feat(s2n-quic-dc): Add Unix socket packet encoding/decoding (#2840)

Author: mehnazyunus

dc/s2n-quic-dc/src/packet.rs

@@ -16,6 +16,7 @@ pub mod control;
 pub mod datagram;
 pub mod secret_control;
 pub mod stream;
+pub mod uds;
 
 pub use tag::Tag;
 pub use wire_version::WireVersion;

dc/s2n-quic-dc/src/packet/uds.rs

@@ -0,0 +1,5 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+pub mod decoder;
+pub mod encoder;

dc/s2n-quic-dc/src/packet/uds/decoder.rs

@@ -0,0 +1,202 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+use crate::{
+    packet::uds::encoder::{APP_PARAMS_VERSION, PACKET_VERSION},
+    path::secret::schedule::Ciphersuite,
+};
+use s2n_codec::{DecoderBufferMut, DecoderBufferMutResult, DecoderError};
+use s2n_quic_core::{dc::ApplicationParams, varint::VarInt};
+
+#[derive(Clone, Debug)]
+pub struct Packet {
+    version_tag: u8,
+    ciphersuite: Ciphersuite,
+    export_secret: Vec<u8>,
+    application_params_version: u8,
+    application_params: ApplicationParams,
+    payload: Vec<u8>,
+}
+
+impl Packet {
+    #[inline]
+    pub fn version_tag(&self) -> u8 {
+        self.version_tag
+    }
+
+    #[inline]
+    pub fn ciphersuite(&self) -> Ciphersuite {
+        self.ciphersuite
+    }
+
+    #[inline]
+    pub fn export_secret(&self) -> &[u8] {
+        &self.export_secret
+    }
+
+    #[inline]
+    pub fn application_params_version(&self) -> u8 {
+        self.application_params_version
+    }
+
+    #[inline]
+    pub fn application_params(&self) -> &ApplicationParams {
+        &self.application_params
+    }
+
+    #[inline]
+    pub fn payload(&self) -> &[u8] {
+        &self.payload
+    }
+
+    #[inline(always)]
+    pub fn decode(buffer: DecoderBufferMut) -> DecoderBufferMutResult<Packet> {
+        let (version_tag, buffer) = buffer.decode::<u8>()?;
+
+        if version_tag != PACKET_VERSION {
+            return Err(DecoderError::InvariantViolation("Unsupported version tag"));
+        }
+
+        let (ciphersuite_byte, buffer) = buffer.decode::<u8>()?;
+        let ciphersuite = ciphersuite_byte
+            .try_into()
+            .map_err(DecoderError::InvariantViolation)?;
+
+        let (export_secret_slice, buffer) = buffer.decode_slice_with_len_prefix::<VarInt>()?;
+        let export_secret = export_secret_slice.into_less_safe_slice().to_vec();
+
+        let (application_params_version, buffer) = buffer.decode::<u8>()?;
+
+        if application_params_version != APP_PARAMS_VERSION {
+            return Err(DecoderError::InvariantViolation(
+                "Unsupported application parameters version",
+            ));
+        }
+
+        let (application_params, buffer) = buffer.decode::<ApplicationParams>()?;
+
+        let (payload_slice, buffer) = buffer.decode_slice_with_len_prefix::<VarInt>()?;
+        let payload = payload_slice.into_less_safe_slice().to_vec();
+
+        let packet = Packet {
+            version_tag,
+            ciphersuite,
+            export_secret,
+            application_params_version,
+            application_params,
+            payload,
+        };
+
+        Ok((packet, buffer))
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use crate::{
+        packet::uds::{
+            decoder,
+            encoder::{self, PACKET_VERSION},
+        },
+        path::secret::schedule::Ciphersuite,
+    };
+    use s2n_codec::{DecoderBufferMut, DecoderError, EncoderLenEstimator};
+    use s2n_quic_core::dc;
+
