Add QUIC test

Author: stevefan1999-personal

.github/workflows/rustls-real-socket-test.yml

@@ -1,14 +1,16 @@
-name: Rustls Real Socket Test
+name: Rustls Real World Test
 
 on:
   push:
     branches: [ master ]
     paths:
       - 'validation/rustls-real-socket-test/**'
+      - 'validation/quic-test/**'
       - '.github/workflows/rustls-real-socket-test.yml'
   pull_request:
     paths:
       - 'validation/rustls-real-socket-test/**'
+      - 'validation/quic-test/**'
       - '.github/workflows/rustls-real-socket-test.yml'
 
 permissions:
@@ -31,9 +33,18 @@ jobs:
     - name: Cache Cargo
       uses: Swatinem/rust-cache@v2
       with:
-        workspaces: "validation/rustls-real-socket-test"
+        workspaces: |
+          validation/rustls-real-socket-test
+          validation/quic-test
 
-    - name: Run in release mode
+    - name: Run in real socket test release mode
+      working-directory: validation/rustls-real-socket-test
+      run: cargo run --release
+      env:
+        SCCACHE_GHA_ENABLED: "true"
+        RUSTC_WRAPPER: "sccache"
+
+    - name: Run in QUIC test release mode
       working-directory: validation/rustls-real-socket-test
       run: cargo run --release
       env:

src/aead.rs

@@ -1,8 +1,8 @@
 use aead::Buffer;
 use rustls::crypto::cipher::{BorrowedPayload, PrefixedPayload};
 
-#[cfg(feature = "tinyvec")]
-use tinyvec::SliceVec;
+#[cfg(feature = "alloc")]
+use alloc::vec::Vec;
 
 #[cfg(feature = "gcm")]
 pub mod gcm;
@@ -13,18 +13,21 @@ pub mod ccm;
 #[macro_use]
 pub(crate) mod common;
 
+#[cfg(feature = "tinyvec")]
+use tinyvec::SliceVec;
+
 pub(crate) enum EncryptBufferAdapter<'a> {
     PrefixedPayload(&'a mut PrefixedPayload),
-    #[cfg(feature = "tinyvec")]
-    Slice(SliceVec<'a, u8>),
+    #[cfg(feature = "quic")]
+    Vec(Vec<u8>),
 }
 
 impl AsRef<[u8]> for EncryptBufferAdapter<'_> {
     fn as_ref(&self) -> &[u8] {
         match self {
             EncryptBufferAdapter::PrefixedPayload(payload) => payload.as_ref(),
-            #[cfg(feature = "tinyvec")]
-            EncryptBufferAdapter::Slice(payload) => payload.as_ref(),
+            #[cfg(feature = "quic")]
+            EncryptBufferAdapter::Vec(payload) => payload.as_ref(),
         }
     }
 }
@@ -33,8 +36,8 @@ impl AsMut<[u8]> for EncryptBufferAdapter<'_> {
     fn as_mut(&mut self) -> &mut [u8] {
         match self {
             EncryptBufferAdapter::PrefixedPayload(payload) => payload.as_mut(),
-            #[cfg(feature = "tinyvec")]
-            EncryptBufferAdapter::Slice(payload) => payload.as_mut(),
+            #[cfg(feature = "quic")]
+            EncryptBufferAdapter::Vec(payload) => payload.as_mut(),
         }
     }
 }
@@ -43,17 +46,17 @@ impl Buffer for EncryptBufferAdapter<'_> {
     fn extend_from_slice(&mut self, other: &[u8]) -> aead::Result<()> {
         match self {
             EncryptBufferAdapter::PrefixedPayload(payload) => payload.extend_from_slice(other),
-            #[cfg(feature = "tinyvec")]
-            EncryptBufferAdapter::Slice(payload) => payload.extend_from_slice(other),
+            #[cfg(feature = "quic")]
+            EncryptBufferAdapter::Vec(payload) => payload.extend_from_slice(other),
         }
         Ok(())
     }
 
     fn truncate(&mut self, len: usize) {
         match self {
             EncryptBufferAdapter::PrefixedPayload(payload) => payload.truncate(len),
-            #[cfg(feature = "tinyvec")]
-            EncryptBufferAdapter::Slice(payload) => payload.truncate(len),
+            #[cfg(feature = "quic")]
+            EncryptBufferAdapter::Vec(payload) => payload.truncate(len),
         }
     }
 }

src/quic.rs

@@ -1,11 +1,10 @@
-use alloc::{boxed::Box, vec};
+use alloc::boxed::Box;
 
 use aead::{AeadCore, AeadInOut, KeyInit};
 use enum_dispatch::enum_dispatch;
 use rustls::Error;
 use rustls::crypto::cipher::{AeadKey, Iv, Nonce};
 use rustls::quic;
-use tinyvec::SliceVec;
 use typenum::Unsigned;
 
 use crate::aead::{DecryptBufferAdapter, EncryptBufferAdapter};
@@ -267,18 +266,15 @@ where
         let nonce_aead = aead::Nonce::<A>::try_from(&Nonce::new(&self.iv, packet_number).0[..])
             .map_err(|_| Error::EncryptError)?;
 
