ant_quic/crypto/
ring_like.rs1#[cfg(all(feature = "aws-lc-rs", not(feature = "ring")))]
9use aws_lc_rs::{aead, error, hkdf, hmac};
10#[cfg(feature = "ring")]
11use ring::{aead, error, hkdf, hmac};
12
13use crate::crypto::{self, CryptoError};
14
15impl crypto::HmacKey for hmac::Key {
16 fn sign(&self, data: &[u8], out: &mut [u8]) {
17 out.copy_from_slice(hmac::sign(self, data).as_ref());
18 }
19
20 fn signature_len(&self) -> usize {
21 32
22 }
23
24 fn verify(&self, data: &[u8], signature: &[u8]) -> Result<(), CryptoError> {
25 Ok(hmac::verify(self, data, signature)?)
26 }
27}
28
29impl crypto::HandshakeTokenKey for hkdf::Prk {
30 #[allow(clippy::panic)]
31 fn aead_from_hkdf(&self, random_bytes: &[u8]) -> Box<dyn crypto::AeadKey> {
32 let mut key_buffer = [0u8; 32];
33 let info = [random_bytes];
34 let okm = self
35 .expand(&info, hkdf::HKDF_SHA256)
36 .unwrap_or_else(|_| panic!("HKDF expand should succeed with valid parameters"));
37
38 okm.fill(&mut key_buffer)
39 .unwrap_or_else(|_| panic!("OKM fill should succeed"));
40
41 let key = aead::UnboundKey::new(&aead::AES_256_GCM, &key_buffer)
42 .unwrap_or_else(|_| panic!("AES key creation should succeed with valid key material"));
43 Box::new(aead::LessSafeKey::new(key))
44 }
45}
46
47impl crypto::AeadKey for aead::LessSafeKey {
48 fn seal(&self, data: &mut Vec<u8>, additional_data: &[u8]) -> Result<(), CryptoError> {
49 let aad = aead::Aad::from(additional_data);
50 let zero_nonce = aead::Nonce::assume_unique_for_key([0u8; 12]);
51 Ok(self.seal_in_place_append_tag(zero_nonce, aad, data)?)
52 }
53
54 fn open<'a>(
55 &self,
56 data: &'a mut [u8],
57 additional_data: &[u8],
58 ) -> Result<&'a mut [u8], CryptoError> {
59 let aad = aead::Aad::from(additional_data);
60 let zero_nonce = aead::Nonce::assume_unique_for_key([0u8; 12]);
61 Ok(self.open_in_place(zero_nonce, aad, data)?)
62 }
63}
64
65impl From<error::Unspecified> for CryptoError {
66 fn from(_: error::Unspecified) -> Self {
67 Self
68 }
69}