From 8ae5a0f3c5b8e3797076352f4e9658d1546a5eb4 Mon Sep 17 00:00:00 2001 From: pinkforest <36498018+pinkforest@users.noreply.github.com> Date: Thu, 25 Apr 2024 01:41:06 +1000 Subject: [PATCH 01/23] Reapply "Add test for bare PING-PONG protocol over TLS handle (#55)" (#63) This reverts commit 3c8d21d6d3f9d29dbf9b3e01cc465ff0f3a1b3aa. --- Cargo.lock | 73 ++++++++++++++ Cargo.toml | 4 + certs/Makefile | 62 ++++++++++++ certs/ca.rsa4096.crt | 33 +++++++ certs/ca.rsa4096.key | 52 ++++++++++ certs/cert.cnf | 21 ++++ certs/openssl.cnf | 23 +++++ certs/rustcryp.to.rsa4096.ca_signed.crt | 38 +++++++ certs/rustcryp.to.rsa4096.csr | 29 ++++++ certs/rustcryp.to.rsa4096.key | 52 ++++++++++ tests/bare-ping-poing.rs | 125 ++++++++++++++++++++++++ 11 files changed, 512 insertions(+) create mode 100644 certs/Makefile create mode 100644 certs/ca.rsa4096.crt create mode 100644 certs/ca.rsa4096.key create mode 100644 certs/cert.cnf create mode 100644 certs/openssl.cnf create mode 100644 certs/rustcryp.to.rsa4096.ca_signed.crt create mode 100644 certs/rustcryp.to.rsa4096.csr create mode 100644 certs/rustcryp.to.rsa4096.key create mode 100644 tests/bare-ping-poing.rs diff --git a/Cargo.lock b/Cargo.lock index 0183615..43fe59d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -55,6 +55,12 @@ version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b" +[[package]] +name = "bitflags" +version = "2.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed570934406eb16438a4e976b1b4500774099c13b8cb96eec99f620f05090ddf" + [[package]] name = "block-buffer" version = "0.10.4" @@ -289,6 +295,21 @@ version = "0.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1676f435fc1dadde4d03e43f5d62b259e1ce5f40bd4ffb21db2b42ebe59c1382" +[[package]] +name = "foreign-types" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" +dependencies = [ + "foreign-types-shared", +] + +[[package]] +name = "foreign-types-shared" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" + [[package]] name = "generic-array" version = "0.14.7" @@ -445,6 +466,44 @@ version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381" +[[package]] +name = "openssl" +version = "0.10.64" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "95a0481286a310808298130d22dd1fef0fa571e05a8f44ec801801e84b216b1f" +dependencies = [ + "bitflags", + "cfg-if", + "foreign-types", + "libc", + "once_cell", + "openssl-macros", + "openssl-sys", +] + +[[package]] +name = "openssl-macros" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "openssl-sys" +version = "0.9.101" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dda2b0f344e78efc2facf7d195d098df0dd72151b26ab98da807afc26c198dff" +dependencies = [ + "cc", + "libc", + "pkg-config", + "vcpkg", +] + [[package]] name = "p256" version = "0.13.2" @@ -516,6 +575,12 @@ dependencies = [ "spki", ] +[[package]] +name = "pkg-config" +version = "0.3.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec" + [[package]] name = "platforms" version = "3.3.0" @@ -695,9 +760,11 @@ dependencies = [ "ecdsa", "ed25519-dalek", "hmac", + "openssl", "p256", "p384", "paste", + "pem-rfc7468", "pkcs8", "rand_core", "rsa", @@ -855,6 +922,12 @@ version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" +[[package]] +name = "vcpkg" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" + [[package]] name = "version_check" version = "0.9.4" diff --git a/Cargo.toml b/Cargo.toml index b50d4a9..41dddfc 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -43,3 +43,7 @@ std = ["alloc", "webpki/std", "pki-types/std", "rustls/std", "ed25519-dalek/std" # TODO: go through all of these to ensure to_vec etc. impls are exposed alloc = ["webpki/alloc", "pki-types/alloc", "aead/alloc", "ed25519-dalek/alloc"] zeroize = ["ed25519-dalek/zeroize", "x25519-dalek/zeroize"] + +[dev-dependencies] +openssl = { version = "0.10", default-features = false } +pem-rfc7468 = { version = "0.7", default-features = false, features = ["alloc"] } diff --git a/certs/Makefile b/certs/Makefile new file mode 100644 index 0000000..e2d13cb --- /dev/null +++ b/certs/Makefile @@ -0,0 +1,62 @@ +ed25519: ed25519-key ed25519-csr sign-ed25519-csr pk12-ed25519 + +rsa4096: rsa4096-key rsa4096-csr sign-rsa4096-csr pk12-rsa4096 + +clean: + rm rustcryp.to.key rustcryp.to.csr rustcryp.to.crt + +## Server Cert Keys + +ed25519-key: + openssl genpkey -algorithm ED25519 > rustcryp.to.ed25519.key + +rsa4096-key: + openssl genrsa -out rustcryp.to.rsa4096.key 4096 + +## CA + +ca-rsa4096-key: + openssl genrsa -out ca.rsa4096.key 4096 + +ca-rsa4096-crt: ca-rsa4096-key + openssl req -x509 -new -nodes -key ca.rsa4096.key -out ca.rsa4096.crt \ + -subj /C=XX/ST=YY/L=Antarctica/O=RustCrypto/OU=Contributors/CN=ca.rustcryp.to + +## CSR + +ed25519-csr: + openssl req -new -out rustcryp.to.ed25519.csr -key rustcryp.to.ed25519.key -config openssl.cnf + +rsa4096-csr: rsa4096-key + openssl req -new -out rustcryp.to.rsa4096.csr -key rustcryp.to.rsa4096.key -config cert.cnf + + +## Sign PKCS10 CA certified + +ca-sign-rsa4096-csr: + openssl x509 -req \ + -in rustcryp.to.rsa4096.csr \ + -out rustcryp.to.rsa4096.ca_signed.crt \ + -CA ca.rsa4096.crt \ + -CAkey ca.rsa4096.key \ + -CAcreateserial \ + -days 30 \ + -extensions v3_end \ + -extfile openssl.cnf + +## Sign PKCS10 self-certified + +sign-ed25591-csr: + openssl x509 -req -days 30 -in rustcryp.to.ed25519.csr -signkey rustcryp.to.ed25519.key -out rustcryp.to.ed25519.crt + +sign-rsa4096-csr: + openssl x509 -req -days 30 -in rustcryp.to.rsa4096csr -signkey rustcryp.to.rsa4096.key -out rustcryp.to.rsa4096.crt + +## Export PKCS12 + +pk12-ed25519: + openssl pkcs12 -export -out rustcryp.to.ed25519.pfx -inkey rustcryp.to.ed25519.key -in rustcryp.to.ed25519.crt -passout pass:test + +pk12-rsa4096: + openssl pkcs12 -export -out rustcryp.to.rsa4096.pfx -inkey rustcryp.to.rsa4096.key -in rustcryp.to.rsa4096.crt -passout pass:test + diff --git a/certs/ca.rsa4096.crt b/certs/ca.rsa4096.crt new file mode 100644 index 0000000..4f52d2e --- /dev/null +++ b/certs/ca.rsa4096.crt @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFyTCCA7GgAwIBAgIUZx1B7o0SWeXhfT02gERB5Hb9G4wwDQYJKoZIhvcNAQEL +BQAwdDELMAkGA1UEBhMCWFgxCzAJBgNVBAgMAllZMRMwEQYDVQQHDApBbnRhcmN0 +aWNhMRMwEQYDVQQKDApSdXN0Q3J5cHRvMRUwEwYDVQQLDAxDb250cmlidXRvcnMx +FzAVBgNVBAMMDmNhLnJ1c3RjcnlwLnRvMB4XDTI0MDMxODA4MzQzN1oXDTI0MDQx +NzA4MzQzN1owdDELMAkGA1UEBhMCWFgxCzAJBgNVBAgMAllZMRMwEQYDVQQHDApB +bnRhcmN0aWNhMRMwEQYDVQQKDApSdXN0Q3J5cHRvMRUwEwYDVQQLDAxDb250cmli +dXRvcnMxFzAVBgNVBAMMDmNhLnJ1c3RjcnlwLnRvMIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEAh1c9EIxYfevzH7mA+GBNwnDs72Wz5hRRwuP0Or+ujhwI +0nJOBZbxVdqEQRkMCqMDjinUwup1iYHyAzGEVoUNuM3GrC0grhkxc540x47m0YRz +ncCcSgh/dvGVpjlKR33V91dCwHp7LcgegbpoWaGhg+Vu03l0GrLV0ICsmeSPk1qW +5BLW/G6xnSzRjNKnty3U38JwFGvxW+8qs53L8HNYEqFRPlNiS8DgZdtMk+5bgZW9 +Zw7QSTANTsjDUC+E5E5kY9Bedgcg4nMaOpxI3wbeWguNa8Vj+i/jFERFG034fYo4 +oEWB95djGfIL0ULuRbi6JtrHprTJzzQciRpxGXYQl+Txa7jAaoSPZu4I4V4Gh3kh +OUQJGp12LYOcJ36oyruLnliquXrG2YtEwqNV5OyEPKtFUai99l+f54wLKgSNQpvo +phu4OogYFJmC21DqG7XejnYOSjwITWaWt86ee9Q1AQT+JSRp/f+7qM71yUoAH2OJ +dvuauFN2VTHKtR0csmzOEZvTmRXj+ykxdn7i4kAvAVE8RdaiNK/i/dKmV40oQTe3 +eiW7dVa34pl8yQcpJoAi+r/APYpPyh61NOb2Fk4GdF3uXs2muPfHU6WEfmzCow1P +6ZyBRkcktJOztK4PNBykcx7yV0C3L5KPmAi85iAKsvWE4anJugiMxd5bWV9xZ9cC +AwEAAaNTMFEwHQYDVR0OBBYEFHmJDp40jGidJyLW7XHCkfm7KkBwMB8GA1UdIwQY +MBaAFHmJDp40jGidJyLW7XHCkfm7KkBwMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggIBAATry9irnXdVpOF9aFoveqhL452DyNoEF8xJyL0URxauaq84 +F15tLM5fjTX//uOcabYBBIbFwgVtgFtGwkh/HxhzQOpVjli96sxTkYgRpgVXXgT+ +0EPpqDXiRQV94NfcGOXQPImL5GVFbM46FEOvBy0AMiBqlU1eha1z9nbub0r2HD0h +Pu/4OuU8YBenl4RCgB6HsuLYr54dRiHLw+QzryUcot2ItzxpOaFcDS9uMlVb8E14 +MJV/szLKyT9mYQyseMMhOH+HBKZO6zfBedpRZcVQkQpKJ9YG25ZIHevVjSTHpLBZ +kNqkhlS40VemY/BnDGsVWaJHPbW4mPr9uSRB37J2wZR62Tsbyjauou56rTDBQkwd +m1wq7JADyKhwh5aAfee9qhuCPe3Y9bSjx0M9M9pfWCizdEDajvW8vAcK1a55TMvc +udh5vlwvinp5PCISGxuzI/8AAlw+O/fmI7z3oOGsOP0ckZ2GOOJX2DO1AzNX8EXV +N2AFD5kwxVm0GRiiy8DWnHwVEUbp3znYCdBPtU2Q2uRN60hIiEgIWXG4vtclCOoy +PV34tsQM6brspFGZ5UE7rZGoOmj6zFaoUSRSmdpD/X09w3n4iNjut6UmT2D1vwn6 +aEI3s84ezzexw7hCiyzMVe7ZK5vWHFmhUuvi1+J1WzqF60dIh6MEX/MFSHjI +-----END CERTIFICATE----- diff --git a/certs/ca.rsa4096.key b/certs/ca.rsa4096.key new file mode 100644 index 0000000..9743a34 --- /dev/null +++ b/certs/ca.rsa4096.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCHVz0QjFh96/Mf +uYD4YE3CcOzvZbPmFFHC4/Q6v66OHAjSck4FlvFV2oRBGQwKowOOKdTC6nWJgfID +MYRWhQ24zcasLSCuGTFznjTHjubRhHOdwJxKCH928ZWmOUpHfdX3V0LAenstyB6B +umhZoaGD5W7TeXQastXQgKyZ5I+TWpbkEtb8brGdLNGM0qe3LdTfwnAUa/Fb7yqz +ncvwc1gSoVE+U2JLwOBl20yT7luBlb1nDtBJMA1OyMNQL4TkTmRj0F52ByDicxo6 +nEjfBt5aC41rxWP6L+MUREUbTfh9ijigRYH3l2MZ8gvRQu5FuLom2semtMnPNByJ +GnEZdhCX5PFruMBqhI9m7gjhXgaHeSE5RAkanXYtg5wnfqjKu4ueWKq5esbZi0TC +o1Xk7IQ8q0VRqL32X5/njAsqBI1Cm+imG7g6iBgUmYLbUOobtd6Odg5KPAhNZpa3 +zp571DUBBP4lJGn9/7uozvXJSgAfY4l2+5q4U3ZVMcq1HRyybM4Rm9OZFeP7KTF2 +fuLiQC8BUTxF1qI0r+L90qZXjShBN7d6Jbt1VrfimXzJBykmgCL6v8A9ik/KHrU0 +5vYWTgZ0Xe5ezaa498dTpYR+bMKjDU/pnIFGRyS0k7O0rg80HKRzHvJXQLcvko+Y +CLzmIAqy9YThqcm6CIzF3ltZX3Fn1wIDAQABAoICADGyXhDyiBgNCSSQGISb0FHi +543suYd11KQM0oS0GCPEtZSZNn8k8w+EguXojZxmSYrtX1wHfgt1NOnpR+ABUY2X +uilFFOf5BkifQmA44Bb1XQMDVCB3SF7jzQDRrq3bzjLZzwAguZSRFGqsiV7IVCe7 +mtt6kKCxJIRAi6Ci5fnE3P140Yq2FvBRIc1lGQLRiIZ1vnQxQtpwUyzLd7SeliuZ +It0Q/1ozw/KC+XakouNNmdP7A46sX2abn+SU3mZ7Rq/ENrt+WJvuiiYVd0i2G/XS +oiZ9v/2Bkg/CFeI12lY26B4qB9RjuZcwYxh/TEE72NclpQRZBHXae9P4aqlfyi2D +xxQzQQZebX7Tut5tkyeQGxRxk789DxqZxHbTkCuL7PXS+VaTgcK5pAL7m1Y+3ysc +GhSwVH6QgeghY8m1LCMNGRT3ZObpUfDk4/Bl9oP6FLo31Rkz9+RnQyjktzDEXlEy +4QMhYv5hES6rypA9VW9oJmsnpWeJSNhUFKjKsyRhWGG3bKLXgTzZMGNyEOwliaV1 +FybsccdWD1K447kpmkUn8bQayDM76JDBOcLI5cc4Ddl6i1HOcdGDbGWxTeSvgGAr +boUBGf3wXxOeJsT4KTVs1OCeCswnPnOr5jDhPUVIr8Nttf5B2BxknbH6W3KjGxUJ +EMsdQke1Q+pO661dYvEZAoIBAQC7PPYwFx1QsJk8xqrAVpD8pLktjxxtNzNHjZcm +CtPsG3A4dmdIhducZYJxB9KYo7+rii2AchvnetIUd5fcj173if1BCJtv67/3/IqN +kb7GR6l+YvY+JPmDUjcf1Jq00cPe5aBpTbR7UycGzzcqr/SDWrek2Y5S7d+liZu/ +1RkBthhKXZ+vBLIpAjJhH4IvcfFta5tzZ3mvY7NigWGiE5SN3yNu+WAAUFIea3mU +RW61ftnzvFHHhHQfw7Kr26nSVyqn1vsq7TavTDXrBwozLeqTN/GeNgcH4K3aUitM +NLDMrTV1szv1NsHnDhn3qhzBSzrf1P3GhDb1+BY1Le/TysaTAoIBAQC5CzCWGu2z +p1h7bHcZEdRjoSRUTT3ODhF4EzIVddZB6CKjOqfHjXcKcrzt7pvqWwlc0iR7mXJx +E4kF4UIV40Vb4cqwLbVuessK79x4mAf/NX2zKHixD3XPbAgCHTCfvj1cBwedZcwY +pAoIIocwDMpBqL0165CLLsv7MlXImFb60EjkNNCE4XkJZ7bk1grcpati4LfLrNAs +SUjh9vZED9N//0tF5du4w6jtwm43k9ZIDNH6FFIe8YFHWzHP1eJYrMUv2wZ+nqtP +OaPmvUpdnr7xvrkU+CyI4kah9TlvJjeMzZ0cC7cpmwVAbJqg95XuIMAyeZT/M8zi +AyozNuB/UYAtAoIBAQC5j6MU6fN9omdbmjBjSeeK2t1Cz5AGlSxW/3YKl7SLTG4d +JwsZDsAk8V0jE/Ocnrw4D0sk/vG0qT5GVnfEeLpPbQv2Rcd2Vhf8duYBg62j6CWM +Qht0X0SA5xwGibeA+Fq8LqqZcg8qIbCNyRMNVTBodaGG2K16dpCtCAG5TkHoNkVA +fiThWTAQAENZidaFmtD/9iMrbiNktNR1DXBrJiiVqcz+EFsaNIAN8cmeLmmXqc3r +Bnmt2BEV4ebS93IIKab2i9KEKm+Fr2vIL0PmkNznZgwpFbZGEl95/PE4JwgI8KgI +q8cCMHBewtTtZEP3NM12Qyn2cdXeUy3/KjWCmnXNAoIBAEFeoptkh/SfebKgbrJ8 +iftoQd1GLD9O2P0CSv8p0bcWuqXPYtYsM5GNVxD26j2wS25vDlRbsQIhVJavLRlu +YGJFMcVrYFzXJEOI2OoBS1HtI6rW8UwbmhLcpzeX+EV2f1azZQ1FmQRbbu/QwtFG +s2zen3kc7sM8lPL4pTVoG9IfIqD7x24p+QhJi2Lr+opYPGOB32wkcKY0fXrWM8l3 +jc/58C2RNj3fYR4dQbKAl4J8hPFDnH8x8emzXbV+aafJ4R820OSKSRqD0lMBK/RG +0E22gsvVoGX7CdjNOKz7Y0RqnsX5nYslKIXJ2BZlYKHvD/bE3M4LDqYJWC8fg892 +i0ECggEAXi2lJdFFcsu8o7LYnFz4wIjC0CUuhyRvN66BtD8ggdtnKE2Isggr6EXZ +wzekEWYesNBC4gCYWZSf5uqW5oUs5hpbeW0G8ktFZ4fsMgVkSlMGTwpXGwW8v+d1 +hMeI9PtX4JvfbpYtWqLsjpnSf+l0i07vxAa4movzHs/iYF1/XBxZweGELSpNvyYa +l/7mD55D9XGNPiIo5cNdxya0hvOByVA8HCLf3D1bA9D4cs21OeZirG0YnCQyYmW+ +EqBiJDXPDdzCsBFAFxiRJTkNypBn7P+AWSYHVAOhJTh2sQqA2gNEemQLTajemgpa +CFPGysTiqjSznXbv6loyTwp2Cs1PoA== +-----END PRIVATE KEY----- diff --git a/certs/cert.cnf b/certs/cert.cnf new file mode 100644 index 0000000..6f97235 --- /dev/null +++ b/certs/cert.cnf @@ -0,0 +1,21 @@ +[req] +default_bits = 4096 +prompt = no +default_md = sha256 +req_extensions = req_ext +distinguished_name = dn + +[ dn ] +C=XX +ST=YY +L=Antarctica +O=Contributors +OU=Testers +emailAddress=hello@rustcryp.to +CN = test.rustcryp.to + +[ req_ext ] +subjectAltName = @alt_names + +[ alt_names ] +DNS.1 = localhost diff --git a/certs/openssl.cnf b/certs/openssl.cnf new file mode 100644 index 0000000..eb94919 --- /dev/null +++ b/certs/openssl.cnf @@ -0,0 +1,23 @@ +[ v3_end ] +basicConstraints = critical,CA:false +keyUsage = nonRepudiation, digitalSignature +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +subjectAltName = @alt_names + +[ v3_client ] +basicConstraints = critical,CA:false +keyUsage = nonRepudiation, digitalSignature +extendedKeyUsage = critical, clientAuth +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always + +[ v3_inter ] +subjectKeyIdentifier = hash +extendedKeyUsage = critical, serverAuth, clientAuth +basicConstraints = CA:true +keyUsage = cRLSign, keyCertSign, digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign + +[ alt_names ] +DNS.1 = www.rustcryp.to +DNS.3 = localhost diff --git a/certs/rustcryp.to.rsa4096.ca_signed.crt b/certs/rustcryp.to.rsa4096.ca_signed.crt new file mode 100644 index 0000000..ba2217d --- /dev/null +++ b/certs/rustcryp.to.rsa4096.ca_signed.crt @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIIGszCCBJugAwIBAgIULBS6esIThT88ao9+pOZd5y/bJ70wDQYJKoZIhvcNAQEL +BQAwdDELMAkGA1UEBhMCWFgxCzAJBgNVBAgMAllZMRMwEQYDVQQHDApBbnRhcmN0 +aWNhMRMwEQYDVQQKDApSdXN0Q3J5cHRvMRUwEwYDVQQLDAxDb250cmlidXRvcnMx +FzAVBgNVBAMMDmNhLnJ1c3RjcnlwLnRvMB4XDTI0MDMxODA4MzU1OVoXDTI0MDQx +NzA4MzU1OVowgZUxCzAJBgNVBAYTAlhYMQswCQYDVQQIDAJZWTETMBEGA1UEBwwK +QW50YXJjdGljYTEVMBMGA1UECgwMQ29udHJpYnV0b3JzMRAwDgYDVQQLDAdUZXN0 +ZXJzMSAwHgYJKoZIhvcNAQkBFhFoZWxsb0BydXN0Y3J5cC50bzEZMBcGA1UEAwwQ +dGVzdC5ydXN0Y3J5cC50bzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +AKOL3HYFIrHcRSSSEcddktLIm1Yf24src2TgKA6ELmFPHqeV0iKNLfNibGfj/NGl +ajFy+SB/bf2koD+MBQiTWVvkO7csZPl/aK3ShqzLqlkGDzGjkudE8BusY+Fn9cPB +/2dsUSaV0FT4yJvPgzQqRqUryMqPe9DVLZ4Lk6O9o22Br71UVOfdVhVu9HqpKydB +7VdHor8PbDej+xqTiZdmkyTleRHqL4QdsB8OG1L/VtHaEuoOrrKgSy/SAxu8fXyI +xZEHue+aUS5OMKu8T9A5yApS+VNGsJ0e5ysqVCS8DjQ/YbtPI1BuTmvlL1KqDdQZ +BzT6yfzAW15hs8X3QBy2DPMFNZiWL6QKeXYULkVIs46im+J2Yc4ZHAXPYpZIvT45 +B3OjQEmuDxLNyW0oCJG4fZagXT06NhsI0q14E52QqpAXXRfPe1DEZ4TG0mL4tKVH +wqZ1QR1nDzWS2d4Jd7vdYVIHYtQ5cqelJg/h9pt07GtjvsO9rWBNtb34COOkAazj +mPKDPTKHHI5omOoHwUAZIbKVFA5B2oaxAspzRX9xYQW4Ua/YICFuPnbVnCFUrkFV +KPq4uX8RoEQQ3qRo/MehAB0uZJWay6qM53luWiMlrIXbwaZu5zXA4i42WGTwVh6N +4C1P0lOwfPRcIXhj1sB0paY1bjVkBGLSbxVXUTxm15bBAgMBAAGjggEZMIIBFTAM +BgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIGwDAdBgNVHQ4EFgQUfB1gPr/ENxOfGfNK +GlFpRutlMnQwgbEGA1UdIwSBqTCBpoAUeYkOnjSMaJ0nItbtccKR+bsqQHCheKR2 +MHQxCzAJBgNVBAYTAlhYMQswCQYDVQQIDAJZWTETMBEGA1UEBwwKQW50YXJjdGlj +YTETMBEGA1UECgwKUnVzdENyeXB0bzEVMBMGA1UECwwMQ29udHJpYnV0b3JzMRcw +FQYDVQQDDA5jYS5ydXN0Y3J5cC50b4IUZx1B7o0SWeXhfT02gERB5Hb9G4wwJQYD +VR0RBB4wHIIPd3d3LnJ1c3RjcnlwLnRvgglsb2NhbGhvc3QwDQYJKoZIhvcNAQEL +BQADggIBAIRW8ysLc+woHqLh5yhghSe4uswtoWDZI9XFFLbssl8FNsbwMn8+nSiX +FYSsyOxyGpPyJaqya0zfMwrZikz7dJcbjz/a6R5DHM04PaYodlH4GROWxKl2XcW4 +q3523tJFJ8I1sbC3FXN3XNQubRPWfrxqUqLz5thefA+i4A81AG8bMT0oZtbtNt3s +iBj+FyRH3XgdE3Hx/X7d8PyUWDnii/1/bp81Q1+zfzBu3Ex3YsfdVUwdJ7+fvnAb ++LJTyVOuMIbwQFoQp2HL4VeBZpdPB7rTLqIL1NCUN5NbG2PeVT3VIZDzoT82903v +b1CqVRawcsMfHAu8vqkWzjTXjLuACoMA0sUeDcnnY53e8SeSfeRX5KDm3KIVE1NJ +JD/2lPfldnIdDwWHbM4AUrEm1896NkrP2bbrFOp4+cjxU5PZnXl9RNFpCCi0Pf4h +B0LSg88ltfnjGAkeXOPxHLfhqmXGHuIlnautbGRBB9m44qmeKNcSbqlP0wULQ+mW +sstteuGHtCQnvKKmlux6RylWFkEki8U0LTE/LWB8BBKqrcB6YmaE8vZR9RWY2V39 +vyszzi3vqTO6Wz4aVXs7mruRZMT5RbanVDPws4ehB/Dysj38AebYTlspJY1yzPwm +OALJkg4Sah/sLShN+OGHPTpjshiMSnFjrO2VlOoMIFR6JGqTSAcR +-----END CERTIFICATE----- diff --git a/certs/rustcryp.to.rsa4096.csr b/certs/rustcryp.to.rsa4096.csr new file mode 100644 index 0000000..29acfd1 --- /dev/null +++ b/certs/rustcryp.to.rsa4096.csr @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIFAjCCAuoCAQAwgZUxCzAJBgNVBAYTAlhYMQswCQYDVQQIDAJZWTETMBEGA1UE +BwwKQW50YXJjdGljYTEVMBMGA1UECgwMQ29udHJpYnV0b3JzMRAwDgYDVQQLDAdU +ZXN0ZXJzMSAwHgYJKoZIhvcNAQkBFhFoZWxsb0BydXN0Y3J5cC50bzEZMBcGA1UE +AwwQdGVzdC5ydXN0Y3J5cC50bzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAKOL3HYFIrHcRSSSEcddktLIm1Yf24src2TgKA6ELmFPHqeV0iKNLfNibGfj +/NGlajFy+SB/bf2koD+MBQiTWVvkO7csZPl/aK3ShqzLqlkGDzGjkudE8BusY+Fn +9cPB/2dsUSaV0FT4yJvPgzQqRqUryMqPe9DVLZ4Lk6O9o22Br71UVOfdVhVu9Hqp +KydB7VdHor8PbDej+xqTiZdmkyTleRHqL4QdsB8OG1L/VtHaEuoOrrKgSy/SAxu8 +fXyIxZEHue+aUS5OMKu8T9A5yApS+VNGsJ0e5ysqVCS8DjQ/YbtPI1BuTmvlL1Kq +DdQZBzT6yfzAW15hs8X3QBy2DPMFNZiWL6QKeXYULkVIs46im+J2Yc4ZHAXPYpZI +vT45B3OjQEmuDxLNyW0oCJG4fZagXT06NhsI0q14E52QqpAXXRfPe1DEZ4TG0mL4 +tKVHwqZ1QR1nDzWS2d4Jd7vdYVIHYtQ5cqelJg/h9pt07GtjvsO9rWBNtb34COOk +AazjmPKDPTKHHI5omOoHwUAZIbKVFA5B2oaxAspzRX9xYQW4Ua/YICFuPnbVnCFU +rkFVKPq4uX8RoEQQ3qRo/MehAB0uZJWay6qM53luWiMlrIXbwaZu5zXA4i42WGTw +Vh6N4C1P0lOwfPRcIXhj1sB0paY1bjVkBGLSbxVXUTxm15bBAgMBAAGgJzAlBgkq +hkiG9w0BCQ4xGDAWMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQsF +AAOCAgEANfssW3NTIcZEZ5G7dh91NJzzMkQ+FtKH25eVgDqt5kfeTFP2+bicsMOT +bAj8JUEaSAvhg6tub9acYGdSbvjSjzb5mE/ZULoVZGPTa8uKhiGlMozYFjOPi0P1 +Fp90Pvb2UKKLSnunP9VgjtqVB0yHOCl5AJxFshyXqIFUJBPWJSNDLIDE4NF9MpPL +xWmQ2cOQvgs6YrETxDVw4NrExODDCGszTXeboCyef/ajAe9QXSy2G3MPcR6aBFly +K9qs63VqFOM8iOgtmfX4dKNqfryBq5MuknrqqrdLSWIebpE+mXnr6xU0bs1BjLqp +JG2ODTRSstrUZZdo35w7O5MS+GYcqwWzD9wPkWbRW6GMdc3/RnZJE1OcbSQ1HZwT +SR2DzqNwAfLwcmglQhy7DgXzcRzNlnjtHfflkCuzr+PL3D9s/ao/FngkuZ7Yh1pm +RLNRtDIEIFdasrWvAf5HPX7NDAL2/KTEUCPtKVmuyeaQSXqEwAhZvCFVkrP3yUz1 +EcGT8I4jhrF5QrtqHvnUezrICZNXYcBMB80Of6DvnRQkOLlqFc1Nj5FRp/cMKzkM +igUfBYyeP8AVZmNWjweBhc3VAie7mUBpWDgEGtyY1BSf1AapWggfXvrnNOhlvrJq +41m0ef+mk1mFC2rgqDAQj1cI5lp0oPZX3KHFFfl+hFbd9ig7rXQ= +-----END CERTIFICATE REQUEST----- diff --git a/certs/rustcryp.to.rsa4096.key b/certs/rustcryp.to.rsa4096.key new file mode 100644 index 0000000..9a5d6c5 --- /dev/null +++ b/certs/rustcryp.to.rsa4096.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCji9x2BSKx3EUk +khHHXZLSyJtWH9uLK3Nk4CgOhC5hTx6nldIijS3zYmxn4/zRpWoxcvkgf239pKA/ +jAUIk1lb5Du3LGT5f2it0oasy6pZBg8xo5LnRPAbrGPhZ/XDwf9nbFEmldBU+Mib +z4M0KkalK8jKj3vQ1S2eC5OjvaNtga+9VFTn3VYVbvR6qSsnQe1XR6K/D2w3o/sa +k4mXZpMk5XkR6i+EHbAfDhtS/1bR2hLqDq6yoEsv0gMbvH18iMWRB7nvmlEuTjCr +vE/QOcgKUvlTRrCdHucrKlQkvA40P2G7TyNQbk5r5S9Sqg3UGQc0+sn8wFteYbPF +90ActgzzBTWYli+kCnl2FC5FSLOOopvidmHOGRwFz2KWSL0+OQdzo0BJrg8Szclt +KAiRuH2WoF09OjYbCNKteBOdkKqQF10Xz3tQxGeExtJi+LSlR8KmdUEdZw81ktne +CXe73WFSB2LUOXKnpSYP4fabdOxrY77Dva1gTbW9+AjjpAGs45jygz0yhxyOaJjq +B8FAGSGylRQOQdqGsQLKc0V/cWEFuFGv2CAhbj521ZwhVK5BVSj6uLl/EaBEEN6k +aPzHoQAdLmSVmsuqjOd5blojJayF28Gmbuc1wOIuNlhk8FYejeAtT9JTsHz0XCF4 +Y9bAdKWmNW41ZARi0m8VV1E8ZteWwQIDAQABAoICABzM42zxKJPzu0VeZ70ZEGMI +Krq2732JkE+iXct4oYZHXZmbe57UB9SFb5u3/WyZ2aKNoauEZUU2eXXXXYeOEz1o +as+uBLYfJrr9iPPjBcOZmpFeQd9yN2pYKFqoaRIpFqYK4BuQZFiiWwl9OJi2HSy3 +EiwBqoczE05ysXQzUBVXsjAAKteOFbu+h1UWd1/5bydgmRtWRvNhcDXU53T+/kiQ +FIsAF5AHfl1pqYwrJQndglkvbrpMGhF4xU1cGykUGN6aYrb8EPG7mTyU8+UyV7Th +ucBdgXqZ15G1aY3yg/nVc4t9uzVNx4eem3/OLJM+OROuWmWlJjHvuK3TBbpIoOze +285q6tn5rROoEK+dCO6Gjhd6djbvXIPngO83/+x8XxYOrttDYEcv+RJAQAFopjwv +ulp2ln3TH29RuQ0PyEYiXepQuW4t5cAXP2UnM/MWvQpx2hILONM75V7Ye3OH5T7Z +GPE6LgvaBVSEJdqcxFjCTAkuN3zDUg8/rygAadVx5EhpPwL82l/DW9vFZmgzwOLi +IEYg4r5EmYmoDqNcJ6xYixgef2CQ/Cu3zB+S+CNbRUk0iJDjNFNf1Suwhrr/c5zE +7ueuEjb1bWvhMMC9SANCYtiXXUmdgdd6ahwrtE4oxl72mPqOkKVwkUYKhXt6w8zz +YiSbYYJmf6h4kWaz/GDVAoIBAQDNYUHB1R/CCTXBHGDOiqJT8Q7GmF3XvfdF4xIo +Ug+5TC1ybfS9qCQS+i9vYVC19W42gzvre6SqDz7TTZbJQQLhEtESIRbJxXPU2JfS +HC3198H39LRaEkEWXOcQMEkhh9Q4vaMSYiQvkphYcyXldWTDWsJtoDlaay7WNzIX +ZhAzkGAkNw7anTexIpgasoUQO5KgYt7fQ8k+eGTPxv6W4gJqXSgX7VH6JBmrN+Ob +caC4RFmEcyFjzxunKFaqy23M946V9ckiPz6++1e83v61DmpCXrZQVrl6A82qZISr +E2M0JkOh7bmRIMKyA6xtenm3JziLMfDkJ+d6R2sguRxwxT+vAoIBAQDL2w3biNWt +rMzXzFC7Ad7mEQSEyH+A7jAqDa9y+eNzkDAJRf0jbixpZYo4GqxgnNtr26/Kb+wk +TwMrXUny+EsS7mgK4iiaegGSwsBsd0aSI5frmNniDAz7LVZ95byzzXPRWyoHj2/f +C+FEYwjmdnta4KJNcPh72KScGSuUr4jRn2xiXTKa6+H61i/TrXjoRH6EOhuNEd4i +wc0rh0zdLe1oAlAKB9fDf1eN5w+gtcycykRmTMRiv8bU7UIxZUn8hhnc3u+shdUb ++L8JjQW9U+XSWNLVsy2f8MnQ1hKr86gjqE5oT1wLuYjsRNK7enc5X3gKvw01+Jz4 +xZ9AHPGBBDyPAoIBAQCAZ4QDOcpHOBbhi2qC924R6S6Bv5U8Y0qL6THa/6NRCG2J +k3Fmeg9DxiOOEVuyx6WGc3os+fqzUCDJX0McxIaWTXtlSEbFE6wdsOUKug+KLsKY +0edIQQ1se90C5A1050UpzHZ98doJ3C9fbW6ODV1YPhA9FeWFwGliCNRKiMcsVeGm +Ar5Is+6z0psiZeaHhZdgqzAIiorxgbgVp6ZYkylLcr60Zu3P5G4f/CtTbjE7w4/s +HUcM7dmuIqw80D7v3P7KhwafYMdMBDyQmyLH9CE/KZP2mqIPxPz6wSmpA9AMNLgo +L0bLk53mSiGtuNsMRXs2m5yuKLyyWKCDrvg3ETuFAoIBAC7Z22d3HVTbAAEgrfUs +yuOpSZaS1er10w/3MTmFgObQXpnjAfigm4hlk8ytJKzXn/478TzfWDBIEHxo5lP3 +CJoDPNozfA10uOPX6o2DJC72CzZUXM784gbgNp6crC/Oqi2VfCVcq+NhQZaMBEGj +PVp3ghW2PwWHlt1hU4jKhvFWaHx62uSMDdWuYDOQDNek1kbha++SCbGHRPYaFGpI +4eUjku2bO9VscNzmG8tdvPbT7cBtKD1hwfqxxKLBmq10zIDco8zMvVu+YXl6dbU7 +kPg0/c+rbHLzzg43BPeL+jqntc13X7o6G+PhNWVtEfWXoWkm24xp5PmvwZfkjwSN +yrUCggEAfl7Tn2HFOVYVggPU09gxRAzyO37FAjcge/nPmHqDUXZidvQTyAUj64cU +MC3oviFreC530z/JTgc1qWWWcFHsVE7QYHoFDsXTfwyNE02FtBepOsiYXM2AUcYx +5gI2psoXTFkOSQIDW+DTqndJK2o8HuTANcramhUpcjd5+SvtM2kGqOIv0enRsrhO +qPePpQaDjgVoDGKV4HJ7giAXiMR3Vlp3DSNkOM1kaU6JZckh9T2nz6AWc/y4DBLV +JzMgJlyUreoWKi4VZQQUQsCrBPc/GtcWf3iLwjzHi88T8hURqkla9+I22NAnJ6Zx +YoH2/0Jqixc/g57Y7CLF9IwQiopCXw== +-----END PRIVATE KEY----- diff --git a/tests/bare-ping-poing.rs b/tests/bare-ping-poing.rs new file mode 100644 index 0000000..96eb3d6 --- /dev/null +++ b/tests/bare-ping-poing.rs @@ -0,0 +1,125 @@ +use std::io::{Read, Write}; + +use std::fs::File; + +use openssl::ssl::{SslFiletype, SslMethod, SslStream}; +use std::net::{TcpListener, TcpStream}; +use std::sync::Arc; +use std::thread; +use std::time::Duration; + +use rustls::pki_types::CertificateDer; +use rustls::pki_types::ServerName; + +use rustls_rustcrypto::provider as rustcrypto_provider; + +#[test] +fn vs_openssl_as_client() { + let listener = TcpListener::bind("127.0.0.1:0").unwrap(); + let server_addr = listener.local_addr().unwrap(); + + let mut ca_pkcs10_file = File::open("certs/ca.rsa4096.crt").unwrap(); + let mut ca_pkcs10_data: Vec = vec![]; + ca_pkcs10_file.read_to_end(&mut ca_pkcs10_data).unwrap(); + let (ca_type_label, ca_data) = pem_rfc7468::decode_vec(&ca_pkcs10_data).unwrap(); + assert_eq!(ca_type_label, "CERTIFICATE"); + let rustls_cert_der: CertificateDer = ca_data.try_into().unwrap(); + + // rustls-rustcrypto Client thread + let client_thread = thread::spawn(move || { + let mut root_store = rustls::RootCertStore::empty(); + root_store.add(rustls_cert_der).unwrap(); + + let config = rustls::ClientConfig::builder_with_provider(Arc::new(rustcrypto_provider())) + .with_safe_default_protocol_versions() + .unwrap() + .with_root_certificates(root_store) + .with_no_client_auth(); + + let mut conn = rustls::ClientConnection::new( + Arc::new(config), + ServerName::try_from("localhost").unwrap(), + ) + .unwrap(); + let mut sock = TcpStream::connect(server_addr).unwrap(); + let mut tls = rustls::Stream::new(&mut conn, &mut sock); + + tls.write_all(b"PING\n").unwrap(); + + let _ciphersuite = tls.conn.negotiated_cipher_suite().unwrap(); + + let mut plaintext = Vec::new(); + tls.read_to_end(&mut plaintext).unwrap(); + + assert_eq!(core::str::from_utf8(&plaintext), Ok("PONG\n")); + + return; + }); + + let timeout_thread = thread::spawn(move || { + thread::sleep(Duration::from_millis(100)); + panic!("timeout"); + }); + + // OpenSSL Server Handler + let server_thread = thread::spawn(move || { + for stream in listener.incoming() { + match stream { + Ok(stream) => { + let mut ssl_context_build = + openssl::ssl::SslContext::builder(SslMethod::tls_server()).unwrap(); + ssl_context_build.set_verify(openssl::ssl::SslVerifyMode::NONE); + ssl_context_build + .set_ca_file("certs/ca.rsa4096.crt") + .unwrap(); + ssl_context_build + .set_certificate_file( + "certs/rustcryp.to.rsa4096.ca_signed.crt", + SslFiletype::PEM, + ) + .unwrap(); + ssl_context_build + .set_private_key_file("certs/rustcryp.to.rsa4096.key", SslFiletype::PEM) + .unwrap(); + // https://docs.rs/openssl/latest/openssl/ssl/struct.SslContextBuilder.html#method.set_cipher_list + // https://docs.rs/openssl/latest/openssl/ssl/struct.SslContextBuilder.html#method.set_ciphersuites + ssl_context_build.check_private_key().unwrap(); + let ctx = ssl_context_build.build(); + let ssl = openssl::ssl::Ssl::new(&ctx).unwrap(); + + let mut ssl_stream = SslStream::new(ssl, stream).unwrap(); + ssl_stream.accept().unwrap(); + let mut buf_in = vec![0; 1024]; + let siz = ssl_stream.ssl_read(&mut buf_in); + + let incoming = match siz { + Ok(i) => buf_in[0..i].to_vec(), + Err(_e) => panic!("Error reading?"), + }; + + assert_eq!(core::str::from_utf8(&incoming), Ok("PING\n")); + + let out = "PONG\n"; + ssl_stream.write(&out.as_bytes()).unwrap(); + + ssl_stream.shutdown().unwrap(); + } + Err(_) => panic!("Server connection failed"), + } + return; + } + }); + + loop { + thread::sleep(Duration::from_millis(10)); + if client_thread.is_finished() == true && server_thread.is_finished() == true { + break; + } + if timeout_thread.is_finished() == true { + panic!("TIMEOUT"); + } + } + + client_thread.join().expect("Client thread panic"); + server_thread.join().expect("Server thread panic"); +} From b7697b32ea16b2974c10cdffd0660f0d846dc569 Mon Sep 17 00:00:00 2001 From: pinkforest <36498018+pinkforest@users.noreply.github.com> Date: Thu, 25 Apr 2024 01:52:32 +1000 Subject: [PATCH 02/23] Adjust certs Makefile for 365 days and re-generate RSA --- certs/Makefile | 8 +- certs/ca.rsa4096.crt | 54 ++++++------- certs/ca.rsa4096.key | 100 ++++++++++++------------ certs/rustcryp.to.rsa4096.ca_signed.crt | 56 ++++++------- certs/rustcryp.to.rsa4096.csr | 44 +++++------ certs/rustcryp.to.rsa4096.key | 100 ++++++++++++------------ 6 files changed, 181 insertions(+), 181 deletions(-) diff --git a/certs/Makefile b/certs/Makefile index e2d13cb..39564b3 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -1,6 +1,6 @@ ed25519: ed25519-key ed25519-csr sign-ed25519-csr pk12-ed25519 -rsa4096: rsa4096-key rsa4096-csr sign-rsa4096-csr pk12-rsa4096 +rsa4096: rsa4096-key ca-rsa4096-key ca-rsa4096-crt rsa4096-csr ca-sign-rsa4096-csr sign-rsa4096-csr pk12-rsa4096 clean: rm rustcryp.to.key rustcryp.to.csr rustcryp.to.crt @@ -40,17 +40,17 @@ ca-sign-rsa4096-csr: -CA ca.rsa4096.crt \ -CAkey ca.rsa4096.key \ -CAcreateserial \ - -days 30 \ + -days 365 \ -extensions v3_end \ -extfile openssl.cnf ## Sign PKCS10 self-certified sign-ed25591-csr: - openssl x509 -req -days 30 -in rustcryp.to.ed25519.csr -signkey rustcryp.to.ed25519.key -out rustcryp.to.ed25519.crt + openssl x509 -req -days 365 -in rustcryp.to.ed25519.csr -signkey rustcryp.to.ed25519.key -out rustcryp.to.ed25519.crt sign-rsa4096-csr: - openssl x509 -req -days 30 -in rustcryp.to.rsa4096csr -signkey rustcryp.to.rsa4096.key -out rustcryp.to.rsa4096.crt + openssl x509 -req -days 365 -in rustcryp.to.rsa4096.csr -signkey rustcryp.to.rsa4096.key -out rustcryp.to.rsa4096.crt ## Export PKCS12 diff --git a/certs/ca.rsa4096.crt b/certs/ca.rsa4096.crt index 4f52d2e..4fd3e0c 100644 --- a/certs/ca.rsa4096.crt +++ b/certs/ca.rsa4096.crt @@ -1,33 +1,33 @@ -----BEGIN CERTIFICATE----- -MIIFyTCCA7GgAwIBAgIUZx1B7o0SWeXhfT02gERB5Hb9G4wwDQYJKoZIhvcNAQEL +MIIFyTCCA7GgAwIBAgIUYwbIsHSBxdFxuzRJnBbyNIkdDZMwDQYJKoZIhvcNAQEL BQAwdDELMAkGA1UEBhMCWFgxCzAJBgNVBAgMAllZMRMwEQYDVQQHDApBbnRhcmN0 aWNhMRMwEQYDVQQKDApSdXN0Q3J5cHRvMRUwEwYDVQQLDAxDb250cmlidXRvcnMx -FzAVBgNVBAMMDmNhLnJ1c3RjcnlwLnRvMB4XDTI0MDMxODA4MzQzN1oXDTI0MDQx -NzA4MzQzN1owdDELMAkGA1UEBhMCWFgxCzAJBgNVBAgMAllZMRMwEQYDVQQHDApB +FzAVBgNVBAMMDmNhLnJ1c3RjcnlwLnRvMB4XDTI0MDQyNDE1NTAzOVoXDTI0MDUy +NDE1NTAzOVowdDELMAkGA1UEBhMCWFgxCzAJBgNVBAgMAllZMRMwEQYDVQQHDApB bnRhcmN0aWNhMRMwEQYDVQQKDApSdXN0Q3J5cHRvMRUwEwYDVQQLDAxDb250cmli dXRvcnMxFzAVBgNVBAMMDmNhLnJ1c3RjcnlwLnRvMIICIjANBgkqhkiG9w0BAQEF -AAOCAg8AMIICCgKCAgEAh1c9EIxYfevzH7mA+GBNwnDs72Wz5hRRwuP0Or+ujhwI -0nJOBZbxVdqEQRkMCqMDjinUwup1iYHyAzGEVoUNuM3GrC0grhkxc540x47m0YRz -ncCcSgh/dvGVpjlKR33V91dCwHp7LcgegbpoWaGhg+Vu03l0GrLV0ICsmeSPk1qW -5BLW/G6xnSzRjNKnty3U38JwFGvxW+8qs53L8HNYEqFRPlNiS8DgZdtMk+5bgZW9 -Zw7QSTANTsjDUC+E5E5kY9Bedgcg4nMaOpxI3wbeWguNa8Vj+i/jFERFG034fYo4 -oEWB95djGfIL0ULuRbi6JtrHprTJzzQciRpxGXYQl+Txa7jAaoSPZu4I4V4Gh3kh -OUQJGp12LYOcJ36oyruLnliquXrG2YtEwqNV5OyEPKtFUai99l+f54wLKgSNQpvo -phu4OogYFJmC21DqG7XejnYOSjwITWaWt86ee9Q1AQT+JSRp/f+7qM71yUoAH2OJ -dvuauFN2VTHKtR0csmzOEZvTmRXj+ykxdn7i4kAvAVE8RdaiNK/i/dKmV40oQTe3 -eiW7dVa34pl8yQcpJoAi+r/APYpPyh61NOb2Fk4GdF3uXs2muPfHU6WEfmzCow1P -6ZyBRkcktJOztK4PNBykcx7yV0C3L5KPmAi85iAKsvWE4anJugiMxd5bWV9xZ9cC -AwEAAaNTMFEwHQYDVR0OBBYEFHmJDp40jGidJyLW7XHCkfm7KkBwMB8GA1UdIwQY -MBaAFHmJDp40jGidJyLW7XHCkfm7KkBwMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggIBAATry9irnXdVpOF9aFoveqhL452DyNoEF8xJyL0URxauaq84 -F15tLM5fjTX//uOcabYBBIbFwgVtgFtGwkh/HxhzQOpVjli96sxTkYgRpgVXXgT+ -0EPpqDXiRQV94NfcGOXQPImL5GVFbM46FEOvBy0AMiBqlU1eha1z9nbub0r2HD0h -Pu/4OuU8YBenl4RCgB6HsuLYr54dRiHLw+QzryUcot2ItzxpOaFcDS9uMlVb8E14 -MJV/szLKyT9mYQyseMMhOH+HBKZO6zfBedpRZcVQkQpKJ9YG25ZIHevVjSTHpLBZ -kNqkhlS40VemY/BnDGsVWaJHPbW4mPr9uSRB37J2wZR62Tsbyjauou56rTDBQkwd -m1wq7JADyKhwh5aAfee9qhuCPe3Y9bSjx0M9M9pfWCizdEDajvW8vAcK1a55TMvc -udh5vlwvinp5PCISGxuzI/8AAlw+O/fmI7z3oOGsOP0ckZ2GOOJX2DO1AzNX8EXV -N2AFD5kwxVm0GRiiy8DWnHwVEUbp3znYCdBPtU2Q2uRN60hIiEgIWXG4vtclCOoy -PV34tsQM6brspFGZ5UE7rZGoOmj6zFaoUSRSmdpD/X09w3n4iNjut6UmT2D1vwn6 -aEI3s84ezzexw7hCiyzMVe7ZK5vWHFmhUuvi1+J1WzqF60dIh6MEX/MFSHjI +AAOCAg8AMIICCgKCAgEAvU2Mig6qXtYz9Ga5xhH3+jQE/QBcUPoSlFBu699yT+Zk +SARUung1ZR0p8w4EtP8g4Avb3YoKazd3LlcCBQDtRT/9NTa8Wz6cp/d7OgZWvGeE +W10EhKIOm8beBSWYi0qdi6xnXBMJEirx958lH/v+zXLoKUXmRWbYjdd84igLVvTW +bh4UDg36qrVN7zYK6XjI/k3khvAqZh5/wkK9XIAlwWTItgypJjCXxlcNsM55D0UV +PLKUflaZIfyc2e44k9T3ZTFE/4r5KVmCiPzPhJDFhkXvbVQFLnGYlJ+Sz+HbAEM+ +WE10DdGbPu2SWnTkh3qIYJmewWGuynca//h/bX/tdyeWOwP6GNZgMBSw/Opz/95a +xFK/WZ5f6FyIU5K3XvuaFnQy4LaecQBn43EV+Dh6ATByDSAm058cHaon3FOIrR8T +l07ugDe6AEjjO4SzM9NwaxykN6p0ig8Hp+kReVx8Lr/MBf0L6oY00LD9pzP3h2+A +Tuzwi4+2Z/xhDOm8f/tzyLSB7wFrlCm3CP3MNel/aV+P1vSKsdMNHaHNJpwgVsjI +VBjchXKkJHH8NxEQoox/9lB3B7YhwfZ9Kxmce+8qaC6vejEJ00bYqfsNcsTDNAHU +mUyJfswBD6hWkPLVazjbRVqCzHPk46Lmyzgx+uKyisrF6rrch98hcAiWOMh/OkUC +AwEAAaNTMFEwHQYDVR0OBBYEFAIr9ZdW0YZXqmSE1HBF0SFbATwOMB8GA1UdIwQY +MBaAFAIr9ZdW0YZXqmSE1HBF0SFbATwOMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggIBAJA+cnD6gTsg/PHmrXXc8/Psa8RffrwFmnldV23fJECe011K +GPNI/GMszCPMeV1EVHfhxNulYBMfdacfNSr14TI2y1ErCwFfISRCNPLEDHX5JqVE +HHuCIKYq6XV3tHX4bLcq7qprQp3bq7LaqYcktfpN4eoxSwNRYPZpMXV1OQepl5jM +wIvP7kWkeCQTFZ/5xt0rWvqnYZ4bQMXB7wqsty7oYzoivsUcpgzeUnmDO9Ad0g1q +QsW8hcLxwChzcV+DtHjX1d1hP6NbZtlUOkmTwYMWdx6+8IFG6WeIMfjouXqNI4fj +5R/IJ+KqrRMBsRagDR4PPnIZEb21g/0nqF+YKGrIyiUu2+4yN8R/qXFQfQ5yYoB5 +d4P6PokqOQhyNq8oAKYK0iMU8Ju9mG2CjjS/W6HKqVfaE80foZBs0ohGZ7eh045Y +pCQh/Bwi5StECKk82TXHSQNjZaWlQsXYbVHM/uoJ6Rh38Lmn9CqjhRH9dKkOcMP9 +NWmDAnTnTko37li0Sr92hZoyKc77MNYBp15KlKGA3B+dPqu0pgMznVK0B1ddt9z3 +/hRHR6YSpULAB9NelAk8r556Sx6OFM9hC4i3OewJwoJBtyIrBHd1UEkq43FUuzug +DeOzb/dT46OKlXNdLK1Idpeh92f29vV0duHqJCd2HQ1OvMHlPY0c77Cpq8SC -----END CERTIFICATE----- diff --git a/certs/ca.rsa4096.key b/certs/ca.rsa4096.key index 9743a34..1f334c9 100644 --- a/certs/ca.rsa4096.key +++ b/certs/ca.rsa4096.key @@ -1,52 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCHVz0QjFh96/Mf -uYD4YE3CcOzvZbPmFFHC4/Q6v66OHAjSck4FlvFV2oRBGQwKowOOKdTC6nWJgfID -MYRWhQ24zcasLSCuGTFznjTHjubRhHOdwJxKCH928ZWmOUpHfdX3V0LAenstyB6B -umhZoaGD5W7TeXQastXQgKyZ5I+TWpbkEtb8brGdLNGM0qe3LdTfwnAUa/Fb7yqz -ncvwc1gSoVE+U2JLwOBl20yT7luBlb1nDtBJMA1OyMNQL4TkTmRj0F52ByDicxo6 -nEjfBt5aC41rxWP6L+MUREUbTfh9ijigRYH3l2MZ8gvRQu5FuLom2semtMnPNByJ -GnEZdhCX5PFruMBqhI9m7gjhXgaHeSE5RAkanXYtg5wnfqjKu4ueWKq5esbZi0TC -o1Xk7IQ8q0VRqL32X5/njAsqBI1Cm+imG7g6iBgUmYLbUOobtd6Odg5KPAhNZpa3 -zp571DUBBP4lJGn9/7uozvXJSgAfY4l2+5q4U3ZVMcq1HRyybM4Rm9OZFeP7KTF2 -fuLiQC8BUTxF1qI0r+L90qZXjShBN7d6Jbt1VrfimXzJBykmgCL6v8A9ik/KHrU0 -5vYWTgZ0Xe5ezaa498dTpYR+bMKjDU/pnIFGRyS0k7O0rg80HKRzHvJXQLcvko+Y -CLzmIAqy9YThqcm6CIzF3ltZX3Fn1wIDAQABAoICADGyXhDyiBgNCSSQGISb0FHi -543suYd11KQM0oS0GCPEtZSZNn8k8w+EguXojZxmSYrtX1wHfgt1NOnpR+ABUY2X -uilFFOf5BkifQmA44Bb1XQMDVCB3SF7jzQDRrq3bzjLZzwAguZSRFGqsiV7IVCe7 -mtt6kKCxJIRAi6Ci5fnE3P140Yq2FvBRIc1lGQLRiIZ1vnQxQtpwUyzLd7SeliuZ -It0Q/1ozw/KC+XakouNNmdP7A46sX2abn+SU3mZ7Rq/ENrt+WJvuiiYVd0i2G/XS -oiZ9v/2Bkg/CFeI12lY26B4qB9RjuZcwYxh/TEE72NclpQRZBHXae9P4aqlfyi2D -xxQzQQZebX7Tut5tkyeQGxRxk789DxqZxHbTkCuL7PXS+VaTgcK5pAL7m1Y+3ysc -GhSwVH6QgeghY8m1LCMNGRT3ZObpUfDk4/Bl9oP6FLo31Rkz9+RnQyjktzDEXlEy -4QMhYv5hES6rypA9VW9oJmsnpWeJSNhUFKjKsyRhWGG3bKLXgTzZMGNyEOwliaV1 -FybsccdWD1K447kpmkUn8bQayDM76JDBOcLI5cc4Ddl6i1HOcdGDbGWxTeSvgGAr -boUBGf3wXxOeJsT4KTVs1OCeCswnPnOr5jDhPUVIr8Nttf5B2BxknbH6W3KjGxUJ -EMsdQke1Q+pO661dYvEZAoIBAQC7PPYwFx1QsJk8xqrAVpD8pLktjxxtNzNHjZcm -CtPsG3A4dmdIhducZYJxB9KYo7+rii2AchvnetIUd5fcj173if1BCJtv67/3/IqN -kb7GR6l+YvY+JPmDUjcf1Jq00cPe5aBpTbR7UycGzzcqr/SDWrek2Y5S7d+liZu/ -1RkBthhKXZ+vBLIpAjJhH4IvcfFta5tzZ3mvY7NigWGiE5SN3yNu+WAAUFIea3mU -RW61ftnzvFHHhHQfw7Kr26nSVyqn1vsq7TavTDXrBwozLeqTN/GeNgcH4K3aUitM -NLDMrTV1szv1NsHnDhn3qhzBSzrf1P3GhDb1+BY1Le/TysaTAoIBAQC5CzCWGu2z -p1h7bHcZEdRjoSRUTT3ODhF4EzIVddZB6CKjOqfHjXcKcrzt7pvqWwlc0iR7mXJx -E4kF4UIV40Vb4cqwLbVuessK79x4mAf/NX2zKHixD3XPbAgCHTCfvj1cBwedZcwY -pAoIIocwDMpBqL0165CLLsv7MlXImFb60EjkNNCE4XkJZ7bk1grcpati4LfLrNAs -SUjh9vZED9N//0tF5du4w6jtwm43k9ZIDNH6FFIe8YFHWzHP1eJYrMUv2wZ+nqtP -OaPmvUpdnr7xvrkU+CyI4kah9TlvJjeMzZ0cC7cpmwVAbJqg95XuIMAyeZT/M8zi -AyozNuB/UYAtAoIBAQC5j6MU6fN9omdbmjBjSeeK2t1Cz5AGlSxW/3YKl7SLTG4d -JwsZDsAk8V0jE/Ocnrw4D0sk/vG0qT5GVnfEeLpPbQv2Rcd2Vhf8duYBg62j6CWM -Qht0X0SA5xwGibeA+Fq8LqqZcg8qIbCNyRMNVTBodaGG2K16dpCtCAG5TkHoNkVA -fiThWTAQAENZidaFmtD/9iMrbiNktNR1DXBrJiiVqcz+EFsaNIAN8cmeLmmXqc3r -Bnmt2BEV4ebS93IIKab2i9KEKm+Fr2vIL0PmkNznZgwpFbZGEl95/PE4JwgI8KgI -q8cCMHBewtTtZEP3NM12Qyn2cdXeUy3/KjWCmnXNAoIBAEFeoptkh/SfebKgbrJ8 -iftoQd1GLD9O2P0CSv8p0bcWuqXPYtYsM5GNVxD26j2wS25vDlRbsQIhVJavLRlu -YGJFMcVrYFzXJEOI2OoBS1HtI6rW8UwbmhLcpzeX+EV2f1azZQ1FmQRbbu/QwtFG -s2zen3kc7sM8lPL4pTVoG9IfIqD7x24p+QhJi2Lr+opYPGOB32wkcKY0fXrWM8l3 -jc/58C2RNj3fYR4dQbKAl4J8hPFDnH8x8emzXbV+aafJ4R820OSKSRqD0lMBK/RG -0E22gsvVoGX7CdjNOKz7Y0RqnsX5nYslKIXJ2BZlYKHvD/bE3M4LDqYJWC8fg892 -i0ECggEAXi2lJdFFcsu8o7LYnFz4wIjC0CUuhyRvN66BtD8ggdtnKE2Isggr6EXZ -wzekEWYesNBC4gCYWZSf5uqW5oUs5hpbeW0G8ktFZ4fsMgVkSlMGTwpXGwW8v+d1 -hMeI9PtX4JvfbpYtWqLsjpnSf+l0i07vxAa4movzHs/iYF1/XBxZweGELSpNvyYa -l/7mD55D9XGNPiIo5cNdxya0hvOByVA8HCLf3D1bA9D4cs21OeZirG0YnCQyYmW+ -EqBiJDXPDdzCsBFAFxiRJTkNypBn7P+AWSYHVAOhJTh2sQqA2gNEemQLTajemgpa -CFPGysTiqjSznXbv6loyTwp2Cs1PoA== +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC9TYyKDqpe1jP0 +ZrnGEff6NAT9AFxQ+hKUUG7r33JP5mRIBFS6eDVlHSnzDgS0/yDgC9vdigprN3cu +VwIFAO1FP/01NrxbPpyn93s6Bla8Z4RbXQSEog6bxt4FJZiLSp2LrGdcEwkSKvH3 +nyUf+/7NcugpReZFZtiN13ziKAtW9NZuHhQODfqqtU3vNgrpeMj+TeSG8CpmHn/C +Qr1cgCXBZMi2DKkmMJfGVw2wznkPRRU8spR+Vpkh/JzZ7jiT1PdlMUT/ivkpWYKI +/M+EkMWGRe9tVAUucZiUn5LP4dsAQz5YTXQN0Zs+7ZJadOSHeohgmZ7BYa7Kdxr/ ++H9tf+13J5Y7A/oY1mAwFLD86nP/3lrEUr9Znl/oXIhTkrde+5oWdDLgtp5xAGfj +cRX4OHoBMHINICbTnxwdqifcU4itHxOXTu6AN7oASOM7hLMz03BrHKQ3qnSKDwen +6RF5XHwuv8wF/QvqhjTQsP2nM/eHb4BO7PCLj7Zn/GEM6bx/+3PItIHvAWuUKbcI +/cw16X9pX4/W9Iqx0w0doc0mnCBWyMhUGNyFcqQkcfw3ERCijH/2UHcHtiHB9n0r +GZx77ypoLq96MQnTRtip+w1yxMM0AdSZTIl+zAEPqFaQ8tVrONtFWoLMc+TjoubL +ODH64rKKysXqutyH3yFwCJY4yH86RQIDAQABAoICAARj+A57qJfqf+n7N/PQFuBG +tJbpmzqFkki+VNRDqnMP9ON2tkBc6WAe/QoWGSXZhPmtTLwmp3c1Ih6BBhr3mokw +or7JNjUnjpqWstT1sK1N+VPlJGWvHIegZSXZaWBRqrXCmeMYze0N8e68UjAbuB0r +vRa3+E9Dw2IGzW6xXxH1O8PyDqUEzfuHmPcjWb1wf7jmNZarm1AjBPOMeLfcgQOr +Qrx2LrYkCmEfQ8IGB+jCwWtW+Pq1J3gSU9D6JXXISrSeH+uNXZoH6W8j7ew1L1+d +35+5gyVAnTlVOiJ4KownAxspMLfhVKhw+iP+8g3yWZdj+LqjeVpYyNeG++2eOfOv +QIjlEO06g5c32YdxYnqzKLxd6YSQ0POI/io7QgqOusaQIxWW5SG0oJHIxAoe32tc +hdkCGXWBSKy1+VxV7GeHiX38eSc4bgFsozdlsX8BrFCQItPNcWmz3wfFyFgq8HJT +4RgIdpQieb0V29GA+MR5lqvSFQt185eM76cmSu9k1NDuqfac8SloslLT6r2DDieG +YYLvAkwNhW2l+mFHznHlEsueX10ywXWMDEWLKqRfCL+ElBUQ5fq7huCuupVnbLkS +/iqiaMEQwD+vxNCH4mQmhoo2OzSPi4Vrivf41KbcU8dnSb+x7E5tT0lGoT2VTaXx +cOUA8BCfZwDe2rb27m9BAoIBAQD2cQUvKuC/tiW/jMSISFALXWoftZJAvRyP9D3J +ddYl7O5ify1MQwhZuyTuJqsA5FCxmECsQ351qvhwHfq/ukCGJAw4lBKrZR2LuqDP +JguJ9tsFA9Cu8ytbbKDGHynPGnyZ2MrV84ul6iNIAOMe+YFGA6T6HlDchpFV9xcJ +S8mbe0iBA8UrQmlzNgVl3lU1sVM4EtAmO/ydRpgeqn6JS3GJjMBvKRL2evTsrAUG +aEiFC1h7GZWf5/DFMIodDit+QAELUog+b+uAD93CRwDoY5w7RyaqM+SEYki3IePF +5Tg+1jVVI+0qdjRIM8GAKH34i2e4zrTMjgjKXz7PIt9eaMp7AoIBAQDEpS9/nlPN +xLIsmDaLnYZ0GGEp9n+P6CBbHPlAc8FLWLpxFnEPoAX/N8pps4gCxypxLGdosYvx +KLmqMenIOqSF5odjTFUHaMixmRqOU8a+IvRlM/MQL1MIXchY0lGxqDgoEY/GUYh3 +jh6oKVYjbkkiOGJpPm6+IBc8Gx/9uzURHUGi1jNz10FOIMHeZuZ2jlNejlIrvgYV +MG4IhSOpyHuPSO8WVeCcuU2VLOVWFDgQBmBOBZb5aw7q9wkjFFrhvIIiJMFYbjRS +sHiuleOYg0rSOclo1SHmmI0putJDEJaEWqpzqSYUNglbFaJSj4PlkQhGtXOZ6odB +SOIXKZyBblI/AoIBAQCRPzeQ/zKLi21gIjVLJWOX7yy3F6rlYRBOf+NSs5LNs4Ek +qFQoWHG5gSVY/41V7zroERY88WK9M1FNsz2wdrPE28YgKpV+UxBA5HQW4xN18vpP +UFpUYpmxPqrbWk6n87JwcmfKBcrOtNqqe2thPCjG/SrlB60c7GsIQaNgJTzj2Jt4 +/qHcxz2jW7l+urV5+dNUfzIS9tQCVjMeD9qYTNDUAxL/8TNt9jYYr6IejqP/VhqG +IyQepPMxJVShn1JfDJYQ+Em4kvo39iH7eSG91cek4GCXfBI5PDwjQ2QdpOWrk1DH +p28G0bgqveZUBImKTY+KSrogva3MqKo6JxGDcTu1AoIBAFo5A/sEtKSjS7CEQfp6 +0vavPN1Y+JwZP8cuGvpEYfplAl3ikws9O6MmgNtQgOXtZX65hdSWKYQDUHRTJFU2 ++sdoxtN7cUPOAs7hVTraG0SfmwxX8nyJigo7pTGDhfICIYnYzOOMAxX/gfdbx+bH +sgxeXGC3QW5AIQj11Q7Adw+cIcJJjx/mMlNbWjfldHYOxReMKw1gyT+tkb6c/4jl +sDNEnlXcHwspRfxctfhxnGtV0ZfanrNfOF/76hhLPYt2xypNPNyK67zItQY9RUhz +bL/ZvZw4ta4sbhAoZFJa6QRe6PfaMttxE4fT/D7vE/AfQ/HVTO3gmiANBZblA6aq +7FcCggEAMbLEB2W39P9/WhLdkIytlZ6nisDr9iF+GWIx3xQC0+lNfsVyGUKmqhwI +3jswL/tuKzghszVWHE3TCvxVr6oSTjs+h4F18bsGcUhfOQCJ/SUQPvVJ4hysmaXT +edHVDR1C/b42qIZaOYAeMsuJeFGiydj/O74CwtVW0dwruemuOieK/9QR7sAD75/V +cgAnFwyWPKIzHs5fCTlbtJulZjGuuHxSWZ66iRj1TBHfUmyz/ywZpkSy+7j4nCQ3 +KBFVf6ow/NIuJlYKuiYTWheYk2JXDnYuWGzDyht+em/F5WUHW/QMQAjcVaoxGhv1 +fx1HRkb6kIP7zpLaXKNJjHkbQLPL5A== -----END PRIVATE KEY----- diff --git a/certs/rustcryp.to.rsa4096.ca_signed.crt b/certs/rustcryp.to.rsa4096.ca_signed.crt index ba2217d..91988e2 100644 --- a/certs/rustcryp.to.rsa4096.ca_signed.crt +++ b/certs/rustcryp.to.rsa4096.ca_signed.crt @@ -1,38 +1,38 @@ -----BEGIN CERTIFICATE----- -MIIGszCCBJugAwIBAgIULBS6esIThT88ao9+pOZd5y/bJ70wDQYJKoZIhvcNAQEL +MIIGszCCBJugAwIBAgIUbq8paFssW4RHGb6JM15HbfQgTFYwDQYJKoZIhvcNAQEL BQAwdDELMAkGA1UEBhMCWFgxCzAJBgNVBAgMAllZMRMwEQYDVQQHDApBbnRhcmN0 aWNhMRMwEQYDVQQKDApSdXN0Q3J5cHRvMRUwEwYDVQQLDAxDb250cmlidXRvcnMx -FzAVBgNVBAMMDmNhLnJ1c3RjcnlwLnRvMB4XDTI0MDMxODA4MzU1OVoXDTI0MDQx -NzA4MzU1OVowgZUxCzAJBgNVBAYTAlhYMQswCQYDVQQIDAJZWTETMBEGA1UEBwwK +FzAVBgNVBAMMDmNhLnJ1c3RjcnlwLnRvMB4XDTI0MDQyNDE1NTAzOVoXDTI1MDQy +NDE1NTAzOVowgZUxCzAJBgNVBAYTAlhYMQswCQYDVQQIDAJZWTETMBEGA1UEBwwK QW50YXJjdGljYTEVMBMGA1UECgwMQ29udHJpYnV0b3JzMRAwDgYDVQQLDAdUZXN0 ZXJzMSAwHgYJKoZIhvcNAQkBFhFoZWxsb0BydXN0Y3J5cC50bzEZMBcGA1UEAwwQ dGVzdC5ydXN0Y3J5cC50bzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB -AKOL3HYFIrHcRSSSEcddktLIm1Yf24src2TgKA6ELmFPHqeV0iKNLfNibGfj/NGl -ajFy+SB/bf2koD+MBQiTWVvkO7csZPl/aK3ShqzLqlkGDzGjkudE8BusY+Fn9cPB -/2dsUSaV0FT4yJvPgzQqRqUryMqPe9DVLZ4Lk6O9o22Br71UVOfdVhVu9HqpKydB -7VdHor8PbDej+xqTiZdmkyTleRHqL4QdsB8OG1L/VtHaEuoOrrKgSy/SAxu8fXyI -xZEHue+aUS5OMKu8T9A5yApS+VNGsJ0e5ysqVCS8DjQ/YbtPI1BuTmvlL1KqDdQZ -BzT6yfzAW15hs8X3QBy2DPMFNZiWL6QKeXYULkVIs46im+J2Yc4ZHAXPYpZIvT45 -B3OjQEmuDxLNyW0oCJG4fZagXT06NhsI0q14E52QqpAXXRfPe1DEZ4TG0mL4tKVH -wqZ1QR1nDzWS2d4Jd7vdYVIHYtQ5cqelJg/h9pt07GtjvsO9rWBNtb34COOkAazj -mPKDPTKHHI5omOoHwUAZIbKVFA5B2oaxAspzRX9xYQW4Ua/YICFuPnbVnCFUrkFV -KPq4uX8RoEQQ3qRo/MehAB0uZJWay6qM53luWiMlrIXbwaZu5zXA4i42WGTwVh6N -4C1P0lOwfPRcIXhj1sB0paY1bjVkBGLSbxVXUTxm15bBAgMBAAGjggEZMIIBFTAM -BgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIGwDAdBgNVHQ4EFgQUfB1gPr/ENxOfGfNK -GlFpRutlMnQwgbEGA1UdIwSBqTCBpoAUeYkOnjSMaJ0nItbtccKR+bsqQHCheKR2 +AMV97RVGkaTvpNZKhzBAFVU1iRBtnESqnQapIQmuv/vxn/b0ldgCc3E44UATupzp +THurOIY7f/lyc4nzafsLYhFpYySsRpGodL9sHddM8RBKaTM63eqkLU+pegb4f0Hf +YISfdWdEYScgRMeDfp/UhAOU7QMsJp0bywic0qLI+tJSjEEPz974lbEfD2wjDLtg ++VmPzW4AD1TlbTk7tJqkG7T6vqC3772rPfVE7bu4lvX4YTFDSHbX0/rue/QnebzC +qrLkSZHFhb48sc6vPsdAOKTzKeyAEcYpy4yqRy746k1yFGW/2o2VDdEQKtqX0mlH +V/UqPfjWq2JmnKQr0+0sTLp0MPU39hazeng0vQ7q9gCK7pV+InRpUtR13EjH0J1d +WDLXrNmrdnVOudMAbaC5C6JGMZMmxuQs9GiuAKf/SRj9R59GIKdhN42O1m0oGB/e +xj2VFXxevVldEpuauA21qfcYnO/8NrCDzp+QLX56cnhScH+o6V1K4B8njjD8Ehdc +cLZzMaW62RzaFwx5+GCAF9HeoMiBXk/2QGVyqhFLPTSAJ7BEqPKEusCS9cuIgMrU +PPfBKEVboRj4S1e75Z98GeuBKKP1UfMvTEGbOww8FdYE1FPSqjTIhlZZ/Lnstzc6 +vBqtSy8ghhh7eBsJ39MQ8FBrCVwysTQjNqv+RiHZO6SDAgMBAAGjggEZMIIBFTAM +BgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIGwDAdBgNVHQ4EFgQUQy01BMF7zjnlrQAc +4/D00DU0vr0wgbEGA1UdIwSBqTCBpoAUAiv1l1bRhleqZITUcEXRIVsBPA6heKR2 MHQxCzAJBgNVBAYTAlhYMQswCQYDVQQIDAJZWTETMBEGA1UEBwwKQW50YXJjdGlj YTETMBEGA1UECgwKUnVzdENyeXB0bzEVMBMGA1UECwwMQ29udHJpYnV0b3JzMRcw -FQYDVQQDDA5jYS5ydXN0Y3J5cC50b4IUZx1B7o0SWeXhfT02gERB5Hb9G4wwJQYD +FQYDVQQDDA5jYS5ydXN0Y3J5cC50b4IUYwbIsHSBxdFxuzRJnBbyNIkdDZMwJQYD VR0RBB4wHIIPd3d3LnJ1c3RjcnlwLnRvgglsb2NhbGhvc3QwDQYJKoZIhvcNAQEL -BQADggIBAIRW8ysLc+woHqLh5yhghSe4uswtoWDZI9XFFLbssl8FNsbwMn8+nSiX -FYSsyOxyGpPyJaqya0zfMwrZikz7dJcbjz/a6R5DHM04PaYodlH4GROWxKl2XcW4 -q3523tJFJ8I1sbC3FXN3XNQubRPWfrxqUqLz5thefA+i4A81AG8bMT0oZtbtNt3s -iBj+FyRH3XgdE3Hx/X7d8PyUWDnii/1/bp81Q1+zfzBu3Ex3YsfdVUwdJ7+fvnAb -+LJTyVOuMIbwQFoQp2HL4VeBZpdPB7rTLqIL1NCUN5NbG2PeVT3VIZDzoT82903v -b1CqVRawcsMfHAu8vqkWzjTXjLuACoMA0sUeDcnnY53e8SeSfeRX5KDm3KIVE1NJ -JD/2lPfldnIdDwWHbM4AUrEm1896NkrP2bbrFOp4+cjxU5PZnXl9RNFpCCi0Pf4h -B0LSg88ltfnjGAkeXOPxHLfhqmXGHuIlnautbGRBB9m44qmeKNcSbqlP0wULQ+mW -sstteuGHtCQnvKKmlux6RylWFkEki8U0LTE/LWB8BBKqrcB6YmaE8vZR9RWY2V39 -vyszzi3vqTO6Wz4aVXs7mruRZMT5RbanVDPws4ehB/Dysj38AebYTlspJY1yzPwm -OALJkg4Sah/sLShN+OGHPTpjshiMSnFjrO2VlOoMIFR6JGqTSAcR +BQADggIBAISod7roIUqts+9TWQAwBXt3pNaEGKLVabIN+AxeaP/1kPoefZV/VqUA +kqEpQLH9Yfhe7rKtGAKYYoZmjePmNHoo8aIUXLG9HVqCDwBKZ/at69GdEZMIoP0r +lq+v0inMJ4q/mrgc9GLq7gyvLP97qPAQRlhIoCioT7lzBNxn4+mZ/8rlMfKq4gqQ +7B2GVtgA1G/EIt4JCZdnjieWz0/+HoQBD9MuTwYilBYarkAgdfvFKFNLlL9oSjVp +6CYJZGhzODQKxUy6MABgsvGtOkZPwnWPO6VBeR8RBFF09npjTk7W0Pr47Q0Vkd82 +lSvoGD1B0vme7baJVvzJKCyyJVGraZ/1aJftS2t+8A3XIeajgnoLp+Glhi8gVT3o +URAA4WTIFnqkswyPS2rzttChuNUwRjm2GhrTwD3uEri16NV8mjilL3CbxJhjbUaB +pX1D4phoEvGMudK9aXI9UXYaa0BRbI6ha6lQoKlMk7LG9zaroEtakaPcJwYCKufG +CZ2FK0e+vwnNDwOD5gWHCKHxCrWaLX5obZ4oKvl5rEw+R7/YiSySBEqrCK9aLgW1 +M7Yg8C8wUhW+3MtoQBrvOcODpNDfnOgkXaWlKZVY3PB2SN+2ICFsnrsSOK98lC6v +bIZ7Wf0o6/As83B9HBqvlg2wx20DVpnHZU7cZ2Iy/VSYxP8qirxd -----END CERTIFICATE----- diff --git a/certs/rustcryp.to.rsa4096.csr b/certs/rustcryp.to.rsa4096.csr index 29acfd1..84d5bab 100644 --- a/certs/rustcryp.to.rsa4096.csr +++ b/certs/rustcryp.to.rsa4096.csr @@ -3,27 +3,27 @@ MIIFAjCCAuoCAQAwgZUxCzAJBgNVBAYTAlhYMQswCQYDVQQIDAJZWTETMBEGA1UE BwwKQW50YXJjdGljYTEVMBMGA1UECgwMQ29udHJpYnV0b3JzMRAwDgYDVQQLDAdU ZXN0ZXJzMSAwHgYJKoZIhvcNAQkBFhFoZWxsb0BydXN0Y3J5cC50bzEZMBcGA1UE AwwQdGVzdC5ydXN0Y3J5cC50bzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC -ggIBAKOL3HYFIrHcRSSSEcddktLIm1Yf24src2TgKA6ELmFPHqeV0iKNLfNibGfj -/NGlajFy+SB/bf2koD+MBQiTWVvkO7csZPl/aK3ShqzLqlkGDzGjkudE8BusY+Fn -9cPB/2dsUSaV0FT4yJvPgzQqRqUryMqPe9DVLZ4Lk6O9o22Br71UVOfdVhVu9Hqp -KydB7VdHor8PbDej+xqTiZdmkyTleRHqL4QdsB8OG1L/VtHaEuoOrrKgSy/SAxu8 -fXyIxZEHue+aUS5OMKu8T9A5yApS+VNGsJ0e5ysqVCS8DjQ/YbtPI1BuTmvlL1Kq -DdQZBzT6yfzAW15hs8X3QBy2DPMFNZiWL6QKeXYULkVIs46im+J2Yc4ZHAXPYpZI -vT45B3OjQEmuDxLNyW0oCJG4fZagXT06NhsI0q14E52QqpAXXRfPe1DEZ4TG0mL4 -tKVHwqZ1QR1nDzWS2d4Jd7vdYVIHYtQ5cqelJg/h9pt07GtjvsO9rWBNtb34COOk -AazjmPKDPTKHHI5omOoHwUAZIbKVFA5B2oaxAspzRX9xYQW4Ua/YICFuPnbVnCFU -rkFVKPq4uX8RoEQQ3qRo/MehAB0uZJWay6qM53luWiMlrIXbwaZu5zXA4i42WGTw -Vh6N4C1P0lOwfPRcIXhj1sB0paY1bjVkBGLSbxVXUTxm15bBAgMBAAGgJzAlBgkq +ggIBAMV97RVGkaTvpNZKhzBAFVU1iRBtnESqnQapIQmuv/vxn/b0ldgCc3E44UAT +upzpTHurOIY7f/lyc4nzafsLYhFpYySsRpGodL9sHddM8RBKaTM63eqkLU+pegb4 +f0HfYISfdWdEYScgRMeDfp/UhAOU7QMsJp0bywic0qLI+tJSjEEPz974lbEfD2wj +DLtg+VmPzW4AD1TlbTk7tJqkG7T6vqC3772rPfVE7bu4lvX4YTFDSHbX0/rue/Qn +ebzCqrLkSZHFhb48sc6vPsdAOKTzKeyAEcYpy4yqRy746k1yFGW/2o2VDdEQKtqX +0mlHV/UqPfjWq2JmnKQr0+0sTLp0MPU39hazeng0vQ7q9gCK7pV+InRpUtR13EjH +0J1dWDLXrNmrdnVOudMAbaC5C6JGMZMmxuQs9GiuAKf/SRj9R59GIKdhN42O1m0o +GB/exj2VFXxevVldEpuauA21qfcYnO/8NrCDzp+QLX56cnhScH+o6V1K4B8njjD8 +EhdccLZzMaW62RzaFwx5+GCAF9HeoMiBXk/2QGVyqhFLPTSAJ7BEqPKEusCS9cuI +gMrUPPfBKEVboRj4S1e75Z98GeuBKKP1UfMvTEGbOww8FdYE1FPSqjTIhlZZ/Lns +tzc6vBqtSy8ghhh7eBsJ39MQ8FBrCVwysTQjNqv+RiHZO6SDAgMBAAGgJzAlBgkq hkiG9w0BCQ4xGDAWMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQsF -AAOCAgEANfssW3NTIcZEZ5G7dh91NJzzMkQ+FtKH25eVgDqt5kfeTFP2+bicsMOT -bAj8JUEaSAvhg6tub9acYGdSbvjSjzb5mE/ZULoVZGPTa8uKhiGlMozYFjOPi0P1 -Fp90Pvb2UKKLSnunP9VgjtqVB0yHOCl5AJxFshyXqIFUJBPWJSNDLIDE4NF9MpPL -xWmQ2cOQvgs6YrETxDVw4NrExODDCGszTXeboCyef/ajAe9QXSy2G3MPcR6aBFly -K9qs63VqFOM8iOgtmfX4dKNqfryBq5MuknrqqrdLSWIebpE+mXnr6xU0bs1BjLqp -JG2ODTRSstrUZZdo35w7O5MS+GYcqwWzD9wPkWbRW6GMdc3/RnZJE1OcbSQ1HZwT -SR2DzqNwAfLwcmglQhy7DgXzcRzNlnjtHfflkCuzr+PL3D9s/ao/FngkuZ7Yh1pm -RLNRtDIEIFdasrWvAf5HPX7NDAL2/KTEUCPtKVmuyeaQSXqEwAhZvCFVkrP3yUz1 -EcGT8I4jhrF5QrtqHvnUezrICZNXYcBMB80Of6DvnRQkOLlqFc1Nj5FRp/cMKzkM -igUfBYyeP8AVZmNWjweBhc3VAie7mUBpWDgEGtyY1BSf1AapWggfXvrnNOhlvrJq -41m0ef+mk1mFC2rgqDAQj1cI5lp0oPZX3KHFFfl+hFbd9ig7rXQ= +AAOCAgEASGifAqMR/bb+vwvvOFMbogzvG68VdIOoaZvo7cgfrJu6nnk/wH8wZRVT +dpBOaA9KvgethCy3Y4H7LiRtbG6sdED+xDpZJNfjEXvh3BK+zCVlDVboiMPOs2Y2 +838UN5A5a1x8TeLw7K0mXKt7Jk1fjM7+hr0broA1NBLZcGyiDqtC5GfTlONe1tjY +vCKuxsTpwYdDQzsMrJCSBXb8oQtlopcMqwtC+B3JGV/NifGRn69hIuXeCW+a9sLd +IYKReQyO2yMq17NZ/f3hDjXAjO/zkXyh6GdoKYBihZT72sq/hDuX8rSze6mKl3KO +GX5R7OfXKqdINrC4RIGpZL0SVF4T7lq79pF4+mCdMgTApBtjIxADg2OXrVER1od/ +ba98lU8xtW7JKjqzcyQVvao30fuv86mT1miehxnYyP8pjtsFawOflEdYrxrwIKcX +OuRm8DDvjLN3sgH/JnTBP/OtQroDs8V5gGg4vnDY1/V8R5rv+ztEJ4qzNJf4pRwe +YqjBqlbDtk5ic6iJllh5A2XGjUnGPcz5XG762CEDXv0HwYTrQ0umV/A3IQu13c/u +BtOCc6tUYbEKY4dPcOU93aHZq7ODU4MgARA3DlGoNYj8WzI0woYj9QxzqiINyrPk +lzZySmiVP9vwsZWwe9xCmlx+cbzWvhmBVSwV2a52b7NEVyNDKbM= -----END CERTIFICATE REQUEST----- diff --git a/certs/rustcryp.to.rsa4096.key b/certs/rustcryp.to.rsa4096.key index 9a5d6c5..da8d19b 100644 --- a/certs/rustcryp.to.rsa4096.key +++ b/certs/rustcryp.to.rsa4096.key @@ -1,52 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCji9x2BSKx3EUk -khHHXZLSyJtWH9uLK3Nk4CgOhC5hTx6nldIijS3zYmxn4/zRpWoxcvkgf239pKA/ -jAUIk1lb5Du3LGT5f2it0oasy6pZBg8xo5LnRPAbrGPhZ/XDwf9nbFEmldBU+Mib -z4M0KkalK8jKj3vQ1S2eC5OjvaNtga+9VFTn3VYVbvR6qSsnQe1XR6K/D2w3o/sa -k4mXZpMk5XkR6i+EHbAfDhtS/1bR2hLqDq6yoEsv0gMbvH18iMWRB7nvmlEuTjCr -vE/QOcgKUvlTRrCdHucrKlQkvA40P2G7TyNQbk5r5S9Sqg3UGQc0+sn8wFteYbPF -90ActgzzBTWYli+kCnl2FC5FSLOOopvidmHOGRwFz2KWSL0+OQdzo0BJrg8Szclt -KAiRuH2WoF09OjYbCNKteBOdkKqQF10Xz3tQxGeExtJi+LSlR8KmdUEdZw81ktne -CXe73WFSB2LUOXKnpSYP4fabdOxrY77Dva1gTbW9+AjjpAGs45jygz0yhxyOaJjq -B8FAGSGylRQOQdqGsQLKc0V/cWEFuFGv2CAhbj521ZwhVK5BVSj6uLl/EaBEEN6k -aPzHoQAdLmSVmsuqjOd5blojJayF28Gmbuc1wOIuNlhk8FYejeAtT9JTsHz0XCF4 -Y9bAdKWmNW41ZARi0m8VV1E8ZteWwQIDAQABAoICABzM42zxKJPzu0VeZ70ZEGMI -Krq2732JkE+iXct4oYZHXZmbe57UB9SFb5u3/WyZ2aKNoauEZUU2eXXXXYeOEz1o -as+uBLYfJrr9iPPjBcOZmpFeQd9yN2pYKFqoaRIpFqYK4BuQZFiiWwl9OJi2HSy3 -EiwBqoczE05ysXQzUBVXsjAAKteOFbu+h1UWd1/5bydgmRtWRvNhcDXU53T+/kiQ -FIsAF5AHfl1pqYwrJQndglkvbrpMGhF4xU1cGykUGN6aYrb8EPG7mTyU8+UyV7Th -ucBdgXqZ15G1aY3yg/nVc4t9uzVNx4eem3/OLJM+OROuWmWlJjHvuK3TBbpIoOze -285q6tn5rROoEK+dCO6Gjhd6djbvXIPngO83/+x8XxYOrttDYEcv+RJAQAFopjwv -ulp2ln3TH29RuQ0PyEYiXepQuW4t5cAXP2UnM/MWvQpx2hILONM75V7Ye3OH5T7Z -GPE6LgvaBVSEJdqcxFjCTAkuN3zDUg8/rygAadVx5EhpPwL82l/DW9vFZmgzwOLi -IEYg4r5EmYmoDqNcJ6xYixgef2CQ/Cu3zB+S+CNbRUk0iJDjNFNf1Suwhrr/c5zE -7ueuEjb1bWvhMMC9SANCYtiXXUmdgdd6ahwrtE4oxl72mPqOkKVwkUYKhXt6w8zz -YiSbYYJmf6h4kWaz/GDVAoIBAQDNYUHB1R/CCTXBHGDOiqJT8Q7GmF3XvfdF4xIo -Ug+5TC1ybfS9qCQS+i9vYVC19W42gzvre6SqDz7TTZbJQQLhEtESIRbJxXPU2JfS -HC3198H39LRaEkEWXOcQMEkhh9Q4vaMSYiQvkphYcyXldWTDWsJtoDlaay7WNzIX -ZhAzkGAkNw7anTexIpgasoUQO5KgYt7fQ8k+eGTPxv6W4gJqXSgX7VH6JBmrN+Ob -caC4RFmEcyFjzxunKFaqy23M946V9ckiPz6++1e83v61DmpCXrZQVrl6A82qZISr -E2M0JkOh7bmRIMKyA6xtenm3JziLMfDkJ+d6R2sguRxwxT+vAoIBAQDL2w3biNWt -rMzXzFC7Ad7mEQSEyH+A7jAqDa9y+eNzkDAJRf0jbixpZYo4GqxgnNtr26/Kb+wk -TwMrXUny+EsS7mgK4iiaegGSwsBsd0aSI5frmNniDAz7LVZ95byzzXPRWyoHj2/f -C+FEYwjmdnta4KJNcPh72KScGSuUr4jRn2xiXTKa6+H61i/TrXjoRH6EOhuNEd4i -wc0rh0zdLe1oAlAKB9fDf1eN5w+gtcycykRmTMRiv8bU7UIxZUn8hhnc3u+shdUb -+L8JjQW9U+XSWNLVsy2f8MnQ1hKr86gjqE5oT1wLuYjsRNK7enc5X3gKvw01+Jz4 -xZ9AHPGBBDyPAoIBAQCAZ4QDOcpHOBbhi2qC924R6S6Bv5U8Y0qL6THa/6NRCG2J -k3Fmeg9DxiOOEVuyx6WGc3os+fqzUCDJX0McxIaWTXtlSEbFE6wdsOUKug+KLsKY -0edIQQ1se90C5A1050UpzHZ98doJ3C9fbW6ODV1YPhA9FeWFwGliCNRKiMcsVeGm -Ar5Is+6z0psiZeaHhZdgqzAIiorxgbgVp6ZYkylLcr60Zu3P5G4f/CtTbjE7w4/s -HUcM7dmuIqw80D7v3P7KhwafYMdMBDyQmyLH9CE/KZP2mqIPxPz6wSmpA9AMNLgo -L0bLk53mSiGtuNsMRXs2m5yuKLyyWKCDrvg3ETuFAoIBAC7Z22d3HVTbAAEgrfUs -yuOpSZaS1er10w/3MTmFgObQXpnjAfigm4hlk8ytJKzXn/478TzfWDBIEHxo5lP3 -CJoDPNozfA10uOPX6o2DJC72CzZUXM784gbgNp6crC/Oqi2VfCVcq+NhQZaMBEGj -PVp3ghW2PwWHlt1hU4jKhvFWaHx62uSMDdWuYDOQDNek1kbha++SCbGHRPYaFGpI -4eUjku2bO9VscNzmG8tdvPbT7cBtKD1hwfqxxKLBmq10zIDco8zMvVu+YXl6dbU7 -kPg0/c+rbHLzzg43BPeL+jqntc13X7o6G+PhNWVtEfWXoWkm24xp5PmvwZfkjwSN -yrUCggEAfl7Tn2HFOVYVggPU09gxRAzyO37FAjcge/nPmHqDUXZidvQTyAUj64cU -MC3oviFreC530z/JTgc1qWWWcFHsVE7QYHoFDsXTfwyNE02FtBepOsiYXM2AUcYx -5gI2psoXTFkOSQIDW+DTqndJK2o8HuTANcramhUpcjd5+SvtM2kGqOIv0enRsrhO -qPePpQaDjgVoDGKV4HJ7giAXiMR3Vlp3DSNkOM1kaU6JZckh9T2nz6AWc/y4DBLV -JzMgJlyUreoWKi4VZQQUQsCrBPc/GtcWf3iLwjzHi88T8hURqkla9+I22NAnJ6Zx -YoH2/0Jqixc/g57Y7CLF9IwQiopCXw== +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDFfe0VRpGk76TW +SocwQBVVNYkQbZxEqp0GqSEJrr/78Z/29JXYAnNxOOFAE7qc6Ux7qziGO3/5cnOJ +82n7C2IRaWMkrEaRqHS/bB3XTPEQSmkzOt3qpC1PqXoG+H9B32CEn3VnRGEnIETH +g36f1IQDlO0DLCadG8sInNKiyPrSUoxBD8/e+JWxHw9sIwy7YPlZj81uAA9U5W05 +O7SapBu0+r6gt++9qz31RO27uJb1+GExQ0h219P67nv0J3m8wqqy5EmRxYW+PLHO +rz7HQDik8ynsgBHGKcuMqkcu+OpNchRlv9qNlQ3RECral9JpR1f1Kj341qtiZpyk +K9PtLEy6dDD1N/YWs3p4NL0O6vYAiu6VfiJ0aVLUddxIx9CdXVgy16zZq3Z1TrnT +AG2guQuiRjGTJsbkLPRorgCn/0kY/UefRiCnYTeNjtZtKBgf3sY9lRV8Xr1ZXRKb +mrgNtan3GJzv/Dawg86fkC1+enJ4UnB/qOldSuAfJ44w/BIXXHC2czGlutkc2hcM +efhggBfR3qDIgV5P9kBlcqoRSz00gCewRKjyhLrAkvXLiIDK1Dz3wShFW6EY+EtX +u+WffBnrgSij9VHzL0xBmzsMPBXWBNRT0qo0yIZWWfy57Lc3OrwarUsvIIYYe3gb +Cd/TEPBQawlcMrE0Izar/kYh2TukgwIDAQABAoICABv7/IjLv56OAJ8G34IkSoGQ +/PORfJe0T1zewVo0Y2rpcZ/WR5dcvYv5Id3pDcPnQRmzCObobnlj0OBm2AklM0fB +VbWgHb3ND4ICaXYVJoGG8cI7IK/7hJopqytqsemdI/mW+NVhuJyJM4XL6bjvLaeu +Rilxa6VOh2YYhrZfYT9FSC999JglRFzdSFur2cWBd8PLnzHrm0CN4/y8q5pQD8cE +0tdGSRfouHZVRpSXkviWsfr/jDie26BOg8z0fQkU0ohX1d7sjMeIpS9i4LPuMziY +ZkPnX91jFb9Ab6bFybmgpShH18nBKbyKnG/uHHgjjmCklDR7Ar0GSkLvHPAaG2L+ +gefu74dAk9rZSwQk71omD07u/ogRXBypBqCG/JTXRlYYS52JIc7GIiQNH5Xsl84N +Jw5BCMSZKJS6Wcqk1BcXUUXTSeVeSk1IKqr+elLHAguKaHORoTkBcccwlwNgWwS0 +pi5/uf3taacE1jwmUnsx+cWQh3t5Er+6q/Kj/yOEsMZPtNFNbJRUpvy8EIyHuEGp +zcRubWjk/p5/3QsiFR9r4STQ02l6Atu6IsOUj3fDmj/H8j31XBN0qLVkXY/Ukr6N +uLPU0eACCJAnCLr17XgYCJ5sD4UFFebDxEDXNztJ9fCG5eWvebyo2227Ewdkp5Nj +2d5n6RKa8DcPppXTruJtAoIBAQDroD4uJgkxpXT6RDf7ElBopS1ODbGdZcm30QEr +rsUx8rVvguxmIaNCVwkY2VSuPjMj9+J6A81wnlhMSIfcNSwQkaQzrAJO4Rd9bKeg +n9H1PIXZSrae6Cr1ilsXqjl0k1VS6dx4YOjFvAcOlpcMqcrtH+WGf0vTGViE2oHO +VftIas2JrUrE4HXdbcSWoCPgAZhj3x673EsPVc0NgekuCpiHAZfhouuv9samd4r8 +GEebJJyB+V0uRIyF/16lJtkxJlRrL+AIDAKjvVRBAJrUoK7jFLWuTLkWHqRVG+Mj +czh+l+2J3NURlYsFcVH1AKOsJi99bennFaRuLc4/t1F3/DU3AoIBAQDWkY6y04/2 +7u1yTHjvb0VNBEFvJ7Yh8YjpiWWV9Ef1DqTZ+1Dc+yzwJV1TOWhcvR/TLKBBm+KR +PoLecfRC0I3gZGgHUAELH9JV1el//ZVQrzUU3+5BtMXMFqUmBiAGhoKvm5XMddfb +oszQj8dBtvADKfA7OSaVJJPmnzGHvy7XmiaX+HeDcqgHMmNNSkyURDkelqb+5IxT +uPmcO/29gYT39i25dAmvuF0xPsmE+kcD1eVWegP9SK2Pxmj0Ci2tv81hOOl8czII +aCYxVgYYevuP8Po89NnOsNywH5QMLqh8kNTjMEFLApPeJO1tq+JPxUoWabHl9I+H +FefExSmpYnEVAoIBACne+e29eJjH7Dek88W8BWnzIE/kgxGTSvtNOsYGcqhjlvZP +765ef+KEEOvHgxLLns7fd/Fyx4khulMj+HCbSk9Pcjx0bpyRx1jUfB1BCVBpBugM +LNOkMi4b/gAAkeEzZVAsmq8RmYu51A81l3X6nkLxDhqOeGz07hP9uF9wTA0cXZX/ +o2/E620D2pFht75QykHFHnMHvJbnCl9CHKu/2kbzc4f3KabFVZuzVpFhxye8o8s9 +At/78nTFYo46jxH627mIcmk7qSRrupMqhlkOjMVxoq9slt9lZpJxODXOfdWRLfb3 +tS1Aw8mdz5CYIn2u83V4mL4lzGh/30zXSLTnrpUCggEAU253ySsgYIkZBQedQqTG +kqLj+p+7X0l2zjAhswQwcqZGDYh+Md7s41f0COdaoCzd0hQZIEnH+GgRJQO0UcKc +WDNSi/1c2oF+HOg3ihAFXkEyZ7KHBz+OZcQsZTOegksNR9E8lyr/SyTrdPFjLjc+ +7kwBYFXhnb6CT/t4m+sIAMes2AzCE/eiRGIgYK5SRpiciTtVJemicu+LB2gASw6w +sGYl82WeWphajEp4u19B+8jRCyYYpQT8j9o7dyD6EARzjKk/iKeWPdSZfTeQ2TYA +2UB/XPJsOsVkmos82tvNodoDHW/nA462BnvfYnSiZBg3ra1dgiftIz6uR0HO6FEh +3QKCAQEAowOC/kOn5Au19TvLk+B0Rbw257cy/zSP6BX4kLOvYtTpk1nhTAJ96EO6 +iliuZCQNy1gSrWTO25m8qkZAoX/vZ9upJUQBQM+xeKCVwjFUyDffowcF3z3xUdG5 +LP9sNnE6xWm/ajLhqzgOgAklGldtIpB8Gwonrg5+zwbpHw+9Ngf9qzQgOQHNFjSd +g8sZnJ5CMMqJaPuBbvke5sxObcrpQetWPSIUu7Pyo1phY5jPSTzSVp995j2bb8YZ +dGc1e6gCa9YlNXT0EkqYZ9oMv1ccTpLThiYK8NGNK4QawlgfdYCXZal2uIjG5Jq/ +nHim1MXMqeXVYn84AbwxehVgM6aaDw== -----END PRIVATE KEY----- From 3216e096c869123658f4f347b6eebc74a14ccb43 Mon Sep 17 00:00:00 2001 From: pinkforest <36498018+pinkforest@users.noreply.github.com> Date: Sun, 28 Apr 2024 10:08:07 +1000 Subject: [PATCH 03/23] Move OpenSSL local tests to validation --- .github/workflows/local_openssl.yml | 37 + Cargo.lock | 73 -- Cargo.toml | 2 - certs/ca.rsa4096.crt | 33 - certs/ca.rsa4096.key | 52 - certs/rustcryp.to.rsa4096.ca_signed.crt | 38 - certs/rustcryp.to.rsa4096.csr | 29 - certs/rustcryp.to.rsa4096.key | 52 - tests/bare-ping-poing.rs | 125 -- validation/README.md | 1 + validation/local_ping_pong_openssl/.gitignore | 6 + validation/local_ping_pong_openssl/Cargo.lock | 1046 +++++++++++++++++ validation/local_ping_pong_openssl/Cargo.toml | 11 + validation/local_ping_pong_openssl/build.rs | 64 + .../local_ping_pong_openssl/certs}/Makefile | 0 .../local_ping_pong_openssl/certs}/cert.cnf | 0 .../certs}/openssl.cnf | 0 validation/local_ping_pong_openssl/src/lib.rs | 128 ++ 18 files changed, 1293 insertions(+), 404 deletions(-) create mode 100644 .github/workflows/local_openssl.yml delete mode 100644 certs/ca.rsa4096.crt delete mode 100644 certs/ca.rsa4096.key delete mode 100644 certs/rustcryp.to.rsa4096.ca_signed.crt delete mode 100644 certs/rustcryp.to.rsa4096.csr delete mode 100644 certs/rustcryp.to.rsa4096.key delete mode 100644 tests/bare-ping-poing.rs create mode 100644 validation/local_ping_pong_openssl/.gitignore create mode 100644 validation/local_ping_pong_openssl/Cargo.lock create mode 100644 validation/local_ping_pong_openssl/Cargo.toml create mode 100644 validation/local_ping_pong_openssl/build.rs rename {certs => validation/local_ping_pong_openssl/certs}/Makefile (100%) rename {certs => validation/local_ping_pong_openssl/certs}/cert.cnf (100%) rename {certs => validation/local_ping_pong_openssl/certs}/openssl.cnf (100%) create mode 100644 validation/local_ping_pong_openssl/src/lib.rs diff --git a/.github/workflows/local_openssl.yml b/.github/workflows/local_openssl.yml new file mode 100644 index 0000000..1fdd9fa --- /dev/null +++ b/.github/workflows/local_openssl.yml @@ -0,0 +1,37 @@ +name: validate-local-openssl + +defaults: + run: + working-directory: validation/local_ping_pong_openssl + +on: + pull_request: + paths-ignore: + - README.md + push: + branches: master + paths-ignore: + - README.md + +permissions: + contents: read + +env: + CARGO_INCREMENTAL: 0 + RUSTFLAGS: "-Dwarnings" + +jobs: + test: + strategy: + matrix: + toolchain: + - stable + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: RustCrypto/actions/cargo-cache@master + - uses: dtolnay/rust-toolchain@master + with: + toolchain: ${{ matrix.toolchain }} + - name: Test against OpenSSL locally + run: cargo test diff --git a/Cargo.lock b/Cargo.lock index 43fe59d..0183615 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -55,12 +55,6 @@ version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b" -[[package]] -name = "bitflags" -version = "2.4.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed570934406eb16438a4e976b1b4500774099c13b8cb96eec99f620f05090ddf" - [[package]] name = "block-buffer" version = "0.10.4" @@ -295,21 +289,6 @@ version = "0.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1676f435fc1dadde4d03e43f5d62b259e1ce5f40bd4ffb21db2b42ebe59c1382" -[[package]] -name = "foreign-types" -version = "0.3.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" -dependencies = [ - "foreign-types-shared", -] - -[[package]] -name = "foreign-types-shared" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" - [[package]] name = "generic-array" version = "0.14.7" @@ -466,44 +445,6 @@ version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381" -[[package]] -name = "openssl" -version = "0.10.64" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "95a0481286a310808298130d22dd1fef0fa571e05a8f44ec801801e84b216b1f" -dependencies = [ - "bitflags", - "cfg-if", - "foreign-types", - "libc", - "once_cell", - "openssl-macros", - "openssl-sys", -] - -[[package]] -name = "openssl-macros" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "openssl-sys" -version = "0.9.101" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dda2b0f344e78efc2facf7d195d098df0dd72151b26ab98da807afc26c198dff" -dependencies = [ - "cc", - "libc", - "pkg-config", - "vcpkg", -] - [[package]] name = "p256" version = "0.13.2" @@ -575,12 +516,6 @@ dependencies = [ "spki", ] -[[package]] -name = "pkg-config" -version = "0.3.30" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec" - [[package]] name = "platforms" version = "3.3.0" @@ -760,11 +695,9 @@ dependencies = [ "ecdsa", "ed25519-dalek", "hmac", - "openssl", "p256", "p384", "paste", - "pem-rfc7468", "pkcs8", "rand_core", "rsa", @@ -922,12 +855,6 @@ version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" -[[package]] -name = "vcpkg" -version = "0.2.15" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" - [[package]] name = "version_check" version = "0.9.4" diff --git a/Cargo.toml b/Cargo.toml index 41dddfc..0febdff 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -45,5 +45,3 @@ alloc = ["webpki/alloc", "pki-types/alloc", "aead/alloc", "ed25519-dalek/alloc"] zeroize = ["ed25519-dalek/zeroize", "x25519-dalek/zeroize"] [dev-dependencies] -openssl = { version = "0.10", default-features = false } -pem-rfc7468 = { version = "0.7", default-features = false, features = ["alloc"] } diff --git a/certs/ca.rsa4096.crt b/certs/ca.rsa4096.crt deleted file mode 100644 index 4fd3e0c..0000000 --- a/certs/ca.rsa4096.crt +++ /dev/null @@ -1,33 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFyTCCA7GgAwIBAgIUYwbIsHSBxdFxuzRJnBbyNIkdDZMwDQYJKoZIhvcNAQEL -BQAwdDELMAkGA1UEBhMCWFgxCzAJBgNVBAgMAllZMRMwEQYDVQQHDApBbnRhcmN0 -aWNhMRMwEQYDVQQKDApSdXN0Q3J5cHRvMRUwEwYDVQQLDAxDb250cmlidXRvcnMx -FzAVBgNVBAMMDmNhLnJ1c3RjcnlwLnRvMB4XDTI0MDQyNDE1NTAzOVoXDTI0MDUy -NDE1NTAzOVowdDELMAkGA1UEBhMCWFgxCzAJBgNVBAgMAllZMRMwEQYDVQQHDApB -bnRhcmN0aWNhMRMwEQYDVQQKDApSdXN0Q3J5cHRvMRUwEwYDVQQLDAxDb250cmli -dXRvcnMxFzAVBgNVBAMMDmNhLnJ1c3RjcnlwLnRvMIICIjANBgkqhkiG9w0BAQEF -AAOCAg8AMIICCgKCAgEAvU2Mig6qXtYz9Ga5xhH3+jQE/QBcUPoSlFBu699yT+Zk -SARUung1ZR0p8w4EtP8g4Avb3YoKazd3LlcCBQDtRT/9NTa8Wz6cp/d7OgZWvGeE -W10EhKIOm8beBSWYi0qdi6xnXBMJEirx958lH/v+zXLoKUXmRWbYjdd84igLVvTW -bh4UDg36qrVN7zYK6XjI/k3khvAqZh5/wkK9XIAlwWTItgypJjCXxlcNsM55D0UV -PLKUflaZIfyc2e44k9T3ZTFE/4r5KVmCiPzPhJDFhkXvbVQFLnGYlJ+Sz+HbAEM+ -WE10DdGbPu2SWnTkh3qIYJmewWGuynca//h/bX/tdyeWOwP6GNZgMBSw/Opz/95a -xFK/WZ5f6FyIU5K3XvuaFnQy4LaecQBn43EV+Dh6ATByDSAm058cHaon3FOIrR8T -l07ugDe6AEjjO4SzM9NwaxykN6p0ig8Hp+kReVx8Lr/MBf0L6oY00LD9pzP3h2+A -Tuzwi4+2Z/xhDOm8f/tzyLSB7wFrlCm3CP3MNel/aV+P1vSKsdMNHaHNJpwgVsjI -VBjchXKkJHH8NxEQoox/9lB3B7YhwfZ9Kxmce+8qaC6vejEJ00bYqfsNcsTDNAHU -mUyJfswBD6hWkPLVazjbRVqCzHPk46Lmyzgx+uKyisrF6rrch98hcAiWOMh/OkUC -AwEAAaNTMFEwHQYDVR0OBBYEFAIr9ZdW0YZXqmSE1HBF0SFbATwOMB8GA1UdIwQY -MBaAFAIr9ZdW0YZXqmSE1HBF0SFbATwOMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggIBAJA+cnD6gTsg/PHmrXXc8/Psa8RffrwFmnldV23fJECe011K -GPNI/GMszCPMeV1EVHfhxNulYBMfdacfNSr14TI2y1ErCwFfISRCNPLEDHX5JqVE -HHuCIKYq6XV3tHX4bLcq7qprQp3bq7LaqYcktfpN4eoxSwNRYPZpMXV1OQepl5jM -wIvP7kWkeCQTFZ/5xt0rWvqnYZ4bQMXB7wqsty7oYzoivsUcpgzeUnmDO9Ad0g1q -QsW8hcLxwChzcV+DtHjX1d1hP6NbZtlUOkmTwYMWdx6+8IFG6WeIMfjouXqNI4fj -5R/IJ+KqrRMBsRagDR4PPnIZEb21g/0nqF+YKGrIyiUu2+4yN8R/qXFQfQ5yYoB5 -d4P6PokqOQhyNq8oAKYK0iMU8Ju9mG2CjjS/W6HKqVfaE80foZBs0ohGZ7eh045Y -pCQh/Bwi5StECKk82TXHSQNjZaWlQsXYbVHM/uoJ6Rh38Lmn9CqjhRH9dKkOcMP9 -NWmDAnTnTko37li0Sr92hZoyKc77MNYBp15KlKGA3B+dPqu0pgMznVK0B1ddt9z3 -/hRHR6YSpULAB9NelAk8r556Sx6OFM9hC4i3OewJwoJBtyIrBHd1UEkq43FUuzug -DeOzb/dT46OKlXNdLK1Idpeh92f29vV0duHqJCd2HQ1OvMHlPY0c77Cpq8SC ------END CERTIFICATE----- diff --git a/certs/ca.rsa4096.key b/certs/ca.rsa4096.key deleted file mode 100644 index 1f334c9..0000000 --- a/certs/ca.rsa4096.