Implement QUIC header and packet protection key

Author: stevefan1999-personal

Cargo.lock

@@ -23,6 +23,7 @@ aead = { version = "0.6.0-rc.2", default-features = false, optional = true }
 aes = { version = "0.9.0-rc.1", default-features = false, optional = true }
 aes-gcm = { version = "0.11.0-rc.1", default-features = false, optional = true }
 ccm = { version = "0.6.0-pre", default-features = false, optional = true, git = "https://github.com/RustCrypto/AEADs/" }
+chacha20 = { version = "0.10.0-rc.2", default-features = false, optional = true }
 chacha20poly1305 = { version = "0.11.0-rc.1", default-features = false, optional = true }
 cipher = "0.5.0-rc.1"
 crypto-common = { version = "0.2.0-rc.4", default-features = false }
@@ -53,6 +54,8 @@ rand_core = { version = "0.9.3", default-features = false, features = [
 ], optional = true }
 rustls = { version = "0.23.31", default-features = false }
 webpki = { package = "rustls-webpki", version = "0.103.4", default-features = false, optional = true }
+enum_dispatch = "0.3.13"
+tinyvec = { version = "1.10.0", default-features = false, optional = true }
 
 [dev-dependencies]
 bytes = { version = "1.10.1", default-features = false }
@@ -82,7 +85,7 @@ tls12 = ["rustls/tls12"]
 
 # RustCrypto is preparing to migrate to core::error::Error
 # and in before most of the use case for std is just std::error::Error 
-std = ["alloc", "rustls/std", "ed448-goldilocks?/std"]
+std = ["alloc", "rustls/std", "ed448-goldilocks?/std", "tinyvec?/std"]
 alloc = [
     "ecdsa?/alloc",
     "ed448-goldilocks?/alloc",
@@ -218,6 +221,8 @@ hash-sha384 = ["hash"]
 hash-sha512 = ["hash"]
 hash-full = ["hash-sha224", "hash-sha256", "hash-sha384", "hash-sha512"]
 
+quic = ["aead", "chacha20?/cipher", "tinyvec"]
+
 # Formats
 der = ["dep:der", "sec1?/der"]
 sec1 = ["dep:sec1", "elliptic-curve?/sec1"]
@@ -238,7 +243,8 @@ aes = ["dep:aes"]
 aes-ccm = ["aes", "ccm"]
 aes-gcm = ["dep:aes-gcm", "aes", "gcm"]
 ccm = ["dep:ccm"]
-chacha20poly1305 = ["dep:chacha20poly1305"]
+chacha20 = ["dep:chacha20"]
+chacha20poly1305 = ["dep:chacha20poly1305", "chacha20"]
 elliptic-curve = [
     "dep:elliptic-curve",
     "elliptic-curve/ecdh",
@@ -248,3 +254,4 @@ gcm = []
 rand = ["dep:rand_core", "signature?/rand_core", "x25519-dalek?/os_rng"]
 signature = ["dep:signature"]
 x448 = ["dep:x448"]
+tinyvec = ["dep:tinyvec"]

Cargo.toml

@@ -1,6 +1,9 @@
 use aead::Buffer;
 use rustls::crypto::cipher::{BorrowedPayload, PrefixedPayload};
 
+#[cfg(feature = "tinyvec")]
+use tinyvec::SliceVec;
+
 #[cfg(feature = "gcm")]
 pub mod gcm;
 
@@ -9,42 +12,75 @@ pub mod ccm;
 
 #[macro_use]
 pub(crate) mod common;
-pub(crate) struct EncryptBufferAdapter<'a>(pub(crate) &'a mut PrefixedPayload);
+
+pub(crate) enum EncryptBufferAdapter<'a> {
+    PrefixedPayload(&'a mut PrefixedPayload),
+    #[cfg(feature = "tinyvec")]
+    Slice(SliceVec<'a, u8>),
+}
 
 impl AsRef<[u8]> for EncryptBufferAdapter<'_> {
     fn as_ref(&self) -> &[u8] {
-        self.0.as_ref()
+        match self {
+            EncryptBufferAdapter::PrefixedPayload(payload) => payload.as_ref(),
+            #[cfg(feature = "tinyvec")]
+            EncryptBufferAdapter::Slice(payload) => payload.as_ref(),
+        }
     }
 }
 
