tls13/quic: construct QUIC suite from TLS 1.3 suite

This commit adds a `quic::Suite` struct for representing the combination of a `Tls13CipherSuite` and a `quic::Algorithm`. This can optionally be constructed from a `Tls13CipherSuite` that supports QUIC. Having this type helps downstream users that otherwise need to juggle the `Option<quic::Algorithm>` and `Option<Tls13CipherSuite>` from a `SupportedCipherSuite` separately.
rustls · Feb 27, 2024 · d5842f4 · d5842f4
1 parent 4aafdc8
commit d5842f4
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 0 deletions.
diff --git a/rustls/src/quic.rs b/rustls/src/quic.rs
@@ -797,6 +797,27 @@ impl<'a> KeyBuilder<'a> {
     }
 }
 
+/// Produces QUIC initial keys from a TLS 1.3 ciphersuite and a QUIC key generation algorithm.
+pub struct Suite {
+    /// The TLS 1.3 ciphersuite used to derive keys.
+    pub suite: &'static Tls13CipherSuite,
+    /// The QUIC key generation algorithm used to derive keys.
+    pub quic: &'static dyn Algorithm,
+}
+
+impl Suite {
+    /// Produce a set of initial keys given the connection ID, side and version
+    pub fn keys(&self, client_dst_connection_id: &[u8], side: Side, version: Version) -> Keys {
+        Keys::initial(
+            version,
+            self.suite,
+            self.quic,
+            client_dst_connection_id,
+            side,
+        )
+    }
+}
+
 /// Complete set of keys used to communicate with the peer
 pub struct Keys {
     /// Encrypts outgoing packets

diff --git a/rustls/src/tls13/mod.rs b/rustls/src/tls13/mod.rs
@@ -58,6 +58,12 @@ impl Tls13CipherSuite {
             && aead_alg.fips()
             && quic.map(|q| q.fips()).unwrap_or(true)
     }
+
+    /// Returns a `quic::Suite` for the ciphersuite, if supported.
+    pub fn quic_suite(&'static self) -> Option<crate::quic::Suite> {
+        self.quic
+            .map(|quic| crate::quic::Suite { quic, suite: self })
+    }
 }
 
 impl From<&'static Tls13CipherSuite> for SupportedCipherSuite {