raioquic 0.1.0

data/example/interoperability/raioquic_client.rb

@@ -0,0 +1,42 @@
+require "raioquic"
+require "socket"
+
+HOST = ["0.0.0.0", 4433]
+
+conf = Raioquic::Quic::QuicConfiguration.new(is_client: true)
+conf.load_verify_locations(cafile: "localhost-unasuke-dev.crt")
+client = Raioquic::Quic::Connection::QuicConnection.new(configuration: conf)
+client.connect(addr: HOST, now: Time.now.to_f)
+s = UDPSocket.new
+s.connect("0.0.0.0", 4433)
+
+# handshake
+3.times do
+  client.datagrams_to_send(now: Time.now.to_f).each do |data, addr|
+    # pp data
+    s.send(data, 0)
+  end
+  data, addr = s.recvfrom(65536)
+  client.receive_datagram(data: data, addr: HOST, now: Time.now.to_f)
+  # puts("()()()()()()()()()(()()")
+  # pp client.events
+  while ev = client.next_event
+    pp ev
+  end
+end
+
+stream_id = client.get_next_available_stream_id
+
+2.times do
+  client.send_stream_data(stream_id: stream_id, data: "hello")
+  client.datagrams_to_send(now: Time.now.to_f).each do |data, addr|
+    # pp data
+    s.send(data, 0)
+  end
+  data, addr = s.recvfrom(65536)
+  client.receive_datagram(data: data, addr: HOST, now: Time.now.to_f)
+  while ev = client.next_event
+    pp ev
+  end
+end
+client.close

data/example/interoperability/raioquic_server.rb

@@ -0,0 +1,43 @@
+require "raioquic"
+require "socket"
+
+HOST = ["0.0.0.0", 4433]
+
+conf = Raioquic::Quic::QuicConfiguration.new(is_client: false)
+conf.load_cert_chain("localhost-unasuke-dev.crt", "key.pem")
+server = Raioquic::Quic::Connection::QuicConnection.new(configuration: conf)
+# client.connect(addr: HOST, now: Time.now.to_f)
+s = UDPSocket.new
+s.bi
+s.connect("0.0.0.0", 4433)
+
+# handshake
+3.times do
+  client.datagrams_to_send(now: Time.now.to_f).each do |data, addr|
+    # pp data
+    s.send(data, 0)
+  end
+  data, addr = s.recvfrom(65536)
+  client.receive_datagram(data: data, addr: HOST, now: Time.now.to_f)
+  # puts("()()()()()()()()()(()()")
+  # pp client.events
+  while ev = client.next_event
+    pp ev
+  end
+end
+
+stream_id = client.get_next_available_stream_id
+
+2.times do
+  client.send_stream_data(stream_id: stream_id, data: "hello")
+  client.datagrams_to_send(now: Time.now.to_f).each do |data, addr|
+    # pp data
+    s.send(data, 0)
+  end
+  data, addr = s.recvfrom(65536)
+  client.receive_datagram(data: data, addr: HOST, now: Time.now.to_f)
+  while ev = client.next_event
+    pp ev
+  end
+end
+client.close