 impl AsMut<[u8]> for EncryptBufferAdapter<'_> {
     fn as_mut(&mut self) -> &mut [u8] {
-        self.0.as_mut()
+        match self {
+            EncryptBufferAdapter::PrefixedPayload(payload) => payload.as_mut(),
+            #[cfg(feature = "tinyvec")]
+            EncryptBufferAdapter::Slice(payload) => payload.as_mut(),
+        }
     }
 }
 
 impl Buffer for EncryptBufferAdapter<'_> {
     fn extend_from_slice(&mut self, other: &[u8]) -> aead::Result<()> {
-        self.0.extend_from_slice(other);
+        match self {
+            EncryptBufferAdapter::PrefixedPayload(payload) => payload.extend_from_slice(other),
+            #[cfg(feature = "tinyvec")]
+            EncryptBufferAdapter::Slice(payload) => payload.extend_from_slice(other),
+        }
         Ok(())
     }
 
     fn truncate(&mut self, len: usize) {
-        self.0.truncate(len)
+        match self {
+            EncryptBufferAdapter::PrefixedPayload(payload) => payload.truncate(len),
+            #[cfg(feature = "tinyvec")]
+            EncryptBufferAdapter::Slice(payload) => payload.truncate(len),
+        }
     }
 }
 
-pub(crate) struct DecryptBufferAdapter<'a, 'p>(pub(crate) &'a mut BorrowedPayload<'p>);
+pub(crate) enum DecryptBufferAdapter<'a, 'p> {
+    BorrowedPayload(&'a mut BorrowedPayload<'p>),
+    #[cfg(feature = "tinyvec")]
+    Slice(SliceVec<'a, u8>),
+}
 
 impl AsRef<[u8]> for DecryptBufferAdapter<'_, '_> {
     fn as_ref(&self) -> &[u8] {
-        self.0
+        match self {
+            DecryptBufferAdapter::BorrowedPayload(payload) => payload,
+            #[cfg(feature = "tinyvec")]
+            DecryptBufferAdapter::Slice(slice) => slice,
+        }
     }
 }
 
 impl AsMut<[u8]> for DecryptBufferAdapter<'_, '_> {
     fn as_mut(&mut self) -> &mut [u8] {
-        self.0
+        match self {
+            DecryptBufferAdapter::BorrowedPayload(payload) => payload,
+            #[cfg(feature = "tinyvec")]
+            DecryptBufferAdapter::Slice(slice) => slice,
+        }
     }
 }
 
@@ -54,7 +90,11 @@ impl Buffer for DecryptBufferAdapter<'_, '_> {
     }
 
     fn truncate(&mut self, len: usize) {
-        self.0.truncate(len)
+        match self {
+            DecryptBufferAdapter::BorrowedPayload(payload) => payload.truncate(len),
+            #[cfg(feature = "tinyvec")]
+            DecryptBufferAdapter::Slice(payload) => payload.truncate(len),
+        }
     }
 }
 

src/aead.rs

@@ -105,6 +105,9 @@ pub mod tls13;
 #[cfg(feature = "verify")]
 pub mod verify;
 
+#[cfg(feature = "quic")]
+pub mod quic;
+
 const _: () = assert!(
     !ALL_CIPHER_SUITES.is_empty(),
     "At least one cipher suite should be enabled"

src/lib.rs

@@ -54,7 +54,7 @@ macro_rules! feature_slice {
 
 #[macro_export]
 macro_rules! tls13_cipher_suite {
-    ($name:ident, $suite:expr, $hash:expr, $hkdf:expr, $aead:expr) => {
+    ($name:ident, $suite:expr, $hash:expr, $hkdf:expr, $aead:expr, $quic:expr) => {
         pub const $name: Tls13CipherSuite = Tls13CipherSuite {
             common: CipherSuiteCommon {
                 suite: $suite,
@@ -63,7 +63,7 @@ macro_rules! tls13_cipher_suite {
             },
             hkdf_provider: &$hkdf,
             aead_alg: $aead,
-            quic: None,
+            quic: $quic,
         };
     };
 }