Merge remote-tracking branch 'upstream/master' into documentation

Author: kenaniah

Cargo.toml

@@ -18,6 +18,7 @@ members = [
     "util",
     "webrtc",
 ]
+resolver = "2"
 
 [profile.dev]
 opt-level = 0

constraints/Cargo.toml

@@ -8,20 +8,17 @@ license = "MIT OR Apache-2.0"
 documentation = "https://docs.rs/webrtc-constraints"
 homepage = "https://webrtc.rs"
 repository = "https://github.com/webrtc-rs/constraints"
-rust-version = "1.63.0"
-
-# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-indexmap = "1.9.1"
-serde = { version = "1.0.137", features = ["derive"], optional = true }
-ordered-float = { version = "3.0.0", default-features = false }
-thiserror = "1.0"
+indexmap = "2"
+serde = { version = "1", features = ["derive"], optional = true }
+ordered-float = { version = "3", default-features = false }
+thiserror = "1"
 
 [dev-dependencies]
-env_logger = "0.9.0"
-lazy_static = "1.4.0"
-serde_json = { version = "1.0.91", features = ["preserve_order"] }
+env_logger = "0.10"
+lazy_static = "1"
+serde_json = { version = "1", features = ["preserve_order"] }
 
 [features]
 default = ["serde"]

data/Cargo.toml

@@ -1,27 +1,24 @@
 [package]
 name = "webrtc-data"
-version = "0.7.0"
+version = "0.8.0"
 authors = ["Rain Liu <yliu@webrtc.rs>"]
 edition = "2021"
 description = "A pure Rust implementation of WebRTC DataChannel API"
 license = "MIT OR Apache-2.0"
 documentation = "https://docs.rs/webrtc-data"
 homepage = "https://webrtc.rs"
 repository = "https://github.com/webrtc-rs/data"
-rust-version = "1.63.0"
-
-# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-util = { version = "0.7.0", path = "../util", package = "webrtc-util", default-features = false, features = ["conn", "marshal"]  }
-sctp = { version = "0.8.0", path = "../sctp", package = "webrtc-sctp" }
+util = { version = "0.8", path = "../util", package = "webrtc-util", default-features = false, features = ["conn", "marshal"]  }
+sctp = { version = "0.9", path = "../sctp", package = "webrtc-sctp" }
 
-tokio = { version = "1.19", features = ["full"] }
+tokio = { version = "1.32.0", features = ["full"] }
 bytes = "1"
-log = "0.4.16"
-thiserror = "1.0"
+log = "0.4"
+thiserror = "1"
 
 [dev-dependencies]
-tokio-test = "0.4.0" # must match the min version of the `tokio` crate above
-env_logger = "0.9.0"
-chrono = "0.4.23"
+tokio-test = "0.4" # must match the min version of the `tokio` crate above
+env_logger = "0.10"
+chrono = "0.4.28"

dtls/Cargo.toml

@@ -1,55 +1,51 @@
 [package]
 name = "webrtc-dtls"
-version = "0.7.2"
+version = "0.8.0"
 authors = ["Rain Liu <yuliu@webrtc.rs>"]
 edition = "2021"
 description = "A pure Rust implementation of DTLS"
 license = "MIT OR Apache-2.0"
 documentation = "https://docs.rs/webrtc-dtls"
 homepage = "https://webrtc.rs"
 repository = "https://github.com/webrtc-rs/dtls"
-rust-version = "1.63.0"
-
-# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-util = { version = "0.7.0", path = "../util", package = "webrtc-util", default-features = false, features = ["conn"] }
+util = { version = "0.8", path = "../util", package = "webrtc-util", default-features = false, features = ["conn"] }
 
