This is an automated email from the ASF dual-hosted git repository. yuanz pushed a commit to branch release-v0.3.0 in repository https://gitbox.apache.org/repos/asf/incubator-teaclave-trustzone-sdk.git
commit 37a1c4b1c82ce303de5d0fd5a0e4e2e0e27b4d54 Author: Yuan Zhuang <[email protected]> AuthorDate: Thu Jun 27 12:38:56 2024 +0000 examples/tls_server: upgrade to new rustls --- examples/tls_server-rs/ta/Cargo.lock | 91 ++++++++++++++++++++--------------- examples/tls_server-rs/ta/Cargo.toml | 18 ++++--- examples/tls_server-rs/ta/src/main.rs | 64 +++++++++--------------- 3 files changed, 84 insertions(+), 89 deletions(-) diff --git a/examples/tls_server-rs/ta/Cargo.lock b/examples/tls_server-rs/ta/Cargo.lock index 49e80d4..47b2e71 100644 --- a/examples/tls_server-rs/ta/Cargo.lock +++ b/examples/tls_server-rs/ta/Cargo.lock @@ -4,8 +4,9 @@ version = 3 [[package]] name = "base64" -version = "0.10.1" -source = "git+https://github.com/veracruz-project/rust-base64.git?branch=veracruz#9c3208ed29f179e395986c26c9290cf5f3dc9531"; +version = "0.21.7" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567" [[package]] name = "bitflags" @@ -25,12 +26,6 @@ version = "1.0.73" source = "registry+https://github.com/rust-lang/crates.io-index"; checksum = "2fff2a6927b3bb87f9595d67196a70493f627687a71d87a0d692242c33f58c11" -[[package]] -name = "cfg-if" -version = "0.1.10" -source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "4785bdd1c96b2a846b2bd7cc02e86b6b3dbf14e7e53446c4f54c92a361040822" - [[package]] name = "cfg-if" version = "1.0.0" @@ -71,35 +66,28 @@ checksum = "5916d2ae698f6de9bfb891ad7a8d65c09d232dc58cc4ac433c7da3b2fd84bc2b" name = "libc" version = "0.2.153" -[[package]] -name = "libc" -version = "0.2.153" -source = "git+https://github.com/DemesneGH/libc.git?branch=optee#4fa30318ed3175f6ebe22da8f167f9f9b34567c3"; - -[[package]] -name = "log" -version = "0.4.8" -source = "git+https://github.com/veracruz-project/log.git?branch=veracruz#64f2e08980af31e25edb5b699f195bb86a8990dd"; -dependencies = [ - "cfg-if 0.1.10", -] - [[package]] name = "log" version = "0.4.17" source = "registry+https://github.com/rust-lang/crates.io-index"; checksum = "abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e" dependencies = [ - "cfg-if 1.0.0", + "cfg-if", ] +[[package]] +name = "once_cell" +version = "1.19.0" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" + [[package]] name = "optee-utee" version = "0.2.0" dependencies = [ "bitflags", "hex", - "libc 0.2.153 (git+https://github.com/DemesneGH/libc.git?branch=optee)", + "libc 0.2.153", "optee-utee-macros", "optee-utee-sys", "uuid", @@ -147,12 +135,12 @@ dependencies = [ [[package]] name = "ring" -version = "0.16.11" -source = "git+https://github.com/veracruz-project/ring.git?branch=veracruz#47996e06f9a2cc392091392f010d62e83e9ed0f4"; +version = "0.16.20" +source = "git+https://github.com/DemesneGH/ring-optee.git?branch=0.16.20-optee#0f3ac1630db04e4114a69dffd5b5c83492ad794c"; dependencies = [ "cc", - "lazy_static", "libc 0.2.125", + "once_cell", "optee-utee", "spin", "untrusted", @@ -162,21 +150,40 @@ dependencies = [ [[package]] name = "rustls" -version = "0.16.0" -source = "git+https://github.com/DemesneGH/rustls.git?branch=veracruz#dd164b3d5a53f655a8b5cd5ae8eae2b35902f763"; +version = "0.21.0" +source = "git+https://github.com/DemesneGH/rustls-optee.git?branch=0.21.0-optee#768e596625313d50d0b9724fc9955e0b50774874"; dependencies = [ - "base64", - "log 0.4.8", + "log", "optee-utee", "ring", + "rustls-webpki", "sct", - "webpki", +] + +[[package]] +name = "rustls-pemfile" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c" +dependencies = [ + "base64", +] + +[[package]] +name = "rustls-webpki" +version = "0.100.3" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "5f6a5fc258f1c1276dfe3016516945546e2d5383911efc0fc4f1cdc5df3a4ae3" +dependencies = [ + "ring", + "untrusted", ] [[package]] name = "sct" -version = "0.6.0" -source = "git+https://github.com/veracruz-project/sct.rs.git?branch=veracruz#bb479fe436843337a062610b0a95c86cf1a0d194"; +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "d53dcdb7c9f8158937a7981b48accfd39a43af418591a5d008c7b22b5e1b7ca4" dependencies = [ "ring", "untrusted", @@ -219,7 +226,10 @@ dependencies = [ "optee-utee", "optee-utee-sys", "proto", + "ring", "rustls", + "rustls-pemfile", + "sct", "uuid", "webpki", "webpki-roots", @@ -255,7 +265,7 @@ version = "0.2.80" source = "registry+https://github.com/rust-lang/crates.io-index"; checksum = "27370197c907c55e3f1a9fbe26f44e937fe6451368324e009cba39e139dc08ad" dependencies = [ - "cfg-if 1.0.0", + "cfg-if", "wasm-bindgen-macro", ] @@ -267,7 +277,7 @@ checksum = "53e04185bfa3a779273da532f5025e33398409573f348985af9a1cbf3774d3f4" dependencies = [ "bumpalo", "lazy_static", - "log 0.4.17", + "log", "proc-macro2", "quote", "syn 1.0.93", @@ -315,18 +325,19 @@ dependencies = [ [[package]] name = "webpki" -version = "0.21.2" -source = "git+https://github.com/veracruz-project/webpki.git?branch=veracruz#0139cf73ee0227de7587608ad043c0f85a4d4776"; +version = "0.21.0" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "d7e664e770ac0110e2384769bcc59ed19e329d81f555916a6e072714957b81b4" dependencies = [ - "optee-utee", "ring", "untrusted", ] [[package]] name = "webpki-roots" -version = "0.19.0" -source = "git+https://github.com/veracruz-project/webpki-roots.git?branch=veracruz#a8023dba729f3b50841fe3d7ba87dd220b795f5e"; +version = "0.21.1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "aabe153544e473b775453675851ecc86863d2a81d786d741f6b76778f2a48940" dependencies = [ "webpki", ] diff --git a/examples/tls_server-rs/ta/Cargo.toml b/examples/tls_server-rs/ta/Cargo.toml index bf6f06f..572869c 100644 --- a/examples/tls_server-rs/ta/Cargo.toml +++ b/examples/tls_server-rs/ta/Cargo.toml @@ -30,10 +30,14 @@ proto = { path = "../proto" } optee-utee-sys = { path = "../../../optee-utee/optee-utee-sys" } optee-utee = { path = "../../../optee-utee" } -rustls = { git = "https://github.com/DemesneGH/rustls.git";, branch = "veracruz" } -webpki = { git = "https://github.com/veracruz-project/webpki.git";, branch = "veracruz", features = ["default"] } -webpki-roots = { git = "https://github.com/veracruz-project/webpki-roots.git";, branch = "veracruz", features = ["default"] } -lazy_static = {version = "1.4.0", features=["spin_no_std"] } +# use new ported version +rustls = { git = "https://github.com/DemesneGH/rustls-optee.git";, branch = "0.21.0-optee", features = ["dangerous_configuration"]} +ring = "=0.16.20" +webpki-roots = "0.21" +webpki = "=0.21.0" +rustls-pemfile = "1.0" +sct = "=0.7.0" +lazy_static = { version = "1.4.0", features=["spin_no_std"] } [build-dependencies] uuid = { version = "1.8", default-features = false } @@ -41,10 +45,10 @@ proto = { path = "../proto" } [profile.release] lto = false +opt-level = 1 -# Patch optee-utee for webpki -[patch."https://github.com/veracruz-project/rust-optee-trustzone-sdk.git";] -optee-utee = { path = "../../../optee-utee" } +[patch.crates-io] +ring = { git = "https://github.com/DemesneGH/ring-optee.git";, branch = "0.16.20-optee" } # Patch optee-utee for rustls [patch."https://github.com/apache/incubator-teaclave-trustzone-sdk.git";] diff --git a/examples/tls_server-rs/ta/src/main.rs