summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/vquic/ngtcp2-crypto.c64
-rw-r--r--lib/vquic/ngtcp2-crypto.h30
-rw-r--r--lib/vquic/ngtcp2.c100
3 files changed, 80 insertions, 114 deletions
diff --git a/lib/vquic/ngtcp2-crypto.c b/lib/vquic/ngtcp2-crypto.c
index 576b04c5c..887c130cb 100644
--- a/lib/vquic/ngtcp2-crypto.c
+++ b/lib/vquic/ngtcp2-crypto.c
@@ -232,22 +232,17 @@ size_t Curl_qc_aead_max_overhead(const struct Context *ctx)
return aead_tag_length(ctx);
}
-ssize_t Curl_qc_encrypt(uint8_t *dest, size_t destlen,
- const uint8_t *plaintext, size_t plaintextlen,
- const struct Context *ctx,
- const uint8_t *key, size_t keylen,
- const uint8_t *nonce, size_t noncelen,
- const uint8_t *ad, size_t adlen)
+int Curl_qc_encrypt(uint8_t *dest,
+ const uint8_t *plaintext, size_t plaintextlen,
+ const struct Context *ctx,
+ const uint8_t *key,
+ const uint8_t *nonce, size_t noncelen,
+ const uint8_t *ad, size_t adlen)
{
size_t taglen = aead_tag_length(ctx);
EVP_CIPHER_CTX *actx;
- size_t outlen = 0;
+ int outlen = 0;
int len;
- (void)keylen;
-
- if(destlen < plaintextlen + taglen) {
- return -1;
- }
actx = EVP_CIPHER_CTX_new();
if(!actx)
@@ -281,40 +276,33 @@ ssize_t Curl_qc_encrypt(uint8_t *dest, size_t destlen,
if(EVP_EncryptFinal_ex(actx, dest + outlen, &len) != 1)
goto error;
- outlen += len;
- assert(outlen + taglen <= destlen);
-
if(EVP_CIPHER_CTX_ctrl(actx, EVP_CTRL_AEAD_GET_TAG,
(int)taglen, dest + outlen) != 1)
goto error;
- outlen += taglen;
-
EVP_CIPHER_CTX_free(actx);
- return outlen;
+ return 0;
error:
EVP_CIPHER_CTX_free(actx);
return -1;
}
-ssize_t Curl_qc_decrypt(uint8_t *dest, size_t destlen,
- const uint8_t *ciphertext, size_t ciphertextlen,
- const struct Context *ctx,
- const uint8_t *key, size_t keylen,
- const uint8_t *nonce, size_t noncelen,
- const uint8_t *ad, size_t adlen)
+int Curl_qc_decrypt(uint8_t *dest,
+ const uint8_t *ciphertext, size_t ciphertextlen,
+ const struct Context *ctx,
+ const uint8_t *key,
+ const uint8_t *nonce, size_t noncelen,
+ const uint8_t *ad, size_t adlen)
{
size_t taglen = aead_tag_length(ctx);
const uint8_t *tag;
EVP_CIPHER_CTX *actx;
- size_t outlen;
+ int outlen;
int len;
- (void)keylen;
- if(taglen > ciphertextlen || destlen + taglen < ciphertextlen) {
+ if(taglen > ciphertextlen)
return -1;
- }
ciphertextlen -= taglen;
tag = ciphertext + ciphertextlen;
@@ -351,7 +339,7 @@ ssize_t Curl_qc_decrypt(uint8_t *dest, size_t destlen,
outlen = len;
if(ctx->aead == EVP_aes_128_ccm())
- return outlen;
+ return 0;
if(EVP_CIPHER_CTX_ctrl(actx, EVP_CTRL_AEAD_SET_TAG,
(int)taglen, (char *)tag) != 1)
@@ -360,10 +348,8 @@ ssize_t Curl_qc_decrypt(uint8_t *dest, size_t destlen,
if(EVP_DecryptFinal_ex(actx, dest + outlen, &len) != 1)
goto error;
- outlen += len;
-
EVP_CIPHER_CTX_free(actx);
- return outlen;
+ return 0;
error:
EVP_CIPHER_CTX_free(actx);
return -1;
@@ -489,19 +475,13 @@ Curl_qc_derive_header_protection_key(uint8_t *dest, size_t destlen,
return keylen;
}
-ssize_t Curl_qc_hp_mask(uint8_t *dest, size_t destlen,
- const struct Context *ctx,
- const uint8_t *key, size_t keylen,
- const uint8_t *sample, size_t samplelen)
+int Curl_qc_hp_mask(uint8_t *dest, const struct Context *ctx,
+ const uint8_t *key, const uint8_t *sample)
{
static uint8_t PLAINTEXT[] = "\x00\x00\x00\x00\x00";
EVP_CIPHER_CTX *actx;
- size_t outlen = 0;
+ int outlen = 0;
int len;
- (void)destlen; /* TODO: make use of these! */
- (void)keylen;
- (void)samplelen;
-
actx = EVP_CIPHER_CTX_new();
if(!actx)
return -1;
@@ -521,7 +501,7 @@ ssize_t Curl_qc_hp_mask(uint8_t *dest, size_t destlen,
