diff options
-rw-r--r-- | lib/vquic/ngtcp2-crypto.c | 64 | ||||
-rw-r--r-- | lib/vquic/ngtcp2-crypto.h | 30 | ||||
-rw-r--r-- | lib/vquic/ngtcp2.c | 100 |
3 files changed, 80 insertions, 114 deletions
diff --git a/lib/vquic/ngtcp2-crypto.c b/lib/vquic/ngtcp2-crypto.c index 576b04c5c..887c130cb 100644 --- a/lib/vquic/ngtcp2-crypto.c +++ b/lib/vquic/ngtcp2-crypto.c @@ -232,22 +232,17 @@ size_t Curl_qc_aead_max_overhead(const struct Context *ctx) return aead_tag_length(ctx); } -ssize_t Curl_qc_encrypt(uint8_t *dest, size_t destlen, - const uint8_t *plaintext, size_t plaintextlen, - const struct Context *ctx, - const uint8_t *key, size_t keylen, - const uint8_t *nonce, size_t noncelen, - const uint8_t *ad, size_t adlen) +int Curl_qc_encrypt(uint8_t *dest, + const uint8_t *plaintext, size_t plaintextlen, + const struct Context *ctx, + const uint8_t *key, + const uint8_t *nonce, size_t noncelen, + const uint8_t *ad, size_t adlen) { size_t taglen = aead_tag_length(ctx); EVP_CIPHER_CTX *actx; - size_t outlen = 0; + int outlen = 0; int len; - (void)keylen; - - if(destlen < plaintextlen + taglen) { - return -1; - } actx = EVP_CIPHER_CTX_new(); if(!actx) @@ -281,40 +276,33 @@ ssize_t Curl_qc_encrypt(uint8_t *dest, size_t destlen, if(EVP_EncryptFinal_ex(actx, dest + outlen, &len) != 1) goto error; - outlen += len; - assert(outlen + taglen <= destlen); - if(EVP_CIPHER_CTX_ctrl(actx, EVP_CTRL_AEAD_GET_TAG, (int)taglen, dest + outlen) != 1) goto error; - outlen += taglen; - EVP_CIPHER_CTX_free(actx); - return outlen; + return 0; error: EVP_CIPHER_CTX_free(actx); return -1; } -ssize_t Curl_qc_decrypt(uint8_t *dest, size_t destlen, - const uint8_t *ciphertext, size_t ciphertextlen, - const struct Context *ctx, - const uint8_t *key, size_t keylen, - const uint8_t *nonce, size_t noncelen, - const uint8_t *ad, size_t adlen) +int Curl_qc_decrypt(uint8_t *dest, + const uint8_t *ciphertext, size_t ciphertextlen, + const struct Context *ctx, + const uint8_t *key, + const uint8_t *nonce, size_t noncelen, + const uint8_t *ad, size_t adlen) { size_t taglen = aead_tag_length(ctx); const uint8_t *tag; EVP_CIPHER_CTX *actx; - size_t outlen; + int outlen; int len; - (void)keylen; - if(taglen > ciphertextlen || destlen + taglen < ciphertextlen) { + if(taglen > ciphertextlen) return -1; - } ciphertextlen -= taglen; tag = ciphertext + ciphertextlen; @@ -351,7 +339,7 @@ ssize_t Curl_qc_decrypt(uint8_t *dest, size_t destlen, outlen = len; if(ctx->aead == EVP_aes_128_ccm()) - return outlen; + return 0; if(EVP_CIPHER_CTX_ctrl(actx, EVP_CTRL_AEAD_SET_TAG, (int)taglen, (char *)tag) != 1) @@ -360,10 +348,8 @@ ssize_t Curl_qc_decrypt(uint8_t *dest, size_t destlen, if(EVP_DecryptFinal_ex(actx, dest + outlen, &len) != 1) goto error; - outlen += len; - EVP_CIPHER_CTX_free(actx); - return outlen; + return 0; error: EVP_CIPHER_CTX_free(actx); return -1; @@ -489,19 +475,13 @@ Curl_qc_derive_header_protection_key(uint8_t *dest, size_t destlen, return keylen; } -ssize_t Curl_qc_hp_mask(uint8_t *dest, size_t destlen, - const struct Context *ctx, - const uint8_t *key, size_t keylen, - const uint8_t *sample, size_t samplelen) +int Curl_qc_hp_mask(uint8_t *dest, const struct Context *ctx, + const uint8_t *key, const uint8_t *sample) { static uint8_t PLAINTEXT[] = "\x00\x00\x00\x00\x00"; EVP_CIPHER_CTX *actx; - size_t outlen = 0; + int outlen = 0; int len; - (void)destlen; /* TODO: make use of these! */ - (void)keylen; - (void)samplelen; - actx = EVP_CIPHER_CTX_new(); if(!actx) return -1; @@ -521,7 +501,7 @@ ssize_t Curl_qc_hp_mask(uint8_t *dest, size_t destlen, DEBUGASSERT(len == 0); - return outlen; + return 0; error: EVP_CIPHER_CTX_free(actx); return -1; diff --git a/lib/vquic/ngtcp2-crypto.h b/lib/vquic/ngtcp2-crypto.h index f91b4e0ea..ae75517ab 100644 --- a/lib/vquic/ngtcp2-crypto.h +++ b/lib/vquic/ngtcp2-crypto.h @@ -44,18 +44,18 @@ size_t Curl_qc_aead_nonce_length(const struct Context *ctx); int Curl_qc_negotiated_prf(struct Context *ctx, SSL *ssl); int Curl_qc_negotiated_aead(struct Context *ctx, SSL *ssl); size_t Curl_qc_aead_max_overhead(const struct Context *ctx); -ssize_t Curl_qc_encrypt(uint8_t *dest, size_t destlen, - const uint8_t *plaintext, size_t plaintextlen, - const struct Context *ctx, - const uint8_t *key, size_t keylen, - const uint8_t *nonce, size_t noncelen, - const uint8_t *ad, size_t adlen); -ssize_t Curl_qc_decrypt(uint8_t *dest, size_t destlen, - const uint8_t *ciphertext, size_t ciphertextlen, - const struct Context *ctx, - const uint8_t *key, size_t keylen, - const uint8_t *nonce, size_t noncelen, - const uint8_t *ad, size_t adlen); +int Curl_qc_encrypt(uint8_t *dest, + const uint8_t *plaintext, size_t plaintextlen, + const struct Context *ctx, + const uint8_t *key, + const uint8_t *nonce, size_t noncelen, + const uint8_t *ad, size_t adlen); +int Curl_qc_decrypt(uint8_t *dest, + const uint8_t *ciphertext, size_t ciphertextlen, + const struct Context *ctx, + const uint8_t *key, + const uint8_t *nonce, size_t noncelen, + const uint8_t *ad, size_t adlen); ssize_t Curl_qc_encrypt_pn(uint8_t *dest, size_t destlen, const uint8_t *plaintext, size_t plaintextlen, const struct Context *ctx, @@ -85,9 +85,7 @@ Curl_qc_derive_header_protection_key(uint8_t *dest, size_t destlen, const uint8_t *secret, size_t secretlen, const struct Context *ctx); -ssize_t Curl_qc_hp_mask(uint8_t *dest, size_t destlen, - const struct Context *ctx, - const uint8_t *key, size_t keylen, - const uint8_t *sample, size_t samplelen); +int Curl_qc_hp_mask(uint8_t *dest, const struct Context *ctx, + const uint8_t *key, const uint8_t *sample); #endif /* USE_NGTCP2 */ #endif /* HEADER_CURL_VQUIC_NGTCP2_CRYPTO_H */ diff --git a/lib/vquic/ngtcp2.c b/lib/vquic/ngtcp2.c index 1cdbb7d39..6071c5906 100644 --- a/lib/vquic/ngtcp2.c +++ b/lib/vquic/ngtcp2.c @@ -778,19 +778,16 @@ static int cb_handshake_completed(ngtcp2_conn *tconn, void *user_data) return 0; } -static ssize_t cb_in_encrypt(ngtcp2_conn *tconn, - uint8_t *dest, size_t destlen, - const uint8_t *plaintext, - size_t plaintextlen, - const uint8_t *key, size_t keylen, - const uint8_t *nonce, size_t noncelen, - const uint8_t *ad, size_t adlen, - void *user_data) +static int cb_in_encrypt(ngtcp2_conn *tconn, uint8_t *dest, + const uint8_t *plaintext, size_t plaintextlen, + const uint8_t *key, const uint8_t *nonce, + size_t noncelen, const uint8_t *ad, size_t adlen, + void *user_data) { struct quicsocket *qs = (struct quicsocket *)user_data; - ssize_t nwrite = Curl_qc_encrypt(dest, destlen, plaintext, plaintextlen, - &qs->hs_crypto_ctx, - key, keylen, nonce, noncelen, ad, adlen); + int nwrite = Curl_qc_encrypt(dest, plaintext, plaintextlen, + &qs->hs_crypto_ctx, + key, nonce, noncelen, ad, adlen); if(nwrite < 0) { return NGTCP2_ERR_CALLBACK_FAILURE; } @@ -799,56 +796,51 @@ static ssize_t cb_in_encrypt(ngtcp2_conn *tconn, return nwrite; } -static ssize_t cb_in_decrypt(ngtcp2_conn *tconn, - uint8_t *dest, size_t destlen, - const uint8_t *ciphertext, size_t ciphertextlen, - const uint8_t *key, size_t keylen, - const uint8_t *nonce, size_t noncelen, - const uint8_t *ad, size_t adlen, - void *user_data) +static int cb_in_decrypt(ngtcp2_conn *tconn, uint8_t *dest, + const uint8_t *ciphertext, size_t ciphertextlen, + const uint8_t *key, const uint8_t *nonce, + size_t noncelen, const uint8_t *ad, size_t adlen, + void *user_data) { struct quicsocket *qs = (struct quicsocket *)user_data; (void)tconn; - return Curl_qc_decrypt(dest, destlen, ciphertext, ciphertextlen, - &qs->hs_crypto_ctx, key, keylen, + return Curl_qc_decrypt(dest, ciphertext, ciphertextlen, + &qs->hs_crypto_ctx, key, nonce, noncelen, ad, adlen); } -static ssize_t cb_encrypt_data(ngtcp2_conn *tconn, - uint8_t *dest, size_t destlen, - const uint8_t *plaintext, size_t plaintextlen, - const uint8_t *key, size_t keylen, - const uint8_t *nonce, size_t noncelen, - const uint8_t *ad, size_t adlen, - void *user_data) +static int cb_encrypt_data(ngtcp2_conn *tconn, + uint8_t *dest, + const uint8_t *plaintext, size_t plaintextlen, + const uint8_t *key, + const uint8_t *nonce, size_t noncelen, + const uint8_t *ad, size_t adlen, + void *user_data) { struct quicsocket *qs = (struct quicsocket *)user_data; - ssize_t rc; + int rc; (void)tconn; - rc = Curl_qc_encrypt(dest, destlen, plaintext, plaintextlen, + rc = Curl_qc_encrypt(dest, plaintext, plaintextlen, &qs->crypto_ctx, - key, keylen, nonce, noncelen, ad, adlen); + key, nonce, noncelen, ad, adlen); if(rc < 0) return NGTCP2_ERR_CALLBACK_FAILURE; return rc; } -static ssize_t -cb_decrypt_data(ngtcp2_conn *tconn, - uint8_t *dest, size_t destlen, - const uint8_t *ciphertext, size_t ciphertextlen, - const uint8_t *key, size_t keylen, - const uint8_t *nonce, size_t noncelen, - const uint8_t *ad, size_t adlen, - void *user_data) +static int cb_decrypt_data(ngtcp2_conn *tconn, uint8_t *dest, + const uint8_t *ciphertext, size_t ciphertextlen, + const uint8_t *key, + const uint8_t *nonce, size_t noncelen, + const uint8_t *ad, size_t adlen, + void *user_data) { struct quicsocket *qs = (struct quicsocket *)user_data; - ssize_t rc; + int rc; (void)tconn; - rc = Curl_qc_decrypt(dest, destlen, ciphertext, ciphertextlen, - &qs->crypto_ctx, - key, keylen, nonce, noncelen, ad, adlen); + rc = Curl_qc_decrypt(dest, ciphertext, ciphertextlen, + &qs->crypto_ctx, key, nonce, noncelen, ad, adlen); if(rc < 0) return NGTCP2_ERR_TLS_DECRYPT; return rc; @@ -960,34 +952,30 @@ static int cb_recv_retry(ngtcp2_conn *tconn, const ngtcp2_pkt_hd *hd, return 0; } -static ssize_t cb_in_hp_mask(ngtcp2_conn *tconn, uint8_t *dest, size_t destlen, - const uint8_t *key, size_t keylen, - const uint8_t *sample, size_t samplelen, - void *user_data) +static int cb_in_hp_mask(ngtcp2_conn *tconn, uint8_t *dest, + const uint8_t *key, const uint8_t *sample, + void *user_data) { struct quicsocket *qs = (struct quicsocket *)user_data; - ssize_t nwrite; + int nwrite; (void)tconn; - nwrite = Curl_qc_hp_mask(dest, destlen, &qs->hs_crypto_ctx, - key, keylen, sample, samplelen); + nwrite = Curl_qc_hp_mask(dest, &qs->hs_crypto_ctx, key, sample); if(nwrite < 0) return NGTCP2_ERR_CALLBACK_FAILURE; return nwrite; } -static ssize_t cb_hp_mask(ngtcp2_conn *tconn, uint8_t *dest, size_t destlen, - const uint8_t *key, size_t keylen, - const uint8_t *sample, size_t samplelen, - void *user_data) +static int cb_hp_mask(ngtcp2_conn *tconn, uint8_t *dest, + const uint8_t *key, const uint8_t *sample, + void *user_data) { struct quicsocket *qs = (struct quicsocket *)user_data; - ssize_t nwrite; + int nwrite; (void)tconn; - nwrite = Curl_qc_hp_mask(dest, destlen, &qs->crypto_ctx, - key, keylen, sample, samplelen); + nwrite = Curl_qc_hp_mask(dest, &qs->crypto_ctx, key, sample); if(nwrite < 0) return NGTCP2_ERR_CALLBACK_FAILURE; |