data/example/parse_curl_example.rb

@@ -0,0 +1,108 @@
+require "raioquic"
+
+# quiche
+curl_example_1 = [
+  "c400000001101b631c6391a91309c29395aaa5c180bc14db7dafc0e1c10407ff4a9527a71103bb7eb59a91004120487b50905ab8b9b40a27ca5bcbf7" \
+  "72f2d4fc76d64f4b81e9c713e872df9d9dba3f65cf1ed5673b0b3da9ca484779da091e11c0627c0c1f46f211bb02ca838a44644594073abaa7001523" \
+  "94d9d27b8c996294be08843066e2a20724f9f565d18235af6d6a70cae0021118a36248abe019b261be18b41b55aeb5efa99d82d78c4cdf914447b86b" \
+  "dfa8c2e71869dd11ba0f07ef3a706e4210906ab7185331c8170e2e4221b1c5a8a7344dbb314d3431b16ec0097d6735cbf1aca08230b03df55f65ce90" \
+  "8f641c010d3d049c9bc1c54f7b5aca0715abba7dad2b44270e79b5f3a867da03e45ddf3c4193e513ed6c0d2006452b8a149cf6dc4f506312ad5bb664" \
+  "c51ed3339225a574b769ca32a4b927b00d3f6e8b672ebbf8255c08b9077ffa8cede10000000000000000000000000000000000000000000000000000" \
+  "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" \
+  "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" \
+  "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" \
+  "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" \
+  "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" \
+  "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" \
+  "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" \
+  "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" \
+  "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" \
+  "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" \
+  "00000000000000000000000000000000000000000000000000000000000000000000000000000000"
+].pack("H*")
+
+# ngtcp2
+curl_example_2 = [
+  "cf0000000114ffd7b7163e917c1564d3d466140e55786193ad2614bb91e0a62b38bc5636a092b3bedddd6c2fb3a634008000047c0f37f579dfb9d2f7" \
+  "72adec386b2fa74b17f869dfe69c7fdd43f573c1a7da1a1f8933b74fd4bee9857a9c7ae5c6bf901dee6e89cd36534605e415f7362af8cdeb8dce366b" \
+  "686a12c5926b67cd4eb51a971901acd26065adc289fc880ef571a6be517106b4289bc0e88c55ee359bde58d03b3d51c3f1bbdff3533992b392213266" \
+  "0693b769f62cbeef2e04894fa6b7a07754bad53e59c41e997193fa59a31d3d28bb2fe7f92fde06c95e95bd987b9f2931ce3d099e3a6d81063f27f0a9" \
+  "39f968dec45630822d16a4d21d2b64826f58accec67895dca92e288ab0cf8e499042bb8610d27ef93f06df0baa756c1f6f4f2d547f0225469c5dec8d" \
+  "f30f2e5d446a2fa46282493c736cb64b7e7915ee9b8da09c2923438af552a7486d97ec86ccabace868165e0a7537599e3bfacd3014e1c440713e3e45" \
+  "1fcd4a69aa5bd4e4bdaacc36c677467557a858563f6d1fcfdc2e90e393fb408a08fccb1dc5ab3d34380b8c19a866b7a2e02b6d4a790b8c1affc60441" \
+  "8f2f9910955a9a7bd9863fae2b88ca154205902c46d02c0cd77b94b60246a4c30b2981776c8d81f02a2ef99650e15c23393dfe2e9a331a82b9dadd0c" \
