quinn_proto/crypto/
ring_like.rs1#[cfg(all(feature = "aws-lc-rs", not(feature = "ring")))]
2use aws_lc_rs::{aead, error, hkdf, hmac};
3#[cfg(feature = "ring")]
4use ring::{aead, error, hkdf, hmac};
5
6use crate::crypto::{self, CryptoError};
7
8impl crypto::HmacKey for hmac::Key {
9 fn sign(&self, data: &[u8], out: &mut [u8]) {
10 out.copy_from_slice(hmac::sign(self, data).as_ref());
11 }
12
13 fn signature_len(&self) -> usize {
14 32
15 }
16
17 fn verify(&self, data: &[u8], signature: &[u8]) -> Result<(), CryptoError> {
18 Ok(hmac::verify(self, data, signature)?)
19 }
20}
21
22impl crypto::HandshakeTokenKey for hkdf::Prk {
23 fn aead_from_hkdf(&self, random_bytes: &[u8]) -> Box<dyn crypto::AeadKey> {
24 let mut key_buffer = [0u8; 32];
25 let info = [random_bytes];
26 let okm = self.expand(&info, hkdf::HKDF_SHA256).unwrap();
27
28 okm.fill(&mut key_buffer).unwrap();
29
30 let key = aead::UnboundKey::new(&aead::AES_256_GCM, &key_buffer).unwrap();
31 Box::new(aead::LessSafeKey::new(key))
32 }
33}
34
35impl crypto::AeadKey for aead::LessSafeKey {
36 fn seal(&self, data: &mut Vec<u8>, additional_data: &[u8]) -> Result<(), CryptoError> {
37 let aad = aead::Aad::from(additional_data);
38 let zero_nonce = aead::Nonce::assume_unique_for_key([0u8; 12]);
39 Ok(self.seal_in_place_append_tag(zero_nonce, aad, data)?)
40 }
41
42 fn open<'a>(
43 &self,
44 data: &'a mut [u8],
45 additional_data: &[u8],
46 ) -> Result<&'a mut [u8], CryptoError> {
47 let aad = aead::Aad::from(additional_data);
48 let zero_nonce = aead::Nonce::assume_unique_for_key([0u8; 12]);
49 Ok(self.open_in_place(zero_nonce, aad, data)?)
50 }
51}
52
53impl From<error::Unspecified> for CryptoError {
54 fn from(_: error::Unspecified) -> Self {
55 Self
56 }
57}