tuxmain/rust-rpxy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: initial support for X25519Kyber768Draft00 PQC

Browse source
This commit is contained in:
Jun Kurihara 2024-10-31 18:21:04 +09:00
commit a887750075
No known key found for this signature in database
GPG key ID: D992B3E3DE1DED23
8 changed files with 37 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

6
rpxy-acme/Cargo.toml
View file

@ -10,6 +10,9 @@ readme.workspace = true
edition.workspace = true edition.workspace = true
publish.workspace = true publish.workspace = true
[features]
post-quantum = ["rustls-post-quantum"]
[dependencies] [dependencies]
url = { version = "2.5.2" } url = { version = "2.5.2" }
rustc-hash = "2.0.0" rustc-hash = "2.0.0"
@ -21,7 +24,7 @@ aws-lc-rs = { version = "1.10.0", default-features = false, features = [
"aws-lc-sys", "aws-lc-sys",
] } ] }
blocking = "1.6.1" blocking = "1.6.1"
rustls = { version = "0.23.15", default-features = false, features = [ rustls = { version = "0.23.16", default-features = false, features = [
"std", "std",
"aws_lc_rs", "aws_lc_rs",
] } ] }
@ -29,6 +32,7 @@ rustls-platform-verifier = { version = "0.3.4" }
rustls-acme = { path = "../submodules/rustls-acme/", default-features = false, features = [ rustls-acme = { path = "../submodules/rustls-acme/", default-features = false, features = [
"aws-lc-rs", "aws-lc-rs",
] } ] }
rustls-post-quantum = { version = "0.1.0", optional = true }
tokio = { version = "1.41.0", default-features = false } tokio = { version = "1.41.0", default-features = false }
tokio-util = { version = "0.7.12", default-features = false } tokio-util = { version = "0.7.12", default-features = false }
tokio-stream = { version = "0.1.16", default-features = false } tokio-stream = { version = "0.1.16", default-features = false }

3
rpxy-acme/src/manager.rs
View file

@ -37,8 +37,11 @@ impl AcmeManager {
domains: &[String], domains: &[String],
runtime_handle: Handle, runtime_handle: Handle,
) -> Result<Self, RpxyAcmeError> { ) -> Result<Self, RpxyAcmeError> {
#[cfg(not(feature = "post-quantum"))]
// Install aws_lc_rs as default crypto provider for rustls // Install aws_lc_rs as default crypto provider for rustls
let _ = rustls::crypto::CryptoProvider::install_default(rustls::crypto::aws_lc_rs::default_provider()); let _ = rustls::crypto::CryptoProvider::install_default(rustls::crypto::aws_lc_rs::default_provider());
#[cfg(feature = "post-quantum")]
let _ = rustls::crypto::CryptoProvider::install_default(rustls_post_quantum::provider());
let acme_registry_dir = acme_registry_dir let acme_registry_dir = acme_registry_dir
.map(|v| v.to_ascii_lowercase()) .map(|v| v.to_ascii_lowercase())

