ant_quic/crypto/
ring_like.rs1use aws_lc_rs::{aead, error, hkdf, hmac};
9
10use crate::crypto::{self, CryptoError};
11
12impl crypto::HmacKey for hmac::Key {
13 fn sign(&self, data: &[u8], out: &mut [u8]) {
14 out.copy_from_slice(hmac::sign(self, data).as_ref());
15 }
16
17 fn signature_len(&self) -> usize {
18 32
19 }
20
21 fn verify(&self, data: &[u8], signature: &[u8]) -> Result<(), CryptoError> {
22 Ok(hmac::verify(self, data, signature)?)
23 }
24}
25
26impl crypto::HandshakeTokenKey for hkdf::Prk {
27 #[allow(clippy::panic)]
28 fn aead_from_hkdf(&self, random_bytes: &[u8]) -> Box<dyn crypto::AeadKey> {
29 let mut key_buffer = [0u8; 32];
30 let info = [random_bytes];
31 let okm = self
32 .expand(&info, hkdf::HKDF_SHA256)
33 .unwrap_or_else(|_| panic!("HKDF expand should succeed with valid parameters"));
34
35 okm.fill(&mut key_buffer)
36 .unwrap_or_else(|_| panic!("OKM fill should succeed"));
37
38 let key = aead::UnboundKey::new(&aead::AES_256_GCM, &key_buffer)
39 .unwrap_or_else(|_| panic!("AES key creation should succeed with valid key material"));
40 Box::new(aead::LessSafeKey::new(key))
41 }
42}
43
44impl crypto::AeadKey for aead::LessSafeKey {
45 fn seal(&self, data: &mut Vec<u8>, additional_data: &[u8]) -> Result<(), CryptoError> {
46 let aad = aead::Aad::from(additional_data);
47 let zero_nonce = aead::Nonce::assume_unique_for_key([0u8; 12]);
48 Ok(self.seal_in_place_append_tag(zero_nonce, aad, data)?)
49 }
50
51 fn open<'a>(
52 &self,
53 data: &'a mut [u8],
54 additional_data: &[u8],
55 ) -> Result<&'a mut [u8], CryptoError> {
56 let aad = aead::Aad::from(additional_data);
57 let zero_nonce = aead::Nonce::assume_unique_for_key([0u8; 12]);
58 Ok(self.open_in_place(zero_nonce, aad, data)?)
59 }
60}
61
62impl From<error::Unspecified> for CryptoError {
63 fn from(_: error::Unspecified) -> Self {
64 Self
65 }
66}