ant-quic 0.27.1

QUIC transport protocol with advanced NAT traversal for P2P networks
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293

// Copyright 2024 Saorsa Labs Ltd.
//
// This Saorsa Network Software is licensed under the General Public License (GPL), version 3.
// Please see the file LICENSE-GPL, or visit <http://www.gnu.org/licenses/> for the full text.
//
// Full details available at https://saorsalabs.com/licenses
#![allow(missing_docs)]

//! TLS extensions for Pure Post-Quantum Cryptography
//!
//! v0.2: Pure PQC - NO hybrid or classical algorithms.
//!
//! This module provides TLS named groups and signature schemes for pure PQC:
//! - Key exchange: ML-KEM-768 (0x0201) ONLY
//! - Signatures: ML-DSA-65 (IANA 0x0905) ONLY
//!
//! NO classical fallback. NO hybrid algorithms. This is a greenfield network.

use crate::crypto::pqc::types::PqcError;
use std::fmt;

/// TLS Named Groups for Pure PQC Key Exchange
///
/// ONLY ML-KEM groups are supported. Classical and hybrid groups are rejected.
///
/// Based on:
/// - FIPS 203 (ML-KEM)
/// - draft-ietf-tls-mlkem-04
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
#[repr(u16)]
pub enum NamedGroup {
    // Pure PQC groups - ONLY THESE ARE ACCEPTED
    MlKem512 = 0x0200,  // ML-KEM-512 (NIST Level 1)
    MlKem768 = 0x0201,  // ML-KEM-768 (NIST Level 3) - PRIMARY
    MlKem1024 = 0x0202, // ML-KEM-1024 (NIST Level 5)
}

impl NamedGroup {
    /// The primary/default group for ant-quic
    pub const PRIMARY: Self = Self::MlKem768;

    /// Check if this is a pure PQC group (always true for this enum)
    pub fn is_pqc(&self) -> bool {
        true
    }

    /// Check if this group is supported (always true for this enum)
    pub fn is_supported(&self) -> bool {
        true
    }

    /// Convert from u16 wire format
    /// Returns None for unsupported groups (classical, hybrid)
    pub fn from_u16(value: u16) -> Option<Self> {
        match value {
            0x0200 => Some(Self::MlKem512),
            0x0201 => Some(Self::MlKem768),
            0x0202 => Some(Self::MlKem1024),
            _ => None, // Classical and hybrid groups rejected
        }
    }

    /// Convert to u16 wire format
    pub fn to_u16(&self) -> u16 {
        *self as u16
    }

    /// Get human-readable name
    pub fn name(&self) -> &'static str {
        match self {
            Self::MlKem512 => "ML-KEM-512",
            Self::MlKem768 => "ML-KEM-768",
            Self::MlKem1024 => "ML-KEM-1024",
        }
    }

    /// Serialize to bytes for TLS wire format
    pub fn to_bytes(&self) -> [u8; 2] {
        self.to_u16().to_be_bytes()
    }

    /// Deserialize from bytes
    pub fn from_bytes(bytes: &[u8]) -> Result<Self, PqcError> {
        if bytes.len() < 2 {
            return Err(PqcError::CryptoError(
                "Invalid named group bytes".to_string(),
            ));
        }
        let value = u16::from_be_bytes([bytes[0], bytes[1]]);
        Self::from_u16(value).ok_or_else(|| {
            PqcError::NegotiationFailed(format!(
                "Named group 0x{:04X} not supported - use ML-KEM-768 (0x0201)",
                value
            ))
        })
    }
}

impl fmt::Display for NamedGroup {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(f, "{}", self.name())
    }
}

/// TLS Signature Schemes for Pure PQC Authentication
///
/// ONLY ML-DSA schemes are supported. Classical and hybrid schemes are rejected.
///
/// Based on:
/// - FIPS 204 (ML-DSA)
/// - IANA TLS SignatureScheme registry (draft-tls-westerbaan-mldsa)
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
#[repr(u16)]
pub enum SignatureScheme {
    // Pure PQC schemes - ONLY THESE ARE ACCEPTED
    // IANA code points from draft-tls-westerbaan-mldsa
    MlDsa44 = 0x0904, // ML-DSA-44 (NIST Level 2)
    MlDsa65 = 0x0905, // ML-DSA-65 (NIST Level 3) - PRIMARY
    MlDsa87 = 0x0906, // ML-DSA-87 (NIST Level 5)
}

impl SignatureScheme {
    /// The primary/default signature scheme for ant-quic
    pub const PRIMARY: Self = Self::MlDsa65;

    /// Check if this is a pure PQC scheme (always true for this enum)
    pub fn is_pqc(&self) -> bool {
        true
    }

    /// Check if this scheme is supported (always true for this enum)
    pub fn is_supported(&self) -> bool {
        true
    }

    /// Convert from u16 wire format
    /// Returns None for unsupported schemes (classical, hybrid)
    pub fn from_u16(value: u16) -> Option<Self> {
        match value {
            0x0904 => Some(Self::MlDsa44),
            0x0905 => Some(Self::MlDsa65),
            0x0906 => Some(Self::MlDsa87),
            _ => None, // Classical and hybrid schemes rejected
        }
    }

    /// Convert to u16 wire format
    pub fn to_u16(&self) -> u16 {
        *self as u16
    }

