From a98074f89c6ac161a89011dd424fc8f6ae62e03a Mon Sep 17 00:00:00 2001 From: Daniel Gomes Vargas Date: Mon, 15 Jul 2024 18:34:12 -0300 Subject: [PATCH 1/4] fixes for 0.13.0 --- .github/workflows/ci.yml | 25 +++++++++++++++++-------- .gitignore | 3 ++- build.zig | 4 ++-- examples/proxy/.gitignore | 3 ++- examples/proxy/build.zig | 4 ++-- src/crypto/root.zig | 2 +- src/log.zig | 4 ++-- src/server.zig | 2 +- 8 files changed, 29 insertions(+), 18 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 366ab3e..ab4beed 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,7 +9,7 @@ jobs: - uses: actions/checkout@v4 - uses: goto-bus-stop/setup-zig@v2 with: - version: 0.12.0 + version: 0.13.0 - run: zig fmt --check *.zig src/*.zig test: @@ -21,7 +21,7 @@ jobs: - uses: actions/checkout@v4 - uses: goto-bus-stop/setup-zig@v2 with: - version: 0.12.0 + version: 0.13.0 - run: zig build test macos-with-openssl: @@ -38,7 +38,7 @@ jobs: source ~/.bashrc ./test.sh ./test_server.sh - + # thanks to https://github.com/docker/build-push-action/issues/225 create-container: runs-on: ubuntu-latest @@ -62,7 +62,6 @@ jobs: name: tls13-zig path: /tmp/tls13-zig.tar - client-e2e-test-with-openssl: runs-on: ubuntu-latest needs: create-container @@ -112,7 +111,12 @@ jobs: client-test-stream: strategy: matrix: - cipher: [TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256] + cipher: + [ + TLS_AES_128_GCM_SHA256, + TLS_AES_256_GCM_SHA384, + TLS_CHACHA20_POLY1305_SHA256, + ] runs-on: ubuntu-latest needs: create-container steps: @@ -134,7 +138,7 @@ jobs: with: image: tls13-zig:tls13zig_base run: /tls13-zig/test_stream.sh ${{matrix.cipher}} - + server-test-stream: runs-on: ubuntu-latest needs: create-container @@ -161,7 +165,12 @@ jobs: client-test-stress: strategy: matrix: - cipher: [TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256] + cipher: + [ + TLS_AES_128_GCM_SHA256, + TLS_AES_256_GCM_SHA384, + TLS_CHACHA20_POLY1305_SHA256, + ] runs-on: ubuntu-latest needs: create-container steps: @@ -205,4 +214,4 @@ jobs: - uses: addnab/docker-run-action@v3 with: image: tls13-zig:tls13zig_base - run: /tls13-zig/test_stress_server.sh \ No newline at end of file + run: /tls13-zig/test_stress_server.sh diff --git a/.gitignore b/.gitignore index 10b7205..2497428 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ /zig-cache +/.zig-cache /zig-out /tmp.zig /pkcs1v15.py @@ -11,4 +12,4 @@ /cert.pem /early_data.txt /reverse_mac.sh -/gen_gcm_test.py \ No newline at end of file +/gen_gcm_test.py diff --git a/build.zig b/build.zig index fe6e005..94320e3 100644 --- a/build.zig +++ b/build.zig @@ -14,7 +14,7 @@ pub fn build(b: *std.Build) void { const exe = b.addExecutable(.{ .name = "tls13-zig", - .root_source_file = .{ .path = "src/main.zig" }, + .root_source_file = b.path("src/main.zig"), .target = target, .optimize = optimize, }); @@ -50,7 +50,7 @@ pub fn build(b: *std.Build) void { // Creates a step for unit testing. This only builds the test executable // but does not run it. const unit_tests = b.addTest(.{ - .root_source_file = .{ .path = "src/main.zig" }, + .root_source_file = b.path("src/main.zig"), .target = target, .optimize = optimize, }); diff --git a/examples/proxy/.gitignore b/examples/proxy/.gitignore index 10764bb..ab1ab9b 100644 --- a/examples/proxy/.gitignore +++ b/examples/proxy/.gitignore @@ -1,2 +1,3 @@ /zig-cache -/zig-out \ No newline at end of file +/.zig-cache +/zig-out diff --git a/examples/proxy/build.zig b/examples/proxy/build.zig index db493f2..9b191cb 100644 --- a/examples/proxy/build.zig +++ b/examples/proxy/build.zig @@ -14,13 +14,13 @@ pub fn build(b: *std.Build) void { const exe = b.addExecutable(.{ .name = "proxy", - .root_source_file = .{ .path = "src/main.zig" }, + .root_source_file = b.path("src/main.zig"), .target = target, .optimize = optimize, }); exe.root_module.addAnonymousImport("tls13-server", .{ - .root_source_file = .{ .path = "../../src/server.zig" }, + .root_source_file = b.path("../../src/server.zig"), }); // This declares intent for the executable to be installed into the // standard location when the user invokes the "install" step (the default diff --git a/src/crypto/root.zig b/src/crypto/root.zig index 5070bc6..9cd0897 100644 --- a/src/crypto/root.zig +++ b/src/crypto/root.zig @@ -112,7 +112,7 @@ pub const RootCA = struct { fn loadCAFilesMacOS(self: *Self) !void { log.debug("Loading RootCA certificate", .{}); - const result = try std.ChildProcess.run(.