Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add aws_lc_rs feature and set it as default #56

Merged
merged 9 commits into from
Jul 16, 2024
Merged

Add aws_lc_rs feature and set it as default #56

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
142a876
Add aws_lc_rs feature and set it as default
SajjadPourali Jul 14, 2024
da62830
Add fips feature
SajjadPourali Jul 14, 2024
709ea31
Fix test errors and improve feature usage
SajjadPourali Jul 14, 2024
13c712f
Revert ring as the default
SajjadPourali Jul 14, 2024
0ce0135
Fix CI checker rust.yml
SajjadPourali Jul 15, 2024
fe826d6
Fix formatting
SajjadPourali Jul 15, 2024
56f395d
rename aws_lc_rs feature to aws-lc-rs
SajjadPourali Jul 15, 2024
9f3057e
rename aws_lc_rs feature to aws-lc-rs in the code!
SajjadPourali Jul 15, 2024
0f37aef
Add AWS_LC_SYS_NO_ASM env variable to CI
SajjadPourali Jul 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion .github/workflows/rust.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,12 +21,17 @@ jobs:

runs-on: ${{ matrix.os }}

env:
AWS_LC_SYS_NO_ASM: 1

steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ matrix.rust }}
- run: cargo test --all-features --all-targets
- run: cargo check
- run: cargo test
- run: cargo test --no-default-features --features hyper-rustls,aws-lc-rs

msrv:
runs-on: ubuntu-latest
Expand Down
14 changes: 9 additions & 5 deletions Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,15 +12,19 @@ keywords = ["letsencrypt", "acme"]
categories = ["web-programming", "api-bindings"]

[features]
default = ["hyper-rustls"]
default = ["hyper-rustls", "ring"]
ring = ["dep:ring", "hyper-rustls?/ring", "rcgen/ring"]
aws-lc-rs = ["dep:aws-lc-rs", "hyper-rustls?/aws-lc-rs", "rcgen/aws_lc_rs"]
fips = ["aws-lc-rs", "aws-lc-rs?/fips"]

[dependencies]
aws-lc-rs = { version = "1.8.0", optional = true }
base64 = "0.21.0"
hyper = { version = "1.3.1", features = ["client", "http1", "http2"] }
hyper-rustls = { version = "0.27", default-features = false, features = ["http1", "http2", "native-tokio", "tls12", "rustls-native-certs", "ring"], optional = true }
hyper-util = { version = "0.1.5", features = ["client", "client-legacy", "http1", "http2", "tokio"]}
hyper-rustls = { version = "0.27", default-features = false, features = ["http1", "http2", "native-tokio", "tls12", "rustls-native-certs"], optional = true }
hyper-util = { version = "0.1.5", features = ["client", "client-legacy", "http1", "http2", "tokio"] }
http-body-util = "0.1.2"
ring = { version = "0.17", features = ["std"] }
ring = { version = "0.17", features = ["std"], optional = true }
rustls-pki-types = "1.1.0"
serde = { version = "1.0.104", features = ["derive"] }
serde_json = "1.0.78"
Expand All @@ -29,7 +33,7 @@ thiserror = "1.0.30"
[dev-dependencies]
anyhow = "1.0.66"
clap = { version = "4.0.29", features = ["derive"] }
rcgen = "0.12"
rcgen = { version = "0.12", default-features = false, features = ["pem"] }
tokio = { version = "1.22.0", features = ["macros", "rt", "rt-multi-thread", "time"] }
tracing = "0.1.37"
tracing-subscriber = "0.3.16"
Expand Down
27 changes: 19 additions & 8 deletions src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,10 @@
#![warn(unreachable_pub)]
#![warn(missing_docs)]

