Awesome

rustls-mbedtls-provider

This repository will contain code to allow mbedtls to be used as the crypto and PKI provider for rustls.

Crypto provider

Implements following rustls traits:

• Hash algorithms through: Hash + Context
  • Support: SHA256, SHA384
• Hmac algorithms through: Hmac + Key
  • Support: HMAC_SHA256, HMAC_SHA384
• key-exchange groups through: SupportedKxGroup + ActiveKeyExchange
  • Support: X25519, SECP256R1, SECP384R1, SECP521R1, FFDHE2048, FFDHE3072, FFDHE4096, FFDHE6144, FFDHE8192
• CryptoProvider
• Aead algorithms though:Tls12AeadAlgorithm + Tls13AeadAlgorithm + MessageEncrypter + MessageDecrypter
  • Support: AES128_GCM, AES256_GCM, CHACHA20_POLY1305

Supports following ciphersuites:

• TLS 1.3
  • TLS13_AES_256_GCM_SHA384
  • TLS13_AES_128_GCM_SHA256
  • TLS13_CHACHA20_POLY1305_SHA256
• TLS 1.2
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256

PKI provider

Implements ClientCertVerifier and ClientCertVerifier traits from rustls using mbedtls.

Developing

Code style

Use cargo fmt for code formatting.

Use taplo fmt for Cargo.toml formatting. Please check Taplo Website for installing the cli tool.

Contributing

We gratefully accept bug reports and contributions from the community. By participating in this community, you agree to abide by Code of Conduct. All contributions are covered under the Developer's Certificate of Origin (DCO).

Developer's Certificate of Origin 1.1

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or

(b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or

(c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it.

(d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved.

License

This project is primarily distributed under the terms of the Mozilla Public License (MPL) 2.0, see LICENSE for details.