{ + const result = try std.process.Child.run(.{ .allocator = self.allocator, .argv = &[_][]const u8{ "/usr/bin/security", "find-certificate", "-a", "-p", "/System/Library/Keychains/SystemRootCertificates.keychain" }, .max_output_bytes = 1000 * 1024, diff --git a/src/log.zig b/src/log.zig index 64a7cf0..6c157fa 100644 --- a/src/log.zig +++ b/src/log.zig @@ -38,8 +38,8 @@ pub fn log( }; const stderr = std.io.getStdErr().writer(); - std.debug.getStderrMutex().lock(); - defer std.debug.getStderrMutex().unlock(); + std.debug.lockStdErr(); + defer std.debug.unlockStdErr(); if (builtin.os.tag == .linux) { const pid = std.os.linux.getpid(); nosuspend stderr.print(levelAsText(message_level) ++ " [{s} {}]: " ++ format ++ "\n", .{ date_str, pid } ++ args) catch return; diff --git a/src/server.zig b/src/server.zig index 4955dce..7862610 100644 --- a/src/server.zig +++ b/src/server.zig @@ -950,7 +950,7 @@ pub fn TLSStreamImpl(comptime ReaderType: type, comptime WriterType: type, compt const skey = try P256.SecretKey.fromBytes(k.privateKey[0..P256.SecretKey.encoded_length].*); const kp = try P256.KeyPair.fromSecretKey(skey); const verify_sig = try kp.sign(verify_stream.getWritten(), null); - var sig_buf: [P256.Signature.der_encoded_max_length]u8 = undefined; + var sig_buf: [P256.Signature.der_encoded_length_max]u8 = undefined; const sig_bytes = verify_sig.toDer(&sig_buf); cv = try CertificateVerify.init(.ecdsa_secp256r1_sha256, sig_bytes.len, self.allocator); @memcpy(cv.signature, sig_bytes); From d759dbbce0e7d099ab6c3fc0cef102547dceb43c Mon Sep 17 00:00:00 2001 From: Daniel Gomes Vargas Date: Mon, 15 Jul 2024 18:40:14 -0300 Subject: [PATCH 2/4] added module and zon file for export/external usage --- build.zig | 4 ++- build.zig.zon | 72 +++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 build.zig.zon diff --git a/build.zig b/build.zig index 94320e3..8457e0c 100644 --- a/build.zig +++ b/build.zig @@ -11,7 +11,9 @@ pub fn build(b: *std.Build) void { // between Debug, ReleaseSafe, ReleaseFast, and ReleaseSmall. Here we do not // set a preferred release mode, allowing the user to decide how to optimize. const optimize = b.standardOptimizeOption(.{}); - + _ = b.addModule("tls13-zig", .{ + .root_source_file = b.path("src/main.zig"), + }); const exe = b.addExecutable(.{ .name = "tls13-zig", .root_source_file = b.path("src/main.zig"), diff --git a/build.zig.zon b/build.zig.zon new file mode 100644 index 0000000..082e88a --- /dev/null +++ b/build.zig.zon @@ -0,0 +1,72 @@ +.{ + // This is the default name used by packages depending on this one. For + // example, when a user runs `zig fetch --save `, this field is used + // as the key in the `dependencies` table. Although the user can choose a + // different name, most users will stick with this provided value. + // + // It is redundant to include "zig" in this name because it is already + // within the Zig package namespace. + .name = "tls13-zig", + + // This is a [Semantic Version](https://semver.org/). + // In a future version of Zig it will be used for package deduplication. + .version = "0.0.0", + + // This field is optional. + // This is currently advisory only; Zig does not yet do anything + // with this value. + //.minimum_zig_version = "0.11.0", + + // This field is optional. + // Each dependency must either provide a `url` and `hash`, or a `path`. + // `zig build --fetch` can be used to fetch all dependencies of a package, recursively. + // Once all dependencies are fetched, `zig build` no longer requires + // internet connectivity. + .dependencies = .{ + // See `zig fetch --save ` for a command-line interface for adding dependencies. + //.example = .{ + // // When updating this field to a new URL, be sure to delete the corresponding + // // `hash`, otherwise you are communicating that you expect to find the old hash at + // // the new URL. + // .url = "https://example.com/foo.tar.gz", + // + // // This is computed from the file contents of the directory of files that is + // // obtained after fetching `url` and applying the inclusion rules given by + // // `paths`. + // // + // // This field is the source of truth; packages do not come from a `url`; they + // // come from a `hash`. `url` is just one of many possible mirrors for how to + // // obtain a package matching this `hash`. + // // + // // Uses the [multihash](https://multiformats.io/multihash/) format. + // .hash = "...", + // + // // When this is provided, the package