This is an automated email from the ASF dual-hosted git repository. yuanz pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/incubator-teaclave-trustzone-sdk.git
commit bf4c2e6d22dd2b671aea5e37b9e86fca204abeef Author: Yuan Zhuang <[email protected]> AuthorDate: Mon Aug 18 08:05:29 2025 +0000 examples: tls client and server for new rustls --- .../ta => crates/rustls_provider}/Cargo.toml | 38 +- crates/rustls_provider/src/lib.rs | 64 ++ examples/tls_client-rs/ta/Cargo.lock | 998 +++++++++++++++++-- examples/tls_client-rs/ta/Cargo.toml | 20 +- examples/tls_client-rs/ta/build.rs | 3 +- examples/tls_client-rs/ta/src/main.rs | 76 +- examples/tls_server-rs/ta/Cargo.lock | 1019 +++++++++++++++++--- examples/tls_server-rs/ta/Cargo.toml | 20 +- examples/tls_server-rs/ta/build.rs | 3 +- examples/tls_server-rs/ta/src/main.rs | 182 ++-- tests/test_tls_server.sh | 9 +- 11 files changed, 2097 insertions(+), 335 deletions(-) diff --git a/examples/tls_client-rs/ta/Cargo.toml b/crates/rustls_provider/Cargo.toml similarity index 52% copy from examples/tls_client-rs/ta/Cargo.toml copy to crates/rustls_provider/Cargo.toml index 122c39d..41bd569 100644 --- a/examples/tls_client-rs/ta/Cargo.toml +++ b/crates/rustls_provider/Cargo.toml @@ -16,39 +16,23 @@ # under the License. [package] -name = "ta" -version = "0.4.0" +name = "rustls_provider" +version = "0.1.0" authors = ["Teaclave Contributors <[email protected]>"] license = "Apache-2.0" repository = "https://github.com/apache/incubator-teaclave-trustzone-sdk.git"; -description = "An example of Rust OP-TEE TrustZone SDK." +description = "Custom Rustls providers for OP-TEE TrustZone SDK." edition = "2018" [dependencies] -libc = { path = "../../../rust/libc" } -proto = { path = "../proto" } -optee-utee-sys = { path = "../../../optee-utee/optee-utee-sys" } -optee-utee = { path = "../../../optee-utee" } +optee-utee = { path = "../../optee-utee" } +rustls = { version = "0.23.12", default-features = false, features = ["std"] } +rustls-rustcrypto = "0.0.2-alpha" -# use new ported version -rustls = { git = "https://github.com/DemesneGH/rustls-optee.git";, branch = "0.21.0-optee", features = ["dangerous_configuration"]} -ring = "=0.16.20" -webpki-roots = "0.21" -webpki = "=0.21.0" -sct = "=0.7.0" - -[build-dependencies] -proto = { path = "../proto" } -optee-utee-build = { path = "../../../optee-utee-build" } - -[profile.release] -panic = "abort" -lto = false -opt-level = 3 +# Pin these crates for compatibility with our Rustc version nightly-2024-05-15 +base64ct = "=1.6.0" +ed25519-dalek = "=2.1.0" [patch.crates-io] -ring = { git = "https://github.com/DemesneGH/ring-optee.git";, branch = "0.16.20-optee" } - -# Patch optee-utee for rustls -[patch."https://github.com/apache/incubator-teaclave-trustzone-sdk.git";] -optee-utee = { path = "../../../optee-utee" } +# For getrandom 0.2, we add the OP-TEE backend and maintain in teaclave crates +getrandom = { git = "https://github.com/apache/incubator-teaclave-crates.git"; } \ No newline at end of file diff --git a/crates/rustls_provider/src/lib.rs b/crates/rustls_provider/src/lib.rs new file mode 100644 index 0000000..6cd8f57 --- /dev/null +++ b/crates/rustls_provider/src/lib.rs @@ -0,0 +1,64 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +use optee_utee::Time; +use rustls::crypto::CryptoProvider; +use rustls::pki_types::UnixTime; +use rustls::time_provider::TimeProvider; +use std::time::Duration; + +/// CryptoProvider from rustls-rustcrypto, with the rng backend for OP-TEE in getrandom crate +pub fn optee_crypto_provider() -> CryptoProvider { + rustls_rustcrypto::provider() +} + +/// Custom TimeProvider implementation using OP-TEE UTEE API +#[derive(Debug)] +pub struct ReeTimeProvider; + +impl TimeProvider for ReeTimeProvider { + fn current_time(&self) -> Option<UnixTime> { + // Get time from OP-TEE REE (Rich Execution Environment) + // In normal operation, the value returned should correspond to the real time, + // but it should not be considered as trusted, as it may be tampered by the user or the REE software. + // reference: GPD_TEE_Internal_API_Specification + let mut time = Time::new(); + time.ree_time(); + + // Convert OP-TEE time to Unix timestamp + // OP-TEE time seconds field represents seconds since some epoch + // We need to treat it as Unix timestamp (seconds since Jan 1, 1970) + let seconds = time.seconds as u64; + let millis = time.millis as u64; + + // Create UnixTime from seconds and milliseconds, check overflow + let total_millis = match seconds + .checked_mul(1000) + .and_then(|ms| ms.checked_add(millis)) + { + Some(total) => total, + None => return None, // Return None if overflow occurs + }; + Some(UnixTime::since_unix_epoch(Duration::from_millis( + total_millis, + ))) + } +} + +pub fn optee_time_provider() -> ReeTimeProvider { + ReeTimeProvider +} diff --git a/examples/tls_client-rs/ta/Cargo.lock b/examples/tls_client-rs/ta/Cargo.lock index 880f2a8..17af4c5 100644 --- a/examples/tls_client-rs/ta/Cargo.lock +++ b/examples/tls_client-rs/ta/Cargo.lock @@ -2,32 +2,354 @@ # It is not intended for manual editing. version = 3 +[[package]] +name = "aead" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "d122413f284cf2d62fb1b7db97e02edb8cda96d769b16e443a4f6195e35662b0" +dependencies = [ + "crypto-common", + "generic-array", +] + +[[package]] +name = "aes" +version = "0.8.4" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "b169f7a6d4742236a0a00c541b845991d0ac43e546831af1249753ab4c3aa3a0" +dependencies = [ + "cfg-if", + "cipher", + "cpufeatures", +] + +[[package]] +name = "aes-gcm" +version = "0.10.3" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "831010a0f742e1209b3bcea8fab6a8e149051ba6099432c8cb2cc117dec3ead1" +dependencies = [ + "aead", + "aes", + "cipher", + "ctr", + "ghash", + "subtle", +] + +[[package]] +name = "anyhow" +version = "1.0.99" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "b0674a1ddeecb70197781e945de4b3b8ffb61fa939a5597bcf48503737663100" + +[[package]] +name = "autocfg" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8" + +[[package]] +name = "base16ct" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf" + +[[package]] +name = "base64ct" +version = "1.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b" + [[package]] name = "bitflags" version = "1.3.2" source = "registry+https://github.com/rust-lang/crates.io-index"; checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" +[[package]] +name = "block-buffer" +version = "0.10.4" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" +dependencies = [ + "generic-array", +] + [[package]] name = "bumpalo" -version = "3.18.1" +version = "3.19.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "793db76d6187cd04dff33004d8e6c9cc4e05cd330500379d2394209271b4aeee" +checksum = "46c5e41b57b8bba42a04676d81cb89e9ee8e859a1a66f80a5a72e1cb76b34d43" + +[[package]] +name = "byteorder" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" [[package]] name = "cc" -version = "1.2.26" +version = "1.2.30" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "956a5e21988b87f372569b66183b78babf23ebc2e744b733e4350a752c4dafac" +checksum = "deec109607ca693028562ed836a5f1c4b8bd77755c4e132fc5ce11b0b6211ae7" dependencies = [ "shlex", ] [[package]] name = "cfg-if" -version = "1.0.0" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "9555578bc9e57714c812a1f84e4fc5b4d21fcb063490c624de019f7464c91268" + +[[package]] +name = "chacha20" +version = "0.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "c3613f74bd2eac03dad61bd53dbe620703d4371614fe0bc3b9f04dd36fe4e818" +dependencies = [ + "cfg-if", + "cipher", + "cpufeatures", +] + +[[package]] +name = "chacha20poly1305" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "10cd79432192d1c0f4e1a0fef9527696cc039165d729fb41b3f4f4f354c2dc35" +dependencies = [ + "aead", + "chacha20", + "cipher", + "poly1305", + "zeroize", +] + +[[package]] +name = "cipher" +version = "0.4.4" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad" +dependencies = [ + "crypto-common", + "inout", + "zeroize", +] + +[[package]] +name = "const-oid" +version = "0.9.6" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" + +[[package]] +name = "cpufeatures" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280" +dependencies = [ + "libc", +] + +[[package]] +name = "crypto-bigint" +version = "0.5.5" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "0dc92fb57ca44df6db8059111ab3af99a63d5d0f8375d9972e319a379c6bab76" +dependencies = [ + "generic-array", + "rand_core", + "subtle", + "zeroize", +] + +[[package]] +name = "crypto-common" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" +dependencies = [ + "generic-array", + "typenum", +] + +[[package]] +name = "ctr" +version = "0.9.2" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "0369ee1ad671834580515889b80f2ea915f23b8be8d0daa4bbaf2ac5c7590835" +dependencies = [ + "cipher", +] + +[[package]] +name = "curve25519-dalek" +version = "4.