable-atomic with critical-section or unsafe-assume-single-core feature enabled - see the following for more info & requirements: https://docs.rs/portable-atomic/latest/portable_atomic/#optional-features
possibly more requirements in case of portable-atomic with critical-section for no-std: https://docs.rs/critical-section/latest/critical_section/#usage-in-no-std-binaries

ALSO NEED TO BUILD WITH A CRYPTO PROVIDER FOR THIS CRATE TO BE USEFUL IN GENERAL.

§Additional notes

FIPS support feature is removed from this fork. Any possible vestiges remaining in the API or documentation should be considered non-functional.

§General usage

NOTE: Most of the general usage information below comes directly from the upstream rustls project.

Any major discrepancies from upstream rustls are noted in bold or with ALL CAPS.

§Platform support

While Rustls itself is platform independent, there are some additional platform requirements for the built-in providers.

aws-lc-rs is commonly used as the provider that implements the cryptography in TLS. See the aws-lc-rs FAQ for more details of the platform/architecture support constraints in aws-lc-rs.

ring is also available via the ring crate feature: see the supported ring target platforms.

By providing a custom instance of the crypto::CryptoProvider struct, you can replace all cryptography dependencies of rustls. This is a route to being portable to a wider set of architectures and environments, or compliance requirements. See the crypto::CryptoProvider documentation for more details.

§Cryptography providers

NOTICE: It is required to choose the provider of the cryptographic primitives that this library uses in this fork.

This be done by selecting the default provider (see the crypto::CryptoProvider documentation) or MORE DYNAMICALLY…

Users that wish to customize the provider in use MORE DYNAMICALLY can do so when constructing ClientConfig and ServerConfig instances using the with_crypto_provider method on the respective config builder types. See the crypto::CryptoProvider documentation for more details.

§Built-in providers

Rustls ships with two built-in providers controlled by associated crate features, which are both optional in this fork:

aws-lc-rs - available with the aws-lc-rs crate feature enabled.
ring - available with the ring crate feature enabled.

See the documentation for crypto::CryptoProvider for details on how providers are selected.

§Third-party providers

NOTICE: ANY THIRD-PARTY PROVIDER WOULD NEED TO BE ADAPTED TO WORK DIRECTLY WITH THIS FORK OF RUSTLS.

The community has also started developing third-party providers for Rustls:

rustls-mbedtls-provider - a provider that uses mbedtls for cryptography.
rustls-openssl - a provider that uses OpenSSL for cryptography.
boring-rustls-provider - a work-in-progress provider that uses boringssl for cryptography.
rustls-rustcrypto - an experimental provider that uses the crypto primitives from RustCrypto for cryptography.
rustls-symcrypt - a provider that uses Microsoft’s SymCrypt library.
rustls-wolfcrypt-provider - a work-in-progress provider that uses wolfCrypt for cryptography.

§Custom provider

There is a simple example of writing your own provider in the custom provider example. This example implements a minimal provider using parts of the RustCrypto ecosystem.

As described above, it is (highly) recommended to add dependency on this fork as follows in Cargo.toml as done in the custom provider example in this fork:

rustls = { package = "portable-rustls", features=[...], ... }

See the Making a custom CryptoProvider section of the documentation for more information on this topic.

§Design overview

Rustls is a low-level library. If your goal is to make HTTPS connections you may prefer to use a library built on top of Rustls like hyper or ureq.

§Rustls does not take care of network IO

It doesn’t make or accept TCP connections, or do DNS, or read or write files.

Our examples directory contains demos that show how to handle I/O using the stream::Stream helper, as well as more complex asynchronous I/O using mio. If you’re already using Tokio for an async runtime you may prefer to use tokio-rustls instead of interacting with rustls directly.

§Rustls provides encrypted pipes

These are the ServerConnection and ClientConnection types. You supply raw TLS traffic on the left (via the read_tls() and write_tls() methods) and then read/write the plaintext on the right:

         TLS                                   Plaintext
         ===                                   =========
    read_tls()      +-----------------------+      reader() as io::Read
                    |                       |
          +--------->   ClientConnection    +--------->
                    |          or           |
          <---------+   ServerConnection    <---------+
                    |                       |
    write_tls()     +-----------------------+      writer() as io::Write

§Rustls takes care of server certificate verification

You do not need to provide anything other than a set of root certificates to trust. Certificate verification cannot be turned off or disabled in the main API.

§Getting started

This is the minimum you need to do to make a TLS client connection.

First we load some root certificates. These are used to authenticate the server. The simplest way is to depend on the webpki_roots crate which contains the Mozilla set of root certificates.

let root_store = rustls::RootCertStore::from_iter(
    webpki_roots::TLS_SERVER_ROOTS
        .iter()
        .cloned(),
);

Next, we make a ClientConfig. You’re likely to make one of these per process, and use it for all connections made by that process.

let config = rustls::ClientConfig::builder()
    .with_root_certificates(root_store)
    .with_no_client_auth();

Now we can make a connection. You need to provide the server’s hostname so we know what to expect to find in the server’s certificate.

let rc_config = Arc::new(config);
let example_com = "example.com".try_into().unwrap();
let mut client = rustls::ClientConnection::new(rc_config, example_com);

Now you should do appropriate IO for the client object. If client.wants_read() yields true, you should call client.read_tls() when the underlying connection has data. Likewise, if client.wants_write() yields true, you should call client.write_tls() when the underlying connection is able to send data. You should continue doing this as long as the connection is valid.