is found in a directory relative to the + // // build root. In this case the package's hash is irrelevant and therefore not + // // computed. This field and `url` are mutually exclusive. + // .path = "foo", + + // // When this is set to `true`, a package is declared to be lazily + // // fetched. This makes the dependency only get fetched if it is + // // actually used. + // .lazy = false, + //}, + }, + + // Specifies the set of files and directories that are included in this package. + // Only files and directories listed here are included in the `hash` that + // is computed for this package. Only files listed here will remain on disk + // when using the zig package manager. As a rule of thumb, one should list + // files required for compilation plus any license(s). + // Paths are relative to the build root. Use the empty string (`""`) to refer to + // the build root itself. + // A directory listed here means that all files within, recursively, are included. + .paths = .{ + "build.zig", + "build.zig.zon", + "src", + // For example... + //"LICENSE", + //"README.md", + }, +} From eb2d976457dfe4396ac11157812ddfe60c3f965c Mon Sep 17 00:00:00 2001 From: Daniel Gomes Vargas Date: Mon, 15 Jul 2024 18:57:22 -0300 Subject: [PATCH 3/4] fix last deprecated path on proxy example and split export into client/server modules --- build.zig | 7 +++++-- examples/proxy/build.zig | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/build.zig b/build.zig index 8457e0c..3874aa0 100644 --- a/build.zig +++ b/build.zig @@ -11,8 +11,11 @@ pub fn build(b: *std.Build) void { // between Debug, ReleaseSafe, ReleaseFast, and ReleaseSmall. Here we do not // set a preferred release mode, allowing the user to decide how to optimize. const optimize = b.standardOptimizeOption(.{}); - _ = b.addModule("tls13-zig", .{ - .root_source_file = b.path("src/main.zig"), + _ = b.addModule("tls13-server", .{ + .root_source_file = b.path("src/server.zig"), + }); + _ = b.addModule("tls13-client", .{ + .root_source_file = b.path("src/client.zig"), }); const exe = b.addExecutable(.{ .name = "tls13-zig", diff --git a/examples/proxy/build.zig b/examples/proxy/build.zig index 9b191cb..51b90d3 100644 --- a/examples/proxy/build.zig +++ b/examples/proxy/build.zig @@ -53,7 +53,7 @@ pub fn build(b: *std.Build) void { // Creates a step for unit testing. This only builds the test executable // but does not run it. const unit_tests = b.addTest(.{ - .root_source_file = .{ .path = "src/main.zig" }, + .root_source_file = b.path("src/main.zig"), .target = target, .optimize = optimize, }); From 869029255bc78abfa59d877235f7fd481e591a78 Mon Sep 17 00:00:00 2001 From: Daniel Gomes Vargas Date: Mon, 15 Jul 2024 22:01:40 -0300 Subject: [PATCH 4/4] crypto using parent log.zig (DRY, otherwise github pack crypto/log.zig as alias to ../log.zig) --- src/crypto/cert.zig | 2 +- src/crypto/log.zig | 1 - src/crypto/root.zig | 2 +- src/crypto/x509.zig | 2 +- 4 files changed, 3 insertions(+), 4 deletions(-) delete mode 120000 src/crypto/log.zig diff --git a/src/crypto/cert.zig b/src/crypto/cert.zig index 1fe4e5c..0da88ce 100644 --- a/src/crypto/cert.zig +++ b/src/crypto/cert.zig @@ -2,7 +2,7 @@ const std = @import("std"); const io = std.io; const base64 = std.base64; const ArrayList = std.ArrayList; -const log = @import("log.zig"); +const log = @import("../log.zig"); const pkcs8 = @import("pkcs8.zig"); const x509 = @import("x509.zig"); const key = @import("key.zig"); diff --git a/src/crypto/log.zig b/src/crypto/log.zig deleted file mode 120000 index 3a207ea..0000000 --- a/src/crypto/log.zig +++ /dev/null @@ -1 +0,0 @@ -../log.zig \ No newline at end of file diff --git a/src/crypto/root.zig b/src/crypto/root.zig index 9cd0897..34db4ee 100644 --- a/src/crypto/root.zig +++ b/src/crypto/root.zig @@ -1,5 +1,5 @@ const std = @import("std"); -const log = @import("log.zig"); +const log = @import("../log.zig"); const x509 = @import("x509.zig"); const cert = @import("cert.zig"); const ArrayList = std.ArrayList; diff --git a/src/crypto/x509.zig b/src/crypto/x509.zig index 9c2b0da..be9eb35 100644 --- a/src/crypto/x509.zig +++ b/src/crypto/x509.zig @@ -2,7 +2,7 @@ const std = @import("std"); const io = std.io; const expect = std.testing.expect; const expectError = std.testing.expectError; -const log = @import("log.zig"); +const log = @import("../log.zig"); const asn1 = @import("asn1.zig"); const rsa = @import("rsa.zig"); const errs = @import("errors.zig");