tuxmain/rust-rpxy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Graviola
Some checks failed
Unit Test / test (push) Has been cancelled
Details
ShiftLeft Scan / Scan-Build (push) Has been cancelled
Details

Browse source
This commit is contained in:
Pascal Engélibert 2026-01-20 09:31:06 +01:00
commit 73b07b52d5
4 changed files with 231 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

175
Cargo.lock generated
View file

@ -677,6 +677,17 @@ version = "0.8.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b"
[[package]]
name = "core-models"
version = "0.0.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0940496e5c83c54f3b753d5317daec82e8edac71c33aaa1f666d76f518de2444"
dependencies = [
"hax-lib",
"pastey",
"rand 0.9.2",
]
[[package]]
name = "cpufeatures"
version = "0.2.17"
@ -1263,6 +1274,16 @@ version = "0.3.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0cc23270f6e1808e30a928bdc84dea0b9b4136a8bc82338574f23baf47bbd280"
[[package]]
name = "graviola"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b1662fcff7237fbe8c91ff2800fcce9435af25b7f0cb580f5679b31c3a1f1e7a"
dependencies = [
"cfg-if",
"getrandom 0.3.3",
]
[[package]]
name = "group"
version = "0.13.0"
@ -1350,6 +1371,43 @@ dependencies = [
"foldhash 0.2.0",
]
[[package]]
name = "hax-lib"
version = "0.3.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "74d9ba66d1739c68e0219b2b2238b5c4145f491ebf181b9c6ab561a19352ae86"
dependencies = [
"hax-lib-macros",
"num-bigint",
"num-traits",
]
[[package]]
name = "hax-lib-macros"
version = "0.3.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "24ba777a231a58d1bce1d68313fa6b6afcc7966adef23d60f45b8a2b9b688bf1"
dependencies = [
"hax-lib-macros-types",
"proc-macro-error2",
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "hax-lib-macros-types"
version = "0.3.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "867e19177d7425140b417cd27c2e05320e727ee682e98368f88b7194e80ad515"
dependencies = [
"proc-macro2",
"quote",
"serde",
"serde_json",
"uuid",
]
[[package]]
name = "hermit-abi"
version = "0.5.2"
@ -1787,6 +1845,70 @@ version = "0.2.177"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2874a2af47a2325c2001a6e6fad9b16a53b802102b528163885171cf92b15976"
[[package]]
name = "libcrux-intrinsics"
version = "0.0.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bc9ee7ef66569dd7516454fe26de4e401c0c62073929803486b96744594b9632"
dependencies = [
"core-models",
"hax-lib",
]
[[package]]
name = "libcrux-ml-kem"
version = "0.0.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4bb6a88086bf11bd2ec90926c749c4a427f2e59841437dbdede8cde8a96334ab"
dependencies = [
"hax-lib",
"libcrux-intrinsics",
"libcrux-platform",
"libcrux-secrets",
"libcrux-sha3",
"libcrux-traits",
]
[[package]]
name = "libcrux-platform"
version = "0.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "db82d058aa76ea315a3b2092f69dfbd67ddb0e462038a206e1dcd73f058c0778"
dependencies = [
"libc",
]
[[package]]
name = "libcrux-secrets"
version = "0.0.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6e4dbbf6bc9f2bc0f20dc3bea3e5c99adff3bdccf6d2a40488963da69e2ec307"
dependencies = [
"hax-lib",
]
[[package]]
name = "libcrux-sha3"
version = "0.0.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2400bec764d1c75b8a496d5747cffe32f1fb864a12577f0aca2f55a92021c962"
dependencies = [
"hax-lib",
"libcrux-intrinsics",
"libcrux-platform",
"libcrux-traits",
]
[[package]]
name = "libcrux-traits"
version = "0.0.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9adfd58e79d860f6b9e40e35127bfae9e5bd3ade33201d1347459011a2add034"
dependencies = [
"libcrux-secrets",
"rand 0.9.2",
]
[[package]]
name = "libloading"
version = "0.8.8"
@ -2120,6 +2242,12 @@ version = "2.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f38d5652c16fde515bb1ecef450ab0f6a219d619a7274976324d5e377f7dceba"
[[package]]
name = "pastey"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "35fb2e5f958ec131621fdd531e9fc186ed768cbe395337403ae56c17a74c68ec"
[[package]]
name = "pem"
version = "3.0.6"
@ -2245,6 +2373,28 @@ dependencies = [
"syn",
]
[[package]]
name = "proc-macro-error-attr2"
version = "2.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "96de42df36bb9bba5542fe9f1a054b8cc87e172759a1868aa05c1f3acc89dfc5"
dependencies = [
"proc-macro2",
"quote",
]
[[package]]
name = "proc-macro-error2"
version = "2.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "11ec05c52be0a07b08061f7dd003e7d7092e0472bc731b4af7bb1ef876109802"
dependencies = [
"proc-macro-error-attr2",
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "proc-macro2"
version = "1.0.101"
@ -2602,6 +2752,7 @@ dependencies = [
"rpxy-acme",
"rpxy-certs",
"rustls",
"rustls-graviola",
"rustls-openssl",
"rustls-post-quantum",
"rustls-symcrypt",
@ -2713,6 +2864,17 @@ dependencies = [
"x509-parser",
]
[[package]]
name = "rustls-graviola"
version = "0.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e81f0f2005bfba00e8088f9cb75f4b3ce3f2a31aebfaeed0b2cc05e13d01ce06"
dependencies = [
"graviola",
"libcrux-ml-kem",
"rustls",
]
[[package]]
name = "rustls-native-certs"
version = "0.8.1"
@ -2774,7 +2936,7 @@ dependencies = [
"security-framework 3.5.1",
"security-framework-sys",
"webpki-root-certs",
"windows-sys 0.52.0",
"windows-sys 0.59.0",
]
[[package]]
@ -3702,6 +3864,17 @@ version = "0.2.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821"
[[package]]
name = "uuid"
version = "1.19.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e2e054861b4bd027cd373e18e8d8d8e6548085000e41290d95ce0c373a654b4a"
dependencies = [
"getrandom 0.3.3",
"js-sys",
"wasm-bindgen",
]
[[package]]
name = "valuable"
version = "0.1.1"

