boring-rustls-provider

This is supposed to be the start to a boringssl-based rustls crypto provider.

Status

This is just a dump of me figuring out how to interface with boring and rustls. It works to establish a connection and exchange data but I haven't written real tests yet, nor did I cleanup the code or made the effort to make it look nice. There is probably some code in here that should rather live in the boring crate.

Further, the rustls crypto provider API is still not stable it seems. This works currently with rustls = 0.22.0-alpha.5.

Supported ciphers

Currently, supports only TLS 1.3:

AES_128_GCM_SHA256
AES_256_GCM_SHA384
CHACHA20_POLY1305_SHA256

QUIC: not yet supported

TLS 1.2:

ECDHE_ECDSA_AES128_GCM_SHA256
ECDHE_RSA_AES128_GCM_SHA256

ECDHE_ECDSA_AES256_GCM_SHA384
ECDHE_RSA_AES256_GCM_SHA384

ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

Key Exchange Algorithms

ECDHE with curves:

X25519
X448
secp256r1
secp384r1
secp521r1

FFDHE with:

ffdhe2048

Signature Generation / Verification

RSA_PKCS1_SHA256
RSA_PKCS1_SHA384
RSA_PKCS1_SHA512
RSA_PSS_SHA256
RSA_PSS_SHA384
RSA_PSS_SHA512
ECDSA_NISTP256_SHA256
ECDSA_NISTP384_SHA384
ECDSA_NISTP521_SHA512
ED25519
ED448

License

MIT