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC9TYyKDqpe1jP0 -ZrnGEff6NAT9AFxQ+hKUUG7r33JP5mRIBFS6eDVlHSnzDgS0/yDgC9vdigprN3cu -VwIFAO1FP/01NrxbPpyn93s6Bla8Z4RbXQSEog6bxt4FJZiLSp2LrGdcEwkSKvH3 -nyUf+/7NcugpReZFZtiN13ziKAtW9NZuHhQODfqqtU3vNgrpeMj+TeSG8CpmHn/C -Qr1cgCXBZMi2DKkmMJfGVw2wznkPRRU8spR+Vpkh/JzZ7jiT1PdlMUT/ivkpWYKI -/M+EkMWGRe9tVAUucZiUn5LP4dsAQz5YTXQN0Zs+7ZJadOSHeohgmZ7BYa7Kdxr/ -+H9tf+13J5Y7A/oY1mAwFLD86nP/3lrEUr9Znl/oXIhTkrde+5oWdDLgtp5xAGfj -cRX4OHoBMHINICbTnxwdqifcU4itHxOXTu6AN7oASOM7hLMz03BrHKQ3qnSKDwen -6RF5XHwuv8wF/QvqhjTQsP2nM/eHb4BO7PCLj7Zn/GEM6bx/+3PItIHvAWuUKbcI -/cw16X9pX4/W9Iqx0w0doc0mnCBWyMhUGNyFcqQkcfw3ERCijH/2UHcHtiHB9n0r -GZx77ypoLq96MQnTRtip+w1yxMM0AdSZTIl+zAEPqFaQ8tVrONtFWoLMc+TjoubL -ODH64rKKysXqutyH3yFwCJY4yH86RQIDAQABAoICAARj+A57qJfqf+n7N/PQFuBG -tJbpmzqFkki+VNRDqnMP9ON2tkBc6WAe/QoWGSXZhPmtTLwmp3c1Ih6BBhr3mokw -or7JNjUnjpqWstT1sK1N+VPlJGWvHIegZSXZaWBRqrXCmeMYze0N8e68UjAbuB0r -vRa3+E9Dw2IGzW6xXxH1O8PyDqUEzfuHmPcjWb1wf7jmNZarm1AjBPOMeLfcgQOr -Qrx2LrYkCmEfQ8IGB+jCwWtW+Pq1J3gSU9D6JXXISrSeH+uNXZoH6W8j7ew1L1+d -35+5gyVAnTlVOiJ4KownAxspMLfhVKhw+iP+8g3yWZdj+LqjeVpYyNeG++2eOfOv -QIjlEO06g5c32YdxYnqzKLxd6YSQ0POI/io7QgqOusaQIxWW5SG0oJHIxAoe32tc -hdkCGXWBSKy1+VxV7GeHiX38eSc4bgFsozdlsX8BrFCQItPNcWmz3wfFyFgq8HJT -4RgIdpQieb0V29GA+MR5lqvSFQt185eM76cmSu9k1NDuqfac8SloslLT6r2DDieG -YYLvAkwNhW2l+mFHznHlEsueX10ywXWMDEWLKqRfCL+ElBUQ5fq7huCuupVnbLkS -/iqiaMEQwD+vxNCH4mQmhoo2OzSPi4Vrivf41KbcU8dnSb+x7E5tT0lGoT2VTaXx -cOUA8BCfZwDe2rb27m9BAoIBAQD2cQUvKuC/tiW/jMSISFALXWoftZJAvRyP9D3J -ddYl7O5ify1MQwhZuyTuJqsA5FCxmECsQ351qvhwHfq/ukCGJAw4lBKrZR2LuqDP -JguJ9tsFA9Cu8ytbbKDGHynPGnyZ2MrV84ul6iNIAOMe+YFGA6T6HlDchpFV9xcJ -S8mbe0iBA8UrQmlzNgVl3lU1sVM4EtAmO/ydRpgeqn6JS3GJjMBvKRL2evTsrAUG -aEiFC1h7GZWf5/DFMIodDit+QAELUog+b+uAD93CRwDoY5w7RyaqM+SEYki3IePF -5Tg+1jVVI+0qdjRIM8GAKH34i2e4zrTMjgjKXz7PIt9eaMp7AoIBAQDEpS9/nlPN -xLIsmDaLnYZ0GGEp9n+P6CBbHPlAc8FLWLpxFnEPoAX/N8pps4gCxypxLGdosYvx -KLmqMenIOqSF5odjTFUHaMixmRqOU8a+IvRlM/MQL1MIXchY0lGxqDgoEY/GUYh3 -jh6oKVYjbkkiOGJpPm6+IBc8Gx/9uzURHUGi1jNz10FOIMHeZuZ2jlNejlIrvgYV -MG4IhSOpyHuPSO8WVeCcuU2VLOVWFDgQBmBOBZb5aw7q9wkjFFrhvIIiJMFYbjRS -sHiuleOYg0rSOclo1SHmmI0putJDEJaEWqpzqSYUNglbFaJSj4PlkQhGtXOZ6odB -SOIXKZyBblI/AoIBAQCRPzeQ/zKLi21gIjVLJWOX7yy3F6rlYRBOf+NSs5LNs4Ek -qFQoWHG5gSVY/41V7zroERY88WK9M1FNsz2wdrPE28YgKpV+UxBA5HQW4xN18vpP -UFpUYpmxPqrbWk6n87JwcmfKBcrOtNqqe2thPCjG/SrlB60c7GsIQaNgJTzj2Jt4 -/qHcxz2jW7l+urV5+dNUfzIS9tQCVjMeD9qYTNDUAxL/8TNt9jYYr6IejqP/VhqG -IyQepPMxJVShn1JfDJYQ+Em4kvo39iH7eSG91cek4GCXfBI5PDwjQ2QdpOWrk1DH -p28G0bgqveZUBImKTY+KSrogva3MqKo6JxGDcTu1AoIBAFo5A/sEtKSjS7CEQfp6 -0vavPN1Y+JwZP8cuGvpEYfplAl3ikws9O6MmgNtQgOXtZX65hdSWKYQDUHRTJFU2 -+sdoxtN7cUPOAs7hVTraG0SfmwxX8nyJigo7pTGDhfICIYnYzOOMAxX/gfdbx+bH -sgxeXGC3QW5AIQj11Q7Adw+cIcJJjx/mMlNbWjfldHYOxReMKw1gyT+tkb6c/4jl -sDNEnlXcHwspRfxctfhxnGtV0ZfanrNfOF/76hhLPYt2xypNPNyK67zItQY9RUhz -bL/ZvZw4ta4sbhAoZFJa6QRe6PfaMttxE4fT/D7vE/AfQ/HVTO3gmiANBZblA6aq -7FcCggEAMbLEB2W39P9/WhLdkIytlZ6nisDr9iF+GWIx3xQC0+lNfsVyGUKmqhwI -3jswL/tuKzghszVWHE3TCvxVr6oSTjs+h4F18bsGcUhfOQCJ/SUQPvVJ4hysmaXT -edHVDR1C/b42qIZaOYAeMsuJeFGiydj/O74CwtVW0dwruemuOieK/9QR7sAD75/V -cgAnFwyWPKIzHs5fCTlbtJulZjGuuHxSWZ66iRj1TBHfUmyz/ywZpkSy+7j4nCQ3 -KBFVf6ow/NIuJlYKuiYTWheYk2JXDnYuWGzDyht+em/F5WUHW/QMQAjcVaoxGhv1 -fx1HRkb6kIP7zpLaXKNJjHkbQLPL5A== ------END PRIVATE KEY----- diff --git a/certs/rustcryp.to.rsa4096.ca_signed.crt b/certs/rustcryp.to.rsa4096.ca_signed.crt deleted file mode 100644 index 91988e2..0000000 --- a/certs/rustcryp.to.rsa4096.ca_signed.crt +++ /dev/null @@ -1,38 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIGszCCBJugAwIBAgIUbq8paFssW4RHGb6JM15HbfQgTFYwDQYJKoZIhvcNAQEL -BQAwdDELMAkGA1UEBhMCWFgxCzAJBgNVBAgMAllZMRMwEQYDVQQHDApBbnRhcmN0 -aWNhMRMwEQYDVQQKDApSdXN0Q3J5cHRvMRUwEwYDVQQLDAxDb250cmlidXRvcnMx -FzAVBgNVBAMMDmNhLnJ1c3RjcnlwLnRvMB4XDTI0MDQyNDE1NTAzOVoXDTI1MDQy -NDE1NTAzOVowgZUxCzAJBgNVBAYTAlhYMQswCQYDVQQIDAJZWTETMBEGA1UEBwwK -QW50YXJjdGljYTEVMBMGA1UECgwMQ29udHJpYnV0b3JzMRAwDgYDVQQLDAdUZXN0 -ZXJzMSAwHgYJKoZIhvcNAQkBFhFoZWxsb0BydXN0Y3J5cC50bzEZMBcGA1UEAwwQ -dGVzdC5ydXN0Y3J5cC50bzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB -AMV97RVGkaTvpNZKhzBAFVU1iRBtnESqnQapIQmuv/vxn/b0ldgCc3E44UATupzp -THurOIY7f/lyc4nzafsLYhFpYySsRpGodL9sHddM8RBKaTM63eqkLU+pegb4f0Hf -YISfdWdEYScgRMeDfp/UhAOU7QMsJp0bywic0qLI+tJSjEEPz974lbEfD2wjDLtg -+VmPzW4AD1TlbTk7tJqkG7T6vqC3772rPfVE7bu4lvX4YTFDSHbX0/rue/QnebzC -qrLkSZHFhb48sc6vPsdAOKTzKeyAEcYpy4yqRy746k1yFGW/2o2VDdEQKtqX0mlH -V/UqPfjWq2JmnKQr0+0sTLp0MPU39hazeng0vQ7q9gCK7pV+InRpUtR13EjH0J1d -WDLXrNmrdnVOudMAbaC5C6JGMZMmxuQs9GiuAKf/SRj9R59GIKdhN42O1m0oGB/e -xj2VFXxevVldEpuauA21qfcYnO/8NrCDzp+QLX56cnhScH+o6V1K4B8njjD8Ehdc -cLZzMaW62RzaFwx5+GCAF9HeoMiBXk/2QGVyqhFLPTSAJ7BEqPKEusCS9cuIgMrU -PPfBKEVboRj4S1e75Z98GeuBKKP1UfMvTEGbOww8FdYE1FPSqjTIhlZZ/Lnstzc6 -vBqtSy8ghhh7eBsJ39MQ8FBrCVwysTQjNqv+RiHZO6SDAgMBAAGjggEZMIIBFTAM -BgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIGwDAdBgNVHQ4EFgQUQy01BMF7zjnlrQAc -4/D00DU0vr0wgbEGA1UdIwSBqTCBpoAUAiv1l1bRhleqZITUcEXRIVsBPA6heKR2 -MHQxCzAJBgNVBAYTAlhYMQswCQYDVQQIDAJZWTETMBEGA1UEBwwKQW50YXJjdGlj -YTETMBEGA1UECgwKUnVzdENyeXB0bzEVMBMGA1UECwwMQ29udHJpYnV0b3JzMRcw -FQYDVQQDDA5jYS5ydXN0Y3J5cC50b4IUYwbIsHSBxdFxuzRJnBbyNIkdDZMwJQYD -VR0RBB4wHIIPd3d3LnJ1c3RjcnlwLnRvgglsb2NhbGhvc3QwDQYJKoZIhvcNAQEL -BQADggIBAISod7roIUqts+9TWQAwBXt3pNaEGKLVabIN+AxeaP/1kPoefZV/VqUA -kqEpQLH9Yfhe7rKtGAKYYoZmjePmNHoo8aIUXLG9HVqCDwBKZ/at69GdEZMIoP0r -lq+v0inMJ4q/mrgc9GLq7gyvLP97qPAQRlhIoCioT7lzBNxn4+mZ/8rlMfKq4gqQ -7B2GVtgA1G/EIt4JCZdnjieWz0/+HoQBD9MuTwYilBYarkAgdfvFKFNLlL9oSjVp -6CYJZGhzODQKxUy6MABgsvGtOkZPwnWPO6VBeR8RBFF09npjTk7W0Pr47Q0Vkd82 -lSvoGD1B0vme7baJVvzJKCyyJVGraZ/1aJftS2t+8A3XIeajgnoLp+Glhi8gVT3o -URAA4WTIFnqkswyPS2rzttChuNUwRjm2GhrTwD3uEri16NV8mjilL3CbxJhjbUaB -pX1D4phoEvGMudK9aXI9UXYaa0BRbI6ha6lQoKlMk7LG9zaroEtakaPcJwYCKufG -CZ2FK0e+vwnNDwOD5gWHCKHxCrWaLX5obZ4oKvl5rEw+R7/YiSySBEqrCK9aLgW1 -M7Yg8C8wUhW+3MtoQBrvOcODpNDfnOgkXaWlKZVY3PB2SN+2ICFsnrsSOK98lC6v -bIZ7Wf0o6/As83B9HBqvlg2wx20DVpnHZU7cZ2Iy/VSYxP8qirxd ------END CERTIFICATE----- diff --git a/certs/rustcryp.to.rsa4096.csr b/certs/rustcryp.to.rsa4096.csr deleted file mode 100644 index 84d5bab..0000000 --- a/certs/rustcryp.to.rsa4096.csr +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIIFAjCCAuoCAQAwgZUxCzAJBgNVBAYTAlhYMQswCQYDVQQIDAJZWTETMBEGA1UE -BwwKQW50YXJjdGljYTEVMBMGA1UECgwMQ29udHJpYnV0b3JzMRAwDgYDVQQLDAdU -ZXN0ZXJzMSAwHgYJKoZIhvcNAQkBFhFoZWxsb0BydXN0Y3J5cC50bzEZMBcGA1UE -AwwQdGVzdC5ydXN0Y3J5cC50bzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC -ggIBAMV97RVGkaTvpNZKhzBAFVU1iRBtnESqnQapIQmuv/vxn/b0ldgCc3E44UAT -upzpTHurOIY7f/lyc4nzafsLYhFpYySsRpGodL9sHddM8RBKaTM63eqkLU+pegb4 -f0HfYISfdWdEYScgRMeDfp/UhAOU7QMsJp0bywic0qLI+tJSjEEPz974lbEfD2wj -DLtg+VmPzW4AD1TlbTk7tJqkG7T6vqC3772rPfVE7bu4lvX4YTFDSHbX0/rue/Qn -ebzCqrLkSZHFhb48sc6vPsdAOKTzKeyAEcYpy4yqRy746k1yFGW/2o2VDdEQKtqX -0mlHV/UqPfjWq2JmnKQr0+0sTLp0MPU39hazeng0vQ7q9gCK7pV+InRpUtR13EjH -0J1dWDLXrNmrdnVOudMAbaC5C6JGMZMmxuQs9GiuAKf/SRj9R59GIKdhN42O1m0o -GB/exj2VFXxevVldEpuauA21qfcYnO/8NrCDzp+QLX56cnhScH+o6V1K4B8njjD8 -EhdccLZzMaW62RzaFwx5+GCAF9HeoMiBXk/2QGVyqhFLPTSAJ7BEqPKEusCS9cuI -gMrUPPfBKEVboRj4S1e75Z98GeuBKKP1UfMvTEGbOww8FdYE1FPSqjTIhlZZ/Lns -tzc6vBqtSy8ghhh7eBsJ39MQ8FBrCVwysTQjNqv+RiHZO6SDAgMBAAGgJzAlBgkq -hkiG9w0BCQ4xGDAWMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQsF -AAOCAgEASGifAqMR/bb+vwvvOFMbogzvG68VdIOoaZvo7cgfrJu6nnk/wH8wZRVT -dpBOaA9KvgethCy3Y4H7LiRtbG6sdED+xDpZJNfjEXvh3BK+zCVlDVboiMPOs2Y2 -838UN5A5a1x8TeLw7K0mXKt7Jk1fjM7+hr0broA1NBLZcGyiDqtC5GfTlONe1tjY -vCKuxsTpwYdDQzsMrJCSBXb8oQtlopcMqwtC+B3JGV/NifGRn69hIuXeCW+a9sLd -IYKReQyO2yMq17NZ/f3hDjXAjO/zkXyh6GdoKYBihZT72sq/hDuX8rSze6mKl3KO -GX5R7OfXKqdINrC4RIGpZL0SVF4T7lq79pF4+mCdMgTApBtjIxADg2OXrVER1od/ -ba98lU8xtW7JKjqzcyQVvao30fuv86mT1miehxnYyP8pjtsFawOflEdYrxrwIKcX -OuRm8DDvjLN3sgH/JnTBP/OtQroDs8V5gGg4vnDY1/V8R5rv+ztEJ4qzNJf4pRwe -YqjBqlbDtk5ic6iJllh5A2XGjUnGPcz5XG762CEDXv0HwYTrQ0umV/A3IQu13c/u -BtOCc6tUYbEKY4dPcOU93aHZq7ODU4MgARA3DlGoNYj8WzI0woYj9QxzqiINyrPk -lzZySmiVP9vwsZWwe9xCmlx+cbzWvhmBVSwV2a52b7NEVyNDKbM= ------END CERTIFICATE REQUEST----- diff --git a/certs/rustcryp.to.rsa4096.key b/certs/rustcryp.to.rsa4096.key deleted file mode 100644 index da8d19b..0000000 --- a/certs/rustcryp.to.rsa4096.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDFfe0VRpGk76TW -SocwQBVVNYkQbZxEqp0GqSEJrr/78Z/29JXYAnNxOOFAE7qc6Ux7qziGO3/5cnOJ -82n7C2IRaWMkrEaRqHS/bB3XTPEQSmkzOt3qpC1PqXoG+H9B32CEn3VnRGEnIETH -g36f1IQDlO0DLCadG8sInNKiyPrSUoxBD8/e+JWxHw9sIwy7YPlZj81uAA9U5W05 -O7SapBu0+r6gt++9qz31RO27uJb1+GExQ0h219P67nv0J3m8wqqy5EmRxYW+PLHO -rz7HQDik8ynsgBHGKcuMqkcu+OpNchRlv9qNlQ3RECral9JpR1f1Kj341qtiZpyk -K9PtLEy6dDD1N/YWs3p4NL0O6vYAiu6VfiJ0aVLUddxIx9CdXVgy16zZq3Z1TrnT -AG2guQuiRjGTJsbkLPRorgCn/0kY/UefRiCnYTeNjtZtKBgf3sY9lRV8Xr1ZXRKb -mrgNtan3GJzv/Dawg86fkC1+enJ4UnB/qOldSuAfJ44w/BIXXHC2czGlutkc2hcM -efhggBfR3qDIgV5P9kBlcqoRSz00gCewRKjyhLrAkvXLiIDK1Dz3wShFW6EY+EtX -u+WffBnrgSij9VHzL0xBmzsMPBXWBNRT0qo0yIZWWfy57Lc3OrwarUsvIIYYe3gb -Cd/TEPBQawlcMrE0Izar/kYh2TukgwIDAQABAoICABv7/IjLv56OAJ8G34IkSoGQ -/PORfJe0T1zewVo0Y2rpcZ/WR5dcvYv5Id3pDcPnQRmzCObobnlj0OBm2AklM0fB -VbWgHb3ND4ICaXYVJoGG8cI7IK/7hJopqytqsemdI/mW+NVhuJyJM4XL6bjvLaeu -Rilxa6VOh2YYhrZfYT9FSC999JglRFzdSFur2cWBd8PLnzHrm0CN4/y8q5pQD8cE -0tdGSRfouHZVRpSXkviWsfr/jDie26BOg8z0fQkU0ohX1d7sjMeIpS9i4LPuMziY -ZkPnX91jFb9Ab6bFybmgpShH18nBKbyKnG/uHHgjjmCklDR7Ar0GSkLvHPAaG2L+ -gefu74dAk9rZSwQk71omD07u/ogRXBypBqCG/JTXRlYYS52JIc7GIiQNH5Xsl84N -Jw5BCMSZKJS6Wcqk1BcXUUXTSeVeSk1IKqr+elLHAguKaHORoTkBcccwlwNgWwS0 -pi5/uf3taacE1jwmUnsx+cWQh3t5Er+6q/Kj/yOEsMZPtNFNbJRUpvy8EIyHuEGp -zcRubWjk/p5/3QsiFR9r4STQ02l6Atu6IsOUj3fDmj/H8j31XBN0qLVkXY/Ukr6N -uLPU0eACCJAnCLr17XgYCJ5sD4UFFebDxEDXNztJ9fCG5eWvebyo2227Ewdkp5Nj -2d5n6RKa8DcPppXTruJtAoIBAQDroD4uJgkxpXT6RDf7ElBopS1ODbGdZcm30QEr -rsUx8rVvguxmIaNCVwkY2VSuPjMj9+J6A81wnlhMSIfcNSwQkaQzrAJO4Rd9bKeg -n9H1PIXZSrae6Cr1ilsXqjl0k1VS6dx4YOjFvAcOlpcMqcrtH+WGf0vTGViE2oHO -VftIas2JrUrE4HXdbcSWoCPgAZhj3x673EsPVc0NgekuCpiHAZfhouuv9samd4r8 -GEebJJyB+V0uRIyF/16lJtkxJlRrL+AIDAKjvVRBAJrUoK7jFLWuTLkWHqRVG+Mj -czh+l+2J3NURlYsFcVH1AKOsJi99bennFaRuLc4/t1F3/DU3AoIBAQDWkY6y04/2 -7u1yTHjvb0VNBEFvJ7Yh8YjpiWWV9Ef1DqTZ+1Dc+yzwJV1TOWhcvR/TLKBBm+KR -PoLecfRC0I3gZGgHUAELH9JV1el//ZVQrzUU3+5BtMXMFqUmBiAGhoKvm5XMddfb -oszQj8dBtvADKfA7OSaVJJPmnzGHvy7XmiaX+HeDcqgHMmNNSkyURDkelqb+5IxT -uPmcO/29gYT39i25dAmvuF0xPsmE+kcD1eVWegP9SK2Pxmj0Ci2tv81hOOl8czII -aCYxVgYYevuP8Po89NnOsNywH5QMLqh8kNTjMEFLApPeJO1tq+JPxUoWabHl9I+H -FefExSmpYnEVAoIBACne+e29eJjH7Dek88W8BWnzIE/kgxGTSvtNOsYGcqhjlvZP -765ef+KEEOvHgxLLns7fd/Fyx4khulMj+HCbSk9Pcjx0bpyRx1jUfB1BCVBpBugM -LNOkMi4b/gAAkeEzZVAsmq8RmYu51A81l3X6nkLxDhqOeGz07hP9uF9wTA0cXZX/ -o2/E620D2pFht75QykHFHnMHvJbnCl9CHKu/2kbzc4f3KabFVZuzVpFhxye8o8s9 -At/78nTFYo46jxH627mIcmk7qSRrupMqhlkOjMVxoq9slt9lZpJxODXOfdWRLfb3 -tS1Aw8mdz5CYIn2u83V4mL4lzGh/30zXSLTnrpUCggEAU253ySsgYIkZBQedQqTG -kqLj+p+7X0l2zjAhswQwcqZGDYh+Md7s41f0COdaoCzd0hQZIEnH+GgRJQO0UcKc -WDNSi/1c2oF+HOg3ihAFXkEyZ7KHBz+OZcQsZTOegksNR9E8lyr/SyTrdPFjLjc+ -7kwBYFXhnb6CT/t4m+sIAMes2AzCE/eiRGIgYK5SRpiciTtVJemicu+LB2gASw6w -sGYl82WeWphajEp4u19B+8jRCyYYpQT8j9o7dyD6EARzjKk/iKeWPdSZfTeQ2TYA -2UB/XPJsOsVkmos82tvNodoDHW/nA462BnvfYnSiZBg3ra1dgiftIz6uR0HO6FEh -3QKCAQEAowOC/kOn5Au19TvLk+B0Rbw257cy/zSP6BX4kLOvYtTpk1nhTAJ96EO6 -iliuZCQNy1gSrWTO25m8qkZAoX/vZ9upJUQBQM+xeKCVwjFUyDffowcF3z3xUdG5 -LP9sNnE6xWm/ajLhqzgOgAklGldtIpB8Gwonrg5+zwbpHw+9Ngf9qzQgOQHNFjSd -g8sZnJ5CMMqJaPuBbvke5sxObcrpQetWPSIUu7Pyo1phY5jPSTzSVp995j2bb8YZ -dGc1e6gCa9YlNXT0EkqYZ9oMv1ccTpLThiYK8NGNK4QawlgfdYCXZal2uIjG5Jq/ -nHim1MXMqeXVYn84AbwxehVgM6aaDw== ------END PRIVATE KEY----- diff --git a/tests/bare-ping-poing.rs b/tests/bare-ping-poing.rs deleted file mode 100644 index 96eb3d6..0000000 --- a/tests/bare-ping-poing.rs +++ /dev/null @@ -1,125 +0,0 @@ -use std::io::{Read, Write}; - -use std::fs::File; - -use openssl::ssl::{SslFiletype, SslMethod, SslStream}; -use std::net::{TcpListener, TcpStream}; -use std::sync::Arc; -use std::thread; -use std::time::Duration; - -use rustls::pki_types::CertificateDer; -use rustls::pki_types::ServerName; - -use rustls_rustcrypto::provider as rustcrypto_provider; - -#[test] -fn vs_openssl_as_client() { - let listener = TcpListener::bind("127.0.0.1:0").unwrap(); - let server_addr = listener.local_addr().unwrap(); - - let mut ca_pkcs10_file = File::open("certs/ca.rsa4096.crt").unwrap(); - let mut ca_pkcs10_data: Vec = vec![]; - ca_pkcs10_file.read_to_end(&mut ca_pkcs10_data).unwrap(); - let (ca_type_label, ca_data) = pem_rfc7468::decode_vec(&ca_pkcs10_data).unwrap(); - assert_eq!(ca_type_label, "CERTIFICATE"); - let rustls_cert_der: CertificateDer = ca_data.try_into().unwrap(); - - // rustls-rustcrypto Client thread - let client_thread = thread::spawn(move || { - let mut root_store = rustls::RootCertStore::empty(); - root_store.add(rustls_cert_der).unwrap(); - - let config = rustls::ClientConfig::builder_with_provider(Arc::new(rustcrypto_provider())) - .with_safe_default_protocol_versions() - .unwrap() - .with_root_certificates(root_store) - .with_no_client_auth(); - - let mut conn = rustls::ClientConnection::new( - Arc::new(config), - ServerName::try_from("localhost").unwrap(), - ) - .unwrap(); - let mut sock = TcpStream::connect(server_addr).unwrap(); - let mut tls = rustls::Stream::new(&mut conn, &mut sock); - - tls.write_all(b"PING\n").unwrap(); - - let _ciphersuite = tls.conn.negotiated_cipher_suite().unwrap(); - - let mut plaintext = Vec::new(); - tls.read_to_end(&mut plaintext).unwrap(); - - assert_eq!(core::str::from_utf8(&plaintext), Ok("PONG\n")); - - return; - }); - - let timeout_thread = thread::spawn(move || { - thread::sleep(Duration::from_millis(100)); - panic!("timeout"); - }); - - // OpenSSL Server Handler - let server_thread = thread::spawn(move || { - for stream in listener.incoming() { - match stream { - Ok(stream) => { - let mut ssl_context_build = - openssl::ssl::SslContext::builder(SslMethod::tls_server()).unwrap(); - ssl_context_build.set_verify(openssl::ssl::SslVerifyMode::NONE); - ssl_context_build - .set_ca_file("certs/ca.rsa4096.crt") - .unwrap(); - ssl_context_build - .set_certificate_file( - "certs/rustcryp.to.rsa4096.ca_signed.crt", - SslFiletype::PEM, - ) - .unwrap(); - ssl_context_build - .set_private_key_file("certs/rustcryp.to.rsa4096.key", SslFiletype::PEM) - .unwrap(); - // https://docs.rs/openssl/latest/openssl/ssl/struct.SslContextBuilder.html#method.set_cipher_list - // https://docs.rs/openssl/latest/openssl/ssl/struct.SslContextBuilder.html#method.set_ciphersuites - ssl_context_build.check_private_key().unwrap(); - let ctx = ssl_context_build.build(); - let ssl = openssl::ssl::Ssl::new(&ctx).unwrap(); - - let mut ssl_stream = SslStream::new(ssl, stream).unwrap(); - ssl_stream.accept().unwrap(); - let mut buf_in = vec![0; 1024]; - let siz = ssl_stream.ssl_read(&mut buf_in); - - let incoming = match siz { - Ok(i) => buf_in[0..i].to_vec(), - Err(_e) => panic!("Error reading?"), - }; - - assert_eq!(core::str::from_utf8(&incoming), Ok("PING\n")); - - let out = "PONG\n"; - ssl_stream.write(&out.as_bytes()).unwrap(); - - ssl_stream.shutdown().unwrap(); - } - Err(_) => panic!("Server connection failed"), - } - return; - } - }); - - loop { - thread::sleep(Duration::from_millis(10)); - if client_thread.is_finished() == true && server_thread.is_finished() == true { - break; - } - if timeout_thread.is_finished() == true { - panic!("TIMEOUT"); - } - } - - client_thread.join().expect("Client thread panic"); - server_thread.join().expect("Server thread panic"); -} diff --git a/validation/README.md b/validation/README.md index 4670c20..913e210 100644 --- a/validation/README.md +++ b/validation/README.md @@ -6,6 +6,7 @@ between rustls and rustcrypto-rustcrypto provider under different targets. | Crate | Description | | :--- | :--- | | consumer-no_std | Basic consumer library aiming no_std environment | +| local_ping_pong_openssl | Local tests against OpenSSL reference | These live in the workspace due to different dependency requirements between tests where development-deps may pollute the integration under test. diff --git a/validation/local_ping_pong_openssl/.gitignore b/validation/local_ping_pong_openssl/.gitignore new file mode 100644 index 0000000..9f787f5 --- /dev/null +++ b/validation/local_ping_pong_openssl/.gitignore @@ -0,0 +1,6 @@ +target +certs/*.crt +certs/*.key +certs/*.pfx +certs/*.srl +certs/*.csr diff --git a/validation/local_ping_pong_openssl/Cargo.lock b/validation/local_ping_pong_openssl/Cargo.lock new file mode 100644 index 0000000..d6eebf0 --- /dev/null +++ b/validation/local_ping_pong_openssl/Cargo.lock @@ -0,0 +1,1046 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 3 + +[[package]] +name = "aead" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d122413f284cf2d62fb1b7db97e02edb8cda96d769b16e443a4f6195e35662b0" +dependencies = [ + "crypto-common", + "generic-array", +] + +[[package]] +name = "aes" +version = "0.8.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b169f7a6d4742236a0a00c541b845991d0ac43e546831af1249753ab4c3aa3a0" +dependencies = [ + "cfg-if", + "cipher", + "cpufeatures", +] + +[[package]] +name = "aes-gcm" +version = "0.10.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "831010a0f742e1209b3bcea8fab6a8e149051ba6099432c8cb2cc117dec3ead1" +dependencies = [ + "aead", + "aes", + "cipher", + "ctr", + "ghash", + "subtle", +] + +[[package]] +name = "autocfg" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f1fdabc7756949593fe60f30ec81974b613357de856987752631dea1e3394c80" + +[[package]] +name = "base16ct" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf" + +[[package]] +name = "base64ct" +version = "1.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b" + +[[package]] +name = "bitflags" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cf4b9d6a944f767f8e5e0db018570623c85f3d925ac718db4e06d0187adb21c1" + +[[package]] +name = "block-buffer" +version = "0.10.