mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-09-22 14:21:25 +02:00
MEDIUM: quic: add key argument to header protection crypto functions
In order to prepare the code for using Chacha20 with the EVP_AEAD API, both quic_tls_hp_decrypt() and quic_tls_hp_encrypt() need an extra key argument. Indeed Chacha20 does not exists as an EVP_CIPHER in AWS-LC, so the key won't be embedded into the EVP_CIPHER_CTX, so we need an extra parameter to use it.
This commit is contained in:
William Lallemand
parent
d55a297b85
commit
177c84808c
@ -125,10 +125,10 @@ int quic_tls_enc_hp_ctx_init(EVP_CIPHER_CTX **aes_ctx,
|
|||||||
const EVP_CIPHER *aes, unsigned char *key);
|
const EVP_CIPHER *aes, unsigned char *key);
|
||||||
int quic_tls_hp_decrypt(unsigned char *out,
|
int quic_tls_hp_decrypt(unsigned char *out,
|
||||||
const unsigned char *in, size_t inlen,
|
const unsigned char *in, size_t inlen,
|
||||||
EVP_CIPHER_CTX *ctx);
|
EVP_CIPHER_CTX *ctx, unsigned char *key);
|
||||||
int quic_tls_hp_encrypt(unsigned char *out,
|
int quic_tls_hp_encrypt(unsigned char *out,
|
||||||
const unsigned char *in, size_t inlen,
|
const unsigned char *in, size_t inlen,
|
||||||
EVP_CIPHER_CTX *ctx);
|
EVP_CIPHER_CTX *ctx, unsigned char *key);
|
||||||
|
|
||||||
int quic_tls_key_update(struct quic_conn *qc);
|
int quic_tls_key_update(struct quic_conn *qc);
|
||||||
void quic_tls_rotate_keys(struct quic_conn *qc);
|
void quic_tls_rotate_keys(struct quic_conn *qc);
|
||||||
|
|||||||
@ -91,7 +91,7 @@ static int qc_do_rm_hp(struct quic_conn *qc,
|
|||||||
|
|
||||||
sample = pn + QUIC_PACKET_PN_MAXLEN;
|
sample = pn + QUIC_PACKET_PN_MAXLEN;
|
||||||
|
|
||||||
if (!quic_tls_hp_decrypt(mask, sample, sizeof mask, tls_ctx->rx.hp_ctx)) {
|
if (!quic_tls_hp_decrypt(mask, sample, sizeof mask, tls_ctx->rx.hp_ctx, tls_ctx->rx.hp_key)) {
|
||||||
TRACE_ERROR("HP removing failed", QUIC_EV_CONN_RMHP, qc, pkt);
|
TRACE_ERROR("HP removing failed", QUIC_EV_CONN_RMHP, qc, pkt);
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -621,7 +621,7 @@ int quic_tls_enc_hp_ctx_init(EVP_CIPHER_CTX **hp_ctx,
|
|||||||
*/
|
*/
|
||||||
int quic_tls_hp_encrypt(unsigned char *out,
|
int quic_tls_hp_encrypt(unsigned char *out,
|
||||||
const unsigned char *in, size_t inlen,
|
const unsigned char *in, size_t inlen,
|
||||||
EVP_CIPHER_CTX *ctx)
|
EVP_CIPHER_CTX *ctx, unsigned char *key)
|
||||||
{
|
{
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
|
||||||
@ -661,7 +661,7 @@ int quic_tls_dec_hp_ctx_init(EVP_CIPHER_CTX **hp_ctx,
|
|||||||
*/
|
*/
|
||||||
int quic_tls_hp_decrypt(unsigned char *out,
|
int quic_tls_hp_decrypt(unsigned char *out,
|
||||||
const unsigned char *in, size_t inlen,
|
const unsigned char *in, size_t inlen,
|
||||||
EVP_CIPHER_CTX *ctx)
|
EVP_CIPHER_CTX *ctx, unsigned char *key)
|
||||||
{
|
{
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
|
||||||
|
|||||||
@ -1477,7 +1477,7 @@ void quic_apply_header_protection(struct quic_conn *qc, unsigned char *pos,
|
|||||||
|
|
||||||
*fail = 0;
|
*fail = 0;
|
||||||
|
|
||||||
if (!quic_tls_hp_encrypt(mask, pn + QUIC_PACKET_PN_MAXLEN, sizeof mask, hp_ctx)) {
|
if (!quic_tls_hp_encrypt(mask, pn + QUIC_PACKET_PN_MAXLEN, sizeof mask, hp_ctx, tls_ctx->tx.hp_key)) {
|
||||||
TRACE_ERROR("could not apply header protection", QUIC_EV_CONN_TXPKT, qc);
|
TRACE_ERROR("could not apply header protection", QUIC_EV_CONN_TXPKT, qc);
|
||||||
*fail = 1;
|
*fail = 1;
|
||||||
goto out;
|
goto out;
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user