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "97fb8b7c4503de7d6ae7b42ab72a5a59857b4c937ec27a3d4539dba95b5ab2be" +dependencies = [ + "cfg-if", + "cpufeatures", + "curve25519-dalek-derive", + "digest", + "fiat-crypto", + "rustc_version", + "subtle", + "zeroize", +] + +[[package]] +name = "curve25519-dalek-derive" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" +dependencies = [ + "proc-macro2 1.0.95", + "quote 1.0.40", + "syn 2.0.104", +] + +[[package]] +name = "der" +version = "0.7.10" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "e7c1832837b905bbfb5101e07cc24c8deddf52f93225eee6ead5f4d63d53ddcb" +dependencies = [ + "const-oid", + "pem-rfc7468", + "zeroize", +] + +[[package]] +name = "digest" +version = "0.10.7" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" +dependencies = [ + "block-buffer", + "const-oid", + "crypto-common", + "subtle", +] + +[[package]] +name = "ecdsa" +version = "0.16.9" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca" +dependencies = [ + "der", + "digest", + "elliptic-curve", + "rfc6979", + "signature", + "spki", +] + +[[package]] +name = "ed25519" +version = "2.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "115531babc129696a58c64a4fef0a8bf9e9698629fb97e9e40767d235cfbcd53" +dependencies = [ + "pkcs8", + "signature", +] + +[[package]] +name = "ed25519-dalek" +version = "2.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "1f628eaec48bfd21b865dc2950cfa014450c01d2fa2b69a86c2fd5844ec523c0" +dependencies = [ + "curve25519-dalek", + "ed25519", + "serde", + "sha2", + "subtle", + "zeroize", +] + +[[package]] +name = "elliptic-curve" +version = "0.13.8" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47" +dependencies = [ + "base16ct", + "crypto-bigint", + "digest", + "ff", + "generic-array", + "group", + "hkdf", + "pem-rfc7468", + "pkcs8", + "rand_core", + "sec1", + "subtle", + "zeroize", +] + +[[package]] +name = "ff" +version = "0.13.1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "c0b50bfb653653f9ca9095b427bed08ab8d75a137839d9ad64eb11810d5b6393" +dependencies = [ + "rand_core", + "subtle", +] + +[[package]] +name = "fiat-crypto" +version = "0.2.9" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d" + +[[package]] +name = "generic-array" +version = "0.14.7" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" +dependencies = [ + "typenum", + "version_check", + "zeroize", +] + +[[package]] +name = "getrandom" +version = "0.2.16" +source = "git+https://github.com/apache/incubator-teaclave-crates.git#0e0b1fe5daedcff4d4eed18bd1bb9736559cfebd"; +dependencies = [ + "cfg-if", + "libc", + "wasi", +] + +[[package]] +name = "ghash" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "f0d8a4362ccb29cb0b265253fb0a2728f592895ee6854fd9bc13f2ffda266ff1" +dependencies = [ + "opaque-debug", + "polyval", +] + +[[package]] +name = "group" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" +checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63" +dependencies = [ + "ff", + "rand_core", + "subtle", +] [[package]] name = "heck" @@ -41,6 +363,33 @@ version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index"; checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" +[[package]] +name = "hkdf" +version = "0.12.4" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7" +dependencies = [ + "hmac", +] + +[[package]] +name = "hmac" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" +dependencies = [ + "digest", +] + +[[package]] +name = "inout" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "879f10e63c20629ecabbb64a8010319738c66a5cd0c29b02d63d272b03751d01" +dependencies = [ + "generic-array", +] + [[package]] name = "js-sys" version = "0.3.77" @@ -52,14 +401,19 @@ dependencies = [ ] [[package]] -name = "libc" -version = "0.2.153" +name = "lazy_static" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" +dependencies = [ + "spin", +] [[package]] name = "libc" -version = "0.2.172" +version = "0.2.174" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "d750af042f7ef4f724306de029d18836c26c1765a54a6a3f094cbd23a7267ffa" +checksum = "1171693293099992e19cddea4e8b849964e9846f4acee11b3948bcc337be8776" [[package]] name = "libc_alloc" @@ -67,6 +421,12 @@ version = "1.0.7" source = "registry+https://github.com/rust-lang/crates.io-index"; checksum = "7581282928bc99698341d1de7590964c28db747c164eaac9409432a3eaed098a" +[[package]] +name = "libm" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "f9fbbcab51052fe104eb5e5d351cf728d30a5be1fe14d9be8a3b097481fb97de" + [[package]] name = "litemap" version = "0.7.4" @@ -79,24 +439,72 @@ version = "0.4.27" source = "registry+https://github.com/rust-lang/crates.io-index"; checksum = "13dc2df351e3202783a1fe0d44375f7295ffb4049267b0f3018346dc122a1d94" +[[package]] +name = "num-bigint-dig" +version = "0.8.4" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "dc84195820f291c7697304f3cbdadd1cb7199c0efc917ff5eafd71225c136151" +dependencies = [ + "byteorder", + "lazy_static", + "libm", + "num-integer", + "num-iter", + "num-traits", + "rand", + "smallvec", + "zeroize", +] + +[[package]] +name = "num-integer" +version = "0.1.46" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f" +dependencies = [ + "num-traits", +] + +[[package]] +name = "num-iter" +version = "0.1.45" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf" +dependencies = [ + "autocfg", + "num-integer", + "num-traits", +] + +[[package]] +name = "num-traits" +version = "0.2.19" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" +dependencies = [ + "autocfg", + "libm", +] + [[package]] name = "num_enum" -version = "0.7.3" +version = "0.7.4" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "4e613fc340b2220f734a8595782c551f1250e969d87d3be1ae0579e8d4065179" +checksum = "a973b4e44ce6cad84ce69d797acf9a044532e4184c4f267913d1b546a0727b7a" dependencies = [ "num_enum_derive", + "rustversion", ] [[package]] name = "num_enum_derive" -version = "0.7.3" +version = "0.7.4" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "af1844ef2428cc3e1cb900be36181049ef3d3193c63e43026cfe202983b27a56" +checksum = "77e878c846a8abae00dd069496dbe8751b16ac1c3d6bd2a7283a938e8228f90d" dependencies = [ "proc-macro2 1.0.95", "quote 1.0.40", - "syn 2.0.101", + "syn 2.0.104", ] [[package]] @@ -105,6 +513,12 @@ version = "1.21.3" source = "registry+https://github.com/rust-lang/crates.io-index"; checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d" +[[package]] +name = "opaque-debug" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381" + [[package]] name = "optee-utee" version = "0.5.0" @@ -126,7 +540,7 @@ dependencies = [ "prettyplease", "proc-macro2 1.0.95", "quote 1.0.40", - "syn 2.0.101", + "syn 2.0.104", "uuid 1.17.0", "zerofrom", ] @@ -145,17 +559,129 @@ dependencies = [ name = "optee-utee-sys" version = "0.5.0" dependencies = [ - "libc 0.2.172", + "libc", +] + +[[package]] +name = "p256" +version = "0.13.2" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b" +dependencies = [ + "ecdsa", + "elliptic-curve", + "primeorder", + "sha2", +] + +[[package]] +name = "p384" +version = "0.13.1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "fe42f1670a52a47d448f14b6a5c61dd78fce51856e68edaa38f7ae3a46b8d6b6" +dependencies = [ + "ecdsa", + "elliptic-curve", + "primeorder", + "sha2", +] + +[[package]] +name = "paste" +version = "1.0.15" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a" + +[[package]] +name = "pem-rfc7468" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412" +dependencies = [ + "base64ct", +] + +[[package]] +name = "pkcs1" +version = "0.7.5" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f" +dependencies = [ + "der", + "pkcs8", + "spki", +] + +[[package]] +name = "pkcs5" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "e847e2c91a18bfa887dd028ec33f2fe6f25db77db3619024764914affe8b69a6" +dependencies = [ + "der", + "spki", +] + +[[package]] +name = "pkcs8" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" +dependencies = [ + "der", + "pkcs5", + "spki", +] + +[[package]] +name = "poly1305" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "8159bd90725d2df49889a078b54f4f79e87f1f8a8444194cdca81d38f5393abf" +dependencies = [ + "cpufeatures", + "opaque-debug", + "universal-hash", +] + +[[package]] +name = "polyval" +version = "0.6.2" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "9d1fe60d06143b2430aa532c94cfe9e29783047f06c0d7fd359a9a51b729fa25" +dependencies = [ + "cfg-if", + "cpufeatures", + "opaque-debug", + "universal-hash", +] + +[[package]] +name = "ppv-lite86" +version = "0.2.21" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "85eae3c4ed2f50dcfe72643da4befc30deadb458a9b590d720cde2f2b1e97da9" +dependencies = [ + "zerocopy", ] [[package]] name = "prettyplease" -version = "0.2.33" +version = "0.2.36" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "9dee91521343f4c5c6a63edd65e54f31f5c92fe8978c40a4282f8372194c6a7d" +checksum = "ff24dfcda44452b9816fff4cd4227e1bb73ff5a2f1bc1105aa92fb8565ce44d2" dependencies = [ "proc-macro2 1.0.95", - "syn 2.0.101", + "syn 2.0.104", +] + +[[package]] +name = "primeorder" +version = "0.13.6" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "353e1ca18966c16d9deb1c69278edbc5f194139612772bd9537af60ac231e1e6" +dependencies = [ + "elliptic-curve", ] [[package]] @@ -201,43 +727,174 @@ dependencies = [ "proc-macro2 1.0.95", ] +[[package]] +name = "rand" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" +dependencies = [ + "rand_chacha", + "rand_core", +] + +[[package]] +name = "rand_chacha" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" +dependencies = [ + "ppv-lite86", + "rand_core", +] + +[[package]] +name = "rand_core" +version = "0.6.4" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" +dependencies = [ + "getrandom", +] + +[[package]] +name = "rfc6979" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2" +dependencies = [ + "hmac", + "subtle", +] + [[package]] name = "ring" -version = "0.16.20" -source = "git+https://github.com/DemesneGH/ring-optee.git?branch=0.16.20-optee#0f3ac1630db04e4114a69dffd5b5c83492ad794c"; +version = "0.17.14" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "a4689e6c2294d81e88dc6261c768b63bc4fcdb852be6d1352498b114f61383b7" dependencies = [ "cc", - "libc 0.2.172", - "once_cell", - "optee-utee", - "spin", + "cfg-if", + "getrandom", + "libc", "untrusted", - "web-sys", - "winapi", + "windows-sys", +] + +[[package]] +name = "rsa" +version = "0.9.8" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "78928ac1ed176a5ca1d17e578a1825f3d81ca54cf41053a592584b020cfd691b" +dependencies = [ + "const-oid", + "digest", + "num-bigint-dig", + "num-integer", + "num-traits", + "pkcs1", + "pkcs8", + "rand_core", + "sha2", + "signature", + "spki", + "subtle", + "zeroize", +] + +[[package]] +name = "rustc_version" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "cfcb3a22ef46e85b45de6ee7e79d063319ebb6594faafcf1c225ea92ab6e9b92" +dependencies = [ + "semver", ] [[package]] name = "rustls" -version = "0.21.0" -source = "git+https://github.com/DemesneGH/rustls-optee.git?branch=0.21.0-optee#768e596625313d50d0b9724fc9955e0b50774874"; +version = "0.23.31" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "c0ebcbd2f03de0fc1122ad9bb24b127a5a6cd51d72604a3f3c50ac459762b6cc" +dependencies = [ + "once_cell", + "rustls-pki-types", + "rustls-webpki 0.103.4", + "subtle", + "zeroize", +] + +[[package]] +name = "rustls-pki-types" +version = "1.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "229a4a4c221013e7e1f1a043678c5cc39fe5171437c88fb47151a21e6f5b5c79" +dependencies = [ + "zeroize", +] + +[[package]] +name = "rustls-rustcrypto" +version = "0.0.2-alpha" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "f12052947763ab8515f753315357599e9b0b4dab3b8ba15f30f725fe6d025557" +dependencies = [ + "aead", + "aes-gcm", + "chacha20poly1305", + "crypto-common", + "der", + "digest", + "ecdsa", + "ed25519-dalek", + "hmac", + "p256", + "p384", + "paste", + "pkcs8", + "rand_core", + "rsa", + "rustls", + "rustls-pki-types", + "rustls-webpki 0.102.8", + "sec1", + "sha2", + "signature", + "x25519-dalek", +] + +[[package]] +name = "rustls-webpki" +version = "0.102.8" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "64ca1bc8749bd4cf37b5ce386cc146580777b4e8572c7b97baf22c83f444bee9" dependencies = [ - "log", - "optee-utee", "ring", - "rustls-webpki", - "sct", + "rustls-pki-types", + "untrusted", ] [[package]] name = "rustls-webpki" -version = "0.100.3" +version = "0.103.4" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "5f6a5fc258f1c1276dfe3016516945546e2d5383911efc0fc4f1cdc5df3a4ae3" +checksum = "0a17884ae0c1b773f1ccd2bd4a8c72f16da897310a98b0e84bf349ad5ead92fc" dependencies = [ "ring", + "rustls-pki-types", "untrusted", ] +[[package]] +name = "rustls_provider" +version = "0.1.0" +dependencies = [ + "base64ct", + "ed25519-dalek", + "optee-utee", + "rustls", + "rustls-rustcrypto", +] + [[package]] name = "rustversion" version = "1.0.21" @@ -245,13 +902,54 @@ source = "registry+https://github.com/rust-lang/crates.io-index"; checksum = "8a0d197bd2c9dc6e53b84da9556a69ba4cdfab8619eb41a8bd1cc2027a0f6b1d" [[package]] -name = "sct" -version = "0.7.0" +name = "sec1" +version = "0.7.3" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "d53dcdb7c9f8158937a7981b48accfd39a43af418591a5d008c7b22b5e1b7ca4" +checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc" dependencies = [ - "ring", - "untrusted", + "base16ct", + "der", + "generic-array", + "pkcs8", + "subtle", + "zeroize", +] + +[[package]] +name = "semver" +version = "1.0.26" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "56e6fa9c48d24d85fb3de5ad847117517440f6beceb7798af16b4a87d616b8d0" + +[[package]] +name = "serde" +version = "1.0.219" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "5f0e2c6ed6606019b4e29e69dbaba95b11854410e5347d525002456dbbb786b6" +dependencies = [ + "serde_derive", +] + +[[package]] +name = "serde_derive" +version = "1.0.219" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00" +dependencies = [ + "proc-macro2 1.0.95", + "quote 1.0.40", + "syn 2.0.104", +] + +[[package]] +name = "sha2" +version = "0.10.9" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283" +dependencies = [ + "cfg-if", + "cpufeatures", + "digest", ] [[package]] @@ -260,11 +958,37 @@ version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index"; checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" +[[package]] +name = "signature" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" +dependencies = [ + "digest", + "rand_core", +] + +[[package]] +name = "smallvec" +version = "1.15.1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "67b1b7a3b5fe4f1376887184045fcf45c69e92af734b7aaddc05fb777b6fbd03" + [[package]] name = "spin" -version = "0.5.2" +version = "0.9.8" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" +checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" + +[[package]] +name = "spki" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d" +dependencies = [ + "base64ct", + "der", +] [[package]] name = "strum_macros" @@ -276,9 +1000,15 @@ dependencies = [ "proc-macro2 1.0.95", "quote 1.0.40", "rustversion", - "syn 2.0.101", + "syn 2.0.104", ] +[[package]] +name = "subtle" +version = "2.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" + [[package]] name = "syn" version = "0.15.44" @@ -292,9 +1022,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.101" +version = "2.0.104" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "8ce2b7fc941b3a24138a0a7cf8e858bfc6a992e7978a068a5c760deb0ed43caf" +checksum = "17b6f705963418cdb9927482fa304bc562ece2fdd4f616084c50b7023b435a40" dependencies = [ "proc-macro2 1.0.95", "quote 1.0.40", @@ -303,20 +1033,24 @@ dependencies = [ [[package]] name = "ta" -version = "0.4.0" +version = "0.5.0" dependencies = [ - "libc 0.2.153", + "anyhow", "optee-utee", "optee-utee-build", "optee-utee-sys", "proto", - "ring", "rustls", - "sct", - "webpki", + "rustls_provider", "webpki-roots", ] +[[package]] +name = "typenum" +version = "1.18.0" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "1dccffe3ce07af9386bfd29e80c0ab1a8205a2fc34e4bcd40364df902cfa8f3f" + [[package]] name = "unicode-ident" version = "1.0.18" @@ -329,11 +1063,21 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index"; checksum = "fc72304796d0818e357ead4e000d19c9c174ab23dc11093ac919054d20a6a7fc" +[[package]] +name = "universal-hash" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "fc1de2c688dc15305988b563c3854064043356019f97a4b46276fe734c4f07ea" +dependencies = [ + "crypto-common", + "subtle", +] + [[package]] name = "untrusted" -version = "0.7.1" +version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" +checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" [[package]] name = "uuid" @@ -351,6 +1095,18 @@ dependencies = [ "wasm-bindgen", ] +[[package]] +name = "version_check" +version = "0.9.5" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" + +[[package]] +name = "wasi" +version = "0.11.1+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b" + [[package]] name = "wasm-bindgen" version = "0.2.100" @@ -373,7 +1129,7 @@ dependencies = [ "log", "proc-macro2 1.0.95", "quote 1.0.40", - "syn 2.0.101", + "syn 2.0.104", "wasm-bindgen-shared", ] @@ -395,7 +1151,7 @@ checksum = "8ae87ea40c9f689fc23f209965b6fb8a99ad69aeeb0231408be24920604395de" dependencies = [ "proc-macro2 1.0.95", "quote 1.0.40", - "syn 2.0.101", + "syn 2.0.104", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -410,58 +1166,140 @@ dependencies = [ ] [[package]] -name = "web-sys" -version = "0.3.77" +name = "webpki-roots" +version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "33b6dd2ef9186f1f2072e409e99cd22a975331a6b3591b12c764e0e55c60d5d2" +checksum = "7e8983c3ab33d6fb807cfcdad2491c4ea8cbc8ed839181c7dfd9c67c83e261b2" dependencies = [ - "js-sys", - "wasm-bindgen", + "rustls-pki-types", ] [[package]] -name = "webpki" -version = "0.21.0" +name = "windows-sys" +version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "d7e664e770ac0110e2384769bcc59ed19e329d81f555916a6e072714957b81b4" +checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" dependencies = [ - "ring", - "untrusted", + "windows-targets", ] [[package]] -name = "webpki-roots" -version = "0.21.1" +name = "windows-targets" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "aabe153544e473b775453675851ecc86863d2a81d786d741f6b76778f2a48940" +checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" dependencies = [ - "webpki", + "windows_aarch64_gnullvm", + "windows_aarch64_msvc", + "windows_i686_gnu", + "windows_i686_gnullvm", + "windows_i686_msvc", + "windows_x86_64_gnu", + "windows_x86_64_gnullvm", + "windows_x86_64_msvc", ] [[package]] -name = "winapi" -version = "0.3.9" +name = "windows_aarch64_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" + +[[package]] +name = "windows_i686_gnu" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" + +[[package]] +name = "windows_i686_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" +checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" + +[[package]] +name = "x25519-dalek" +version = "2.