rustls/crypto/aws_lc_rs/
mod.rs

1use alloc::vec::Vec;
2
3// aws-lc-rs has a -- roughly -- ring-compatible API, so we just reuse all that
4// glue here.  The shared files should always use `super::ring_like` to access a
5// ring-compatible crate, and `super::ring_shim` to bridge the gaps where they are
6// small.
7pub(crate) use aws_lc_rs as ring_like;
8use pki_types::PrivateKeyDer;
9use webpki::aws_lc_rs as webpki_algs;
10
11use crate::crypto::{CryptoProvider, KeyProvider, SecureRandom, SupportedKxGroup};
12use crate::enums::SignatureScheme;
13use crate::rand::GetRandomFailed;
14use crate::sign::SigningKey;
15use crate::suites::SupportedCipherSuite;
16use crate::sync::Arc;
17use crate::webpki::WebPkiSupportedAlgorithms;
18use crate::{Error, OtherError};
19
20/// Hybrid public key encryption (HPKE).
21pub mod hpke;
22/// Post-quantum secure algorithms.
23pub(crate) mod pq;
24/// Using software keys for authentication.
25pub mod sign;
26
27#[path = "../ring/hash.rs"]
28pub(crate) mod hash;
29#[path = "../ring/hmac.rs"]
30pub(crate) mod hmac;
31#[path = "../ring/kx.rs"]
32pub(crate) mod kx;
33#[path = "../ring/quic.rs"]
34pub(crate) mod quic;
35#[cfg(feature = "std")]
36pub(crate) mod ticketer;
37#[cfg(feature = "tls12")]
38pub(crate) mod tls12;
39pub(crate) mod tls13;
40
41/// A `CryptoProvider` backed by aws-lc-rs.
42pub fn default_provider() -> CryptoProvider {
43    CryptoProvider {
44        cipher_suites: DEFAULT_CIPHER_SUITES.to_vec(),
45        kx_groups: default_kx_groups(),
46        signature_verification_algorithms: SUPPORTED_SIG_ALGS,
47        secure_random: &AwsLcRs,
48        key_provider: &AwsLcRs,
49    }
50}
51
52fn default_kx_groups() -> Vec<&'static dyn SupportedKxGroup> {
53    #[cfg(feature = "fips")]
54    {
55        DEFAULT_KX_GROUPS
56            .iter()
57            .filter(|cs| cs.fips())
58            .copied()
59            .collect()
60    }
61    #[cfg(not(feature = "fips"))]
62    {
63        DEFAULT_KX_GROUPS.to_vec()
64    }
65}
66
67#[derive(Debug)]
68struct AwsLcRs;
69
70impl SecureRandom for AwsLcRs {
71    fn fill(&self, buf: &mut [u8]) -> Result<(), GetRandomFailed> {
72        use ring_like::rand::SecureRandom;
73
74        ring_like::rand::SystemRandom::new()
75            .fill(buf)
76            .map_err(|_| GetRandomFailed)
77    }
78
79    fn fips(&self) -> bool {
80        fips()
81    }
82}
83
84impl KeyProvider for AwsLcRs {
85    fn load_private_key(
86        &self,
87        key_der: PrivateKeyDer<'static>,
88    ) -> Result<Arc<dyn SigningKey>, Error> {
89        sign::any_supported_type(&key_der)
90    }
91
92    fn fips(&self) -> bool {
93        fips()
94    }
95}
96
97/// The cipher suite configuration that an application should use by default.
98///
99/// This will be [`ALL_CIPHER_SUITES`] sans any supported cipher suites that
100/// shouldn't be enabled by most applications.
101pub static DEFAULT_CIPHER_SUITES: &[SupportedCipherSuite] = &[
102    // TLS1.3 suites
103    tls13::TLS13_AES_256_GCM_SHA384,
104    tls13::TLS13_AES_128_GCM_SHA256,
105    #[cfg(not(feature = "fips"))]
106    tls13::TLS13_CHACHA20_POLY1305_SHA256,
107    // TLS1.2 suites
108    #[cfg(feature = "tls12")]
109    tls12::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
110    #[cfg(feature = "tls12")]
111    tls12::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
112    #[cfg(all(feature = "tls12", not(feature = "fips")))]
113    tls12::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
114    #[cfg(feature = "tls12")]
115    tls12::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
116    #[cfg(feature = "tls12")]
117    tls12::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
118    #[cfg(all(feature = "tls12", not(feature = "fips")))]
119    tls12::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
120];
121
122/// A list of all the cipher suites supported by the rustls aws-lc-rs provider.
