remove duplicate Mutex inside cipher_suite

Author: rainliu

dtls/src/cipher_suite.rs

@@ -116,19 +116,19 @@ pub trait CipherSuite {
     fn certificate_type(&self) -> ClientCertificateType;
     fn hash_func(&self) -> CipherSuiteHash;
     fn is_psk(&self) -> bool;
-    async fn is_initialized(&self) -> bool;
+    fn is_initialized(&self) -> bool;
 
     // Generate the internal encryption state
-    async fn init(
-        &self,
+    fn init(
+        &mut self,
         master_secret: &[u8],
         client_random: &[u8],
         server_random: &[u8],
         is_client: bool,
     ) -> Result<(), Error>;
 
-    async fn encrypt(&self, pkt_rlh: &RecordLayerHeader, raw: &[u8]) -> Result<Vec<u8>, Error>;
-    async fn decrypt(&self, input: &[u8]) -> Result<Vec<u8>, Error>;
+    fn encrypt(&self, pkt_rlh: &RecordLayerHeader, raw: &[u8]) -> Result<Vec<u8>, Error>;
+    fn decrypt(&self, input: &[u8]) -> Result<Vec<u8>, Error>;
 }
 
 // Taken from https://www.iana.org/assignments/tls-parameters/tls-parameters.xml

dtls/src/cipher_suite/cipher_suite_tls_ecdhe_ecdsa_with_aes_128_gcm_sha256.rs

@@ -2,13 +2,9 @@ use super::*;
 use crate::crypto::crypto_gcm::*;
 use crate::prf::*;
 
-use async_trait::async_trait;
-use std::sync::Arc;
-use tokio::sync::Mutex;
-
 #[derive(Clone)]
 pub struct CipherSuiteTLSEcdheEcdsaWithAes128GcmSha256 {
-    gcm: Arc<Mutex<Option<CryptoGcm>>>,
+    gcm: Option<CryptoGcm>,
 }
 
 impl CipherSuiteTLSEcdheEcdsaWithAes128GcmSha256 {
@@ -19,13 +15,10 @@ impl CipherSuiteTLSEcdheEcdsaWithAes128GcmSha256 {
 
 impl Default for CipherSuiteTLSEcdheEcdsaWithAes128GcmSha256 {
     fn default() -> Self {
-        CipherSuiteTLSEcdheEcdsaWithAes128GcmSha256 {
-            gcm: Arc::new(Mutex::new(None)),
-        }
+        CipherSuiteTLSEcdheEcdsaWithAes128GcmSha256 { gcm: None }
     }
 }
 
-#[async_trait]
 impl CipherSuite for CipherSuiteTLSEcdheEcdsaWithAes128GcmSha256 {
     fn to_string(&self) -> String {
         "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256".to_owned()
@@ -47,13 +40,12 @@ impl CipherSuite for CipherSuiteTLSEcdheEcdsaWithAes128GcmSha256 {
         false
     }
 
-    async fn is_initialized(&self) -> bool {
-        let gcm = self.gcm.lock().await;
-        gcm.is_some()
+    fn is_initialized(&self) -> bool {
+        self.gcm.is_some()
     }
 
-    async fn init(
-        &self,
+    fn init(
+        &mut self,
         master_secret: &[u8],
         client_random: &[u8],
         server_random: &[u8],
@@ -69,16 +61,15 @@ impl CipherSuite for CipherSuiteTLSEcdheEcdsaWithAes128GcmSha256 {
             self.hash_func(),
         )?;
 
-        let mut gcm = self.gcm.lock().await;
         if is_client {
-            *gcm = Some(CryptoGcm::new(
+            self.gcm = Some(CryptoGcm::new(
                 &keys.client_write_key,
                 &keys.client_write_iv,
                 &keys.server_write_key,
                 &keys.server_write_iv,
             ));
         } else {
-            *gcm = Some(CryptoGcm::new(
+            self.gcm = Some(CryptoGcm::new(
                 &keys.server_write_key,
                 &keys.server_write_iv,
                 &keys.client_write_key,
@@ -89,9 +80,8 @@ impl CipherSuite for CipherSuiteTLSEcdheEcdsaWithAes128GcmSha256 {
         Ok(())
     }
 
-    async fn encrypt(&self, pkt_rlh: &RecordLayerHeader, raw: &[u8]) -> Result<Vec<u8>, Error> {
-        let gcm = self.gcm.lock().await;
-        if let Some(cg) = &*gcm {
+    fn encrypt(&self, pkt_rlh: &RecordLayerHeader, raw: &[u8]) -> Result<Vec<u8>, Error> {
+        if let Some(cg) = &self.gcm {
             cg.encrypt(pkt_rlh, raw)
         } else {
             Err(Error::new(
@@ -100,9 +90,8 @@ impl CipherSuite for CipherSuiteTLSEcdheEcdsaWithAes128GcmSha256 {
         }
     }
 
-    async fn decrypt(&self, input: &[u8]) -> Result<Vec<u8>, Error> {
-        let gcm = self.gcm.lock().await;
-        if let Some(cg) = &*gcm {
+    fn decrypt(&self, input: &[u8]) -> Result<Vec<u8>, Error> {
+        if let Some(cg) = &self.gcm {
             cg.decrypt(input)
         } else {
             Err(Error::new(

dtls/src/cipher_suite/cipher_suite_tls_ecdhe_ecdsa_with_aes_256_cbc_sha.rs

@@ -2,13 +2,9 @@ use super::*;
 use crate::crypto::crypto_cbc::*;
 use crate::prf::*;
 
-use async_trait::async_trait;
-use std::sync::Arc;
-use tokio::sync::Mutex;
-
 #[derive(Clone)]
 pub struct CipherSuiteTLSEcdheEcdsaWithAes256CbcSha {
-    cbc: Arc<Mutex<Option<CryptoCbc>>>,
+    cbc: Option<CryptoCbc>,
 }
 
 impl CipherSuiteTLSEcdheEcdsaWithAes256CbcSha {
@@ -19,13 +15,10 @@ impl CipherSuiteTLSEcdheEcdsaWithAes256CbcSha {
 
 impl Default for CipherSuiteTLSEcdheEcdsaWithAes256CbcSha {
     fn default() -> Self {
-        CipherSuiteTLSEcdheEcdsaWithAes256CbcSha {
-            cbc: Arc::new(Mutex::new(None)),
-        }
+        CipherSuiteTLSEcdheEcdsaWithAes256CbcSha { cbc: None }
     }
 }
 
-#[async_trait]
 impl CipherSuite for CipherSuiteTLSEcdheEcdsaWithAes256CbcSha {
     fn to_string(&self) -> String {
         "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA".to_owned()
@@ -47,13 +40,12 @@ impl CipherSuite for CipherSuiteTLSEcdheEcdsaWithAes256CbcSha {
         false
     }
 
-    async fn is_initialized(&self) -> bool {
-        let cbc = self.cbc.lock().await;
-        cbc.is_some()
+    fn is_initialized(&self) -> bool {
+        self.cbc.is_some()
     }
 
-    async fn init(
-        &self,
+    fn init(
+        &mut self,
         master_secret: &[u8],
         client_random: &[u8],
         server_random: &[u8],
@@ -69,9 +61,8 @@ impl CipherSuite for CipherSuiteTLSEcdheEcdsaWithAes256CbcSha {
             self.hash_func(),
         )?;
 
-        let mut cbc = self.cbc.lock().await;
         if is_client {
-            *cbc = Some(CryptoCbc::new(
+            self.cbc = Some(CryptoCbc::new(
                 &keys.client_write_key,
                 &keys.client_write_iv,
                 &keys.client_mac_key,
@@ -80,7 +71,7 @@ impl CipherSuite for CipherSuiteTLSEcdheEcdsaWithAes256CbcSha {
                 &keys.server_mac_key,
             )?);
         } else {
-            *cbc = Some(CryptoCbc::new(
+            self.cbc = Some(CryptoCbc::new(
                 &keys.server_write_key,
                 &keys.server_write_iv,
                 &keys.server_mac_key,
@@ -93,9 +84,8 @@ impl CipherSuite for CipherSuiteTLSEcdheEcdsaWithAes256CbcSha {
         Ok(())
     }
 