+  "a0ccde5eb1076679d341073d58fbb3ff0a92d7dc22175a8b005e412b3c46d0b9d46aa61ab9aa1adfcf91435d549986ef3c93c84ab24c5712de9bf459" \
+  "c5932506be63f66f8329c465d047aeea3d6f955222cad794b2260aa7bab3e58898261c5e4e120341cc06a770b6b5080160f9106d597637f3c70e1c2f" \
+  "bd11061ed5e222fa0fb2c1168b3e4c73379b1ffc483565faa70af74ee43f7021270d8e0539588bc81676a38020da2928f51eacad7fb7e701d5f733d9" \
+  "7b4d9268110ba3e32d3080a560346487f99c4250ef8632e8078170913ffa3074f3e2f68d807a465fda271580a76ba99b67580e2549c0e895fea9329d" \
+  "df6dbb8f2c23032f84ad84dd51f812c2666b7d073ee73abb642005419325d9cd22b5c18fac3ac5bc0031c6aad50006ac9ee9dddf8fcdf8f58c261a5b" \
+  "86432f3994e8455dbc7b2d8885db3fec3f1a8e1f880a17531896d3d8f7014c4dc13ae757836ecbd2e69c628bf2d539d7aae293e127cd565426e65a07" \
+  "5cd4f5ff42a7d6df2c1743fb68922e09103424d0752d92cce6a3301a899050874a4b1255bf1b24f66e047826cbc92c5532ae6c38fbede4d356d98cf0" \
+  "b61acd508c8e5b9d64b83b84870b62065e9101831bbdbd61bac77edd2971b371a8c39fd79c00c2c3fd9e8f2c0480815d115d34e57a27bf963bd55748" \
+  "491c86f4918b4b84c4ca497a7da6e04a8aa3610c4b02c9336c80a87e6198800bacead5308b2b3f1d371faefb54dc13386539d27ae1acd01c60427d9b" \
+  "3db437b91b8e89c804c28739f9f2f16a63ef2538673ff78ab13cbcb4fba64c45b8dfc54901b3bf09b0d0931b800c07782a044f27a370f11183d7c7ec" \
+  "429406bfa84d67dfbd1622331be2e8ee1787a1ac27b994812df08fd59e2ba6e70773978d6d4373d92e740d921338120772f26d720957d7797bbdd0c3" \
+  "e8b35bf634f2c7609d0fb369524e82105d13d3dd293c62272a81a1fafd91e06a9e89e13346fc0c0e550212fb38e773791e5ebf5cb02cbe757542c489"
+].pack("H*")
+
+# msh3
+curl_example_3 = [
+  "c90000000108653439dec7a03435000044b253edca3c42d9eb3096dc53f2199151ee39c14794fff635d4b38a88f8625434729196b2b0d7a07dc49a7e" \
+  "540c36d4915ca58752432c7c0ffc5cc6933ea6f21665d00d1975b43447173595a6b6e6ea33ea485146a996366c47a5db51ea8a2543123134560bc701" \
+  "866c501390acb349cbcd358632a2f0c22eb403458a1388f351d94994afbf66d3826a1abe0563aba293db1c1ef1c998a37f61bd76bc07fb7c84806efa" \
+  "fc83c5b83390cc97504524afb71d7a1f5001e2b28c9d8c1d56db8b7465ddb008956f62729586cd67133d01739f80abbceb0ddefde61a4721388cab0f" \
+  "e52e6a494f2c970d84ca4dfea36b2bbfa380d2f2c55fb4eacbfd5d9627a4b2a13bc6088f6185eca600df452648343d6491b8466026bb9230096198ae" \
+  "a12785a122bf7c0e2d975f6a023571bc2bddb30f170cf50bb8619ecd7fa5430f632d392d345e44165c9c193d7aaa1f5d21772d31f5fe2f799ec2b74b" \
+  "2b5cf01d0d436d16bb103e61ae3cf314c23e902fdb41d9bcc0f505b097dff110d6533c7818b4cdc06b9f7f0667e2fe46a9ee903a98ba3e4ef130e510" \
+  "c356fe4090ed4fa86e071875dcd92f4e4eeb059826f19eb7342b498b0eb2485b885312e38392cbb3168ea56668101c804c4ed7146cb4a951677abfb9" \
+  "26f9260eec03bcbab39867ab95149147b13f5ad7d0583045e09362f3e4f34711529cf5d691675ee646bd4b67c86f38b0972e593392fdea34b081956a" \