+    #[test]
+    fn test_encode_decode() {
+        let ciphersuite = Ciphersuite::AES_GCM_128_SHA256;
+        let export_secret = b"secret_data";
+        let application_params = dc::testing::TEST_APPLICATION_PARAMS;
+        let payload = b"payload_with_data";
+
+        // Encode
+        let mut estimator = EncoderLenEstimator::new(usize::MAX);
+        let expected_size = encoder::encode(
+            &mut estimator,
+            &ciphersuite,
+            export_secret,
+            &application_params,
+            payload,
+        );
+        let mut buffer = vec![0u8; expected_size];
+        let mut enc = s2n_codec::EncoderBuffer::new(&mut buffer);
+        let encoded_size = encoder::encode(
+            &mut enc,
+            &ciphersuite,
+            export_secret,
+            &application_params,
+            payload,
+        );
+        assert_eq!(encoded_size, expected_size);
+
+        // Decode
+        let decoder = DecoderBufferMut::new(&mut buffer);
+        let (packet, remaining) = decoder::Packet::decode(decoder).unwrap();
+        assert!(remaining.is_empty());
+
+        let decoded_params = packet.application_params();
+
+        // Verify
+        assert_eq!(packet.version_tag(), PACKET_VERSION);
+        assert_eq!(packet.ciphersuite(), ciphersuite);
+        assert_eq!(packet.export_secret(), export_secret);
+        assert_eq!(packet.payload(), payload);
+
+        use core::sync::atomic::Ordering;
+        assert_eq!(
+            decoded_params.max_datagram_size.load(Ordering::Relaxed),
+            application_params.max_datagram_size.load(Ordering::Relaxed)
+        );
+        assert_eq!(
+            decoded_params.remote_max_data,
+            application_params.remote_max_data
+        );
+        assert_eq!(
+            decoded_params.local_send_max_data,
+            application_params.local_send_max_data
+        );
+        assert_eq!(
+            decoded_params.local_recv_max_data,
+            application_params.local_recv_max_data
+        );
+        assert_eq!(
+            decoded_params.max_idle_timeout,
+            application_params.max_idle_timeout
+        );
+    }
+
+    #[test]
+    fn test_decode_invalid_version_tag() {
+        let mut buffer = vec![1u8, 0u8]; // Invalid version tag = 1
+        let decoder = DecoderBufferMut::new(&mut buffer);
+        let result = decoder::Packet::decode(decoder);
+        assert!(result.is_err());
+        match result.unwrap_err() {
+            DecoderError::InvariantViolation(msg) => {
+                assert_eq!(msg, "Unsupported version tag");
+            }
+            _ => panic!("Expected InvariantViolation error"),
+        }
+    }
+
+    #[test]
+    fn test_decode_invalid_app_params_version() {
+        let mut buffer = vec![
+            0u8, // version tag = 0
+            0u8, // ciphersuite = 0 (valid)
+            4u8, // export secret length = 4
+            b't', b'e', b's', b't', // export secret
+            1u8,  // invalid application params version = 1
+        ];
+        let decoder = DecoderBufferMut::new(&mut buffer);
+        let result = decoder::Packet::decode(decoder);
+        assert!(result.is_err());
+        match result.unwrap_err() {
+            DecoderError::InvariantViolation(msg) => {
+                assert_eq!(msg, "Unsupported application parameters version");
+            }
+            _ => panic!("Expected InvariantViolation error"),
+        }
+    }
+}

