raioquic 0.1.0

data/lib/raioquic/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Raioquic
+  VERSION = "0.1.0"
+end

data/lib/raioquic.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require_relative "raioquic/version"
+require_relative "raioquic/buffer"
+require_relative "raioquic/quic"
+require_relative "raioquic/crypto"
+
+module Raioquic
+  class Error < StandardError; end
+  # Your code goes here...
+  class ValueError < Error; end
+end

data/misc/export_x25519.py

@@ -0,0 +1,43 @@
+# Create X25519 kay pair as PEM format it illustrated in RFC 8448.
+
+from cryptography.hazmat.primitives import serialization
+from cryptography.hazmat.primitives.asymmetric import x25519
+import binascii
+
+client_priv_key = x25519.X25519PrivateKey.from_private_bytes(
+  binascii.unhexlify("49af42ba7f7994852d713ef2784bcbcaa7911de26adc5642cb634540e7ea5005")
+)
+
+print(client_priv_key.private_bytes(
+  encoding=serialization.Encoding.PEM,
+  format=serialization.PrivateFormat.PKCS8,
+  encryption_algorithm=serialization.NoEncryption()
+))
+
+client_pub_key = x25519.X25519PublicKey.from_public_bytes(
+  binascii.unhexlify("99381de560e4bd43d23d8e435a7dbafeb3c06e51c13cae4d5413691e529aaf2c")
+)
+
+print(client_pub_key.public_bytes(
+  encoding=serialization.Encoding.PEM,
+  format=serialization.PublicFormat.SubjectPublicKeyInfo
+))
+
+server_priv_key = x25519.X25519PrivateKey.from_private_bytes(
+  binascii.unhexlify("b1580eeadf6dd589b8ef4f2d5652578cc810e9980191ec8d058308cea216a21e")
+)
+
+print(server_priv_key.private_bytes(
+  encoding=serialization.Encoding.PEM,
+  format=serialization.PrivateFormat.PKCS8,
+  encryption_algorithm=serialization.NoEncryption()
+))
+
+server_pub_key = x25519.X25519PublicKey.from_public_bytes(
+  binascii.unhexlify("c9828876112095fe66762bdbf7c672e156d6cc253b833df1dd69b1b04e751f0f")
+)
+
+print(server_pub_key.public_bytes(
+  encoding=serialization.Encoding.PEM,
+  format=serialization.PublicFormat.SubjectPublicKeyInfo
+))