7
rpxy-bin/Cargo.toml
View file

@ -13,7 +13,9 @@ publish.workspace = true
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[features] [features]
default = ["http3-quinn", "cache", "rustls-backend", "acme"] default = ["http3-quinn", "cache", "rustls-backend", "acme", "post-quantum"]
# default = ["http3-s2n", "cache", "rustls-backend", "acme", "post-quantum"]
# default = ["http3-quinn", "cache", "rustls-backend", "acme"]
# default = ["http3-s2n", "cache", "rustls-backend", "acme"] # default = ["http3-s2n", "cache", "rustls-backend", "acme"]
http3-quinn = ["rpxy-lib/http3-quinn"] http3-quinn = ["rpxy-lib/http3-quinn"]
http3-s2n = ["rpxy-lib/http3-s2n"] http3-s2n = ["rpxy-lib/http3-s2n"]
@ -22,6 +24,7 @@ rustls-backend = ["rpxy-lib/rustls-backend"]
webpki-roots = ["rpxy-lib/webpki-roots"] webpki-roots = ["rpxy-lib/webpki-roots"]
cache = ["rpxy-lib/cache"] cache = ["rpxy-lib/cache"]
acme = ["rpxy-lib/acme", "rpxy-acme"] acme = ["rpxy-lib/acme", "rpxy-acme"]
post-quantum = ["rpxy-lib/post-quantum"]
[dependencies] [dependencies]
rpxy-lib = { path = "../rpxy-lib/", default-features = false, features = [ rpxy-lib = { path = "../rpxy-lib/", default-features = false, features = [
@ -31,7 +34,7 @@ rpxy-lib = { path = "../rpxy-lib/", default-features = false, features = [
mimalloc = { version = "*", default-features = false } mimalloc = { version = "*", default-features = false }
anyhow = "1.0.91" anyhow = "1.0.91"
rustc-hash = "2.0.0" rustc-hash = "2.0.0"
serde = { version = "1.0.213", default-features = false, features = ["derive"] } serde = { version = "1.0.214", default-features = false, features = ["derive"] }
tokio = { version = "1.41.0", default-features = false, features = [ tokio = { version = "1.41.0", default-features = false, features = [
"net", "net",
"rt-multi-thread", "rt-multi-thread",

4
rpxy-certs/Cargo.toml
View file

@ -12,6 +12,7 @@ publish.workspace = true
[features] [features]
default = ["http3"] default = ["http3"]
post-quantum = ["rustls-post-quantum"]
http3 = [] http3 = []
[dependencies] [dependencies]
@ -21,7 +22,7 @@ derive_builder = { version = "0.20.2" }
thiserror = { version = "1.0.65" } thiserror = { version = "1.0.65" }
hot_reload = { version = "0.1.6" } hot_reload = { version = "0.1.6" }
async-trait = { version = "0.1.83" } async-trait = { version = "0.1.83" }
rustls = { version = "0.23.15", default-features = false, features = [ rustls = { version = "0.23.16", default-features = false, features = [
"std", "std",
"aws_lc_rs", "aws_lc_rs",
] } ] }
@ -30,6 +31,7 @@ rustls-webpki = { version = "0.102.8", default-features = false, features = [
"std", "std",
"aws_lc_rs", "aws_lc_rs",
] } ] }
rustls-post-quantum = { version = "0.1.0", optional = true }
x509-parser = { version = "0.16.0" } x509-parser = { version = "0.16.0" }
[dev-dependencies] [dev-dependencies]

7
rpxy-certs/src/lib.rs
View file

@ -12,7 +12,7 @@ mod log {
use crate::{error::*, log::*, reloader_service::DynCryptoSource}; use crate::{error::*, log::*, reloader_service::DynCryptoSource};
use hot_reload::{ReloaderReceiver, ReloaderService}; use hot_reload::{ReloaderReceiver, ReloaderService};
use rustc_hash::FxHashMap as HashMap; use rustc_hash::FxHashMap as HashMap;
use rustls::crypto::{aws_lc_rs, CryptoProvider}; use rustls::crypto::CryptoProvider;
use std::sync::Arc; use std::sync::Arc;
/* ------------------------------------------------ */ /* ------------------------------------------------ */
@ -44,8 +44,11 @@ where
T: CryptoSource<Error = RpxyCertError> + Send + Sync + Clone + 'static, T: CryptoSource<Error = RpxyCertError> + Send + Sync + Clone + 'static,
{ {
info!("Building certificate reloader service"); info!("Building certificate reloader service");
#[cfg(not(feature = "post-quantum"))]
// Install aws_lc_rs as default crypto provider for rustls // Install aws_lc_rs as default crypto provider for rustls
let _ = CryptoProvider::install_default(aws_lc_rs::default_provider()); let _ = CryptoProvider::install_default(rustls::crypto::aws_lc_rs::default_provider());
#[cfg(feature = "post-quantum")]
let _ = CryptoProvider::install_default(rustls_post_quantum::provider());
let source = crypto_source_map let source = crypto_source_map
.iter() .iter()