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" +dependencies = [ + "generic-array", +] + +[[package]] +name = "byteorder" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" + +[[package]] +name = "cc" +version = "1.0.95" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d32a725bc159af97c3e629873bb9f88fb8cf8a4867175f76dc987815ea07c83b" + +[[package]] +name = "cfg-if" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" + +[[package]] +name = "chacha20" +version = "0.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c3613f74bd2eac03dad61bd53dbe620703d4371614fe0bc3b9f04dd36fe4e818" +dependencies = [ + "cfg-if", + "cipher", + "cpufeatures", +] + +[[package]] +name = "chacha20poly1305" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "10cd79432192d1c0f4e1a0fef9527696cc039165d729fb41b3f4f4f354c2dc35" +dependencies = [ + "aead", + "chacha20", + "cipher", + "poly1305", + "zeroize", +] + +[[package]] +name = "cipher" +version = "0.4.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad" +dependencies = [ + "crypto-common", + "inout", + "zeroize", +] + +[[package]] +name = "const-oid" +version = "0.9.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" + +[[package]] +name = "cpufeatures" +version = "0.2.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "53fe5e26ff1b7aef8bca9c6080520cfb8d9333c7568e1829cef191a9723e5504" +dependencies = [ + "libc", +] + +[[package]] +name = "crypto-bigint" +version = "0.5.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0dc92fb57ca44df6db8059111ab3af99a63d5d0f8375d9972e319a379c6bab76" +dependencies = [ + "generic-array", + "rand_core", + "subtle", + "zeroize", +] + +[[package]] +name = "crypto-common" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" +dependencies = [ + "generic-array", + "typenum", +] + +[[package]] +name = "ctr" +version = "0.9.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0369ee1ad671834580515889b80f2ea915f23b8be8d0daa4bbaf2ac5c7590835" +dependencies = [ + "cipher", +] + +[[package]] +name = "curve25519-dalek" +version = "4.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0a677b8922c94e01bdbb12126b0bc852f00447528dee1782229af9c720c3f348" +dependencies = [ + "cfg-if", + "cpufeatures", + "curve25519-dalek-derive", + "digest", + "fiat-crypto", + "platforms", + "rustc_version", + "subtle", + "zeroize", +] + +[[package]] +name = "curve25519-dalek-derive" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "der" +version = "0.7.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f55bf8e7b65898637379c1b74eb1551107c8294ed26d855ceb9fd1a09cfc9bc0" +dependencies = [ + "const-oid", + "pem-rfc7468", + "zeroize", +] + +[[package]] +name = "digest" +version = "0.10.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" +dependencies = [ + "block-buffer", + "const-oid", + "crypto-common", + "subtle", +] + +[[package]] +name = "ecdsa" +version = "0.16.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca" +dependencies = [ + "der", + "digest", + "elliptic-curve", + "rfc6979", + "signature", + "spki", +] + +[[package]] +name = "ed25519" +version = "2.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "115531babc129696a58c64a4fef0a8bf9e9698629fb97e9e40767d235cfbcd53" +dependencies = [ + "pkcs8", + "signature", +] + +[[package]] +name = "ed25519-dalek" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4a3daa8e81a3963a60642bcc1f90a670680bd4a77535faa384e9d1c79d620871" +dependencies = [ + "curve25519-dalek", + "ed25519", + "serde", + "sha2", + "subtle", + "zeroize", +] + +[[package]] +name = "elliptic-curve" +version = "0.13.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47" +dependencies = [ + "base16ct", + "crypto-bigint", + "digest", + "ff", + "generic-array", + "group", + "hkdf", + "pem-rfc7468", + "pkcs8", + "rand_core", + "sec1", + "subtle", + "zeroize", +] + +[[package]] +name = "ff" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ded41244b729663b1e574f1b4fb731469f69f79c17667b5d776b16cda0479449" +dependencies = [ + "rand_core", + "subtle", +] + +[[package]] +name = "fiat-crypto" +version = "0.2.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "38793c55593b33412e3ae40c2c9781ffaa6f438f6f8c10f24e71846fbd7ae01e" + +[[package]] +name = "foreign-types" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" +dependencies = [ + "foreign-types-shared", +] + +[[package]] +name = "foreign-types-shared" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" + +[[package]] +name = "generic-array" +version = "0.14.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" +dependencies = [ + "typenum", + "version_check", + "zeroize", +] + +[[package]] +name = "getrandom" +version = "0.2.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "94b22e06ecb0110981051723910cbf0b5f5e09a2062dd7663334ee79a9d1286c" +dependencies = [ + "cfg-if", + "libc", + "wasi", +] + +[[package]] +name = "ghash" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0d8a4362ccb29cb0b265253fb0a2728f592895ee6854fd9bc13f2ffda266ff1" +dependencies = [ + "opaque-debug", + "polyval", +] + +[[package]] +name = "group" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63" +dependencies = [ + "ff", + "rand_core", + "subtle", +] + +[[package]] +name = "hkdf" +version = "0.12.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7" +dependencies = [ + "hmac", +] + +[[package]] +name = "hmac" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" +dependencies = [ + "digest", +] + +[[package]] +name = "inout" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a0c10553d664a4d0bcff9f4215d0aac67a639cc68ef660840afe309b807bc9f5" +dependencies = [ + "generic-array", +] + +[[package]] +name = "lazy_static" +version = "1.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" +dependencies = [ + "spin 0.5.2", +] + +[[package]] +name = "libc" +version = "0.2.153" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c198f91728a82281a64e1f4f9eeb25d82cb32a5de251c6bd1b5154d63a8e7bd" + +[[package]] +name = "libm" +version = "0.2.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4ec2a862134d2a7d32d7983ddcdd1c4923530833c9f2ea1a44fc5fa473989058" + +[[package]] +name = "local_ping_pong_openssl" +version = "0.0.0" +dependencies = [ + "openssl", + "pem-rfc7468", + "rustls", + "rustls-rustcrypto", +] + +[[package]] +name = "num-bigint-dig" +version = "0.8.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dc84195820f291c7697304f3cbdadd1cb7199c0efc917ff5eafd71225c136151" +dependencies = [ + "byteorder", + "lazy_static", + "libm", + "num-integer", + "num-iter", + "num-traits", + "rand", + "smallvec", + "zeroize", +] + +[[package]] +name = "num-integer" +version = "0.1.46" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f" +dependencies = [ + "num-traits", +] + +[[package]] +name = "num-iter" +version = "0.1.44" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d869c01cc0c455284163fd0092f1f93835385ccab5a98a0dcc497b2f8bf055a9" +dependencies = [ + "autocfg", + "num-integer", + "num-traits", +] + +[[package]] +name = "num-traits" +version = "0.2.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "da0df0e5185db44f69b44f26786fe401b6c293d1907744beaa7fa62b2e5a517a" +dependencies = [ + "autocfg", + "libm", +] + +[[package]] +name = "once_cell" +version = "1.19.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" + +[[package]] +name = "opaque-debug" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381" + +[[package]] +name = "openssl" +version = "0.10.64" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "95a0481286a310808298130d22dd1fef0fa571e05a8f44ec801801e84b216b1f" +dependencies = [ + "bitflags", + "cfg-if", + "foreign-types", + "libc", + "once_cell", + "openssl-macros", + "openssl-sys", +] + +[[package]] +name = "openssl-macros" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "openssl-sys" +version = "0.9.102" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c597637d56fbc83893a35eb0dd04b2b8e7a50c91e64e9493e398b5df4fb45fa2" +dependencies = [ + "cc", + "libc", + "pkg-config", + "vcpkg", +] + +[[package]] +name = "p256" +version = "0.13.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b" +dependencies = [ + "ecdsa", + "elliptic-curve", + "primeorder", + "sha2", +] + +[[package]] +name = "p384" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "70786f51bcc69f6a4c0360e063a4cac5419ef7c5cd5b3c99ad70f3be5ba79209" +dependencies = [ + "ecdsa", + "elliptic-curve", + "primeorder", + "sha2", +] + +[[package]] +name = "paste" +version = "1.0.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "de3145af08024dea9fa9914f381a17b8fc6034dfb00f3a84013f7ff43f29ed4c" + +[[package]] +name = "pem-rfc7468" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412" +dependencies = [ + "base64ct", +] + +[[package]] +name = "pkcs1" +version = "0.7.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f" +dependencies = [ + "der", + "pkcs8", + "spki", +] + +[[package]] +name = "pkcs5" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e847e2c91a18bfa887dd028ec33f2fe6f25db77db3619024764914affe8b69a6" +dependencies = [ + "der", + "spki", +] + +[[package]] +name = "pkcs8" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" +dependencies = [ + "der", + "pkcs5", + "spki", +] + +[[package]] +name = "pkg-config" +version = "0.3.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec" + +[[package]] +name = "platforms" +version = "3.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "db23d408679286588f4d4644f965003d056e3dd5abcaaa938116871d7ce2fee7" + +[[package]] +name = "poly1305" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8159bd90725d2df49889a078b54f4f79e87f1f8a8444194cdca81d38f5393abf" +dependencies = [ + "cpufeatures", + "opaque-debug", + "universal-hash", +] + +[[package]] +name = "polyval" +version = "0.6.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9d1fe60d06143b2430aa532c94cfe9e29783047f06c0d7fd359a9a51b729fa25" +dependencies = [ + "cfg-if", + "cpufeatures", + "opaque-debug", + "universal-hash", +] + +[[package]] +name = "ppv-lite86" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" + +[[package]] +name = "primeorder" +version = "0.13.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "353e1ca18966c16d9deb1c69278edbc5f194139612772bd9537af60ac231e1e6" +dependencies = [ + "elliptic-curve", +] + +[[package]] +name = "proc-macro2" +version = "1.0.81" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3d1597b0c024618f09a9c3b8655b7e430397a36d23fdafec26d6965e9eec3eba" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "quote" +version = "1.0.36" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "rand" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" +dependencies = [ + "rand_chacha", + "rand_core", +] + +[[package]] +name = "rand_chacha" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" +dependencies = [ + "ppv-lite86", + "rand_core", +] + +[[package]] +name = "rand_core" +version = "0.6.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" +dependencies = [ + "getrandom", +] + +[[package]] +name = "rfc6979" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2" +dependencies = [ + "hmac", + "subtle", +] + +[[package]] +name = "ring" +version = "0.17.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c17fa4cb658e3583423e915b9f3acc01cceaee1860e33d59ebae66adc3a2dc0d" +dependencies = [ + "cc", + "cfg-if", + "getrandom", + "libc", + "spin 0.9.8", + "untrusted", + "windows-sys", +] + +[[package]] +name = "rsa" +version = "0.9.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5d0e5124fcb30e76a7e79bfee683a2746db83784b86289f6251b54b7950a0dfc" +dependencies = [ + "const-oid", + "digest", + "num-bigint-dig", + "num-integer", + "num-traits", + "pkcs1", + "pkcs8", + "rand_core", + "sha2", + "signature", + "spki", + "subtle", + "zeroize", +] + +[[package]] +name = "rustc_version" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366" +dependencies = [ + "semver", +] + +[[package]] +name = "rustls" +version = "0.23.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "afabcee0551bd1aa3e18e5adbf2c0544722014b899adb31bd186ec638d3da97e" +dependencies = [ + "once_cell", + "rustls-pki-types", + "rustls-webpki", + "subtle", + "zeroize", +] + +[[package]] +name = "rustls-pki-types" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "beb461507cee2c2ff151784c52762cf4d9ff6a61f3e80968600ed24fa837fa54" + +[[package]] +name = "rustls-rustcrypto" +version = "0.1.0" +dependencies = [ + "aead", + "aes-gcm", + "chacha20poly1305", + "crypto-common", + "der", + "digest", + "ecdsa", + "ed25519-dalek", + "hmac", + "p256", + "p384", + "paste", + "pkcs8", + "rand_core", + "rsa", + "rustls", + "rustls-pki-types", + "rustls-webpki", + "sec1", + "sha2", + "signature", + "x25519-dalek", +] + +[[package]] +name = "rustls-webpki" +version = "0.102.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f3bce581c0dd41bce533ce695a1437fa16a7ab5ac3ccfa99fe1a620a7885eabf" +dependencies = [ + "ring", + "rustls-pki-types", + "untrusted", +] + +[[package]] +name = "sec1" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc" +dependencies = [ + "base16ct", + "der", + "generic-array", + "pkcs8", + "subtle", + "zeroize", +] + +[[package]] +name = "semver" +version = "1.0.22" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "92d43fe69e652f3df9bdc2b85b2854a0825b86e4fb76bc44d945137d053639ca" + +[[package]] +name = "serde" +version = "1.0.199" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0c9f6e76df036c77cd94996771fb40db98187f096dd0b9af39c6c6e452ba966a" +dependencies = [ + "serde_derive", +] + +[[package]] +name = "serde_derive" +version = "1.0.199" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "11bd257a6541e141e42ca6d24ae26f7714887b47e89aa739099104c7e4d3b7fc" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "sha2" +version = "0.10.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8" +dependencies = [ + "cfg-if", + "cpufeatures", + "digest", +] + +[[package]] +name = "signature" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" +dependencies = [ + "digest", + "rand_core", +] + +[[package]] +name = "smallvec" +version = "1.13.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67" + +[[package]] +name = "spin" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" + +[[package]] +name = "spin" +version = "0.9.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" + +[[package]] +name = "spki" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d" +dependencies = [ + "base64ct", + "der", +] + +[[package]] +name = "subtle" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" + +[[package]] +name = "syn" +version = "2.0.60" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "909518bc7b1c9b779f1bbf07f2929d35af9f0f37e47c6e9ef7f9dddc1e1821f3" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "typenum" +version = "1.17.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" + +[[package]] +name = "unicode-ident" +version = "1.0.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" + +[[package]] +name = "universal-hash" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fc1de2c688dc15305988b563c3854064043356019f97a4b46276fe734c4f07ea" +dependencies = [ + "crypto-common", + "subtle", +] + +[[package]] +name = "untrusted" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" + +[[package]] +name = "vcpkg" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" + +[[package]] +name = "version_check" +version = "0.9.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" + +[[package]] +name = "wasi" +version = "0.11.0+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" + +[[package]] +name = "windows-sys" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" +dependencies = [ + "windows-targets", +] + +[[package]] +name = "windows-targets" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6f0713a46559409d202e70e28227288446bf7841d3211583a4b53e3f6d96e7eb" +dependencies = [ + "windows_aarch64_gnullvm", + "windows_aarch64_msvc", + "windows_i686_gnu", + "windows_i686_gnullvm", + "windows_i686_msvc", + "windows_x86_64_gnu", + "windows_x86_64_gnullvm", + "windows_x86_64_msvc", +] + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7088eed71e8b8dda258ecc8bac5fb1153c5cffaf2578fc8ff5d61e23578d3263" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9985fd1504e250c615ca5f281c3f7a6da76213ebd5ccc9561496568a2752afb6" + +[[package]] +name = "windows_i686_gnu" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "88ba073cf16d5372720ec942a8ccbf61626074c6d4dd2e745299726ce8b89670" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "87f4261229030a858f36b459e748ae97545d6f1ec60e5e0d6a3d32e0dc232ee9" + +[[package]] +name = "windows_i686_msvc" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "db3c2bf3d13d5b658be73463284eaf12830ac9a26a90c717b7f771dfe97487bf" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4e4246f76bdeff09eb48875a0fd3e2af6aada79d409d33011886d3e1581517d9" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "852298e482cd67c356ddd9570386e2862b5673c85bd5f88df9ab6802b334c596" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bec47e5bfd1bff0eeaf6d8b485cc1074891a197ab4225d504cb7a1ab88b02bf0" + +[[package]] +name = "x25519-dalek" +version = "2.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c7e468321c81fb07fa7f4c636c3972b9100f0346e5b6a9f2bd0603a52f7ed277" +dependencies = [ + "curve25519-dalek", + "rand_core", + "zeroize", +] + +[[package]] +name = "zeroize" +version = "1.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d" +dependencies = [ + "zeroize_derive", +] + +[[package]] +name = "zeroize_derive" +version = "1.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] diff --git a/validation/local_ping_pong_openssl/Cargo.toml b/validation/local_ping_pong_openssl/Cargo.toml new file mode 100644 index 0000000..9b224ac --- /dev/null +++ b/validation/local_ping_pong_openssl/Cargo.toml @@ -0,0 +1,11 @@ +[package] +name = "local_ping_pong_openssl" +version = "0.0.0" +edition = "2021" +license = "MIT OR Apache-2.0" + +[dependencies] +rustls = { version = "0.23.0", default-features = false, features = ["std"] } +rustls-rustcrypto = { path = "../../" } +openssl = { version = "0.10", default-features = false } +pem-rfc7468 = { version = "0.7", default-features = false, features = ["alloc"] } diff --git a/validation/local_ping_pong_openssl/build.rs b/validation/local_ping_pong_openssl/build.rs new file mode 100644 index 0000000..d95a530 --- /dev/null +++ b/validation/local_ping_pong_openssl/build.rs @@ -0,0 +1,64 @@ +use std::fs::metadata; +use std::path::Path; +use std::process::Command; +use std::time::SystemTime; +//TODO: use library eventually +//use openssl::rsa::Rsa; + +fn main() { + check_gen_certs(); +} + +fn cargo_target_dir() -> String { + match std::env::var("CARGO_MANIFEST_DIR").as_deref() { + Ok(target_dir) => target_dir.into(), + _ => panic!("CARGO_MANIFEST_DIR required for build."), + } + /* TODO: use target directory when generating w/o shell + match std::env::var("OUT_DIR").as_deref() { + Ok(target_dir) => target_dir.into(), + _ => panic!