data/misc/gen_rfc8448_keypair.rb

@@ -0,0 +1,90 @@
+# frozen_string_literal: true
+
+require "openssl"
+
+# Generate key pair illustrated in RFC 8448.
+# https://datatracker.ietf.org/doc/html/rfc8448
+#
+# In OpenSSL 3 environtment, openssl gem did not support OpenSSL::PKey::RSA#set_key, OpenSSL::PKey::RSA#set_factors,
+# and OpenSSL::PKey::RSA#set_crt_params because PKey object made immutable from OpenSSL 3.
+# Run this script in OpenSSL 1 env (like a container), get key pair with PEM format,
+# then read in OpenSSL 3 env by OpenSSL::Pkey.read method and so on.
+
+rfc8448_rsa_pkey_moduls = <<~MODULUS.split.map(&:hex).map(&:chr).join
+  b4 bb 49 8f 82 79 30 3d 98 08 36 39 9b 36 c6 98
+  8c 0c 68 de 55 e1 bd b8 26 d3 90 1a 24 61 ea fd
+  2d e4 9a 91 d0 15 ab bc 9a 95 13 7a ce 6c 1a f1
+  9e aa 6a f9 8c 7c ed 43 12 09 98 e1 87 a8 0e e0
+  cc b0 52 4b 1b 01 8c 3e 0b 63 26 4d 44 9a 6d 38
+  e2 2a 5f da 43 08 46 74 80 30 53 0e f0 46 1c 8c
+  a9 d9 ef bf ae 8e a6 d1 d0 3e 2b d1 93 ef f0 ab
+  9a 80 02 c4 74 28 a6 d3 5a 8d 88 d7 9f 7f 1e 3f
+MODULUS
+
+rfc8448_rsa_pkey_public_exponent = <<~EXPONENT.split.map(&:hex).map(&:chr).join
+  01 00 01
+EXPONENT
+
+rfc8448_rsa_pkey_private_exponent = <<~EXPONENT.split.map(&:hex).map(&:chr).join
+  04 de a7 05 d4 3a 6e a7 20 9d d8 07 21 11 a8 3c
+  81 e3 22 a5 92 78 b3 34 80 64 1e af 7c 0a 69 85
+  b8 e3 1c 44 f6 de 62 e1 b4 c2 30 9f 61 26 e7 7b
+  7c 41 e9 23 31 4b bf a3 88 13 05 dc 12 17 f1 6c
+  81 9c e5 38 e9 22 f3 69 82 8d 0e 57 19 5d 8c 84
+  88 46 02 07 b2 fa a7 26 bc f7 08 bb d7 db 7f 67
+  9f 89 34 92 fc 2a 62 2e 08 97 0a ac 44 1c e4 e0
+  c3 08 8d f2 5a e6 79 23 3d f8 a3 bd a2 ff 99 41
+EXPONENT
+
+rfc8448_rsa_pkey_prime1 = <<~PRIME1.split.map(&:hex).map(&:chr).join
+  e4 35 fb 7c c8 37 37 75 6d ac ea 96 ab 7f 59 a2
+  cc 10 69 db 7d eb 19 0e 17 e3 3a 53 2b 27 3f 30
+  a3 27 aa 0a aa bc 58 cd 67 46 6a f9 84 5f ad c6
+  75 fe 09 4a f9 2c 4b d1 f2 c1 bc 33 dd 2e 05 15
+PRIME1
+
+rfc8448_rsa_pkey_prime2 = <<~PRIME2.split.map(&:hex).map(&:chr).join
+  ca bd 3b c0 e0 43 86 64 c8 d4 cc 9f 99 97 7a 94
+  d9 bb fe ad 8e 43 87 0a ba e3 f7 eb 8b 4e 0e ee
+  8a f1 d9 b4 71 9b a6 19 6c f2 cb ba ee eb f8 b3
+  49 0a fe 9e 9f fa 74 a8 8a a5 1f c6 45 62 93 03
+PRIME2
+
+rfc8448_rsa_pkey_exponent1 = <<~EXPONENT1.split.map(&:hex).map(&:chr).join
+  3f 57 34 5c 27 fe 1b 68 7e 6e 76 16 27 b7 8b 1b
+  82 64 33 dd 76 0f a0 be a6 a6 ac f3 94 90 aa 1b
+  47 cd a4 86 9d 68 f5 84 dd 5b 50 29 bd 32 09 3b
+  82 58 66 1f e7 15 02 5e 5d 70 a4 5a 08 d3 d3 19
+EXPONENT1
+
+rfc8448_rsa_pkey_exponent2 = <<~EXPONENT2.split.map(&:hex).map(&:chr).join
+  18 3d a0 13 63 bd 2f 28 85 ca cb dc 99 64 bf 47
+  64 f1 51 76 36 f8 64 01 28 6f 71 89 3c 52 cc fe
+  40 a6 c2 3d 0d 08 6b 47 c6 fb 10 d8 fd 10 41 e0
+  4d ef 7e 9a 40 ce 95 7c 41 77 94 e1 04 12 d1 39
+EXPONENT2
+
+rfc8448_rsa_pkey_coefficient = <<~COEF.split.map(&:hex).map(&:chr).join
+  83 9c a9 a0 85 e4 28 6b 2c 90 e4 66 99 7a 2c 68
+  1f 21 33 9a a3 47 78 14 e4 de c1 18 33 05 0e d5
+  0d d1 3c c0 38 04 8a 43 c5 9b 2a cc 41 68 89 c0
+  37 66 5f e5 af a6 05 96 9f 8c 01 df a5 ca 96 9d
+COEF
+
+rsa_cert = OpenSSL::PKey::RSA.new
+rsa_cert.set_key(
+  OpenSSL::BN.new(rfc8448_rsa_pkey_moduls, 2),
+  OpenSSL::BN.new(rfc8448_rsa_pkey_public_exponent, 2),
+  OpenSSL::BN.new(rfc8448_rsa_pkey_private_exponent, 2),
+)
+rsa_cert.set_factors(
+  OpenSSL::BN.new(rfc8448_rsa_pkey_prime1, 2),
+  OpenSSL::BN.new(rfc8448_rsa_pkey_prime2, 2),
+)
+rsa_cert.set_crt_params(
+  OpenSSL::BN.new(rfc8448_rsa_pkey_exponent1, 2),
+  OpenSSL::BN.new(rfc8448_rsa_pkey_exponent2, 2),
+  OpenSSL::BN.new(rfc8448_rsa_pkey_coefficient, 2),
+)
+
+File.write("rfc8448.pem", rsa_cert.to_pem)

data/raioquic.gemspec

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+require_relative "lib/raioquic/version"
+
+Gem::Specification.new do |spec|
+  spec.name = "raioquic"
+  spec.version = Raioquic::VERSION
+  spec.authors = ["Yusuke Nakamura"]
+  spec.email = ["yusuke1994525@gmail.com"]
+
+  spec.summary = "Write a short summary, because RubyGems requires one."
+  spec.description = "Write a longer description or delete this line."
+  spec.homepage = "https://example.com"
+  spec.required_ruby_version = ">= 3.0.0"
+
+  spec.metadata["homepage_uri"] = spec.homepage
+  spec.metadata["source_code_uri"] = spec.homepage
+  spec.metadata["changelog_uri"] = spec.homepage
+  spec.metadata["rubygems_mfa_required"] = "true"
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject do |f|
+      (f == __FILE__) || f.match(%r{\A(?:(?:bin|test|spec|features)/|\.(?:git|travis|circleci)|appveyor)})
+    end
+  end
+  spec.bindir = "exe"
+  spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  # Uncomment to register a new dependency of your gem
+  spec.add_dependency "tttls1.3"
+
+  # For more information and examples about making a new gem, check out our
+  # guide at: https://bundler.io/guides/creating_gem.html
+end

