feat(tls): switch from bearssl to secsock

Author: mookums

README.md

@@ -3,9 +3,11 @@
 
 
 ## Installing
-Latest Zig Stable: `0.13.0`
+Compatible Zig Version: `0.13.0`
 
-Latest zzz release: `0.2.0`
+Compatible [tardy](https://github.com/tardy-org/tardy) Version: `95239a7d9547161869f365bd6cd3f0255b37c49b`
+
+Latest Release: `0.2.0`
 ```
 zig fetch --save git+https://github.com/tardy-org/zzz#v0.2.0
 ```
@@ -21,7 +23,7 @@ exe.root_module.addImport(zzz);
 ```
 
 ## zzz?
-zzz is a framework for writing performant and reliable networked services in Zig. It supports both HTTP and HTTPS (using BearSSL for TLS).
+zzz is a framework for writing performant and reliable networked services in Zig. It supports both HTTP and HTTPS.
 
 zzz currently supports Linux, Mac and Windows. Linux is currently the recommended target for deployments.
 
@@ -60,7 +62,7 @@ zzz can be configured to utilize minimal memory while remaining performant. The
     - `poll` for Linux, Mac and Windows.
 - Layered Router, including Middleware
 - Single and Multithreaded Support
-- TLS using BearSSL
+- TLS using [secsock](https://github.com/tardy-org/secsock) 
 - Memory Pooling for minimal allocations 
 
 ## Contribution

build.zig

@@ -17,16 +17,12 @@ pub fn build(b: *std.Build) void {
 
     zzz.addImport("tardy", tardy);
 
-    const bearssl = b.dependency("bearssl", .{
+    const secsock = b.dependency("secsock", .{
         .target = target,
         .optimize = optimize,
-        // Without this, you get an illegal instruction error on certain paths.
-        // This makes it slightly slower but prevents faults.
-        .BR_LE_UNALIGNED = false,
-        .BR_BE_UNALIGNED = false,
-    }).artifact("bearssl");
+    }).module("secsock");
 
-    zzz.linkLibrary(bearssl);
+    zzz.addImport("secsock", secsock);
 
     add_example(b, "basic", false, target, optimize, zzz);
     add_example(b, "cookies", false, target, optimize, zzz);
@@ -45,7 +41,7 @@ pub fn build(b: *std.Build) void {
         .root_source_file = b.path("./src/tests.zig"),
     });
     tests.root_module.addImport("tardy", tardy);
-    tests.root_module.linkLibrary(bearssl);
+    tests.root_module.addImport("secsock", secsock);
 
     const run_test = b.addRunArtifact(tests);
     run_test.step.dependOn(&tests.step);

build.zig.zon

@@ -4,12 +4,12 @@
     .minimum_zig_version = "0.13.0",
     .dependencies = .{
         .tardy = .{
-            .url = "git+https://github.com/mookums/tardy#084f5e04b333a68c6b3c433de241f3dcc368b84b",
-            .hash = "1220960cc794c77b2b1fcab1de6fcf37c6c9571433473541007a0a9258dd7f4f8c0b",
+            .url = "git+https://github.com/tardy-org/tardy#95239a7d9547161869f365bd6cd3f0255b37c49b",
+            .hash = "1220dfee39cf3cdb58b3d5f3001078297f02997b617990da84bdfdc506b46ece56ab",
         },
-        .bearssl = .{
-            .url = "git+https://github.com/mookums/bearssl-zig#37a96eee56fe2543579bbc6da148ca886f3dd32b",
-            .hash = "12200e89d16612100a2f145cfa292537ac25b2205735fc1c644c799d2995f94e8e20",
+        .secsock = .{
+            .url = "git+https://github.com/tardy-org/secsock#b532b29e046c0a05d94a76f8c135c80679e89e54",
+            .hash = "1220264235961dbd2a0240567951be585e0087c3c69c79ebbbc37180f4ae8b15a750",
         },
     },
 

docs/https.md

@@ -1,5 +1,5 @@
 # HTTPS
-zzz utilizes [BearSSL](https://bearssl.org/) to provide a safe and performant TLS implementation. This TLS functionality is entirely separated from the I/O for maximum portability.
+zzz utilizes [secsock](https://github.com/tardy-org/secsock) to provide a safe and performant TLS implementation. This TLS functionality is entirely separated from the I/O for maximum portability.