("OUT_DIR required for build."), + } + */ +} + +fn check_gen_certs() { + let out_dir_str = cargo_target_dir(); + let out_dir = Path::new(&out_dir_str).join("certs"); + + let ca_crt_path = out_dir.join("ca.rsa4096.crt"); + + let mut generate = true; + + if ca_crt_path.exists() { + let now = SystemTime::now(); + let meta = metadata(ca_crt_path).expect("fs metadata"); + let created = meta + .created() + .expect("fs no support to determine ctime from file?"); + let difference = now + .duration_since(created) + .expect("System clock gone backwards"); + + if difference.as_secs() < 364 * 24 * 3600 { + generate = false; + } + } + + if generate == true { + Command::new("make") + .arg("rsa4096") + .current_dir(out_dir) + .spawn() + .expect("make rsa4096"); + } + + // public exponent will be 65537 + /* TODO: remove shell requirement: + let rsa = Rsa::generate(4096).expect("openssl genrsa rsa"); + let ca_rsa = Rsa::generate(4096).expect("openssl genrsa ca_rsa"); + + let rsa_pem = rsa.private_key_to_pem().expect("rsa private_key_to_pem"); + let ca_rsa_pem = ca_rsa.private_key_to_pem().expect("ca_rsa private_key_to_pem"); + */ +} diff --git a/certs/Makefile b/validation/local_ping_pong_openssl/certs/Makefile similarity index 100% rename from certs/Makefile rename to validation/local_ping_pong_openssl/certs/Makefile diff --git a/certs/cert.cnf b/validation/local_ping_pong_openssl/certs/cert.cnf similarity index 100% rename from certs/cert.cnf rename to validation/local_ping_pong_openssl/certs/cert.cnf diff --git a/certs/openssl.cnf b/validation/local_ping_pong_openssl/certs/openssl.cnf similarity index 100% rename from certs/openssl.cnf rename to validation/local_ping_pong_openssl/certs/openssl.cnf diff --git a/validation/local_ping_pong_openssl/src/lib.rs b/validation/local_ping_pong_openssl/src/lib.rs new file mode 100644 index 0000000..355f491 --- /dev/null +++ b/validation/local_ping_pong_openssl/src/lib.rs @@ -0,0 +1,128 @@ +#[cfg(test)] +mod test { + use std::fs::File; + use std::io::{Read, Write}; + + use openssl::ssl::{SslFiletype, SslMethod, SslStream}; + use std::net::{TcpListener, TcpStream}; + use std::sync::Arc; + use std::thread; + use std::time::Duration; + + use rustls::pki_types::CertificateDer; + use rustls::pki_types::ServerName; + + use rustls_rustcrypto::provider as rustcrypto_provider; + + #[test] + fn vs_openssl_as_client() { + let listener = TcpListener::bind("127.0.0.1:0").unwrap(); + let server_addr = listener.local_addr().unwrap(); + + let mut ca_pkcs10_file = File::open("certs/ca.rsa4096.crt").unwrap(); + let mut ca_pkcs10_data: Vec = vec![]; + ca_pkcs10_file.read_to_end(&mut ca_pkcs10_data).unwrap(); + let (ca_type_label, ca_data) = pem_rfc7468::decode_vec(&ca_pkcs10_data).unwrap(); + assert_eq!(ca_type_label, "CERTIFICATE"); + let rustls_cert_der: CertificateDer = ca_data.try_into().unwrap(); + + // rustls-rustcrypto Client thread + let client_thread = thread::spawn(move || { + let mut root_store = rustls::RootCertStore::empty(); + root_store.add(rustls_cert_der).unwrap(); + + let config = + rustls::ClientConfig::builder_with_provider(Arc::new(rustcrypto_provider())) + .with_safe_default_protocol_versions() + .unwrap() + .with_root_certificates(root_store) + .with_no_client_auth(); + + let mut conn = rustls::ClientConnection::new( + Arc::new(config), + ServerName::try_from("localhost").unwrap(), + ) + .unwrap(); + let mut sock = TcpStream::connect(server_addr).unwrap(); + let mut tls = rustls::Stream::new(&mut conn, &mut sock); + + tls.write_all(b"PING\n").unwrap(); + + let _ciphersuite = tls.conn.negotiated_cipher_suite().unwrap(); + + let mut plaintext = Vec::new(); + tls.read_to_end(&mut plaintext).unwrap(); + + assert_eq!(core::str::from_utf8(&plaintext), Ok("PONG\n")); + + return; + }); + + let timeout_thread = thread::spawn(move || { + thread::sleep(Duration::from_millis(100)); + panic!("timeout"); + }); + + // OpenSSL Server Handler + let server_thread = thread::spawn(move || { + for stream in listener.incoming() { + match stream { + Ok(stream) => { + let mut ssl_context_build = + openssl::ssl::SslContext::builder(SslMethod::tls_server()).unwrap(); + ssl_context_build.set_verify(openssl::ssl::SslVerifyMode::NONE); + ssl_context_build + .set_ca_file("certs/ca.rsa4096.crt") + .unwrap(); + ssl_context_build + .set_certificate_file( + "certs/rustcryp.to.rsa4096.ca_signed.crt", + SslFiletype::PEM, + ) + .unwrap(); + ssl_context_build + .set_private_key_file("certs/rustcryp.to.rsa4096.key", SslFiletype::PEM) + .unwrap(); + // https://docs.rs/openssl/latest/openssl/ssl/struct.SslContextBuilder.html#method.set_cipher_list + // https://docs.rs/openssl/latest/openssl/ssl/struct.SslContextBuilder.html#method.set_ciphersuites + ssl_context_build.check_private_key().unwrap(); + let ctx = ssl_context_build.build(); + let ssl = openssl::ssl::Ssl::new(&ctx).unwrap(); + + let mut ssl_stream = SslStream::new(ssl, stream).unwrap(); + ssl_stream.accept().unwrap(); + let mut buf_in = vec![0; 1024]; + let siz = ssl_stream.ssl_read(&mut buf_in); + + let incoming = match siz { + Ok(i) => buf_in[0..i].to_vec(), + Err(_e) => panic!("Error reading?"), + }; + + assert_eq!(core::str::from_utf8(&incoming), Ok("PING\n")); + + let out = "PONG\n"; + ssl_stream.write(&out.as_bytes()).unwrap(); + + ssl_stream.shutdown().unwrap(); + } + Err(_) => panic!("Server connection failed"), + } + return; + } + }); + + loop { + thread::sleep(Duration::from_millis(10)); + if client_thread.is_finished() == true && server_thread.is_finished() == true { + break; + } + if timeout_thread.is_finished() == true { + panic!("TIMEOUT"); + } + } + + client_thread.join().expect("Client thread panic"); + server_thread.join().expect("Server thread panic"); + } +} From 507b0bc8c11b6de2e4c6152d1fc2b9dde2cdaefe Mon Sep 17 00:00:00 2001 From: pinkforest <36498018+pinkforest@users.noreply.github.com> Date: Sun, 28 Apr 2024 10:14:50 +1000 Subject: [PATCH 04/23] Weird problem with dev-dependencies declaration --- Cargo.toml | 2 -- 1 file changed, 2 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 0febdff..b50d4a9 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -43,5 +43,3 @@ std = ["alloc", "webpki/std", "pki-types/std", "rustls/std", "ed25519-dalek/std" # TODO: go through all of these to ensure to_vec etc. impls are exposed alloc = ["webpki/alloc", "pki-types/alloc", "aead/alloc", "ed25519-dalek/alloc"] zeroize = ["ed25519-dalek/zeroize", "x25519-dalek/zeroize"] - -[dev-dependencies] From bcb4410b6409e2e8aaa149af0c244585ec672de4 Mon Sep 17 00:00:00 2001 From: pinkforest <36498018+pinkforest@users.noreply.github.com> Date: Sun, 28 Apr 2024 10:25:37 +1000 Subject: [PATCH 05/23] Remove TODO --- validation/local_ping_pong_openssl/build.rs | 21 ++------------------- 1 file changed, 2 insertions(+), 19 deletions(-) diff --git a/validation/local_ping_pong_openssl/build.rs b/validation/local_ping_pong_openssl/build.rs index d95a530..7a6fb9f 100644 --- a/validation/local_ping_pong_openssl/build.rs +++ b/validation/local_ping_pong_openssl/build.rs @@ -2,28 +2,20 @@ use std::fs::metadata; use std::path::Path; use std::process::Command; use std::time::SystemTime; -//TODO: use library eventually -//use openssl::rsa::Rsa; fn main() { check_gen_certs(); } -fn cargo_target_dir() -> String { +fn manifest_dir() -> String { match std::env::var("CARGO_MANIFEST_DIR").as_deref() { Ok(target_dir) => target_dir.into(), _ => panic!("CARGO_MANIFEST_DIR required for build."), } - /* TODO: use target directory when generating w/o shell - match std::env::var("OUT_DIR").as_deref() { - Ok(target_dir) => target_dir.into(), - _ => panic!("OUT_DIR required for build."), - } - */ } fn check_gen_certs() { - let out_dir_str = cargo_target_dir(); + let out_dir_str = manifest_dir(); let out_dir = Path::new(&out_dir_str).join("certs"); let ca_crt_path = out_dir.join("ca.rsa4096.crt"); @@ -52,13 +44,4 @@ fn check_gen_certs() { .spawn() .expect("make rsa4096"); } - - // public exponent will be 65537 - /* TODO: remove shell requirement: - let rsa = Rsa::generate(4096).expect("openssl genrsa rsa"); - let ca_rsa = Rsa::generate(4096).expect("openssl genrsa ca_rsa"); - - let rsa_pem = rsa.private_key_to_pem().expect("rsa private_key_to_pem"); - let ca_rsa_pem = ca_rsa.private_key_to_pem().expect("ca_rsa private_key_to_pem"); - */ } From 56ca97853c445abbf9e2d4a4d22a3c88bf0da091 Mon Sep 17 00:00:00 2001 From: pinkforest <36498018+pinkforest@users.noreply.github.com> Date: Sun, 28 Apr 2024 12:28:47 +1000 Subject: [PATCH 06/23] Refactor a bit --- validation/local_ping_pong_openssl/src/lib.rs | 114 +++++------------- .../local_ping_pong_openssl/src/net_util.rs | 8 ++ .../src/openssl_util.rs | 41 +++++++ .../src/rustls_util.rs | 64 ++++++++++ 4 files changed, 144 insertions(+), 83 deletions(-) create mode 100644 validation/local_ping_pong_openssl/src/net_util.rs create mode 100644 validation/local_ping_pong_openssl/src/openssl_util.rs create mode 100644 validation/local_ping_pong_openssl/src/rustls_util.rs diff --git a/validation/local_ping_pong_openssl/src/lib.rs b/validation/local_ping_pong_openssl/src/lib.rs index 355f491..cb7b797 100644 --- a/validation/local_ping_pong_openssl/src/lib.rs +++ b/validation/local_ping_pong_openssl/src/lib.rs @@ -1,55 +1,27 @@ +pub mod net_util; +pub mod openssl_util; +pub mod rustls_util; + #[cfg(test)] mod test { - use std::fs::File; - use std::io::{Read, Write}; + use super::*; - use openssl::ssl::{SslFiletype, SslMethod, SslStream}; - use std::net::{TcpListener, TcpStream}; - use std::sync::Arc; + use std::io::{Read, Write}; + use std::path::Path; use std::thread; use std::time::Duration; - use rustls::pki_types::CertificateDer; - use rustls::pki_types::ServerName; - - use rustls_rustcrypto::provider as rustcrypto_provider; - #[test] fn vs_openssl_as_client() { - let listener = TcpListener::bind("127.0.0.1:0").unwrap(); - let server_addr = listener.local_addr().unwrap(); - - let mut ca_pkcs10_file = File::open("certs/ca.rsa4096.crt").unwrap(); - let mut ca_pkcs10_data: Vec = vec![]; - ca_pkcs10_file.read_to_end(&mut ca_pkcs10_data).unwrap(); - let (ca_type_label, ca_data) = pem_rfc7468::decode_vec(&ca_pkcs10_data).unwrap(); - assert_eq!(ca_type_label, "CERTIFICATE"); - let rustls_cert_der: CertificateDer = ca_data.try_into().unwrap(); + let (listener, server_addr) = net_util::new_localhost_tcplistener(); // rustls-rustcrypto Client thread let client_thread = thread::spawn(move || { - let mut root_store = rustls::RootCertStore::empty(); - root_store.add(rustls_cert_der).unwrap(); - - let config = - rustls::ClientConfig::builder_with_provider(Arc::new(rustcrypto_provider())) - .with_safe_default_protocol_versions() - .unwrap() - .with_root_certificates(root_store) - .with_no_client_auth(); - - let mut conn = rustls::ClientConnection::new( - Arc::new(config), - ServerName::try_from("localhost").unwrap(), - ) - .unwrap(); - let mut sock = TcpStream::connect(server_addr).unwrap(); - let mut tls = rustls::Stream::new(&mut conn, &mut sock); + let rustls_client = rustls_util::Client::new("certs/ca.rsa4096.crt", server_addr); + let mut tls = rustls_client.tls; tls.write_all(b"PING\n").unwrap(); - let _ciphersuite = tls.conn.negotiated_cipher_suite().unwrap(); - let mut plaintext = Vec::new(); tls.read_to_end(&mut plaintext).unwrap(); @@ -65,51 +37,27 @@ mod test { // OpenSSL Server Handler let server_thread = thread::spawn(move || { - for stream in listener.incoming() { - match stream { - Ok(stream) => { - let mut ssl_context_build = - openssl::ssl::SslContext::builder(SslMethod::tls_server()).unwrap(); - ssl_context_build.set_verify(openssl::ssl::SslVerifyMode::NONE); - ssl_context_build - .set_ca_file("certs/ca.rsa4096.crt") - .unwrap(); - ssl_context_build - .set_certificate_file( - "certs/rustcryp.to.rsa4096.ca_signed.crt", - SslFiletype::PEM, - ) - .unwrap(); - ssl_context_build - .set_private_key_file("certs/rustcryp.to.rsa4096.key", SslFiletype::PEM) - .unwrap(); - // https://docs.rs/openssl/latest/openssl/ssl/struct.SslContextBuilder.html#method.set_cipher_list - // https://docs.rs/openssl/latest/openssl/ssl/struct.SslContextBuilder.html#method.set_ciphersuites - ssl_context_build.check_private_key().unwrap(); - let ctx = ssl_context_build.build(); - let ssl = openssl::ssl::Ssl::new(&ctx).unwrap(); - - let mut ssl_stream = SslStream::new(ssl, stream).unwrap(); - ssl_stream.accept().unwrap(); - let mut buf_in = vec![0; 1024]; - let siz = ssl_stream.ssl_read(&mut buf_in); - - let incoming = match siz { - Ok(i) => buf_in[0..i].to_vec(), - Err(_e) => panic!("Error reading?"), - }; - - assert_eq!(core::str::from_utf8(&incoming), Ok("PING\n")); - - let out = "PONG\n"; - ssl_stream.write(&out.as_bytes()).unwrap(); - - ssl_stream.shutdown().unwrap(); - } - Err(_) => panic!("Server connection failed"), - } - return; - } + let path_ca_cert = Path::new("certs").join("ca.rsa4096.crt"); + let path_cert = Path::new("certs").join("rustcryp.to.rsa4096.ca_signed.crt"); + let path_key = Path::new("certs").join("rustcryp.to.rsa4096.key"); + + let mut ssl_stream = + openssl_util::accept_next(listener, path_ca_cert, path_cert, path_key); + ssl_stream.accept().unwrap(); + + let mut buf_in = vec![0; 1024]; + let siz = ssl_stream.ssl_read(&mut buf_in); + + let incoming = match siz { + Ok(i) => buf_in[0..i].to_vec(), + Err(_e) => panic!("Error reading?"), + }; + + assert_eq!(core::str::from_utf8(&incoming), Ok("PING\n")); + + let out = "PONG\n"; + ssl_stream.write(&out.as_bytes()).unwrap(); + ssl_stream.shutdown().unwrap(); }); loop { diff --git a/validation/local_ping_pong_openssl/src/net_util.rs b/validation/local_ping_pong_openssl/src/net_util.rs new file mode 100644 index 0000000..c9785e4 --- /dev/null +++ b/validation/local_ping_pong_openssl/src/net_util.rs @@ -0,0 +1,8 @@ +use std::net::{SocketAddr, TcpListener}; + +/// Create a new TcpListener on localhost on random port +pub fn new_localhost_tcplistener() -> (TcpListener, SocketAddr) { + let listener = TcpListener::bind("127.0.0.1:0").unwrap(); + let server_addr = listener.local_addr().unwrap(); + (listener, server_addr) +} diff --git a/validation/local_ping_pong_openssl/src/openssl_util.rs b/validation/local_ping_pong_openssl/src/openssl_util.rs new file mode 100644 index 0000000..404f763 --- /dev/null +++ b/validation/local_ping_pong_openssl/src/openssl_util.rs @@ -0,0 +1,41 @@ +use openssl::ssl::{SslFiletype, SslMethod, SslStream}; +use std::net::{TcpListener, TcpStream}; +use std::path::PathBuf; + +pub fn accept_next( + listener: TcpListener, + path_ca_cert: PathBuf, + path_cert: PathBuf, + path_key: PathBuf, +) -> SslStream { + if let Some(stream) = listener.incoming().next() { + match stream { + Ok(stream) => { + let mut ssl_context_build = + openssl::ssl::SslContext::builder(SslMethod::tls_server()).unwrap(); + ssl_context_build.set_verify(openssl::ssl::SslVerifyMode::NONE); + + ssl_context_build.set_ca_file(path_ca_cert).unwrap(); + ssl_context_build + .set_certificate_file(path_cert, SslFiletype::PEM) + .unwrap(); + + ssl_context_build + .set_private_key_file(path_key, SslFiletype::PEM) + .unwrap(); + // https://docs.rs/openssl/latest/openssl/ssl/struct.SslContextBuilder.html#method.set_cipher_list + // https://docs.rs/openssl/latest/openssl/ssl/struct.SslContextBuilder.html#method.set_ciphersuites + ssl_context_build.check_private_key().unwrap(); + let ctx = ssl_context_build.build(); + let ssl = openssl::ssl::Ssl::new(&ctx).unwrap(); + return SslStream::new(ssl, stream).unwrap(); + //let mut ssl_stream = SslStream::new(ssl, stream).unwrap(); + //ssl_stream.accept().unwrap(); + //return ssl_stream; + } + Err(_) => panic!("Failed OpenSSL accept_next()"), + } + } else { + panic!("No stream."); + } +} diff --git a/validation/local_ping_pong_openssl/src/rustls_util.rs b/validation/local_ping_pong_openssl/src/rustls_util.rs new file mode 100644 index 0000000..cc744d4 --- /dev/null +++ b/validation/local_ping_pong_openssl/src/rustls_util.rs @@ -0,0 +1,64 @@ +use std::fs::File; +use std::io::Read; +use std::net::SocketAddr; +use std::net::TcpStream; +use std::sync::Arc; + +use rustls_rustcrypto::provider as rustcrypto_provider; + +use rustls::RootCertStore; +use rustls::StreamOwned as RustlsStreamOwned; +use rustls::{ClientConfig, ClientConnection}; + +use rustls::pki_types::CertificateDer; +use rustls::pki_types::ServerName; + +/// Read rustls compatible CertificateDer from ca_path +pub fn load_ca_der(ca_path: &str) -> CertificateDer { + let mut ca_pkcs10_file = File::open(ca_path).unwrap(); + let mut ca_pkcs10_data: Vec = vec![]; + ca_pkcs10_file.read_to_end(&mut ca_pkcs10_data).unwrap(); + let (ca_type_label, ca_data) = pem_rfc7468::decode_vec(&ca_pkcs10_data).unwrap(); + assert_eq!(ca_type_label, "CERTIFICATE"); + ca_data.try_into().unwrap() +} + +/// provide rustls roots with pinned CA cert +pub fn roots(ca_pinned: CertificateDer) -> RootCertStore { + let mut roots = rustls::RootCertStore::empty(); + roots.add(ca_pinned).unwrap(); + roots +} + +/// Create new ClientConfig +pub fn rustcrypto_client_config(root_store: RootCertStore) -> ClientConfig { + rustls::ClientConfig::builder_with_provider(Arc::new(rustcrypto_provider())) + .with_safe_default_protocol_versions() + .unwrap() + .with_root_certificates(root_store) + .with_no_client_auth() +} + +#[derive(Debug)] +pub struct Client { + pub tls: RustlsStreamOwned, +} + +impl Client { + pub fn new(ca_pinned: &str, server_addr: SocketAddr) -> Self { + let ca = load_ca_der(ca_pinned); + let roots = roots(ca); + let config = rustcrypto_client_config(roots); + + let conn = rustls::ClientConnection::new( + Arc::new(config), + ServerName::try_from("localhost").unwrap(), + ) + .unwrap(); + + let sock = TcpStream::connect(server_addr).unwrap(); + let tls = rustls::StreamOwned::new(conn, sock); + + Self { tls } + } +} From 5088150e90fea3ac96ccdb92e088c4f6b26cf938 Mon Sep 17 00:00:00 2001 From: pinkforest <36498018+pinkforest@users.noreply.github.com> Date: Sun, 28 Apr 2024 12:31:05 +1000 Subject: [PATCH 07/23] Add fancy README --- validation/local_ping_pong_openssl/README.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 validation/local_ping_pong_openssl/README.md diff --git a/validation/local_ping_pong_openssl/README.md b/validation/local_ping_pong_openssl/README.md new file mode 100644 index 0000000..149470e --- /dev/null +++ b/validation/local_ping_pong_openssl/README.md @@ -0,0 +1,5 @@ +# Validate OpenSSL compatibility + +Test compatibility between rustls-rustcrypto and OpenSSL + +Includes testing against OpenSSL generated certificates and keys From 454d10dc85ad852a8acb8d3e349960dad25b6893 Mon Sep 17 00:00:00 2001 From: pinkforest <36498018+pinkforest@users.noreply.github.com> Date: Sun, 28 Apr 2024 12:40:58 +1000 Subject: [PATCH 08/23] Refactor tinybit --- validation/local_ping_pong_openssl/src/lib.rs | 1 - validation/local_ping_pong_openssl/src/openssl_util.rs | 7 +++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/validation/local_ping_pong_openssl/src/lib.rs b/validation/local_ping_pong_openssl/src/lib.rs index cb7b797..6593e56 100644 --- a/validation/local_ping_pong_openssl/src/lib.rs +++ b/validation/local_ping_pong_openssl/src/lib.rs @@ -43,7 +43,6 @@ mod test { let mut ssl_stream = openssl_util::accept_next(listener, path_ca_cert, path_cert, path_key); - ssl_stream.accept().unwrap(); let mut buf_in = vec![0; 1024]; let siz = ssl_stream.ssl_read(&mut buf_in); diff --git a/validation/local_ping_pong_openssl/src/openssl_util.rs b/validation/local_ping_pong_openssl/src/openssl_util.rs index 404f763..c639a86 100644 --- a/validation/local_ping_pong_openssl/src/openssl_util.rs +++ b/validation/local_ping_pong_openssl/src/openssl_util.rs @@ -28,10 +28,9 @@ pub fn accept_next( ssl_context_build.check_private_key().unwrap(); let ctx = ssl_context_build.build(); let ssl = openssl::ssl::Ssl::new(&ctx).unwrap(); - return SslStream::new(ssl, stream).unwrap(); - //let mut ssl_stream = SslStream::new(ssl, stream).unwrap(); - //ssl_stream.accept().unwrap(); - //return ssl_stream; + let mut ssl_stream = SslStream::new(ssl, stream).unwrap(); + ssl_stream.accept().unwrap(); + return ssl_stream; } Err(_) => panic!