The return types of read_tls() and write_tls() only tell you if the IO worked. No parsing or processing of the TLS messages is done. After each read_tls() you should therefore call client.process_new_packets() which parses and processes the messages. Any error returned from process_new_packets is fatal to the connection, and will tell you why. For example, if the server’s certificate is expired process_new_packets will return Err(InvalidCertificate(Expired)). From this point on, process_new_packets will not do any new work and will return that error continually.

You can extract newly received data by calling client.reader() (which implements the io::Read trait). You can send data to the peer by calling client.writer() (which implements io::Write trait). Note that client.writer().write() buffers data you send if the TLS connection is not yet established: this is useful for writing (say) a HTTP request, but this is buffered so avoid large amounts of data.

The following code uses a fictional socket IO API for illustration, and does not handle errors.

use std::io;
use rustls::Connection;

client.writer().write(b"GET / HTTP/1.0\r\n\r\n").unwrap();
let mut socket = connect("example.com", 443);
loop {
  if client.wants_read() && socket.ready_for_read() {
    client.read_tls(&mut socket).unwrap();
    client.process_new_packets().unwrap();

    let mut plaintext = Vec::new();
    client.reader().read_to_end(&mut plaintext).unwrap();
    io::stdout().write(&plaintext).unwrap();
  }

  if client.wants_write() && socket.ready_for_write() {
    client.write_tls(&mut socket).unwrap();
  }

  socket.wait_for_something_to_happen();
}

§Examples

You can find several client and server examples of varying complexity in the examples directory, including tlsserver-mio and tlsclient-mio - full worked examples using mio.

§Crate features and options

§Crate features

Here’s a list of what features are exposed by the rustls crate and what they mean.

std: enable the high-level (buffered) Connection API and other functionality which relies on the std library.
aws-lc-rs: makes the rustls crate depend on the aws-lc-rs crate. Use rustls::crypto::aws_lc_rs::default_provider().install_default() to use it as the default CryptoProvider, or provide it explicitly when making a ClientConfig or ServerConfig.

Note that aws-lc-rs has additional build-time dependencies like cmake. See the documentation for details.
ring: makes the rustls crate depend on the ring crate for cryptography. Use rustls::crypto::ring::default_provider().install_default() to use it as the default CryptoProvider, or provide it explicitly when making a ClientConfig or ServerConfig.

prefer-post-quantum: for the aws-lc-rs-backed provider, prioritizes post-quantum secure key exchange by default (using X25519MLKEM768). This feature merely alters the order of rustls::crypto::aws_lc_rs::DEFAULT_KX_GROUPS. We expect to add this feature to the default set in a future minor release. See the manual for more details.

custom-provider: disables implicit use of any built-in providers (aws-lc-rs or ring), if enabled by crate features. This forces applications to manually install one, for instance, when using a custom CryptoProvider.
tls12: enable support for TLS version 1.2. Note that, due to the additive nature of Cargo features and because it is enabled by default, other crates in your dependency graph could re-enable it for your application. If you want to disable TLS 1.2 for security reasons, consider explicitly enabling TLS 1.3 only in the config builder API.
logging: make the rustls crate depend on the log crate. rustls outputs interesting protocol-level messages at trace! and debug! level, and protocol-level errors at warn! and error! level. The log messages do not contain secret key data, and so are safe to archive without affecting session security.
read_buf: when building with Rust Nightly, adds support for the unstable std::io::ReadBuf and related APIs. This reduces costs from initializing buffers. Will do nothing on non-Nightly releases.
brotli: uses the brotli crate for RFC8879 certificate compression support.
zlib: uses the zlib-rs crate for RFC8879 certificate compression support.

§Crate cfg options

unstable_portable_atomic_arc - configures this fork to use Arc from portable_atomic_util instead of std::sync::Arc - requires Rust nightly together with portable_atomic_unstable_coerce_unsized to build successfully.

Re-exports§

pub use crate::ticketer::TicketRotator;std
pub use crate::ticketer::TicketSwitcher;std or hashbrown
pub use client::ClientConfig;
pub use client::ClientConnection;std
pub use server::ServerConfig;
pub use server::ServerConnection;std

Modules§

client: Items for use in a client.
compress: Certificate compression and decompression support
crypto: Crypto provider interface.
ffdhe_groups: This module contains parameters for FFDHE named groups as defined in RFC 7919 Appendix A.
lock: APIs abstracting over locking primitives.
manual: This is the rustls manual.
pki_types: Re-exports the contents of the rustls-pki-types crate for easy access
quic: APIs for implementing QUIC TLS
server: Items for use in a server.
sign: Message signing interfaces.
ticketerstd or hashbrown: APIs for implementing TLS tickets
time_provider: The library’s source of time.
unbuffered: Unbuffered connection API
version: All defined protocol versions appear in this module.

