Wincrypto Implementation for Str0m (algesten#589)

Implement new Str0m feature 'wincrypto'.

When enabled, this cause Str0m to use Windows Cryptographic APIs for crypto.
This feature cannot be used in conjunction with 'sha1' not 'openssl' features, as it provides the same functionality.

Windows APIs are accessed via the windows-rs crate. These calls are `unsafe`, so in order to isolate them from
`safe` str0m code, all `unsafe` code is in a separate `str0m_wincrypto` crate. The code in the core `str0m/crypto/wincrypto` is the glue code between Str0m and this str0m_wincrypto crate.

The `str0m_wincrypto` crate is not intended to be a generic crypto crate, and is very much tailored to match str0m's crypto APIs.

Author: efer-ms

.github/workflows/cargo.yml

@@ -35,6 +35,31 @@ jobs:
         with:
           command: test
 
+  test_wincrypto:
+    strategy:
+      matrix:
+        os: [windows-latest]
+        rust: [stable, beta, 1.70.0]
+
+    runs-on: ${{ matrix.os }}
+
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: ${{ matrix.rust }}
+          override: true
+      - uses: Swatinem/rust-cache@v1
+      - uses: actions-rs/cargo@v1
+        with:
+          command: build
+          args: --no-default-features --features wincrypto
+      - uses: actions-rs/cargo@v1
+        with:
+          command: test
+          args: --no-default-features --features wincrypto
+
   lint:
     runs-on: ubuntu-latest
     steps:
@@ -57,7 +82,7 @@ jobs:
       - uses: actions-rs/cargo@v1
         with:
           command: clippy
-          args: --all-targets --no-default-features -- -D warnings
+          args: --all-targets --no-default-features --features openssl,vendored,sha1 -- -D warnings
       - uses: actions-rs/toolchain@v1
         with:
           profile: minimal

Cargo.lock

@@ -25,12 +25,15 @@ rust-version = "1.65"
 
 [features]
 default = ["openssl", "vendored", "sha1"]
-openssl = ["dep:openssl", "dep:openssl-sys", "dep:libc"]
+openssl = ["dep:openssl", "dep:openssl-sys", "dep:libc", "rouille/ssl"]
 vendored = ["openssl?/vendored"]
 
 # Without the sha1 feature, str0m uses the openssl sha1 impl which is slower.
 sha1 = ["dep:sha1"]
 
+# Uses native Windows API to implement cryptographic features, use instead on openssl and sha1.
+wincrypto = ["dep:str0m-wincrypto"]
+
 _internal_dont_use_log_stats = []
 _internal_test_exports = []
 
@@ -55,13 +58,15 @@ serde = { version = "1.0.152", features = ["derive"] }
 [target.'cfg(unix)'.dependencies]
 sha1 = { version = "0.10.6", features = ["asm"], optional = true }
 
+[target.'cfg(windows)'.dependencies]
 # The ASM feature is broken on windows. Unclear where in the rust-crypto project
 # we're supposed to check when it gets sorted out.
-[target.'cfg(windows)'.dependencies]
 sha1 = { version = "0.10.6", optional = true }
+# Windows Crypto (CNG + SChannel)
+str0m-wincrypto = { path = "wincrypto", optional = true }
 
 [dev-dependencies]
-rouille = { version = "3.5.0", features = ["ssl"] }
+rouille = { version = "3.5.0", features = [] }
 serde_json = "1.0"
 tracing-subscriber = { version = "0.3.16", features = ["env-filter", "std"] }
 systemstat = "0.2.2"
@@ -74,3 +79,11 @@ _str0m_test = { path = "_str0m_test" }
 time = "=0.3.23"
 pcap-file = "2.0.0"
 url = "=2.5.0"
+
+[[example]]
+name = "chat"
+required-features = ["openssl"]
+
+[[example]]
+name = "http-post"
+required-features = ["openssl"]

Cargo.toml

@@ -8,4 +8,4 @@ version = "0.1.0"
 edition = "2021"
 
 [dependencies]
-str0m = { path = "..", features = ["_internal_test_exports"] }
+str0m = { path = "..", default-features = false, features = ["_internal_test_exports"] }