ngtcp2: sync with upstream API changes
Assisted-by: Tatsuhiro Tsujikawa
This commit is contained in:
Daniel Stenberg
parent
25f9621935
commit
ff4ef390f6
@ -232,22 +232,17 @@ size_t Curl_qc_aead_max_overhead(const struct Context *ctx)
|
||||
return aead_tag_length(ctx);
|
||||
}
|
||||
|
||||
ssize_t Curl_qc_encrypt(uint8_t *dest, size_t destlen,
|
||||
const uint8_t *plaintext, size_t plaintextlen,
|
||||
const struct Context *ctx,
|
||||
const uint8_t *key, size_t keylen,
|
||||
const uint8_t *nonce, size_t noncelen,
|
||||
const uint8_t *ad, size_t adlen)
|
||||
int Curl_qc_encrypt(uint8_t *dest,
|
||||
const uint8_t *plaintext, size_t plaintextlen,
|
||||
const struct Context *ctx,
|
||||
const uint8_t *key,
|
||||
const uint8_t *nonce, size_t noncelen,
|
||||
const uint8_t *ad, size_t adlen)
|
||||
{
|
||||
size_t taglen = aead_tag_length(ctx);
|
||||
EVP_CIPHER_CTX *actx;
|
||||
size_t outlen = 0;
|
||||
int outlen = 0;
|
||||
int len;
|
||||
(void)keylen;
|
||||
|
||||
if(destlen < plaintextlen + taglen) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
actx = EVP_CIPHER_CTX_new();
|
||||
if(!actx)
|
||||
@ -281,40 +276,33 @@ ssize_t Curl_qc_encrypt(uint8_t *dest, size_t destlen,
|
||||
if(EVP_EncryptFinal_ex(actx, dest + outlen, &len) != 1)
|
||||
goto error;
|
||||
|
||||
outlen += len;
|
||||
assert(outlen + taglen <= destlen);
|
||||
|
||||
if(EVP_CIPHER_CTX_ctrl(actx, EVP_CTRL_AEAD_GET_TAG,
|
||||
(int)taglen, dest + outlen) != 1)
|
||||
goto error;
|
||||
|
||||
outlen += taglen;
|
||||
|
||||
EVP_CIPHER_CTX_free(actx);
|
||||
return outlen;
|
||||
return 0;
|
||||
|
||||
error:
|
||||
EVP_CIPHER_CTX_free(actx);
|
||||
return -1;
|
||||
}
|
||||
|
||||
ssize_t Curl_qc_decrypt(uint8_t *dest, size_t destlen,
|
||||
const uint8_t *ciphertext, size_t ciphertextlen,
|
||||
const struct Context *ctx,
|
||||
const uint8_t *key, size_t keylen,
|
||||
const uint8_t *nonce, size_t noncelen,
|
||||
const uint8_t *ad, size_t adlen)
|
||||
int Curl_qc_decrypt(uint8_t *dest,
|
||||
const uint8_t *ciphertext, size_t ciphertextlen,
|
||||
const struct Context *ctx,
|
||||
const uint8_t *key,
|
||||
const uint8_t *nonce, size_t noncelen,
|
||||
const uint8_t *ad, size_t adlen)
|
||||
{
|
||||
size_t taglen = aead_tag_length(ctx);
|
||||
const uint8_t *tag;
|
||||
EVP_CIPHER_CTX *actx;
|
||||
size_t outlen;
|
||||
int outlen;
|
||||
int len;
|
||||
(void)keylen;
|
||||
|
||||
if(taglen > ciphertextlen || destlen + taglen < ciphertextlen) {
|
||||
if(taglen > ciphertextlen)
|
||||
return -1;
|
||||
}
|
||||
|
||||
ciphertextlen -= taglen;
|
||||
tag = ciphertext + ciphertextlen;
|
||||
@ -351,7 +339,7 @@ ssize_t Curl_qc_decrypt(uint8_t *dest, size_t destlen,
|
||||
outlen = len;
|
||||
|
||||
if(ctx->aead == EVP_aes_128_ccm())
|
||||
return outlen;
|
||||
return 0;
|
||||
|
||||
if(EVP_CIPHER_CTX_ctrl(actx, EVP_CTRL_AEAD_SET_TAG,
|
||||
(int)taglen, (char *)tag) != 1)
|
||||
@ -360,10 +348,8 @@ ssize_t Curl_qc_decrypt(uint8_t *dest, size_t destlen,
|
||||
if(EVP_DecryptFinal_ex(actx, dest + outlen, &len) != 1)