Structs§

CipherSuiteCommon: Common state for cipher suites (both for TLS 1.2 and TLS 1.3)
CommonState: Connection state common to both client and server connections.
ConfigBuilder: A builder for ServerConfig or ClientConfig values.
ConnectionCommon: Interface shared by client and server connections.
DigitallySignedStruct: This type combines a SignatureScheme and a signature payload produced with that scheme.
DistinguishedName: A DistinguishedName is a Vec<u8> wrapped in internal types.
ExtractedSecrets: Secrets for transmitting/receiving data over a TLS session.
IoState: Values of this structure are returned from Connection::process_new_packets and tell the caller the current I/O state of the TLS connection.
KeyLogFilestd: KeyLog implementation that opens a file whose name is given by the SSLKEYLOGFILE environment variable, and writes keys into it.
NoKeyLog: KeyLog that does exactly nothing.
OtherError: Any other error that cannot be expressed by a more specific Error variant.
Readerstd: A structure that implements std::io::Read for reading plaintext.
RootCertStore: A container for root certificates able to provide a root-of-trust for connection authentication.
Streamstd: This type implements io::Read and io::Write, encapsulating a Connection C and an underlying transport T, such as a socket.
StreamOwnedstd: This type implements io::Read and io::Write, encapsulating and owning a Connection C and an underlying blocking transport T, such as a socket.
SupportedProtocolVersion: A TLS protocol version supported by rustls.
Tls12CipherSuitetls12: A TLS 1.2 cipher suite supported by rustls.
Tls13CipherSuite: A TLS 1.3 cipher suite supported by rustls.
WantsVerifier: Config builder state where the caller must supply a verifier.
WantsVersions: Config builder state where the caller must supply TLS protocol versions.
Writerstd: A structure that implements std::io::Write for writing plaintext.

Enums§

AlertDescription: The AlertDescription TLS protocol enum. Values in this enum are taken from the various RFCs covering TLS, and are listed by IANA. The Unknown item is used when processing unrecognised ordinals.
CertRevocationListError: The ways in which a certificate revocation list (CRL) can be invalid.
CertificateCompressionAlgorithm: The “TLS Certificate Compression Algorithm IDs” TLS protocol enum. Values in this enum are taken from RFC8879.
CertificateError: The ways in which certificate validators can express errors.
CipherSuite: The CipherSuite TLS protocol enum. Values in this enum are taken from the various RFCs covering TLS, and are listed by IANA. The Unknown item is used when processing unrecognised ordinals.
Connectionstd: A client or server connection.
ConnectionTrafficSecrets: Secrets used to encrypt/decrypt data in a TLS session.
ContentType: The ContentType TLS protocol enum. Values in this enum are taken from the various RFCs covering TLS, and are listed by IANA. The Unknown item is used when processing unrecognised ordinals.
EncryptedClientHelloError: An error that occurred while handling Encrypted Client Hello (ECH).
Error: rustls reports protocol errors using this type.
HandshakeKind: Describes which sort of handshake happened.
HandshakeType: The HandshakeType TLS protocol enum. Values in this enum are taken from the various RFCs covering TLS, and are listed by IANA. The Unknown item is used when processing unrecognised ordinals.
InconsistentKeys: Specific failure cases from keys_match or a crate::crypto::signer::SigningKey that cannot produce a corresponding public key.
InvalidMessage: A corrupt TLS message payload that resulted in an error.
NamedGroup: The NamedGroup TLS protocol enum. Values in this enum are taken from the various RFCs covering TLS, and are listed by IANA. The Unknown item is used when processing unrecognised ordinals.
PeerIncompatible: The set of cases where we failed to make a connection because a peer doesn’t support a TLS version/feature we require.
PeerMisbehaved: The set of cases where we failed to make a connection because we thought the peer was misbehaving.
ProtocolVersion: The ProtocolVersion TLS protocol enum. Values in this enum are taken from the various RFCs covering TLS, and are listed by IANA. The Unknown item is used when processing unrecognised ordinals.
Side: Side of the connection.
SignatureAlgorithm: The SignatureAlgorithm TLS protocol enum. Values in this enum are taken from the various RFCs covering TLS, and are listed by IANA. The Unknown item is used when processing unrecognised ordinals.
SignatureScheme: The SignatureScheme TLS protocol enum. Values in this enum are taken from the various RFCs covering TLS, and are listed by IANA. The Unknown item is used when processing unrecognised ordinals.
SupportedCipherSuite: A cipher suite supported by rustls.

Statics§

ALL_VERSIONS: A list of all the protocol versions supported by rustls.
DEFAULT_VERSIONS: The version configuration that an application should use by default.

Traits§

ConfigSide: Helper trait to abstract ConfigBuilder over building a ClientConfig or ServerConfig.
KeyLog: This trait represents the ability to do something useful with key material, such as logging it to a file for debugging.
SideData: Data specific to the peer’s side (client or server).