("Failed OpenSSL accept_next()"), } From e1189ffd361d600b176e1d59483b6d18ef37f104 Mon Sep 17 00:00:00 2001 From: pinkforest <36498018+pinkforest@users.noreply.github.com> Date: Sun, 28 Apr 2024 13:16:00 +1000 Subject: [PATCH 09/23] More abstract client --- validation/local_ping_pong_openssl/src/lib.rs | 22 ++++++++----------- .../src/rustls_util.rs | 16 ++++++++++---- 2 files changed, 21 insertions(+), 17 deletions(-) diff --git a/validation/local_ping_pong_openssl/src/lib.rs b/validation/local_ping_pong_openssl/src/lib.rs index 6593e56..94f7914 100644 --- a/validation/local_ping_pong_openssl/src/lib.rs +++ b/validation/local_ping_pong_openssl/src/lib.rs @@ -1,6 +1,8 @@ pub mod net_util; pub mod openssl_util; -pub mod rustls_util; + +mod rustls_util; +pub use rustls_util::Client as RustCryptoTlsClient; #[cfg(test)] mod test { @@ -15,27 +17,21 @@ mod test { fn vs_openssl_as_client() { let (listener, server_addr) = net_util::new_localhost_tcplistener(); - // rustls-rustcrypto Client thread + // Client rustls-rustcrypto thread let client_thread = thread::spawn(move || { - let rustls_client = rustls_util::Client::new("certs/ca.rsa4096.crt", server_addr); - - let mut tls = rustls_client.tls; - tls.write_all(b"PING\n").unwrap(); - let _ciphersuite = tls.conn.negotiated_cipher_suite().unwrap(); - let mut plaintext = Vec::new(); - tls.read_to_end(&mut plaintext).unwrap(); - - assert_eq!(core::str::from_utf8(&plaintext), Ok("PONG\n")); - + let mut rustls_client = RustCryptoTlsClient::new("certs/ca.rsa4096.crt", server_addr); + rustls_client.ping(); + assert_eq!(rustls_client.wait_pong(), "PONG\n"); return; }); + // Canary Timeout thread let timeout_thread = thread::spawn(move || { thread::sleep(Duration::from_millis(100)); panic!("timeout"); }); - // OpenSSL Server Handler + // Server OpenSSL thread let server_thread = thread::spawn(move || { let path_ca_cert = Path::new("certs").join("ca.rsa4096.crt"); let path_cert = Path::new("certs").join("rustcryp.to.rsa4096.ca_signed.crt"); diff --git a/validation/local_ping_pong_openssl/src/rustls_util.rs b/validation/local_ping_pong_openssl/src/rustls_util.rs index cc744d4..5f9021c 100644 --- a/validation/local_ping_pong_openssl/src/rustls_util.rs +++ b/validation/local_ping_pong_openssl/src/rustls_util.rs @@ -1,5 +1,5 @@ use std::fs::File; -use std::io::Read; +use std::io::{Read, Write}; use std::net::SocketAddr; use std::net::TcpStream; use std::sync::Arc; @@ -14,7 +14,7 @@ use rustls::pki_types::CertificateDer; use rustls::pki_types::ServerName; /// Read rustls compatible CertificateDer from ca_path -pub fn load_ca_der(ca_path: &str) -> CertificateDer { +fn load_ca_der(ca_path: &str) -> CertificateDer { let mut ca_pkcs10_file = File::open(ca_path).unwrap(); let mut ca_pkcs10_data: Vec = vec![]; ca_pkcs10_file.read_to_end(&mut ca_pkcs10_data).unwrap(); @@ -24,14 +24,14 @@ pub fn load_ca_der(ca_path: &str) -> CertificateDer { } /// provide rustls roots with pinned CA cert -pub fn roots(ca_pinned: CertificateDer) -> RootCertStore { +fn roots(ca_pinned: CertificateDer) -> RootCertStore { let mut roots = rustls::RootCertStore::empty(); roots.add(ca_pinned).unwrap(); roots } /// Create new ClientConfig -pub fn rustcrypto_client_config(root_store: RootCertStore) -> ClientConfig { +fn rustcrypto_client_config(root_store: RootCertStore) -> ClientConfig { rustls::ClientConfig::builder_with_provider(Arc::new(rustcrypto_provider())) .with_safe_default_protocol_versions() .unwrap() @@ -61,4 +61,12 @@ impl Client { Self { tls } } + pub fn ping(&mut self) { + self.tls.write_all(b"PING\n").unwrap() + } + pub fn wait_pong(&mut self) -> String { + let mut plaintext = Vec::new(); + self.tls.read_to_end(&mut plaintext).unwrap(); + String::from_utf8_lossy(&plaintext).to_string() + } } From fb293c74b6d515f82c8f208a21b89ff37afe7cd2 Mon Sep 17 00:00:00 2001 From: pinkforest <36498018+pinkforest@users.noreply.github.com> Date: Sun, 28 Apr 2024 13:20:48 +1000 Subject: [PATCH 10/23] Make CI happy --- validation/local_ping_pong_openssl/src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/validation/local_ping_pong_openssl/src/lib.rs b/validation/local_ping_pong_openssl/src/lib.rs index 94f7914..68b0c26 100644 --- a/validation/local_ping_pong_openssl/src/lib.rs +++ b/validation/local_ping_pong_openssl/src/lib.rs @@ -8,7 +8,7 @@ pub use rustls_util::Client as RustCryptoTlsClient; mod test { use super::*; - use std::io::{Read, Write}; + use std::io::Write; use std::path::Path; use std::thread; use std::time::Duration; From a7de038cce715081ae4439451654ac383965d120 Mon Sep 17 00:00:00 2001 From: pinkforest <36498018+pinkforest@users.noreply.github.com> Date: Sun, 28 Apr 2024 14:00:41 +1000 Subject: [PATCH 11/23] More cleanups --- validation/local_ping_pong_openssl/build.rs | 2 +- validation/local_ping_pong_openssl/src/lib.rs | 37 +++--- .../src/openssl_util.rs | 105 ++++++++++++------ 3 files changed, 88 insertions(+), 56 deletions(-) diff --git a/validation/local_ping_pong_openssl/build.rs b/validation/local_ping_pong_openssl/build.rs index 7a6fb9f..6065074 100644 --- a/validation/local_ping_pong_openssl/build.rs +++ b/validation/local_ping_pong_openssl/build.rs @@ -37,7 +37,7 @@ fn check_gen_certs() { } } - if generate == true { + if generate { Command::new("make") .arg("rsa4096") .current_dir(out_dir) diff --git a/validation/local_ping_pong_openssl/src/lib.rs b/validation/local_ping_pong_openssl/src/lib.rs index 68b0c26..dc4c8f0 100644 --- a/validation/local_ping_pong_openssl/src/lib.rs +++ b/validation/local_ping_pong_openssl/src/lib.rs @@ -8,18 +8,23 @@ pub use rustls_util::Client as RustCryptoTlsClient; mod test { use super::*; - use std::io::Write; use std::path::Path; use std::thread; use std::time::Duration; #[test] fn vs_openssl_as_client() { + const CA_CERT: &'static str = "ca.rsa4096.crt"; + const CERT: &'static str = "rustcryp.to.rsa4096.ca_signed.crt"; + const RSA_KEY: &'static str = "rustcryp.to.rsa4096.key"; + + let path_certs = Path::new("certs"); + let (listener, server_addr) = net_util::new_localhost_tcplistener(); // Client rustls-rustcrypto thread let client_thread = thread::spawn(move || { - let mut rustls_client = RustCryptoTlsClient::new("certs/ca.rsa4096.crt", server_addr); + let mut rustls_client = RustCryptoTlsClient::new(path_certs.join(CA_CERT), server_addr); rustls_client.ping(); assert_eq!(rustls_client.wait_pong(), "PONG\n"); return; @@ -33,26 +38,16 @@ mod test { // Server OpenSSL thread let server_thread = thread::spawn(move || { - let path_ca_cert = Path::new("certs").join("ca.rsa4096.crt"); - let path_cert = Path::new("certs").join("rustcryp.to.rsa4096.ca_signed.crt"); - let path_key = Path::new("certs").join("rustcryp.to.rsa4096.key"); - - let mut ssl_stream = - openssl_util::accept_next(listener, path_ca_cert, path_cert, path_key); - - let mut buf_in = vec![0; 1024]; - let siz = ssl_stream.ssl_read(&mut buf_in); - - let incoming = match siz { - Ok(i) => buf_in[0..i].to_vec(), - Err(_e) => panic!("Error reading?"), - }; - - assert_eq!(core::str::from_utf8(&incoming), Ok("PING\n")); + let mut openssl_server = openssl_util::Server::from_listener(listener); + let mut tls_stream = openssl_server.accept_next( + path_certs.join(CA_CERT), + path_certs.join(CERT), + path_certs.join(RSA_KEY), + ); - let out = "PONG\n"; - ssl_stream.write(&out.as_bytes()).unwrap(); - ssl_stream.shutdown().unwrap(); + assert_eq!(tls_stream.wait_ping(), "PING\n"); + tls_stream.pong(); + tls_stream.shutdown(); }); loop { diff --git a/validation/local_ping_pong_openssl/src/openssl_util.rs b/validation/local_ping_pong_openssl/src/openssl_util.rs index c639a86..6fdadd8 100644 --- a/validation/local_ping_pong_openssl/src/openssl_util.rs +++ b/validation/local_ping_pong_openssl/src/openssl_util.rs @@ -1,40 +1,77 @@ -use openssl::ssl::{SslFiletype, SslMethod, SslStream}; +use std::io::Write; use std::net::{TcpListener, TcpStream}; use std::path::PathBuf; -pub fn accept_next( +use openssl::ssl::{SslFiletype, SslMethod, SslStream}; + +pub struct Server { listener: TcpListener, - path_ca_cert: PathBuf, - path_cert: PathBuf, - path_key: PathBuf, -) -> SslStream { - if let Some(stream) = listener.incoming().next() { - match stream { - Ok(stream) => { - let mut ssl_context_build = - openssl::ssl::SslContext::builder(SslMethod::tls_server()).unwrap(); - ssl_context_build.set_verify(openssl::ssl::SslVerifyMode::NONE); - - ssl_context_build.set_ca_file(path_ca_cert).unwrap(); - ssl_context_build - .set_certificate_file(path_cert, SslFiletype::PEM) - .unwrap(); - - ssl_context_build - .set_private_key_file(path_key, SslFiletype::PEM) - .unwrap(); - // https://docs.rs/openssl/latest/openssl/ssl/struct.SslContextBuilder.html#method.set_cipher_list - // https://docs.rs/openssl/latest/openssl/ssl/struct.SslContextBuilder.html#method.set_ciphersuites - ssl_context_build.check_private_key().unwrap(); - let ctx = ssl_context_build.build(); - let ssl = openssl::ssl::Ssl::new(&ctx).unwrap(); - let mut ssl_stream = SslStream::new(ssl, stream).unwrap(); - ssl_stream.accept().unwrap(); - return ssl_stream; - } - Err(_) => panic!("Failed OpenSSL accept_next()"), - } - } else { - panic!("No stream."); +} + +pub struct TlsStream { + pub stream: SslStream, +} + +impl Server { + pub fn from_listener(listener: TcpListener) -> Self { + Self { listener } + } + pub fn accept_next( + &mut self, + path_ca_cert: PathBuf, + path_cert: PathBuf, + path_key: PathBuf, + ) -> TlsStream { + let stream = match self.listener.incoming().next() { + Some(stream_try) => match stream_try { + Ok(stream) => stream, + Err(_) => panic!("Failed OpenSSL accept_next()"), + }, + None => panic!("No stream?"), + }; + + let mut ssl_context_build = + openssl::ssl::SslContext::builder(SslMethod::tls_server()).unwrap(); + ssl_context_build.set_verify(openssl::ssl::SslVerifyMode::NONE); + + ssl_context_build.set_ca_file(path_ca_cert).unwrap(); + ssl_context_build + .set_certificate_file(path_cert, SslFiletype::PEM) + .unwrap(); + + ssl_context_build + .set_private_key_file(path_key, SslFiletype::PEM) + .unwrap(); + // https://docs.rs/openssl/latest/openssl/ssl/struct.SslContextBuilder.html#method.set_cipher_list + // https://docs.rs/openssl/latest/openssl/ssl/struct.SslContextBuilder.html#method.set_ciphersuites + ssl_context_build.check_private_key().unwrap(); + let ctx = ssl_context_build.build(); + let ssl = openssl::ssl::Ssl::new(&ctx).unwrap(); + let mut ssl_stream = SslStream::new(ssl, stream).unwrap(); + ssl_stream.accept().unwrap(); + TlsStream { stream: ssl_stream } + } +} + +impl TlsStream { + pub fn wait_ping(&mut self) -> String { + let mut buf_in = vec![0; 1024]; + let siz = self.stream.ssl_read(&mut buf_in); + + let incoming = match siz { + Ok(i) => buf_in[0..i].to_vec(), + Err(_e) => panic!("Error reading?"), + }; + + String::from_utf8_lossy(&incoming).to_string() + + //assert_eq!(core::str::from_utf8(&incoming), Ok("PING\n")); + } + pub fn pong(&mut self) { + let out = "PONG\n"; + self.stream.write_all(out.as_bytes()).unwrap(); + } + pub fn shutdown(&mut self) { + self.stream.shutdown().unwrap(); } } From a68e454f101a3935d98b5a4127970a83c93d6739 Mon Sep 17 00:00:00 2001 From: pinkforest <36498018+pinkforest@users.noreply.github.com> Date: Sun, 28 Apr 2024 14:02:38 +1000 Subject: [PATCH 12/23] Tiny nit --- validation/local_ping_pong_openssl/src/lib.rs | 5 +++-- validation/local_ping_pong_openssl/src/rustls_util.rs | 7 ++++--- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/validation/local_ping_pong_openssl/src/lib.rs b/validation/local_ping_pong_openssl/src/lib.rs index dc4c8f0..6a150ad 100644 --- a/validation/local_ping_pong_openssl/src/lib.rs +++ b/validation/local_ping_pong_openssl/src/lib.rs @@ -1,5 +1,6 @@ pub mod net_util; -pub mod openssl_util; +mod openssl_util; +pub use openssl_util::Server as OpenSslServer; mod rustls_util; pub use rustls_util::Client as RustCryptoTlsClient; @@ -38,7 +39,7 @@ mod test { // Server OpenSSL thread let server_thread = thread::spawn(move || { - let mut openssl_server = openssl_util::Server::from_listener(listener); + let mut openssl_server = OpenSslServer::from_listener(listener); let mut tls_stream = openssl_server.accept_next( path_certs.join(CA_CERT), path_certs.join(CERT), diff --git a/validation/local_ping_pong_openssl/src/rustls_util.rs b/validation/local_ping_pong_openssl/src/rustls_util.rs index 5f9021c..919e2ec 100644 --- a/validation/local_ping_pong_openssl/src/rustls_util.rs +++ b/validation/local_ping_pong_openssl/src/rustls_util.rs @@ -2,6 +2,7 @@ use std::fs::File; use std::io::{Read, Write}; use std::net::SocketAddr; use std::net::TcpStream; +use std::path::PathBuf; use std::sync::Arc; use rustls_rustcrypto::provider as rustcrypto_provider; @@ -14,13 +15,13 @@ use rustls::pki_types::CertificateDer; use rustls::pki_types::ServerName; /// Read rustls compatible CertificateDer from ca_path -fn load_ca_der(ca_path: &str) -> CertificateDer { +fn load_ca_der(ca_path: PathBuf) -> CertificateDer<'static> { let mut ca_pkcs10_file = File::open(ca_path).unwrap(); let mut ca_pkcs10_data: Vec = vec![]; ca_pkcs10_file.read_to_end(&mut ca_pkcs10_data).unwrap(); let (ca_type_label, ca_data) = pem_rfc7468::decode_vec(&ca_pkcs10_data).unwrap(); assert_eq!(ca_type_label, "CERTIFICATE"); - ca_data.try_into().unwrap() + ca_data.into() } /// provide rustls roots with pinned CA cert @@ -45,7 +46,7 @@ pub struct Client { } impl Client { - pub fn new(ca_pinned: &str, server_addr: SocketAddr) -> Self { + pub fn new(ca_pinned: PathBuf, server_addr: SocketAddr) -> Self { let ca = load_ca_der(ca_pinned); let roots = roots(ca); let config = rustcrypto_client_config(roots); From cd8221a7d3f2a488b51c88cbe5813e007e419b70 Mon Sep 17 00:00:00 2001 From: pinkforest <36498018+pinkforest@users.noreply.github.com> Date: Sun, 28 Apr 2024 14:10:00 +1000 Subject: [PATCH 13/23] Fix nit --- validation/local_ping_pong_openssl/src/lib.rs | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/validation/local_ping_pong_openssl/src/lib.rs b/validation/local_ping_pong_openssl/src/lib.rs index 6a150ad..7510106 100644 --- a/validation/local_ping_pong_openssl/src/lib.rs +++ b/validation/local_ping_pong_openssl/src/lib.rs @@ -13,12 +13,12 @@ mod test { use std::thread; use std::time::Duration; + const CA_CERT: &'static str = "ca.rsa4096.crt"; + const CERT: &'static str = "rustcryp.to.rsa4096.ca_signed.crt"; + const RSA_KEY: &'static str = "rustcryp.to.rsa4096.key"; + #[test] fn vs_openssl_as_client() { - const CA_CERT: &'static str = "ca.rsa4096.crt"; - const CERT: &'static str = "rustcryp.to.rsa4096.ca_signed.crt"; - const RSA_KEY: &'static str = "rustcryp.to.rsa4096.key"; - let path_certs = Path::new("certs"); let (listener, server_addr) = net_util::new_localhost_tcplistener(); @@ -53,10 +53,11 @@ mod test { loop { thread::sleep(Duration::from_millis(10)); - if client_thread.is_finished() == true && server_thread.is_finished() == true { + + if client_thread.is_finished() && server_thread.is_finished() { break; } - if timeout_thread.is_finished() == true { + if timeout_thread.is_finished() { panic!("TIMEOUT"); } } From cd2e9f963307c54c2763c0fa2da03070f65127f0 Mon Sep 17 00:00:00 2001 From: pinkforest <36498018+pinkforest@users.noreply.github.com> Date: Sun, 28 Apr 2024 14:19:35 +1000 Subject: [PATCH 14/23] One cleanup --- validation/local_ping_pong_openssl/src/openssl_util.rs | 2 -- 1 file changed, 2 deletions(-) diff --git a/validation/local_ping_pong_openssl/src/openssl_util.rs b/validation/local_ping_pong_openssl/src/openssl_util.rs index 6fdadd8..c02588d 100644 --- a/validation/local_ping_pong_openssl/src/openssl_util.rs +++ b/validation/local_ping_pong_openssl/src/openssl_util.rs @@ -64,8 +64,6 @@ impl TlsStream { }; String::from_utf8_lossy(&incoming).to_string() - - //assert_eq!(core::str::from_utf8(&incoming), Ok("PING\n")); } pub fn pong(&mut self) { let out = "PONG\n"; From 1fbf3b72a460778a0c9db44aad4a698883d1886e Mon Sep 17 00:00:00 2001 From: pinkforest <36498018+pinkforest@users.noreply.github.com> Date: Sun, 28 Apr 2024 14:28:18 +1000 Subject: [PATCH 15/23] github CI stuck From aa2ec396767b36cc674f5546f863dfccc31a741e Mon Sep 17 00:00:00 2001 From: pinkforest <36498018+pinkforest@users.noreply.github.com> Date: Sun, 28 Apr 2024 16:28:51 +1000 Subject: [PATCH 16/23] Add cipher suite pinned tests --- validation/local_ping_pong_openssl/src/lib.rs | 83 ++++++++++++++++++- .../src/openssl_util.rs | 49 +++++++++++ 2 files changed, 131 insertions(+), 1 deletion(-) diff --git a/validation/local_ping_pong_openssl/src/lib.rs b/validation/local_ping_pong_openssl/src/lib.rs index 7510106..5ecf735 100644 --- a/validation/local_ping_pong_openssl/src/lib.rs +++ b/validation/local_ping_pong_openssl/src/lib.rs @@ -1,5 +1,6 @@ pub mod net_util; mod openssl_util; +pub use openssl_util::CipherSuites as OpenSslCipherSuites; pub use openssl_util::Server as OpenSslServer; mod rustls_util; @@ -18,7 +19,86 @@ mod test { const RSA_KEY: &'static str = "rustcryp.to.rsa4096.key"; #[test] - fn vs_openssl_as_client() { + fn vs_openssl_as_client_autoneg() { + vs_openssl_as_client(OpenSslCipherSuites::default()); + } + + #[test] + #[should_panic] // No ciphers enabled for max supported SSL/TLS version + fn vs_openssl_as_client_none() { + let cipher_suites = OpenSslCipherSuites { + TLS_AES_128_GCM_SHA256: false, + TLS_AES_256_GCM_SHA384: false, + TLS_CHACHA20_POLY1305_SHA256: false, + TLS_AES_128_CCM_SHA256: false, + TLS_AES_128_CCM_8_SHA256: false, + }; + vs_openssl_as_client(cipher_suites); + } + + #[test] + fn vs_openssl_as_client_gcm_sha256() { + let cipher_suites = OpenSslCipherSuites { + TLS_AES_128_GCM_SHA256: true, + TLS_AES_256_GCM_SHA384: false, + TLS_CHACHA20_POLY1305_SHA256: false, + TLS_AES_128_CCM_SHA256: false, + TLS_AES_128_CCM_8_SHA256: false, + }; + vs_openssl_as_client(cipher_suites); + } + + #[test] + fn vs_openssl_as_client_gcm_sha384() { + let cipher_suites = OpenSslCipherSuites { + TLS_AES_128_GCM_SHA256: false, + TLS_AES_256_GCM_SHA384: true, + TLS_CHACHA20_POLY1305_SHA256: false, + TLS_AES_128_CCM_SHA256: false, + TLS_AES_128_CCM_8_SHA256: false, + }; + vs_openssl_as_client(cipher_suites); + } + + #[test] + fn vs_openssl_as_client_poly1305_sha256() { + let cipher_suites = OpenSslCipherSuites { + TLS_AES_128_GCM_SHA256: false, + TLS_AES_256_GCM_SHA384: false, + TLS_CHACHA20_POLY1305_SHA256: true, + TLS_AES_128_CCM_SHA256: false, + TLS_AES_128_CCM_8_SHA256: false, + }; + vs_openssl_as_client(cipher_suites); + } + + #[test] + #[should_panic] // no_shared_cipher + fn vs_openssl_as_client_ccm_sha256() { + let cipher_suites = OpenSslCipherSuites { + TLS_AES_128_GCM_SHA256: false, + TLS_AES_256_GCM_SHA384: false, + TLS_CHACHA20_POLY1305_SHA256: false, + TLS_AES_128_CCM_SHA256: true, + TLS_AES_128_CCM_8_SHA256: false, + }; + vs_openssl_as_client(cipher_suites); + } + + #[test] + #[should_panic] // no_shared_cipher + fn vs_openssl_as_client_ccm8_sha256() { + let cipher_suites = OpenSslCipherSuites { + TLS_AES_128_GCM_SHA256: false, + TLS_AES_256_GCM_SHA384: false, + TLS_CHACHA20_POLY1305_SHA256: false, + TLS_AES_128_CCM_SHA256: false, + TLS_AES_128_CCM_8_SHA256: true, + }; + vs_openssl_as_client(cipher_suites); + } + + fn vs_openssl_as_client(cipher_suites: OpenSslCipherSuites) { let path_certs = Path::new("certs"); let (listener, server_addr) = net_util::new_localhost_tcplistener(); @@ -41,6 +121,7 @@ mod test { let server_thread = thread::spawn(move || { let mut openssl_server = OpenSslServer::from_listener(listener); let mut tls_stream = openssl_server.accept_next( + cipher_suites, path_certs.join(CA_CERT), path_certs.join(CERT), path_certs.join(RSA_KEY), diff --git a/validation/local_ping_pong_openssl/src/openssl_util.rs b/validation/local_ping_pong_openssl/src/openssl_util.rs index c02588d..56c823f 100644 --- a/validation/local_ping_pong_openssl/src/openssl_util.rs +++ b/validation/local_ping_pong_openssl/src/openssl_util.rs @@ -4,6 +4,50 @@ use std::path::PathBuf; use openssl::ssl::{SslFiletype, SslMethod, SslStream}; +#[derive(Debug)] +#[allow(non_snake_case)] +pub struct CipherSuites { + pub TLS_AES_128_GCM_SHA256: bool, + pub TLS_AES_256_GCM_SHA384: bool, + pub TLS_CHACHA20_POLY1305_SHA256: bool, + pub TLS_AES_128_CCM_SHA256: bool, + pub TLS_AES_128_CCM_8_SHA256: bool, +} + +impl core::fmt::Display for CipherSuites { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> Result<(), core::fmt::Error> { + let mut vec_suites: Vec<&str> = vec![]; + if self.TLS_AES_128_GCM_SHA256 { + vec_suites.push("TLS_AES_128_GCM_SHA256"); + } + if self.TLS_AES_256_GCM_SHA384 { + vec_suites.push("TLS_AES_256_GCM_SHA384"); + } + if self.TLS_CHACHA20_POLY1305_SHA256 { + vec_suites.push("TLS_CHACHA20_POLY1305_SHA256"); + } + if self.TLS_AES_128_CCM_SHA256 { + vec_suites.push("TLS_AES_128_CCM_SHA256"); + } + if self.TLS_AES_128_CCM_8_SHA256 { + vec_suites.push("TLS_AES_128_CCM_8_SHA256"); + } + write!