|
||||
goto error;
|
||||
|
||||
outlen += len;
|
||||
|
||||
EVP_CIPHER_CTX_free(actx);
|
||||
return outlen;
|
||||
return 0;
|
||||
error:
|
||||
EVP_CIPHER_CTX_free(actx);
|
||||
return -1;
|
||||
@ -489,19 +475,13 @@ Curl_qc_derive_header_protection_key(uint8_t *dest, size_t destlen,
|
||||
return keylen;
|
||||
}
|
||||
|
||||
ssize_t Curl_qc_hp_mask(uint8_t *dest, size_t destlen,
|
||||
const struct Context *ctx,
|
||||
const uint8_t *key, size_t keylen,
|
||||
const uint8_t *sample, size_t samplelen)
|
||||
int Curl_qc_hp_mask(uint8_t *dest, const struct Context *ctx,
|
||||
const uint8_t *key, const uint8_t *sample)
|
||||
{
|
||||
static uint8_t PLAINTEXT[] = "\x00\x00\x00\x00\x00";
|
||||
EVP_CIPHER_CTX *actx;
|
||||
size_t outlen = 0;
|
||||
int outlen = 0;
|
||||
int len;
|
||||
(void)destlen; /* TODO: make use of these! */
|
||||
(void)keylen;
|
||||
(void)samplelen;
|
||||
|
||||
actx = EVP_CIPHER_CTX_new();
|
||||
if(!actx)
|
||||
return -1;
|
||||
@ -521,7 +501,7 @@ ssize_t Curl_qc_hp_mask(uint8_t *dest, size_t destlen,
|
||||
|
||||
DEBUGASSERT(len == 0);
|
||||
|
||||
return outlen;
|
||||
return 0;
|
||||
error:
|
||||
EVP_CIPHER_CTX_free(actx);
|
||||
return -1;
|
||||
|
||||
@ -44,18 +44,18 @@ size_t Curl_qc_aead_nonce_length(const struct Context *ctx);
|
||||
int Curl_qc_negotiated_prf(struct Context *ctx, SSL *ssl);
|
||||
int Curl_qc_negotiated_aead(struct Context *ctx, SSL *ssl);
|
||||
size_t Curl_qc_aead_max_overhead(const struct Context *ctx);
|
||||
ssize_t Curl_qc_encrypt(uint8_t *dest, size_t destlen,
|
||||
const uint8_t *plaintext, size_t plaintextlen,
|
||||
const struct Context *ctx,
|
||||
const uint8_t *key, size_t keylen,
|
||||
const uint8_t *nonce, size_t noncelen,
|
||||
const uint8_t *ad, size_t adlen);
|
||||
ssize_t Curl_qc_decrypt(uint8_t *dest, size_t destlen,
|
||||
const uint8_t *ciphertext, size_t ciphertextlen,
|
||||
const struct Context *ctx,
|
||||
const uint8_t *key, size_t keylen,
|
||||
const uint8_t *nonce, size_t noncelen,
|
||||
const uint8_t *ad, size_t adlen);
|
||||
int Curl_qc_encrypt(uint8_t *dest,
|
||||
const uint8_t *plaintext, size_t plaintextlen,
|
||||
const struct Context *ctx,
|
||||
const uint8_t *key,
|
||||
const uint8_t *nonce, size_t noncelen,
|
||||
const uint8_t *ad, size_t adlen);
|
||||
int Curl_qc_decrypt(uint8_t *dest,
|
||||
const uint8_t *ciphertext, size_t ciphertextlen,
|
||||
const struct Context *ctx,
|
||||
const uint8_t *key,
|
||||
const uint8_t *nonce, size_t noncelen,
|
||||
const uint8_t *ad, size_t adlen);
|
||||
ssize_t Curl_qc_encrypt_pn(uint8_t *dest, size_t destlen,
|
||||
const uint8_t *plaintext, size_t plaintextlen,
|
||||
const struct Context *ctx,
|
||||
@ -85,9 +85,7 @@ Curl_qc_derive_header_protection_key(uint8_t *dest, size_t destlen,
|
||||
const uint8_t *secret, size_t secretlen,
|
||||
const struct Context *ctx);
|
||||
|
||||
ssize_t Curl_qc_hp_mask(uint8_t *dest, size_t destlen,
|
||||
const struct Context *ctx,
|
||||
const uint8_t *key, size_t keylen,
|
||||
const uint8_t *sample, size_t samplelen);