dc/s2n-quic-dc/src/packet/uds/encoder.rs

@@ -0,0 +1,35 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+use crate::path::secret::schedule::Ciphersuite;
+use s2n_codec::Encoder;
+use s2n_quic_core::{dc::ApplicationParams, varint::VarInt};
+
+pub const PACKET_VERSION: u8 = 0;
+pub const APP_PARAMS_VERSION: u8 = 0;
+
+#[inline(always)]
+pub fn encode<E: Encoder>(
+    encoder: &mut E,
+    ciphersuite: &Ciphersuite,
+    export_secret: &[u8],
+    application_params: &ApplicationParams,
+    payload: &[u8],
+) -> usize {
+    let start_len = encoder.len();
+
+    encoder.encode(&PACKET_VERSION);
+
+    let ciphersuite_byte: u8 = (*ciphersuite).into();
+    encoder.encode(&ciphersuite_byte);
+
+    encoder.encode_with_len_prefix::<VarInt, _>(&export_secret);
+
+    encoder.encode(&APP_PARAMS_VERSION);
+
+    encoder.encode(application_params);
+
+    encoder.encode_with_len_prefix::<VarInt, _>(&payload);
+
+    encoder.len() - start_len
+}

dc/s2n-quic-dc/src/path/secret/schedule.rs

@@ -19,6 +19,7 @@ pub const MAX_KEY_LEN: usize = 32;
 const MAX_HMAC_KEY_LEN: usize = 1024 / 8;
 
 #[derive(Clone, Copy, Debug, PartialEq, Eq, Hash)]
+#[repr(u8)]
 #[cfg_attr(test, derive(bolero_generator::TypeGenerator))]
 #[allow(non_camel_case_types)]
 pub enum Ciphersuite {
@@ -62,6 +63,24 @@ impl hkdf::KeyType for Ciphersuite {
     }
 }
 
+impl From<Ciphersuite> for u8 {
+    fn from(c: Ciphersuite) -> u8 {
+        c as u8
+    }
+}
+
+impl TryFrom<u8> for Ciphersuite {
+    type Error = &'static str;
+
+    fn try_from(value: u8) -> Result<Self, Self::Error> {
+        match value {
+            0 => Ok(Ciphersuite::AES_GCM_128_SHA256),
+            1 => Ok(Ciphersuite::AES_GCM_256_SHA384),
+            _ => Err("Invalid Ciphersuite value"),
+        }
+    }
+}
+
 #[derive(Clone, Copy, Debug)]
 pub enum Initiator {
     Local,

quic/s2n-quic-core/src/dc.rs

@@ -24,6 +24,7 @@ mod traits;
 pub mod testing;
 
 pub use disabled::*;
+use s2n_codec::{decoder_value, DecoderError, Encoder, EncoderValue};
 pub use traits::*;
 
 pub type Version = u32;
@@ -146,6 +147,52 @@ impl ApplicationParams {
     }
 }
 
+decoder_value!(
+    impl<'a> ApplicationParams {
+        fn decode(buffer: Buffer) -> Result<Self> {
+            let (max_datagram_size, buffer) = buffer.decode::<u16>()?;
+            let (remote_max_data, buffer) = buffer.decode::<VarInt>()?;
+            let (local_send_max_data, buffer) = buffer.decode::<VarInt>()?;
+            let (local_recv_max_data, buffer) = buffer.decode::<VarInt>()?;
+
+            let (timeout_value, buffer) = buffer.decode::<VarInt>()?;
+            let timeout_value: u32 = timeout_value.try_into().map_err(|_| {
+                DecoderError::InvariantViolation("Timeout value exceeds u32 maximum")
+            })?;
+            let max_idle_timeout = NonZeroU32::new(timeout_value);
+
+            Ok((
+                Self {
+                    max_datagram_size: AtomicU16::new(max_datagram_size),
+                    remote_max_data,
+                    local_send_max_data,
+                    local_recv_max_data,
+                    max_idle_timeout,
+                },
+                buffer,
+            ))
+        }
+    }
+);
+
+impl EncoderValue for ApplicationParams {
+    fn encode<E: Encoder>(&self, buffer: &mut E) {
+        buffer.encode(&self.max_datagram_size.load(Ordering::Relaxed));
+        buffer.encode(&self.remote_max_data);
+        buffer.encode(&self.local_send_max_data);
+        buffer.encode(&self.local_recv_max_data);
+
+        match self.max_idle_timeout {
+            Some(timeout) => {
+                buffer.encode(&VarInt::from(u32::from(timeout)));
+            }
+            None => {
+                buffer.encode(&VarInt::from(0u32));
+            }
+        }
+    }
+}
+
 #[cfg(test)]
 mod tests {
     use crate::{