From e28727c01e78a934dc7635d8185557b383076c9c Mon Sep 17 00:00:00 2001 From: Emil Sauer Lynge Date: Thu, 13 Jan 2022 15:22:43 +0100 Subject: [PATCH] reuse tlsconfig as transport.quic + do not import quic unless feature enabled also chnage openssl version to * to track native-tls --- Cargo.toml | 2 +- src/config.rs | 39 ++++++++++++++++++++----------- src/server.rs | 4 +++- src/transport/quic.rs | 5 ++-- tests/for_tcp/quic_transport.toml | 4 ++-- tests/for_udp/quic_transport.toml | 4 ++-- 6 files changed, 36 insertions(+), 22 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index c7efdc63..31569cf9 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -76,7 +76,7 @@ atty = "0.2" quinn = { version = "0.8.0", optional = true} rustls = { version = "*", default-features = false, features = ["quic"], optional = true } rustls-pemfile = { version = "*", optional = true } -openssl = { version = "0.10.38", optional = true } +openssl = { version = "*", optional = true } futures-util = { version = "*", optional = true} [build-dependencies] diff --git a/src/config.rs b/src/config.rs index 989020ee..e8b671d8 100644 --- a/src/config.rs +++ b/src/config.rs @@ -104,6 +104,7 @@ pub struct TransportConfig { pub transport_type: TransportType, pub tls: Option, pub noise: Option, + pub quic: Option, // reuse TLSconfig since QUIC uses TLS1.3 } fn default_transport() -> TransportConfig { @@ -188,27 +189,37 @@ impl Config { Ok(()) } + fn validate_tls_config(tls_config: &TlsConfig, is_server: bool) -> Result<()>{ + if is_server { + tls_config + .pkcs12 + .as_ref() + .and(tls_config.pkcs12_password.as_ref()) + .ok_or(anyhow!("Missing `pkcs12` or `pkcs12_password`"))?; + } else { + tls_config + .trusted_root + .as_ref() + .ok_or(anyhow!("Missing `trusted_root`"))?; + } + Ok(()) + } fn validate_transport_config(config: &TransportConfig, is_server: bool) -> Result<()> { match config.transport_type { TransportType::Tcp => Ok(()), - TransportType::Quic | TransportType::Tls => { + TransportType::Tls => { let tls_config = config .tls .as_ref() .ok_or(anyhow!("Missing TLS configuration"))?; - if is_server { - tls_config - .pkcs12 - .as_ref() - .and(tls_config.pkcs12_password.as_ref()) - .ok_or(anyhow!("Missing `pkcs12` or `pkcs12_password`"))?; - } else { - tls_config - .trusted_root - .as_ref() - .ok_or(anyhow!("Missing `trusted_root`"))?; - } - Ok(()) + Config::validate_tls_config(tls_config, is_server) + } + TransportType::Quic => { + let tls_config = config + .quic + .as_ref() + .ok_or(anyhow!("Missing QUIC configuration"))?; + Config::validate_tls_config(tls_config, is_server) } TransportType::Noise => { // The check is done in transport diff --git a/src/server.rs b/src/server.rs index 455511b2..af78be8a 100644 --- a/src/server.rs +++ b/src/server.rs @@ -7,7 +7,7 @@ use crate::protocol::{ self, read_auth, read_hello, Ack, ControlChannelCmd, DataChannelCmd, Hello, UdpTraffic, HASH_WIDTH_IN_BYTES, }; -use crate::transport::{QuicTransport, TcpTransport, Transport}; +use crate::transport::{TcpTransport, Transport}; use anyhow::{anyhow, bail, Context, Result}; use backoff::backoff::Backoff; use backoff::ExponentialBackoff; @@ -26,6 +26,8 @@ use tracing::{debug, error, info, info_span, instrument, warn, Instrument, Span} use crate::transport::NoiseTransport; #[cfg(feature = "tls")] use crate::transport::TlsTransport; +#[cfg(feature = "quic")] +use crate::transport::QuicTransport; type ServiceDigest = protocol::Digest; // SHA256 of a service name type Nonce = protocol::Digest; // Also called `session_key` diff --git a/src/transport/quic.rs b/src/transport/quic.rs index 15e5d07a..fb31eabc 100644 --- a/src/transport/quic.rs +++ b/src/transport/quic.rs @@ -123,10 +123,10 @@ impl Transport for QuicTransport { type Stream = QuicBiStream; async fn new(config: &TransportConfig) -> Result { - let config = match &config.tls { + let config = match &config.quic { Some(v) => v, None => { - return Err(anyhow!("Missing tls config")); + return Err(anyhow!("Missing tls config: {:?}", config)); } }; @@ -169,6 +169,7 @@ impl Transport for QuicTransport { let pkcs12 = Pkcs12::from_der(buf.as_slice()).with_context(|| "Failed to open `tls.pkcs12`")?; + let parsed = pkcs12 .parse(self.config.pkcs12_password.as_ref().unwrap()) .with_context(|| "Could not decrypt `tls.pkcs12` using `tls.pkcs12_password`")?; diff --git a/tests/for_tcp/quic_transport.toml b/tests/for_tcp/quic_transport.toml index 2d09a087..ac149c77 100644 --- a/tests/for_tcp/quic_transport.toml +++ b/tests/for_tcp/quic_transport.toml @@ -4,7 +4,7 @@ default_token = "default_token_if_not_specify" [client.transport] type = "quic" -[client.transport.tls] +[client.transport.quic] trusted_root = "examples/tls/test_ca.pem" hostname = "testserver" @@ -19,7 +19,7 @@ default_token = "default_token_if_not_specify" [server.transport] type = "quic" -[server.transport.tls] +[server.transport.quic] pkcs12 = "examples/tls/test_server.pfx" pkcs12_password = "1234" diff --git a/tests/for_udp/quic_transport.toml b/tests/for_udp/quic_transport.toml index cd443bc3..c6f51a13 100644 --- a/tests/for_udp/quic_transport.toml +++ b/tests/for_udp/quic_transport.toml @@ -4,7 +4,7 @@ default_token = "default_token_if_not_specify" [client.transport] type = "quic" -[client.transport.tls] +[client.transport.quic] trusted_root = "examples/tls/test_ca.pem" hostname = "testserver" @@ -21,7 +21,7 @@ default_token = "default_token_if_not_specify" [server.transport] type = "quic" -[server.transport.tls] +[server.transport.quic] pkcs12 = "examples/tls/test_server.pfx" pkcs12_password = "1234"