diff options
author | Joe Birr-Pixton <jpixton@gmail.com> | 2024-08-27 13:17:11 +0100 |
---|---|---|
committer | Joe Birr-Pixton <jpixton@gmail.com> | 2024-09-05 12:59:06 +0000 |
commit | 483fece984484b9023af1d7b8626a025e30c2645 (patch) | |
tree | 905ee78078b6978422888b78709f6e37db4c1852 | |
parent | 97191e057bd178f69bd401a0f40bedeef65d2c58 (diff) |
Deprecate and remove use of `FfdheGroup::from_named_group`
-rw-r--r-- | openssl-tests/src/ffdhe.rs | 12 | ||||
-rw-r--r-- | openssl-tests/src/ffdhe_kx_with_openssl.rs | 5 | ||||
-rw-r--r-- | openssl-tests/src/validate_ffdhe_params.rs | 7 | ||||
-rw-r--r-- | rustls/src/crypto/mod.rs | 2 | ||||
-rw-r--r-- | rustls/src/msgs/ffdhe_groups.rs | 15 | ||||
-rw-r--r-- | rustls/src/msgs/handshake.rs | 2 | ||||
-rw-r--r-- | rustls/tests/api_ffdhe.rs | 34 |
7 files changed, 51 insertions, 26 deletions
diff --git a/openssl-tests/src/ffdhe.rs b/openssl-tests/src/ffdhe.rs index c45f5199..941005b4 100644 --- a/openssl-tests/src/ffdhe.rs +++ b/openssl-tests/src/ffdhe.rs @@ -11,7 +11,7 @@ pub static TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = SupportedCipherSuite::Tls12(&TLS12_DHE_RSA_WITH_AES_128_GCM_SHA256); #[derive(Debug)] -pub struct FfdheKxGroup(pub NamedGroup); +pub struct FfdheKxGroup(pub NamedGroup, pub FfdheGroup<'static>); impl SupportedKxGroup for FfdheKxGroup { fn start(&self) -> Result<Box<dyn ActiveKeyExchange>, rustls::Error> { @@ -21,7 +21,7 @@ impl SupportedKxGroup for FfdheKxGroup { .fill(&mut x)?; let x = BigUint::from_bytes_be(&x); - let group = FfdheGroup::from_named_group(self.0).unwrap(); + let group = self.1; let p = BigUint::from_bytes_be(group.p); let g = BigUint::from_bytes_be(group.g); @@ -37,6 +37,10 @@ impl SupportedKxGroup for FfdheKxGroup { })) } + fn ffdhe_group(&self) -> Option<FfdheGroup<'static>> { + Some(self.1) + } + fn name(&self) -> NamedGroup { self.0 } @@ -76,6 +80,10 @@ impl ActiveKeyExchange for ActiveFfdheKx { &self.x_pub } + fn ffdhe_group(&self) -> Option<FfdheGroup<'static>> { + Some(self.group) + } + fn group(&self) -> NamedGroup { self.named_group } diff --git a/openssl-tests/src/ffdhe_kx_with_openssl.rs b/openssl-tests/src/ffdhe_kx_with_openssl.rs index fe3fe532..89b814ee 100644 --- a/openssl-tests/src/ffdhe_kx_with_openssl.rs +++ b/openssl-tests/src/ffdhe_kx_with_openssl.rs @@ -211,7 +211,10 @@ fn ffdhe_provider() -> CryptoProvider { ffdhe::TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, provider::cipher_suite::TLS13_AES_128_GCM_SHA256, ], - kx_groups: vec![&FfdheKxGroup(rustls::NamedGroup::FFDHE2048)], + kx_groups: vec![&FfdheKxGroup( + rustls::NamedGroup::FFDHE2048, + rustls::ffdhe_groups::FFDHE2048, + )], ..provider::default_provider() } } diff --git a/openssl-tests/src/validate_ffdhe_params.rs b/openssl-tests/src/validate_ffdhe_params.rs index 9b4f292b..e266e5fa 100644 --- a/openssl-tests/src/validate_ffdhe_params.rs +++ b/openssl-tests/src/validate_ffdhe_params.rs @@ -20,10 +20,11 @@ fn ffdhe_params_correct() { fn test_ffdhe_params_correct(group: NamedGroup) { let (p, g) = get_ffdhe_params_from_openssl(group); let openssl_params = FfdheGroup::from_params_trimming_leading_zeros(&p, &g); - let rustls_params = FfdheGroup::from_named_group(group).unwrap(); - assert_eq!