data/sig/raioquic/buffer.rbs

@@ -0,0 +1,37 @@
+module Raioquic
+  class Buffer
+    # extend Forwardable
+
+    UINT_VAR_MAX: ::Integer
+    UINT_VAR_MAX_SIZE: 8
+
+    class BufferReadError < StandardError
+    end
+    class BufferWriteError < StandardError
+    end
+
+    def self.encode_uint_var: (Integer) -> String
+    def self.size_uint_var: (Integer) -> (1 | 2 | 4 | 8)
+    def initialize: (?capacity: Integer?, ?data: String) -> void
+    def dealloc: () -> nil
+    def data: () -> String
+    def tell: () -> ::Integer # delegated method
+    def seek: (Integer) -> void
+    def capacity: -> ::Integer
+    def data_slice: (start: Integer, ends: Integer) -> untyped
+    def pull_bytes: (Integer) -> String
+    def pull_uint8: () -> Integer
+    def pull_uint16: () -> Integer
+    def pull_uint32: () -> Integer
+    def pull_uint64: () -> Integer
+    def pull_uint_var: () -> Integer
+    def push_bytes: (String) -> void
+    def push_uint8: (Integer) -> void
+    def push_uint16: (Integer) -> void
+    def push_uint32: (Integer) -> void
+    def push_uint64: (Integer) -> void
+    def push_uint_var: (Integer) -> void
+    def encode_uint_var: (Integer) -> nil
+    private def check_read_bounds: (Integer) -> void
+  end
+end

data/sig/raioquic/core_ext.rbs

@@ -0,0 +1,7 @@
+class ::String
+  def bytes_to_int: () -> ::Integer
+end
+
+class ::Integer
+  def to_bytes: (::Integer) -> ::String
+end

data/sig/raioquic/crypto/aesgcm.rbs

@@ -0,0 +1,20 @@
+module Raioquic
+  module Crypto
+    class AESGCM
+      MAX_SIZE: Numeric
+
+      class OverflowError < StandardError
+      end
+
+      attr_reader key: ::String
+
+      def initialize: (String) -> void
+      def encrypt: (nonce: ::String, data: ::String, associated_data: ::String) -> ::String
+                 | (nonce: ::String, data: ::String) -> ::String
+      def decrypt: (nonce: ::String, data: ::String, associated_data: ::String) -> ::String
+                 | (nonce: ::String, data: ::String) -> ::String
+      def validate_length: (nonce: ::String, data: ::String) -> void
+      def check_nonce: (::String) -> void
+    end
+  end
+end

data/sig/raioquic/crypto/backend/aead.rbs

@@ -0,0 +1,11 @@
+module Raioquic
+  module Crypto
+    module Backend
+      class Aead
+        def self.aead_cipher_name: (::Raioquic::Crypto::AESGCM | untyped) -> String
+        def self.encrypt: (cipher: untyped, key: String, nonce: String, data: String, associated_data: Array[String?], tag_length: Integer) -> String
+        def self.decrypt: (cipher: untyped, key: String, nonce: String, data: String, associated_data: Array[String?], tag_length: Integer) -> String
+      end
+    end
+  end
+end

data/sig/raioquic/quic/configuration.rbs

@@ -0,0 +1,34 @@
+module Raioquic
+  module Quic
+    module QuicConfiguration
+      attr_accessor alpn_protocols: ::Array[untyped]
+      attr_accessor connection_id_length: ::Integer
+      attr_accessor idle_timeout: ::Float
+      attr_accessor is_client: bool
+      attr_accessor max_data: ::Integer
+      attr_accessor max_stream_data: ::Integer
+      attr_accessor quic_logger: ::Raioquic::Quic::Logger::QuicLogger
+      attr_accessor secrets_log_file: untyped
+      attr_accessor server_name: ::String | nil
+      attr_accessor session_ticket: ::String | nil
+      attr_accessor cadata: ::String | nil
+      attr_accessor cafile: ::String | nil
+      attr_accessor capath: ::String | nil
+      attr_accessor certificate: untyped
+      attr_accessor certificate_chain: ::Array[untyped]
+      attr_accessor cipher_suites: ::Array[::Integer]
+      attr_accessor initial_rtt: ::Float
+      attr_accessor max_datagram_frame_size: ::Integer
+      attr_accessor private_key: untyped
+      attr_accessor quantam_readiness_test: bool
+      attr_accessor supported_versions: ::Array[::Integer]
+      attr_accessor verify_mode: ::Integer # OpenSSL::SSL::VERIFY_NONE or OpenSSL::SSL::VERIFY_PEER
+
+      def initialize: (untyped) -> void
+      def load_cert_chain: (::String certfile) -> void
+                         | (::String certfile, ::String keyfile) -> void
+                         | (::String certfile, ::String keyfile, ::String password) -> void
+      def load_verify_locations: (?cafile: ::String|nil, ?capath: ::String|nil, ?cadata: ::String|nil) -> void
+    end
+  end
+end