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "c7e468321c81fb07fa7f4c636c3972b9100f0346e5b6a9f2bd0603a52f7ed277" dependencies = [ - "winapi-i686-pc-windows-gnu", - "winapi-x86_64-pc-windows-gnu", + "curve25519-dalek", + "rand_core", + "zeroize", ] [[package]] -name = "winapi-i686-pc-windows-gnu" -version = "0.4.0" +name = "zerocopy" +version = "0.8.26" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" +checksum = "1039dd0d3c310cf05de012d8a39ff557cb0d23087fd44cad61df08fc31907a2f" +dependencies = [ + "zerocopy-derive", +] [[package]] -name = "winapi-x86_64-pc-windows-gnu" -version = "0.4.0" +name = "zerocopy-derive" +version = "0.8.26" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" +checksum = "9ecf5b4cc5364572d7f4c329661bcc82724222973f2cab6f050a4e5c22f75181" +dependencies = [ + "proc-macro2 1.0.95", + "quote 1.0.40", + "syn 2.0.104", +] [[package]] name = "zerofrom" version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index"; checksum = "cff3ee08c995dee1859d998dea82f7374f2826091dd9cd47def953cae446cd2e" + +[[package]] +name = "zeroize" +version = "1.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde" +dependencies = [ + "zeroize_derive", +] + +[[package]] +name = "zeroize_derive" +version = "1.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" +dependencies = [ + "proc-macro2 1.0.95", + "quote 1.0.40", + "syn 2.0.104", +] diff --git a/examples/tls_client-rs/ta/Cargo.toml b/examples/tls_client-rs/ta/Cargo.toml index 122c39d..cf867ad 100644 --- a/examples/tls_client-rs/ta/Cargo.toml +++ b/examples/tls_client-rs/ta/Cargo.toml @@ -17,7 +17,7 @@ [package] name = "ta" -version = "0.4.0" +version = "0.5.0" authors = ["Teaclave Contributors <[email protected]>"] license = "Apache-2.0" repository = "https://github.com/apache/incubator-teaclave-trustzone-sdk.git"; @@ -25,17 +25,14 @@ description = "An example of Rust OP-TEE TrustZone SDK." edition = "2018" [dependencies] -libc = { path = "../../../rust/libc" } proto = { path = "../proto" } optee-utee-sys = { path = "../../../optee-utee/optee-utee-sys" } optee-utee = { path = "../../../optee-utee" } -# use new ported version -rustls = { git = "https://github.com/DemesneGH/rustls-optee.git";, branch = "0.21.0-optee", features = ["dangerous_configuration"]} -ring = "=0.16.20" -webpki-roots = "0.21" -webpki = "=0.21.0" -sct = "=0.7.0" +rustls_provider = { path = "../../../crates/rustls_provider" } +rustls = { version = "0.23.12", default-features = false, features = ["std"] } +webpki-roots = "1" +anyhow = "1.0" [build-dependencies] proto = { path = "../proto" } @@ -47,8 +44,5 @@ lto = false opt-level = 3 [patch.crates-io] -ring = { git = "https://github.com/DemesneGH/ring-optee.git";, branch = "0.16.20-optee" } - -# Patch optee-utee for rustls -[patch."https://github.com/apache/incubator-teaclave-trustzone-sdk.git";] -optee-utee = { path = "../../../optee-utee" } +# For getrandom 0.2, we add the OP-TEE backend and maintain in teaclave crates +getrandom = { git = "https://github.com/apache/incubator-teaclave-crates.git"; } \ No newline at end of file diff --git a/examples/tls_client-rs/ta/build.rs b/examples/tls_client-rs/ta/build.rs index 781fe90..6b02270 100644 --- a/examples/tls_client-rs/ta/build.rs +++ b/examples/tls_client-rs/ta/build.rs @@ -15,8 +15,7 @@ // specific language governing permissions and limitations // under the License. -use proto; -use optee_utee_build::{TaConfig, RustEdition, Error}; +use optee_utee_build::{Error, RustEdition, TaConfig}; fn main() -> Result<(), Error> { let ta_config = TaConfig::new_default_with_cargo_env(proto::UUID)? diff --git a/examples/tls_client-rs/ta/src/main.rs b/examples/tls_client-rs/ta/src/main.rs index 5403cb0..a601288 100644 --- a/examples/tls_client-rs/ta/src/main.rs +++ b/examples/tls_client-rs/ta/src/main.rs @@ -17,16 +17,16 @@ #![no_main] +use anyhow::Context; use optee_utee::net::TcpStream; use optee_utee::{ ta_close_session, ta_create, ta_destroy, ta_invoke_command, ta_open_session, trace_println, }; use optee_utee::{Error, ErrorKind, Parameters, Result}; use proto::Command; -use rustls::{OwnedTrustAnchor, RootCertStore}; +use rustls::RootCertStore; use std::convert::TryInto; -use std::io::Read; -use std::io::Write; +use std::io::{Read, Write}; use std::sync::Arc; #[ta_create] @@ -55,55 +55,75 @@ fn destroy() { fn invoke_command(cmd_id: u32, _params: &mut Parameters) -> Result<()> { trace_println!("[+] TA invoke command"); match Command::from(cmd_id) { - Command::Start => { - tls_client(); - Ok(()) - } + Command::Start => match tls_client() { + Ok(_) => { + trace_println!("[+] TLS client completed successfully"); + Ok(()) + } + Err(e) => { + trace_println!("[-] TLS client failed: {:?}", e); + Err(Error::new(ErrorKind::Generic)) + } + }, _ => Err(Error::new(ErrorKind::BadParameters)), } } // This code is based on the Rustls example: -// https://github.com/rustls/rustls/blob/v/0.21.0/examples/src/bin/simpleclient.rs +// https://github.com/rustls/rustls/blob/v/0.23.12/examples/src/bin/simpleclient.rs // with modifications by Teaclave to demonstrate Rustls usage in the TA. // Licensed under the Apache License, Version 2.0. -fn tls_client() { - let mut root_store = RootCertStore::empty(); - root_store.add_server_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.0.iter().map(|ta| { - OwnedTrustAnchor::from_subject_spki_name_constraints( - ta.subject, - ta.spki, - ta.name_constraints, - ) - })); - trace_println!("[+] root_store added"); +fn tls_client() -> anyhow::Result<()> { + // Create our custom providers + let crypto_provider = Arc::new(rustls_provider::optee_crypto_provider()); + let time_provider = Arc::new(rustls_provider::optee_time_provider()); + + let root_store = RootCertStore { + roots: webpki_roots::TLS_SERVER_ROOTS.into(), + }; - let config = rustls::ClientConfig::builder() - .with_safe_defaults() + let config = rustls::ClientConfig::builder_with_details(crypto_provider, time_provider) + .with_safe_default_protocol_versions() + .context("Failed to create client config with safe default protocol versions")? .with_root_certificates(root_store) .with_no_client_auth(); - trace_println!("[+] config created"); - let server_name = "google.com".try_into().unwrap(); - let mut conn = rustls::ClientConnection::new(Arc::new(config), server_name).unwrap(); - let mut sock = TcpStream::connect("google.com", 443).unwrap(); + let server_name = "www.rust-lang.org" + .try_into() + .context("Failed to parse server name")?; + + let mut conn = rustls::ClientConnection::new(Arc::new(config), server_name) + .context("Failed to create client connection")?; + + let mut sock = + TcpStream::connect("www.rust-lang.org", 443).context("Failed to connect to server")?; + let mut tls = rustls::Stream::new(&mut conn, &mut sock); + tls.write_all( concat!( "GET / HTTP/1.1\r\n", - "Host: google.com\r\n", + "Host: www.rust-lang.org\r\n", "Connection: close\r\n", "Accept-Encoding: identity\r\n", "\r\n" ) .as_bytes(), ) - .unwrap(); - let ciphersuite = tls.conn.negotiated_cipher_suite().unwrap(); + .context("Failed to write HTTP request")?; + + let ciphersuite = tls + .conn + .negotiated_cipher_suite() + .context("Failed to get negotiated cipher suite")?; trace_println!("Current ciphersuite: {:?}", ciphersuite.suite()); + let mut plaintext = Vec::new(); - tls.read_to_end(&mut plaintext).unwrap(); + tls.read_to_end(&mut plaintext) + .context("Failed to read response")?; trace_println!("{}", String::from_utf8_lossy(&plaintext)); + + Ok(()) } include!(concat!(env!("OUT_DIR"), "/user_ta_header.rs")); diff --git a/examples/tls_server-rs/ta/Cargo.lock b/examples/tls_server-rs/ta/Cargo.lock index e502e0c..12d1f23 100644 --- a/examples/tls_server-rs/ta/Cargo.lock +++ b/examples/tls_server-rs/ta/Cargo.lock @@ -3,10 +3,63 @@ version = 3 [[package]] -name = "base64" -version = "0.21.7" +name = "aead" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "d122413f284cf2d62fb1b7db97e02edb8cda96d769b16e443a4f6195e35662b0" +dependencies = [ + "crypto-common", + "generic-array", +] + +[[package]] +name = "aes" +version = "0.8.4" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "b169f7a6d4742236a0a00c541b845991d0ac43e546831af1249753ab4c3aa3a0" +dependencies = [ + "cfg-if", + "cipher", + "cpufeatures", +] + +[[package]] +name = "aes-gcm" +version = "0.10.3" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "831010a0f742e1209b3bcea8fab6a8e149051ba6099432c8cb2cc117dec3ead1" +dependencies = [ + "aead", + "aes", + "cipher", + "ctr", + "ghash", + "subtle", +] + +[[package]] +name = "anyhow" +version = "1.0.99" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "b0674a1ddeecb70197781e945de4b3b8ffb61fa939a5597bcf48503737663100" + +[[package]] +name = "autocfg" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8" + +[[package]] +name = "base16ct" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf" + +[[package]] +name = "base64ct" +version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567" +checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b" [[package]] name = "bitflags" @@ -14,26 +67,289 @@ version = "1.3.2" source = "registry+https://github.com/rust-lang/crates.io-index"; checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" +[[package]] +name = "block-buffer" +version = "0.10.4" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" +dependencies = [ + "generic-array", +] + [[package]] name = "bumpalo" -version = "3.18.1" +version = "3.19.