 
 *Note: TLS Support is not **entirely** complete yet. It's a very rough area that will be getting cleaned up in a future development cycle*
 
@@ -23,7 +23,11 @@ const Route = http.Route;
 const Router = http.Router;
 const Respond = http.Respond;
 
-fn root_handler(_: *const Context, _: void) !Respond {
+const secsock = zzz.secsock;
+const SecureSocket = secsock.SecureSocket;
+const Compression = http.Middlewares.Compression;
+
+fn root_handler(ctx: *const Context, _: void) !Respond {
     const body =
         \\ <!DOCTYPE html>
         \\ <html>
@@ -36,11 +40,11 @@ fn root_handler(_: *const Context, _: void) !Respond {
         \\ </html>
     ;
 
-    return Respond{ .standard = .{
+    return ctx.response.apply(.{
         .status = .OK,
         .mime = http.Mime.HTML,
         .body = body[0..],
-    } };
+    });
 }
 
 pub fn main() !void {
@@ -53,11 +57,12 @@ pub fn main() !void {
     const allocator = gpa.allocator();
     defer _ = gpa.deinit();
 
-    var t = try Tardy.init(allocator, .{ .threading = .single });
+    var t = try Tardy.init(allocator, .{ .threading = .auto });
     defer t.deinit();
 
     var router = try Router.init(allocator, &.{
         Route.init("/").get({}, root_handler).layer(),
+        Compression(.{ .gzip = .{} }),
         Route.init("/embed/pico.min.css").embed_file(
             .{ .mime = http.Mime.CSS },
             @embedFile("embed/pico.min.css"),
@@ -71,25 +76,22 @@ pub fn main() !void {
     try socket.bind();
     try socket.listen(1024);
 
+    var s2n = try secsock.s2n.init(allocator);
+    defer s2n.deinit();
+    try s2n.add_cert_chain(@embedFile("certs/cert.pem"), @embedFile("certs/key.pem"));
+    const secure = try s2n.to_secure_socket(socket, .server);
+
     const EntryParams = struct {
         router: *const Router,
-        socket: Socket,
+        socket: SecureSocket,
     };
 
     try t.entry(
-        EntryParams{ .router = &router, .socket = socket },
+        EntryParams{ .router = &router, .socket = secure },
         struct {
             fn entry(rt: *Runtime, p: EntryParams) !void {
-                var server = Server.init(rt.allocator, .{
-                    .security = .{ .tls = .{
-                        .cert = .{ .file = .{ .path = "./examples/tls/certs/cert.pem" } },
-                        .key = .{ .file = .{ .path = "./examples/tls/certs/key.pem" } },
-                        .cert_name = "CERTIFICATE",
-                        .key_name = "EC PRIVATE KEY",
-                    } },
-                    .stack_size = 1024 * 1024 * 8,
-                });
-                try server.serve(rt, p.router, p.socket);
+                var server = Server.init(.{ .stack_size = 1024 * 1024 * 8 });
+                try server.serve(rt, p.router, .{ .secure = p.socket });
             }
         }.entry,
     );

examples/basic/main.zig

@@ -54,13 +54,13 @@ pub fn main() !void {
         EntryParams{ .router = &router, .socket = socket },
         struct {
             fn entry(rt: *Runtime, p: EntryParams) !void {
-                var server = Server.init(rt.allocator, .{
+                var server = Server.init(.{
                     .stack_size = 1024 * 1024 * 4,
                     .socket_buffer_bytes = 1024 * 2,
                     .keepalive_count_max = null,
                     .connection_count_max = 1024,
                 });
-                try server.serve(rt, p.router, p.socket);
+                try server.serve(rt, p.router, .{ .normal = p.socket });
             }
         }.entry,
     );

examples/cookies/main.zig

@@ -63,13 +63,13 @@ pub fn main() !void {
         EntryParams{ .router = &router, .socket = socket },