(f, "{}", vec_suites.join(":")) + } +} + +impl Default for CipherSuites { + fn default() -> Self { + CipherSuites { + TLS_AES_128_GCM_SHA256: true, + TLS_AES_256_GCM_SHA384: true, + TLS_CHACHA20_POLY1305_SHA256: true, + TLS_AES_128_CCM_SHA256: true, + TLS_AES_128_CCM_8_SHA256: true, + } + } +} + pub struct Server { listener: TcpListener, } @@ -18,6 +62,7 @@ impl Server { } pub fn accept_next( &mut self, + cipher_suites: CipherSuites, path_ca_cert: PathBuf, path_cert: PathBuf, path_key: PathBuf, @@ -42,6 +87,10 @@ impl Server { ssl_context_build .set_private_key_file(path_key, SslFiletype::PEM) .unwrap(); + + ssl_context_build + .set_ciphersuites(&cipher_suites.to_string()) + .unwrap(); // https://docs.rs/openssl/latest/openssl/ssl/struct.SslContextBuilder.html#method.set_cipher_list // https://docs.rs/openssl/latest/openssl/ssl/struct.SslContextBuilder.html#method.set_ciphersuites ssl_context_build.check_private_key().unwrap(); From c505a432274bebd1955576cb9cd986d4a3d26d3f Mon Sep 17 00:00:00 2001 From: pinkforest <36498018+pinkforest@users.noreply.github.com> Date: Sun, 28 Apr 2024 16:30:51 +1000 Subject: [PATCH 17/23] Set default cipher suites per openssl3 --- validation/local_ping_pong_openssl/src/openssl_util.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/validation/local_ping_pong_openssl/src/openssl_util.rs b/validation/local_ping_pong_openssl/src/openssl_util.rs index 56c823f..ea7711e 100644 --- a/validation/local_ping_pong_openssl/src/openssl_util.rs +++ b/validation/local_ping_pong_openssl/src/openssl_util.rs @@ -10,8 +10,8 @@ pub struct CipherSuites { pub TLS_AES_128_GCM_SHA256: bool, pub TLS_AES_256_GCM_SHA384: bool, pub TLS_CHACHA20_POLY1305_SHA256: bool, - pub TLS_AES_128_CCM_SHA256: bool, - pub TLS_AES_128_CCM_8_SHA256: bool, + pub TLS_AES_128_CCM_SHA256: false, + pub TLS_AES_128_CCM_8_SHA256: false, } impl core::fmt::Display for CipherSuites { From c46cc3316f14b47cd2535e0d686e4af9107a1c84 Mon Sep 17 00:00:00 2001 From: pinkforest <36498018+pinkforest@users.noreply.github.com> Date: Sun, 28 Apr 2024 16:31:15 +1000 Subject: [PATCH 18/23] Set default cipher suites per openssl3 --- validation/local_ping_pong_openssl/src/openssl_util.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/validation/local_ping_pong_openssl/src/openssl_util.rs b/validation/local_ping_pong_openssl/src/openssl_util.rs index ea7711e..12757c8 100644 --- a/validation/local_ping_pong_openssl/src/openssl_util.rs +++ b/validation/local_ping_pong_openssl/src/openssl_util.rs @@ -10,8 +10,8 @@ pub struct CipherSuites { pub TLS_AES_128_GCM_SHA256: bool, pub TLS_AES_256_GCM_SHA384: bool, pub TLS_CHACHA20_POLY1305_SHA256: bool, - pub TLS_AES_128_CCM_SHA256: false, - pub TLS_AES_128_CCM_8_SHA256: false, + pub TLS_AES_128_CCM_SHA256: bool, + pub TLS_AES_128_CCM_8_SHA256: bool, } impl core::fmt::Display for CipherSuites { @@ -42,8 +42,8 @@ impl Default for CipherSuites { TLS_AES_128_GCM_SHA256: true, TLS_AES_256_GCM_SHA384: true, TLS_CHACHA20_POLY1305_SHA256: true, - TLS_AES_128_CCM_SHA256: true, - TLS_AES_128_CCM_8_SHA256: true, + TLS_AES_128_CCM_SHA256: false, + TLS_AES_128_CCM_8_SHA256: false, } } } From f4d2aa984a949f89a21d33d8df570a53550ebe52 Mon Sep 17 00:00:00 2001 From: pinkforest <36498018+pinkforest@users.noreply.github.com> Date: Sun, 28 Apr 2024 17:21:23 +1000 Subject: [PATCH 19/23] Add group tests --- validation/local_ping_pong_openssl/src/lib.rs | 45 ++++++-- .../src/openssl_util.rs | 8 ++ .../src/openssl_util/groups_list.rs | 102 ++++++++++++++++++ 3 files changed, 146 insertions(+), 9 deletions(-) create mode 100644 validation/local_ping_pong_openssl/src/openssl_util/groups_list.rs diff --git a/validation/local_ping_pong_openssl/src/lib.rs b/validation/local_ping_pong_openssl/src/lib.rs index 5ecf735..e6bc7af 100644 --- a/validation/local_ping_pong_openssl/src/lib.rs +++ b/validation/local_ping_pong_openssl/src/lib.rs @@ -1,6 +1,7 @@ pub mod net_util; mod openssl_util; pub use openssl_util::CipherSuites as OpenSslCipherSuites; +pub use openssl_util::GroupsList as OpenSslGroupsList; pub use openssl_util::Server as OpenSslServer; mod rustls_util; @@ -20,7 +21,7 @@ mod test { #[test] fn vs_openssl_as_client_autoneg() { - vs_openssl_as_client(OpenSslCipherSuites::default()); + vs_openssl_as_client(OpenSslGroupsList::default(), OpenSslCipherSuites::default()); } #[test] @@ -33,7 +34,7 @@ mod test { TLS_AES_128_CCM_SHA256: false, TLS_AES_128_CCM_8_SHA256: false, }; - vs_openssl_as_client(cipher_suites); + vs_openssl_as_client(OpenSslGroupsList::default(), cipher_suites); } #[test] @@ -45,7 +46,7 @@ mod test { TLS_AES_128_CCM_SHA256: false, TLS_AES_128_CCM_8_SHA256: false, }; - vs_openssl_as_client(cipher_suites); + vs_openssl_as_client(OpenSslGroupsList::default(), cipher_suites); } #[test] @@ -57,7 +58,7 @@ mod test { TLS_AES_128_CCM_SHA256: false, TLS_AES_128_CCM_8_SHA256: false, }; - vs_openssl_as_client(cipher_suites); + vs_openssl_as_client(OpenSslGroupsList::default(), cipher_suites); } #[test] @@ -69,7 +70,7 @@ mod test { TLS_AES_128_CCM_SHA256: false, TLS_AES_128_CCM_8_SHA256: false, }; - vs_openssl_as_client(cipher_suites); + vs_openssl_as_client(OpenSslGroupsList::default(), cipher_suites); } #[test] @@ -82,7 +83,7 @@ mod test { TLS_AES_128_CCM_SHA256: true, TLS_AES_128_CCM_8_SHA256: false, }; - vs_openssl_as_client(cipher_suites); + vs_openssl_as_client(OpenSslGroupsList::default(), cipher_suites); } #[test] @@ -95,10 +96,35 @@ mod test { TLS_AES_128_CCM_SHA256: false, TLS_AES_128_CCM_8_SHA256: true, }; - vs_openssl_as_client(cipher_suites); + vs_openssl_as_client(OpenSslGroupsList::default(), cipher_suites); } - fn vs_openssl_as_client(cipher_suites: OpenSslCipherSuites) { + #[test] + #[should_panic] + fn vs_openssl_as_client_group_none() { + let mut group_list = OpenSslGroupsList::all_false(); + vs_openssl_as_client(group_list, OpenSslCipherSuites::default()); + } + #[test] + fn vs_openssl_as_client_group_p256() { + let mut group_list = OpenSslGroupsList::all_false(); + group_list.P256 = true; + vs_openssl_as_client(group_list, OpenSslCipherSuites::default()); + } + #[test] + fn vs_openssl_as_client_group_p384() { + let mut group_list = OpenSslGroupsList::all_false(); + group_list.P384 = true; + vs_openssl_as_client(group_list, OpenSslCipherSuites::default()); + } + #[test] + fn vs_openssl_as_client_group_x25519() { + let mut group_list = OpenSslGroupsList::all_false(); + group_list.X25519 = true; + vs_openssl_as_client(group_list, OpenSslCipherSuites::default()); + } + + fn vs_openssl_as_client(groups_list: OpenSslGroupsList, cipher_suites: OpenSslCipherSuites) { let path_certs = Path::new("certs"); let (listener, server_addr) = net_util::new_localhost_tcplistener(); @@ -113,7 +139,7 @@ mod test { // Canary Timeout thread let timeout_thread = thread::spawn(move || { - thread::sleep(Duration::from_millis(100)); + thread::sleep(Duration::from_millis(1_000)); panic!("timeout"); }); @@ -121,6 +147,7 @@ mod test { let server_thread = thread::spawn(move || { let mut openssl_server = OpenSslServer::from_listener(listener); let mut tls_stream = openssl_server.accept_next( + groups_list, cipher_suites, path_certs.join(CA_CERT), path_certs.join(CERT), diff --git a/validation/local_ping_pong_openssl/src/openssl_util.rs b/validation/local_ping_pong_openssl/src/openssl_util.rs index 12757c8..18e5a4f 100644 --- a/validation/local_ping_pong_openssl/src/openssl_util.rs +++ b/validation/local_ping_pong_openssl/src/openssl_util.rs @@ -4,6 +4,9 @@ use std::path::PathBuf; use openssl::ssl::{SslFiletype, SslMethod, SslStream}; +mod groups_list; +pub use groups_list::GroupsList; + #[derive(Debug)] #[allow(non_snake_case)] pub struct CipherSuites { @@ -62,6 +65,7 @@ impl Server { } pub fn accept_next( &mut self, + groups_list: GroupsList, cipher_suites: CipherSuites, path_ca_cert: PathBuf, path_cert: PathBuf, @@ -88,6 +92,10 @@ impl Server { .set_private_key_file(path_key, SslFiletype::PEM) .unwrap(); + ssl_context_build + .set_groups_list(&groups_list.to_string()) + .unwrap(); + ssl_context_build .set_ciphersuites(&cipher_suites.to_string()) .unwrap(); diff --git a/validation/local_ping_pong_openssl/src/openssl_util/groups_list.rs b/validation/local_ping_pong_openssl/src/openssl_util/groups_list.rs new file mode 100644 index 0000000..2d22f63 --- /dev/null +++ b/validation/local_ping_pong_openssl/src/openssl_util/groups_list.rs @@ -0,0 +1,102 @@ +//! Sets the context’s supported elliptic curve groups. +//! https://docs.rs/openssl/latest/openssl/ssl/struct.SslContextBuilder.html#method.set_groups_list +//! https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set1_groups_list.html + +#[derive(Debug)] +#[allow(non_snake_case)] +pub struct GroupsList { + pub P256: bool, + pub P384: bool, + pub X25519: bool, + pub X448: bool, + pub brainpoolP256r1tls13: bool, + pub brainpoolP384r1tls13: bool, + pub brainpoolP512r1tls13: bool, + pub ffdhe2048: bool, + pub ffdhe3072: bool, + pub ffdhe4096: bool, + pub ffdhe6144: bool, + pub ffdhe8192: bool, +} + +impl GroupsList { + pub fn all_false() -> Self { + GroupsList { + P256: false, + P384: false, + X25519: false, + X448: false, + brainpoolP256r1tls13: false, + brainpoolP384r1tls13: false, + brainpoolP512r1tls13: false, + ffdhe2048: false, + ffdhe3072: false, + ffdhe4096: false, + ffdhe6144: false, + ffdhe8192: false, + } + } +} + +impl Default for GroupsList { + fn default() -> Self { + GroupsList { + P256: true, + P384: true, + X25519: true, + X448: false, + brainpoolP256r1tls13: false, + brainpoolP384r1tls13: false, + brainpoolP512r1tls13: false, + ffdhe2048: false, + ffdhe3072: false, + ffdhe4096: false, + ffdhe6144: false, + ffdhe8192: false, + } + } +} + +impl core::fmt::Display for GroupsList { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> Result<(), core::fmt::Error> { + let mut vec_groups: Vec<&str> = vec![]; + + if self.P256 { + vec_groups.push("P-256"); + } + if self.P384 { + vec_groups.push("P-384"); + } + if self.X25519 { + vec_groups.push("X25519"); + } + if self.X448 { + vec_groups.push("X448"); + } + if self.brainpoolP256r1tls13 { + vec_groups.push("brainpoolP256r1tls13"); + } + if self.brainpoolP384r1tls13 { + vec_groups.push("brainpoolP384r1tls13"); + } + if self.brainpoolP512r1tls13 { + vec_groups.push("brainpoolP512r1tls13"); + } + if self.ffdhe2048 { + vec_groups.push("ffdhe2048"); + } + if self.ffdhe3072 { + vec_groups.push("ffdhe3072"); + } + if self.ffdhe4096 { + vec_groups.push("ffdhe4096"); + } + if self.ffdhe6144 { + vec_groups.push("ffdhe6144"); + } + if self.ffdhe8192 { + vec_groups.push("ffdhe8192"); + } + write!(f, "{}", vec_groups.join(":")) + } +} From 7db5e3943055ba1b84c4f1de60527184d17b5c92 Mon Sep 17 00:00:00 2001 From: pinkforest <36498018+pinkforest@users.noreply.github.com> Date: Sun, 28 Apr 2024 17:23:45 +1000 Subject: [PATCH 20/23] Nit --- validation/local_ping_pong_openssl/src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/validation/local_ping_pong_openssl/src/lib.rs b/validation/local_ping_pong_openssl/src/lib.rs index e6bc7af..c83bcfe 100644 --- a/validation/local_ping_pong_openssl/src/lib.rs +++ b/validation/local_ping_pong_openssl/src/lib.rs @@ -102,7 +102,7 @@ mod test { #[test] #[should_panic] fn vs_openssl_as_client_group_none() { - let mut group_list = OpenSslGroupsList::all_false(); + let group_list = OpenSslGroupsList::all_false(); vs_openssl_as_client(group_list, OpenSslCipherSuites::default()); } #[test] From e7213657394a26a8c1c04fb848ce41dc2001746b Mon Sep 17 00:00:00 2001 From: pinkforest <36498018+pinkforest@users.noreply.github.com> Date: Sun, 28 Apr 2024 17:30:31 +1000 Subject: [PATCH 21/23] Refactor cipher_suites off openssl_util.rs --- .../src/openssl_util.rs | 47 ++----------------- .../src/openssl_util/cipher_suites.rs | 43 +++++++++++++++++ 2 files changed, 46 insertions(+), 44 deletions(-) create mode 100644 validation/local_ping_pong_openssl/src/openssl_util/cipher_suites.rs diff --git a/validation/local_ping_pong_openssl/src/openssl_util.rs b/validation/local_ping_pong_openssl/src/openssl_util.rs index 18e5a4f..f08558b 100644 --- a/validation/local_ping_pong_openssl/src/openssl_util.rs +++ b/validation/local_ping_pong_openssl/src/openssl_util.rs @@ -4,52 +4,11 @@ use std::path::PathBuf; use openssl::ssl::{SslFiletype, SslMethod, SslStream}; +mod cipher_suites; mod groups_list; -pub use groups_list::GroupsList; - -#[derive(Debug)] -#[allow(non_snake_case)] -pub struct CipherSuites { - pub TLS_AES_128_GCM_SHA256: bool, - pub TLS_AES_256_GCM_SHA384: bool, - pub TLS_CHACHA20_POLY1305_SHA256: bool, - pub TLS_AES_128_CCM_SHA256: bool, - pub TLS_AES_128_CCM_8_SHA256: bool, -} -impl core::fmt::Display for CipherSuites { - fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> Result<(), core::fmt::Error> { - let mut vec_suites: Vec<&str> = vec![]; - if self.TLS_AES_128_GCM_SHA256 { - vec_suites.push("TLS_AES_128_GCM_SHA256"); - } - if self.TLS_AES_256_GCM_SHA384 { - vec_suites.push("TLS_AES_256_GCM_SHA384"); - } - if self.TLS_CHACHA20_POLY1305_SHA256 { - vec_suites.push("TLS_CHACHA20_POLY1305_SHA256"); - } - if self.TLS_AES_128_CCM_SHA256 { - vec_suites.push("TLS_AES_128_CCM_SHA256"); - } - if self.TLS_AES_128_CCM_8_SHA256 { - vec_suites.push("TLS_AES_128_CCM_8_SHA256"); - } - write!(f, "{}", vec_suites.join(":")) - } -} - -impl Default for CipherSuites { - fn default() -> Self { - CipherSuites { - TLS_AES_128_GCM_SHA256: true, - TLS_AES_256_GCM_SHA384: true, - TLS_CHACHA20_POLY1305_SHA256: true, - TLS_AES_128_CCM_SHA256: false, - TLS_AES_128_CCM_8_SHA256: false, - } - } -} +pub use cipher_suites::CipherSuites; +pub use groups_list::GroupsList; pub struct Server { listener: TcpListener, diff --git a/validation/local_ping_pong_openssl/src/openssl_util/cipher_suites.rs b/validation/local_ping_pong_openssl/src/openssl_util/cipher_suites.rs new file mode 100644 index 0000000..ff30521 --- /dev/null +++ b/validation/local_ping_pong_openssl/src/openssl_util/cipher_suites.rs @@ -0,0 +1,43 @@ +#[derive(Debug)] +#[allow(non_snake_case)] +pub struct CipherSuites { + pub TLS_AES_128_GCM_SHA256: bool, + pub TLS_AES_256_GCM_SHA384: bool, + pub TLS_CHACHA20_POLY1305_SHA256: bool, + pub TLS_AES_128_CCM_SHA256: bool, + pub TLS_AES_128_CCM_8_SHA256: bool, +} + +impl core::fmt::Display for CipherSuites { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> Result<(), core::fmt::Error> { + let mut vec_suites: Vec<&str> = vec![]; + if self.TLS_AES_128_GCM_SHA256 { + vec_suites.push("TLS_AES_128_GCM_SHA256"); + } + if self.TLS_AES_256_GCM_SHA384 { + vec_suites.push("TLS_AES_256_GCM_SHA384"); + } + if self.TLS_CHACHA20_POLY1305_SHA256 { + vec_suites.push("TLS_CHACHA20_POLY1305_SHA256"); + } + if self.TLS_AES_128_CCM_SHA256 { + vec_suites.push("TLS_AES_128_CCM_SHA256"); + } + if self.TLS_AES_128_CCM_8_SHA256 { + vec_suites.push("TLS_AES_128_CCM_8_SHA256"); + } + write!(f, "{}", vec_suites.join(":")) + } +} + +impl Default for CipherSuites { + fn default() -> Self { + CipherSuites { + TLS_AES_128_GCM_SHA256: true, + TLS_AES_256_GCM_SHA384: true, + TLS_CHACHA20_POLY1305_SHA256: true, + TLS_AES_128_CCM_SHA256: false, + TLS_AES_128_CCM_8_SHA256: false, + } + } +} From 4c84cd8d1f1c49e955f8946846bbcc31b7542248 Mon Sep 17 00:00:00 2001 From: pinkforest <36498018+pinkforest@users.noreply.github.com> Date: Sun, 28 Apr 2024 17:48:15 +1000 Subject: [PATCH 22/23] No support for ECDSA P-512 --- validation/local_ping_pong_openssl/src/lib.rs | 7 +++++++ .../src/openssl_util/groups_list.rs | 6 ++++++ 2 files changed, 13 insertions(+) diff --git a/validation/local_ping_pong_openssl/src/lib.rs b/validation/local_ping_pong_openssl/src/lib.rs index c83bcfe..cc16fd7 100644 --- a/validation/local_ping_pong_openssl/src/lib.rs +++ b/validation/local_ping_pong_openssl/src/lib.rs @@ -118,6 +118,13 @@ mod test { vs_openssl_as_client(group_list, OpenSslCipherSuites::default()); } #[test] + #[should_panic] // no support + fn vs_openssl_as_client_group_p521() { + let mut group_list = OpenSslGroupsList::all_false(); + group_list.P521 = true; + vs_openssl_as_client(group_list, OpenSslCipherSuites::default()); + } + #[test] fn vs_openssl_as_client_group_x25519() { let mut group_list = OpenSslGroupsList::all_false(); group_list.X25519 = true; diff --git a/validation/local_ping_pong_openssl/src/openssl_util/groups_list.rs b/validation/local_ping_pong_openssl/src/openssl_util/groups_list.rs index 2d22f63..ffe3c65 100644 --- a/validation/local_ping_pong_openssl/src/openssl_util/groups_list.rs +++ b/validation/local_ping_pong_openssl/src/openssl_util/groups_list.rs @@ -7,6 +7,7 @@ pub struct GroupsList { pub P256: bool, pub P384: bool, + pub P521: bool, pub X25519: bool, pub X448: bool, pub brainpoolP256r1tls13: bool, @@ -24,6 +25,7 @@ impl GroupsList { GroupsList { P256: false, P384: false, + P521: false, X25519: false, X448: false, brainpoolP256r1tls13: false, @@ -43,6 +45,7 @@ impl Default for GroupsList { GroupsList { P256: true, P384: true, + P521: false, X25519: true, X448: false, brainpoolP256r1tls13: false, @@ -67,6 +70,9 @@ impl core::fmt::Display for GroupsList { if self.P384 { vec_groups.push("P-384"); } + if self.P521 { + vec_groups.push("P-521"); + } if self.X25519 { vec_groups.push("X25519"); } From f3cf65f5156f0b7e25ced944243ebbb8207a4573 Mon Sep 17 00:00:00 2001 From: pinkforest <36498018+pinkforest@users.noreply.github.com> Date: Sun, 28 Apr 2024 18:07:25 +1000 Subject: [PATCH 23/23] No support for curve448 --- validation/local_ping_pong_openssl/src/lib.rs | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/validation/local_ping_pong_openssl/src/lib.rs b/validation/local_ping_pong_openssl/src/lib.rs index cc16fd7..e4b659d 100644 --- a/validation/local_ping_pong_openssl/src/lib.rs +++ b/validation/local_ping_pong_openssl/src/lib.rs @@ -130,6 +130,13 @@ mod test { group_list.X25519 = true; vs_openssl_as_client(group_list, OpenSslCipherSuites::default()); } + #[test] + #[should_panic] // no support + fn vs_openssl_as_client_group_x448() { + let mut group_list = OpenSslGroupsList::all_false(); + group_list.X448 = true; + vs_openssl_as_client(group_list, OpenSslCipherSuites::default()); + } fn vs_openssl_as_client(groups_list: OpenSslGroupsList, cipher_suites: OpenSslCipherSuites) { let path_certs = Path::new("certs");