-        // Create a buffer with payload + space for tag
-        let mut buffer = vec![0u8; payload.len() + A::TagSize::USIZE];
-        buffer[..payload.len()].copy_from_slice(payload);
+        // Create a buffer with the payload
+        let mut buffer = EncryptBufferAdapter::Vec(payload.to_vec());
 
         self.key
-            .encrypt_in_place(
-                &nonce_aead,
-                header,
-                &mut EncryptBufferAdapter::Slice(SliceVec::from(&mut buffer)),
-            )
+            .encrypt_in_place(&nonce_aead, header, &mut buffer)
             .map_err(|_| Error::EncryptError)?;
 
+        let buffer = buffer.as_ref();
+
         // Copy the encrypted payload back
         payload.copy_from_slice(&buffer[..payload.len()]);
 

src/tls13/suites/aes.rs

@@ -1,18 +1,21 @@
-#[cfg(feature = "quic")]
-use crate::aead::aes::{Aes128Gcm, Aes256Gcm};
 use crate::const_concat_slices;
 use crate::feature_eval_expr;
 use crate::feature_slice;
+use crate::tls13_cipher_suite;
+use crate::{hash, hmac};
+use rustls::crypto::{CipherSuiteCommon, tls13::HkdfUsingHmac};
+use rustls::{CipherSuite, SupportedCipherSuite, Tls13CipherSuite};
+
+#[cfg(all(feature = "gcm", feature = "hash-sha256", feature = "quic"))]
+use crate::aead::aes::Aes128Gcm;
+#[cfg(all(feature = "gcm", feature = "hash-sha384", feature = "quic"))]
+use crate::aead::aes::Aes256Gcm;
 #[cfg(all(feature = "ccm", feature = "hash-sha256"))]
 use crate::tls13::aead::ccm::{AES_128_CCM, AES_128_CCM_8};
 #[cfg(all(feature = "gcm", feature = "hash-sha256"))]
 use crate::tls13::aead::gcm::AES_128_GCM;
 #[cfg(all(feature = "gcm", feature = "hash-sha384"))]
 use crate::tls13::aead::gcm::AES_256_GCM;
-use crate::tls13_cipher_suite;
-use crate::{hash, hmac};
-use rustls::crypto::{CipherSuiteCommon, tls13::HkdfUsingHmac};
-use rustls::{CipherSuite, SupportedCipherSuite, Tls13CipherSuite};
 
 #[cfg(all(feature = "gcm", feature = "hash-sha256"))]
 tls13_cipher_suite!(

validation/README.md

@@ -14,45 +14,54 @@ These validation crates serve multiple critical purposes:
 
 ## Validation Crates
 
-| Crate                    | Description                                      | Target Environment |
-| :---                     | :---                                             | :---               |
-| consumer-no_std          | Basic consumer library for no_std environments   | no_std             |
-| local_ping_pong_openssl  | Local tests against OpenSSL reference            | Standard Rust      |
-| esp32-test               | Test for ESP32 microcontroller target using real sockets | ESP32           |
-| rustls-real-socket-test  | Test using real sockets for TLS integration      | Standard Rust      |
+| Crate                   | Description                                              | Target Environment |
+| :---------------------- | :------------------------------------------------------- | :----------------- |
+| consumer-no_std         | Basic consumer library for no_std environments           | no_std             |
+| local_ping_pong_openssl | Local tests against OpenSSL reference                    | Standard Rust      |
+| esp32-test              | Test for ESP32 microcontroller target using real sockets | ESP32              |
+| rustls-real-socket-test | Test using real sockets for TLS integration              | Standard Rust      |
+| quic-test               | Battle-test using QUIC to do roundtrip calls             | Standard Rust      |
 
 ### Detailed Crate Descriptions
 
 #### consumer-no_std
+
 A minimal self-testing crate that validates the no_std build capability of rustls-rustcrypto. This crate ensures that the provider can be compiled and used in environments without the standard library, which is crucial for embedded systems and constrained environments.
 
 **Key Features:**
+
 - Validates no_std compilation
 - Minimal dependencies
 - Self-contained testing
 
 #### local_ping_pong_openssl
+
 This crate performs comprehensive compatibility testing between rustls-rustcrypto and OpenSSL. It includes tests with OpenSSL-generated certificates and keys to ensure interoperability and correct TLS handshake behavior.
 
 **Key Features:**
+
 - OpenSSL compatibility testing
 - Certificate and key validation
 - TLS handshake verification
 - Cross-implementation validation
 
 #### esp32-test
+
 A specialized test crate for the ESP32 microcontroller platform. It performs end-to-end TLS testing using real network sockets, validating the rustcrypto provider's functionality in an embedded environment.
 
 **Key Features:**
+
 - ESP32-specific testing
 - Real socket communication
 - TLS client/server implementation
 - Embedded target validation
 
 #### rustls-real-socket-test
+
 Similar to esp32-test but designed for standard Rust environments. This crate tests TLS functionality using actual network sockets, providing realistic validation of the provider's capabilities.
 
 **Key Features:**
+
 - Real socket testing
 - TLS client/server implementation
 - Network communication validation
@@ -122,16 +131,19 @@ cargo run -p esp32-test
 ## Dependencies
 
 ### Common Dependencies
+
 - `rustls` 0.23.x
 - `rustls-rustcrypto` (workspace)
 - `anyhow` for error handling
 - `log` for logging
 
 ### ESP32-Specific
+
 - `esp-idf-svc` for ESP32 services
 - `esp-idf-hal` for hardware abstraction
 
 ### OpenSSL-Specific
+
 - OpenSSL development libraries
 - Custom certificate generation tools