Merge branch 'client_hello_callback' of github.com:icing/crustls into client_hello_callback_update_base

Author: jsha

.github/workflows/test.yaml

@@ -18,3 +18,9 @@ jobs:
       - uses: actions/checkout@v2
       - run: make src/crustls.h
       - run: git diff
+
+  cargo-fmt:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - run: cargo fmt -- --check

CONTRIBUTING.md

@@ -0,0 +1,16 @@
+# Contributing
+
+Welcome to crustls! We're excited to work with you. If you've got a big chunk of
+work that you'd like to do, please file an issue before starting on the code, so
+we can get on the same page. If you've just got a small tweak, it's fine to send
+a PR without filing an issue first.
+
+After you've sent a PR, we ask that you don't rebase, squash, or force push your
+branch. This makes it easier to see changes as your PR evolves. Once we approve
+your PR, we will squash it into a single commit, with the summary line set to
+the summary of your PR, and the description set to the description of your PR.
+That way we maintain a linear git history, where each commit corresponds to a
+fully reviewed PR that passed tests.
+
+Check out README.md if you haven't already to find the conventions we follow.
+All code must be rustfmt'ed, which we enforce in CI.

README.md

@@ -142,10 +142,10 @@ If you have a single site and one certificate, you can preconfigure the `rustls_
 
 If you need to support multiple `rustls_server_config`s on the same connection endpoint, you can start the connection with a default `rustls_server_config` and register a client hello callback. The callback inspects the SNI/ALPN/cipher values announced by the client and selects the appropriate configuration to use.
 
-When your callback returns, the handshake of `rustls` will fail, as no certifcate was configured. This will be noticeable as an error returned from `rustls_server_session_write_tls()`. You can then free this session
+When your callback returns, the handshake of `rustls` will fail, as no certificate was configured. This will be noticeable as an error returned from `rustls_server_session_write_tls()`. You can then free this session
 and create the one with the correct setting for the domain chosen.
 
-For this to work, your connection needs ot buffer the initial data from the client, so these bytes can be 
+For this to work, your connection needs to buffer the initial data from the client, so these bytes can be 
 replayed to the second session you use. Do not write any data back to the client while your are
 in the initial session. The client hellos are usually only a few hundred bytes.
 

src/base.rs

@@ -121,7 +121,18 @@ pub struct rustls_vec_ushort {
     len: size_t,
 }
 
-impl From<&Vec<u16>> for rustls_vec_ushort {
+impl<'a> From<&'a [u16]> for rustls_vec_ushort {
+    fn from(values: &[u16]) -> Self {
+        rustls_vec_ushort {
+            data: values.as_ptr(),
+            len: values.len(),
+        }
+    }
+}
+
+// Should not be necessary, according to:
+// https://github.com/abetterinternet/crustls/pull/50#discussion_r578720430
+impl<'a> From<&'a Vec<u16>> for rustls_vec_ushort {
     fn from(values: &Vec<u16>) -> Self {
         rustls_vec_ushort {
             data: values.as_ptr(),

src/cipher.rs

@@ -1,10 +1,21 @@
 use std::{cmp::min, slice};
 
-use crate::{ffi_panic_boundary_generic, ffi_panic_boundary_unit};
+use crate::error::rustls_result;
+use crate::{
+    ffi_panic_boundary, ffi_panic_boundary_generic, ffi_panic_boundary_unit, try_ref_from_ptr,
+};
 use libc::{c_char, size_t};
+use std::io::Cursor;
 use std::os::raw::c_ushort;
+use std::sync::Arc;
 