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "793db76d6187cd04dff33004d8e6c9cc4e05cd330500379d2394209271b4aeee" +checksum = "46c5e41b57b8bba42a04676d81cb89e9ee8e859a1a66f80a5a72e1cb76b34d43" + +[[package]] +name = "byteorder" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" [[package]] name = "cc" -version = "1.2.26" +version = "1.2.32" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "956a5e21988b87f372569b66183b78babf23ebc2e744b733e4350a752c4dafac" +checksum = "2352e5597e9c544d5e6d9c95190d5d27738ade584fa8db0a16e130e5c2b5296e" dependencies = [ "shlex", ] [[package]] name = "cfg-if" -version = "1.0.0" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "9555578bc9e57714c812a1f84e4fc5b4d21fcb063490c624de019f7464c91268" + +[[package]] +name = "chacha20" +version = "0.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "c3613f74bd2eac03dad61bd53dbe620703d4371614fe0bc3b9f04dd36fe4e818" +dependencies = [ + "cfg-if", + "cipher", + "cpufeatures", +] + +[[package]] +name = "chacha20poly1305" +version = "0.10.1" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" +checksum = "10cd79432192d1c0f4e1a0fef9527696cc039165d729fb41b3f4f4f354c2dc35" +dependencies = [ + "aead", + "chacha20", + "cipher", + "poly1305", + "zeroize", +] + +[[package]] +name = "cipher" +version = "0.4.4" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad" +dependencies = [ + "crypto-common", + "inout", + "zeroize", +] + +[[package]] +name = "const-oid" +version = "0.9.6" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" + +[[package]] +name = "cpufeatures" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280" +dependencies = [ + "libc", +] + +[[package]] +name = "crypto-bigint" +version = "0.5.5" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "0dc92fb57ca44df6db8059111ab3af99a63d5d0f8375d9972e319a379c6bab76" +dependencies = [ + "generic-array", + "rand_core", + "subtle", + "zeroize", +] + +[[package]] +name = "crypto-common" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" +dependencies = [ + "generic-array", + "typenum", +] + +[[package]] +name = "ctr" +version = "0.9.2" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "0369ee1ad671834580515889b80f2ea915f23b8be8d0daa4bbaf2ac5c7590835" +dependencies = [ + "cipher", +] + +[[package]] +name = "curve25519-dalek" +version = "4.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "97fb8b7c4503de7d6ae7b42ab72a5a59857b4c937ec27a3d4539dba95b5ab2be" +dependencies = [ + "cfg-if", + "cpufeatures", + "curve25519-dalek-derive", + "digest", + "fiat-crypto", + "rustc_version", + "subtle", + "zeroize", +] + +[[package]] +name = "curve25519-dalek-derive" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" +dependencies = [ + "proc-macro2 1.0.97", + "quote 1.0.40", + "syn 2.0.105", +] + +[[package]] +name = "der" +version = "0.7.10" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "e7c1832837b905bbfb5101e07cc24c8deddf52f93225eee6ead5f4d63d53ddcb" +dependencies = [ + "const-oid", + "pem-rfc7468", + "zeroize", +] + +[[package]] +name = "digest" +version = "0.10.7" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" +dependencies = [ + "block-buffer", + "const-oid", + "crypto-common", + "subtle", +] + +[[package]] +name = "ecdsa" +version = "0.16.9" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca" +dependencies = [ + "der", + "digest", + "elliptic-curve", + "rfc6979", + "signature", + "spki", +] + +[[package]] +name = "ed25519" +version = "2.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "115531babc129696a58c64a4fef0a8bf9e9698629fb97e9e40767d235cfbcd53" +dependencies = [ + "pkcs8", + "signature", +] + +[[package]] +name = "ed25519-dalek" +version = "2.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "1f628eaec48bfd21b865dc2950cfa014450c01d2fa2b69a86c2fd5844ec523c0" +dependencies = [ + "curve25519-dalek", + "ed25519", + "serde", + "sha2", + "subtle", + "zeroize", +] + +[[package]] +name = "elliptic-curve" +version = "0.13.8" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47" +dependencies = [ + "base16ct", + "crypto-bigint", + "digest", + "ff", + "generic-array", + "group", + "hkdf", + "pem-rfc7468", + "pkcs8", + "rand_core", + "sec1", + "subtle", + "zeroize", +] + +[[package]] +name = "ff" +version = "0.13.1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "c0b50bfb653653f9ca9095b427bed08ab8d75a137839d9ad64eb11810d5b6393" +dependencies = [ + "rand_core", + "subtle", +] + +[[package]] +name = "fiat-crypto" +version = "0.2.9" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d" + +[[package]] +name = "generic-array" +version = "0.14.7" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" +dependencies = [ + "typenum", + "version_check", + "zeroize", +] + +[[package]] +name = "getrandom" +version = "0.2.16" +source = "git+https://github.com/apache/incubator-teaclave-crates.git#0e0b1fe5daedcff4d4eed18bd1bb9736559cfebd"; +dependencies = [ + "cfg-if", + "libc", + "wasi", +] + +[[package]] +name = "ghash" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "f0d8a4362ccb29cb0b265253fb0a2728f592895ee6854fd9bc13f2ffda266ff1" +dependencies = [ + "opaque-debug", + "polyval", +] + +[[package]] +name = "group" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63" +dependencies = [ + "ff", + "rand_core", + "subtle", +] [[package]] name = "heck" @@ -47,6 +363,33 @@ version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index"; checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" +[[package]] +name = "hkdf" +version = "0.12.4" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7" +dependencies = [ + "hmac", +] + +[[package]] +name = "hmac" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" +dependencies = [ + "digest", +] + +[[package]] +name = "inout" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "879f10e63c20629ecabbb64a8010319738c66a5cd0c29b02d63d272b03751d01" +dependencies = [ + "generic-array", +] + [[package]] name = "js-sys" version = "0.3.77" @@ -63,18 +406,14 @@ version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index"; checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" dependencies = [ - "spin 0.9.8", + "spin", ] [[package]] name = "libc" -version = "0.2.153" - -[[package]] -name = "libc" -version = "0.2.172" +version = "0.2.175" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "d750af042f7ef4f724306de029d18836c26c1765a54a6a3f094cbd23a7267ffa" +checksum = "6a82ae493e598baaea5209805c49bbf2ea7de956d50d7da0da1164f9c6d28543" [[package]] name = "libc_alloc" @@ -82,6 +421,12 @@ version = "1.0.7" source = "registry+https://github.com/rust-lang/crates.io-index"; checksum = "7581282928bc99698341d1de7590964c28db747c164eaac9409432a3eaed098a" +[[package]] +name = "libm" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "f9fbbcab51052fe104eb5e5d351cf728d30a5be1fe14d9be8a3b097481fb97de" + [[package]] name = "litemap" version = "0.7.4" @@ -94,24 +439,72 @@ version = "0.4.27" source = "registry+https://github.com/rust-lang/crates.io-index"; checksum = "13dc2df351e3202783a1fe0d44375f7295ffb4049267b0f3018346dc122a1d94" +[[package]] +name = "num-bigint-dig" +version = "0.8.4" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "dc84195820f291c7697304f3cbdadd1cb7199c0efc917ff5eafd71225c136151" +dependencies = [ + "byteorder", + "lazy_static", + "libm", + "num-integer", + "num-iter", + "num-traits", + "rand", + "smallvec", + "zeroize", +] + +[[package]] +name = "num-integer" +version = "0.1.46" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f" +dependencies = [ + "num-traits", +] + +[[package]] +name = "num-iter" +version = "0.1.45" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf" +dependencies = [ + "autocfg", + "num-integer", + "num-traits", +] + +[[package]] +name = "num-traits" +version = "0.2.19" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" +dependencies = [ + "autocfg", + "libm", +] + [[package]] name = "num_enum" -version = "0.7.3" +version = "0.7.4" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "4e613fc340b2220f734a8595782c551f1250e969d87d3be1ae0579e8d4065179" +checksum = "a973b4e44ce6cad84ce69d797acf9a044532e4184c4f267913d1b546a0727b7a" dependencies = [ "num_enum_derive", + "rustversion", ] [[package]] name = "num_enum_derive" -version = "0.7.3" +version = "0.7.4" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "af1844ef2428cc3e1cb900be36181049ef3d3193c63e43026cfe202983b27a56" +checksum = "77e878c846a8abae00dd069496dbe8751b16ac1c3d6bd2a7283a938e8228f90d" dependencies = [ - "proc-macro2 1.0.95", + "proc-macro2 1.0.97", "quote 1.0.40", - "syn 2.0.101", + "syn 2.0.105", ] [[package]] @@ -120,6 +513,12 @@ version = "1.21.3" source = "registry+https://github.com/rust-lang/crates.io-index"; checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d" +[[package]] +name = "opaque-debug" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381" + [[package]] name = "optee-utee" version = "0.5.0" @@ -139,10 +538,10 @@ version = "0.5.0" dependencies = [ "litemap", "prettyplease", - "proc-macro2 1.0.95", + "proc-macro2 1.0.97", "quote 1.0.40", - "syn 2.0.101", - "uuid 1.17.0", + "syn 2.0.105", + "uuid 1.18.0", "zerofrom", ] @@ -160,17 +559,129 @@ dependencies = [ name = "optee-utee-sys" version = "0.5.0" dependencies = [ - "libc 0.2.172", + "libc", +] + +[[package]] +name = "p256" +version = "0.13.2" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b" +dependencies = [ + "ecdsa", + "elliptic-curve", + "primeorder", + "sha2", +] + +[[package]] +name = "p384" +version = "0.13.1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "fe42f1670a52a47d448f14b6a5c61dd78fce51856e68edaa38f7ae3a46b8d6b6" +dependencies = [ + "ecdsa", + "elliptic-curve", + "primeorder", + "sha2", +] + +[[package]] +name = "paste" +version = "1.0.15" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a" + +[[package]] +name = "pem-rfc7468" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412" +dependencies = [ + "base64ct", +] + +[[package]] +name = "pkcs1" +version = "0.7.5" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f" +dependencies = [ + "der", + "pkcs8", + "spki", +] + +[[package]] +name = "pkcs5" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "e847e2c91a18bfa887dd028ec33f2fe6f25db77db3619024764914affe8b69a6" +dependencies = [ + "der", + "spki", +] + +[[package]] +name = "pkcs8" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" +dependencies = [ + "der", + "pkcs5", + "spki", +] + +[[package]] +name = "poly1305" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "8159bd90725d2df49889a078b54f4f79e87f1f8a8444194cdca81d38f5393abf" +dependencies = [ + "cpufeatures", + "opaque-debug", + "universal-hash", +] + +[[package]] +name = "polyval" +version = "0.6.2" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "9d1fe60d06143b2430aa532c94cfe9e29783047f06c0d7fd359a9a51b729fa25" +dependencies = [ + "cfg-if", + "cpufeatures", + "opaque-debug", + "universal-hash", +] + +[[package]] +name = "ppv-lite86" +version = "0.2.21" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "85eae3c4ed2f50dcfe72643da4befc30deadb458a9b590d720cde2f2b1e97da9" +dependencies = [ + "zerocopy", ] [[package]] name = "prettyplease" -version = "0.2.33" +version = "0.2.36" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "ff24dfcda44452b9816fff4cd4227e1bb73ff5a2f1bc1105aa92fb8565ce44d2" +dependencies = [ + "proc-macro2 1.0.97", + "syn 2.0.105", +] + +[[package]] +name = "primeorder" +version = "0.13.6" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "9dee91521343f4c5c6a63edd65e54f31f5c92fe8978c40a4282f8372194c6a7d" +checksum = "353e1ca18966c16d9deb1c69278edbc5f194139612772bd9537af60ac231e1e6" dependencies = [ - "proc-macro2 1.0.95", - "syn 2.0.101", + "elliptic-curve", ] [[package]] @@ -184,9 +695,9 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.95" +version = "1.0.97" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "02b3e5e68a3a1a02aad3ec490a98007cbc13c37cbe84a3cd7b8e406d76e7f778" +checksum = "d61789d7719defeb74ea5fe81f2fdfdbd28a803847077cecce2ff14e1472f6f1" dependencies = [ "unicode-ident", ] @@ -213,69 +724,232 @@ version = "1.0.40" source = "registry+https://github.com/rust-lang/crates.io-index"; checksum = "1885c039570dc00dcb4ff087a89e185fd56bae234ddc7f056a945bf36467248d" dependencies = [ - "proc-macro2 1.0.95", + "proc-macro2 1.0.97", +] + +[[package]] +name = "rand" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" +dependencies = [ + "rand_chacha", + "rand_core", +] + +[[package]] +name = "rand_chacha" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" +dependencies = [ + "ppv-lite86", + "rand_core", +] + +[[package]] +name = "rand_core" +version = "0.6.4" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" +dependencies = [ + "getrandom", +] + +[[package]] +name = "rfc6979" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2" +dependencies = [ + "hmac", + "subtle", ] [[package]] name = "ring" -version = "0.16.20" -source = "git+https://github.com/DemesneGH/ring-optee.git?branch=0.16.20-optee#0f3ac1630db04e4114a69dffd5b5c83492ad794c"; +version = "0.17.14" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "a4689e6c2294d81e88dc6261c768b63bc4fcdb852be6d1352498b114f61383b7" dependencies = [ "cc", - "libc 0.2.172", - "once_cell", - "optee-utee", - "spin 0.5.2", + "cfg-if", + "getrandom", + "libc", "untrusted", - "web-sys", - "winapi", + "windows-sys", +] + +[[package]] +name = "rsa" +version = "0.9.8" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "78928ac1ed176a5ca1d17e578a1825f3d81ca54cf41053a592584b020cfd691b" +dependencies = [ + "const-oid", + "digest", + "num-bigint-dig", + "num-integer", + "num-traits", + "pkcs1", + "pkcs8", + "rand_core", + "sha2", + "signature", + "spki", + "subtle", + "zeroize", +] + +[[package]] +name = "rustc_version" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "cfcb3a22ef46e85b45de6ee7e79d063319ebb6594faafcf1c225ea92ab6e9b92" +dependencies = [ + "semver", ] [[package]] name = "rustls" -version = "0.21.0" -source = "git+https://github.com/DemesneGH/rustls-optee.git?branch=0.21.0-optee#768e596625313d50d0b9724fc9955e0b50774874"; +version = "0.23.31" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "c0ebcbd2f03de0fc1122ad9bb24b127a5a6cd51d72604a3f3c50ac459762b6cc" dependencies = [ - "log", - "optee-utee", - "ring", - "rustls-webpki", - "sct", + "once_cell", + "rustls-pki-types", + "rustls-webpki 0.103.4", + "subtle", + "zeroize", +] + +[[package]] +name = "rustls-pki-types" +version = "1.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "229a4a4c221013e7e1f1a043678c5cc39fe5171437c88fb47151a21e6f5b5c79" +dependencies = [ + "zeroize", +] + +[[package]] +name = "rustls-rustcrypto" +version = "0.0.2-alpha" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "f12052947763ab8515f753315357599e9b0b4dab3b8ba15f30f725fe6d025557" +dependencies = [ + "aead", + "aes-gcm", + "chacha20poly1305", + "crypto-common", + "der", + "digest", + "ecdsa", + "ed25519-dalek", + "hmac", + "p256", + "p384", + "paste", + "pkcs8", + "rand_core", + "rsa", + "rustls", + "rustls-pki-types", + "rustls-webpki 0.102.8", + "sec1", + "sha2", + "signature", + "x25519-dalek", ] [[package]] -name = "rustls-pemfile" -version = "1.0.4" +name = "rustls-webpki" +version = "0.102.8" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c" +checksum = "64ca1bc8749bd4cf37b5ce386cc146580777b4e8572c7b97baf22c83f444bee9" dependencies = [ - "base64", + "ring", + "rustls-pki-types", + "untrusted", ] [[package]] name = "rustls-webpki" -version = "0.100.3" +version = "0.103.4" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "5f6a5fc258f1c1276dfe3016516945546e2d5383911efc0fc4f1cdc5df3a4ae3" +checksum = "0a17884ae0c1b773f1ccd2bd4a8c72f16da897310a98b0e84bf349ad5ead92fc" dependencies = [ "ring", + "rustls-pki-types", "untrusted", ] +[[package]] +name = "rustls_provider" +version = "0.1.0" +dependencies = [ + "base64ct", + "ed25519-dalek", + "optee-utee", + "rustls", + "rustls-rustcrypto", +] + [[package]] name = "rustversion" -version = "1.0.21" +version = "1.0.22" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "8a0d197bd2c9dc6e53b84da9556a69ba4cdfab8619eb41a8bd1cc2027a0f6b1d" +checksum = "b39cdef0fa800fc44525c84ccb54a029961a8215f9619753635a9c0d2538d46d" [[package]] -name = "sct" -version = "0.7.0" +name = "sec1" +version = "0.7.3" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "d53dcdb7c9f8158937a7981b48accfd39a43af418591a5d008c7b22b5e1b7ca4" +checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc" dependencies = [ - "ring", - "untrusted", + "base16ct", + "der", + "generic-array", + "pkcs8", + "subtle", + "zeroize", +] + +[[package]] +name = "semver" +version = "1.0.26" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "56e6fa9c48d24d85fb3de5ad847117517440f6beceb7798af16b4a87d616b8d0" + +[[package]] +name = "serde" +version = "1.0.219" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "5f0e2c6ed6606019b4e29e69dbaba95b11854410e5347d525002456dbbb786b6" +dependencies = [ + "serde_derive", +] + +[[package]] +name = "serde_derive" +version = "1.0.219" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00" +dependencies = [ + "proc-macro2 1.0.97", + "quote 1.0.40", + "syn 2.0.105", +] + +[[package]] +name = "sha2" +version = "0.10.9" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283" +dependencies = [ + "cfg-if", + "cpufeatures", + "digest", ] [[package]] @@ -285,10 +959,20 @@ source = "registry+https://github.com/rust-lang/crates.io-index"; checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" [[package]] -name = "spin" -version = "0.5.2" +name = "signature" +version = "2.2.