|
||||
int Curl_qc_hp_mask(uint8_t *dest, const struct Context *ctx,
|
||||
const uint8_t *key, const uint8_t *sample);
|
||||
#endif /* USE_NGTCP2 */
|
||||
#endif /* HEADER_CURL_VQUIC_NGTCP2_CRYPTO_H */
|
||||
|
||||
@ -778,19 +778,16 @@ static int cb_handshake_completed(ngtcp2_conn *tconn, void *user_data)
|
||||
return 0;
|
||||
}
|
||||
|
||||
static ssize_t cb_in_encrypt(ngtcp2_conn *tconn,
|
||||
uint8_t *dest, size_t destlen,
|
||||
const uint8_t *plaintext,
|
||||
size_t plaintextlen,
|
||||
const uint8_t *key, size_t keylen,
|
||||
const uint8_t *nonce, size_t noncelen,
|
||||
const uint8_t *ad, size_t adlen,
|
||||
void *user_data)
|
||||
static int cb_in_encrypt(ngtcp2_conn *tconn, uint8_t *dest,
|
||||
const uint8_t *plaintext, size_t plaintextlen,
|
||||
const uint8_t *key, const uint8_t *nonce,
|
||||
size_t noncelen, const uint8_t *ad, size_t adlen,
|
||||
void *user_data)
|
||||
{
|
||||
struct quicsocket *qs = (struct quicsocket *)user_data;
|
||||
ssize_t nwrite = Curl_qc_encrypt(dest, destlen, plaintext, plaintextlen,
|
||||
&qs->hs_crypto_ctx,
|
||||
key, keylen, nonce, noncelen, ad, adlen);
|
||||
int nwrite = Curl_qc_encrypt(dest, plaintext, plaintextlen,
|
||||
&qs->hs_crypto_ctx,
|
||||
key, nonce, noncelen, ad, adlen);
|
||||
if(nwrite < 0) {
|
||||
return NGTCP2_ERR_CALLBACK_FAILURE;
|
||||
}
|
||||
@ -799,56 +796,51 @@ static ssize_t cb_in_encrypt(ngtcp2_conn *tconn,
|
||||
return nwrite;
|
||||
}
|
||||
|
||||
static ssize_t cb_in_decrypt(ngtcp2_conn *tconn,
|
||||
uint8_t *dest, size_t destlen,
|
||||
const uint8_t *ciphertext, size_t ciphertextlen,
|
||||
const uint8_t *key, size_t keylen,
|
||||
const uint8_t *nonce, size_t noncelen,
|
||||
const uint8_t *ad, size_t adlen,
|
||||
void *user_data)
|
||||
static int cb_in_decrypt(ngtcp2_conn *tconn, uint8_t *dest,
|
||||
const uint8_t *ciphertext, size_t ciphertextlen,
|
||||
const uint8_t *key, const uint8_t *nonce,
|
||||
size_t noncelen, const uint8_t *ad, size_t adlen,
|
||||
void *user_data)
|
||||
{
|
||||
struct quicsocket *qs = (struct quicsocket *)user_data;
|
||||
(void)tconn;
|
||||
return Curl_qc_decrypt(dest, destlen, ciphertext, ciphertextlen,
|
||||
&qs->hs_crypto_ctx, key, keylen,
|
||||
return Curl_qc_decrypt(dest, ciphertext, ciphertextlen,
|
||||
&qs->hs_crypto_ctx, key,
|
||||
nonce, noncelen, ad, adlen);
|
||||
}
|
||||
|
||||
|
||||
static ssize_t cb_encrypt_data(ngtcp2_conn *tconn,
|
||||
uint8_t *dest, size_t destlen,
|
||||
const uint8_t *plaintext, size_t plaintextlen,
|
||||
const uint8_t *key, size_t keylen,
|
||||
const uint8_t *nonce, size_t noncelen,
|
||||
const uint8_t *ad, size_t adlen,
|
||||
void *user_data)
|
||||
static int cb_encrypt_data(ngtcp2_conn *tconn,
|
||||
uint8_t *dest,
|
||||
const uint8_t *plaintext, size_t plaintextlen,
|
||||
const uint8_t *key,
|
||||
const uint8_t *nonce, size_t noncelen,
|
||||
const uint8_t *ad, size_t adlen,
|
||||
void *user_data)
|
||||
{
|
||||
struct quicsocket *qs = (struct quicsocket *)user_data;
|
||||
ssize_t rc;
|
||||
int rc;
|
||||