data/sig/raioquic/quic/connection.rbs

@@ -0,0 +1,277 @@
+module Raioquic
+  module Quic
+    module Connection
+      CRYPTO_BUFFER_SIZE: ::Integer
+      EPOCH_SHORTCUTS: ::Hash[::String, ::Integer]
+      MAX_EARLY_DATA: ::Integer
+      SECRETS_LABELS: ::Array[::Array[::String | nil]]
+      STREAM_FLAGS: ::Integer
+      STREAM_COUNT_MAX: ::Integer
+      UDP_HEADER_SIZE: 8
+      ACK_FRAME_CAPACITY: ::Integer
+      APPLICATION_CLOSE_FRAME_CAPACITY: ::Integer
+      CONNECTION_LIMIT_FRAME_CAPACITY: ::Integer
+      HANDSHAKE_DONE_FRAME_CAPACITY: ::Integer
+      MAX_STREAM_DATA_FRAME_CAPACITY: ::Integer
+      NEW_CONNECTION_ID_FRAME_CAPACITY: ::Integer
+      PATH_CHALLENGE_FRAME_CAPACITY: ::Integer
+      PATH_RESPONSE_FRAME_CAPACITY: ::Integer
+      PING_FRAME_CAPACITY: ::Integer
+      RESET_STREAM_FRAME_CAPACITY: ::Integer
+      RETIRE_CONNECTION_ID_CAPACITY: ::Integer
+      STOP_SENDING_FRAME_CAPACITY: ::Integer
+      STREAMS_BLOCKED_CAPACITY: ::Integer
+      TRANSPORT_CLOSE_FLAME_CAPACITY: ::Integer
+
+      def self.epochs: (::String shortcut) -> ::Array[::Integer]
+      def self.dump_cid: (::String cid) -> ::String
+      def self.get_epoch: (::Integer packet_type) -> ::Integer
+      def self.get_transport_parameters_extension: (::Integer version) -> ::Integer
+      def self.stream_is_client_initialized: (::Integer stream_id) -> bool
+      def self.stream_is_unidirectional: (::Integer stream_id) -> bool
+
+      class Limit
+        @frame_type: ::Integer
+        @name: ::String
+        @sent: ::Integer
+        @used: ::Integer
+        @value: ::Integer
+
+        attr_reader frame_type: ::Integer
+
+        attr_accessor used: ::Integer
+        attr_accessor sent: ::Integer
+        attr_accessor value: ::Integer
+
+        def initialize: (frame_type: ::Integer, name: ::String, value: ::Integer) -> void
+      end
+
+      class QuicConnectionError < Error
+        @error_code: ::Integer
+        @frame_type: ::Integer
+        @reason_phrase: ::String
+      end
+
+      # TODO: QuicConnectionAdapter
+
+      class QuicConnectionId
+        attr_accessor cid: ::String
+        attr_accessor sequence_number: ::Integer
+        attr_accessor stateless_reset_token: ::String
+        attr_accessor was_sent: bool
+      end
+
+      class QuicConnectionState
+        FIRSTFLIGHT: 0
+        CONNECTED: 1
+        CLOSING: 2
+        DRAINING: 3
+        TERMINATED: 4
+      end
+
+      class QuicNetworkPath
+        attr_accessor addr: untyped
+        attr_accessor bytes_received: ::Integer
+        attr_accessor bytes_sent: ::Integer
+        attr_accessor is_validated: bool
+        attr_accessor local_challenge: ::String | nil
+        attr_accessor remote_challenge: ::String | nil
+
+        def can_send: (::Integer size) -> bool
+      end
+
+      class QuicReceiveContext
+        attr_accessor epoch: ::Integer
+        attr_accessor host_cid: ::String
+        attr_accessor network_path: QuicNetworkPath
+        attr_accessor quic_logger_frames: ::Array[untyped] | nil
+        attr_accessor time: ::Float
+      end
+
+      END_STATES: ::Array[::Integer]
+
+
+      class QuicConnection
+        attr_reader configuration: QuicConfiguration
+        attr_reader original_destination_connection_id: ::String
+        attr_reader loss: Quic::Recovery::QuicPacketRecovery
+        attr_reader tls: ::Raioquic::TLS::Context
+        attr_reader local_max_streams_bidi: Limit
+
+        attr_accessor ack_delay: ::Float
+        attr_accessor is_client: bool
+
+        @configuration: QuicConfiguration
+        @is_client: bool
+        @ack_delay: ::Float
+        @close_at: ::Float | nil
+        @close_event: untyped # TODO: events
+        @connect_called: bool
+        @cryptos: ::Hash[::Integer, ::Raioquic::Quic::Crypto::CryptoPair]
+        @crypto_buffers: ::Hash[::Integer, ::Raioquic::Buffer]
+        @crypto_retransmitted: bool
+        @crypto_streams: ::Hash[::Integer, ::Raioquic::Quic::Stream::QuicStream] # TODO: QuicStream
+        @events: untyped # TODO: deque?
+        @handshake_complete: bool
+        @handshake_confirmed: bool
+        @host_cids: ::Array[QuicConnectionId]
+        @host_cid: ::String
+        @host_cid_seq: ::Integer
+        @local_ack_delay_exponent: ::Integer