 byteorder = "1"
-rand_core = "0.6.3"
-hkdf = "~0.12.1"
-p256 = { version = "0.11.1", features = ["default", "ecdh", "ecdsa"] }
-p384 = "0.11.2"
-rand = "0.8.5"
-hmac = "0.12.1"
-sec1 = { version = "0.3.0", features = [ "std" ] }
-sha1 = "0.10.5"
-sha2 = "0.10.6"
-aes = "0.6.0"
-block-modes = "0.7.0"
-aes-gcm = "0.10.1"
-ccm = "0.3.0"
-tokio = { version = "1.19", features = ["full"] }
-async-trait = "0.1.56"
+rand_core = "0.6"
+hkdf = "0.12"
+p256 = { version = "0.13", features = ["default", "ecdh", "ecdsa"] }
+p384 = "0.13"
+rand = "0.8"
+hmac = "0.12"
+sec1 = { version = "0.7", features = [ "std" ] }
+sha1 = "0.10"
+sha2 = "0.10"
+aes = "0.8"
+cbc = { version = "0.1", features = [ "block-padding", "alloc"] }
+aes-gcm = "0.10"
+ccm = "0.5"
+tokio = { version = "1.32.0", features = ["full"] }
+async-trait = "0.1"
 x25519-dalek = { version = "2", features = ["static_secrets"] }
-x509-parser = "0.13.2"
+x509-parser = "0.15"
 der-parser = "8.1"
-rcgen = "0.10.0"
+rcgen = "0.11"
 ring = "0.16.19"
-webpki = "0.21.4"
-rustls = { version = "0.19.0", features = ["dangerous_configuration"]}
-bincode = "1.3"
-serde = { version = "1.0.110", features = ["derive"] }
-subtle = "2.4"
-log = "0.4.16"
-thiserror = "1.0"
-pem = { version = "1", optional = true }
+rustls = { version = "0.21", features = ["dangerous_configuration"]}
+bincode = "1"
+serde = { version = "1", features = ["derive"] }
+subtle = "2"
+log = "0.4"
+thiserror = "1"
+pem = { version = "3", optional = true }
 
 [dev-dependencies]
-tokio-test = "0.4.0" # must match the min version of the `tokio` crate above
-env_logger = "0.9.0"
-chrono = "0.4.23"
-clap = "3.2.6"
+tokio-test = "0.4"
+env_logger = "0.10"
+chrono = "0.4.28"
+clap = "3"
 hub = {path = "examples/hub"}
 
 [features]

dtls/examples/dial/verify/dial_verify.rs

@@ -1,8 +1,8 @@
-use std::fs::File;
-use std::io::{BufReader, Write};
+use std::io::Write;
 use std::sync::Arc;
 
 use clap::{App, AppSettings, Arg};
+use hub::utilities::load_certificate;
 use tokio::net::UdpSocket;
 use util::Conn;
 use webrtc_dtls::config::*;
@@ -67,10 +67,11 @@ async fn main() -> Result<(), Error> {
     )?;
 
     let mut cert_pool = rustls::RootCertStore::empty();
-    let f = File::open("dtls/examples/certificates/server.pub.pem")?;
-    let mut reader = BufReader::new(f);
-    if cert_pool.add_pem_file(&mut reader).is_err() {
-        return Err(Error::Other("cert_pool add_pem_file failed".to_owned()));
+    let certs = load_certificate("dtls/examples/certificates/server.pub.pem".into())?;
+    for cert in &certs {
+        if cert_pool.add(cert).is_err() {
+            return Err(Error::Other("cert_pool add_pem_file failed".to_owned()));
+        }
     }
 
     let config = Config {

dtls/examples/hub/Cargo.toml

@@ -9,7 +9,8 @@ util = { path = "../../../util", package = "webrtc-util", default-features = fal
 ] }
 dtls = { package = "webrtc-dtls", path = "../../" }
 
-tokio = { version = "1", features = ["full"] }
-rcgen = { version = "0.10", features = ["pem", "x509-parser"] }
-rustls = "0.19"
+tokio = { version = "1.32.0", features = ["full"] }
+rcgen = { version = "0.11", features = ["pem", "x509-parser"] }
+rustls = "0.21"
+rustls-pemfile = "1"
 thiserror = "1"

dtls/examples/hub/src/utilities.rs

@@ -4,7 +4,6 @@ use std::path::PathBuf;
 
 use dtls::crypto::{Certificate, CryptoPrivateKey};
 use rcgen::KeyPair;
-use rustls::internal::pemfile::certs;
 use thiserror::Error;
 
 use super::*;
@@ -106,8 +105,8 @@ pub fn load_certificate(path: PathBuf) -> Result<Vec<rustls::Certificate>, Error
     let f = File::open(path)?;
 
     let mut reader = BufReader::new(f);
-    match certs(&mut reader) {
-        Ok(ders) => Ok(ders),
+    match rustls_pemfile::certs(&mut reader) {
+        Ok(certs) => Ok(certs.into_iter().map(rustls::Certificate).collect()),
         Err(_) => Err(Error::ErrNoCertificateFound),
     }
 }

dtls/examples/listen/verify/listen_verify.rs

@@ -1,8 +1,8 @@
-use std::fs::File;
-use std::io::{BufReader, Write};
+use std::io::Write;
 use std::sync::Arc;
 
 use clap::{App, AppSettings, Arg};
+use hub::utilities::load_certificate;
 use util::conn::*;
 use webrtc_dtls::config::{ClientAuthType, Config, ExtendedMasterSecretType};
 use webrtc_dtls::listener::listen;
@@ -62,10 +62,11 @@ async fn main() -> Result<(), Error> {
     )?;
 