(rustls_params.named_group(), Some(group)); + #[allow(deprecated)] + let rustls_params_from_name = FfdheGroup::from_named_group(group).unwrap(); + assert_eq!(rustls_params_from_name.named_group(), Some(group)); - assert_eq!(rustls_params, openssl_params); + assert_eq!(rustls_params_from_name, openssl_params); } /// Get FFDHE parameters `(p, g)` for the given `ffdhe_group` from OpenSSL diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 845f42c4..bb3e501b 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -423,6 +423,7 @@ pub trait SupportedKxGroup: Send + Sync + Debug { /// `rustls::ffdhe_groups` contains suitable values to return from this, /// for example [`rustls::ffdhe_groups::FFDHE2048`][crate::ffdhe_groups::FFDHE2048]. fn ffdhe_group(&self) -> Option<FfdheGroup<'static>> { + #[allow(deprecated)] FfdheGroup::from_named_group(self.name()) } @@ -517,6 +518,7 @@ pub trait ActiveKeyExchange: Send + Sync { /// `rustls::ffdhe_groups` contains suitable values to return from this, /// for example [`rustls::ffdhe_groups::FFDHE2048`][crate::ffdhe_groups::FFDHE2048]. fn ffdhe_group(&self) -> Option<FfdheGroup<'static>> { + #[allow(deprecated)] FfdheGroup::from_named_group(self.group()) } diff --git a/rustls/src/msgs/ffdhe_groups.rs b/rustls/src/msgs/ffdhe_groups.rs index 7194fdff..7b0975db 100644 --- a/rustls/src/msgs/ffdhe_groups.rs +++ b/rustls/src/msgs/ffdhe_groups.rs @@ -13,6 +13,10 @@ pub struct FfdheGroup<'a> { impl FfdheGroup<'static> { /// Return the `FfdheGroup` corresponding to the provided `NamedGroup` /// if it is indeed an FFDHE group + #[deprecated( + since = "0.23.13", + note = "This function is linker-unfriendly. Use `SupportedKxGroup::ffdhe_group()` instead" + )] pub fn from_named_group(named_group: NamedGroup) -> Option<Self> { match named_group { NamedGroup::FFDHE2048 => Some(FFDHE2048), @@ -306,11 +310,10 @@ fn named_group_ffdhe_group_roundtrip() { use NamedGroup::*; let ffdhe_groups = [FFDHE2048, FFDHE3072, FFDHE4096, FFDHE6144, FFDHE8192]; for g in ffdhe_groups { - assert_eq!( - FfdheGroup::from_named_group(g) - .unwrap() - .named_group(), - Some(g) - ); + #[allow(deprecated)] + let roundtrip = FfdheGroup::from_named_group(g) + .unwrap() + .named_group(); + assert_eq!(roundtrip, Some(g)); } } diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 17b8a0bb..5807f443 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1866,7 +1866,7 @@ pub(crate) struct ServerDhParams { impl ServerDhParams { #[cfg(feature = "tls12")] pub(crate) fn new(kx: &dyn ActiveKeyExchange) -> Self { - let params = match FfdheGroup::from_named_group(kx.group()) { + let params = match kx.ffdhe_group() { Some(params) => params, None => panic!