+        @local_active_connection_id_limit: ::Integer
+        @local_initial_source_connection_id: ::String
+        @local_max_data: Limit
+        @local_max_stream_data_bidi_local: ::Integer
+        @local_max_stream_data_bidi_remote: ::Integer
+        @local_max_stream_data_uni: ::Integer
+        @local_max_streams_bidi: Limit
+        @local_max_streams_uni: Limit
+        @loss_at: ::Float | nil
+        @network_paths: ::Array[QuicNetworkPath]
+        @pacing_at: ::Float | nil
+        @packet_number: ::Integer
+        @parameters_received: bool
+        @peer_cid: QuicConnectionId
+        @peer_cid_available: ::Array[QuicConnectionId]
+        @peer_cid_sequence_numbers: ::Array[::Integer] # TODO: set
+        @peer_token: ::String
+        @quic_logger: ::Raioquic::Quic::Logger::QuicLoggerTrace
+        @remote_ack_delay_exponent: ::Integer
+        @remote_active_connection_id_limit: ::Integer
+        @remote_initial_source_connection_id: ::String | nil
+        @remote_max_idle_timeout: ::Float
+        @remote_max_data: ::Integer
+        @remote_max_data_used: ::Integer
+        @remote_max_datagram_frame_size: ::Integer | nil
+        @remote_max_stream_data_bidi_local: ::Integer
+        @remote_max_stream_data_bidi_remote: ::Integer
+        @remote_max_stream_data_uni: ::Integer
+        @remote_max_streams_bidi: ::Integer
+        @remote_max_streams_uni: ::Integer
+        @retry_count: ::Integer
+        @retry_source_connection_id: ::String | nil
+        @spaces: ::Hash[::Integer, Quic::Recovery::QuicPacketSpace]
+        @spin_bit: bool
+        @spin_highest_pn: ::Integer
+        @state: ::Integer
+        @streams: ::Hash[::Integer, Quic::Stream::QuicStream] # TODO: QuicStream
+        @streams_blocked_bidi: ::Array[untyped] # TODO: QuicStream
+        @streams_blocked_uni: ::Array[untyped] # TODO: QuicStream
+        @streams_finished: ::Array[::Integer] # TODO: ::Set
+        @version: ::Integer | nil
+        @version_negotiation_count: ::Integer
+        @original_destination_connection_id: ::String
+        @logger: untyped
+        @loss: Quic::Recovery::QuicPacketRecovery
+        @close_pending: bool
+        @datagrams_pending: untyped # TODO: set
+        @handshake_done_pending: bool
+        @ping_pending: ::Array[::Integer]
+        @probe_pending: bool
+        @retire_connection_ids: ::Array[::Integer]
+        @streams_blocked_pending: bool
+        @session_ticket_fetcher: untyped
+        @session_ticket_handler: untyped
+        @frame_handlers: ::Hash[::Integer, [::Symbol, ::Array[::Integer]]]
+        @tls: ::Raioquic::TLS::Context
+
+        def intialize: (
+          configuration: QuicConfiguration,
+          ?original_destination_connection_id: ::String,
+          ?retry_source_connection_id: ::String,
+          ?session_ticket_fetcher: untyped,
+          ?session_ticket_handler: untyped,
+        ) -> void
+        def change_connection_id: () -> void
+        def close: (?error_code: ::Integer, ?frame_type: ::Integer|nil, ?reason_phrase: ::String) -> void
+        def connect: (addr: untyped, now: ::Float) -> void # TODO: type of addr
+        def datagrams_to_send: (now: ::Float) -> ::Array[[::String, untyped]] # TODO: NetworkAddress
+        def get_next_available_stream_id: (?is_unidirectional: bool) -> ::Integer
+        def get_timer: () -> (::Float | nil)
+        def handle_timer: (now: ::Float) -> void
+        def next_event: () -> (::Raioquic::Quic::Event::QuicEvent | nil)
+        def receive_datagram: (data: ::String, addr: untyped, now: ::Float) -> void # TODO: NetworkAddress
+        def request_key_update: () -> void
+        def reset_stream: (stream_id: ::Integer, error_code: ::Integer) -> void
+        def send_ping: (::Integer uid) -> void
+        def send_datagram_frame: (:String data) -> void
+        def send_stream_data: (stream_id: ::Integer, data: ::String, ?end_stream: bool) -> void
+        def stop_stream: (stream_id: ::Integer, error_code: ::Integer) -> void
+        private def alpn_handler: (::String alpn_protocol) -> void
+        private def assert_stream_can_receive: (frame_type: ::Integer, stream_id: ::Integer) -> void
+        private def assert_stream_can_send: (frame_type: ::Integer, stream_id: ::Integer) -> void