(void)tconn;
|
||||
rc = Curl_qc_encrypt(dest, destlen, plaintext, plaintextlen,
|
||||
rc = Curl_qc_encrypt(dest, plaintext, plaintextlen,
|
||||
&qs->crypto_ctx,
|
||||
key, keylen, nonce, noncelen, ad, adlen);
|
||||
key, nonce, noncelen, ad, adlen);
|
||||
if(rc < 0)
|
||||
return NGTCP2_ERR_CALLBACK_FAILURE;
|
||||
return rc;
|
||||
}
|
||||
|
||||
static ssize_t
|
||||
cb_decrypt_data(ngtcp2_conn *tconn,
|
||||
uint8_t *dest, size_t destlen,
|
||||
const uint8_t *ciphertext, size_t ciphertextlen,
|
||||
const uint8_t *key, size_t keylen,
|
||||
const uint8_t *nonce, size_t noncelen,
|
||||
const uint8_t *ad, size_t adlen,
|
||||
void *user_data)
|
||||
static int cb_decrypt_data(ngtcp2_conn *tconn, uint8_t *dest,
|
||||
const uint8_t *ciphertext, size_t ciphertextlen,
|
||||
const uint8_t *key,
|
||||
const uint8_t *nonce, size_t noncelen,
|
||||
const uint8_t *ad, size_t adlen,
|
||||
void *user_data)
|
||||
{
|
||||
struct quicsocket *qs = (struct quicsocket *)user_data;
|
||||
ssize_t rc;
|
||||
int rc;
|
||||
(void)tconn;
|
||||
rc = Curl_qc_decrypt(dest, destlen, ciphertext, ciphertextlen,
|
||||
&qs->crypto_ctx,
|
||||
key, keylen, nonce, noncelen, ad, adlen);
|
||||
rc = Curl_qc_decrypt(dest, ciphertext, ciphertextlen,
|
||||
&qs->crypto_ctx, key, nonce, noncelen, ad, adlen);
|
||||
if(rc < 0)
|
||||
return NGTCP2_ERR_TLS_DECRYPT;
|
||||
return rc;
|
||||
@ -960,34 +952,30 @@ static int cb_recv_retry(ngtcp2_conn *tconn, const ngtcp2_pkt_hd *hd,
|
||||
return 0;
|
||||
}
|
||||
|
||||
static ssize_t cb_in_hp_mask(ngtcp2_conn *tconn, uint8_t *dest, size_t destlen,
|
||||
const uint8_t *key, size_t keylen,
|
||||
const uint8_t *sample, size_t samplelen,
|
||||
void *user_data)
|
||||
static int cb_in_hp_mask(ngtcp2_conn *tconn, uint8_t *dest,
|
||||
const uint8_t *key, const uint8_t *sample,
|
||||
void *user_data)
|
||||
{
|
||||
struct quicsocket *qs = (struct quicsocket *)user_data;
|
||||
ssize_t nwrite;
|
||||
int nwrite;
|
||||
(void)tconn;
|
||||
|
||||
nwrite = Curl_qc_hp_mask(dest, destlen, &qs->hs_crypto_ctx,
|
||||
key, keylen, sample, samplelen);
|
||||
nwrite = Curl_qc_hp_mask(dest, &qs->hs_crypto_ctx, key, sample);
|
||||
if(nwrite < 0)
|
||||
return NGTCP2_ERR_CALLBACK_FAILURE;
|
||||
|
||||
return nwrite;
|
||||
}
|
||||
|
||||
static ssize_t cb_hp_mask(ngtcp2_conn *tconn, uint8_t *dest, size_t destlen,
|
||||
const uint8_t *key, size_t keylen,
|
||||
const uint8_t *sample, size_t samplelen,
|
||||
void *user_data)
|
||||
static int cb_hp_mask(ngtcp2_conn *tconn, uint8_t *dest,
|
||||
const uint8_t *key, const uint8_t *sample,
|
||||
void *user_data)
|
||||
{
|
||||
struct quicsocket *qs = (struct quicsocket *)user_data;
|
||||
ssize_t nwrite;
|
||||
int nwrite;
|
||||
(void)tconn;
|
||||
|
||||
nwrite = Curl_qc_hp_mask(dest, destlen, &qs->crypto_ctx,
|
||||
key, keylen, sample, samplelen);
|
||||
nwrite = Curl_qc_hp_mask(dest, &qs->crypto_ctx, key, sample);
|
||||
if(nwrite < 0)
|
||||
return NGTCP2_ERR_CALLBACK_FAILURE;
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user