         struct {
             fn entry(rt: *Runtime, p: EntryParams) !void {
-                var server = Server.init(rt.allocator, .{
+                var server = Server.init(.{
                     .stack_size = 1024 * 1024 * 4,
                     .socket_buffer_bytes = 1024 * 2,
                     .keepalive_count_max = null,
                     .connection_count_max = 10,
                 });
-                try server.serve(rt, p.router, p.socket);
+                try server.serve(rt, p.router, .{ .normal = p.socket });
             }
         }.entry,
     );

examples/form/main.zig

@@ -107,11 +107,11 @@ pub fn main() !void {
         EntryParams{ .router = &router, .socket = socket },
         struct {
             fn entry(rt: *Runtime, p: EntryParams) !void {
-                var server = Server.init(rt.allocator, .{
+                var server = Server.init(.{
                     .stack_size = 1024 * 1024 * 4,
                     .socket_buffer_bytes = 1024 * 2,
                 });
-                try server.serve(rt, p.router, p.socket);
+                try server.serve(rt, p.router, .{ .normal = p.socket });
             }
         }.entry,
     );

examples/fs/main.zig

@@ -72,11 +72,11 @@ pub fn main() !void {
         EntryParams{ .router = &router, .socket = socket },
         struct {
             fn entry(rt: *Runtime, p: EntryParams) !void {
-                var server = Server.init(rt.allocator, .{
+                var server = Server.init(.{
                     .stack_size = 1024 * 1024 * 4,
                     .socket_buffer_bytes = 1024 * 4,
                 });
-                try server.serve(rt, p.router, p.socket);
+                try server.serve(rt, p.router, .{ .normal = p.socket });
             }
         }.entry,
     );

examples/middleware/main.zig

@@ -91,8 +91,8 @@ pub fn main() !void {
         EntryParams{ .router = &router, .socket = socket },
         struct {
             fn entry(rt: *Runtime, p: EntryParams) !void {
-                var server = Server.init(rt.allocator, .{});
-                try server.serve(rt, p.router, p.socket);
+                var server = Server.init(.{});
+                try server.serve(rt, p.router, .{ .normal = p.socket });
             }
         }.entry,
     );

examples/sse/main.zig

@@ -59,11 +59,11 @@ pub fn main() !void {
         EntryParams{ .router = &router, .socket = socket },
         struct {
             fn entry(rt: *Runtime, p: EntryParams) !void {
-                var server = Server.init(rt.allocator, .{
+                var server = Server.init(.{
                     .stack_size = 1024 * 1024 * 4,
                     .socket_buffer_bytes = 1024 * 2,
                 });
-                try server.serve(rt, p.router, p.socket);
+                try server.serve(rt, p.router, .{ .normal = p.socket });
             }
         }.entry,
     );

examples/tls/certs/cert.pem

@@ -1,13 +1,11 @@
 -----BEGIN CERTIFICATE-----
-MIIB3jCCAYWgAwIBAgIUT7UpeJjQtiGQzZA3W5QVZKsDjY8wCgYIKoZIzj0EAwIw
-RTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGElu
-dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yNDA4MjgyMjMxNTlaFw0yNTA4Mjgy
-MjMxNTlaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYD
-VQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjO
-PQMBBwNCAATApBrE0OEPXnewxHNNpRv8a9rn1TqKg5V9RTFA3OjoTaiZZqXY8Z1w
-rOy7qcf+cv9resH/fSoynZavYdWVbijro1MwUTAdBgNVHQ4EFgQUjhV+PXvRK+pb
-vQ82AQiqFCFE+VgwHwYDVR0jBBgwFoAUjhV+PXvRK+pbvQ82AQiqFCFE+VgwDwYD
-VR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiAg74BJcIbrHB0jQE7Usy/Y
-8rCKuXPL34uOnb0dTTpiJAIgY8OcnoPI493cubMOmfneEgSOU0p73BcjhZCQntZG
-GEE=