    /// Get human-readable name
    pub fn name(&self) -> &'static str {
        match self {
            Self::MlDsa44 => "ML-DSA-44",
            Self::MlDsa65 => "ML-DSA-65",
            Self::MlDsa87 => "ML-DSA-87",
        }
    }

    /// Serialize to bytes for TLS wire format
    pub fn to_bytes(&self) -> [u8; 2] {
        self.to_u16().to_be_bytes()
    }

    /// Deserialize from bytes
    pub fn from_bytes(bytes: &[u8]) -> Result<Self, PqcError> {
        if bytes.len() < 2 {
            return Err(PqcError::CryptoError(
                "Invalid signature scheme bytes".to_string(),
            ));
        }
        let value = u16::from_be_bytes([bytes[0], bytes[1]]);
        Self::from_u16(value).ok_or_else(|| {
            PqcError::NegotiationFailed(format!(
                "Signature scheme 0x{:04X} not supported - use ML-DSA-65 (0x0905)",
                value
            ))
        })
    }
}

impl fmt::Display for SignatureScheme {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(f, "{}", self.name())
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_named_group_primary() {
        assert_eq!(NamedGroup::PRIMARY, NamedGroup::MlKem768);
        assert_eq!(NamedGroup::PRIMARY.to_u16(), 0x0201);
    }

    #[test]
    fn test_named_group_conversions() {
        // ML-KEM groups should work
        assert_eq!(NamedGroup::MlKem768.to_u16(), 0x0201);
        assert_eq!(NamedGroup::from_u16(0x0201), Some(NamedGroup::MlKem768));
        assert_eq!(NamedGroup::from_u16(0x0200), Some(NamedGroup::MlKem512));
        assert_eq!(NamedGroup::from_u16(0x0202), Some(NamedGroup::MlKem1024));

        // Classical groups should be rejected
        assert_eq!(NamedGroup::from_u16(0x001D), None); // X25519
        assert_eq!(NamedGroup::from_u16(0x0017), None); // secp256r1

        // Hybrid groups should be rejected
        assert_eq!(NamedGroup::from_u16(0x11EC), None); // X25519MLKEM768
        assert_eq!(NamedGroup::from_u16(0x11EB), None); // P256MLKEM768
    }

    #[test]
    fn test_signature_scheme_primary() {
        assert_eq!(SignatureScheme::PRIMARY, SignatureScheme::MlDsa65);
        assert_eq!(SignatureScheme::PRIMARY.to_u16(), 0x0905);
    }

    #[test]
    fn test_signature_scheme_conversions() {
        // ML-DSA schemes should work (IANA codes per draft-tls-westerbaan-mldsa)
        assert_eq!(SignatureScheme::MlDsa65.to_u16(), 0x0905);
        assert_eq!(
            SignatureScheme::from_u16(0x0905),
            Some(SignatureScheme::MlDsa65)
        );
        assert_eq!(
            SignatureScheme::from_u16(0x0904),
            Some(SignatureScheme::MlDsa44)
        );
        assert_eq!(
            SignatureScheme::from_u16(0x0906),
            Some(SignatureScheme::MlDsa87)
        );

        // Classical schemes should be rejected
        assert_eq!(SignatureScheme::from_u16(0x0807), None); // Ed25519
        assert_eq!(SignatureScheme::from_u16(0x0403), None); // ECDSA P256

        // Hybrid schemes should be rejected
        assert_eq!(SignatureScheme::from_u16(0x0920), None); // Ed25519+ML-DSA-65
        assert_eq!(SignatureScheme::from_u16(0x0921), None); // ECDSA P256+ML-DSA-65
    }

    #[test]
    fn test_wire_format_serialization() {
        // Test ML-KEM-768
        let group = NamedGroup::MlKem768;
        let bytes = group.to_bytes();
        assert_eq!(bytes, [0x02, 0x01]);
        assert_eq!(NamedGroup::from_bytes(&bytes).unwrap(), group);

        // Test ML-DSA-65 (IANA 0x0905)
        let scheme = SignatureScheme::MlDsa65;
        let bytes = scheme.to_bytes();
        assert_eq!(bytes, [0x09, 0x05]);
        assert_eq!(SignatureScheme::from_bytes(&bytes).unwrap(), scheme);
    }

    #[test]
    fn test_rejected_groups_error() {
        // Classical X25519 should give helpful error
        let result = NamedGroup::from_bytes(&[0x00, 0x1D]);
        assert!(result.is_err());
        let err = result.unwrap_err();
        assert!(err.to_string().contains("0x001D"));
        assert!(err.to_string().contains("ML-KEM-768"));

        // Hybrid X25519MLKEM768 should give helpful error
        let result = NamedGroup::from_bytes(&[0x11, 0xEC]);
        assert!(result.is_err());
    }

    #[test]
    fn test_is_pqc() {
        assert!(NamedGroup::MlKem768.is_pqc());
        assert!(NamedGroup::MlKem512.is_pqc());
        assert!(NamedGroup::MlKem1024.is_pqc());

        assert!(SignatureScheme::MlDsa65.is_pqc());
        assert!(SignatureScheme::MlDsa44.is_pqc());
        assert!(SignatureScheme::MlDsa87.is_pqc());
    }

    #[test]
    fn test_display() {
        assert_eq!(format!("{}", NamedGroup::MlKem768), "ML-KEM-768");
        assert_eq!(format!("{}", SignatureScheme::MlDsa65), "ML-DSA-65");
    }
}