     let mut cert_pool = rustls::RootCertStore::empty();
-    let f = File::open("dtls/examples/certificates/server.pub.pem")?;
-    let mut reader = BufReader::new(f);
-    if cert_pool.add_pem_file(&mut reader).is_err() {
-        return Err(Error::Other("cert_pool add_pem_file failed".to_owned()));
+    let certs = load_certificate("dtls/examples/certificates/server.pub.pem".into())?;
+    for cert in &certs {
+        if cert_pool.add(cert).is_err() {
+            return Err(Error::Other("cert_pool add_pem_file failed".to_owned()));
+        }
     }
 
     let cfg = Config {

dtls/src/conn/mod.rs

@@ -213,14 +213,19 @@ impl DTLSConn {
             insecure_skip_verify: config.insecure_skip_verify,
             insecure_verification: config.insecure_verification,
             verify_peer_certificate: config.verify_peer_certificate.take(),
-            roots_cas: config.roots_cas,
             client_cert_verifier: if config.client_auth as u8
                 >= ClientAuthType::VerifyClientCertIfGiven as u8
             {
-                Some(rustls::AllowAnyAuthenticatedClient::new(config.client_cas))
+                Some(Arc::new(rustls::server::AllowAnyAuthenticatedClient::new(
+                    config.client_cas,
+                )))
             } else {
                 None
             },
+            server_cert_verifier: Arc::new(rustls::client::WebPkiVerifier::new(
+                config.roots_cas,
+                None,
+            )),
             retransmit_interval,
             //log: logger,
             initial_epoch: 0,

dtls/src/crypto/crypto_cbc.rs

@@ -8,20 +8,18 @@
 
 // https://github.com/RustCrypto/block-ciphers
 
+use aes::cipher::{block_padding::Pkcs7, BlockDecryptMut, BlockEncryptMut, KeyIvInit};
+use p256::elliptic_curve::subtle::ConstantTimeEq;
+use rand::Rng;
 use std::io::Cursor;
 use std::ops::Not;
 
-use aes::Aes256;
-use block_modes::{BlockMode, BlockModeError, Cbc};
-use rand::Rng;
-use subtle::ConstantTimeEq;
-
-use super::padding::DtlsPadding;
 use crate::content::*;
 use crate::error::*;
 use crate::prf::*;
 use crate::record_layer::record_layer_header::*;
-type Aes256Cbc = Cbc<Aes256, DtlsPadding>;
+type Aes256CbcEnc = cbc::Encryptor<aes::Aes256>;
+type Aes256CbcDec = cbc::Decryptor<aes::Aes256>;
 
 // State needed to handle encrypted input/output
 #[derive(Clone)]
@@ -71,8 +69,8 @@ impl CryptoCbc {
         let mut iv: Vec<u8> = vec![0; Self::BLOCK_SIZE];
         rand::thread_rng().fill(iv.as_mut_slice());
 
-        let write_cbc = Aes256Cbc::new_var(&self.local_key, &iv)?;
-        let encrypted = write_cbc.encrypt_vec(&payload);
+        let write_cbc = Aes256CbcEnc::new_from_slices(&self.local_key, &iv)?;
+        let encrypted = write_cbc.encrypt_padded_vec_mut::<Pkcs7>(&payload);
 
         // Prepend unencrypte header with encrypted payload
         let mut r = vec![];
@@ -100,9 +98,11 @@ impl CryptoCbc {
         let body = &body[Self::BLOCK_SIZE..];
         //TODO: add body.len() check
 
-        let read_cbc = Aes256Cbc::new_var(&self.remote_key, iv)?;
+        let read_cbc = Aes256CbcDec::new_from_slices(&self.remote_key, iv)?;
 
-        let decrypted = read_cbc.decrypt_vec(body)?;
+        let decrypted = read_cbc
+            .decrypt_padded_vec_mut::<Pkcs7>(body)
+            .map_err(|_| Error::ErrInvalidPacketLength)?;
 
         let recv_mac = &decrypted[decrypted.len() - Self::MAC_SIZE..];
         let decrypted = &decrypted[0..decrypted.len() - Self::MAC_SIZE];
@@ -116,7 +116,7 @@ impl CryptoCbc {
         )?;
 
         if recv_mac.ct_eq(&mac).not().into() {
-            return Err(BlockModeError.into());
+            return Err(Error::ErrInvalidMac);
         }
 
         let mut d = Vec::with_capacity(RECORD_LAYER_HEADER_SIZE + decrypted.len());