From 9eb672abd32083671c8436e548b01277162bb020 Mon Sep 17 00:00:00 2001
From: stormshield-gt <tudy.gourmelen@stormshield.eu>
Date: Wed, 27 Nov 2024 20:05:34 +0100
Subject: [PATCH] add a feature to expose key share handshake data

---
 quinn-proto/Cargo.toml           |  5 +++++
 quinn-proto/src/crypto/rustls.rs | 11 +++++++++++
 quinn/Cargo.toml                 |  5 +++++
 3 files changed, 21 insertions(+)

diff --git a/quinn-proto/Cargo.toml b/quinn-proto/Cargo.toml
index 8a91c14df..baa719956 100644
--- a/quinn-proto/Cargo.toml
+++ b/quinn-proto/Cargo.toml
@@ -30,6 +30,11 @@ log = ["tracing/log"]
 # Enable rustls logging
 rustls-log = ["rustls?/logging"]
 
+# Internal (PRIVATE!) features used to aid testing.
+# Don't rely on these whatsoever. They may disappear at any time.
+
+__rustls-post-quantum-test =  []
+
 [dependencies]
 arbitrary = { workspace = true, optional = true }
 aws-lc-rs = { workspace = true, optional = true }
diff --git a/quinn-proto/src/crypto/rustls.rs b/quinn-proto/src/crypto/rustls.rs
index d60740bb3..9f4cbc84f 100644
--- a/quinn-proto/src/crypto/rustls.rs
+++ b/quinn-proto/src/crypto/rustls.rs
@@ -6,6 +6,8 @@ use bytes::BytesMut;
 #[cfg(feature = "ring")]
 use ring::aead;
 pub use rustls::Error;
+#[cfg(feature = "__rustls-post-quantum-test")]
+use rustls::NamedGroup;
 use rustls::{
     self,
     client::danger::ServerCertVerifier,
@@ -64,6 +66,12 @@ impl crypto::Session for TlsSession {
                 Connection::Client(_) => None,
                 Connection::Server(ref session) => session.server_name().map(|x| x.into()),
             },
+            #[cfg(feature = "__rustls-post-quantum-test")]
+            negotiated_key_exchange_group: self
+                .inner
+                .negotiated_key_exchange_group()
+                .expect("key exchange group is negotiated")
+                .name(),
         }))
     }
 
@@ -256,6 +264,9 @@ pub struct HandshakeData {
     ///
     /// Always `None` for outgoing connections
     pub server_name: Option<String>,
+    /// The key exchange group negotiated with the peer
+    #[cfg(feature = "__rustls-post-quantum-test")]
+    pub negotiated_key_exchange_group: NamedGroup,
 }
 
 /// A QUIC-compatible TLS client configuration
diff --git a/quinn/Cargo.toml b/quinn/Cargo.toml
index a061520d7..ab918b79c 100644
--- a/quinn/Cargo.toml
+++ b/quinn/Cargo.toml
@@ -38,6 +38,11 @@ log = ["tracing/log", "proto/log", "udp/log"]
 # Enable rustls logging
 rustls-log = ["rustls?/logging"]
 
+# Internal (PRIVATE!) features used to aid testing.
+# Don't rely on these whatsoever. They may disappear at any time.
+
+__rustls-post-quantum-test =  ["dep:rustls-post-quantum", "rustls-aws-lc-rs", "proto/__rustls-post-quantum-test"]
+
 [dependencies]
 async-io = { workspace = true, optional = true }
 async-std = { workspace = true, optional = true }