123pub static ALL_CIPHER_SUITES: &[SupportedCipherSuite] = &[
124    // TLS1.3 suites
125    tls13::TLS13_AES_256_GCM_SHA384,
126    tls13::TLS13_AES_128_GCM_SHA256,
127    tls13::TLS13_CHACHA20_POLY1305_SHA256,
128    // TLS1.2 suites
129    #[cfg(feature = "tls12")]
130    tls12::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
131    #[cfg(feature = "tls12")]
132    tls12::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
133    #[cfg(feature = "tls12")]
134    tls12::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
135    #[cfg(feature = "tls12")]
136    tls12::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
137    #[cfg(feature = "tls12")]
138    tls12::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
139    #[cfg(feature = "tls12")]
140    tls12::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
141];
142
143/// All defined cipher suites supported by aws-lc-rs appear in this module.
144pub mod cipher_suite {
145    #[cfg(feature = "tls12")]
146    pub use super::tls12::{
147        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
148        TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
149        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
150    };
151    pub use super::tls13::{
152        TLS13_AES_128_GCM_SHA256, TLS13_AES_256_GCM_SHA384, TLS13_CHACHA20_POLY1305_SHA256,
153    };
154}
155
156/// A `WebPkiSupportedAlgorithms` value that reflects webpki's capabilities when
157/// compiled against aws-lc-rs.
158static SUPPORTED_SIG_ALGS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms {
159    all: &[
160        webpki_algs::ECDSA_P256_SHA256,
161        webpki_algs::ECDSA_P256_SHA384,
162        webpki_algs::ECDSA_P256_SHA512,
163        webpki_algs::ECDSA_P384_SHA256,
164        webpki_algs::ECDSA_P384_SHA384,
165        webpki_algs::ECDSA_P384_SHA512,
166        webpki_algs::ECDSA_P521_SHA256,
167        webpki_algs::ECDSA_P521_SHA384,
168        webpki_algs::ECDSA_P521_SHA512,
169        webpki_algs::ED25519,
170        webpki_algs::RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
171        webpki_algs::RSA_PSS_2048_8192_SHA384_LEGACY_KEY,
172        webpki_algs::RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
173        webpki_algs::RSA_PKCS1_2048_8192_SHA256,
174        webpki_algs::RSA_PKCS1_2048_8192_SHA384,
175        webpki_algs::RSA_PKCS1_2048_8192_SHA512,
176        webpki_algs::RSA_PKCS1_2048_8192_SHA256_ABSENT_PARAMS,
177        webpki_algs::RSA_PKCS1_2048_8192_SHA384_ABSENT_PARAMS,
178        webpki_algs::RSA_PKCS1_2048_8192_SHA512_ABSENT_PARAMS,
179    ],
180    mapping: &[
181        // Note: for TLS1.2 the curve is not fixed by SignatureScheme. For TLS1.3 it is.
182        (
183            SignatureScheme::ECDSA_NISTP384_SHA384,
184            &[
185                webpki_algs::ECDSA_P384_SHA384,
186                webpki_algs::ECDSA_P256_SHA384,
187                webpki_algs::ECDSA_P521_SHA384,
188            ],
189        ),
190        (
191            SignatureScheme::ECDSA_NISTP256_SHA256,
192            &[
193                webpki_algs::ECDSA_P256_SHA256,
194                webpki_algs::ECDSA_P384_SHA256,
195                webpki_algs::ECDSA_P521_SHA256,
196            ],
197        ),
198        (
199            SignatureScheme::ECDSA_NISTP521_SHA512,
200            &[
201                webpki_algs::ECDSA_P521_SHA512,
202                webpki_algs::ECDSA_P384_SHA512,
203                webpki_algs::ECDSA_P256_SHA512,
204            ],
205        ),
206        (SignatureScheme::ED25519, &[webpki_algs::ED25519]),
207        (
208            SignatureScheme::RSA_PSS_SHA512,
209            &[webpki_algs::RSA_PSS_2048_8192_SHA512_LEGACY_KEY],
210        ),
211        (
212            SignatureScheme::RSA_PSS_SHA384,
213            &[webpki_algs::RSA_PSS_2048_8192_SHA384_LEGACY_KEY],
214        ),
215        (
216            SignatureScheme::RSA_PSS_SHA256,
217            &[webpki_algs::RSA_PSS_2048_8192_SHA256_LEGACY_KEY],
218        ),
219        (
220            SignatureScheme::RSA_PKCS1_SHA512,
221            &[webpki_algs::RSA_PKCS1_2048_8192_SHA512],
222        ),
223        (
224            SignatureScheme::RSA_PKCS1_SHA384,
225            &[webpki_algs::RSA_PKCS1_2048_8192_SHA384],
226        ),
227        (
228            SignatureScheme::RSA_PKCS1_SHA256,
229            &[webpki_algs::RSA_PKCS1_2048_8192_SHA256],
230        ),
231    ],
232};
233
234/// All defined key exchange groups supported by aws-lc-rs appear in this module.
