feat: use the nss-rs blapi feature

Author: larseggert

.github/workflows/clippy.yml

@@ -64,7 +64,7 @@ jobs:
       # and linted for each combination. Excluded features are either empty
       # (ci, test-fixture, gecko), benchmarking-only (bench), or have their
       # own dedicated workflow (build-fuzzing-corpus).
-      - run: cargo hack clippy --locked --feature-powerset --all-targets --exclude-features gecko,ci,bench,build-fuzzing-corpus,test-fixture -- -D warnings
+      - run: cargo hack clippy --locked --feature-powerset --all-targets --exclude-features gecko,ci,bench,build-fuzzing-corpus,test-fixture --mutually-exclusive-features blapi,disable-encryption -- -D warnings
       - run: cargo doc --locked --workspace --no-deps --document-private-items
         env:
           RUSTDOCFLAGS: "--deny rustdoc::broken_intra_doc_links --deny warnings"

Cargo.lock

@@ -36,7 +36,7 @@ hex = { version = "0.4", default-features = false }
 http = { version = "1", default-features = false, features = ["std"] }
 libc = { version = "0.2", default-features = false }
 log = { version = "0.4", default-features = false }
-nss = { rev = "0.10.0", package = "nss-rs", git = "https://github.com/mozilla/nss-rs" }
+nss = { rev = "167920ccec86c23a1f7e51c570baf82a28a966c6", package = "nss-rs", git = "https://github.com/mozilla/nss-rs" }
 qlog = { version = "0.16.0", default-features = false }
 quinn-udp = { version = "0.6", default-features = false, features = ["log", "fast-apple-datapath"] }
 rustc-hash = { version = "2.1", default-features = false, features = [ "std" ]}

Cargo.toml

@@ -19,7 +19,7 @@ fuzz_target!(|data: &[u8]| {
     let Some((header, d_cid, s_cid, payload)) = decode_initial_header(&ci, Role::Client) else {
         return;
     };
-    let (aead, hp) = initial_aead_and_hp(d_cid, Role::Client);
+    let (aead, _, hp) = initial_aead_and_hp(d_cid, Role::Client);
     let (_, pn) = header_protection::remove(&hp, header, payload);
 
     let mut payload_enc = Encoder::with_capacity(MIN_INITIAL_PACKET_SIZE);

fuzz/fuzz_targets/client_initial.rs

@@ -25,7 +25,7 @@ fuzz_target!(|data: &[u8]| {
     let Some((header, d_cid, s_cid, payload)) = decode_initial_header(&si, Role::Server) else {
         return;
     };
-    let (aead, hp) = initial_aead_and_hp(d_cid, Role::Server);
+    let (aead, _, hp) = initial_aead_and_hp(d_cid, Role::Server);
     let (_, pn) = header_protection::remove(&hp, header, payload);
 
     let mut payload_enc = Encoder::with_capacity(MIN_INITIAL_PACKET_SIZE);

fuzz/fuzz_targets/server_initial.rs

@@ -23,8 +23,8 @@ enumset = { workspace = true }
 http = { workspace = true }
 log = { workspace = true }
 neqo-common = { path = "./../neqo-common" }
-neqo-qpack = { path = "./../neqo-qpack" }
-neqo-transport = { path = "./../neqo-transport" }
+neqo-qpack = { path = "./../neqo-qpack", default-features = false }
+neqo-transport = { path = "./../neqo-transport", default-features = false }
 nss = { workspace = true }
 qlog = { workspace = true }
 rustc-hash = { workspace = true }
@@ -34,7 +34,7 @@ thiserror = { workspace = true }
 
 [dev-dependencies]
 criterion = { version = "4", package = "codspeed-criterion-compat", default-features = false }
-neqo-http3 = { path = ".", features = ["draft-29"] }
+neqo-http3 = { path = ".", default-features = false, features = ["draft-29"] }
 test-fixture = { path = "../test-fixture" }
 