+  "f78e3af3abf03006c585e1a9753cc2022a7c7af89ebb2af272e428c02256d39999ddc1c68c64ac0460a45905d23b9d2ed1f6223631e86c022ad0d161" \
+  "071f876054dc965b8876ae1bb6cbb4526c85edf81f44cbb9151853e313365509a8b874086779e1238f06e528118668883a81b8b948c8f9ce4e867672" \
+  "888e79871b1fb204b821fd9b9a20f7f1ef471cf42b5afa7015edd94bdf0ed4a34326a52bc1b0afaa7f06a10a0cc81bc425abd57cdb2fdf9dce23c29a" \
+  "b9a899c66a99f218c9979de34b72b1c6f6d0cd1d3bd4327f23f49f4ece3e8c0eeeeb6792565a60f2ac458f84cdbffd9a68192709b03b9172f0701000" \
+  "13364ee8af8afebaf95b2d42140c482a7167e2b0b81c83db0d78c50952f02dc211c274946d7279a130cbf090690fa74b130d0985a3b0e420aea25256" \
+  "d20135793fedcc3d1b2e983751115d1f63867f60032b9c4d998d3826ec7168e234990f57e905a36c15e6161360f825d4448a6a7c7579a685a70f4070" \
+  "d23f1ccb8fa27c7c20f7f02fa04888d30f9cb1fdcaf2b8004ecd38e36b5eb780d96991602c2e31c038d716afb178cf70d856f092c11c7b486219c7e9" \
+  "89519badcc25051ff271d53735a6b39676669859255174ae2ba14417cda1a7657004f0225eb042e716c467ed5c9d6756d376aae59cc8c8eb109ce337" \
+  "61f23b608066087021360ef3f1793e7d1566482582672ddd8b2566b739e3f357dea4618853a60d6ccbc91ff4390caef222577aab2034e9eefa931ead" \
+  "1e53c9f147374c7fb5a80583c2dafc4a0f91ed9dfa331fade079d06ef06410e6e18a1b1d9f0dc29b1a13ed0c6fce86e9cba88d2b566b0f13bce9757e" \
+  "d9c35d5bb1c5e9984202d1be90ef3538df613cbd4dd7d0a4f608d6f3de2a4a68ad10a77ff08ec0ab7f5c3efc3f3cb5f24d63353059b9d69e0a47dc74" \
+  "d81edd95ef717fcc28f3c6e2f8ce321bf0aba3fa"
+].pack("H*")
+
+[curl_example_1, curl_example_2, curl_example_3].each do |curl_example|
+  buf = Raioquic::Buffer.new(data: curl_example)
+  pp Raioquic::Quic::Packet.pull_quic_header(buf: buf, host_cid_length: 8)
+  puts "\n"
+end
+
+#  $ bundle exec ruby example/parse_curl_example.rb
+#  #<Raioquic::Quic::Packet::QuicHeader:0x00007f844f836280
+#   @destination_cid="\ec\x1Cc\x91\xA9\x13\t\xC2\x93\x95\xAA\xA5\xC1\x80\xBC",
+#   @integrity_tag="",
+#   @is_long_header=true,
+#   @packet_type=192,
+#   @rest_length=288,
+#   @source_cid="\xDB}\xAF\xC0\xE1\xC1\x04\a\xFFJ\x95'\xA7\x11\x03\xBB~\xB5\x9A\x91",
+#   @token="",
+#   @version=1>
+#
+#  #<Raioquic::Quic::Packet::QuicHeader:0x00007f844f82cc80
+#   @destination_cid="\xFF\xD7\xB7\x16>\x91|\x15d\xD3\xD4f\x14\x0EUxa\x93\xAD&",
+#   @integrity_tag="",
+#   @is_long_header=true,
+#   @packet_type=192,
+#   @rest_length=1148,
+#   @source_cid="\xBB\x91\xE0\xA6+8\xBCV6\xA0\x92\xB3\xBE\xDD\xDDl/\xB3\xA64",
+#   @token="",
+#   @version=1>
+#
+#  #<Raioquic::Quic::Packet::QuicHeader:0x00007f844f82c0a0
+#   @destination_cid="e49\xDE\xC7\xA045",
+#   @integrity_tag="",
+#   @is_long_header=true,
+#   @packet_type=192,
+#   @rest_length=1202,
+#   @source_cid="",
+#   @token="",
+#   @version=1>

