Bump boring to v5, align FIPS to SP 800-52r2, clean up features
- Bump boring/boring-sys from v4 to v5 (zero API breaks) - Merge fips/fips-only into a single fips feature that both enables FIPS-validated BoringSSL and restricts algorithms to SP 800-52r2 - Tighten FIPS KX groups to P-256 and P-384 only (aligned with boring's fips202205 compliance policy) - Remove ECDSA_P521_SHA512 from FIPS signature verification set - Simplify fips feature to forward boring/fips only (drop redundant boring-sys/fips) - Add fips-precompiled as deprecated alias matching boring's naming - Change default features to empty (TLS 1.2 now requires explicit tls12 feature opt-in) - Gate TLS 1.2 code paths properly so the crate compiles and passes tests with default (TLS 1.3 only) features - Update README to reflect current state: boring v5, feature docs, FIPS mode documentation, workspace structure
This commit is contained in:
Jan Rüth
Jan
parent
490340afa7
commit
271acbb315
11 changed files with 273 additions and 77 deletions
73
Readme.md
73
Readme.md
|
|
@ -2,55 +2,60 @@
|
|||
|
||||
[](https://github.com/janrueth/boring-rustls-provider/actions/workflows/ci.yml?query=branch%3Amain)
|
||||
|
||||
This is supposed to be the start to a [boringssl](https://github.com/cloudflare/boring)-based [rustls](https://github.com/rustls/rustls) crypto provider.
|
||||
A [BoringSSL](https://github.com/cloudflare/boring)-based [rustls](https://github.com/rustls/rustls) crypto provider.
|
||||
|
||||
## Status
|
||||
This is just a dump of me figuring out how to interface with boring and rustls.
|
||||
It works to establish a connection and exchange data but I haven't written real tests yet, nor did I cleanup the code or made the effort to make it look nice.
|
||||
There is probably some code in here that should rather live in the `boring` crate.
|
||||
Built on `boring` v5 and `rustls` 0.23.
|
||||
|
||||
Further, the rustls crypto provider API is still not stable it seems. This works currently with `rustls = 0.22.0-alpha.5`.
|
||||
## Features
|
||||
|
||||
### Supported ciphers
|
||||
Currently, supports only TLS 1.3:
|
||||
No features are enabled by default. The provider ships with TLS 1.3 support
|
||||
out of the box; additional capabilities are opt-in.
|
||||
|
||||
| Feature | Description |
|
||||
|---|---|
|
||||
| `fips` | Build against FIPS-validated BoringSSL and restrict the provider to FIPS-approved algorithms only (SP 800-52r2). See [FIPS mode](#fips-mode) below. |
|
||||
| `fips-precompiled` | Deprecated alias for `fips`. Matches the `boring` crate's feature name. |
|
||||
| `tls12` | Enable TLS 1.2 cipher suites (`ECDHE-ECDSA` and `ECDHE-RSA` with AES-GCM and ChaCha20-Poly1305). Without this only TLS 1.3 is available. |
|
||||
| `logging` | Enable debug logging of BoringSSL errors and provider internals via the `log` crate. |
|
||||
|
||||
## Supported Algorithms
|
||||
|
||||
### Cipher Suites
|
||||
|
||||
TLS 1.3 (always available):
|
||||
```
|
||||
AES_128_GCM_SHA256
|
||||
AES_256_GCM_SHA384
|
||||
CHACHA20_POLY1305_SHA256
|
||||
```
|
||||
|
||||
QUIC: not yet supported
|
||||
|
||||
TLS 1.2:
|
||||
TLS 1.2 (requires `tls12` feature):
|
||||
```
|
||||
ECDHE_ECDSA_AES128_GCM_SHA256
|
||||
ECDHE_RSA_AES128_GCM_SHA256
|
||||
|
||||
ECDHE_ECDSA_AES256_GCM_SHA384
|
||||
ECDHE_RSA_AES256_GCM_SHA384
|
||||
|
||||
ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
|
||||
ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
|
||||
```
|
||||
|
||||
### Key Exchange Algorithms
|
||||
|
||||
`ECDHE` with curves:
|
||||
### Key Exchange Groups
|
||||
|
||||
ECDHE:
|
||||
```
|
||||
X25519
|
||||
X448
|
||||
secp256r1
|
||||
secp384r1
|
||||
secp521r1
|
||||
secp256r1 (P-256)
|
||||
secp384r1 (P-384)
|
||||
secp521r1 (P-521)
|
||||
```
|
||||
|
||||
|
||||
`FFDHE` with:
|
||||
FFDHE:
|
||||
```
|
||||
ffdhe2048
|
||||
```
|
||||
|
||||
### Signature Generation / Verification
|
||||
### Signature Algorithms
|
||||
|
||||
```
|
||||
RSA_PKCS1_SHA256
|
||||
|
|
@ -66,6 +71,30 @@ ED25519
|
|||
ED448
|
||||
```
|
||||
|
||||
## FIPS Mode
|
||||
|
||||
When the `fips` feature is enabled the provider builds against a FIPS-validated
|
||||
version of BoringSSL and restricts all algorithm selections to those approved
|
||||
under [SP 800-52r2](https://doi.org/10.6028/NIST.SP.800-52r2), aligned with
|
||||
boring's `fips202205` compliance policy:
|
||||
|
||||
- **Cipher suites**: AES-GCM only (no ChaCha20-Poly1305).
|
||||
- **Key exchange groups**: P-256 and P-384 only (no X25519, X448, P-521, or FFDHE).
|
||||
- **Signature algorithms**: RSA PKCS#1 / PSS and ECDSA with P-256 or P-384 only
|
||||
(no P-521, Ed25519, or Ed448).
|
||||
|
||||
Post-quantum hybrid key exchange (`P256Kyber768Draft00`) is planned for the
|
||||
FIPS group set but not yet implemented.
|
||||
|
||||
## Workspace Structure
|
||||
|
||||
| Crate | Purpose |
|
||||
|---|---|
|
||||
| `boring-rustls-provider` | The main rustls crypto provider. |
|
||||
| `boring-additions` | Safe Rust wrappers for BoringSSL APIs not yet exposed by the `boring` crate (AEAD, EVP_PKEY_CTX, HMAC_CTX). Intended for upstreaming. |
|
||||
| `boring-sys-additions` | Raw FFI binding for `CRYPTO_tls1_prf` (internal BoringSSL symbol used for FIPS-compliant TLS 1.2 PRF). Intended for upstreaming. |
|
||||
| `examples` | Example client binary. |
|
||||
|
||||
## License
|
||||
|
||||
MIT
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue