Merge #226

226: Rebased Acruceru/mbedtls8 async support r=Taowyoo a=Taowyoo

This is the successor of #163, except the commits in original PR.
Following changes are added:
- Add async tests to CI

2023-03-15 update:
According to #163 (comment)
Here are some to-dos in this PR:
- [x] remove 'migration_mode' feature
- [x] Since changing 'sign' from '&mut self' to '&self' was something that was in-progress, need to either revert to '&mut self' or check that assumption is valid. Regarding this:
	```rust
	    pub fn sign<F: Random>(
	        &self,
	```
Following two tasks could be put in another PR&issue
- Performance tests (compare to 0.7 under same scenario, should give similar numbers)
- Additional unit tests / run tests with valgrind. 





Co-authored-by: Adrian Cruceru <[email protected]>
Co-authored-by: Yuxiang Cao <[email protected]>

Author: 3 people

Cargo.lock

@@ -1,3 +1,8 @@
 [workspace]
 members = ["mbedtls", "mbedtls-sys"]
 resolver = "2"
+
+[patch.crates-io]
+mio = { git = "https://github.com/mzohreva/mio", branch = "mz/sgx-port-0.7.6" }
+tokio = { git = "https://github.com/mzohreva/tokio", branch = "mz/sgx-port-0.3.4" }
+

Cargo.toml

@@ -33,6 +33,8 @@ if [ "$TRAVIS_RUST_VERSION" == "stable" ] || [ "$TRAVIS_RUST_VERSION" == "beta"
         cargo test --features pkcs12 --target $TARGET
         cargo test --features pkcs12_rc2 --target $TARGET
         cargo test --features dsa --target $TARGET
+        cargo test --test hyper13 --features=std,async-rt --target $TARGET
+        cargo test --test async_session --features=async-rt --target $TARGET
 
         # If zlib is installed, test the zlib feature
         if [ -n "$ZLIB_INSTALLED" ]; then

ct.sh

@@ -42,9 +42,8 @@ quote = "1.0.9"
 # * strstr/strlen/strncpy/strncmp/strcmp/snprintf
 # * memmove/memcpy/memcmp/memset
 # * rand/printf (used only for self tests. optionally use custom_printf)
-default = ["std", "debug", "threading", "zlib", "time", "aesni", "padlock", "legacy_protocols"]
-std = ["debug"] # deprecated automatic enabling of debug, can be removed on major version bump
-debug = []
+default = ["std", "threading", "zlib", "time", "aesni", "padlock", "legacy_protocols"]
+std = [] # deprecated automatic enabling of debug, can be removed on major version bump
 custom_printf = []
 custom_has_support = []
 aes_alt = []

mbedtls-sys/Cargo.toml

@@ -29,13 +29,14 @@ bit-vec = { version = "0.5", optional = true }
 block-modes = { version = "0.3", optional = true }
 rc2 = { version = "0.3", optional = true }
 cfg-if = "1.0.0"
+tokio = { version = "0.3.4", optional = true }
 
 [target.x86_64-fortanix-unknown-sgx.dependencies]
 rs-libc = "0.2.0"
 chrono = "0.4"
 
 [dependencies.mbedtls-sys-auto]
-version = "2.25.0"
+version = "2.28.0"
 default-features = false
 features = ["custom_printf", "trusted_cert_callback", "threading"]
 path = "../mbedtls-sys"
@@ -47,6 +48,11 @@ serde_cbor = "0.6"
 hex = "0.3"
 matches = "0.1.8"
 hyper = { version = "0.10.16", default-features = false }
+hyper13 = { package = "hyper", version = "0.13", default-features = false, features = ["stream"] }
+tokio-02 = { package = "tokio", version = "0.2", default-features = false }
+async-stream = "0.3.0"
+futures = "0.3"
+tracing = "0.1"
 
 [build-dependencies]
 cc = "1.0"
@@ -55,7 +61,7 @@ cc = "1.0"
 # Features are documented in the README
 default = ["std", "aesni", "time", "padlock"]
 std = ["byteorder/std", "mbedtls-sys-auto/std", "serde/std", "yasna"]
-debug = ["mbedtls-sys-auto/debug"]
+debug = []
 no_std_deps = ["spin", "serde/alloc"]
 force_aesni_support = ["mbedtls-sys-auto/custom_has_support", "mbedtls-sys-auto/aes_alt", "aesni"]
 mpi_force_c_code = ["mbedtls-sys-auto/mpi_force_c_code"]
@@ -68,6 +74,8 @@ dsa = ["std", "yasna", "num-bigint", "bit-vec"]
 pkcs12 = ["std", "yasna"]
 pkcs12_rc2 = ["pkcs12", "rc2", "block-modes"]
 legacy_protocols = ["mbedtls-sys-auto/legacy_protocols"]
+async = ["std", "tokio","tokio/net","tokio/io-util", "tokio/macros"]
+async-rt = ["async", "tokio/rt", "tokio/sync", "tokio/rt-multi-thread"]
 
 [[example]]
 name = "client"
@@ -100,3 +108,12 @@ required-features = ["std"]
 [[test]]
 name = "hyper"
 required-features = ["std"]
+
+[[test]]
+name = "hyper13"
+required-features = ["std", "async-rt"]
+
+[[test]]
+name = "async_session"
+path = "tests/async_session.rs"
+required-features = ["async-rt"]

mbedtls/Cargo.toml

@@ -217,9 +217,13 @@ fn sample_secret_value<F: Random>(upper_bound: &Mpi, rng: &mut F) -> Result<Mpi>
     Ok(c)
 }
 
-fn encode_dsa_signature(r: &Mpi, s: &Mpi) -> Result<Vec<u8>> {
-    let r = BigUint::from_bytes_be(&r.to_binary()?);
-    let s = BigUint::from_bytes_be(&s.to_binary()?);
+pub fn encode_dsa_signature(r: &Mpi, s: &Mpi) -> Result<Vec<u8>> {
+    serialize_signature(&r.to_binary()?, &s.to_binary()?)
+}
+
+pub fn serialize_signature(r: &[u8], s: &[u8]) -> Result<Vec<u8>> {
+    let r = BigUint::from_bytes_be(r);
+    let s = BigUint::from_bytes_be(s);
 
     Ok(yasna::construct_der(|w| {
         w.write_sequence(|w| {
@@ -229,6 +233,18 @@ fn encode_dsa_signature(r: &Mpi, s: &Mpi) -> Result<Vec<u8>> {
     }))
 }
 
+pub fn deserialize_signature(signature: &Vec<u8>) -> Result<(Vec<u8>, Vec<u8>)> {
+    let (r,s) = yasna::parse_der(signature, |r| {
+        r.read_sequence(|rdr| {
+            let r = rdr.next().read_biguint()?;
+            let s = rdr.next().read_biguint()?;
+            Ok((r,s))
+        })
+    }).map_err(|_| Error::X509InvalidSignature)?;
+
+    Ok((r.to_bytes_be(), s.to_bytes_be()))
+}
+
 impl DsaPrivateKey {
     pub fn from_components(params: DsaParams, x: Mpi) -> Result<Self> {
         if x <= Mpi::new(1)? || x >= params.q {