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" +checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" +dependencies = [ + "digest", + "rand_core", +] + +[[package]] +name = "smallvec" +version = "1.15.1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "67b1b7a3b5fe4f1376887184045fcf45c69e92af734b7aaddc05fb777b6fbd03" [[package]] name = "spin" @@ -296,6 +980,16 @@ version = "0.9.8" source = "registry+https://github.com/rust-lang/crates.io-index"; checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" +[[package]] +name = "spki" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d" +dependencies = [ + "base64ct", + "der", +] + [[package]] name = "strum_macros" version = "0.26.4" @@ -303,12 +997,18 @@ source = "registry+https://github.com/rust-lang/crates.io-index"; checksum = "4c6bee85a5a24955dc440386795aa378cd9cf82acd5f764469152d2270e581be" dependencies = [ "heck", - "proc-macro2 1.0.95", + "proc-macro2 1.0.97", "quote 1.0.40", "rustversion", - "syn 2.0.101", + "syn 2.0.105", ] +[[package]] +name = "subtle" +version = "2.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" + [[package]] name = "syn" version = "0.15.44" @@ -322,33 +1022,35 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.101" +version = "2.0.105" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "8ce2b7fc941b3a24138a0a7cf8e858bfc6a992e7978a068a5c760deb0ed43caf" +checksum = "7bc3fcb250e53458e712715cf74285c1f889686520d79294a9ef3bd7aa1fc619" dependencies = [ - "proc-macro2 1.0.95", + "proc-macro2 1.0.97", "quote 1.0.40", "unicode-ident", ] [[package]] name = "ta" -version = "0.4.0" +version = "0.5.0" dependencies = [ + "anyhow", "lazy_static", - "libc 0.2.153", "optee-utee", "optee-utee-build", "optee-utee-sys", "proto", - "ring", "rustls", - "rustls-pemfile", - "sct", - "webpki", - "webpki-roots", + "rustls_provider", ] +[[package]] +name = "typenum" +version = "1.18.0" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "1dccffe3ce07af9386bfd29e80c0ab1a8205a2fc34e4bcd40364df902cfa8f3f" + [[package]] name = "unicode-ident" version = "1.0.18" @@ -361,11 +1063,21 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index"; checksum = "fc72304796d0818e357ead4e000d19c9c174ab23dc11093ac919054d20a6a7fc" +[[package]] +name = "universal-hash" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "fc1de2c688dc15305988b563c3854064043356019f97a4b46276fe734c4f07ea" +dependencies = [ + "crypto-common", + "subtle", +] + [[package]] name = "untrusted" -version = "0.7.1" +version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" +checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" [[package]] name = "uuid" @@ -375,14 +1087,26 @@ checksum = "bc5cf98d8186244414c848017f0e2676b3fcb46807f6668a97dfe67359a3c4b7" [[package]] name = "uuid" -version = "1.17.0" +version = "1.18.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "3cf4199d1e5d15ddd86a694e4d0dffa9c323ce759fea589f00fef9d81cc1931d" +checksum = "f33196643e165781c20a5ead5582283a7dacbb87855d867fbc2df3f81eddc1be" dependencies = [ "js-sys", "wasm-bindgen", ] +[[package]] +name = "version_check" +version = "0.9.5" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" + +[[package]] +name = "wasi" +version = "0.11.1+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b" + [[package]] name = "wasm-bindgen" version = "0.2.100" @@ -403,9 +1127,9 @@ checksum = "2f0a0651a5c2bc21487bde11ee802ccaf4c51935d0d3d42a6101f98161700bc6" dependencies = [ "bumpalo", "log", - "proc-macro2 1.0.95", + "proc-macro2 1.0.97", "quote 1.0.40", - "syn 2.0.101", + "syn 2.0.105", "wasm-bindgen-shared", ] @@ -425,9 +1149,9 @@ version = "0.2.100" source = "registry+https://github.com/rust-lang/crates.io-index"; checksum = "8ae87ea40c9f689fc23f209965b6fb8a99ad69aeeb0231408be24920604395de" dependencies = [ - "proc-macro2 1.0.95", + "proc-macro2 1.0.97", "quote 1.0.40", - "syn 2.0.101", + "syn 2.0.105", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -442,58 +1166,131 @@ dependencies = [ ] [[package]] -name = "web-sys" -version = "0.3.77" +name = "windows-sys" +version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "33b6dd2ef9186f1f2072e409e99cd22a975331a6b3591b12c764e0e55c60d5d2" +checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" dependencies = [ - "js-sys", - "wasm-bindgen", + "windows-targets", ] [[package]] -name = "webpki" -version = "0.21.0" +name = "windows-targets" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "d7e664e770ac0110e2384769bcc59ed19e329d81f555916a6e072714957b81b4" +checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" dependencies = [ - "ring", - "untrusted", + "windows_aarch64_gnullvm", + "windows_aarch64_msvc", + "windows_i686_gnu", + "windows_i686_gnullvm", + "windows_i686_msvc", + "windows_x86_64_gnu", + "windows_x86_64_gnullvm", + "windows_x86_64_msvc", ] [[package]] -name = "webpki-roots" -version = "0.21.1" +name = "windows_aarch64_gnullvm" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "aabe153544e473b775453675851ecc86863d2a81d786d741f6b76778f2a48940" -dependencies = [ - "webpki", -] +checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" + +[[package]] +name = "windows_i686_gnu" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" + +[[package]] +name = "windows_i686_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" [[package]] -name = "winapi" -version = "0.3.9" +name = "windows_x86_64_gnullvm" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" +checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" + +[[package]] +name = "x25519-dalek" +version = "2.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "c7e468321c81fb07fa7f4c636c3972b9100f0346e5b6a9f2bd0603a52f7ed277" dependencies = [ - "winapi-i686-pc-windows-gnu", - "winapi-x86_64-pc-windows-gnu", + "curve25519-dalek", + "rand_core", + "zeroize", ] [[package]] -name = "winapi-i686-pc-windows-gnu" -version = "0.4.0" +name = "zerocopy" +version = "0.8.26" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" +checksum = "1039dd0d3c310cf05de012d8a39ff557cb0d23087fd44cad61df08fc31907a2f" +dependencies = [ + "zerocopy-derive", +] [[package]] -name = "winapi-x86_64-pc-windows-gnu" -version = "0.4.0" +name = "zerocopy-derive" +version = "0.8.26" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" +checksum = "9ecf5b4cc5364572d7f4c329661bcc82724222973f2cab6f050a4e5c22f75181" +dependencies = [ + "proc-macro2 1.0.97", + "quote 1.0.40", + "syn 2.0.105", +] [[package]] name = "zerofrom" version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index"; checksum = "cff3ee08c995dee1859d998dea82f7374f2826091dd9cd47def953cae446cd2e" + +[[package]] +name = "zeroize" +version = "1.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde" +dependencies = [ + "zeroize_derive", +] + +[[package]] +name = "zeroize_derive" +version = "1.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" +dependencies = [ + "proc-macro2 1.0.97", + "quote 1.0.40", + "syn 2.0.105", +] diff --git a/examples/tls_server-rs/ta/Cargo.toml b/examples/tls_server-rs/ta/Cargo.toml index d46778c..ff90258 100644 --- a/examples/tls_server-rs/ta/Cargo.toml +++ b/examples/tls_server-rs/ta/Cargo.toml @@ -17,7 +17,7 @@ [package] name = "ta" -version = "0.4.0" +version = "0.5.0" authors = ["Teaclave Contributors <[email protected]>"] license = "Apache-2.0" repository = "https://github.com/apache/incubator-teaclave-trustzone-sdk.git"; @@ -25,19 +25,14 @@ description = "An example of Rust OP-TEE TrustZone SDK." edition = "2018" [dependencies] -libc = { path = "../../../rust/libc" } proto = { path = "../proto" } optee-utee-sys = { path = "../../../optee-utee/optee-utee-sys" } optee-utee = { path = "../../../optee-utee" } -# use new ported version -rustls = { git = "https://github.com/DemesneGH/rustls-optee.git";, branch = "0.21.0-optee", features = ["dangerous_configuration"]} -ring = "=0.16.20" -webpki-roots = "0.21" -webpki = "=0.21.0" -rustls-pemfile = "1.0" -sct = "=0.7.0" +rustls_provider = { path = "../../../crates/rustls_provider" } +rustls = { version = "0.23.12", default-features = false, features = ["std"] } lazy_static = { version = "1.4.0", features=["spin_no_std"] } +anyhow = "1.0" [build-dependencies] proto = { path = "../proto" } @@ -49,8 +44,5 @@ lto = false opt-level = 3 [patch.crates-io] -ring = { git = "https://github.com/DemesneGH/ring-optee.git";, branch = "0.16.20-optee" } - -# Patch optee-utee for rustls -[patch."https://github.com/apache/incubator-teaclave-trustzone-sdk.git";] -optee-utee = { path = "../../../optee-utee" } +# For getrandom 0.2, we add the OP-TEE backend and maintain in teaclave crates +getrandom = { git = "https://github.com/apache/incubator-teaclave-crates.git"; } \ No newline at end of file diff --git a/examples/tls_server-rs/ta/build.rs b/examples/tls_server-rs/ta/build.rs index 781fe90..6b02270 100644 --- a/examples/tls_server-rs/ta/build.rs +++ b/examples/tls_server-rs/ta/build.rs @@ -15,8 +15,7 @@ // specific language governing permissions and limitations // under the License. -use proto; -use optee_utee_build::{TaConfig, RustEdition, Error}; +use optee_utee_build::{Error, RustEdition, TaConfig}; fn main() -> Result<(), Error> { let ta_config = TaConfig::new_default_with_cargo_env(proto::UUID)? diff --git a/examples/tls_server-rs/ta/src/main.rs b/examples/tls_server-rs/ta/src/main.rs index 8363437..723f556 100644 --- a/examples/tls_server-rs/ta/src/main.rs +++ b/examples/tls_server-rs/ta/src/main.rs @@ -23,9 +23,11 @@ use optee_utee::{ use optee_utee::{Error, ErrorKind, Parameters, Result}; use proto::Command; +use anyhow::Context; use lazy_static::lazy_static; +use rustls::pki_types::{pem::PemObject, CertificateDer, PrivateKeyDer}; use std::collections::HashMap; -use std::io::{BufReader, Cursor, Read, Write}; +use std::io::{Cursor, Read, Write}; use std::sync::{Arc, Mutex, RwLock}; lazy_static! { @@ -58,109 +60,177 @@ fn destroy() { #[ta_invoke_command] fn invoke_command(cmd_id: u32, params: &mut Parameters) -> Result<()> { trace_println!