data/lib/raioquic/buffer.rb

@@ -0,0 +1,202 @@
+# frozen_string_literal: true
+
+require "stringio"
+require "forwardable"
+
+module Raioquic
+  # Raioquic::Buffer
+  # Migrated from auiquic/src/aioquic/buffer.py
+  class Buffer
+    extend Forwardable
+
+    BufferReadError = Class.new(StandardError)
+    BufferWriteError = Class.new(StandardError)
+
+    UINT_VAR_MAX = 0x3fffffffffffffff
+    UINT_VAR_MAX_SIZE = 8
+
+    def_delegator :@buffer, :eof, :eof
+    def_delegator :@buffer, :tell, :tell
+
+    attr_reader :capacity
+
+    # Encode a variable-length unsigned integer.
+    def self.encode_uint_var(value)
+      buf = new(capacity: UINT_VAR_MAX_SIZE)
+      buf.push_uint_var(value)
+      buf.data
+    end
+
+    # Return the number of bytes required to encode the given value
+    # as a QUIC variable-length unsigned integer.
+    def self.size_uint_var(value)
+      if value <= 0x3f # rubocop:disable Style/GuardClause
+        return 1
+      elsif value <= 0x3fff
+        return 2
+      elsif value <= 0x3fffffff
+        return 4
+      elsif value <= 0x3fffffffffffffff
+        return 8
+      else
+        raise ValueError, "Integer is too big for a variable-length integer"
+      end
+    end
+
+    def initialize(capacity: nil, data: "")
+      @position = 0 # bytes count
+      @buffer = StringIO.open((+data).force_encoding(Encoding::ASCII_8BIT), "rb+:ASCII-8bit:ASCII-8BIT")
+      @capacity = capacity || @buffer.size
+    end
+
+    def dealloc
+      # empty
+    end
+
+    def data
+      data_slice(start: 0, ends: tell)
+    end
+
+    def seek(offset)
+      check_read_bounds(offset)
+      @buffer.seek(offset)
+    rescue Errno::EINVAL
+      raise BufferReadError
+    end
+
+    # def capacity
+    #   @capacity
+    # end
+
+    # NOTE: "end" is reserved keyword in Ruby
+    def data_slice(start:, ends:)
+      orig_str = @buffer.string
+
+      raise BufferReadError, "Read out of bounds" if start < 0 || @buffer.size < start || ends < 0 || @buffer.size < ends || ends < start
+
+      orig_str.byteslice(start, ends - start)
+    end
+
+    # Pull bytes.
+    def pull_bytes(length)
+      raise BufferReadError if @buffer.size < 1
+
+      @buffer.read(length)
+    rescue EOFError, ArgumentError
+      raise BufferReadError
+    end
+
+    # Pull an 8-bit unsigned integer.
+    def pull_uint8
+      @buffer.readpartial(1).unpack1("C")
+    rescue EOFError
+      raise BufferReadError
+    end
+
+    # Pull a 16-bit unsigned integer.
+    def pull_uint16
+      @buffer.readpartial(2).unpack1("n")
+    rescue EOFError
+      raise BufferReadError
+    end
+
+    # Pull a 32-bit unsigned integer.
+    def pull_uint32
+      @buffer.readpartial(4).unpack1("N")
+    rescue EOFError
+      raise BufferReadError
+    end
+
+    # Pull a 64-bit unsigned integer.
+    def pull_uint64
+      @buffer.readpartial(8).unpack1("Q>")
+    rescue EOFError
+      raise BufferReadError
+    end
+
+    # Pull a QUIC variable-length unsigned integer.
+    def pull_uint_var
+      check_read_bounds(1)
+      first = pull_uint8
+      case first >> 6
+      when 0
+        first & 0x3f
+      when 1
+        check_read_bounds(1)
+        second = pull_uint8
+        ((first & 0x3f) << 8) | (second)
+      when 2
+        check_read_bounds(3)
+        second = pull_uint8
+        third = pull_uint8
+        forth = pull_uint8
+        ((first & 0x3f) << 24) | (second << 16) | (third << 8) | forth
+      else
+        check_read_bounds(7)
+        b2 = pull_uint8
+        b3 = pull_uint8
+        b4 = pull_uint8
+        b5 = pull_uint8
+        b6 = pull_uint8
+        b7 = pull_uint8
+        b8 = pull_uint8
+        ((first & 0x3f) << 56) | (b2 << 48) | (b3 << 40) | (b4 << 32) | (b5 << 24) | (b6 << 16) | (b7 << 8) | b8
+      end
+    end
+
+    def push_bytes(value)
+      raise BufferWriteError if value.bytesize > [@buffer.size, @capacity].max
+
+      @buffer << value
+    end
+
+    def push_uint8(value)
+      @buffer << [value].pack("C")
+    end
+
+    def push_uint16(value)
+      @buffer << [value].pack("n")
+    end
+
+    def push_uint32(value)
+      @buffer << [value].pack("N")
+    end
+
+    def push_uint64(value)
+      @buffer << [value].pack("Q>")
+    end
+
+    def push_uint_var(value)
+      if value <= 0x3f
+        check_read_bounds(1)
+        push_uint8(value)
+      elsif value <= 0x3fff
+        check_read_bounds(2)
+        push_uint8((value >> 8) | 0x40)
+        push_uint8(value & 0xff)
+      elsif value <= 0x3fffffff
+        check_read_bounds(4)
+        push_uint8((value >> 24) | 0x80)
+        push_uint8((value >> 16) & 0xff)
+        push_uint8((value >> 8) & 0xff)
+        push_uint8(value)
+      elsif value <= 0x3fffffffffffffff
+        check_read_bounds(8)
+        push_uint8((value >> 56) | 0xc0)
+        push_uint8((value >> 48) & 0xff)
+        push_uint8((value >> 40) & 0xff)
+        push_uint8((value >> 32) & 0xff)
+        push_uint8((value >> 24) & 0xff)
+        push_uint8((value >> 16) & 0xff)
+        push_uint8((value >> 8) & 0xff)
+        push_uint8(value & 0xff)
+      else
+        raise ValueError, "Integer is too big for a variable-length integer"
+      end
+    end
+
+    private def check_read_bounds(length)
+      raise BufferReadError, "Read out of bounds" if [@buffer.size, @capacity].max < length
+    end
+  end
+end