b/examples/tls_server-rs/ta/src/main.rs index 9aa64ed..8c10dfa 100644 --- a/examples/tls_server-rs/ta/src/main.rs +++ b/examples/tls_server-rs/ta/src/main.rs @@ -24,17 +24,12 @@ use optee_utee::{Error, ErrorKind, Parameters, Result}; use proto::Command; use lazy_static::lazy_static; -use rustls; -use rustls::{NoClientAuth, Session}; use std::collections::HashMap; -use std::io::Cursor; -use std::io::{BufReader, Read, Write}; -use std::sync::Arc; -use std::sync::Mutex; -use std::sync::RwLock; +use std::io::{BufReader, Cursor, Read, Write}; +use std::sync::{Arc, Mutex, RwLock}; lazy_static! { - static ref TLS_SESSIONS: RwLock<HashMap<u32, Mutex<rustls::ServerSession>>> = + static ref TLS_SESSIONS: RwLock<HashMap<u32, Mutex<rustls::ServerConnection>>> = RwLock::new(HashMap::new()); } @@ -98,7 +93,7 @@ fn invoke_command(cmd_id: u32, params: &mut Parameters) -> Result<()> { pub fn new_tls_session(session_id: u32) { let tls_config = make_config(); - let tls_session = rustls::ServerSession::new(&tls_config); + let tls_session = rustls::ServerConnection::new(tls_config).unwrap(); TLS_SESSIONS .write() .unwrap() @@ -118,9 +113,9 @@ pub fn do_tls_read(session_id: u32, buf: &[u8]) { // Read and process all available plaintext. let mut buf = Vec::new(); - let _rc = tls_session.read_to_end(&mut buf); + let _rc = tls_session.reader().read_to_end(&mut buf); if !buf.is_empty() { - tls_session.write_all(&buf).unwrap(); + tls_session.writer().write_all(&buf).unwrap(); } } @@ -137,50 +132,35 @@ pub fn do_tls_write(session_id: u32, buf: &mut [u8]) -> usize { } fn make_config() -> Arc<rustls::ServerConfig> { - let client_auth = NoClientAuth::new(); - trace_println!("[+] before make_config"); - let mut tls_config = rustls::ServerConfig::new(client_auth); - trace_println!("[+] after make_config"); let certs = load_certs(); let privkey = load_private_key(); - tls_config - .set_single_cert(certs, privkey) - .expect("bad certificates/private key"); + let config = rustls::ServerConfig::builder() + .with_safe_defaults() + .with_no_client_auth() + .with_single_cert(certs, privkey) + .unwrap(); - Arc::new(tls_config) + Arc::new(config) } fn load_certs() -> Vec<rustls::Certificate> { let bytes = include_bytes!("../test-ca/ecdsa/end.fullchain").to_vec(); let cursor = std::io::Cursor::new(bytes); let mut reader = BufReader::new(cursor); - rustls::internal::pemfile::certs(&mut reader).unwrap() + let certs = rustls_pemfile::certs(&mut reader).unwrap(); + certs + .iter() + .map(|v| rustls::Certificate(v.clone())) + .collect() } fn load_private_key() -> rustls::PrivateKey { let bytes = include_bytes!("../test-ca/ecdsa/end.key").to_vec(); - - let rsa_keys = { - let cursor = std::io::Cursor::new(bytes.clone()); - let mut reader = BufReader::new(cursor); - rustls::internal::pemfile::rsa_private_keys(&mut reader) - .expect("file contains invalid rsa private key") - }; - - let pkcs8_keys = { - let cursor = std::io::Cursor::new(bytes); - let mut reader = BufReader::new(cursor); - rustls::internal::pemfile::pkcs8_private_keys(&mut reader) - .expect("file contains invalid pkcs8 private key (encrypted keys not supported)") - }; - - // prefer to load pkcs8 keys - if !pkcs8_keys.is_empty() { - pkcs8_keys[0].clone() - } else { - assert!(!rsa_keys.is_empty()); - rsa_keys[0].clone() - } + let cursor = std::io::Cursor::new(bytes); + let mut reader = BufReader::new(cursor); + let keys = rustls_pemfile::pkcs8_private_keys(&mut reader).unwrap(); + assert_eq!(keys.len(), 1); + rustls::PrivateKey(keys[0].clone()) } // TA configurations --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