+MIIBmDCCAT+gAwIBAgIUXq+kgTxiu8vfVGXGnXmoXfZYeBwwCgYIKoZIzj0EAwIw
+FDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTI1MDMwOTAzMTkzNVoXDTI2MDMwOTAz
+MTkzNVowFDESMBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0CAQYIKoZIzj0D
+AQcDQgAExBVte4Wu3SsBhfD+3uvXE5u3hExgKZGryIAXu1BgVPPuQQDcObS6QwWx
++wJHVD9P/SZYjmSHKtwh7/7tn11QI6NvMG0wHQYDVR0OBBYEFC81CrnuWJdxpV9e
+J0aneKk2SGB4MB8GA1UdIwQYMBaAFC81CrnuWJdxpV9eJ0aneKk2SGB4MA8GA1Ud
+EwEB/wQFMAMBAf8wGgYDVR0RBBMwEYIJbG9jYWxob3N0hwR/AAABMAoGCCqGSM49
+BAMCA0cAMEQCIGq9siIGaIfclJRYjsjfGpheWeVV8XZhrIFvQ9EaZz36AiAI/Wen
+178H1CbdcwjpkENgfejbOdZv/E5O2aNVJwt/2A==
 -----END CERTIFICATE-----

examples/tls/certs/key.pem

@@ -1,8 +1,5 @@
------BEGIN EC PARAMETERS-----
-BggqhkjOPQMBBw==
------END EC PARAMETERS-----
 -----BEGIN EC PRIVATE KEY-----
-MHcCAQEEINz6Y85CkixUT1YX1g5mQs69SL1h8o9jhj9uzvD5F+SBoAoGCCqGSM49
-AwEHoUQDQgAEwKQaxNDhD153sMRzTaUb/Gva59U6ioOVfUUxQNzo6E2omWal2PGd
-cKzsu6nH/nL/a3rB/30qMp2Wr2HVlW4o6w==
+MHcCAQEEILClMa6ufhTsG8tGqw4N7MkjkkXthPVVfwYObQMbAvyKoAoGCCqGSM49
+AwEHoUQDQgAExBVte4Wu3SsBhfD+3uvXE5u3hExgKZGryIAXu1BgVPPuQQDcObS6
+QwWx+wJHVD9P/SZYjmSHKtwh7/7tn11QIw==
 -----END EC PRIVATE KEY-----

examples/tls/main.zig

@@ -15,6 +15,8 @@ const Route = http.Route;
 const Router = http.Router;
 const Respond = http.Respond;
 
+const secsock = zzz.secsock;
+const SecureSocket = secsock.SecureSocket;
 const Compression = http.Middlewares.Compression;
 
 fn root_handler(ctx: *const Context, _: void) !Respond {
@@ -47,7 +49,7 @@ pub fn main() !void {
     const allocator = gpa.allocator();
     defer _ = gpa.deinit();
 
-    var t = try Tardy.init(allocator, .{ .threading = .single });
+    var t = try Tardy.init(allocator, .{ .threading = .auto });
     defer t.deinit();
 
     var router = try Router.init(allocator, &.{
@@ -66,25 +68,22 @@ pub fn main() !void {
     try socket.bind();
     try socket.listen(1024);
 
+    var s2n = try secsock.s2n.init(allocator);
+    defer s2n.deinit();
+    try s2n.add_cert_chain(@embedFile("certs/cert.pem"), @embedFile("certs/key.pem"));
+    const secure = try s2n.to_secure_socket(socket, .server);
+
     const EntryParams = struct {
         router: *const Router,
-        socket: Socket,
+        socket: SecureSocket,
     };
 
     try t.entry(
-        EntryParams{ .router = &router, .socket = socket },
+        EntryParams{ .router = &router, .socket = secure },
         struct {
             fn entry(rt: *Runtime, p: EntryParams) !void {
-                var server = Server.init(rt.allocator, .{
-                    .security = .{ .tls = .{
-                        .cert = .{ .file = .{ .path = "./examples/tls/certs/cert.pem" } },
-                        .key = .{ .file = .{ .path = "./examples/tls/certs/key.pem" } },
-                        .cert_name = "CERTIFICATE",
-                        .key_name = "EC PRIVATE KEY",
-                    } },
-                    .stack_size = 1024 * 1024 * 8,
-                });
-                try server.serve(rt, p.router, p.socket);
+                var server = Server.init(.{ .stack_size = 1024 * 1024 * 8 });
+                try server.serve(rt, p.router, .{ .secure = p.socket });
             }
         }.entry,
     );

examples/unix/main.zig

@@ -53,8 +53,8 @@ pub fn main() !void {
         EntryParams{ .router = &router, .socket = socket },
         struct {
             fn entry(rt: *Runtime, p: EntryParams) !void {
-                var server = Server.init(rt.allocator, .{});
-                try server.serve(rt, p.router, p.socket);
+                var server = Server.init(.{});
+                try server.serve(rt, p.router, .{ .normal = p.socket });
             }
         }.entry,
     );