data/lib/raioquic/core_ext.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+# CoreExt (like active support)
+
+# CoreExt for String class
+class String
+  # Convert big endian bytes to integer (unsigned, up to 4 byte)
+  def bytes_to_int
+    case bytesize
+    when 0
+      0
+    when 1
+      ("\x00" + self).unpack1("n*").to_i # rubocop:disable Style/StringConcatenation
+    when 2
+      unpack1("n*").to_i
+    when 3
+      ("\x00" + self).unpack1("N*").to_i # rubocop:disable Style/StringConcatenation
+    when 4
+      unpack1("N*").to_i
+    else
+      raise ArgumentError, "#{bytesize} bytes is not supported"
+    end
+  end
+end
+
+# CoreExt for Integer class
+class Integer
+  # Convert integer to specific byte size string (unsigned, big endian)
+  def to_bytes(bytesize) # rubocop:disable Metrics/CyclomaticComplexity
+    raise ArgumentError if self > 4294967295 # 5 bytes
+
+    template = case bytesize
+               when 0
+                 nil
+               when 1
+                 "C*"
+               when 2
+                 "n*"
+               when 3..4
+                 "N*"
+               else
+                 raise ArgumentError, "#{bytesize} bytes is too big"
+               end
+    return "" if template.nil?
+
+    [self].pack(template).then do |str|
+      if bytesize == 3
+        str.byteslice(1, 3).to_s
+      else
+        str
+      end
+    end
+  end
+end

data/lib/raioquic/crypto/README.md

@@ -0,0 +1,5 @@
+# Raioquic::Crypto
+
+The codes under the directory heavily inspired by `pyca/cryptography`
+
+<https://github.com/pyca/cryptography>