DEBUGASSERT(len == 0);
- return outlen;
+ return 0;
error:
EVP_CIPHER_CTX_free(actx);
return -1;
diff --git a/lib/vquic/ngtcp2-crypto.h b/lib/vquic/ngtcp2-crypto.h
index f91b4e0ea..ae75517ab 100644
--- a/lib/vquic/ngtcp2-crypto.h
+++ b/lib/vquic/ngtcp2-crypto.h
@@ -44,18 +44,18 @@ size_t Curl_qc_aead_nonce_length(const struct Context *ctx);
int Curl_qc_negotiated_prf(struct Context *ctx, SSL *ssl);
int Curl_qc_negotiated_aead(struct Context *ctx, SSL *ssl);
size_t Curl_qc_aead_max_overhead(const struct Context *ctx);
-ssize_t Curl_qc_encrypt(uint8_t *dest, size_t destlen,
- const uint8_t *plaintext, size_t plaintextlen,
- const struct Context *ctx,
- const uint8_t *key, size_t keylen,
- const uint8_t *nonce, size_t noncelen,
- const uint8_t *ad, size_t adlen);
-ssize_t Curl_qc_decrypt(uint8_t *dest, size_t destlen,
- const uint8_t *ciphertext, size_t ciphertextlen,
- const struct Context *ctx,
- const uint8_t *key, size_t keylen,
- const uint8_t *nonce, size_t noncelen,
- const uint8_t *ad, size_t adlen);
+int Curl_qc_encrypt(uint8_t *dest,
+ const uint8_t *plaintext, size_t plaintextlen,
+ const struct Context *ctx,
+ const uint8_t *key,
+ const uint8_t *nonce, size_t noncelen,
+ const uint8_t *ad, size_t adlen);
+int Curl_qc_decrypt(uint8_t *dest,
+ const uint8_t *ciphertext, size_t ciphertextlen,
+ const struct Context *ctx,
+ const uint8_t *key,
+ const uint8_t *nonce, size_t noncelen,
+ const uint8_t *ad, size_t adlen);
ssize_t Curl_qc_encrypt_pn(uint8_t *dest, size_t destlen,
const uint8_t *plaintext, size_t plaintextlen,
const struct Context *ctx,
@@ -85,9 +85,7 @@ Curl_qc_derive_header_protection_key(uint8_t *dest, size_t destlen,
const uint8_t *secret, size_t secretlen,
const struct Context *ctx);
-ssize_t Curl_qc_hp_mask(uint8_t *dest, size_t destlen,
- const struct Context *ctx,
- const uint8_t *key, size_t keylen,
- const uint8_t *sample, size_t samplelen);
+int Curl_qc_hp_mask(uint8_t *dest, const struct Context *ctx,
+ const uint8_t *key, const uint8_t *sample);
#endif /* USE_NGTCP2 */
#endif /* HEADER_CURL_VQUIC_NGTCP2_CRYPTO_H */
diff --git a/lib/vquic/ngtcp2.c b/lib/vquic/ngtcp2.c
index 1cdbb7d39..6071c5906 100644
--- a/lib/vquic/ngtcp2.c
+++ b/lib/vquic/ngtcp2.c
@@ -778,19 +778,16 @@ static int cb_handshake_completed(ngtcp2_conn *tconn, void *user_data)
return 0;
}
-static ssize_t cb_in_encrypt(ngtcp2_conn *tconn,
- uint8_t *dest, size_t destlen,
- const uint8_t *plaintext,
- size_t plaintextlen,
- const uint8_t *key, size_t keylen,
- const uint8_t *nonce, size_t noncelen,
- const uint8_t *ad, size_t adlen,
- void *user_data)
+static int cb_in_encrypt(ngtcp2_conn *tconn, uint8_t *dest,
+ const uint8_t *plaintext, size_t plaintextlen,
+ const uint8_t *key, const uint8_t *nonce,
+ size_t noncelen, const uint8_t *ad, size_t adlen,
+ void *user_data)
{
struct quicsocket *qs = (struct quicsocket *)user_data;
- ssize_t nwrite = Curl_qc_encrypt(dest, destlen, plaintext, plaintextlen,
- &qs->hs_crypto_ctx,
- key, keylen, nonce, noncelen, ad, adlen);
+ int nwrite = Curl_qc_encrypt(dest, plaintext, plaintextlen,
+ &qs->hs_crypto_ctx,
+ key, nonce, noncelen, ad, adlen);
if(nwrite < 0) {
return NGTCP2_ERR_CALLBACK_FAILURE;
}
@@ -799,56 +796,51 @@ static ssize_t cb_in_encrypt(ngtcp2_conn *tconn,
return nwrite;
}
-static ssize_t cb_in_decrypt(ngtcp2_conn *tconn,
- uint8_t *dest, size_t destlen,
- const uint8_t *ciphertext, size_t ciphertextlen,
- const uint8_t *key, size_t keylen,
- const uint8_t *nonce, size_t noncelen,
- const uint8_t *ad, size_t adlen,
- void *user_data)
+static int cb_in_decrypt(ngtcp2_conn *tconn, uint8_t *dest,