-    async fn encrypt(&self, pkt_rlh: &RecordLayerHeader, raw: &[u8]) -> Result<Vec<u8>, Error> {
-        let cbc = self.cbc.lock().await;
-        if let Some(cg) = &*cbc {
+    fn encrypt(&self, pkt_rlh: &RecordLayerHeader, raw: &[u8]) -> Result<Vec<u8>, Error> {
+        if let Some(cg) = &self.cbc {
             cg.encrypt(pkt_rlh, raw)
         } else {
             Err(Error::new(
@@ -104,9 +94,8 @@ impl CipherSuite for CipherSuiteTLSEcdheEcdsaWithAes256CbcSha {
         }
     }
 
-    async fn decrypt(&self, input: &[u8]) -> Result<Vec<u8>, Error> {
-        let cbc = self.cbc.lock().await;
-        if let Some(cg) = &*cbc {
+    fn decrypt(&self, input: &[u8]) -> Result<Vec<u8>, Error> {
+        if let Some(cg) = &self.cbc {
             cg.decrypt(input)
         } else {
             Err(Error::new(

dtls/src/cipher_suite/cipher_suite_tls_psk_with_aes_128_gcm_sha256.rs

@@ -2,13 +2,9 @@ use super::*;
 use crate::crypto::crypto_gcm::*;
 use crate::prf::*;
 
-use async_trait::async_trait;
-use std::sync::Arc;
-use tokio::sync::Mutex;
-
 #[derive(Clone)]
 pub struct CipherSuiteTLSPskWithAes128GcmSha256 {
-    gcm: Arc<Mutex<Option<CryptoGcm>>>,
+    gcm: Option<CryptoGcm>,
 }
 
 impl CipherSuiteTLSPskWithAes128GcmSha256 {
@@ -19,13 +15,10 @@ impl CipherSuiteTLSPskWithAes128GcmSha256 {
 
 impl Default for CipherSuiteTLSPskWithAes128GcmSha256 {
     fn default() -> Self {
-        CipherSuiteTLSPskWithAes128GcmSha256 {
-            gcm: Arc::new(Mutex::new(None)),
-        }
+        CipherSuiteTLSPskWithAes128GcmSha256 { gcm: None }
     }
 }
 
-#[async_trait]
 impl CipherSuite for CipherSuiteTLSPskWithAes128GcmSha256 {
     fn to_string(&self) -> String {
         "TLS_PSK_WITH_AES_128_GCM_SHA256".to_owned()
@@ -47,13 +40,12 @@ impl CipherSuite for CipherSuiteTLSPskWithAes128GcmSha256 {
         true
     }
 
-    async fn is_initialized(&self) -> bool {
-        let gcm = self.gcm.lock().await;
-        gcm.is_some()
+    fn is_initialized(&self) -> bool {
+        self.gcm.is_some()
     }
 
-    async fn init(
-        &self,
+    fn init(
+        &mut self,
         master_secret: &[u8],
         client_random: &[u8],
         server_random: &[u8],
@@ -69,16 +61,15 @@ impl CipherSuite for CipherSuiteTLSPskWithAes128GcmSha256 {
             self.hash_func(),
         )?;
 
-        let mut gcm = self.gcm.lock().await;
         if is_client {
-            *gcm = Some(CryptoGcm::new(
+            self.gcm = Some(CryptoGcm::new(
                 &keys.client_write_key,
                 &keys.client_write_iv,
                 &keys.server_write_key,
                 &keys.server_write_iv,
             ));
         } else {
-            *gcm = Some(CryptoGcm::new(
+            self.gcm = Some(CryptoGcm::new(
                 &keys.server_write_key,
                 &keys.server_write_iv,
                 &keys.client_write_key,
@@ -89,9 +80,8 @@ impl CipherSuite for CipherSuiteTLSPskWithAes128GcmSha256 {
         Ok(())
     }
 
-    async fn encrypt(&self, pkt_rlh: &RecordLayerHeader, raw: &[u8]) -> Result<Vec<u8>, Error> {
-        let gcm = self.gcm.lock().await;
-        if let Some(cg) = &*gcm {
+    fn encrypt(&self, pkt_rlh: &RecordLayerHeader, raw: &[u8]) -> Result<Vec<u8>, Error> {
+        if let Some(cg) = &self.gcm {
             cg.encrypt(pkt_rlh, raw)
         } else {
             Err(Error::new(
@@ -100,9 +90,8 @@ impl CipherSuite for CipherSuiteTLSPskWithAes128GcmSha256 {
         }
     }
 