data/lib/raioquic/crypto/aesgcm.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+require_relative "backend/aead"
+
+module Raioquic
+  module Crypto
+    # Raioquic::Crypto::AESGCM
+    # Migrated from pyca/cryptography/src/cryptography/hazmat/primitives/ciphers/aead.py
+    class AESGCM
+      attr_reader :key
+
+      MAX_SIZE = (2**31) - 1
+      OverflowError = Class.new(StandardError)
+
+      def initialize(key)
+        raise TypeError unless key.is_a? String
+        raise ValueError, "AESGCM key must be 128, 192, or 256 bits." unless [16, 24, 32].include?(key.length)
+
+        @key = key
+      end
+
+      def self.generate_key(bit_length)
+        raise TypeError, "bit_length must be an integer" unless bit_length.is_a? Integer
+        raise ValueError, "bit_length must be 128, 192, or 256" unless [128, 192, 256].include?(bit_length)
+
+        Random.urandom(bit_length / 8)
+      end
+
+      def encrypt(nonce:, data:, associated_data: "")
+        raise OverflowError, "Data or associated data too long. Max 2**31 - 1 bytes" if data.length > MAX_SIZE || associated_data.length > MAX_SIZE
+
+        check_nonce(nonce)
+        validate_length(nonce: nonce, data: data)
+
+        Backend::Aead.encrypt(cipher: self, key: @key, nonce: nonce, data: data, associated_data: [associated_data], tag_length: 16)
+      end
+
+      def decrypt(nonce:, data:, associated_data: "")
+        Backend::Aead.decrypt(cipher: self, key: @key, nonce: nonce, data: data, associated_data: [associated_data], tag_length: 16)
+      end
+
+      private def validate_length(nonce:, data:)
+        l_val = 15 - nonce.length
+        raise ValueError, "Data too long for nonce" if 2 * (8 * l_val) < data.length
+      end
+
+      private def check_nonce(nonce)
+        raise ValueError, "Nonce must be 12 bytes" if nonce.length != 12
+      end
+    end
+  end
+end

data/lib/raioquic/crypto/backend/aead.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+require "openssl"
+
+module Raioquic
+  module Crypto
+    module Backend
+      # Raioquic's Crypto::Backend is only OpenSSL
+      # Migrated from pyca/cryptography/src/cryptography/hazmat/backends/openssl/aead.py
+      class Aead
+        def self.aead_cipher_name(cipher)
+          case cipher
+          # when ChaCha20Poly1305
+          # when AESCCM
+          #   "aes-#{cipher.key.length}-ccm"
+          when ::Raioquic::Crypto::AESGCM
+            "aes-#{cipher.key.length * 8}-gcm"
+          else
+            raise RuntimeError
+          end
+        end
+        private_class_method :aead_cipher_name
+
+        def self.encrypt(cipher:, key:, nonce:, data:, associated_data: [], tag_length:)
+          cipher_name = aead_cipher_name(cipher)
+          cipher = OpenSSL::Cipher.new(cipher_name)
+          cipher.encrypt
+          cipher.key = key
+          cipher.iv = nonce
+          cipher.auth_data = associated_data.join
+          encrypted = cipher.update(data) + cipher.final
+          tag = cipher.auth_tag(tag_length)
+          return encrypted + tag
+        end
+
+        def self.decrypt(cipher:, key:, nonce:, data:, associated_data: [], tag_length:)
+          cipher_name = aead_cipher_name(cipher)
+          cipher = OpenSSL::Cipher.new(cipher_name)
+          tag = data.slice(-tag_length, tag_length)
+          encryped = data.slice(0, data.length - tag_length)
+          cipher.decrypt
+          cipher.key = key
+          cipher.iv = nonce
+          cipher.auth_tag = tag
+          cipher.auth_data = associated_data.join
+          decrypted = cipher.update(encryped) + cipher.final
+          return decrypted
+        end
+      end
+    end
+  end
+end