("invalid NamedGroup for DHE key exchange: {:?}", kx.group()), }; diff --git a/rustls/tests/api_ffdhe.rs b/rustls/tests/api_ffdhe.rs index 5b7c2d01..ddfcbb75 100644 --- a/rustls/tests/api_ffdhe.rs +++ b/rustls/tests/api_ffdhe.rs @@ -150,10 +150,7 @@ fn server_avoids_dhe_cipher_suites_when_client_has_no_known_dhe_in_groups_ext() ffdhe::TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, provider::cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, ], - kx_groups: vec![ - &ffdhe::FfdheKxGroup(NamedGroup::FFDHE4096), - provider::kx_group::SECP256R1, - ], + kx_groups: vec![&ffdhe::FFDHE4096_KX_GROUP, provider::kx_group::SECP256R1], ..provider::default_provider() } .into(), @@ -369,7 +366,7 @@ mod ffdhe { SupportedKxGroup, }; use rustls::ffdhe_groups::FfdheGroup; - use rustls::{CipherSuite, NamedGroup, SupportedCipherSuite, Tls12CipherSuite}; + use rustls::{ffdhe_groups, CipherSuite, NamedGroup, SupportedCipherSuite, Tls12CipherSuite}; use super::provider; @@ -384,8 +381,12 @@ mod ffdhe { static FFDHE_KX_GROUPS: &[&dyn SupportedKxGroup] = &[&FFDHE2048_KX_GROUP, &FFDHE3072_KX_GROUP]; - pub const FFDHE2048_KX_GROUP: FfdheKxGroup = FfdheKxGroup(NamedGroup::FFDHE2048); - pub const FFDHE3072_KX_GROUP: FfdheKxGroup = FfdheKxGroup(NamedGroup::FFDHE3072); + pub const FFDHE2048_KX_GROUP: FfdheKxGroup = + FfdheKxGroup(NamedGroup::FFDHE2048, ffdhe_groups::FFDHE2048); + pub const FFDHE3072_KX_GROUP: FfdheKxGroup = + FfdheKxGroup(NamedGroup::FFDHE3072, ffdhe_groups::FFDHE3072); + pub const FFDHE4096_KX_GROUP: FfdheKxGroup = + FfdheKxGroup(NamedGroup::FFDHE4096, ffdhe_groups::FFDHE4096); static FFDHE_CIPHER_SUITES: &[rustls::SupportedCipherSuite] = &[ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, @@ -410,7 +411,7 @@ mod ffdhe { }; #[derive(Debug)] - pub struct FfdheKxGroup(pub NamedGroup); + pub struct FfdheKxGroup(pub NamedGroup, pub FfdheGroup<'static>); impl SupportedKxGroup for FfdheKxGroup { fn start(&self) -> Result<Box<dyn ActiveKeyExchange>, rustls::Error> { @@ -420,22 +421,25 @@ mod ffdhe { .fill(&mut x)?; let x = BigUint::from_bytes_be(&x); - let group = FfdheGroup::from_named_group(self.0).unwrap(); - let p = BigUint::from_bytes_be(group.p); - let g = BigUint::from_bytes_be(group.g); + let p = BigUint::from_bytes_be(self.1.p); + let g = BigUint::from_bytes_be(self.1.g); let x_pub = g.modpow(&x, &p); - let x_pub = to_bytes_be_with_len(x_pub, group.p.len()); + let x_pub = to_bytes_be_with_len(x_pub, self.1.p.len()); Ok(Box::new(ActiveFfdheKx { x_pub, x, p, - group, + group: self.1, named_group: self.0, })) } + fn ffdhe_group(&self) -> Option<FfdheGroup<'static>> { + Some(self.1) + } + fn name(&self) -> NamedGroup { self.0 } @@ -462,6 +466,10 @@ mod ffdhe { &self.x_pub } + fn ffdhe_group(&self) -> Option<FfdheGroup<'static>> { + Some(self.group) + } + fn group(&self) -> NamedGroup { self.named_group } |