Skip to content

Commit

Permalink
feat(quic): support rustls provider aws-lc-rs (#333)
Browse files Browse the repository at this point in the history
* feat(quic): support rustls provider aws-lc-rs

* fix(ci): add build deps for aws-lc-fips-sys

* chore(quic): simplify rustls cfg
  • Loading branch information
AsakuraMizu authored Nov 21, 2024
1 parent 4326bb0 commit cfcc689
Show file tree
Hide file tree
Showing 7 changed files with 37 additions and 8 deletions.
9 changes: 9 additions & 0 deletions .github/workflows/ci_check.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,15 @@ jobs:
run: |
rustup default nightly
rustup component add clippy
- uses: actions/setup-go@v4
with:
go-version: '>=1.18'
- name: Install NASM on Windows
if: runner.os == 'Windows'
uses: ilammy/setup-nasm@v1
- name: Install ninja-build tool on Windows
if: runner.os == 'Windows'
uses: seanmiddleditch/gha-setup-ninja@v4
- name: Check clippy
run: |
cargo clippy --all-features --all-targets -- -Dwarnings
Expand Down
12 changes: 8 additions & 4 deletions compio-quic/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ compio-log = { workspace = true }
compio-net = { workspace = true }
compio-runtime = { workspace = true, features = ["time"] }

quinn-proto = "0.11.8"
quinn-proto = { version = "0.11.9", default-features = false }
rustls = { workspace = true }
rustls-platform-verifier = { version = "0.4.0", optional = true }
rustls-native-certs = { workspace = true, optional = true }
Expand Down Expand Up @@ -61,16 +61,20 @@ tokio = { workspace = true, features = ["rt", "macros"] }
tracing-subscriber = { workspace = true, features = ["env-filter"] }

[target.'cfg(not(any(target_os = "illumos", target_os = "solaris")))'.dev-dependencies]
quinn = "0.11.5"
quinn = { version = "0.11.6", default-features = false, features = [
"rustls-ring",
] }

[features]
default = []
default = ["ring"]
io-compat = ["futures-util/io"]
platform-verifier = ["dep:rustls-platform-verifier"]
native-certs = ["dep:rustls-native-certs"]
webpki-roots = ["dep:webpki-roots"]
h3 = ["dep:h3"]
# FIXME: see https://github.com/quinn-rs/quinn/pull/1962
ring = ["quinn-proto/rustls-ring"]
aws-lc-rs = ["quinn-proto/rustls-aws-lc-rs"]
aws-lc-rs-fips = ["aws-lc-rs", "quinn-proto/rustls-aws-lc-rs-fips"]

[[example]]
name = "http3-client"
Expand Down
3 changes: 2 additions & 1 deletion compio-quic/build.rs
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ fn main() {
non_freebsd: { any(target_os = "openbsd", target_os = "netbsd") },
bsd: { any(freebsd, non_freebsd) },
solarish: { any(target_os = "illumos", target_os = "solaris") },
apple: { target_vendor = "apple" }
apple: { target_vendor = "apple" },
rustls: { any(feature = "aws-lc-rs", feature = "ring") }
}
}
6 changes: 5 additions & 1 deletion compio-quic/src/builder.rs
Original file line number Diff line number Diff line change
Expand Up @@ -238,7 +238,11 @@ mod verifier {
rustls::crypto::CryptoProvider::get_default()
.map(|provider| provider.signature_verification_algorithms)
.unwrap_or_else(|| {
rustls::crypto::ring::default_provider().signature_verification_algorithms
#[cfg(feature = "aws-lc-rs")]
use rustls::crypto::aws_lc_rs::default_provider;
#[cfg(all(not(feature = "aws-lc-rs"), feature = "ring"))]
use rustls::crypto::ring::default_provider;
default_provider().signature_verification_algorithms
}),
)
}
Expand Down
7 changes: 6 additions & 1 deletion compio-quic/src/connection.rs
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,11 @@ use futures_util::{
future::{self, Fuse, FusedFuture, LocalBoxFuture},
select, stream,
};
#[cfg(rustls)]
use quinn_proto::crypto::rustls::HandshakeData;
use quinn_proto::{
ConnectionHandle, ConnectionStats, Dir, EndpointEvent, StreamEvent, StreamId, VarInt,
congestion::Controller, crypto::rustls::HandshakeData,
congestion::Controller,
};
use rustc_hash::FxHashMap as HashMap;
use thiserror::Error;
Expand Down Expand Up @@ -85,6 +87,7 @@ impl ConnectionState {
}
}

#[cfg(rustls)]
fn handshake_data(&self) -> Option<Box<HandshakeData>> {
self.conn
.crypto_session()
Expand Down Expand Up @@ -387,6 +390,7 @@ impl Connecting {
}

/// Parameters negotiated during the handshake.
#[cfg(rustls)]
pub async fn handshake_data(&mut self) -> Result<Box<HandshakeData>, ConnectionError> {
future::poll_fn(|cx| {
let mut state = self.0.try_state()?;
Expand Down Expand Up @@ -497,6 +501,7 @@ impl Connection {
conn_fn!();

/// Parameters negotiated during the handshake.
#[cfg(rustls)]
pub fn handshake_data(&mut self) -> Result<Box<HandshakeData>, ConnectionError> {
Ok(self.0.try_state()?.handshake_data().unwrap())
}
Expand Down
6 changes: 5 additions & 1 deletion compio-quic/src/endpoint.rs
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,9 @@ use std::{

use compio_buf::{BufResult, bytes::Bytes};
use compio_log::{Instrument, error};
use compio_net::{ToSocketAddrsAsync, UdpSocket};
#[cfg(rustls)]
use compio_net::ToSocketAddrsAsync;
use compio_net::UdpSocket;
use compio_runtime::JoinHandle;
use flume::{Receiver, Sender, unbounded};
use futures_util::{
Expand Down Expand Up @@ -355,6 +357,7 @@ impl Endpoint {
/// address.
///
/// IPv4 client is never dual-stack.
#[cfg(rustls)]
pub async fn client(addr: impl ToSocketAddrsAsync) -> io::Result<Endpoint> {
// TODO: try to enable dual-stack on all platforms, notably Windows
let socket = UdpSocket::bind(addr).await?;
Expand All @@ -369,6 +372,7 @@ impl Endpoint {
/// able to communicate with IPv4 addresses. Portable applications
/// should bind an address that matches the family they wish to
/// communicate within.
#[cfg(rustls)]
pub async fn server(addr: impl ToSocketAddrsAsync, config: ServerConfig) -> io::Result<Self> {
let socket = UdpSocket::bind(addr).await?;
Self::new(socket, EndpointConfig::default(), Some(config), None)
Expand Down
2 changes: 2 additions & 0 deletions compio-quic/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ pub use quinn_proto::{
crypto,
};

#[cfg(rustls)]
mod builder;
mod connection;
mod endpoint;
Expand All @@ -22,6 +23,7 @@ mod recv_stream;
mod send_stream;
mod socket;

#[cfg(rustls)]
pub use builder::{ClientBuilder, ServerBuilder};
pub use connection::{Connecting, Connection, ConnectionError};
pub use endpoint::Endpoint;
Expand Down

0 comments on commit cfcc689

Please sign in to comment.