1
rpxy-bin/Cargo.toml
View file

@ -33,6 +33,7 @@ default = [
provider-aws-lc-rs = ["rpxy-lib/rustls-backend-aws-lc-rs"]
provider-aws-lc-pq = ["rpxy-lib/rustls-backend-aws-lc-pq", "rpxy-lib/post-quantum"]
provider-boring = ["rpxy-lib/rustls-backend-boring"]
provider-graviola = ["rpxy-lib/rustls-backend-graviola"]
provider-openssl = ["rpxy-lib/rustls-backend-openssl"]
provider-ring = ["rpxy-lib/rustls-backend-ring"]
provider-symcrypt = ["rpxy-lib/rustls-backend-symcrypt"]

2
rpxy-lib/Cargo.toml
View file

@ -31,6 +31,7 @@ rustls-backend = ["hyper-rustls"]
rustls-backend-aws-lc-rs = ["hyper-rustls/aws-lc-rs"]
rustls-backend-aws-lc-pq = ["hyper-rustls/aws-lc-rs", "post-quantum"]
rustls-backend-boring = ["hyper-rustls/aws-lc-rs", "boring-rustls-provider"]
rustls-backend-graviola = ["hyper-rustls/aws-lc-rs", "rustls-graviola"]
rustls-backend-openssl = ["hyper-rustls/aws-lc-rs", "rustls-openssl"]
rustls-backend-ring = ["hyper-rustls/ring"]
rustls-backend-symcrypt = ["hyper-rustls/aws-lc-rs", "rustls-symcrypt"]
@ -91,6 +92,7 @@ rpxy-certs = { path = "../rpxy-certs/", default-features = false }
hot_reload = "0.2.0"
rustls = { version = "0.23.32", default-features = false, features = ["std"] }
boring-rustls-provider = { git = "https://github.com/janrueth/boring-rustls-provider.git", rev = "490340afa77e2c08fc45853124f99d49f4f9f8a0", optional = true }
rustls-graviola = { version = "0.3.2", optional = true }
rustls-openssl = { version = "0.3.0", default-features = false, features = ["tls12"], optional = true }
rustls-post-quantum = { version = "0.2.4", optional = true }
rustls-symcrypt = { version = "0.2.1", optional = true, features = ["chacha", "x25519"] }

54
rpxy-lib/src/lib.rs
View file

@ -283,6 +283,60 @@ pub async fn entrypoint(
_provider = CryptoProvider::install_default(prov);
}
#[cfg(feature = "rustls-backend-graviola")]
{
info!("Using RusTLS provider graviola");
let mut prov = rustls_graviola::default_provider();
if let Some(ciphers) = ciphers {
prov.cipher_suites.clear();
for cipher in ciphers {
match cipher.as_str() {
"AES_256_GCM_SHA384" => prov.cipher_suites.push(rustls_graviola::suites::TLS13_AES_256_GCM_SHA384),
"AES_128_GCM_SHA256" => prov.cipher_suites.push(rustls_graviola::suites::TLS13_AES_128_GCM_SHA256),
"CHACHA20_POLY1305_SHA256" => prov
.cipher_suites
.push(rustls_graviola::suites::TLS13_CHACHA20_POLY1305_SHA256),
"ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" => prov
.cipher_suites
.push(rustls_graviola::suites::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384),
"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" => prov
.cipher_suites
.push(rustls_graviola::suites::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256),
"ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" => prov
.cipher_suites
.push(rustls_graviola::suites::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256),
"ECDHE_RSA_WITH_AES_256_GCM_SHA384" => prov
.cipher_suites
.push(rustls_graviola::suites::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384),
"ECDHE_RSA_WITH_AES_128_GCM_SHA256" => prov
.cipher_suites
.push(rustls_graviola::suites::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256),
"ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" => prov
.cipher_suites
.push(rustls_graviola::suites::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256),
other => {
log::error!("Unknown cipher `{other}`")
}
}
}
}
if let Some(kexes) = kexes {
prov.kx_groups.clear();
for kex in kexes {
match kex.as_str() {
"X25519" => prov.kx_groups.push(&rustls_graviola::kx::X25519),
"SECP256R1" => prov.kx_groups.push(&rustls_graviola::kx::P256),
"SECP384R1" => prov.kx_groups.push(&rustls_graviola::kx::P384),
"X25519MLKEM768" => prov.kx_groups.push(rustls_graviola::kx::X25519MLKEM768),
other => {
log::error!("Unknown kex `{other}`")
}
}
}
}
_provider = CryptoProvider::install_default(prov);
}
#[cfg(feature = "rustls-backend-openssl")]
{
info!("Using RusTLS provider openssl");