-/// All SignatureScheme currently defines in rustls.
+use rustls::{Certificate, PrivateKey};
+use rustls_pemfile::{certs, pkcs8_private_keys, rsa_private_keys};
+
+use rustls::sign::CertifiedKey;
+use rustls_result::NullParameter;
+
+/// All SignatureScheme currently defined in rustls.
 /// At the moment not exposed by rustls itself.
 #[no_mangle]
 pub(crate) static ALL_SIGNATURE_SCHEMES: &[rustls::SignatureScheme] = &[
@@ -81,3 +92,110 @@ pub extern "C" fn rustls_cipher_get_signature_scheme_name(
         }
     }
 }
+
+/// The complete chain of certificates plus private key for
+/// being certified against someones list of trust anchors (commonly
+/// called root store). Corresponds to `CertifiedKey` in the Rust API.
+pub struct rustls_cipher_certified_key {
+    // We use the opaque struct pattern to tell C about our types without
+    // telling them what's inside.
+    // https://doc.rust-lang.org/nomicon/ffi.html#representing-opaque-structs
+    _private: [u8; 0],
+}
+
+#[no_mangle]
+pub extern "C" fn rustls_cipher_certified_key_build(
+    cert_chain: *const u8,
+    cert_chain_len: size_t,
+    private_key: *const u8,
+    private_key_len: size_t,
+    certified_key_out: *mut *const rustls_cipher_certified_key,
+) -> rustls_result {
+    ffi_panic_boundary! {
+        let certified_key = match certified_key_build(
+            cert_chain, cert_chain_len, private_key, private_key_len) {
+            Ok(key) => Box::new(key),
+            Err(rr) => return rr,
+        };
+        unsafe {
+            *certified_key_out = Arc::into_raw(Arc::new(*certified_key)) as *const _;
+        }
+        return rustls_result::Ok
+    }
+}
+
+/// "Free" a certified_key previously returned from
+/// rustls_cipher_certified_key_build. Since certified_key is actually an
+/// atomically reference-counted pointer, extant certified_key may still
+/// hold an internal reference to the Rust object. However, C code must
+/// consider this pointer unusable after "free"ing it.
+/// Calling with NULL is fine. Must not be called twice with the same value.
+#[no_mangle]
+pub extern "C" fn rustls_cipher_certified_key_free(config: *const rustls_cipher_certified_key) {
+    ffi_panic_boundary_unit! {
+        let key: &CertifiedKey = try_ref_from_ptr!(config, &mut CertifiedKey, ());
+        // To free the certified_key, we reconstruct the Arc. It should have a refcount of 1,
+        // representing the C code's copy. When it drops, that refcount will go down to 0
+        // and the inner ServerConfig will be dropped.
+        let arc: Arc<CertifiedKey> = unsafe { Arc::from_raw(key) };
+        let strong_count = Arc::strong_count(&arc);
+        if strong_count < 1 {
+            eprintln!(
+                "rustls_cipher_certified_key_free: invariant failed: arc.strong_count was < 1: {}. \
+                You must not free the same certified_key multiple times.",
+                strong_count
+            );
+        }
+    }
+}
+
+pub(crate) fn certified_key_build(
+    cert_chain: *const u8,
+    cert_chain_len: size_t,
+    private_key: *const u8,
+    private_key_len: size_t,
+) -> Result<CertifiedKey, rustls_result> {
+    let mut cert_chain: &[u8] = unsafe {
+        if cert_chain.is_null() {
+            return Err(NullParameter);
+        }
+        slice::from_raw_parts(cert_chain, cert_chain_len as usize)
+    };
+    let private_key: &[u8] = unsafe {
+        if private_key.is_null() {
+            return Err(NullParameter);
+        }
+        slice::from_raw_parts(private_key, private_key_len as usize)
+    };
+    let mut private_keys: Vec<Vec<u8>> = match pkcs8_private_keys(&mut Cursor::new(private_key)) {
+        Ok(v) => v,
+        Err(_) => return Err(rustls_result::PrivateKeyParseError),
+    };
+    let private_key: PrivateKey = match private_keys.pop() {
+        Some(p) => PrivateKey(p),
+        None => {
+            private_keys = match rsa_private_keys(&mut Cursor::new(private_key)) {
+                Ok(v) => v,
+                Err(_) => return Err(rustls_result::PrivateKeyParseError),
+            };
+            let rsa_private_key: PrivateKey = match private_keys.pop() {
+                Some(p) => PrivateKey(p),
+                None => return Err(rustls_result::PrivateKeyParseError),
+            };
+            rsa_private_key
+        }
+    };
+    let signing_key = match rustls::sign::any_supported_type(&private_key) {
+        Ok(key) => key,
+        Err(_) => return Err(rustls_result::PrivateKeyParseError),
+    };
+    let parsed_chain: Vec<Certificate> = match certs(&mut cert_chain) {
+        Ok(v) => v.into_iter().map(Certificate).collect(),
+        Err(_) => return Err(rustls_result::CertificateParseError),
+    };
+
+    Ok(rustls::sign::CertifiedKey::new(
+        parsed_chain,
+        Arc::new(signing_key),
+    ))
+}

src/client.rs

@@ -25,7 +25,6 @@ use rustls_result::NullParameter;
 /// for concurrent mutation. Under the hood, it corresponds to a
 /// Box<ClientConfig>.
 /// https://docs.rs/rustls/0.19.0/rustls/struct.ClientConfig.html
-#[allow(non_camel_case_types)]
 pub struct rustls_client_config_builder {
     // We use the opaque struct pattern to tell C about our types without
     // telling them what's inside.
@@ -36,15 +35,13 @@ pub struct rustls_client_config_builder {
 /// A client config that is done being constructed and is now read-only.
 /// Under the hood, this object corresponds to an Arc<ClientConfig>.
 /// https://docs.rs/rustls/0.19.0/rustls/struct.ClientConfig.html
-#[allow(non_camel_case_types)]
 pub struct rustls_client_config {
     // We use the opaque struct pattern to tell C about our types without
     // telling them what's inside.
     // https://doc.rust-lang.org/nomicon/ffi.html#representing-opaque-structs
     _private: [u8; 0],
 }
 
-#[allow(non_camel_case_types)]
 pub struct rustls_client_session {
     _private: [u8; 0],
 }

src/crustls.h

@@ -89,6 +89,13 @@ typedef enum rustls_result {
   RUSTLS_RESULT_CERT_SCT_UNKNOWN_LOG = 7323,
 } rustls_result;
 
+/**
+ * The complete chain of certificates plus private key for
+ * being certified against someones list of trust anchors (commonly
+ * called root store). Corresponds to `CertifiedKey` in the Rust API.
+ */
+typedef struct rustls_cipher_certified_key rustls_cipher_certified_key;
+
 /**
  * A client config that is done being constructed and is now read-only.
  * Under the hood, this object corresponds to an Arc<ClientConfig>.
@@ -221,6 +228,22 @@ typedef struct rustls_client_hello {
   struct rustls_vec_slice_bytes alpn;
 } rustls_client_hello;
 
+/**
+ * Prototype of a callback that can be installed by the application at the
+ * `rustls_server_config`. This callback will be invoked by a `rustls_server_session`
+ * once the TLS client hello message has been received.
+ * `userdata` will be supplied as provided when registering the callback.
+ * `hello`gives the value of the available client announcements, as interpreted
+ * by rustls. See the definition of `rustls_client_hello` for details.
+ *
+ * NOTE: the passed in `hello` and all its values are only availabe during the
+ * callback invocations.
+ *
+ * EXPERIMENTAL: this feature of crustls is likely to change in the future, as
+ * the rustls library is re-evaluating their current approach to client hello handling.
+ */
+typedef const struct rustls_cipher_certified_key *(*rustls_client_hello_callback)(rustls_client_hello_userdata userdata, const struct rustls_client_hello *hello);
+
 /**
  * Write the version of the crustls C bindings and rustls itself into the
  * provided buffer, up to a max of `len` bytes. Output is UTF-8 encoded
@@ -243,6 +266,22 @@ void rustls_cipher_get_signature_scheme_name(unsigned short scheme,
                                              size_t len,
                                              size_t *out_n);
 