 [features]
@@ -45,6 +45,8 @@ bench = [
         "test-fixture/bench",
         "log/release_max_level_info",
 ]
+blapi = ["neqo-transport/blapi"]
+default = ["blapi"]
 build-fuzzing-corpus = [
         "neqo-common/build-fuzzing-corpus",
         "neqo-transport/disable-encryption",

neqo-http3/Cargo.toml

@@ -18,7 +18,7 @@ workspace = true
 [dependencies]
 log = { workspace = true }
 neqo-common = { path = "./../neqo-common" }
-neqo-transport = { path = "./../neqo-transport" }
+neqo-transport = { path = "./../neqo-transport", default-features = false }
 qlog = { workspace = true }
 rustc-hash = { workspace = true }
 static_assertions = { workspace = true }
@@ -32,6 +32,8 @@ ignored = ["log"]
 
 [features]
 bench = ["neqo-common/bench", "neqo-transport/bench", "log/release_max_level_info"]
+blapi = ["neqo-transport/blapi"]
+default = ["blapi"]
 build-fuzzing-corpus = [
         "neqo-common/build-fuzzing-corpus",
         "neqo-transport/build-fuzzing-corpus",

neqo-qpack/Cargo.toml

@@ -34,11 +34,13 @@ thiserror = { workspace = true }
 
 [dev-dependencies]
 criterion = { version = "4", package = "codspeed-criterion-compat", default-features = false }
-neqo-transport = { path = ".", features = ["draft-29"] }
+neqo-transport = { path = ".", default-features = false, features = ["draft-29"] }
 test-fixture = { path = "../test-fixture" }
 
 [features]
 bench = ["neqo-common/bench", "nss/bench", "test-fixture/bench", "log/release_max_level_info"]
+blapi = ["nss/blapi"]
+default = ["blapi"]
 build-fuzzing-corpus = [
         "neqo-common/build-fuzzing-corpus",
         "nss/disable-encryption",

neqo-transport/Cargo.toml

@@ -108,11 +108,11 @@ fn ticket_rtt(rtt: Duration) -> Duration {
         decode_initial_header(&server_initial, Role::Server).unwrap();
 
     // Now decrypt the packet.
-    let (aead, hp) = initial_aead_and_hp(&client_dcid, Role::Server);
+    let (aead_enc, aead_dec, hp) = initial_aead_and_hp(&client_dcid, Role::Server);
     let (header, pn) = header_protection::remove(&hp, protected_header, payload);
     let pn_len = header.len() - protected_header.len();
     let mut buf = vec![0; payload.len()];
-    let mut plaintext = aead
+    let mut plaintext = aead_dec
         .decrypt(pn, &header, &payload[pn_len..], &mut buf)
         .unwrap()
         .to_owned();
@@ -130,7 +130,8 @@ fn ticket_rtt(rtt: Duration) -> Duration {
     // And rebuild a packet.
     let mut packet = header.clone();
     packet.resize(MIN_INITIAL_PACKET_SIZE, 0);
-    aead.encrypt(pn, &header, &plaintext, &mut packet[header.len()..])
+    aead_enc
+        .encrypt(pn, &header, &plaintext, &mut packet[header.len()..])
         .unwrap();
     header_protection::apply(&hp, &mut packet, protected_header.len()..header.len());
     let si = Datagram::new(

neqo-transport/src/connection/tests/resumption.rs

@@ -18,8 +18,8 @@ use enum_map::EnumMap;
 use neqo_common::{Buffer, Encoder, Role, hex, hex_snip_middle, qdebug, qinfo, qtrace};
 pub use nss::Epoch;
 use nss::{
-    Agent, AntiReplay, Cipher, Error as CryptoError, HandshakeState, PrivateKey, PublicKey, Record,
-    RecordList, RecordProtection as Aead, ResumptionToken, SymKey, TLS_AES_128_GCM_SHA256,
+    Agent, AntiReplay, Cipher, Error as CryptoError, HandshakeState, Mode, PrivateKey, PublicKey,
+    Record, RecordList, RecordProtection as Aead, ResumptionToken, SymKey, TLS_AES_128_GCM_SHA256,
     TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_CT_HANDSHAKE, TLS_GRP_EC_SECP256R1,
     TLS_GRP_EC_SECP384R1, TLS_GRP_EC_SECP521R1, TLS_GRP_EC_X25519, TLS_GRP_KEM_MLKEM768X25519,
     TLS_VERSION_1_3, ZeroRttChecker, hkdf, hp, random,
@@ -444,6 +444,15 @@ pub enum CryptoDxDirection {
     Write,
 }
 
