diff options
author | Daniel McCarney <daniel@binaryparadox.net> | 2024-09-10 09:06:27 -0400 |
---|---|---|
committer | Daniel McCarney <daniel@binaryparadox.net> | 2024-09-10 10:42:01 -0400 |
commit | 7d5ecaf001e095cdf709406a435973fd30c3ead4 (patch) | |
tree | 8be15676fb7104445b0d7a47c05f4a92087a55c6 | |
parent | 803af3e87082177d36b0695a553f09a174297e8c (diff) |
cipher: allow getting the proto of a ciphersuite
This commit adds a `rustls_supported_ciphersuite_protocol_version()` fn
for getting the `rustls_tls_version` IANA registered protocol version
identifier supported by a given `rustls_supported_ciphersuite`. This
avoids downstream users having to use
`rustls_supported_ciphersuite_get_name()` and then matching on the
protocol version prefix in that identifier.
-rw-r--r-- | CHANGELOG.md | 4 | ||||
-rw-r--r-- | src/cipher.rs | 16 | ||||
-rw-r--r-- | src/enums.rs | 20 | ||||
-rw-r--r-- | src/panic.rs | 7 | ||||
-rw-r--r-- | src/rustls.h | 8 |
5 files changed, 53 insertions, 2 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 4c165c4..c9f7fbc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -81,6 +81,10 @@ requirements. a `rustls_client_config_builder` with `rustls_client_config_builder_set_server_verifier()`. +* A new `rustls_supported_ciphersuite_protocol_version()` function was added for + getting the `rustls_tls_version` IANA registered protocol version identifier + supported by a given `rustls_supported_ciphersuite`. + * When using `aws-lc-rs` as the crypto provider, NIST P-521 signatures are now supported. diff --git a/src/cipher.rs b/src/cipher.rs index 0962645..9aef182 100644 --- a/src/cipher.rs +++ b/src/cipher.rs @@ -19,6 +19,7 @@ use rustls_pemfile::{certs, crls}; use webpki::{RevocationCheckDepth, UnknownStatusPolicy}; use crate::crypto_provider::{rustls_crypto_provider, rustls_signing_key}; +use crate::enums::rustls_tls_version; use crate::error::{self, map_error, rustls_result}; use crate::rslice::{rustls_slice_bytes, rustls_str}; use crate::{ @@ -100,6 +101,18 @@ pub extern "C" fn rustls_supported_ciphersuite_get_name( } } +/// Returns the `rustls_tls_version` of the ciphersuite. +/// +/// See also `RUSTLS_ALL_VERSIONS`. +#[no_mangle] +pub extern "C" fn rustls_supported_ciphersuite_protocol_version( + supported_ciphersuite: *const rustls_supported_ciphersuite, +) -> rustls_tls_version { + ffi_panic_boundary! { + rustls_tls_version::from(try_ref_from_ptr!(supported_ciphersuite).version()) + } +} + arc_castable! { /// The complete chain of certificates to send during a TLS handshake, /// plus a private key that matches the end-entity (leaf) certificate. @@ -1162,7 +1175,8 @@ mod tests { let suite = rustls_default_crypto_provider_ciphersuites_get(i); let name = rustls_supported_ciphersuite_get_name(suite); let name = unsafe { name.to_str() }; - println!("{}: {}", i, name); + let proto = rustls_supported_ciphersuite_protocol_version(suite); + println!("{}: {} {:?}", i, name, proto); } } } diff --git a/src/enums.rs b/src/enums.rs index f463ae8..6ab4b13 100644 --- a/src/enums.rs +++ b/src/enums.rs @@ -1,7 +1,11 @@ +use rustls::{ProtocolVersion, SupportedProtocolVersion}; + +#[derive(Debug, Default)] #[repr(C)] -#[allow(dead_code)] /// Definitions of known TLS protocol versions. pub enum rustls_tls_version { + #[default] + Unknown = 0x0000, Sslv2 = 0x0200, Sslv3 = 0x0300, Tlsv1_0 = 0x0301, @@ -10,6 +14,20 @@ pub enum rustls_tls_version { Tlsv1_3 = 0x0304, } +impl From<&SupportedProtocolVersion> for rustls_tls_version { + fn from(version: &SupportedProtocolVersion) -> Self { + match version.version { + ProtocolVersion::SSLv2 => rustls_tls_version::Sslv2, + ProtocolVersion::SSLv3 => rustls_tls_version::Sslv3, + ProtocolVersion::TLSv1_0 => rustls_tls_version::Tlsv1_0, + ProtocolVersion::TLSv1_1 => rustls_tls_version::Tlsv1_1, + ProtocolVersion::TLSv1_2 => rustls_tls_version::Tlsv1_2, + ProtocolVersion::TLSv1_3 => rustls_tls_version::Tlsv1_3, + _ => rustls_tls_version::Unknown, + } + } +} + /// Rustls' list of supported protocol versions. The length of the array is /// given by `RUSTLS_ALL_VERSIONS_LEN`. #[no_mangle] diff --git a/src/panic.rs b/src/panic.rs index 6586609..4b8489c 100644 --- a/src/panic.rs +++ b/src/panic.rs @@ -1,5 +1,6 @@ use libc::EINVAL; +use crate::enums::rustls_tls_version; use crate::error::{rustls_io_result, rustls_result}; use crate::rslice::{rustls_slice_bytes, rustls_str}; @@ -28,9 +29,15 @@ pub(crate) trait NullParameterOrDefault { pub(crate) trait Defaultable: Default {} impl Defaultable for u16 {} + impl Defaultable for usize {} + impl Defaultable for bool {} + impl Defaultable for () {} + +impl Defaultable for rustls_tls_version {} + impl<T> Defaultable for Option<T> {} impl<'a> Defaultable for rustls_slice_bytes<'a> {} diff --git a/src/rustls.h b/src/rustls.h index 207e3ce..47f093d 100644 --- a/src/rustls.h +++ b/src/rustls.h @@ -128,6 +128,7 @@ typedef uint32_t rustls_result; * Definitions of known TLS protocol versions. */ typedef enum rustls_tls_version { + RUSTLS_TLS_VERSION_UNKNOWN = 0, RUSTLS_TLS_VERSION_SSLV2 = 512, RUSTLS_TLS_VERSION_SSLV3 = 768, RUSTLS_TLS_VERSION_TLSV1_0 = 769, @@ -1019,6 +1020,13 @@ uint16_t rustls_supported_ciphersuite_get_suite(const struct rustls_supported_ci struct rustls_str rustls_supported_ciphersuite_get_name(const struct rustls_supported_ciphersuite *supported_ciphersuite); /** + * Returns the `rustls_tls_version` of the ciphersuite. + * + * See also `RUSTLS_ALL_VERSIONS`. + */ +enum rustls_tls_version rustls_supported_ciphersuite_protocol_version(const struct rustls_supported_ciphersuite *supported_ciphersuite); + +/** * Build a `rustls_certified_key` from a certificate chain and a private key * and the default process-wide crypto provider. * |