+        private def consume_peer_cid: () -> void
+        private def close_begin: (is_initiator: bool, now: ::Float) -> void
+        private def close_end: () -> void
+        private def _connect: (now: ::Float) -> void
+        private def discard_epoch: (::Integer epoch) -> void
+        private def find_network_path: (untyped addr) -> QuicNetworkPath # TODO: NetworkAddress
+        private def get_or_create_stream: (frame_type: ::Integer, stream_id: ::Integer) -> ::Raioquic::Quic::Stream::QuicStream
+        private def get_or_create_stream_for_send: (::Integer stream_id) -> ::Raioquic::Quic::Stream::QuicStream
+        private def handle_session_ticket: (::Raioquic::TLS::SessionTicket session_ticket) -> void
+        private def initialize_connection: (::String peer_cid) -> void
+        private def handle_ack_frame: (context: QuicReceiveContext, frame_type: ::Integer, buf: ::Raioquic::Buffer) -> void
+        private def handle_connection_close_frame: (context: QuicReceiveContext, frame_type: ::Integer, buf: ::Raioquic::Buffer) -> void
+        private def handle_crypto_frame: (context: QuicReceiveContext, frame_type: ::Integer, buf: ::Raioquic::Buffer) -> void
+        private def handle_data_blocked_frame: (context: QuicReceiveContext, frame_type: ::Integer, buf: ::Raioquic::Buffer) -> void
+        private def handle_datagram_frame: (context: QuicReceiveContext, frame_type: ::Integer, buf: ::Raioquic::Buffer) -> void
+        private def handle_handshake_done_frame: (context: QuicReceiveContext, frame_type: ::Integer, buf: ::Raioquic::Buffer) -> void
+        private def handle_max_data_frame: (context: QuicReceiveContext, frame_type: ::Integer, buf: ::Raioquic::Buffer) -> void
+        private def handle_max_stream_data_frame: (context: QuicReceiveContext, frame_type: ::Integer, buf: ::Raioquic::Buffer) -> void
+        private def handle_max_streams_bidi_frame: (context: QuicReceiveContext, frame_type: ::Integer, buf: ::Raioquic::Buffer) -> void
+        private def handle_max_streams_uni_frame: (context: QuicReceiveContext, frame_type: ::Integer, buf: ::Raioquic::Buffer) -> void
+        private def handle_new_connection_id_frame: (context: QuicReceiveContext, frame_type: ::Integer, buf: ::Raioquic::Buffer) -> void
+        private def handle_new_token_frame: (context: QuicReceiveContext, frame_type: ::Integer, buf: ::Raioquic::Buffer) -> void
+        private def handle_padding_frame: (context: QuicReceiveContext, frame_type: ::Integer, buf: ::Raioquic::Buffer) -> void
+        private def handle_path_challenge_frame: (context: QuicReceiveContext, frame_type: ::Integer, buf: ::Raioquic::Buffer) -> void
+        private def handle_path_response_frame: (context: QuicReceiveContext, frame_type: ::Integer, buf: ::Raioquic::Buffer) -> void
+        private def handle_ping_frame: (context: QuicReceiveContext, frame_type: ::Integer, buf: ::Raioquic::Buffer) -> void
+        private def handle_reset_stream_frame: (context: QuicReceiveContext, frame_type: ::Integer, buf: ::Raioquic::Buffer) -> void
+        private def handle_retire_connection_id_frame: (context: QuicReceiveContext, frame_type: ::Integer, buf: ::Raioquic::Buffer) -> void
+        private def handle_stop_sending_frame: (context: QuicReceiveContext, frame_type: ::Integer, buf: ::Raioquic::Buffer) -> void
+        private def handle_stream_frame: (context: QuicReceiveContext, frame_type: ::Integer, buf: ::Raioquic::Buffer) -> void
+        private def handle_stream_data_blocked_frame: (context: QuicReceiveContext, frame_type: ::Integer, buf: ::Raioquic::Buffer) -> void
+        private def handle_streams_blocked_frame: (context: QuicReceiveContext, frame_type: ::Integer, buf: ::Raioquic::Buffer) -> void
+        private def log_key_retired: (key_type: ::String, trigger: ::String) -> void
+        private def log_key_updated: (key_type: ::String, trigger: ::String) -> void
+        private def on_ack_delivery: (delivery: ::Integer, space: ::Raioquic::Quic::Recovery::QuicPacketSpace, highest_acked: ::Integer) -> void
+        private def on_connection_limit_delivery: (delivery: ::Integer, limit: Limit) -> void
+        private def on_handshake_done_delivery: (delivery: ::Integer) -> void
+        private def on_max_stream_data_delivery: (delivery: ::Integer, stream: ::Raioquic::Quic::Stream::QuicStream) -> void