data/lib/raioquic/crypto/backend.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require_relative "aesgcm"
+
+module Raioquic
+  module Crypto
+    # Raioquic::Crypto::Backend
+    # Migrated from pyca/cryptography/src/cryptography/hazmat/backends/openssl/backend.py
+    module Backend
+    end
+  end
+end

data/lib/raioquic/crypto.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+require_relative "crypto/backend"
+
+module Raioquic
+  # Raioquic::Crypto
+  # Cryptography modules migrated from pyca/cryptography
+  module Crypto
+  end
+end

data/lib/raioquic/quic/configuration.rb

@@ -0,0 +1,81 @@
+# frozen_string_literal: true
+
+require "openssl"
+
+module Raioquic
+  module Quic
+    # Raioquic::Quic::Configuration
+    # Migrated from aioquic/src/aioquic/quic/configuration.py
+    # A QUIC configration
+    class QuicConfiguration
+      attr_accessor :alpn_protocols
+      attr_accessor :connection_id_length
+      attr_accessor :idle_timeout
+      attr_accessor :is_client
+      attr_accessor :max_data
+      attr_accessor :max_stream_data
+      attr_accessor :quic_logger
+      attr_accessor :secrets_log_file
+      attr_accessor :server_name
+      attr_accessor :session_ticket
+      attr_accessor :cadata
+      attr_accessor :cafile
+      attr_accessor :capath
+      attr_accessor :certificate
+      attr_accessor :certificate_chain
+      attr_accessor :cipher_suites
+      attr_accessor :initial_rtt
+      attr_accessor :max_datagram_frame_size
+      attr_accessor :private_key
+      attr_accessor :quantam_readiness_test
+      attr_accessor :supported_versions
+      attr_accessor :verify_mode
+
+      def initialize(**kwargs) # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+        @alpn_protocols = kwargs[:alpn_protocols]
+        @connection_id_length = kwargs[:connection_id_length] || 8
+        @idle_timeout = kwargs[:idle_timeout] || 60.0
+        @is_client = kwargs[:is_client]
+        @max_data = kwargs[:max_data] || 1048576
+        @max_stream_data = kwargs[:max_stream_data] || 1048576
+        @quic_logger = kwargs[:quic_logger]
+        @secrets_log_file = kwargs[:secrets_log_file]
+        @server_name = kwargs[:server_name]
+        @session_ticket = kwargs[:session_ticket]
+        @cadata = kwargs[:cadata]
+        @cafile = kwargs[:cafile]
+        @capath = kwargs[:capath]
+        @certificate = kwargs[:certificate]
+        @certificate_chain = kwargs[:certificate_chain]
+        @cipher_suites = kwargs[:cipher_suites]
+        @initial_rtt = kwargs[:initial_rtt] || 0.1
+        @max_datagram_frame_size = kwargs[:max_datagram_frame_size]
+        @private_key = kwargs[:private_key]
+        @quantam_readiness_test = kwargs[:quantam_readiness_test] || false
+        @supported_versions = kwargs[:supported_versions] || [Packet::QuicProtocolVersion::VERSION_1]
+        @verify_mode = kwargs[:verify_mode]
+      end
+
+      # Load a private key and the corresponding certificate.
+      def load_cert_chain(certfile, keyfile = nil, password = nil)
+        boundary = "-----BEGIN PRIVATE KEY-----\n"
+        cert_body = File.read(certfile)
+        certs = OpenSSL::X509::Certificate.load(cert_body)
+
+        @certificate = certs[0]
+        @certificate_chain = certs[1..] if certs.length > 1
+
+        @private_key = OpenSSL::PKey.read(cert_body) if cert_body.include?(boundary)
+
+        @private_key = OpenSSL::PKey.read(File.read(keyfile), password) if keyfile
+      end
+
+      # Load a set of "certification authority" (CA) certificates used to validate other peer's certificates.
+      def load_verify_locations(cafile: nil, capath: nil, cadata: nil)
+        @cafile = cafile
+        @capath = capath
+        @cadata = cadata
+      end
+    end
+  end
+end