3
rpxy-certs/src/server_crypto.rs
View file

@ -179,7 +179,10 @@ mod tests {
#[tokio::test] #[tokio::test]
async fn test_server_crypto_base_try_into() { async fn test_server_crypto_base_try_into() {
#[cfg(not(feature = "post-quantum"))]
let _ = CryptoProvider::install_default(rustls::crypto::aws_lc_rs::default_provider()); let _ = CryptoProvider::install_default(rustls::crypto::aws_lc_rs::default_provider());
#[cfg(feature = "post-quantum")]
let _ = CryptoProvider::install_default(rustls_post_quantum::provider());
let mut server_crypto_base = ServerCryptoBase::default(); let mut server_crypto_base = ServerCryptoBase::default();

10
rpxy-lib/Cargo.toml
View file

@ -28,6 +28,11 @@ native-tls-backend = ["hyper-tls"]
rustls-backend = ["hyper-rustls"] rustls-backend = ["hyper-rustls"]
webpki-roots = ["rustls-backend", "hyper-rustls/webpki-tokio"] webpki-roots = ["rustls-backend", "hyper-rustls/webpki-tokio"]
acme = ["dep:rpxy-acme"] acme = ["dep:rpxy-acme"]
post-quantum = [
"rustls-post-quantum",
"rpxy-acme/post-quantum",
"rpxy-certs/post-quantum",
]
[dependencies] [dependencies]
rand = "0.8.5" rand = "0.8.5"
@ -55,7 +60,7 @@ thiserror = "1.0.65"
http = "1.1.0" http = "1.1.0"
http-body-util = "0.1.2" http-body-util = "0.1.2"
hyper = { version = "1.5.0", default-features = false } hyper = { version = "1.5.0", default-features = false }
hyper-util = { version = "0.1.9", features = ["full"] } hyper-util = { version = "0.1.10", features = ["full"] }
futures-util = { version = "0.3.31", default-features = false } futures-util = { version = "0.3.31", default-features = false }
futures-channel = { version = "0.3.31", default-features = false } futures-channel = { version = "0.3.31", default-features = false }
@ -74,7 +79,8 @@ hyper-rustls = { version = "0.27.3", default-features = false, features = [
# tls and cert management for server # tls and cert management for server
rpxy-certs = { path = "../rpxy-certs/", default-features = false } rpxy-certs = { path = "../rpxy-certs/", default-features = false }
hot_reload = "0.1.6" hot_reload = "0.1.6"
rustls = { version = "0.23.15", default-features = false } rustls = { version = "0.23.16", default-features = false }
rustls-post-quantum = { version = "0.1.0", optional = true }
tokio-rustls = { version = "0.26.0", features = ["early-data"] } tokio-rustls = { version = "0.26.0", features = ["early-data"] }
# acme # acme

7
rpxy-lib/src/lib.rs
View file

@ -22,7 +22,7 @@ use crate::{
use futures::future::join_all; use futures::future::join_all;
use hot_reload::ReloaderReceiver; use hot_reload::ReloaderReceiver;
use rpxy_certs::ServerCryptoBase; use rpxy_certs::ServerCryptoBase;
use rustls::crypto::{aws_lc_rs, CryptoProvider}; use rustls::crypto::CryptoProvider;
use std::sync::Arc; use std::sync::Arc;
use tokio_util::sync::CancellationToken; use tokio_util::sync::CancellationToken;
@ -101,8 +101,11 @@ pub async fn entrypoint(
info!("Cache is disabled") info!("Cache is disabled")
} }
#[cfg(not(feature = "post-quantum"))]
// Install aws_lc_rs as default crypto provider for rustls // Install aws_lc_rs as default crypto provider for rustls
let _ = CryptoProvider::install_default(aws_lc_rs::default_provider()); let _ = CryptoProvider::install_default(rustls::crypto::aws_lc_rs::default_provider());
#[cfg(feature = "post-quantum")]
let _ = CryptoProvider::install_default(rustls_post_quantum::provider());
// 1. build backends, and make it contained in Arc // 1. build backends, and make it contained in Arc
let app_manager = Arc::new(backend::BackendAppManager::try_from(app_config_list)?); let app_manager = Arc::new(backend::BackendAppManager::try_from(app_config_list)?);