+        private def on_new_connection_id_delivery: (delivery: ::Integer, connection_id: QuicConnectionId) -> void
+        private def on_ping_delivery: (delivery: ::Integer, uids: ::Array[::Integer]) -> void
+        private def on_retire_connection_id_delivery: (delivery: ::Integer, sequence_number: ::Integer) -> void
+        private def payload_received: (context: QuicReceiveContext, plain: ::String) -> [bool, bool]
+        private def replenish_connection_ids: () -> void
+        private def retire_peer_cid: (QuicConnectionId connection_id) -> void
+        private def push_crypto_data: () -> void
+        private def send_probe: () -> void
+        private def parse_transport_parameters: (data: ::String, ?from_session_ticket: bool) -> void
+        private def serialize_transport_parameters: () -> ::String
+        private def set_state: (::Integer quic_connection_state) -> void
+        private def stream_can_receive: (::Integer stream_id) -> bool
+        private def stream_can_send: (::Integer stream_id) -> bool
+        private def unblock_streams: (bool is_unidirectional) -> void
+        private def update_traffic_key: (direction: ::Integer, epoch: ::Integer, cipher_suite: ::Integer, secret: ::String) -> void
+        private def write_application: (builder: ::Raioquic::Quic::PacketBuilder::QuicPacketBuilder, network_path: QuicNetworkPath, now: ::Float) -> void
+        private def write_handshake: (builder: ::Raioquic::Quic::PacketBuilder::QuicPacketBuilder, epoch: ::Integer, now: ::Float) -> void
+        private def write_ack_frame: (builder: ::Raioquic::Quic::PacketBuilder::QuicPacketBuilder, space: ::Raioquic::Quic::Recovery::QuicPacketSpace, now: ::Float) -> void
+        private def write_connection_close_frame: (builder: ::Raioquic::Quic::PacketBuilder::QuicPacketBuilder, epoch: ::Integer, error_code: ::Integer, ?frame_type: ::Integer, reason_phrase: ::String) -> void
+        private def write_connection_limits: (builder: ::Raioquic::Quic::PacketBuilder::QuicPacketBuilder, space: ::Raioquic::Quic::Recovery::QuicPacketSpace) -> void
+        private def write_crypto_frame: (builder: ::Raioquic::Quic::PacketBuilder::QuicPacketBuilder, space: ::Raioquic::Quic::Recovery::QuicPacketSpace, stream: ::Raioquic::Quic::Stream::QuicStream) -> bool
+        private def write_datagram_frame: (builder: ::Raioquic::Quic::PacketBuilder::QuicPacketBuilder, data: ::String, frame_type: ::Integer) -> bool
+        private def write_handshake_done_frame: (builder: ::Raioquic::Quic::PacketBuilder::QuicPacketBuilder) -> void
+        private def write_new_connection_id_frame: (builder: ::Raioquic::Quic::PacketBuilder::QuicPacketBuilder, connection_id: QuicConnectionId) -> void
+        private def write_path_challenge_frame: (builder: ::Raioquic::Quic::PacketBuilder::QuicPacketBuilder, challenge: ::String) -> void
+        private def write_path_response_frame: (builder: ::Raioquic::Quic::PacketBuilder::QuicPacketBuilder, challenge: ::String) -> void
+        private def write_ping_frame: (builder: ::Raioquic::Quic::PacketBuilder::QuicPacketBuilder, ?uids: ::Array[::Integer], ?comment: ::String) -> void
+        private def write_reset_stream_frame: (builder: ::Raioquic::Quic::PacketBuilder::QuicPacketBuilder, stream: ::Raioquic::Quic::Stream::QuicStream) -> void
+        private def write_retire_connection_id_frame: (builder: ::Raioquic::Quic::PacketBuilder::QuicPacketBuilder, sequence_number: ::Integer) -> void
+        private def write_stop_sending_frame: (builder: ::Raioquic::Quic::PacketBuilder::QuicPacketBuilder, stream: ::Raioquic::Quic::Stream::QuicStream) -> void
+        private def write_stream_frame: (builder: ::Raioquic::Quic::PacketBuilder::QuicPacketBuilder, space: ::Raioquic::Quic::Recovery::QuicPacketSpace, stream: ::Raioquic::Quic::Stream::QuicStream, max_offset: ::Integer) -> ::Integer
+        private def write_stream_limits: (builder: ::Raioquic::Quic::PacketBuilder::QuicPacketBuilder, space: ::Raioquic::Quic::Recovery::QuicPacketSpace, stream: ::Raioquic::Quic::Stream::QuicStream) -> void
+        private def write_streams_blocked_frame: (builder: ::Raioquic::Quic::PacketBuilder::QuicPacketBuilder, frame_type: ::Integer, limit: ::Integer) -> void
+      end
+    end
+  end
+end