+impl From<CryptoDxDirection> for Mode {
+    fn from(dir: CryptoDxDirection) -> Self {
+        match dir {
+            CryptoDxDirection::Read => Self::Decrypt,
+            CryptoDxDirection::Write => Self::Encrypt,
+        }
+    }
+}
+
 #[derive(Debug)]
 pub struct CryptoDxState {
     /// The QUIC version.
@@ -489,7 +498,13 @@ impl CryptoDxState {
             version,
             direction,
             epoch: usize::from(epoch),
-            aead: Aead::new(TLS_VERSION_1_3, cipher, secret, version.label_prefix())?,
+            aead: Aead::new(
+                TLS_VERSION_1_3,
+                cipher,
+                secret,
+                version.label_prefix(),
+                direction.into(),
+            )?,
             hpkey: hp::Key::extract(TLS_VERSION_1_3, cipher, secret, &hplabel)?,
             used_pn: min_pn..min_pn,
             min_pn,
@@ -581,6 +596,7 @@ impl CryptoDxState {
                 cipher,
                 next_secret,
                 self.version.label_prefix(),
+                self.direction.into(),
             )?,
             hpkey: self.hpkey.try_clone()?,
             used_pn: pn..pn,
@@ -708,6 +724,13 @@ impl CryptoDxState {
     }
 
     #[must_use]
+    #[cfg(not(feature = "disable-encryption"))]
+    pub const fn expansion(&self) -> usize {
+        self.aead.expansion()
+    }
+
+    #[must_use]
+    #[cfg(feature = "disable-encryption")]
     pub fn expansion(&self) -> usize {
         self.aead.expansion()
     }
@@ -734,21 +757,35 @@ impl CryptoDxState {
     #[cfg(not(feature = "disable-encryption"))]
     #[cfg(test)]
     pub(crate) fn test_default() -> Self {
+        Self::test_default_with_direction(CryptoDxDirection::Write)
+    }
+
+    #[cfg(not(feature = "disable-encryption"))]
+    #[cfg(test)]
+    pub(crate) fn test_default_read() -> Self {
+        Self::test_default_with_direction(CryptoDxDirection::Read)
+    }
+
+    #[cfg(not(feature = "disable-encryption"))]
+    #[cfg(test)]
+    fn test_default_with_direction(direction: CryptoDxDirection) -> Self {
         // This matches the value in packet.rs
         const CLIENT_CID: &[u8] = &[0x83, 0x94, 0xc8, 0xf0, 0x3e, 0x51, 0x57, 0x08];
-        Self::new_initial(
-            Version::default(),
-            CryptoDxDirection::Write,
-            "server in",
-            CLIENT_CID,
-            0,
-        )
-        .unwrap()
+        Self::new_initial(Version::default(), direction, "server in", CLIENT_CID, 0).unwrap()
+    }
+
+    /// Get the amount of extra padding packets protected with this profile need.
+    /// This is the difference between the size of the header protection sample
+    /// and the AEAD expansion.
+    #[cfg(not(feature = "disable-encryption"))]
+    pub const fn extra_padding(&self) -> usize {
+        hp::Key::SAMPLE_SIZE.saturating_sub(self.expansion())
     }
 
     /// Get the amount of extra padding packets protected with this profile need.
     /// This is the difference between the size of the header protection sample
     /// and the AEAD expansion.
+    #[cfg(feature = "disable-encryption")]
     pub fn extra_padding(&self) -> usize {
         hp::Key::SAMPLE_SIZE.saturating_sub(self.expansion())
     }
@@ -1340,8 +1377,7 @@ impl CryptoStates {
     #[cfg(test)]
     pub(crate) fn test_default() -> Self {
         let read = |epoch| {
-            let mut dx = CryptoDxState::test_default();
-            dx.direction = CryptoDxDirection::Read;
+            let mut dx = CryptoDxState::test_default_read();
             dx.epoch = epoch;
             dx
         };
@@ -1390,6 +1426,7 @@ impl CryptoStates {
                     TLS_CHACHA20_POLY1305_SHA256,
                     &secret,
                     "quic ", // This is a v1 test so hard-code the label.
+                    Mode::Decrypt,
                 )
                 .unwrap(),
                 hpkey: hp::Key::extract(