+enum rustls_result rustls_cipher_certified_key_build(const uint8_t *cert_chain,
+                                                     size_t cert_chain_len,
+                                                     const uint8_t *private_key,
+                                                     size_t private_key_len,
+                                                     const struct rustls_cipher_certified_key **certified_key_out);
+
+/**
+ * "Free" a certified_key previously returned from
+ * rustls_cipher_certified_key_build. Since certified_key is actually an
+ * atomically reference-counted pointer, extant certified_key may still
+ * hold an internal reference to the Rust object. However, C code must
+ * consider this pointer unusable after "free"ing it.
+ * Calling with NULL is fine. Must not be called twice with the same value.
+ */
+void rustls_cipher_certified_key_free(const struct rustls_cipher_certified_key *config);
+
 /**
  * Create a rustls_client_config_builder. Caller owns the memory and must
  * eventually call rustls_client_config_builder_build, then free the
@@ -403,13 +442,36 @@ enum rustls_result rustls_server_config_builder_set_ignore_client_order(struct r
  * first.
  * private_key must point to a byte array of length private_key_len containing
  * a private key in PEM-encoded PKCS#8 or PKCS#1 format.
+ *
+ * EXPERIMENTAL: installing a client_hello callback will replace any
+ * configured certified keys and vice versa. Same holds true for the
+ * set_single_cert variant.
  */
 enum rustls_result rustls_server_config_builder_set_single_cert_pem(struct rustls_server_config_builder *builder,
                                                                     const uint8_t *cert_chain,
                                                                     size_t cert_chain_len,
                                                                     const uint8_t *private_key,
                                                                     size_t private_key_len);
 
+/**
+ * Provide the configuration a list of certificates where the session
+ * will select the first one that is compatible with the client's signing
+ * capabilities. Servers that want to support ECDSA and RSA certificates
+ * will want the ECSDA to go first in the list.
+ *
+ * The built configuration will keep a reference to all certified keys
+ * provided. The client may `rustls_cipher_certified_key_free()` afterwards
+ * without the configuration losing them. The same certified key may also
+ * be appear in multiple configs.
+ *
+ * EXPERIMENTAL: installing a client_hello callback will replace any
+ * configured certified keys and vice versa. Same holds true for the
+ * set_single_cert variant.
+ */
+enum rustls_result rustls_server_config_builder_set_certified_keys(struct rustls_server_config_builder *builder,
+                                                                   const struct rustls_cipher_certified_key *const *certified_keys,
+                                                                   size_t certified_keys_len);
+
 /**
  * Turn a *rustls_server_config_builder (mutable) into a *rustls_server_config
  * (read-only).
@@ -534,9 +596,11 @@ enum rustls_result rustls_server_session_get_sni_hostname(const struct rustls_se
  *
  * EXPERIMENTAL: this feature of crustls is likely to change in the future, as
  * the rustls library is re-evaluating their current approach to client hello handling.
+ * Installing a client_hello callback will replace any configured certified keys
+ * and vice versa. Same holds true for the set_single_cert variant.
  */
 enum rustls_result rustls_server_config_builder_set_hello_callback(struct rustls_server_config_builder *builder,
-                                                                   void (*callback)(rustls_client_hello_userdata userdata, const struct rustls_client_hello *hello),
+                                                                   rustls_client_hello_callback callback,
                                                                    rustls_client_hello_userdata userdata);
 
 #endif /* CRUSTLS_H */

src/error.rs

@@ -45,7 +45,6 @@ pub extern "C" fn rustls_result_is_cert_error(result: rustls_result) -> bool {
     }
 }
 
-#[allow(non_camel_case_types)]
 #[repr(C)]
 pub enum rustls_result {
     Ok = 7000,

src/lib.rs

@@ -1,4 +1,5 @@
 #![crate_type = "staticlib"]
+#![allow(non_camel_case_types)]
 use libc::{c_char, size_t};
 use std::{cmp::min, sync::Arc};
 use std::{mem, slice};

src/main.c

@@ -80,7 +80,7 @@ const char *ws_strerror (int err)
  * we finish or hit an error. Assumes fd is blocking and therefore doesn't
  * handle EAGAIN. Returns 0 for success or 1 for error.
  *
- * For Windsock we cannot use a socket-fd in write().
+ * For Winsock we cannot use a socket-fd in write().
  * Call send() if fd > STDOUT_FILENO.
  */
 int