+ const uint8_t *ciphertext, size_t ciphertextlen,
+ const uint8_t *key, const uint8_t *nonce,
+ size_t noncelen, const uint8_t *ad, size_t adlen,
+ void *user_data)
{
struct quicsocket *qs = (struct quicsocket *)user_data;
(void)tconn;
- return Curl_qc_decrypt(dest, destlen, ciphertext, ciphertextlen,
- &qs->hs_crypto_ctx, key, keylen,
+ return Curl_qc_decrypt(dest, ciphertext, ciphertextlen,
+ &qs->hs_crypto_ctx, key,
nonce, noncelen, ad, adlen);
}
-static ssize_t cb_encrypt_data(ngtcp2_conn *tconn,
- uint8_t *dest, size_t destlen,
- const uint8_t *plaintext, size_t plaintextlen,
- const uint8_t *key, size_t keylen,
- const uint8_t *nonce, size_t noncelen,
- const uint8_t *ad, size_t adlen,
- void *user_data)
+static int cb_encrypt_data(ngtcp2_conn *tconn,
+ uint8_t *dest,
+ const uint8_t *plaintext, size_t plaintextlen,
+ const uint8_t *key,
+ const uint8_t *nonce, size_t noncelen,
+ const uint8_t *ad, size_t adlen,
+ void *user_data)
{
struct quicsocket *qs = (struct quicsocket *)user_data;
- ssize_t rc;
+ int rc;
(void)tconn;
- rc = Curl_qc_encrypt(dest, destlen, plaintext, plaintextlen,
+ rc = Curl_qc_encrypt(dest, plaintext, plaintextlen,
&qs->crypto_ctx,
- key, keylen, nonce, noncelen, ad, adlen);
+ key, nonce, noncelen, ad, adlen);
if(rc < 0)
return NGTCP2_ERR_CALLBACK_FAILURE;
return rc;
}
-static ssize_t
-cb_decrypt_data(ngtcp2_conn *tconn,
- uint8_t *dest, size_t destlen,
- const uint8_t *ciphertext, size_t ciphertextlen,
- const uint8_t *key, size_t keylen,
- const uint8_t *nonce, size_t noncelen,
- const uint8_t *ad, size_t adlen,
- void *user_data)
+static int cb_decrypt_data(ngtcp2_conn *tconn, uint8_t *dest,
+ const uint8_t *ciphertext, size_t ciphertextlen,
+ const uint8_t *key,
+ const uint8_t *nonce, size_t noncelen,
+ const uint8_t *ad, size_t adlen,
+ void *user_data)
{
struct quicsocket *qs = (struct quicsocket *)user_data;
- ssize_t rc;
+ int rc;
(void)tconn;
- rc = Curl_qc_decrypt(dest, destlen, ciphertext, ciphertextlen,
- &qs->crypto_ctx,
- key, keylen, nonce, noncelen, ad, adlen);
+ rc = Curl_qc_decrypt(dest, ciphertext, ciphertextlen,
+ &qs->crypto_ctx, key, nonce, noncelen, ad, adlen);
if(rc < 0)
return NGTCP2_ERR_TLS_DECRYPT;
return rc;
@@ -960,34 +952,30 @@ static int cb_recv_retry(ngtcp2_conn *tconn, const ngtcp2_pkt_hd *hd,
return 0;
}
-static ssize_t cb_in_hp_mask(ngtcp2_conn *tconn, uint8_t *dest, size_t destlen,
- const uint8_t *key, size_t keylen,
- const uint8_t *sample, size_t samplelen,
- void *user_data)
+static int cb_in_hp_mask(ngtcp2_conn *tconn, uint8_t *dest,
+ const uint8_t *key, const uint8_t *sample,
+ void *user_data)
{
struct quicsocket *qs = (struct quicsocket *)user_data;
- ssize_t nwrite;
+ int nwrite;
(void)tconn;
- nwrite = Curl_qc_hp_mask(dest, destlen, &qs->hs_crypto_ctx,
- key, keylen, sample, samplelen);
+ nwrite = Curl_qc_hp_mask(dest, &qs->hs_crypto_ctx, key, sample);
if(nwrite < 0)
return NGTCP2_ERR_CALLBACK_FAILURE;
return nwrite;
}
-static ssize_t cb_hp_mask(ngtcp2_conn *tconn, uint8_t *dest, size_t destlen,
- const uint8_t *key, size_t keylen,
- const uint8_t *sample, size_t samplelen,
- void *user_data)
+static int cb_hp_mask(ngtcp2_conn *tconn, uint8_t *dest,
+ const uint8_t *key, const uint8_t *sample,
+ void *user_data)
{
struct quicsocket *qs = (struct quicsocket *)user_data;
- ssize_t nwrite;
+ int nwrite;
(void)tconn;
- nwrite = Curl_qc_hp_mask(dest, destlen, &qs->crypto_ctx,
- key, keylen, sample, samplelen);
+ nwrite = Curl_qc_hp_mask(dest, &qs->crypto_ctx, key, sample);
if(nwrite < 0)
return NGTCP2_ERR_CALLBACK_FAILURE;