nquic_crypto (nquic v1.0.0)

View Source

QUIC payload protection using AEAD (RFC 9001 Section 5).

Handles AES-128-GCM and ChaCha20-Poly1305 encryption and decryption of QUIC packet payloads. Nonces are constructed by XORing the IV with the packet number.

Summary

Functions

constant_time_equal/2

Constant-time equality for binaries.

decrypt(Cipher, Key, IV, PN, AAD, CiphertextAndTag)

Decrypt a QUIC packet payload with AEAD. Returns plaintext or {error, decrypt_failed}.

encrypt(Cipher, Key, IV, PN, AAD, Plaintext)

Encrypt a QUIC packet payload with AEAD.

Functions

constant_time_equal/2

-spec constant_time_equal(binary(), binary()) -> boolean().

Constant-time equality for binaries.

Use for any security-sensitive comparison (tokens, MACs, reset tokens) to avoid revealing length or content through timing.

Returns false immediately on length mismatch, which leaks length but not content. Callers that must also hide length should pad the inputs to a fixed size before comparing.

decrypt(Cipher, Key, IV, PN, AAD, CiphertextAndTag)

-spec decrypt(aes_128_gcm | chacha20_poly1305,
              binary(),
              binary(),
              nquic_packet_number:t(),
              binary(),
              binary()) ->
                 binary() | {error, term()}.

Decrypt a QUIC packet payload with AEAD. Returns plaintext or {error, decrypt_failed}.

encrypt(Cipher, Key, IV, PN, AAD, Plaintext)

-spec encrypt(aes_128_gcm | chacha20_poly1305,
              binary(),
              binary(),
              nquic_packet_number:t(),
              iodata(),
              iodata()) ->
                 {binary(), binary()}.

Encrypt a QUIC packet payload with AEAD.