#[cfg(feature = "aws-lc-rs")]
pub(crate) use aws_lc_rs as ring_like;
#[cfg(all(feature = "ring", not(feature = "aws-lc-rs")))]
pub(crate) use ring as ring_like;
use std::fmt;
use std::future::Future;
use std::pin::Pin;
Expand All @@ -13,14 +17,14 @@ use http_body_util::{BodyExt, Full};
use hyper::body::{Bytes, Incoming};
use hyper::header::{CONTENT_TYPE, LOCATION};
use hyper::{Method, Request, Response, StatusCode};
#[cfg(feature = "hyper-rustls")]
use hyper_util::client::legacy::connect::{Connect, HttpConnector};
use hyper_util::client::legacy::connect::Connect;
use hyper_util::client::legacy::Client as HyperClient;
use hyper_util::rt::TokioExecutor;
use ring::digest::{digest, SHA256};
use ring::rand::SystemRandom;
use ring::signature::{EcdsaKeyPair, ECDSA_P256_SHA256_FIXED_SIGNING};
use ring::{hmac, pkcs8};
#[cfg(feature = "hyper-rustls")]
use hyper_util::{client::legacy::connect::HttpConnector, rt::TokioExecutor};
use ring_like::digest::{digest, SHA256};
use ring_like::rand::SystemRandom;
use ring_like::signature::{EcdsaKeyPair, ECDSA_P256_SHA256_FIXED_SIGNING};
use ring_like::{hmac, pkcs8};
use serde::de::DeserializeOwned;
use serde::Serialize;

Expand Down Expand Up @@ -555,7 +559,10 @@ impl Key {
fn generate() -> Result<(Self, pkcs8::Document), Error> {
let rng = SystemRandom::new();
let pkcs8 = EcdsaKeyPair::generate_pkcs8(&ECDSA_P256_SHA256_FIXED_SIGNING, &rng)?;
#[cfg(all(feature = "ring", not(feature = "aws-lc-rs")))]
let key = EcdsaKeyPair::from_pkcs8(&ECDSA_P256_SHA256_FIXED_SIGNING, pkcs8.as_ref(), &rng)?;
#[cfg(feature = "aws-lc-rs")]
let key = EcdsaKeyPair::from_pkcs8(&ECDSA_P256_SHA256_FIXED_SIGNING, pkcs8.as_ref())?;
let thumb = BASE64_URL_SAFE_NO_PAD.encode(Jwk::thumb_sha256(&key)?);

Ok((
Expand All @@ -571,7 +578,11 @@ impl Key {

fn from_pkcs8_der(pkcs8_der: &[u8]) -> Result<Self, Error> {
let rng = SystemRandom::new();
#[cfg(all(feature = "ring", not(feature = "aws-lc-rs")))]
let key = EcdsaKeyPair::from_pkcs8(&ECDSA_P256_SHA256_FIXED_SIGNING, pkcs8_der, &rng)?;
#[cfg(feature = "aws-lc-rs")]
let key = EcdsaKeyPair::from_pkcs8(&ECDSA_P256_SHA256_FIXED_SIGNING, pkcs8_der)?;

let thumb = BASE64_URL_SAFE_NO_PAD.encode(Jwk::thumb_sha256(&key)?);

Ok(Self {
Expand All @@ -584,7 +595,7 @@ impl Key {
}

impl Signer for Key {
type Signature = ring::signature::Signature;
type Signature = ring_like::signature::Signature;

fn header<'n, 'u: 'n, 's: 'u>(&'s self, nonce: Option<&'n str>, url: &'u str) -> Header<'n> {
debug_assert!(nonce.is_some());
Expand Down
12 changes: 8 additions & 4 deletions src/types.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,15 @@
use std::fmt;

#[cfg(feature = "aws-lc-rs")]
pub(crate) use aws_lc_rs as ring_like;
use base64::prelude::{Engine, BASE64_URL_SAFE_NO_PAD};
use http_body_util::BodyExt;
use hyper::body::Incoming;
use hyper::Response;
use ring::digest::{digest, Digest, SHA256};
use ring::signature::{EcdsaKeyPair, KeyPair};
#[cfg(all(feature = "ring", not(feature = "aws-lc-rs")))]
pub(crate) use ring as ring_like;
use ring_like::digest::{digest, Digest, SHA256};
use ring_like::signature::{EcdsaKeyPair, KeyPair};
use rustls_pki_types::CertificateDer;
use serde::de::DeserializeOwned;
use serde::ser::SerializeMap;
Expand All @@ -25,10 +29,10 @@ pub enum Error {
Base64(#[from] base64::DecodeError),
/// Failed from cryptographic operations
#[error("cryptographic operation failed: {0}")]
Crypto(#[from] ring::error::Unspecified),
Crypto(#[from] ring_like::error::Unspecified),
/// Failed to instantiate a private key
#[error("invalid key bytes: {0}")]
CryptoKey(#[from] ring::error::KeyRejected),
CryptoKey(#[from] ring_like::error::KeyRejected),
/// HTTP failure
#[error("HTTP request failure: {0}")]
Http(#[from] hyper::http::Error),
Expand Down