mbedtls/src/pk/dsa/mod.rs

@@ -163,7 +163,7 @@ define!(
 // B. Verifying thread safety.
 //
 // 1. Calls towards the specific Pk implementation are done via function pointers.
-// 
+//
 // - Example call towards Pk:
 //    ../../../mbedtls-sys/vendor/library/ssl_srv.c:3707 - mbedtls_pk_decrypt( private_key, p, len, ...
 // - This calls a generic function pointer via:
@@ -174,7 +174,7 @@ define!(
 // - The function pointers are defined via function:
 //      ../../../mbedtls-sys/vendor/crypto/library/pk.c:115 - mbedtls_pk_info_from_type
 // - They are as follows: mbedtls_rsa_info / mbedtls_eckey_info / mbedtls_ecdsa_info
-// - These are defined in: 
+// - These are defined in:
 //       ../../../mbedtls-sys/vendor/crypto/library/pk_wrap.c:196
 //
 // C. Checking types one by one.
@@ -211,8 +211,8 @@ define!(
 //       And the key is a const parameter to mbedtls_pk_write_pubkey - ../../../mbedtls-sys/vendor/crypto/library/pkwrite.c:158
 //
 // - Const access with additional notes due to call stacks involved.
-//
 //   ecdsa_sign_wrap: ../../../mbedtls-sys/vendor/crypto/library/pk_wrap.c:657
+//
 //       mbedtls_ecdsa_write_signature ../../../mbedtls-sys/vendor/crypto/library/ecdsa.c:688
 //           mbedtls_ecdsa_write_signature_restartable ../../../mbedtls-sys/vendor/crypto/library/ecdsa.c:640
 //               MBEDTLS_ECDSA_DETERMINISTIC is not defined.
@@ -222,7 +222,7 @@ define!(
 //                    mbedtls_ecp_mul_restartable: ../../../mbedtls-sys/vendor/crypto/library/ecp.c:2351
 //                        MBEDTLS_ECP_INTERNAL_ALT is not defined. (otherwise it might not be safe depending on ecp_init/ecp_free) ../../../mbedtls-sys/build/config.rs:131
 //                        Passes as const to: mbedtls_ecp_check_privkey / mbedtls_ecp_check_pubkey / mbedtls_ecp_get_type( grp
-//        
+//
 // - Ignored due to not defined: ecdsa_verify_rs_wrap, ecdsa_sign_rs_wrap, ecdsa_rs_alloc, ecdsa_rs_free
 //   (Undefined - MBEDTLS_ECP_RESTARTABLE - ../../../mbedtls-sys/build/config.rs:173)
 //
@@ -927,7 +927,7 @@ impl Pk {
         if hash.len() == 0 || sig.len() == 0 {
             return Err(Error::PkBadInputData)
         }
-        
+
         unsafe {
             pk_verify(
                 &mut self.inner,
@@ -1297,7 +1297,7 @@ iy6KC991zzvaWY/Ys+q/84Afqa+0qJKQnPuy/7F5GkVdQA/lfbhi
             let mut dummy_sig = [];
             assert_eq!(pk.sign(digest, data, &mut dummy_sig, &mut crate::test_support::rand::test_rng()).unwrap_err(), Error::PkBadInputData);
             assert_eq!(pk.sign(digest, &[], &mut signature, &mut crate::test_support::rand::test_rng()).unwrap_err(), Error::PkBadInputData);
-            
+
             assert_eq!(pk.sign_deterministic(digest, data, &mut dummy_sig, &mut crate::test_support::rand::test_rng()).unwrap_err(), Error::PkBadInputData);
             assert_eq!(pk.sign_deterministic(digest, &[], &mut signature, &mut crate::test_support::rand::test_rng()).unwrap_err(), Error::PkBadInputData);
 