("[+] TA invoke command"); - let session_id = unsafe { params.0.as_value().unwrap().a() }; + let session_id = unsafe { params.0.as_value()?.a() }; trace_println!("[+] session id: {}", session_id); match Command::from(cmd_id) { Command::NewTlsSession => { trace_println!("[+] new_tls_session"); - new_tls_session(session_id); - Ok(()) + new_tls_session(session_id).map_err(|e| { + trace_println!("[-] Failed to create TLS session: {:?}", e); + Error::new(ErrorKind::Generic) + }) } Command::DoTlsRead => { - let mut p1 = unsafe { params.1.as_memref().unwrap() }; + let mut p1 = unsafe { params.1.as_memref()? }; let buffer = p1.buffer(); trace_println!("[+] do_tls_read"); - do_tls_read(session_id, buffer); - Ok(()) + do_tls_read(session_id, buffer).map_err(|e| { + trace_println!("[-] Failed to read TLS data: {:?}", e); + Error::new(ErrorKind::Generic) + }) } Command::DoTlsWrite => { trace_println!("[+] do_tls_write"); - let mut p1 = unsafe { params.1.as_memref().unwrap() }; - let mut p2 = unsafe { params.2.as_value().unwrap() }; - let mut buffer = p1.buffer(); - let n = do_tls_write(session_id, &mut buffer); - p2.set_a(n as u32); - Ok(()) + let mut p1 = unsafe { params.1.as_memref()? }; + let mut p2 = unsafe { params.2.as_value()? }; + let buffer = p1.buffer(); + do_tls_write(session_id, buffer) + .map(|n| { + p2.set_a(n as u32); + }) + .map_err(|e| { + trace_println!("[-] Failed to write TLS data: {:?}", e); + Error::new(ErrorKind::Generic) + }) } Command::CloseTlsSession => { trace_println!("[+] close_tls_session"); - close_tls_session(session_id); - Ok(()) + close_tls_session(session_id).map_err(|e| { + trace_println!("[-] Failed to close TLS session: {:?}", e); + Error::new(ErrorKind::Generic) + }) } _ => Err(Error::new(ErrorKind::BadParameters)), } } -pub fn new_tls_session(session_id: u32) { - let tls_config = make_config(); - let tls_session = rustls::ServerConnection::new(tls_config).unwrap(); +pub fn new_tls_session(session_id: u32) -> anyhow::Result<()> { + let tls_config = make_config().context("Failed to create TLS config")?; + let tls_session = + rustls::ServerConnection::new(tls_config).context("Failed to create TLS connection")?; + TLS_SESSIONS .write() - .unwrap() + .map_err(|_| anyhow::anyhow!("Failed to acquire write lock on TLS sessions"))? .insert(session_id, Mutex::new(tls_session)); + + trace_println!("[+] TLS session {} created successfully", session_id); + Ok(()) } -pub fn close_tls_session(session_id: u32) { - TLS_SESSIONS.write().unwrap().remove(&session_id); +pub fn close_tls_session(session_id: u32) -> anyhow::Result<()> { + let mut sessions = TLS_SESSIONS.write().map_err(|_| { + anyhow::anyhow!( + "Failed to acquire write lock to close TLS session {}", + session_id + ) + })?; + + if sessions.remove(&session_id).is_some() { + trace_println!("[+] TLS session {} closed", session_id); + Ok(()) + } else { + Err(anyhow::anyhow!( + "TLS session {} not found for closing", + session_id + )) + } } -pub fn do_tls_read(session_id: u32, buf: &[u8]) { +pub fn do_tls_read(session_id: u32, buf: &[u8]) -> anyhow::Result<()> { let mut rd = Cursor::new(buf); - let ts_guard = TLS_SESSIONS.read().unwrap(); - let mut tls_session = ts_guard.get(&session_id).unwrap().lock().unwrap(); - let _rc = tls_session.read_tls(&mut rd).unwrap(); - let _processed = tls_session.process_new_packets().unwrap(); + let ts_guard = TLS_SESSIONS + .read() + .map_err(|_| anyhow::anyhow!("Failed to acquire read lock on TLS sessions"))?; + + let session = ts_guard + .get(&session_id) + .ok_or_else(|| anyhow::anyhow!("TLS session {} not found", session_id))?; + + let mut tls_session = session + .lock() + .map_err(|_| anyhow::anyhow!("Failed to acquire lock on TLS session {}", session_id))?; + + tls_session + .read_tls(&mut rd) + .context("Failed to read TLS data")?; + + tls_session + .process_new_packets() + .context("Failed to process TLS packets")?; // Read and process all available plaintext. let mut buf = Vec::new(); let _rc = tls_session.reader().read_to_end(&mut buf); if !buf.is_empty() { - tls_session.writer().write_all(&buf).unwrap(); + tls_session + .writer() + .write_all(&buf) + .context("Failed to write response data")?; } + + Ok(()) } -pub fn do_tls_write(session_id: u32, buf: &mut [u8]) -> usize { - let ts_guard = TLS_SESSIONS.read().unwrap(); - let mut tls_session = ts_guard.get(&session_id).unwrap().lock().unwrap(); +pub fn do_tls_write(session_id: u32, buf: &mut [u8]) -> anyhow::Result<usize> { + let ts_guard = TLS_SESSIONS + .read() + .map_err(|_| anyhow::anyhow!("Failed to acquire read lock on TLS sessions"))?; + + let session = ts_guard + .get(&session_id) + .ok_or_else(|| anyhow::anyhow!("TLS session {} not found", session_id))?; + + let mut tls_session = session + .lock() + .map_err(|_| anyhow::anyhow!("Failed to acquire lock on TLS session {}", session_id))?; + let mut wr = Cursor::new(buf); let mut rc = 0; while tls_session.wants_write() { - rc += tls_session.write_tls(&mut wr).unwrap(); + rc += tls_session + .write_tls(&mut wr) + .context("Failed to write TLS data")?; } - rc + Ok(rc) } -fn make_config() -> Arc<rustls::ServerConfig> { - let certs = load_certs(); - let privkey = load_private_key(); - let config = rustls::ServerConfig::builder() - .with_safe_defaults() +fn make_config() -> anyhow::Result<Arc<rustls::ServerConfig>> { + trace_println!("[+] Creating crypto provider"); + let crypto_provider = Arc::new(rustls_provider::optee_crypto_provider()); + + trace_println!("[+] Creating time provider"); + let time_provider = Arc::new(rustls_provider::optee_time_provider()); + + let certs = load_certs().context("Failed to load certificates")?; + trace_println!("[+] Loaded {} certificates", certs.len()); + + let private_key = load_private_key().context("Failed to load private key")?; + trace_println!("[+] Private key loaded successfully"); + + let config = rustls::ServerConfig::builder_with_details(crypto_provider, time_provider) + .with_safe_default_protocol_versions() + .context("Inconsistent cipher-suite/versions selected")? .with_no_client_auth() - .with_single_cert(certs, privkey) - .unwrap(); + .with_single_cert(certs, private_key) + .context("Failed to create server config with certificate")?; - Arc::new(config) + Ok(Arc::new(config)) } -fn load_certs() -> Vec<rustls::Certificate> { - let bytes = include_bytes!("../test-ca/ecdsa/end.fullchain").to_vec(); - let cursor = std::io::Cursor::new(bytes); - let mut reader = BufReader::new(cursor); - let certs = rustls_pemfile::certs(&mut reader).unwrap(); - certs - .iter() - .map(|v| rustls::Certificate(v.clone())) - .collect() +fn load_certs() -> anyhow::Result<Vec<CertificateDer<'static>>> { + let pem_data = include_bytes!("../test-ca/ecdsa/end.fullchain"); + let cursor = std::io::Cursor::new(pem_data); + CertificateDer::pem_reader_iter(cursor) + .collect::<std::result::Result<Vec<_>, _>>() + .context("Failed to parse certificate PEM data") } -fn load_private_key() -> rustls::PrivateKey { - let bytes = include_bytes!("../test-ca/ecdsa/end.key").to_vec(); - let cursor = std::io::Cursor::new(bytes); - let mut reader = BufReader::new(cursor); - let keys = rustls_pemfile::pkcs8_private_keys(&mut reader).unwrap(); - assert_eq!(keys.len(), 1); - rustls::PrivateKey(keys[0].clone()) +fn load_private_key() -> anyhow::Result<PrivateKeyDer<'static>> { + let pem_data = include_bytes!("../test-ca/ecdsa/end.key"); + let cursor = std::io::Cursor::new(pem_data); + PrivateKeyDer::from_pem_reader(cursor).context("Failed to parse private key PEM data") } include!(concat!(env!("OUT_DIR"), "/user_ta_header.rs")); diff --git a/tests/test_tls_server.sh b/tests/test_tls_server.sh index dacb364..6b2e556 100755 --- a/tests/test_tls_server.sh +++ b/tests/test_tls_server.sh @@ -23,19 +23,24 @@ NEED_EXPANDED_MEM=true # Include base script source setup.sh +rm -f openssl.log + # Copy TA and host binary cp ../examples/tls_server-rs/ta/target/$TARGET_TA/release/*.ta shared cp ../examples/tls_server-rs/host/target/$TARGET_HOST/release/tls_server-rs shared +cp ../examples/tls_server-rs/ta/test-ca/ecdsa/ca.cert shared # Run script specific commands in QEMU run_in_qemu "cp *.ta /lib/optee_armtz/\n" run_in_qemu "./tls_server-rs\n" -echo "Q" | openssl s_client -connect 127.0.0.1:54433 -debug > openssl.log 2>&1 +# Outside the QEMU: connect the server using openssl, accept the self-signed CA cert +# || true because we want to continue testing even if the connection fails, and check the log later +echo "Q" | openssl s_client -connect 127.0.0.1:54433 -CAfile shared/ca.cert -debug > openssl.log 2>&1 || true run_in_qemu "^C" # Script specific checks { - grep -q "DONE" openssl.log && + grep -q "Verification: OK" openssl.log && grep -q "close session" screenlog.0 } || { cat -v screenlog.0 --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