-    async fn decrypt(&self, input: &[u8]) -> Result<Vec<u8>, Error> {
-        let gcm = self.gcm.lock().await;
-        if let Some(cg) = &*gcm {
+    fn decrypt(&self, input: &[u8]) -> Result<Vec<u8>, Error> {
+        if let Some(cg) = &self.gcm {
             cg.decrypt(input)
         } else {
             Err(Error::new(

dtls/src/conn.rs

@@ -378,11 +378,9 @@ impl Conn {
 
     // ConnectionState returns basic DTLS details about the connection.
     // Note that this replaced the `Export` function of v1.
-    //pub fn connection_state(&self) -> State {
-    //c.lock.RLock()
-    //defer c.lock.RUnlock()
-    //self.state.clone()
-    //}
+    pub async fn connection_state(&self) -> State {
+        self.state.clone().await
+    }
 
     // selected_srtpprotection_profile returns the selected SRTPProtectionProfile
     pub fn selected_srtpprotection_profile(&self) -> SRTPProtectionProfile {
@@ -524,9 +522,7 @@ impl Conn {
         if p.should_encrypt {
             let cipher_suite = cipher_suite.lock().await;
             if let Some(cipher_suite) = &*cipher_suite {
-                raw_packet = cipher_suite
-                    .encrypt(&p.record.record_layer_header, &raw_packet)
-                    .await?;
+                raw_packet = cipher_suite.encrypt(&p.record.record_layer_header, &raw_packet)?;
             }
         }
 
@@ -583,9 +579,7 @@ impl Conn {
             if p.should_encrypt {
                 let cipher_suite = cipher_suite.lock().await;
                 if let Some(cipher_suite) = &*cipher_suite {
-                    raw_packet = cipher_suite
-                        .encrypt(&record_layer_header, &raw_packet)
-                        .await?;
+                    raw_packet = cipher_suite.encrypt(&record_layer_header, &raw_packet)?;
                 }
             }
 
@@ -851,7 +845,7 @@ impl Conn {
                 if cipher_suite.is_none() {
                     true
                 } else if let Some(cipher_suite) = &*cipher_suite {
-                    !cipher_suite.is_initialized().await
+                    !cipher_suite.is_initialized()
                 } else {
                     false
                 }
@@ -869,7 +863,7 @@ impl Conn {
 
             let cipher_suite = ctx.cipher_suite.lock().await;
             if let Some(cipher_suite) = &*cipher_suite {
-                pkt = match cipher_suite.decrypt(&pkt).await {
+                pkt = match cipher_suite.decrypt(&pkt) {
                     Ok(pkt) => pkt,
                     Err(err) => {
                         debug!("{}: decrypt failed: {}", srv_cli_str(ctx.is_client), err);
@@ -965,7 +959,7 @@ impl Conn {
                     if cipher_suite.is_none() {
                         true
                     } else if let Some(cipher_suite) = &*cipher_suite {
-                        !cipher_suite.is_initialized().await
+                        !cipher_suite.is_initialized()
                     } else {
                         false
                     }

dtls/src/flight/flight4.rs

@@ -258,9 +258,9 @@ impl Flight for Flight4 {
         }
 
         {
-            let cipher_suite = state.cipher_suite.lock().await;
-            if let Some(cipher_suite) = &*cipher_suite {
-                if !cipher_suite.is_initialized().await {
+            let mut cipher_suite = state.cipher_suite.lock().await;
+            if let Some(cipher_suite) = &mut *cipher_suite {
+                if !cipher_suite.is_initialized() {
                     let mut server_random = vec![];
                     {
                         let mut writer = BufWriter::<&mut Vec<u8>>::new(server_random.as_mut());
@@ -359,10 +359,12 @@ impl Flight for Flight4 {
                         };
                     }
 
-                    if let Err(err) = cipher_suite
-                        .init(&state.master_secret, &client_random, &server_random, false)
-                        .await
-                    {
+                    if let Err(err) = cipher_suite.init(
+                        &state.master_secret,
+                        &client_random,
+                        &server_random,
+                        false,
+                    ) {
                         return Err((
                             Some(Alert {
                                 alert_level: AlertLevel::Fatal,