data/sig/raioquic/quic/crypto.rbs

@@ -0,0 +1,88 @@
+module Raioquic
+  module Quic
+    module Crypto
+      INITIAL_CIPHER_SUITE: untyped
+      AEAD_KEY_LENGTH_MAX: 32
+      AEAD_NONCE_LENGTH: 12
+      AEAD_TAG_LENGTH: 16
+      PACKET_LENGTH_MAX: 1500
+      PACKET_NUMBER_LENGTH_MAX: 4
+      SAMPLE_LENGTH: 16
+      INITIAL_SALT_VERSION_1: ::String
+
+
+      def self?.derive_key_iv_hp: (untyped, ::String) -> Array[::String]
+      def self?.xor_str: (::String, ::String) -> ::String
+
+      class CryptoError
+      end
+
+      class NoCallback
+      end
+
+      class CryptoContext
+        attr_reader aead: untyped
+        attr_reader key_phase: 0 | 1
+        attr_reader secret: nil | ::String
+        @aead: nil | AEAD
+        @cipher_suite: untyped # TODO: ?
+        @key_phase: 0 | 1
+        @secret: nil | ::String
+        @version: untyped # TODO: ::Raioquic::Quic::Packet::QuicProtocolVersion::VERSION_1
+        @setup_cb: NoCallback | untyped
+        @teardown_cb: NoCallback | untyped
+        @hp: HeaderProtection|nil
+
+        def initialize: (key_phase: 0|1, setup_cb: untyped, teardown_cb: untyped) -> void
+                      | (setup_cb: untyped, teardown_cb: untyped) -> void
+        def decrypt_packet: (packet: ::String, encrypted_offset: ::Integer, expected_packet_number: ::Integer) -> [::String, ::String, ::Integer, bool]
+        def encrypt_packet: (plain_header: ::String, plain_payload: ::String, packet_number: ::Integer) -> ::String
+        def is_valid: () -> bool
+        def setup: (cipher_suite: untyped, secret: ::String, version: untyped) -> void
+        def teardown: () -> void
+        def apply_key_phase: (CryptoContext, ::String) -> void
+        def next_key_phase: () -> CryptoContext
+      end
+
+      class CryptoPair
+        attr_reader recv: CryptoContext
+        attr_reader send: CryptoContext
+
+        @aead_tag_size: ::Integer
+        @update_key_requested: bool
+
+        def initialize: (recv_setup_cb: NoCallback|untyped, recv_teardown_cb: NoCallback|untyped, send_setup_cb: NoCallback|untyped, send_teardown_cb: NoCallback|untyped) -> void
+        def decrypt_packet: (packet: ::String, encrypted_offset: ::Integer, expected_packet_number: ::Integer) -> [::String, ::String, ::Integer]
+        def encrypt_packet: (plain_header: ::String, plain_payload: ::Integer, packet_number: ::Integer) -> ::String
+        def setup_initial: (cid: ::String, is_client: bool, version: untyped) -> void
+        def teardown: () -> void
+        def key_phase: () -> ::Integer # TODO: 0 or 1
+        def update_key: () -> void
+        def _update_key: (::String) -> void
+      end
+
+      class AEAD
+        @cipher: OpenSSL::Cipher
+        @key: ::String
+        @iv: ::String
+        @cipher_name: ::String
+
+        def initialize: (cipher_name: ::String, key: ::String, iv: ::String) -> void
+        def decrypt: (data: ::String, associated_data: ::String, packet_number: ::Integer) -> ::String
+        def encrypt: (data: ::String, associated_data: ::String, packet_number: ::Integer) -> ::String
+      end
+
+      class HeaderProtection
+        @cipher: OpenSSL::Cipher
+        @key: ::String
+        @mask: ::String
+        @zero: ::String
+
+        def initialize: (cipher_name: ::String, key: ::String) -> void
+        def apply: (plain_header: ::String, protected_payload: ::String) -> ::String
+        def remove: (packet: ::String, encrypted_offset: ::Integer) -> [::String, ::Integer]
+        private def mask: (::String) -> ::String
+      end
+    end
+  end
+end