235///
236/// [`ALL_KX_GROUPS`] is provided as an array of all of these values.
237/// [`DEFAULT_KX_GROUPS`] is provided as an array of this provider's defaults.
238pub mod kx_group {
239    pub use super::kx::{SECP256R1, SECP384R1, X25519};
240    pub use super::pq::{MLKEM768, SECP256R1MLKEM768, X25519MLKEM768};
241}
242
243/// A list of the default key exchange groups supported by this provider.
244///
245/// This does not contain MLKEM768; by default MLKEM768 is only offered
246/// in hybrid with X25519.
247pub static DEFAULT_KX_GROUPS: &[&dyn SupportedKxGroup] = &[
248    #[cfg(feature = "prefer-post-quantum")]
249    kx_group::X25519MLKEM768,
250    kx_group::X25519,
251    kx_group::SECP256R1,
252    kx_group::SECP384R1,
253    #[cfg(not(feature = "prefer-post-quantum"))]
254    kx_group::X25519MLKEM768,
255];
256
257/// A list of all the key exchange groups supported by this provider.
258pub static ALL_KX_GROUPS: &[&dyn SupportedKxGroup] = &[
259    #[cfg(feature = "prefer-post-quantum")]
260    kx_group::X25519MLKEM768,
261    #[cfg(feature = "prefer-post-quantum")]
262    kx_group::SECP256R1MLKEM768,
263    kx_group::X25519,
264    kx_group::SECP256R1,
265    kx_group::SECP384R1,
266    #[cfg(not(feature = "prefer-post-quantum"))]
267    kx_group::X25519MLKEM768,
268    #[cfg(not(feature = "prefer-post-quantum"))]
269    kx_group::SECP256R1MLKEM768,
270    kx_group::MLKEM768,
271];
272
273#[cfg(feature = "std")]
274pub use ticketer::Ticketer;
275
276/// Compatibility shims between ring 0.16.x and 0.17.x API
277mod ring_shim {
278    use super::ring_like;
279    use crate::crypto::SharedSecret;
280
281    pub(super) fn agree_ephemeral(
282        priv_key: ring_like::agreement::EphemeralPrivateKey,
283        peer_key: &ring_like::agreement::UnparsedPublicKey<&[u8]>,
284    ) -> Result<SharedSecret, ()> {
285        ring_like::agreement::agree_ephemeral(priv_key, peer_key, (), |secret| {
286            Ok(SharedSecret::from(secret))
287        })
288    }
289}
290
291/// Are we in FIPS mode?
292pub(super) fn fips() -> bool {
293    aws_lc_rs::try_fips_mode().is_ok()
294}
295
296pub(super) fn unspecified_err(_e: aws_lc_rs::error::Unspecified) -> Error {
297    #[cfg(feature = "std")]
298    {
299        Error::Other(OtherError(Arc::new(_e)))
300    }
301    #[cfg(not(feature = "std"))]
302    {
303        Error::Other(OtherError())
304    }
305}
306
307#[cfg(test)]
308mod tests {
309    use std::collections::HashSet;
310
311    #[cfg(feature = "fips")]
312    #[test]
313    fn default_suites_are_fips() {
314        assert!(
315            super::DEFAULT_CIPHER_SUITES
316                .iter()
317                .all(|scs| scs.fips())
318        );
319    }
320
321    #[cfg(not(feature = "fips"))]
322    #[test]
323    fn default_suites() {
324        assert_eq!(super::DEFAULT_CIPHER_SUITES, super::ALL_CIPHER_SUITES);
325    }
326
327    #[test]
328    fn certificate_sig_algs() {
329        // `all` should not contain duplicates (not incorrect, but a waste of time)
330        assert_eq!(
331            super::SUPPORTED_SIG_ALGS
332                .all
333                .iter()
334                .map(|alg| {
335                    (
336                        alg.public_key_alg_id()
337                            .as_ref()
338                            .to_vec(),
339                        alg.signature_alg_id().as_ref().to_vec(),
340                    )
341                })
342                .collect::<HashSet<_>>()
343                .len(),
344            super::SUPPORTED_SIG_ALGS.all.len(),
345        );
346    }
347}