mbedtls/src/pk/mod.rs

@@ -0,0 +1,145 @@
+/* Copyright (c) Fortanix, Inc.
+ *
+ * Licensed under the GNU General Public License, version 2 <LICENSE-GPL or
+ * https://www.gnu.org/licenses/gpl-2.0.html> or the Apache License, Version
+ * 2.0 <LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0>, at your
+ * option. This file may not be copied, modified, or distributed except
+ * according to those terms. */
+
+#![cfg(all(feature = "std", feature = "async"))]
+    
+use std::cell::Cell;
+use std::ptr::null_mut;
+use std::rc::Rc;
+use std::task::{Context as TaskContext, Poll};
+
+
+#[cfg(not(feature = "std"))]
+use core_io::{Error as IoError, Result as IoResult, ErrorKind as IoErrorKind};
+#[cfg(feature = "std")]
+use std::io::{Error as IoError, Result as IoResult, ErrorKind as IoErrorKind};
+
+
+#[derive(Clone)]
+pub struct ErasedContext(Rc<Cell<*mut ()>>);
+
+unsafe impl Send for ErasedContext {}
+
+impl ErasedContext {
+    pub fn new() -> Self {
+        Self(Rc::new(Cell::new(null_mut())))
+    }
+
+    pub unsafe fn get(&self) -> Option<&mut TaskContext<'_>> {
+        let ptr = self.0.get();
+        if ptr.is_null() {
+            None 
+        } else {
+            Some(&mut *(ptr as *mut _))
+        }
+    }
+
+    pub fn set(&self, cx: &mut TaskContext<'_>) {
+        self.0.set(cx as *mut _ as *mut ());
+    }
+
+    pub fn clear(&self) {
+        self.0.set(null_mut());
+    }
+}
+
+// mbedtls_ssl_write() has some weird semantics w.r.t non-blocking I/O:
+//
+// > When this function returns MBEDTLS_ERR_SSL_WANT_WRITE/READ, it must be
+// > called later **with the same arguments**, until it returns a value greater
+// > than or equal to 0. When the function returns MBEDTLS_ERR_SSL_WANT_WRITE
+// > there may be some partial data in the output buffer, however this is not
+// > yet sent.
+//
+// WriteTracker is used to ensure we pass the same data in that scenario.
+//
+// Reference:
+// https://tls.mbed.org/api/ssl_8h.html#a5bbda87d484de82df730758b475f32e5
+pub struct WriteTracker {
+    pending: Option<Box<DigestAndLen>>,
+}
+
+struct DigestAndLen {
+    #[cfg(debug_assertions)]
+    digest: [u8; 20], // SHA-1
+    len: usize,
+}
+
+impl WriteTracker {
+    fn new() -> Self {
+        WriteTracker {
+            pending: None,
+        }
+    }
+
+    #[cfg(debug_assertions)]
+    fn digest(buf: &[u8]) -> [u8; 20] {
+        use crate::hash::{Md, Type};
+        let mut out = [0u8; 20];
+        let res = Md::hash(Type::Sha1, buf, &mut out[..]);
+        assert_eq!(res, Ok(out.len()));
+        out
+    }
+
+    pub fn adjust_buf<'a>(&self, buf: &'a [u8]) -> IoResult<&'a [u8]> {
+        match self.pending.as_ref() {
+            None => Ok(buf),
+            Some(pending) => {
+                if pending.len <= buf.len() {
+                    let buf = &buf[..pending.len];
+
+                    // We only do this check in debug mode since it's an expensive check.
+                    #[cfg(debug_assertions)]
+                    if Self::digest(buf) == pending.digest {
+                        return Ok(buf);
+                    }
+
+                    #[cfg(not(debug_assertions))]
+                    return Ok(buf);
+                }
+                Err(IoError::new(
+                    IoErrorKind::Other,
+                    "mbedtls expects the same data if the previous call to poll_write() returned Poll::Pending"
+                ))
+            },
+        }
+    }
+
+    pub fn post_write(&mut self, buf: &[u8], res: &Poll<IoResult<usize>>) {
+        match res {
+            &Poll::Pending => {
+                if self.pending.is_none() {
+                    self.pending = Some(Box::new(DigestAndLen {
+                        #[cfg(debug_assertions)]
+                        digest: Self::digest(buf),
+                        len: buf.len(),
+                    }));
+                }
+            },
+            _ => {
+                self.pending = None;
+            }
+        }
+    }
+}
+
+pub struct IoAdapter<S> {
+    pub inner: S,
+    pub ecx: ErasedContext,
+    pub write_tracker: WriteTracker,
+}
+
+impl<S> IoAdapter<S> {
+    pub fn new(stream: S) -> Self {
+        Self {
+            inner: stream,
+            ecx: ErasedContext::new(),
+            write_tracker: WriteTracker::new(),
+        }
+    }
+}